From b455ad0a6681be80134d31ca59c350332ab4fb73 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Tue, 23 Jan 2024 18:32:32 +0100
Subject: Add an "audit" error level

This will aggressively highlight out-of-compliance vs the best
practices.
---
 apt-pkg/contrib/error.cc |  7 +++++++
 apt-pkg/contrib/error.h  | 23 +++++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/apt-pkg/contrib/error.cc b/apt-pkg/contrib/error.cc
index c9bb622e7..4715568d0 100644
--- a/apt-pkg/contrib/error.cc
+++ b/apt-pkg/contrib/error.cc
@@ -64,6 +64,7 @@ GEMessage(FatalE, FATAL)
 GEMessage(Errno, ERROR)
 GEMessage(WarningE, WARNING)
 GEMessage(NoticeE, NOTICE)
+GEMessage(AuditE, AUDIT)
 GEMessage(DebugE, DEBUG)
 #undef GEMessage
 									/*}}}*/
@@ -121,6 +122,7 @@ GEMessage(Fatal, FATAL)
 GEMessage(Error, ERROR)
 GEMessage(Warning, WARNING)
 GEMessage(Notice, NOTICE)
+GEMessage(Audit, AUDIT)
 GEMessage(Debug, DEBUG)
 #undef GEMessage
 									/*}}}*/
@@ -270,6 +272,7 @@ APT_HIDDEN std::ostream &operator<<(std::ostream &out, GlobalError::Item i)
 	 out << COLOR_WARN;
 	 break;
       case GlobalError::NOTICE:
+      case GlobalError::AUDIT:
 	 out << COLOR_NOTICE;
 	 break;
       default:
@@ -289,6 +292,9 @@ APT_HIDDEN std::ostream &operator<<(std::ostream &out, GlobalError::Item i)
    case GlobalError::NOTICE:
       out << 'N';
       break;
+   case GlobalError::AUDIT:
+      out << 'A';
+      break;
    case GlobalError::DEBUG:
       out << 'D';
       break;
@@ -303,6 +309,7 @@ APT_HIDDEN std::ostream &operator<<(std::ostream &out, GlobalError::Item i)
       case GlobalError::ERROR:
       case GlobalError::WARNING:
       case GlobalError::NOTICE:
+      case GlobalError::AUDIT:
 	 out << COLOR_RESET;
 	 break;
       default:
diff --git a/apt-pkg/contrib/error.h b/apt-pkg/contrib/error.h
index 35e39ee0e..792232010 100644
--- a/apt-pkg/contrib/error.h
+++ b/apt-pkg/contrib/error.h
@@ -66,6 +66,8 @@ public:									/*{{{*/
 		WARNING = 20,
 		/** \brief deprecation warnings, old fallback behavior, … */
 		NOTICE = 10,
+		/** \brief future deprecation warnings, divergence from best practices */
+		AUDIT = 5,
 		/** \brief for developers only in areas it is hard to print something directly */
 		DEBUG = 0
 	};
@@ -109,6 +111,15 @@ public:									/*{{{*/
 	 */
 	bool NoticeE(const char *Function,const char *Description,...) APT_PRINTF(3) APT_COLD;
 
+	/** \brief add an audit message with errno to the list
+	 *
+	 *  \param Function name of the function generating the error
+	 *  \param Description format string for the error message
+	 *
+	 *  \return \b false
+	 */
+	bool AuditE(const char *Function,const char *Description,...) APT_PRINTF(3) APT_COLD;
+
 	/** \brief add a debug message with errno to the list
 	 *
 	 *  \param Function name of the function generating the error
@@ -193,6 +204,18 @@ public:									/*{{{*/
 	 */
 	bool Notice(const char *Description,...) APT_PRINTF(2) APT_COLD;
 
+	/** \brief add an audit message to the list
+	 *
+	 *  An audit message highlights divergences from best practices and
+	 *  future deprecations. It my for example include additional messages
+	 *  targeted at repository owners.
+	 *
+	 *  \param Description Format string for the message
+	 *
+	 *  \return \b false
+	 */
+	bool Audit(const char *Description,...) APT_PRINTF(2) APT_COLD;
+
 	/** \brief add a debug message to the list
 	 *
 	 *  \param Description Format string for the message
-- 
cgit v1.2.3-70-g09d2


From 3cd6eacd1ab42e414f0d899a3f74fc60140f0e8a Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Tue, 23 Jan 2024 18:37:42 +0100
Subject: Change the default log level from debug to notice

We never used the debug level before, so we can do that. This
allows us to have the new audit level.

