From d03b947b0ce4f87d7d5cc48d4d274ab3bd0b289a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 20 Jun 2016 20:50:43 +0200 Subject: add insecure (and weak) allow-options for sources.list Weak had no dedicated option before and Insecure and Downgrade were both global options, which given the effect they all have on security is rather bad. Setting them for individual repositories only isn't great but at least slightly better and also more consistent with other settings for repositories. --- apt-pkg/acquire-item.cc | 52 +++++++++++++++---- apt-pkg/acquire-item.h | 5 +- apt-pkg/acquire-worker.cc | 16 ++---- apt-pkg/deb/debmetaindex.cc | 118 ++++++++++++++++++++++++++++++++------------ apt-pkg/deb/debmetaindex.h | 5 +- apt-pkg/indexcopy.cc | 2 +- apt-pkg/indexfile.cc | 5 +- apt-pkg/indexfile.h | 3 ++ apt-pkg/init.cc | 1 + 9 files changed, 149 insertions(+), 58 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 63b3c9a1f..a4b1d4897 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -175,7 +175,7 @@ static void ReportMirrorFailureToCentral(pkgAcquire::Item const &I, std::string } /*}}}*/ -static bool MessageInsecureRepository(bool const isError, char const * const msg, std::string const &repo)/*{{{*/ +static APT_NONNULL(2) bool MessageInsecureRepository(bool const isError, char const * const msg, std::string const &repo)/*{{{*/ { std::string m; strprintf(m, msg, repo.c_str()); @@ -195,7 +195,28 @@ static bool MessageInsecureRepository(bool const isError, char const * const msg /*}}}*/ // AllowInsecureRepositories /*{{{*/ enum class InsecureType { UNSIGNED, WEAK, NORELEASE }; -static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType msg, std::string const &repo, +static bool TargetIsAllowedToBe(IndexTarget const &Target, InsecureType const type) +{ + if (_config->FindB("Acquire::AllowInsecureRepositories")) + return true; + + if (Target.OptionBool(IndexTarget::ALLOW_INSECURE)) + return true; + + switch (type) + { + case InsecureType::UNSIGNED: break; + case InsecureType::NORELEASE: break; + case InsecureType::WEAK: + if (_config->FindB("Acquire::AllowWeakRepositories")) + return true; + if (Target.OptionBool(IndexTarget::ALLOW_WEAK)) + return true; + break; + } + return false; +} +static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType const msg, std::string const &repo, metaIndex const * const MetaIndexParser, pkgAcqMetaClearSig * const TransactionManager, pkgAcquire::Item * const I) { // we skip weak downgrades as its unlikely that a repository gets really weaker – @@ -213,7 +234,8 @@ static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType msg, std case InsecureType::NORELEASE: msgstr = _("The repository '%s' does no longer have a Release file."); break; case InsecureType::WEAK: /* unreachable */ break; } - if (_config->FindB("Acquire::AllowDowngradeToInsecureRepositories")) + if (_config->FindB("Acquire::AllowDowngradeToInsecureRepositories") || + TransactionManager->Target.OptionBool(IndexTarget::ALLOW_DOWNGRADE_TO_INSECURE)) { // meh, the users wants to take risks (we still mark the packages // from this repository as unauthenticated) @@ -241,7 +263,7 @@ static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType msg, std case InsecureType::WEAK: msgstr = _("The repository '%s' provides only weak security information."); break; } - if (_config->FindB("Acquire::AllowInsecureRepositories") == true) + if (TargetIsAllowedToBe(TransactionManager->Target, msg) == true) { MessageInsecureRepository(false, msgstr, repo); return true; @@ -277,7 +299,20 @@ APT_CONST bool pkgAcqTransactionItem::HashesRequired() const we can at least trust them for integrity of the download itself. Only repositories without a Release file can (obviously) not have hashes – and they are very uncommon and strongly discouraged */ - return TransactionManager->MetaIndexParser->GetLoadedSuccessfully() == metaIndex::TRI_YES; + if (TransactionManager->MetaIndexParser->GetLoadedSuccessfully() != metaIndex::TRI_YES) + return false; + if (TargetIsAllowedToBe(Target, InsecureType::WEAK)) + { + /* If we allow weak hashes, we check that we have some (weak) and