summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/acquire-item.cc52
-rw-r--r--apt-pkg/acquire-item.h5
-rw-r--r--apt-pkg/acquire-worker.cc16
-rw-r--r--apt-pkg/deb/debmetaindex.cc118
-rw-r--r--apt-pkg/deb/debmetaindex.h5
-rw-r--r--apt-pkg/indexcopy.cc2
-rw-r--r--apt-pkg/indexfile.cc5
-rw-r--r--apt-pkg/indexfile.h3
-rw-r--r--apt-pkg/init.cc1
9 files changed, 149 insertions, 58 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 63b3c9a1f..a4b1d4897 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -175,7 +175,7 @@ static void ReportMirrorFailureToCentral(pkgAcquire::Item const &I, std::string
}
/*}}}*/
-static bool MessageInsecureRepository(bool const isError, char const * const msg, std::string const &repo)/*{{{*/
+static APT_NONNULL(2) bool MessageInsecureRepository(bool const isError, char const * const msg, std::string const &repo)/*{{{*/
{
std::string m;
strprintf(m, msg, repo.c_str());
@@ -195,7 +195,28 @@ static bool MessageInsecureRepository(bool const isError, char const * const msg
/*}}}*/
// AllowInsecureRepositories /*{{{*/
enum class InsecureType { UNSIGNED, WEAK, NORELEASE };
-static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType msg, std::string const &repo,
+static bool TargetIsAllowedToBe(IndexTarget const &Target, InsecureType const type)
+{
+ if (_config->FindB("Acquire::AllowInsecureRepositories"))
+ return true;
+
+ if (Target.OptionBool(IndexTarget::ALLOW_INSECURE))
+ return true;
+
+ switch (type)
+ {
+ case InsecureType::UNSIGNED: break;
+ case InsecureType::NORELEASE: break;
+ case InsecureType::WEAK:
+ if (_config->FindB("Acquire::AllowWeakRepositories"))
+ return true;
+ if (Target.OptionBool(IndexTarget::ALLOW_WEAK))
+ return true;
+ break;
+ }
+ return false;
+}
+static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType const msg, std::string const &repo,
metaIndex const * const MetaIndexParser, pkgAcqMetaClearSig * const TransactionManager, pkgAcquire::Item * const I)
{
// we skip weak downgrades as its unlikely that a repository gets really weaker –
@@ -213,7 +234,8 @@ static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType msg, std
case InsecureType::NORELEASE: msgstr = _("The repository '%s' does no longer have a Release file."); break;
case InsecureType::WEAK: /* unreachable */ break;
}
- if (_config->FindB("Acquire::AllowDowngradeToInsecureRepositories"))
+ if (_config->FindB("Acquire::AllowDowngradeToInsecureRepositories") ||
+ TransactionManager->Target.OptionBool(IndexTarget::ALLOW_DOWNGRADE_TO_INSECURE))
{
// meh, the users wants to take risks (we still mark the packages
// from this repository as unauthenticated)
@@ -241,7 +263,7 @@ static bool APT_NONNULL(3, 4, 5) AllowInsecureRepositories(InsecureType msg, std
case InsecureType::WEAK: msgstr = _("The repository '%s' provides only weak security information."); break;
}
- if (_config->FindB("Acquire::AllowInsecureRepositories") == true)
+ if (TargetIsAllowedToBe(TransactionManager->Target, msg) == true)
{
MessageInsecureRepository(false, msgstr, repo);
return true;
@@ -277,7 +299,20 @@ APT_CONST bool pkgAcqTransactionItem::HashesRequired() const
we can at least trust them for integrity of the download itself.
