Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories}

The configuration key Acquire::AllowInsecureRepositories controls if apt allows loading of unsigned repositories at all. The configuration Acquire::AllowDowngradeToInsecureRepositories controls if a signed repository can ever become unsigned. This should really never be needed but we provide it to avoid having to mess around in /var/lib/apt/lists if there is a use-case for this (which I can't think of right now).
author: Michael Vogt <mvo@ubuntu.com> 2014-10-01 12:21:55 +0200
committer: Michael Vogt <mvo@ubuntu.com> 2014-10-01 13:05:26 +0200
commit: c99fe2e169243fc6e1a3278ce3768f0f521e260b (patch)
tree: 8b9c5141f4e90a02a1b342692b217c3567684a1d /apt-pkg/init.cc
parent: 8d266656767f6c7c3946700c7052d0b8b6212742 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc
index 241628632..82dff4ee8 100644
--- a/apt-pkg/init.cc
+++ b/apt-pkg/init.cc
@@ -88,6 +88,10 @@ bool pkgInitConfig(Configuration &Cnf)
    Cnf.Set("Dir::Ignore-Files-Silently::", "\\.orig$");
    Cnf.Set("Dir::Ignore-Files-Silently::", "\\.distUpgrade$");
 
+   // Repository security
+   Cnf.CndSet("Acquire::AllowInsecureRepositories", false);
+   Cnf.CndSet("Acquire::AllowDowngradeToInsecureRepositories", false);
+
    // Default cdrom mount point
    Cnf.CndSet("Acquire::cdrom::mount", "/media/cdrom/");
author	Michael Vogt <mvo@ubuntu.com>	2014-10-01 12:21:55 +0200
committer	Michael Vogt <mvo@ubuntu.com>	2014-10-01 13:05:26 +0200
commit	c99fe2e169243fc6e1a3278ce3768f0f521e260b (patch)
tree	8b9c5141f4e90a02a1b342692b217c3567684a1d /apt-pkg/init.cc
parent	8d266656767f6c7c3946700c7052d0b8b6212742 (diff)