summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
authorMichael Vogt <mvo@ubuntu.com>2014-10-01 12:21:55 +0200
committerMichael Vogt <mvo@ubuntu.com>2014-10-01 13:05:26 +0200
commitc99fe2e169243fc6e1a3278ce3768f0f521e260b (patch)
tree8b9c5141f4e90a02a1b342692b217c3567684a1d /apt-pkg
parent8d266656767f6c7c3946700c7052d0b8b6212742 (diff)
Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories}
The configuration key Acquire::AllowInsecureRepositories controls if apt allows loading of unsigned repositories at all. The configuration Acquire::AllowDowngradeToInsecureRepositories controls if a signed repository can ever become unsigned. This should really never be needed but we provide it to avoid having to mess around in /var/lib/apt/lists if there is a use-case for this (which I can't think of right now).
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/acquire-item.cc35
-rw-r--r--apt-pkg/init.cc4
2 files changed, 28 insertions, 11 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 4a684f40c..93ba098ee 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1629,14 +1629,27 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
"InRelease");
string FinalInRelease = _config->FindDir("Dir::State::lists") + URItoFileName(InReleaseURI);
- if(RealFileExists(Final) || RealFileExists(FinalInRelease))
+ if (RealFileExists(Final) || RealFileExists(FinalInRelease))
{
- _error->Error("The repository '%s' is no longer signed.",
- URIDesc.c_str());
- Rename(MetaIndexFile, MetaIndexFile+".FAILED");
- Status = pkgAcquire::Item::StatError;
- TransactionManager->AbortTransaction();
- return;
+ std::string downgrade_msg;
+ strprintf(downgrade_msg, _("The repository '%s' is no longer signed."),
+ URIDesc.c_str());
+ if(_config->FindB("Acquire::AllowDowngradeToInsecureRepositories"))
+ {
+ // meh, the users wants to take risks (we still mark the packages
+ // from this repository as unauthenticated)
+ _error->Warning("%s", downgrade_msg.c_str());
+ _error->Warning(_("This is normally not allowed, but the option "
+ "Acquire::AllowDowngradeToInsecureRepositories was "
+ "given to override it."));
+
+ } else {
+ _error->Error("%s", downgrade_msg.c_str());
+ Rename(MetaIndexFile, MetaIndexFile+".FAILED");
+ Status = pkgAcquire::Item::StatError;
+ TransactionManager->AbortTransaction();
+ return;
+ }
}
// this ensures that any file in the lists/ dir is removed by the
@@ -1654,7 +1667,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
}
// only allow going further if the users explicitely wants it
- if(_config->FindB("APT::Get::AllowUnauthenticated", false) == true)
+ if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
{
// we parse the indexes here because at this point the user wanted
// a repository that may potentially harm him
@@ -1663,7 +1676,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
}
else
{
- _error->Warning("Use --allow-unauthenticated to force the update");
+ _error->Warning("Use --allow-insecure-repositories to force the update");
}
// FIXME: this is used often (e.g. in pkgAcqIndexTrans) so refactor
@@ -2123,12 +2136,12 @@ void pkgAcqMetaIndex::Failed(string Message,
// No Release file was present, or verification failed, so fall
// back to queueing Packages files without verification
// only allow going further if the users explicitely wants it
- if(_config->FindB("APT::Get::AllowUnauthenticated", false) == true)
+ if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
{
QueueIndexes(false);
} else {
// warn if the repository is unsinged
- _error->Warning("Use --allow-unauthenticated to force the update");
+ _error->Warning("Use --allow-insecure-repositories to force the update");
}
}
/*}}}*/
diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc
index 241628632..82dff4ee8 100644
--- a/apt-pkg/init.cc
+++ b/apt-pkg/init.cc
@@ -88,6 +88,10 @@ bool pkgInitConfig(Configuration &Cnf)
Cnf.Set("Dir::Ignore-Files-Silently::", "\\.orig$");
Cnf.Set("Dir::Ignore-Files-Silently::", "\\.distUpgrade$");
+ // Repository security
+ Cnf.CndSet("Acquire::AllowInsecureRepositories", false);
+ Cnf.CndSet("Acquire::AllowDowngradeToInsecureRepositories", false);
+
// Default cdrom mount point
Cnf.CndSet("Acquire::cdrom::mount", "/media/cdrom/");