then + declare hashes not needed. That will tip us in the right direction + as if hashes exist, they will be used, even if not required */ + auto const hsl = GetExpectedHashes(); + if (hsl.usable()) + return true; + if (hsl.empty() == false) + return false; + } + return true; } HashStringList pkgAcqTransactionItem::GetExpectedHashes() const { @@ -1333,7 +1368,7 @@ void pkgAcqMetaClearSig::QueueIndexes(bool const verify) /*{{{*/ auto const hashes = GetExpectedHashesFor(Target.MetaKey); if (hashes.empty() == false) { - if (hashes.usable() == false) + if (hashes.usable() == false && TargetIsAllowedToBe(TransactionManager->Target, InsecureType::WEAK) == false) { new CleanupItem(Owner, TransactionManager, Target); _error->Warning(_("Skipping acquire of configured file '%s' as repository '%s' provides only weak security information for it"), @@ -1525,8 +1560,7 @@ pkgAcqMetaClearSig::pkgAcqMetaClearSig(pkgAcquire * const Owner, /*{{{*/ IndexTarget const &DetachedDataTarget, IndexTarget const &DetachedSigTarget, metaIndex * const MetaIndexParser) : pkgAcqMetaIndex(Owner, this, ClearsignedTarget, DetachedSigTarget), - d(NULL), ClearsignedTarget(ClearsignedTarget), - DetachedDataTarget(DetachedDataTarget), + d(NULL), DetachedDataTarget(DetachedDataTarget), MetaIndexParser(MetaIndexParser), LastMetaIndexParser(NULL) { // index targets + (worst case:) Release/Release.gpg @@ -1640,7 +1674,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c if(CheckStopAuthentication(this, Message)) return; - if(AllowInsecureRepositories(InsecureType::UNSIGNED, ClearsignedTarget.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) + if(AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true) { Status = StatDone; diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index 92f1ac215..ac4994738 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -368,12 +368,13 @@ class APT_HIDDEN pkgAcqTransactionItem: public pkgAcquire::Item /*{{{*/ { void * const d; protected: - IndexTarget const Target; HashStringList GetExpectedHashesFor(std::string const &MetaKey) const; bool QueueURI(pkgAcquire::ItemDesc &Item) APT_OVERRIDE; public: + IndexTarget const Target; + /** \brief storge name until a transaction is finished */ std::string PartialFile; @@ -559,8 +560,6 @@ class APT_HIDDEN pkgAcqMetaSig : public pkgAcqTransactionItem class APT_HIDDEN pkgAcqMetaClearSig : public pkgAcqMetaIndex { void * const d; - - IndexTarget const ClearsignedTarget; IndexTarget const DetachedDataTarget; public: diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc index d3d95998c..9ed7b5b28 100644 --- a/apt-pkg/acquire-worker.cc +++ b/apt-pkg/acquire-worker.cc @@ -378,6 +378,7 @@ bool pkgAcquire::Worker::RunMessages() bool const isIMSHit = StringToBool(LookupTag(Message,"IMS-Hit"),false) || StringToBool(LookupTag(Message,"Alt-IMS-Hit"),false); + auto const forcedHash = _config->Find("Acquire::ForceHash"); for (auto const Owner: ItmOwners) { HashStringList const ExpectedHashes = Owner->GetExpectedHashes(); @@ -395,9 +396,10 @@ bool pkgAcquire::Worker::RunMessages() // decide if what we got is what we expected bool consideredOkay = false; - if (ExpectedHashes.usable()) + if ((forcedHash.empty() && ExpectedHashes.empty() == false) || + (forcedHash.empty() == false && ExpectedHashes.usable())) { - if (ReceivedHashes.usable() == false) + if (ReceivedHashes.empty()) { /* IMS-Hits can't be checked here as we will have uncompressed file, but the hashes for the compressed file. What we have was good through @@ -410,16 +412,8 @@ bool pkgAcquire::Worker::RunMessages() consideredOkay = false; } - else if (Owner->HashesRequired() == true) - consideredOkay = false; else - { - consideredOkay = true; - // even if the hashes aren't usable to declare something secure - // we can at least use them to declare it an integrity failure - if (ExpectedHashes.empty() == false && ReceivedHashes != ExpectedHashes && _config->Find("Acquire::ForceHash").empty()) - consideredOkay = false; - } + consideredOkay = !Owner->HashesRequired(); if (consideredOkay == true) consideredOkay = Owner->VerifyDone(Message, Config); diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 