summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--apt-private/private-download.cc5
-rw-r--r--apt-private/private-download.h6
-rw-r--r--cmdline/apt-get.cc9
-rwxr-xr-xtest/integration/test-apt-get-source-authenticated31
4 files changed, 51 insertions, 0 deletions
diff --git a/apt-private/private-download.cc b/apt-private/private-download.cc
index a095f0c67..be7d23c31 100644
--- a/apt-private/private-download.cc
+++ b/apt-private/private-download.cc
@@ -28,6 +28,11 @@ bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
if (UntrustedList == "")
return true;
+ return AuthPrompt(UntrustedList, PromptUser);
+}
+
+bool AuthPrompt(std::string UntrustedList, bool const PromptUser)
+{
ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
diff --git a/apt-private/private-download.h b/apt-private/private-download.h
index a108aa531..a90ac7eaa 100644
--- a/apt-private/private-download.h
+++ b/apt-private/private-download.h
@@ -5,7 +5,13 @@
class pkgAcquire;
+// Check if all files in the fetcher are authenticated
APT_PUBLIC bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser);
+
+// show a authentication warning prompt and return true if the system
+// should continue
+APT_PUBLIC bool AuthPrompt(std::string UntrustedList, bool const PromptUser);
+
APT_PUBLIC bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure);
#endif
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index 0f18b0e7c..a58386eb0 100644
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -76,6 +76,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/statfs.h>
#include <sys/statvfs.h>
@@ -755,6 +756,7 @@ static bool DoSource(CommandLine &CmdL)
// Load the requestd sources into the fetcher
unsigned J = 0;
+ std::string UntrustedList;
for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++)
{
string Src;
@@ -763,6 +765,9 @@ static bool DoSource(CommandLine &CmdL)
if (Last == 0) {
return _error->Error(_("Unable to find a source package for %s"),Src.c_str());
}
+
+ if (Last->Index().IsTrusted() == false)
+ UntrustedList += Src + " ";
string srec = Last->AsStr();
string::size_type pos = srec.find("\nVcs-");
@@ -846,6 +851,10 @@ static bool DoSource(CommandLine &CmdL)
Last->Index().SourceInfo(*Last,*I),Src);
}
}
+
+ // check authentication status of the source as well
+ if (UntrustedList != "" && !AuthPrompt(UntrustedList, false))
+ return false;
// Display statistics
unsigned long long FetchBytes = Fetcher.FetchNeeded();
diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated
new file mode 100755
index 000000000..2cee13923
--- /dev/null
+++ b/test/integration/test-apt-get-source-authenticated
@@ -0,0 +1,31 @@
+#!/bin/sh
+#
+# Regression test for debian bug #749795. Ensure that we fail with
+# a error if apt-get source foo will download a source that comes
+# from a unauthenticated repository
+#
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "i386"
+
+# a "normal" package with source and binary
+buildsimplenativepackage 'foo' 'all' '2.0'
+
+setupaptarchive --no-update
+
+APTARCHIVE=$(readlink -f ./aptarchive)
+rm -f $APTARCHIVE/dists/unstable/*Release*
+
+# update without authenticated InRelease file
+testsuccess aptget update
+
+# this all should fail
+testfailure aptget install -y foo
+testfailure aptget source foo
+
+# allow overriding the warning
+testsuccess aptget source --allow-unauthenticated foo