summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--apt-private/private-cmndline.cc4
-rw-r--r--debian/NEWS14
-rw-r--r--doc/apt-secure.8.xml10
-rwxr-xr-xtest/integration/test-apt-get-update-unauth-warning5
-rwxr-xr-xtest/integration/test-bug-838779-untrusted-to-trusted-Release-hit6
-rwxr-xr-xtest/integration/test-handle-redirect-as-used-mirror-change3
6 files changed, 23 insertions, 19 deletions
diff --git a/apt-private/private-cmndline.cc b/apt-private/private-cmndline.cc
index de3992a00..06683ae61 100644
--- a/apt-private/private-cmndline.cc
+++ b/apt-private/private-cmndline.cc
@@ -463,8 +463,6 @@ static void BinarySpecificConfiguration(char const * const Binary) /*{{{*/
_config->CndSet("Binary::apt::DPkg::Progress-Fancy", true);
_config->CndSet("Binary::apt::APT::Keep-Downloaded-Packages", false);
}
- if (binary == "apt-config")
- _config->CndSet("Binary::apt-get::Acquire::AllowInsecureRepositories", true);
_config->Set("Binary", binary);
}
@@ -472,8 +470,6 @@ static void BinarySpecificConfiguration(char const * const Binary) /*{{{*/
static void BinaryCommandSpecificConfiguration(char const * const Binary, char const * const Cmd)/*{{{*/
{
std::string const binary = flNotDir(Binary);
- if (binary == "apt-get" && CmdMatches("update"))
- _config->CndSet("Binary::apt-get::Acquire::AllowInsecureRepositories", true);
if ((binary == "apt" || binary == "apt-get") && CmdMatches("upgrade", "dist-upgrade", "full-upgrade"))
{
//FIXME: the option is documented to apply only for install/remove, so
diff --git a/debian/NEWS b/debian/NEWS
index bff3621bc..00cb9be46 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,17 @@
+apt (1.5~) UNRELEASED; urgency=medium
+
+ The security exception for apt-get to only raise warnings if it encounters
+ unauthenticated repositories in the "update" command is gone now, so that it
+ will raise errors just like apt and all other apt-based front-ends do since
+ at least apt version 1.3.
+
+ It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous
+ behaviour of apt-get by setting the option
+ Binary::apt-get::Acquire::AllowInsecureRepositories "true";
+ See apt-secure(8) manpage for configuration details.
+
+ -- David Kalnischkies <donkult@debian.org> Wed, 28 Jun 2017 12:37:12 +0200
+
apt (1.4.2) unstable; urgency=medium
If periodic updates and unattended upgrades are enabled, the start of
diff --git a/doc/apt-secure.8.xml b/doc/apt-secure.8.xml
index f1f63dae1..8ad249d7c 100644
--- a/doc/apt-secure.8.xml
+++ b/doc/apt-secure.8.xml
@@ -63,16 +63,6 @@
</para>
<para>
- As a temporary exception &apt-get; (not &apt;!) raises warnings only if it
- encounters unauthenticated archives to give a slightly longer grace period
- on this backward compatibility effecting change. This exception will be removed
- in future releases and you can opt-out of this grace period by setting the
- configuration option <option>Binary::apt-get::Acquire::AllowInsecureRepositories</option>
- to <literal>false</literal> or <option>--no-allow-insecure-repositories</option>
- on the command line.
- </para>
-
- <para>
You can force all APT clients to raise only warnings by setting the
configuration option <option>Acquire::AllowInsecureRepositories</option> to
<literal>true</literal>. Individual repositories can also be allowed to be insecure
diff --git a/test/integration/test-apt-get-update-unauth-warning b/test/integration/test-apt-get-update-unauth-warning
index 093478b9e..616e0234c 100755
--- a/test/integration/test-apt-get-update-unauth-warning
+++ b/test/integration/test-apt-get-update-unauth-warning
@@ -21,7 +21,8 @@ setupaptarchive --no-update
APTARCHIVE="$(readlink -f ./aptarchive)"
find "$APTARCHIVE/dists/unstable" \( -name 'InRelease' -o -name 'Release.gpg' \) -delete
sed -i -n '/^SHA1:$/q;p' "${APTARCHIVE}/dists/unstable/Release"
-testwarning aptget update
+testfailure aptget update
+testwarning aptget update --allow-insecure-repositories
rm -rf rootdir/var/lib/apt/lists
@@ -35,7 +36,7 @@ Err:2 file:$APTARCHIVE unstable Release
Reading package lists...
E: The repository 'file:$APTARCHIVE unstable Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
-N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update --no-allow-insecure-repositories
+N: See apt-secure(8) manpage for repository creation and user configuration details." aptget update
# no package foo
testsuccessequal 'Listing...' apt list foo
diff --git a/test/integration/test-bug-838779-untrusted-to-trusted-Release-hit b/test/integration/test-bug-838779-untrusted-to-trusted-Release-hit
index 6fcc2b8e1..50234753b 100755
--- a/test/integration/test-bug-838779-untrusted-to-trusted-Release-hit
+++ b/test/integration/test-bug-838779-untrusted-to-trusted-Release-hit
@@ -23,7 +23,8 @@ testdpkgnotinstalled 'foo'
msgmsg 'Untrusted to trusted hit' 'InRelease'
rm -rf rootdir/var/lib/apt/lists rootdir/var/cache/apt/archives
mv rootdir/etc/apt/trusted.gpg.d rootdir/etc/apt/trusted.gpg.d-bak
-testwarning aptget update
+testfailure aptget update
+testwarning aptget update --allow-insecure-repositories
testfailure apt install foo -y
testdpkgnotinstalled 'foo'
mv rootdir/etc/apt/trusted.gpg.d-bak rootdir/etc/apt/trusted.gpg.d
@@ -37,7 +38,8 @@ msgmsg 'Untrusted to trusted hit' 'Release.gpg'
find aptarchive -name 'InRelease' -delete
rm -rf rootdir/var/lib/apt/lists rootdir/var/cache/apt/archives
mv rootdir/etc/apt/trusted.gpg.d rootdir/etc/apt/trusted.gpg.d-bak
-testwarning aptget update
+testfailure aptget update
+testwarning aptget update --allow-insecure-repositories
testfailure apt install foo -y
testdpkgnotinstalled 'foo'
mv rootdir/etc/apt/trusted.gpg.d-bak rootdir/etc/apt/trusted.gpg.d
diff --git a/test/integration/test-handle-redirect-as-used-mirror-change b/test/integration/test-handle-redirect-as-used-mirror-change
index 254bdd54a..a6f8b788f 100755
--- a/test/integration/test-handle-redirect-as-used-mirror-change
+++ b/test/integration/test-handle-redirect-as-used-mirror-change
@@ -89,5 +89,6 @@ Reading package lists..." aptget update
rm -rf rootdir/var/lib/apt/lists
find aptarchive -name 'Release.gpg' -delete
find aptarchive -name 'Release' -delete
-testwarning aptget update
+testfailure aptget update
+testwarning aptget update --allow-insecure-repositories
testsuccess grep 'does not have a Release file' rootdir/tmp/testwarning.output