0c9cde620..2671fc30d 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -51,8 +51,9 @@ class APT_HIDDEN debReleaseIndexPrivate /*{{{*/ std::vector Architectures; std::vector NoSupportForAll; + std::map const ReleaseOptions; - debReleaseIndexPrivate() : CheckValidUntil(metaIndex::TRI_UNSET), ValidUntilMin(0), ValidUntilMax(0) {} + debReleaseIndexPrivate(std::map const &Options) : CheckValidUntil(metaIndex::TRI_UNSET), ValidUntilMin(0), ValidUntilMax(0), ReleaseOptions(Options) {} }; /*}}}*/ // ReleaseIndex::MetaIndex* - display helpers /*{{{*/ @@ -96,11 +97,11 @@ std::string debReleaseIndex::MetaIndexURI(const char *Type) const } /*}}}*/ // ReleaseIndex Con- and Destructors /*{{{*/ -debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist) : - metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate()) +debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, std::map const &Options) : + metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate(Options)) {} -debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, bool const pTrusted) : - metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate()) +debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, bool const pTrusted, std::map const &Options) : + metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate(Options)) { Trusted = pTrusted ? TRI_YES : TRI_NO; } @@ -112,17 +113,10 @@ debReleaseIndex::~debReleaseIndex() { // ReleaseIndex::GetIndexTargets /*{{{*/ static void GetIndexTargetsFor(char const * const Type, std::string const &URI, std::string const &Dist, std::vector const &entries, - std::vector &IndexTargets) + std::vector &IndexTargets, std::map const &ReleaseOptions) { bool const flatArchive = (Dist[Dist.length() - 1] == '/'); - std::string baseURI = URI; - if (flatArchive) - { - if (Dist != "/") - baseURI += Dist; - } - else - baseURI += "dists/" + Dist + "/"; + std::string const baseURI = constructMetaIndexURI(URI, Dist, ""); std::string const Release = (Dist == "/") ? "" : Dist; std::string const Site = ::URI::ArchiveOnly(URI); @@ -292,8 +286,7 @@ static void GetIndexTargetsFor(char const * const Type, std::string const &URI, } // not available in templates, but in the indextarget - Options.insert(std::make_pair("BASE_URI", baseURI)); - Options.insert(std::make_pair("REPO_URI", URI)); + Options.insert(ReleaseOptions.begin(), ReleaseOptions.end()); Options.insert(std::make_pair("IDENTIFIER", Identifier)); Options.insert(std::make_pair("TARGET_OF", Type)); Options.insert(std::make_pair("CREATED_BY", *T)); @@ -317,7 +310,7 @@ static void GetIndexTargetsFor(char const * const Type, std::string const &URI, MetaKey, ShortDesc, LongDesc, - Options.find("BASE_URI")->second + MetaKey, + baseURI + MetaKey, IsOpt, KeepCompressed, Options @@ -344,8 +337,8 @@ static void GetIndexTargetsFor(char const * const Type, std::string const &URI, std::vector debReleaseIndex::GetIndexTargets() const { std::vector IndexTargets; - GetIndexTargetsFor("deb-src", URI, Dist, d->DebSrcEntries, IndexTargets); - GetIndexTargetsFor("deb", URI, Dist, d->DebEntries, IndexTargets); + GetIndexTargetsFor("deb-src", URI, Dist, d->DebSrcEntries, IndexTargets, d->ReleaseOptions); + GetIndexTargetsFor("deb", URI, Dist, d->DebEntries, IndexTargets, d->ReleaseOptions); return IndexTargets; } /*}}}*/ @@ -542,11 +535,11 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro metaIndex * debReleaseIndex::UnloadedClone() const /*{{{*/ { if (Trusted == TRI_NO) - return new debReleaseIndex(URI, Dist, false); + return new debReleaseIndex(URI, Dist, false, d->ReleaseOptions); else if (Trusted == TRI_YES) - return new debReleaseIndex(URI, Dist, true); + return new debReleaseIndex(URI, Dist, true, d->ReleaseOptions); else - return new debReleaseIndex(URI, Dist); + return new debReleaseIndex(URI, Dist, d->ReleaseOptions); } /*}}}*/ bool debReleaseIndex::parseSumData(const char *&Start, const char *End, /*{{{*/ @@ -611,7 +604,7 @@ bool debReleaseIndex::parseSumData(const char *&Start, const char *End, /*{{{*/ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll)/*{{{*/ { -#define APT_TARGET(X) IndexTarget("", X, MetaIndexInfo(X), MetaIndexURI(X), false, false, std::map()) +#define APT_TARGET(X) IndexTarget("", X, MetaIndexInfo(X), MetaIndexURI(X), false, false, d->ReleaseOptions) pkgAcqMetaClearSig * const TransactionManager = new pkgAcqMetaClearSig(Owner, APT_TARGET("InRelease"), APT_TARGET("Release"), APT_TARGET("Release.gpg"), this); #undef APT_TARGET @@ -751,6 +744,10 @@ std::vector *debReleaseIndex::GetIndexFiles() /*{{{*/ return Indexes; } /*}}}*/ +std::map debReleaseIndex::GetReleaseOptions() +{ + return d->ReleaseOptions; +} static bool ReleaseFileName(debReleaseIndex const * const That, std::string &ReleaseFile)/*{{{*/ { @@ -900,7 +897,7 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ return metaIndex::TRI_DONTCARE; } - time_t GetTimeOption(std::mapconst &Options, char const * const name) const + static time_t GetTimeOption(std::mapconst &Options, char const * const name) { std::map::const_iterator const opt = Options.find(name); if (opt == Options.end()) @@ -908,12 +905,74 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ return strtoull(opt->second.c_str(), NULL, 10); } + static bool GetBoolOption(std::map const &Options, char const * const name, bool const defVal) + { + std::map::const_iterator const opt = Options.find(name); + if (opt == Options.end()) + return defVal; + return StringToBool(opt->second, defVal); + } + + static std::vector GetMapKeys(std::map const &Options) + { + std::vector ret; + ret.reserve(Options.size()); + for (auto &&O: Options) + ret.emplace_back(O.first); + std::sort(ret.begin(), ret.end()); + return ret; + } + + static bool MapsAreEqual(std::map const &OptionsA, + std::map const &OptionsB, + std::string const &URI, std::string const &Dist) + { + auto const KeysA = GetMapKeys(OptionsA); + auto const KeysB = GetMapKeys(OptionsB); + auto const m = std::mismatch(KeysA.begin(), KeysA.end(), KeysB.begin()); + if (m.first != KeysA.end()) + { + if (std::find(KeysB.begin(), KeysB.end(), *m.first) == KeysB.end()) + return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.first->c_str(), "", ""); + else + return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.second->c_str(), "", ""); + } + if (m.second != KeysB.end()) + { + if (std::find(KeysA.begin(), KeysA.end(), *m.second) == KeysA.end()) + return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.first->c_str(), "", ""); + else + return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.second->c_str(), "", ""); + } + for (auto&& key: KeysA) + { + if (key == "BASE_URI" || key == "REPO_URI") + continue; + auto const a = OptionsA.find(key); + auto const b = OptionsB.find(key); + if (unlikely(a == OptionsA.end() || b == OptionsB.end()) || a->second != b->second) + return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), key.c_str(), URI.c_str(), Dist.c_str()); + } + return true; + } + protected: bool CreateItemInternal(std::vector &List, std::string const &URI, std::string const &Dist, std::string const &Section, bool const &IsSrc, std::map const &Options) const { + std::map ReleaseOptions = {{ + { "BASE_URI", constructMetaIndexURI(URI, Dist, "") }, + { "REPO_URI", URI }, + }}; + if (GetBoolOption(Options, "allow-insecure", _config->FindB("Acquire::AllowInsecureRepositories"))) + ReleaseOptions.emplace("ALLOW_INSECURE", "true"); + if (GetBoolOption(Options, "allow-weak", _config->FindB("Acquire::AllowWeakRepositories"))) + ReleaseOptions.emplace("ALLOW_WEAK", "true"); + if (GetBoolOption(Options, "allow-downgrade-to-insecure", _config->FindB("Acquire::AllowDowngradeToInsecureRepositories"))) + ReleaseOptions.emplace("ALLOW_DOWNGRADE_TO_INSECURE", "true"); + debReleaseIndex * Deb = nullptr; std::string const FileName = URItoFileName(constructMetaIndexURI(URI, Dist, "Release")); for (auto const &I: List) @@ -931,6 +990,8 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ corresponds to. */ if (URItoFileName(D->MetaIndexURI("Release")) == FileName) { + if (MapsAreEqual(ReleaseOptions, D->GetReleaseOptions(), URI, Dist) == false) + return false; Deb = D; break; } @@ -939,7 +1000,7 