From cc67debf273087c44f39a63363553577eb0fcb9c Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 1 Feb 2019 14:43:52 +0100 Subject: Add a Packages-Require-Authorization Release file field This new field allows a repository to declare that access to packages requires authorization. The current implementation will set the pin to -32768 if no authorization has been provided in the auth.conf(.d) files. This implementation is suboptimal in two aspects: (1) A repository should behave more like NotSource repositories (2) We only have the host name for the repository, we cannot use paths yet. - We can fix those after an ABI break. The code also adds a check to acquire-item.cc to not use the specified repository as a download source, mimicking NotSource. (cherry picked from commit c2b9b0489538fed4770515bd8853a960b13a2618) LP: #1814727 (cherry picked from commit d75162bc67d5a1a690eb2a8747d31ad68353823e) (cherry picked from commit 19075f52174199fe7665334ad1815c747c26c10b) Conflicts: apt-pkg/deb/debmetaindex.cc apt-pkg/pkgcache.h --- .../test-packages-require-authorization | 61 ++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100755 test/integration/test-packages-require-authorization (limited to 'test/integration') diff --git a/test/integration/test-packages-require-authorization b/test/integration/test-packages-require-authorization new file mode 100755 index 000000000..803957c5e --- /dev/null +++ b/test/integration/test-packages-require-authorization @@ -0,0 +1,61 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" +setupenvironment +configarchitecture 'amd64' + +insertpackage 'unstable' 'cool' 'amd64' '1.0' + +export APT_DONT_SIGN='InRelease' +setupaptarchive --no-update +changetowebserver + +echo 'Packages-Require-Authorization: yes' >> aptarchive/dists/unstable/Release +signreleasefiles + +testsuccess aptget update +testequal "Package files: + 100 ${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg/status + release a=now +-32768 http://localhost:8080/ unstable/main amd64 Packages + release a=unstable,n=sid,c=main + origin localhost +Pinned packages:" aptcache policy + +mkdir rootdir/etc/apt/auth.conf.d +cat > rootdir/etc/apt/auth.conf.d/myauth.conf << EOF +machine localhost +login username +password usersPassword +EOF + + +testequal "Package files: + 100 ${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg/status + release a=now + 500 http://localhost:8080/ unstable/main amd64 Packages + release a=unstable,n=sid,c=main + origin localhost +Pinned packages:" aptcache policy + + +cat > rootdir/etc/apt/preferences.d/myauth.pref << EOF +Package: * +Pin: origin localhost +Pin-Priority: 990 + +Package: cool +Pin: origin localhost +Pin-Priority: 990 +EOF + +testequal "Package files: + 100 ${TMPWORKINGDIRECTORY}/rootdir/var/lib/dpkg/status + release a=now + 990 http://localhost:8080/ unstable/main amd64 Packages + release a=unstable,n=sid,c=main + origin localhost +Pinned packages: + cool -> 1.0" aptcache policy -- cgit v1.2.3