From 952ee63b0af14a534c0aca00c11d1a99be6b22b2 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 18 Mar 2016 14:46:24 +0100 Subject: forbid insecure repositories by default expect in apt-get With this commit all APT-based clients default to refusing to work with unsigned or otherwise insufficently secured repositories. In terms of apt and apt-get this changes nothing, but it effects all tools using libapt like aptitude, synaptic or packagekit. The exception remains apt-get for stretch for now as this might break too many scripts/usecases too quickly. The documentation is updated and extended to reflect how to opt out or in on this behaviour change. Closes: 808367 --- apt-private/private-cmndline.cc | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) (limited to 'apt-private') diff --git a/apt-private/private-cmndline.cc b/apt-private/private-cmndline.cc index ba64c5b46..481c23c94 100644 --- a/apt-private/private-cmndline.cc +++ b/apt-private/private-cmndline.cc @@ -372,7 +372,6 @@ std::vector getCommandArgs(APT_CMD const Program, char const return Args; } /*}}}*/ -#undef CmdMatches #undef addArg static void ShowHelpListCommands(std::vector const &Cmds)/*{{{*/ { @@ -445,15 +444,22 @@ static void BinarySpecificConfiguration(char const * const Binary) /*{{{*/ _config->CndSet("Binary::apt::APT::Get::Upgrade-Allow-New", true); _config->CndSet("Binary::apt::APT::Cmd::Show-Update-Stats", true); _config->CndSet("Binary::apt::DPkg::Progress-Fancy", true); - _config->CndSet("Binary::apt::Acquire::AllowInsecureRepositories", false); _config->CndSet("Binary::apt::APT::Keep-Downloaded-Packages", false); } + if (binary == "apt-config") + _config->CndSet("Binary::apt-get::Acquire::AllowInsecureRepositories", true); _config->Set("Binary", binary); - std::string const conf = "Binary::" + binary; - _config->MoveSubTree(conf.c_str(), NULL); } /*}}}*/ +static void BinaryCommandSpecificConfiguration(char const * const Binary, char const * const Cmd)/*{{{*/ +{ + std::string const binary = flNotDir(Binary); + if (binary == "apt-get" && CmdMatches("update")) + _config->CndSet("Binary::apt-get::Acquire::AllowInsecureRepositories", true); +} +#undef CmdMatches + /*}}}*/ std::vector ParseCommandLine(CommandLine &CmdL, APT_CMD const Binary,/*{{{*/ Configuration * const * const Cnf, pkgSystem ** const Sys, int const argc, const char *argv[], bool (*ShowHelp)(CommandLine &), std::vector (*GetCommands)(void)) @@ -481,11 +487,14 @@ std::vector ParseCommandLine(CommandLine &CmdL, APT_CMD c // Args running out of scope invalidates the pointer stored in CmdL, // but we don't use the pointer after this function, so we ignore // this problem for now and figure something out if we have to. - std::vector Args; + char const * CmdCalled = nullptr; if (Cmds.empty() == false && Cmds[0].Handler != nullptr) - Args = getCommandArgs(Binary, CommandLine::GetCommand(Cmds.data(), argc, argv)); - else - Args = getCommandArgs(Binary, nullptr); + CmdCalled = CommandLine::GetCommand(Cmds.data(), argc, argv); + if (CmdCalled != nullptr) + BinaryCommandSpecificConfiguration(argv[0], CmdCalled); + std::string const conf = "Binary::" + _config->Find("Binary"); + _config->MoveSubTree(conf.c_str(), nullptr); + auto Args = getCommandArgs(Binary, CmdCalled); CmdL = CommandLine(Args.data(), _config); if (CmdL.Parse(argc,argv) == false || -- cgit v1.2.3