We did call DumpErrors() with DEBUG in two debug code paths,
so don't touch those.

debug
---
 apt-pkg/acquire-item.cc         | 2 +-
 apt-pkg/deb/dpkgpm.cc           | 2 +-
 apt-pkg/edsp.cc                 | 4 ++--
 apt-private/private-cmndline.cc | 2 +-
 apt-private/private-output.cc   | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 3c491adc0..7704818cf 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -3985,7 +3985,7 @@ void pkgAcqFile::Done(string const &Message,HashStringList const &CalcHashes,
 	 _error->PushToStack();
 	 _error->Errno("pkgAcqFile::Done", "Symlinking file %s failed", DestFile.c_str());
 	 std::stringstream msg;
-	 _error->DumpErrors(msg, GlobalError::DEBUG, false);
+	 _error->DumpErrors(msg, GlobalError::NOTICE, false);
 	 _error->RevertToStack();
 	 ErrorText = msg.str();
 	 Status = StatError;
diff --git a/apt-pkg/deb/dpkgpm.cc b/apt-pkg/deb/dpkgpm.cc
index 4f87cc22b..82035ee65 100644
--- a/apt-pkg/deb/dpkgpm.cc
+++ b/apt-pkg/deb/dpkgpm.cc
@@ -1301,7 +1301,7 @@ void pkgDPkgPM::StartPtyMagic()						/*{{{*/
 	 free(d->slave);
 	 d->slave = NULL;
       }
-      _error->DumpErrors(std::cerr, GlobalError::DEBUG, false);
+      _error->DumpErrors(std::cerr, GlobalError::NOTICE, false);
    }
    _error->RevertToStack();
 }
diff --git a/apt-pkg/edsp.cc b/apt-pkg/edsp.cc
index b0ac4ae49..a02e400c2 100644
--- a/apt-pkg/edsp.cc
+++ b/apt-pkg/edsp.cc
@@ -435,7 +435,7 @@ bool EDSP::ReadResponse(int const input, pkgDepCache &Cache, OpProgress *Progres
 				if (Progress != nullptr)
 					Progress->Done();
 				Progress = nullptr;
-				_error->DumpErrors(std::cerr, GlobalError::DEBUG, false);
+				_error->DumpErrors(std::cerr, GlobalError::NOTICE, false);
 			}
 			std::string msg = SubstVar(SubstVar(section.FindS("Message"), "\n .\n", "\n\n"), "\n ", "\n");
 			if (msg.empty() == true) {
@@ -1044,7 +1044,7 @@ bool EIPP::ReadResponse(int const input, pkgPackageManager * const PM, OpProgres
 	    if (Progress != nullptr)
 	       Progress->Done();
 	    Progress = nullptr;
-	    _error->DumpErrors(std::cerr, GlobalError::DEBUG, false);
+	    _error->DumpErrors(std::cerr, GlobalError::NOTICE, false);
 	 }
 	 std::string msg = SubstVar(SubstVar(section.FindS("Message"), "\n .\n", "\n\n"), "\n ", "\n");
 	 if (msg.empty() == true) {
diff --git a/apt-private/private-cmndline.cc b/apt-private/private-cmndline.cc
index e0e00c917..a37af6b58 100644
--- a/apt-private/private-cmndline.cc
+++ b/apt-private/private-cmndline.cc
@@ -604,7 +604,7 @@ unsigned short DispatchCommandLine(CommandLine &CmdL, std::vector<CommandLine::D
    if (_config->FindI("quiet",0) > 0)
       _error->DumpErrors();
    else
-      _error->DumpErrors(GlobalError::DEBUG);
+      _error->DumpErrors(GlobalError::NOTICE);
    if (returned == false)
       return 100;
    return Errors == true ? 100 : 0;
diff --git a/apt-private/private-output.cc b/apt-private/private-output.cc
index c2e936d2c..179078e80 100644
--- a/apt-private/private-output.cc
+++ b/apt-private/private-output.cc
@@ -802,7 +802,7 @@ bool YnPrompt(char const * const Question, bool const Default, bool const ShowGl
       if (_config->FindI("quiet",0) > 0)
 	 _error->DumpErrors(c2o);
       else
-	 _error->DumpErrors(c2o, GlobalError::DEBUG);
+	 _error->DumpErrors(c2o, GlobalError::NOTICE);
    }
 
    c2o << Question << std::flush;
-- 
cgit v1.2.3-70-g09d2


From 215b184d6a5774df10cabe12bde7d6b0fa3aff85 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Tue, 23 Jan 2024 18:43:13 +0100
Subject: Add an --audit option to switch on audit logging