Only repositories without a Release file can (obviously) not have
hashes – and they are very uncommon and strongly discouraged */
- return TransactionManager->MetaIndexParser->GetLoadedSuccessfully() == metaIndex::TRI_YES;
+ if (TransactionManager->MetaIndexParser->GetLoadedSuccessfully() != metaIndex::TRI_YES)
+ return false;
+ if (TargetIsAllowedToBe(Target, InsecureType::WEAK))
+ {
+ /* If we allow weak hashes, we check that we have some (weak) and then
+ declare hashes not needed. That will tip us in the right direction
+ as if hashes exist, they will be used, even if not required */
+ auto const hsl = GetExpectedHashes();
+ if (hsl.usable())
+ return true;
+ if (hsl.empty() == false)
+ return false;
+ }
+ return true;
}
HashStringList pkgAcqTransactionItem::GetExpectedHashes() const
{
@@ -1333,7 +1368,7 @@ void pkgAcqMetaClearSig::QueueIndexes(bool const verify) /*{{{*/
auto const hashes = GetExpectedHashesFor(Target.MetaKey);
if (hashes.empty() == false)
{
- if (hashes.usable() == false)
+ if (hashes.usable() == false && TargetIsAllowedToBe(TransactionManager->Target, InsecureType::WEAK) == false)
{
new CleanupItem(Owner, TransactionManager, Target);
_error->Warning(_("Skipping acquire of configured file '%s' as repository '%s' provides only weak security information for it"),
@@ -1525,8 +1560,7 @@ pkgAcqMetaClearSig::pkgAcqMetaClearSig(pkgAcquire * const Owner, /*{{{*/
IndexTarget const &DetachedDataTarget, IndexTarget const &DetachedSigTarget,
metaIndex * const MetaIndexParser) :
pkgAcqMetaIndex(Owner, this, ClearsignedTarget, DetachedSigTarget),
- d(NULL), ClearsignedTarget(ClearsignedTarget),
- DetachedDataTarget(DetachedDataTarget),
+ d(NULL), DetachedDataTarget(DetachedDataTarget),
MetaIndexParser(MetaIndexParser), LastMetaIndexParser(NULL)
{
// index targets + (worst case:) Release/Release.gpg
@@ -1640,7 +1674,7 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
if(CheckStopAuthentication(this, Message))
return;
- if(AllowInsecureRepositories(InsecureType::UNSIGNED, ClearsignedTarget.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
+ if(AllowInsecureRepositories(InsecureType::UNSIGNED, Target.Description, TransactionManager->MetaIndexParser, TransactionManager, this) == true)
{
Status = StatDone;
diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h
index 92f1ac215..ac4994738 100644
--- a/apt-pkg/acquire-item.h
+++ b/apt-pkg/acquire-item.h
@@ -368,12 +368,13 @@ class APT_HIDDEN pkgAcqTransactionItem: public pkgAcquire::Item /*{{{*/
{
void * const d;
protected:
- IndexTarget const Target;
HashStringList GetExpectedHashesFor(std::string const &MetaKey) const;
bool QueueURI(pkgAcquire::ItemDesc &Item) APT_OVERRIDE;
public:
+ IndexTarget const Target;
+
/** \brief storge name until a transaction is finished */
std::string PartialFile;
@@ -559,8 +560,6 @@ class APT_HIDDEN pkgAcqMetaSig : public pkgAcqTransactionItem
class APT_HIDDEN pkgAcqMetaClearSig : public pkgAcqMetaIndex
{
void * const d;
-
- IndexTarget const ClearsignedTarget;
IndexTarget const DetachedDataTarget;
public:
diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc
index d3d95998c..9ed7b5b28 100644
--- a/apt-pkg/acquire-worker.cc
+++ b/apt-pkg/acquire-worker.cc
@@ -378,6 +378,7 @@ bool pkgAcquire::Worker::RunMessages()
bool const isIMSHit = StringToBool(LookupTag(Message,"IMS-Hit"),false) ||
StringToBool(LookupTag(Message,"Alt-IMS-Hit"),false);
+ auto const forcedHash = _config->Find("Acquire::ForceHash");
for (auto const Owner: ItmOwners)
{
HashStringList const ExpectedHashes = Owner->GetExpectedHashes();
