From b455ad0a6681be80134d31ca59c350332ab4fb73 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Tue, 23 Jan 2024 18:32:32 +0100 Subject: Add an "audit" error level This will aggressively highlight out-of-compliance vs the best practices. --- apt-pkg/contrib/error.cc | 7 +++++++ apt-pkg/contrib/error.h | 23 +++++++++++++++++++++++ 2 files changed, 30 insertions(+) (limited to 'apt-pkg') diff --git a/apt-pkg/contrib/error.cc b/apt-pkg/contrib/error.cc index c9bb622e7..4715568d0 100644 --- a/apt-pkg/contrib/error.cc +++ b/apt-pkg/contrib/error.cc @@ -64,6 +64,7 @@ GEMessage(FatalE, FATAL) GEMessage(Errno, ERROR) GEMessage(WarningE, WARNING) GEMessage(NoticeE, NOTICE) +GEMessage(AuditE, AUDIT) GEMessage(DebugE, DEBUG) #undef GEMessage /*}}}*/ @@ -121,6 +122,7 @@ GEMessage(Fatal, FATAL) GEMessage(Error, ERROR) GEMessage(Warning, WARNING) GEMessage(Notice, NOTICE) +GEMessage(Audit, AUDIT) GEMessage(Debug, DEBUG) #undef GEMessage /*}}}*/ @@ -270,6 +272,7 @@ APT_HIDDEN std::ostream &operator<<(std::ostream &out, GlobalError::Item i) out << COLOR_WARN; break; case GlobalError::NOTICE: + case GlobalError::AUDIT: out << COLOR_NOTICE; break; default: @@ -289,6 +292,9 @@ APT_HIDDEN std::ostream &operator<<(std::ostream &out, GlobalError::Item i) case GlobalError::NOTICE: out << 'N'; break; + case GlobalError::AUDIT: + out << 'A'; + break; case GlobalError::DEBUG: out << 'D'; break; @@ -303,6 +309,7 @@ APT_HIDDEN std::ostream &operator<<(std::ostream &out, GlobalError::Item i) case GlobalError::ERROR: case GlobalError::WARNING: case GlobalError::NOTICE: + case GlobalError::AUDIT: out << COLOR_RESET; break; default: diff --git a/apt-pkg/contrib/error.h b/apt-pkg/contrib/error.h index 35e39ee0e..792232010 100644 --- a/apt-pkg/contrib/error.h +++ b/apt-pkg/contrib/error.h @@ -66,6 +66,8 @@ public: /*{{{*/ WARNING = 20, /** \brief deprecation warnings, old fallback behavior, … */ NOTICE = 10, + /** \brief future deprecation warnings, divergence from best practices */ + AUDIT = 5, /** \brief for developers only in areas it is hard to print something directly */ DEBUG = 0 }; @@ -109,6 +111,15 @@ public: /*{{{*/ */ bool NoticeE(const char *Function,const char *Description,...) APT_PRINTF(3) APT_COLD; + /** \brief add an audit message with errno to the list + * + * \param Function name of the function generating the error + * \param Description format string for the error message + * + * \return \b false + */ + bool AuditE(const char *Function,const char *Description,...) APT_PRINTF(3) APT_COLD; + /** \brief add a debug message with errno to the list * * \param Function name of the function generating the error @@ -193,6 +204,18 @@ public: /*{{{*/ */ bool Notice(const char *Description,...) APT_PRINTF(2) APT_COLD; + /** \brief add an audit message to the list + * + * An audit message highlights divergences from best practices and + * future deprecations. It my for example include additional messages + * targeted at repository owners. + * + * \param Description Format string for the message + * + * \return \b false + */ + bool Audit(const char *Description,...) APT_PRINTF(2) APT_COLD; + /** \brief add a debug message to the list * * \param Description Format string for the message -- cgit v1.2.3-70-g09d2 From 3cd6eacd1ab42e414f0d899a3f74fc60140f0e8a Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Tue, 23 Jan 2024 18:37:42 +0100 Subject: Change the default log level from debug to notice We never used the debug level before, so we can do that. This allows us to have the new audit level. We did call DumpErrors() with DEBUG in two debug code paths, so don't touch those. debug --- apt-pkg/acquire-item.cc | 2 +- apt-pkg/deb/dpkgpm.cc | 2 +- apt-pkg/edsp.cc | 4 ++-- apt-private/private-cmndline.cc | 2 +- apt-private/private-output.cc | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 3c491adc0..7704818cf 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -3985,7 +3985,7 @@ void pkgAcqFile::Done(string const &Message,HashStringList const &CalcHashes, _error->PushToStack(); _error->Errno("pkgAcqFile::Done", "Symlinking file %s failed", DestFile.c_str()); std::stringstream msg; - _error->DumpErrors(msg, GlobalError::DEBUG, false); + _error->DumpErrors(msg, GlobalError::NOTICE, false); _error->RevertToStack(); ErrorText = msg.str(); Status = StatError; diff --git a/apt-pkg/deb/dpkgpm.cc b/apt-pkg/deb/dpkgpm.cc index 4f87cc22b..82035ee65 100644 --- a/apt-pkg/deb/dpkgpm.cc +++ b/apt-pkg/deb/dpkgpm.cc @@ -1301,7 +1301,7 @@ void pkgDPkgPM::StartPtyMagic() /*{{{*/ free(d->slave); d->slave = NULL; } - _error->DumpErrors(std::cerr, GlobalError::DEBUG, false); + _error->DumpErrors(std::cerr, GlobalError::NOTICE, false); } _error->RevertToStack(); } diff --git a/apt-pkg/edsp.cc b/apt-pkg/edsp.cc index b0ac4ae49..a02e400c2 100644 --- a/apt-pkg/edsp.cc +++ b/apt-pkg/edsp.cc @@ -435,7 +435,7 @@ bool EDSP::ReadResponse(int const input, pkgDepCache &Cache, OpProgress *Progres if (Progress != nullptr) Progress->Done(); Progress = nullptr; - _error->DumpErrors(std::cerr, GlobalError::DEBUG, false); + _error->DumpErrors(std::cerr, GlobalError::NOTICE, false); } std::string msg = SubstVar(SubstVar(section.FindS("Message"), "\n .\n", "\n\n"), "\n ", "\n"); if (msg.empty() == true) { @@ -1044,7 +1044,7 @@ bool EIPP::ReadResponse(int const input, pkgPackageManager * const PM, OpProgres if (Progress != nullptr) Progress->Done(); Progress = nullptr; - _error->DumpErrors(std::cerr, GlobalError::DEBUG, false); + _error->DumpErrors(std::cerr, GlobalError::NOTICE, false); } std::string msg = SubstVar(SubstVar(section.FindS("Message"), "\n .\n", "\n\n"), "\n ", "\n"); if (msg.empty() == true) { diff --git a/apt-private/private-cmndline.cc b/apt-private/private-cmndline.cc index e0e00c917..a37af6b58 100644 --- a/apt-private/private-cmndline.cc +++ b/apt-private/private-cmndline.cc @@ -604,7 +604,7 @@ unsigned short DispatchCommandLine(CommandLine &CmdL, std::vectorFindI("quiet",0) > 0) _error->DumpErrors(); else - _error->DumpErrors(GlobalError::DEBUG); + _error->DumpErrors(GlobalError::NOTICE); if (returned == false) return 100; return Errors == true ? 100 : 0; diff --git a/apt-private/private-output.cc b/apt-private/private-output.cc index c2e936d2c..179078e80 100644 --- a/apt-private/private-output.cc +++ b/apt-private/private-output.cc @@ -802,7 +802,7 @@ bool YnPrompt(char const * const Question, bool const Default, bool const ShowGl if (_config->FindI("quiet",0) > 0) _error->DumpErrors(c2o); else - _error->DumpErrors(c2o, GlobalError::DEBUG); + _error->DumpErrors(c2o, GlobalError::NOTICE); } c2o << Question << std::flush; -- cgit v1.2.3-70-g09d2 From 858a551b50ea3871748d9196896e54b361c3d545 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Tue, 23 Jan 2024 19:01:34 +0100 Subject: Add an audit message for missing InRelease files --- apt-pkg/acquire-item.cc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'apt-pkg') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 7704818cf..b534d56a3 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -2013,6 +2013,8 @@ void pkgAcqMetaClearSig::Failed(string const &Message,pkgAcquire::MethodConfig c return; } + _error->Audit(_("Repositories should provide a clear-signed InRelease file, but none found at %s."), Target.URI.c_str()); + // Queue the 'old' InRelease file for removal if we try Release.gpg // as otherwise the file will stay around and gives a false-auth // impression (CVE-2012-0214) -- cgit v1.2.3-70-g09d2