From 054243fd0febfef5f1ba89f61eed0e6a34c6a25f Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 14 Jul 2017 13:49:33 +0200 Subject: show a warning for Debian shutting down FTP services MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We detect the effected sources by matching Release info – that has potential by-catch of repositories which have incorrect field values, but those are better fixed now anyhow. The bigger incorrectness is that this message will not only be printed for the Debian services itself but also for all mirrors not under Debian control but serving Debian like more local/private mirrors which will not (directly) shutdown. It is likely through that many of them will follow suite with less visible announcements or break downright if their upstream source disappears, so having false-positives here seems benefitial for the user in the end. --- apt-private/private-update.cc | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'apt-private/private-update.cc') diff --git a/apt-private/private-update.cc b/apt-private/private-update.cc index 8949dab30..f235a6191 100644 --- a/apt-private/private-update.cc +++ b/apt-private/private-update.cc @@ -8,6 +8,7 @@ #include #include #include +#include #include #include @@ -79,6 +80,31 @@ bool DoUpdate(CommandLine &CmdL) if (Cache.BuildCaches(false) == false) return false; + if (_config->FindB("APT::Get::Update::SourceListWarnings", true)) + { + List = Cache.GetSourceList(); + for (pkgSourceList::const_iterator S = List->begin(); S != List->end(); ++S) + { + if (APT::String::Startswith((*S)->GetURI(), "ftp://") == false) + continue; + pkgCache::RlsFileIterator const RlsFile = (*S)->FindInCache(Cache, false); + if (RlsFile.end() || RlsFile->Origin == 0 || RlsFile->Label == 0) + continue; + char const *const affected[][2] = { + {"Debian", "Debian"}, + {"Debian", "Debian-Security"}, + {"Debian Backports", "Debian Backports"}, + }; + auto const matchRelease = [&](decltype(affected[0]) a) { + return strcmp(RlsFile.Origin(), a[0]) == 0 && strcmp(RlsFile.Label(), a[1]) == 0; + }; + if (std::find_if(std::begin(affected), std::end(affected), matchRelease) != std::end(affected)) + _error->Warning("Debian shuts down public FTP services currently still used in your sources.list(5) as '%s'.\n" + "See press release %s for details.", + (*S)->GetURI().c_str(), "https://debian.org/News/2017/20170425"); + } + } + // show basic stats (if the user whishes) if (_config->FindB("APT::Cmd::Show-Update-Stats", false) == true) { -- cgit v1.2.3 From 8580574ec63fedd39a3ab3b9f0025e08eae5f620 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 14 Jul 2017 17:07:22 +0200 Subject: suggest using auth.conf for sources with passwords The feature exists for a long while even if we get around to document it properly only now, so we should push for its adoption a bit to avoid the problems its supposed to solve like avoiding usage of non-world readable configuration files as they can cause strange behaviour for the unsuspecting user (like different solutions as root and non-root). --- apt-private/private-update.cc | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'apt-private/private-update.cc') diff --git a/apt-private/private-update.cc b/apt-private/private-update.cc index f235a6191..c9113ddd3 100644 --- a/apt-private/private-update.cc +++ b/apt-private/private-update.cc @@ -103,6 +103,19 @@ bool DoUpdate(CommandLine &CmdL) "See press release %s for details.", (*S)->GetURI().c_str(), "https://debian.org/News/2017/20170425"); } + for (pkgSourceList::const_iterator S = List->begin(); S != List->end(); ++S) + { + URI uri((*S)->GetURI()); + if (uri.User.empty() && uri.Password.empty()) + continue; + // we can't really predict if a +http method supports everything http does, + // so we play it safe and use a whitelist here. + char const *const affected[] = {"http", "https", "tor+http", "tor+https", "ftp"}; + if (std::find(std::begin(affected), std::end(affected), uri.Access) != std::end(affected)) + // TRANSLATOR: the first two are manpage references, the last the URI from a sources.list + _error->Notice(_("Usage of %s should be preferred over embedding login information directly in the %s entry for '%s'"), + "apt_auth.conf(5)", "sources.list(5)", URI::ArchiveOnly(uri).c_str()); + } } // show basic stats (if the user whishes) -- cgit v1.2.3