@@ -395,9 +396,10 @@ bool pkgAcquire::Worker::RunMessages()
// decide if what we got is what we expected
bool consideredOkay = false;
- if (ExpectedHashes.usable())
+ if ((forcedHash.empty() && ExpectedHashes.empty() == false) ||
+ (forcedHash.empty() == false && ExpectedHashes.usable()))
{
- if (ReceivedHashes.usable() == false)
+ if (ReceivedHashes.empty())
{
/* IMS-Hits can't be checked here as we will have uncompressed file,
but the hashes for the compressed file. What we have was good through
@@ -410,16 +412,8 @@ bool pkgAcquire::Worker::RunMessages()
consideredOkay = false;
}
- else if (Owner->HashesRequired() == true)
- consideredOkay = false;
else
- {
- consideredOkay = true;
- // even if the hashes aren't usable to declare something secure
- // we can at least use them to declare it an integrity failure
- if (ExpectedHashes.empty() == false && ReceivedHashes != ExpectedHashes && _config->Find("Acquire::ForceHash").empty())
- consideredOkay = false;
- }
+ consideredOkay = !Owner->HashesRequired();
if (consideredOkay == true)
consideredOkay = Owner->VerifyDone(Message, Config);
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 0c9cde620..2671fc30d 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -51,8 +51,9 @@ class APT_HIDDEN debReleaseIndexPrivate /*{{{*/
std::vector<std::string> Architectures;
std::vector<std::string> NoSupportForAll;
+ std::map<std::string, std::string> const ReleaseOptions;
- debReleaseIndexPrivate() : CheckValidUntil(metaIndex::TRI_UNSET), ValidUntilMin(0), ValidUntilMax(0) {}
+ debReleaseIndexPrivate(std::map<std::string, std::string> const &Options) : CheckValidUntil(metaIndex::TRI_UNSET), ValidUntilMin(0), ValidUntilMax(0), ReleaseOptions(Options) {}
};
/*}}}*/
// ReleaseIndex::MetaIndex* - display helpers /*{{{*/
@@ -96,11 +97,11 @@ std::string debReleaseIndex::MetaIndexURI(const char *Type) const
}
/*}}}*/
// ReleaseIndex Con- and Destructors /*{{{*/
-debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist) :
- metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate())
+debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, std::map<std::string, std::string> const &Options) :
+ metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate(Options))
{}
-debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, bool const pTrusted) :
- metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate())
+debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, bool const pTrusted, std::map<std::string, std::string> const &Options) :
+ metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate(Options))
{
Trusted = pTrusted ? TRI_YES : TRI_NO;
}
@@ -112,17 +113,10 @@ debReleaseIndex::~debReleaseIndex() {
// ReleaseIndex::GetIndexTargets /*{{{*/
static void GetIndexTargetsFor(char const * const Type, std::string const &URI, std::string const &Dist,
std::vector<debReleaseIndexPrivate::debSectionEntry> const &entries,
- std::vector<IndexTarget> &IndexTargets)
+ std::vector<IndexTarget> &IndexTargets, std::map<std::string, std::string> const &ReleaseOptions)
{
bool const flatArchive = (Dist[Dist.length() - 1] == '/');
- std::string baseURI = URI;
- if (flatArchive)
- {
- if (Dist != "/")
- baseURI += Dist;
- }
- else
- baseURI += "dists/" + Dist + "/";
+ std::string const baseURI = constructMetaIndexURI(URI, Dist, "");
std::string const Release = (Dist == "/") ? "" : Dist;
std::string const Site = ::URI::ArchiveOnly(URI);
@@ -292,8 +286,7 @@ static void GetIndexTargetsFor(char const * const Type, std::string const &URI,
}
// not available in templates, but in the indextarget