This option is recommended to be used by repository operators
for testing.
---
 apt-private/private-cmndline.cc | 5 ++++-
 apt-private/private-output.cc   | 4 +++-
 doc/apt.ent                     | 7 +++++++
 doc/examples/configure-index    | 1 +
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/apt-private/private-cmndline.cc b/apt-private/private-cmndline.cc
index a37af6b58..b05ec8945 100644
--- a/apt-private/private-cmndline.cc
+++ b/apt-private/private-cmndline.cc
@@ -409,6 +409,7 @@ std::vector<CommandLine::Args> getCommandArgs(APT_CMD const Program, char const
    // general options
    addArg(0, "color", "APT::Color", 0);
    addArg('q', "quiet", "quiet", CommandLine::IntLevel);
+   addArg(0, "audit", "APT::Audit", 0);
    addArg('q', "silent", "quiet", CommandLine::IntLevel);
    addArg('c', "config-file", 0, CommandLine::ConfigFile);
    addArg('o', "option", 0, CommandLine::ArbItem);
@@ -601,7 +602,9 @@ unsigned short DispatchCommandLine(CommandLine &CmdL, std::vector<CommandLine::D
 
    // Print any errors or warnings found during parsing
    bool const Errors = _error->PendingError();
-   if (_config->FindI("quiet",0) > 0)
+   if (_config->FindB("APT::Audit"))
+      _error->DumpErrors(GlobalError::AUDIT);
+   else if (_config->FindI("quiet",0) > 0)
       _error->DumpErrors();
    else
       _error->DumpErrors(GlobalError::NOTICE);
diff --git a/apt-private/private-output.cc b/apt-private/private-output.cc
index 179078e80..35fe9cdca 100644
--- a/apt-private/private-output.cc
+++ b/apt-private/private-output.cc
@@ -799,7 +799,9 @@ bool YnPrompt(char const * const Question, bool const Default, bool const ShowGl
    // if we ask interactively, show warnings/notices before the question
    if (ShowGlobalErrors == true && AssumeYes == false && AssumeNo == false)
    {
-      if (_config->FindI("quiet",0) > 0)
+      if (_config->FindB("APT::Audit"))
+	 _error->DumpErrors(c2o, GlobalError::AUDIT);
+      else if (_config->FindI("quiet",0) > 0)
 	 _error->DumpErrors(c2o);
       else
 	 _error->DumpErrors(c2o, GlobalError::NOTICE);
diff --git a/doc/apt.ent b/doc/apt.ent
index 386abd493..b502073a9 100644
--- a/doc/apt.ent
+++ b/doc/apt.ent
@@ -48,6 +48,13 @@
      </listitem>
      </varlistentry>
 
+     <varlistentry>
+      <term><option>--audit</option></term>
+      <listitem><para>Show audit (and notice) messages. This overrides the quiet option, but only for notice messages, not progress ones.
+     </para>
+     </listitem>
+     </varlistentry>
+
      <varlistentry>
       <term><option>-c</option></term>
       <term><option>--config-file</option></term>
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index 72e907507..3f6140038 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -47,6 +47,7 @@ quiet "<INT>" {
 // Options for APT in general
 APT
 {
+  Audit "<BOOL>"; // display audit messages
   Architecture "<STRING>"; // debian architecture like amd64, i386, powerpc, armhf, mips, …
   Architectures "<LIST>"; // a list of (foreign) debian architectures, defaults to: dpkg --print-foreign-architectures
   BarbarianArchitectures "<LIST>"; // a list of architectures considered too foreign to satisfy M-A:foreign
-- 
cgit v1.2.3-70-g09d2


From 858a551b50ea3871748d9196896e54b361c3d545 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Tue, 23 Jan 2024 19:01:34 +0100
Subject: Add an audit message for missing InRelease files

---
 apt-pkg/acquire-item.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 7704818cf..b534d56a3 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -2013,6 +2013,8 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c
 	    return;
       }
 
+      _error->Audit(_("Repositories should provide a clear-signed InRelease file, but none found at %s."), Target.URI.c_str());
+
       // Queue the 'old' InRelease file for removal if we try Release.gpg
       // as otherwise the file will stay around and gives a false-auth
       // impression (CVE-2012-0214)
-- 
cgit v1.2.3-70-g09d2