summaryrefslogtreecommitdiff
path: root/apt-pkg/acquire-worker.cc
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-06-20 20:50:43 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2016-06-22 14:05:01 +0200
commitd03b947b0ce4f87d7d5cc48d4d274ab3bd0b289a (patch)
tree36b17da3040ffc4181e20e4b1c254671c2b24e3a /apt-pkg/acquire-worker.cc
parent5da51e0e2da3f055306562d38103b06a23d81719 (diff)
add insecure (and weak) allow-options for sources.list
Weak had no dedicated option before and Insecure and Downgrade were both global options, which given the effect they all have on security is rather bad. Setting them for individual repositories only isn't great but at least slightly better and also more consistent with other settings for repositories.
Diffstat (limited to 'apt-pkg/acquire-worker.cc')
-rw-r--r--apt-pkg/acquire-worker.cc16
1 files changed, 5 insertions, 11 deletions
diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc
index d3d95998c..9ed7b5b28 100644
--- a/apt-pkg/acquire-worker.cc
+++ b/apt-pkg/acquire-worker.cc
@@ -378,6 +378,7 @@ bool pkgAcquire::Worker::RunMessages()
bool const isIMSHit = StringToBool(LookupTag(Message,"IMS-Hit"),false) ||
StringToBool(LookupTag(Message,"Alt-IMS-Hit"),false);
+ auto const forcedHash = _config->Find("Acquire::ForceHash");
for (auto const Owner: ItmOwners)
{
HashStringList const ExpectedHashes = Owner->GetExpectedHashes();
@@ -395,9 +396,10 @@ bool pkgAcquire::Worker::RunMessages()
// decide if what we got is what we expected
bool consideredOkay = false;
- if (ExpectedHashes.usable())
+ if ((forcedHash.empty() && ExpectedHashes.empty() == false) ||
+ (forcedHash.empty() == false && ExpectedHashes.usable()))
{
- if (ReceivedHashes.usable() == false)
+ if (ReceivedHashes.empty())
{
/* IMS-Hits can't be checked here as we will have uncompressed file,
but the hashes for the compressed file. What we have was good through
@@ -410,16 +412,8 @@ bool pkgAcquire::Worker::RunMessages()
consideredOkay = false;
}
- else if (Owner->HashesRequired() == true)
- consideredOkay = false;
else
- {
- consideredOkay = true;
- // even if the hashes aren't usable to declare something secure
- // we can at least use them to declare it an integrity failure
- if (ExpectedHashes.empty() == false && ReceivedHashes != ExpectedHashes && _config->Find("Acquire::ForceHash").empty())
- consideredOkay = false;
- }
+ consideredOkay = !Owner->HashesRequired();
if (consideredOkay == true)
consideredOkay = Owner->VerifyDone(Message, Config);
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-01 08:37:42 +0000