diff options
author | Michael Vogt <mvo@ubuntu.com> | 2014-10-01 12:21:55 +0200 |
---|---|---|
committer | Michael Vogt <mvo@ubuntu.com> | 2014-10-01 13:05:26 +0200 |
commit | c99fe2e169243fc6e1a3278ce3768f0f521e260b (patch) | |
tree | 8b9c5141f4e90a02a1b342692b217c3567684a1d /apt-pkg | |
parent | 8d266656767f6c7c3946700c7052d0b8b6212742 (diff) |
Use Acquire::Allow{InsecureRepositories,DowngradeToInsecureRepositories}
The configuration key Acquire::AllowInsecureRepositories controls if
apt allows loading of unsigned repositories at all.
The configuration Acquire::AllowDowngradeToInsecureRepositories
controls if a signed repository can ever become unsigned. This
should really never be needed but we provide it to avoid having
to mess around in /var/lib/apt/lists if there is a use-case for
this (which I can't think of right now).
Diffstat (limited to 'apt-pkg')
-rw-r--r-- | apt-pkg/acquire-item.cc | 35 | ||||
-rw-r--r-- | apt-pkg/init.cc | 4 |
2 files changed, 28 insertions, 11 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 4a684f40c..93ba098ee 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1629,14 +1629,27 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ "InRelease"); string FinalInRelease = _config->FindDir("Dir::State::lists") + URItoFileName(InReleaseURI); - if(RealFileExists(Final) || RealFileExists(FinalInRelease)) + if (RealFileExists(Final) || RealFileExists(FinalInRelease)) { - _error->Error("The repository '%s' is no longer signed.", - URIDesc.c_str()); - Rename(MetaIndexFile, MetaIndexFile+".FAILED"); - Status = pkgAcquire::Item::StatError; - TransactionManager->AbortTransaction(); - return; + std::string downgrade_msg; + strprintf(downgrade_msg, _("The repository '%s' is no longer signed."), + URIDesc.c_str()); + if(_config->FindB("Acquire::AllowDowngradeToInsecureRepositories")) + { + // meh, the users wants to take risks (we still mark the packages + // from this repository as unauthenticated) + _error->Warning("%s", downgrade_msg.c_str()); + _error->Warning(_("This is normally not allowed, but the option " + "Acquire::AllowDowngradeToInsecureRepositories was " + "given to override it.")); + + } else { + _error->Error("%s", downgrade_msg.c_str()); + Rename(MetaIndexFile, MetaIndexFile+".FAILED"); + Status = pkgAcquire::Item::StatError; + TransactionManager->AbortTransaction(); + return; + } } // this ensures that any file in the lists/ dir is removed by the @@ -1654,7 +1667,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ } // only allow going further if the users explicitely wants it - if(_config->FindB("APT::Get::AllowUnauthenticated", false) == true) + if(_config->FindB("Acquire::AllowInsecureRepositories") == true) { // we parse the indexes here because at this point the user wanted // a repository that may potentially harm him @@ -1663,7 +1676,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ } else { - _error->Warning("Use --allow-unauthenticated to force the update"); + _error->Warning("Use --allow-insecure-repositories to force the update"); } // FIXME: this is used often (e.g. in pkgAcqIndexTrans) so refactor @@ -2123,12 +2136,12 @@ void pkgAcqMetaIndex::Failed(string Message, // No Release file was present, or verification failed, so fall // back to queueing Packages files without verification // only allow going further if the users explicitely wants it - if(_config->FindB("APT::Get::AllowUnauthenticated", false) == true) + if(_config->FindB("Acquire::AllowInsecureRepositories") == true) { QueueIndexes(false); } else { // warn if the repository is unsinged - _error->Warning("Use --allow-unauthenticated to force the update"); + _error->Warning("Use --allow-insecure-repositories to force the update"); } } /*}}}*/ diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc index 241628632..82dff4ee8 100644 --- a/apt-pkg/init.cc +++ b/apt-pkg/init.cc @@ -88,6 +88,10 @@ bool pkgInitConfig(Configuration &Cnf) Cnf.Set("Dir::Ignore-Files-Silently::", "\\.orig$"); Cnf.Set("Dir::Ignore-Files-Silently::", "\\.distUpgrade$"); + // Repository security + Cnf.CndSet("Acquire::AllowInsecureRepositories", false); + Cnf.CndSet("Acquire::AllowDowngradeToInsecureRepositories", false); + // Default cdrom mount point Cnf.CndSet("Acquire::cdrom::mount", "/media/cdrom/"); |