- Options.insert(std::make_pair("BASE_URI", baseURI));
- Options.insert(std::make_pair("REPO_URI", URI));
+ Options.insert(ReleaseOptions.begin(), ReleaseOptions.end());
Options.insert(std::make_pair("IDENTIFIER", Identifier));
Options.insert(std::make_pair("TARGET_OF", Type));
Options.insert(std::make_pair("CREATED_BY", *T));
@@ -317,7 +310,7 @@ static void GetIndexTargetsFor(char const * const Type, std::string const &URI,
MetaKey,
ShortDesc,
LongDesc,
- Options.find("BASE_URI")->second + MetaKey,
+ baseURI + MetaKey,
IsOpt,
KeepCompressed,
Options
@@ -344,8 +337,8 @@ static void GetIndexTargetsFor(char const * const Type, std::string const &URI,
std::vector<IndexTarget> debReleaseIndex::GetIndexTargets() const
{
std::vector<IndexTarget> IndexTargets;
- GetIndexTargetsFor("deb-src", URI, Dist, d->DebSrcEntries, IndexTargets);
- GetIndexTargetsFor("deb", URI, Dist, d->DebEntries, IndexTargets);
+ GetIndexTargetsFor("deb-src", URI, Dist, d->DebSrcEntries, IndexTargets, d->ReleaseOptions);
+ GetIndexTargetsFor("deb", URI, Dist, d->DebEntries, IndexTargets, d->ReleaseOptions);
return IndexTargets;
}
/*}}}*/
@@ -542,11 +535,11 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
metaIndex * debReleaseIndex::UnloadedClone() const /*{{{*/
{
if (Trusted == TRI_NO)
- return new debReleaseIndex(URI, Dist, false);
+ return new debReleaseIndex(URI, Dist, false, d->ReleaseOptions);
else if (Trusted == TRI_YES)
- return new debReleaseIndex(URI, Dist, true);
+ return new debReleaseIndex(URI, Dist, true, d->ReleaseOptions);
else
- return new debReleaseIndex(URI, Dist);
+ return new debReleaseIndex(URI, Dist, d->ReleaseOptions);
}
/*}}}*/
bool debReleaseIndex::parseSumData(const char *&Start, const char *End, /*{{{*/
@@ -611,7 +604,7 @@ bool debReleaseIndex::parseSumData(const char *&Start, const char *End, /*{{{*/
bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll)/*{{{*/
{
-#define APT_TARGET(X) IndexTarget("", X, MetaIndexInfo(X), MetaIndexURI(X), false, false, std::map<std::string,std::string>())
+#define APT_TARGET(X) IndexTarget("", X, MetaIndexInfo(X), MetaIndexURI(X), false, false, d->ReleaseOptions)
pkgAcqMetaClearSig * const TransactionManager = new pkgAcqMetaClearSig(Owner,
APT_TARGET("InRelease"), APT_TARGET("Release"), APT_TARGET("Release.gpg"), this);
#undef APT_TARGET
@@ -751,6 +744,10 @@ std::vector <pkgIndexFile *> *debReleaseIndex::GetIndexFiles() /*{{{*/
return Indexes;
}
/*}}}*/
+std::map<std::string, std::string> debReleaseIndex::GetReleaseOptions()
+{
+ return d->ReleaseOptions;
+}
static bool ReleaseFileName(debReleaseIndex const * const That, std::string &ReleaseFile)/*{{{*/
{
@@ -900,7 +897,7 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/
return metaIndex::TRI_DONTCARE;
}
- time_t GetTimeOption(std::map<std::string, std::string>const &Options, char const * const name) const
+ static time_t GetTimeOption(std::map<std::string, std::string>const &Options, char const * const name)
{
std::map<std::string, std::string>::const_iterator const opt = Options.find(name);
if (opt == Options.end())
@@ -908,12 +905,74 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/
return strtoull(opt->second.c_str(), NULL, 10);
}
+ static bool GetBoolOption(std::map<std::string, std::string> const &Options, char const * const name, bool const defVal)
+ {
+ std::map<std::string, std::string>::const_iterator const opt = Options.find(name);
+ if (opt == Options.end())
+ return defVal;
+ return StringToBool(opt->second, defVal);
+ }
+
+ static std::vector<std::string> GetMapKeys(std::map<std::string, std::string> const &Options)
