From 7aeab5cb220c0a6ddfbbf9335276940a3a096fb4 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Mon, 13 Oct 2014 07:26:27 +0200
Subject: display a warning for unsigned repos

The same message is used for InRelease if fails in gpgv, but the
Release/Release.gpg duo needs to handle the failing download case as
well (InRelease just defers to the duo if download fails) and print a
message accompaning the insecure error to provide a hint on what is
going on.
---
 apt-pkg/acquire-item.cc | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'apt-pkg')

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 3e4016ac6..6731e07d5 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1738,6 +1738,10 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
    // check if we need to fail at this point 
    if (AuthPass == true && CheckStopAuthentication(RealURI, Message))
          return;
+   else if (AuthPass == false)
+      _error->Warning(_("The data from '%s' is not signed. Packages "
+                        "from that repository can not be authenticated."),
+                      URIDesc.c_str());
 
    // FIXME: meh, this is not really elegant
    string InReleaseURI = RealURI.replace(RealURI.rfind("Release.gpg"), 12,
-- 
cgit v1.2.3