diff options
author | Julian Andres Klode <jak@debian.org> | 2018-12-04 20:14:45 +0000 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2018-12-04 20:14:45 +0000 |
commit | 294b5e77a25d2600e7f3ce12a996d1694b5be817 (patch) | |
tree | 4282524f2298dfd2b9af869ae70e48b940c6d9d7 | |
parent | 37bdbe03d44975951d2518bb9b3d3636081dca6a (diff) | |
parent | bbfcc05c1978decd28df9681fd73e2a7d9a8c2a5 (diff) |
Merge branch 'pu/netrcparts' into 'master'
Add support for /etc/apt/auth.conf.d/*.conf (netrcparts)
See merge request apt-team/apt!37
-rw-r--r-- | apt-pkg/init.cc | 1 | ||||
-rw-r--r-- | doc/apt_auth.conf.5.xml | 7 | ||||
-rw-r--r-- | doc/examples/configure-index | 1 | ||||
-rw-r--r-- | methods/aptmethod.h | 47 | ||||
-rwxr-xr-x | test/integration/test-authentication-basic | 13 |
5 files changed, 56 insertions, 13 deletions
diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc index 3502e7ddc..d98affe06 100644 --- a/apt-pkg/init.cc +++ b/apt-pkg/init.cc @@ -150,6 +150,7 @@ bool pkgInitConfig(Configuration &Cnf) Cnf.CndSet("Dir::Etc::sourceparts","sources.list.d"); Cnf.CndSet("Dir::Etc::main","apt.conf"); Cnf.CndSet("Dir::Etc::netrc", "auth.conf"); + Cnf.CndSet("Dir::Etc::netrcparts", "auth.conf.d"); Cnf.CndSet("Dir::Etc::parts","apt.conf.d"); Cnf.CndSet("Dir::Etc::preferences","preferences"); Cnf.CndSet("Dir::Etc::preferencesparts","preferences.d"); diff --git a/doc/apt_auth.conf.5.xml b/doc/apt_auth.conf.5.xml index 37e4fbc98..26d14b8e8 100644 --- a/doc/apt_auth.conf.5.xml +++ b/doc/apt_auth.conf.5.xml @@ -36,7 +36,8 @@ needed to connect to a proxy or to download data from a repository on the other hand shouldn't always be accessible by everyone and can hence not be placed in a file with world-readable file permissions.</para> -<para>The APT auth.conf file <filename>/etc/apt/auth.conf</filename> can be used to store +<para>The APT auth.conf file <filename>/etc/apt/auth.conf</filename>, and .conf files inside +<filename>/etc/apt/auth.conf.d</filename> can be used to store login information in a netrc-like format with restrictive file permissions.</para> </refsect1> @@ -119,6 +120,10 @@ you need multiple they should all have a path specified in the <listitem><para>Login information for APT sources and proxies in a netrc-like format. Configuration Item: <literal>Dir::Etc::netrc</literal>.</para></listitem> </varlistentry> + <varlistentry><term><filename>/etc/apt/auth.conf.d/*.conf</filename></term> + <listitem><para>Login information for APT sources and proxies in a netrc-like format. + Configuration Item: <literal>Dir::Etc::netrcparts</literal>.</para></listitem> + </varlistentry> </variablelist> </refsect1> diff --git a/doc/examples/configure-index b/doc/examples/configure-index index 99aedfd19..3dd6e0afc 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -399,6 +399,7 @@ Dir "<DIR>" Etc "<DIR>" { Main "<FILE>"; Netrc "<FILE>"; + NetrcParts "<DIR>"; Parts "<DIR>"; Preferences "<FILE>"; PreferencesParts "<DIR>"; diff --git a/methods/aptmethod.h b/methods/aptmethod.h index cb5a30e21..f6613ac3b 100644 --- a/methods/aptmethod.h +++ b/methods/aptmethod.h @@ -11,6 +11,7 @@ #include <algorithm> #include <locale> +#include <memory> #include <string> #include <vector> @@ -471,8 +472,9 @@ protected: }; class aptAuthConfMethod : public aptMethod { - FileFd authconf; -public: + std::vector<std::unique_ptr<FileFd>> authconfs; + + public: virtual bool Configuration(std::string Message) APT_OVERRIDE { if (pkgAcqMethod::Configuration(Message) == false) @@ -481,14 +483,25 @@ public: std::string const conf = std::string("Binary::") + Binary; _config->MoveSubTree(conf.c_str(), NULL); + // ignore errors with opening the auth file as it doesn't need to exist + _error->PushToStack(); auto const netrc = _config->FindFile("Dir::Etc::netrc"); if (netrc.empty() == false) { - // ignore errors with opening the auth file as it doesn't need to exist - _error->PushToStack(); - authconf.Open(netrc, FileFd::ReadOnly); - _error->RevertToStack(); + authconfs.emplace_back(new FileFd()); + authconfs.back()->Open(netrc, FileFd::ReadOnly); + } + + auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts"); + if (netrcparts.empty() == false) + { + for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true)) + { + authconfs.emplace_back(new FileFd()); + authconfs.back()->Open(netrc, FileFd::ReadOnly); + } } + _error->RevertToStack(); DropPrivsOrDie(); @@ -500,13 +513,25 @@ public: bool MaybeAddAuthTo(URI &uri) { + bool result = true; + if (uri.User.empty() == false || uri.Password.empty() == false) return true; - if (authconf.IsOpen() == false) - return true; - if (authconf.Seek(0) == false) - return false; - return MaybeAddAuth(authconf, uri); + + for (auto &authconf : authconfs) + { + if (authconf->IsOpen() == false) + continue; + if (authconf->Seek(0) == false) + { + result = false; + continue; + } + + result &= MaybeAddAuth(*authconf, uri); + } + + return result; } aptAuthConfMethod(std::string &&Binary, char const *const Ver, unsigned long const Flags) APT_NONNULL(3) diff --git a/test/integration/test-authentication-basic b/test/integration/test-authentication-basic index 011f205af..211c73e35 100755 --- a/test/integration/test-authentication-basic +++ b/test/integration/test-authentication-basic @@ -53,7 +53,8 @@ Conf foo (1 unstable [all])' aptget install foo -s } authfile() { - local AUTHCONF='rootdir/etc/apt/auth.conf' + local AUTHCONF="${2:-rootdir/etc/apt/auth.conf}" + mkdir -p "$(dirname "$AUTHCONF")" rm -f "$AUTHCONF" printf '%s' "$1" > "$AUTHCONF" chmod 600 "$AUTHCONF" @@ -85,6 +86,16 @@ machine localhost login star@irc password hunter2' testauthsuccess "$1" + + # delete file, make sure it fails; add auth.conf.d snippet, works again. + rm rootdir/etc/apt/auth.conf + testauthfailure "$1" + + authfile 'machine localhost +login star@irc +password hunter2' rootdir/etc/apt/auth.conf.d/myauth.conf + testauthsuccess "$1" + rm rootdir/etc/apt/auth.conf.d/myauth.conf } msgmsg 'server basic auth' |