+ {
+ std::vector<std::string> ret;
+ ret.reserve(Options.size());
+ for (auto &&O: Options)
+ ret.emplace_back(O.first);
+ std::sort(ret.begin(), ret.end());
+ return ret;
+ }
+
+ static bool MapsAreEqual(std::map<std::string, std::string> const &OptionsA,
+ std::map<std::string, std::string> const &OptionsB,
+ std::string const &URI, std::string const &Dist)
+ {
+ auto const KeysA = GetMapKeys(OptionsA);
+ auto const KeysB = GetMapKeys(OptionsB);
+ auto const m = std::mismatch(KeysA.begin(), KeysA.end(), KeysB.begin());
+ if (m.first != KeysA.end())
+ {
+ if (std::find(KeysB.begin(), KeysB.end(), *m.first) == KeysB.end())
+ return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.first->c_str(), "<set>", "<unset>");
+ else
+ return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.second->c_str(), "<set>", "<unset>");
+ }
+ if (m.second != KeysB.end())
+ {
+ if (std::find(KeysA.begin(), KeysA.end(), *m.second) == KeysA.end())
+ return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.first->c_str(), "<set>", "<unset>");
+ else
+ return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.second->c_str(), "<set>", "<unset>");
+ }
+ for (auto&& key: KeysA)
+ {
+ if (key == "BASE_URI" || key == "REPO_URI")
+ continue;
+ auto const a = OptionsA.find(key);
+ auto const b = OptionsB.find(key);
+ if (unlikely(a == OptionsA.end() || b == OptionsB.end()) || a->second != b->second)
+ return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), key.c_str(), URI.c_str(), Dist.c_str());
+ }
+ return true;
+ }
+
protected:
bool CreateItemInternal(std::vector<metaIndex *> &List, std::string const &URI,
std::string const &Dist, std::string const &Section,
bool const &IsSrc, std::map<std::string, std::string> const &Options) const
{
+ std::map<std::string,std::string> ReleaseOptions = {{
+ { "BASE_URI", constructMetaIndexURI(URI, Dist, "") },
+ { "REPO_URI", URI },
+ }};
+ if (GetBoolOption(Options, "allow-insecure", _config->FindB("Acquire::AllowInsecureRepositories")))
+ ReleaseOptions.emplace("ALLOW_INSECURE", "true");
+ if (GetBoolOption(Options, "allow-weak", _config->FindB("Acquire::AllowWeakRepositories")))
+ ReleaseOptions.emplace("ALLOW_WEAK", "true");
+ if (GetBoolOption(Options, "allow-downgrade-to-insecure", _config->FindB("Acquire::AllowDowngradeToInsecureRepositories")))
+ ReleaseOptions.emplace("ALLOW_DOWNGRADE_TO_INSECURE", "true");
+
debReleaseIndex * Deb = nullptr;
std::string const FileName = URItoFileName(constructMetaIndexURI(URI, Dist, "Release"));
for (auto const &I: List)
@@ -931,6 +990,8 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/
corresponds to. */
if (URItoFileName(D->MetaIndexURI("Release")) == FileName)
{
+ if (MapsAreEqual(ReleaseOptions, D->GetReleaseOptions(), URI, Dist) == false)
+ return false;
Deb = D;
break;
}
@@ -939,7 +1000,7 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/
// No currently created Release file indexes this entry, so we create a new one.
if (Deb == nullptr)
{
- Deb = new debReleaseIndex(URI, Dist);
+ Deb = new debReleaseIndex(URI, Dist, ReleaseOptions);
List.push_back(Deb);
}
@@ -993,12 +1054,7 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/
}), mytargets.end());
}
- bool UsePDiffs = _config->FindB("Acquire::PDiffs", true);
- {
- std::map<std::string, std::string>::const_iterator const opt = Options.find("pdiffs");
- if (opt != Options.end())
- UsePDiffs = StringToBool(opt->second);
- }
+ bool const UsePDiffs = GetBoolOption(Options, "pdiffs", _config->FindB("Acquire::PDiffs", true));
std::string UseByHash = _config->Find("APT::Acquire::By-Hash", "yes");
