diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2019-02-01 14:43:52 +0100 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2019-02-01 17:52:03 +0100 |
| commit | c2b9b0489538fed4770515bd8853a960b13a2618 (patch) | |
| tree | 1e667cbb28fb62d22bef583c70f5d3b86aed4d4b /apt-pkg/contrib | |
| parent | 8bb2a91a070170d7d8e71206d1c66a26809bdbc3 (diff) | |
Add a Packages-Require-Authorization Release file field
This new field allows a repository to declare that access to
packages requires authorization. The current implementation will
set the pin to -32768 if no authorization has been provided in
the auth.conf(.d) files.
This implementation is suboptimal in two aspects:
(1) A repository should behave more like NotSource repositories
(2) We only have the host name for the repository, we cannot use
paths yet.
- We can fix those after an ABI break.
The code also adds a check to acquire-item.cc to not use the
specified repository as a download source, mimicking NotSource.
Diffstat (limited to 'apt-pkg/contrib')
| -rw-r--r-- | apt-pkg/contrib/netrc.cc | 44 | ||||
| -rw-r--r-- | apt-pkg/contrib/netrc.h | 4 |
2 files changed, 48 insertions, 0 deletions
diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc index 84b4c0ed8..48114ba3c 100644 --- a/apt-pkg/contrib/netrc.cc +++ b/apt-pkg/contrib/netrc.cc @@ -13,6 +13,7 @@ #include <config.h> #include <apt-pkg/configuration.h> +#include <apt-pkg/error.h> #include <apt-pkg/fileutl.h> #include <apt-pkg/strutl.h> @@ -149,3 +150,46 @@ void maybe_add_auth(URI &Uri, std::string NetRCFile) if (fd.Open(NetRCFile, FileFd::ReadOnly)) MaybeAddAuth(fd, Uri); } + +/* Check if we are authorized. */ +bool IsAuthorized(pkgCache::PkgFileIterator const I, std::vector<std::unique_ptr<FileFd>> &authconfs) +{ + if (authconfs.empty()) + { + _error->PushToStack(); + auto const netrc = _config->FindFile("Dir::Etc::netrc"); + if (not netrc.empty()) + { + authconfs.emplace_back(new FileFd()); + authconfs.back()->Open(netrc, FileFd::ReadOnly); + } + + auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts"); + if (not netrcparts.empty()) + { + for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true)) + { + authconfs.emplace_back(new FileFd()); + authconfs.back()->Open(netrc, FileFd::ReadOnly); + } + } + _error->RevertToStack(); + } + + // FIXME: Use the full base url + URI uri(std::string("http://") + I.Site() + "/"); + for (auto &authconf : authconfs) + { + if (not authconf->IsOpen()) + continue; + if (not authconf->Seek(0)) + continue; + + MaybeAddAuth(*authconf, uri); + + if (not uri.User.empty() || not uri.Password.empty()) + return true; + } + + return false; +} diff --git a/apt-pkg/contrib/netrc.h b/apt-pkg/contrib/netrc.h index 981494064..80d95acc1 100644 --- a/apt-pkg/contrib/netrc.h +++ b/apt-pkg/contrib/netrc.h @@ -13,9 +13,12 @@ #ifndef NETRC_H #define NETRC_H +#include <memory> #include <string> +#include <vector> #include <apt-pkg/macros.h> +#include <apt-pkg/pkgcache.h> #ifndef APT_8_CLEANER_HEADERS #include <apt-pkg/strutl.h> @@ -32,4 +35,5 @@ class FileFd; APT_DEPRECATED_MSG("Use FileFd-based MaybeAddAuth instead") void maybe_add_auth(URI &Uri, std::string NetRCFile); bool MaybeAddAuth(FileFd &NetRCFile, URI &Uri); +bool IsAuthorized(pkgCache::PkgFileIterator const I, std::vector<std::unique_ptr<FileFd>> &authconfs) APT_HIDDEN; #endif |