From 081fbea14d12f79c8d91ce4fe1f1004c7bc08656 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 12 Apr 2017 17:39:06 +0200 Subject: error in update on Release information changes The value of Origin, Label, Codename and co can be used in user configuration from apts own pinning to unattended upgrades. A repository changing this values can therefore have serious effects on the behaviour of apt and other tools using these values. In a first step we will generate error messages for these changes now explaining the need for explicit confirmation and provide config options and commandline flags to accept them. --- apt-pkg/deb/debmetaindex.cc | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'apt-pkg/deb') diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 8c82414cb..424ef08f6 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -393,6 +393,9 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro // FIXME: find better tag name SupportsAcquireByHash = Section.FindB("Acquire-By-Hash", false); + SetOrigin(Section.FindS("Origin")); + SetLabel(Section.FindS("Label")); + SetVersion(Section.FindS("Version")); Suite = Section.FindS("Suite"); Codename = Section.FindS("Codename"); { @@ -415,6 +418,20 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro else // e.g. security.debian.org uses this style d->SupportedComponents.push_back(comp.substr(pos + 1)); } + { + decltype(pkgCache::ReleaseFile::Flags) flags = 0; + Section.FindFlag("NotAutomatic", flags, pkgCache::Flag::NotAutomatic); + signed short defaultpin = 500; + if ((flags & pkgCache::Flag::NotAutomatic) == pkgCache::Flag::NotAutomatic) + { + Section.FindFlag("ButAutomaticUpgrades", flags, pkgCache::Flag::ButAutomaticUpgrades); + if ((flags & pkgCache::Flag::ButAutomaticUpgrades) == pkgCache::Flag::ButAutomaticUpgrades) + defaultpin = 100; + else + defaultpin = 1; + } + SetDefaultPin(defaultpin); + } bool FoundHashSum = false; bool FoundStrongHashSum = false; @@ -472,7 +489,6 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro if (CheckValidUntil == true) { - std::string const Label = Section.FindS("Label"); std::string const StrValidUntil = Section.FindS("Valid-Until"); // if we have a Valid-Until header in the Release file, use it as default @@ -485,6 +501,7 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro return false; } } + auto const Label = GetLabel(); // get the user settings for this archive and use what expires earlier time_t MaxAge = d->ValidUntilMax; if (MaxAge == 0) -- cgit v1.2.3 From 96ebab48c25fcd1ee83729cdba4be8a6343a8766 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 28 May 2017 13:24:33 +0200 Subject: show a Release-Notes URI if infos were changed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This gives the repository owner a chance to explain why this change was needed – e.g. explaining the organisational changes or simply detailing the changes in the new release made. Note that this URI is also shown if the change is accepted, so it also draws attention to release notes of minor updates (if users watch apt output closely). --- apt-pkg/deb/debmetaindex.cc | 1 + 1 file changed, 1 insertion(+) (limited to 'apt-pkg/deb') diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 424ef08f6..df7419ddd 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -398,6 +398,7 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro SetVersion(Section.FindS("Version")); Suite = Section.FindS("Suite"); Codename = Section.FindS("Codename"); + SetReleaseNotes(Section.FindS("Release-Notes")); { std::string const archs = Section.FindS("Architectures"); if (archs.empty() == false) -- cgit v1.2.3