UseByHash = _config->Find("Acquire::By-Hash", UseByHash);
diff --git a/apt-pkg/deb/debmetaindex.h b/apt-pkg/deb/debmetaindex.h
index 2bb9ed693..f903617f7 100644
--- a/apt-pkg/deb/debmetaindex.h
+++ b/apt-pkg/deb/debmetaindex.h
@@ -34,8 +34,8 @@ class APT_HIDDEN debReleaseIndex : public metaIndex
APT_HIDDEN std::string MetaIndexFile(const char *Types) const;
APT_HIDDEN std::string MetaIndexURI(const char *Type) const;
- debReleaseIndex(std::string const &URI, std::string const &Dist);
- debReleaseIndex(std::string const &URI, std::string const &Dist, bool const Trusted);
+ debReleaseIndex(std::string const &URI, std::string const &Dist, std::map<std::string,std::string> const &Options);
+ debReleaseIndex(std::string const &URI, std::string const &Dist, bool const Trusted, std::map<std::string,std::string> const &Options);
virtual ~debReleaseIndex();
virtual std::string ArchiveURI(std::string const &File) const APT_OVERRIDE {return URI + File;};
@@ -56,6 +56,7 @@ class APT_HIDDEN debReleaseIndex : public metaIndex
bool SetValidUntilMin(time_t const Valid);
bool SetValidUntilMax(time_t const Valid);
bool SetSignedBy(std::string const &SignedBy);
+ std::map<std::string, std::string> GetReleaseOptions();
virtual bool IsTrusted() const APT_OVERRIDE;
bool IsArchitectureSupported(std::string const &arch) const;
diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc
index 4aade6e8a..4a35e3847 100644
--- a/apt-pkg/indexcopy.cc
+++ b/apt-pkg/indexcopy.cc
@@ -550,7 +550,7 @@ bool SigVerify::CopyAndVerify(string CDROM,string Name,vector<string> &SigList,
if(Debug)
cout << "Signature verify for: " << *I << endl;
- metaIndex *MetaIndex = new debReleaseIndex("","");
+ metaIndex *MetaIndex = new debReleaseIndex("","", {});
string prefix = *I;
string const releasegpg = *I+"Release.gpg";
diff --git a/apt-pkg/indexfile.cc b/apt-pkg/indexfile.cc
index 7ded0101b..b1435d32c 100644
--- a/apt-pkg/indexfile.cc
+++ b/apt-pkg/indexfile.cc
@@ -147,6 +147,9 @@ std::string IndexTarget::Option(OptionKeys const EnumKey) const /*{{{*/
APT_CASE(SOURCESENTRY);
APT_CASE(BY_HASH);
APT_CASE(KEEPCOMPRESSEDAS);
+ APT_CASE(ALLOW_INSECURE);
+ APT_CASE(ALLOW_WEAK);
+ APT_CASE(ALLOW_DOWNGRADE_TO_INSECURE);
#undef APT_CASE
case FILENAME: return _config->FindDir("Dir::State::lists") + URItoFileName(URI);
case EXISTING_FILENAME:
@@ -170,7 +173,7 @@ std::string IndexTarget::Option(OptionKeys const EnumKey) const /*{{{*/
/*}}}*/
bool IndexTarget::OptionBool(OptionKeys const EnumKey) const /*{{{*/
{
- return StringToBool(Option(EnumKey));
+ return StringToBool(Option(EnumKey), false);
}
/*}}}*/
std::string IndexTarget::Format(std::string format) const /*{{{*/
diff --git a/apt-pkg/indexfile.h b/apt-pkg/indexfile.h
index 76a3d069e..68753a40a 100644
--- a/apt-pkg/indexfile.h
+++ b/apt-pkg/indexfile.h
@@ -93,6 +93,9 @@ class IndexTarget /*{{{*/
KEEPCOMPRESSEDAS,
FALLBACK_OF,
IDENTIFIER,
+ ALLOW_INSECURE,
+ ALLOW_WEAK,
+ ALLOW_DOWNGRADE_TO_INSECURE,
};
std::string Option(OptionKeys const Key) const;
bool OptionBool(OptionKeys const Key) const;
diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc
index c77e8e2fe..70a119a6e 100644
--- a/apt-pkg/init.cc
+++ b/apt-pkg/init.cc
@@ -87,6 +87,7 @@ bool pkgInitConfig(Configuration &Cnf)
// Repository security
Cnf.CndSet("Acquire::AllowInsecureRepositories", false);
+ Cnf.CndSet("Acquire::AllowWeakRepositories", false);
Cnf.CndSet("Acquire::AllowDowngradeToInsecureRepositories", false);
// Default cdrom mount point
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-01 21:35:59 +0000