From d03b947b0ce4f87d7d5cc48d4d274ab3bd0b289a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 20 Jun 2016 20:50:43 +0200 Subject: add insecure (and weak) allow-options for sources.list Weak had no dedicated option before and Insecure and Downgrade were both global options, which given the effect they all have on security is rather bad. Setting them for individual repositories only isn't great but at least slightly better and also more consistent with other settings for repositories. --- test/integration/test-apt-update-nofallback | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'test/integration/test-apt-update-nofallback') diff --git a/test/integration/test-apt-update-nofallback b/test/integration/test-apt-update-nofallback index 40fbae560..60f329a4a 100755 --- a/test/integration/test-apt-update-nofallback +++ b/test/integration/test-apt-update-nofallback @@ -93,10 +93,16 @@ test_from_inrelease_to_unsigned_with_override() find "$APTARCHIVE" -name '*Packages*' -exec touch -d '+2 hours' {} \; # and ensure we can update to it (with enough force) + testfailure apt update testfailure aptget update testfailure aptget update --allow-insecure-repositories - testwarning aptget update --allow-insecure-repositories \ - -o Acquire::AllowDowngradeToInsecureRepositories=1 -o Debug::pkgAcquire::Worker=1 -o Debug::pkgAcquire::Auth=1 + testfailure aptget update --no-allow-insecure-repositories + sed -i 's#^deb\(-src\)\? #deb\1 [allow-downgrade-to-insecure=yes] #' rootdir/etc/apt/sources.list.d/* + testfailure aptget update --no-allow-insecure-repositories + testfailure apt update + testwarning apt update --allow-insecure-repositories \ + -o Debug::pkgAcquire::Worker=1 -o Debug::pkgAcquire::Auth=1 + sed -i 's#^deb\(-src\)\? \[allow-downgrade-to-insecure=yes\] #deb\1 #' rootdir/etc/apt/sources.list.d/* # but that the individual packages are still considered untrusted testfailureequal "WARNING: The following packages cannot be authenticated! evil -- cgit v1.2.3