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ // No currently created Release file indexes this entry, so we create a new one. if (Deb == nullptr) { - Deb = new debReleaseIndex(URI, Dist); + Deb = new debReleaseIndex(URI, Dist, ReleaseOptions); List.push_back(Deb); } @@ -993,12 +1054,7 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ }), mytargets.end()); } - bool UsePDiffs = _config->FindB("Acquire::PDiffs", true); - { - std::map::const_iterator const opt = Options.find("pdiffs"); - if (opt != Options.end()) - UsePDiffs = StringToBool(opt->second); - } + bool const UsePDiffs = GetBoolOption(Options, "pdiffs", _config->FindB("Acquire::PDiffs", true)); std::string UseByHash = _config->Find("APT::Acquire::By-Hash", "yes"); UseByHash = _config->Find("Acquire::By-Hash", UseByHash); diff --git a/apt-pkg/deb/debmetaindex.h b/apt-pkg/deb/debmetaindex.h index 2bb9ed693..f903617f7 100644 --- a/apt-pkg/deb/debmetaindex.h +++ b/apt-pkg/deb/debmetaindex.h @@ -34,8 +34,8 @@ class APT_HIDDEN debReleaseIndex : public metaIndex APT_HIDDEN std::string MetaIndexFile(const char *Types) const; APT_HIDDEN std::string MetaIndexURI(const char *Type) const; - debReleaseIndex(std::string const &URI, std::string const &Dist); - debReleaseIndex(std::string const &URI, std::string const &Dist, bool const Trusted); + debReleaseIndex(std::string const &URI, std::string const &Dist, std::map const &Options); + debReleaseIndex(std::string const &URI, std::string const &Dist, bool const Trusted, std::map const &Options); virtual ~debReleaseIndex(); virtual std::string ArchiveURI(std::string const &File) const APT_OVERRIDE {return URI + File;}; @@ -56,6 +56,7 @@ class APT_HIDDEN debReleaseIndex : public metaIndex bool SetValidUntilMin(time_t const Valid); bool SetValidUntilMax(time_t const Valid); bool SetSignedBy(std::string const &SignedBy); + std::map GetReleaseOptions(); virtual bool IsTrusted() const APT_OVERRIDE; bool IsArchitectureSupported(std::string const &arch) const; diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc index 4aade6e8a..4a35e3847 100644 --- a/apt-pkg/indexcopy.cc +++ b/apt-pkg/indexcopy.cc @@ -550,7 +550,7 @@ bool SigVerify::CopyAndVerify(string CDROM,string Name,vector &SigList, if(Debug) cout << "Signature verify for: " << *I << endl; - metaIndex *MetaIndex = new debReleaseIndex("",""); + metaIndex *MetaIndex = new debReleaseIndex("","", {}); string prefix = *I; string const releasegpg = *I+"Release.gpg"; diff --git a/apt-pkg/indexfile.cc b/apt-pkg/indexfile.cc index 7ded0101b..b1435d32c 100644 --- a/apt-pkg/indexfile.cc +++ b/apt-pkg/indexfile.cc @@ -147,6 +147,9 @@ std::string IndexTarget::Option(OptionKeys const EnumKey) const /*{{{*/ APT_CASE(SOURCESENTRY); APT_CASE(BY_HASH); APT_CASE(KEEPCOMPRESSEDAS); + APT_CASE(ALLOW_INSECURE); + APT_CASE(ALLOW_WEAK); + APT_CASE(ALLOW_DOWNGRADE_TO_INSECURE); #undef APT_CASE case FILENAME: return _config->FindDir("Dir::State::lists") + URItoFileName(URI); case EXISTING_FILENAME: @@ -170,7 +173,7 @@ std::string IndexTarget::Option(OptionKeys const EnumKey) const /*{{{*/ /*}}}*/ bool IndexTarget::OptionBool(OptionKeys const EnumKey) const /*{{{*/ { - return StringToBool(Option(EnumKey)); + return StringToBool(Option(EnumKey), false); } /*}}}*/ std::string IndexTarget::Format(std::string format) const /*{{{*/ diff --git a/apt-pkg/indexfile.h b/apt-pkg/indexfile.h index 76a3d069e..68753a40a 100644 --- a/apt-pkg/indexfile.h +++ b/apt-pkg/indexfile.h @@ -93,6 +93,9 @@ class IndexTarget /*{{{*/ KEEPCOMPRESSEDAS, FALLBACK_OF, IDENTIFIER, + ALLOW_INSECURE, + ALLOW_WEAK, + ALLOW_DOWNGRADE_TO_INSECURE, }; std::string Option(OptionKeys const Key) const; bool OptionBool(OptionKeys const Key) const; diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc index c77e8e2fe..70a119a6e 100644 --- a/apt-pkg/init.cc +++ b/apt-pkg/init.cc @@ -87,6 +87,7 @@ bool pkgInitConfig(Configuration &Cnf) // Repository security Cnf.CndSet("Acquire::AllowInsecureRepositories", false); + Cnf.CndSet("Acquire::AllowWeakRepositories", false); Cnf.CndSet("Acquire::AllowDowngradeToInsecureRepositories", false); // Default cdrom mount point -- cgit v1.2.3