Browse Source

trusted=yes sources are secure, we just don't know why

Do not require a special flag to be present to update trusted=yes
sources as this flag in the sources.list is obviously special enough.

Note that this is just disabling the error message, the user will still
be warned about all the (possible) failures the repository generated, it
is just triggering the acceptance of the warnings on a source-by-source
level.

Similarily, the trusted=no flag doesn't require the user to pass
additional flags to update, if the repository looks fine in the view of
apt it will update just fine. The unauthenticated warnings will "just" be
presented then the data is used.

In case you wonder: Both was the behavior in previous versions, too.
debian/1.8.y
David Kalnischkies 8 years ago
committed by Michael Vogt
parent
commit
07cb47e71f
  1. 6
      apt-pkg/acquire-item.cc
  2. 12
      apt-pkg/deb/debmetaindex.cc
  3. 24
      apt-pkg/indexrecords.cc
  4. 27
      apt-pkg/indexrecords.h
  5. 9
      test/integration/framework
  6. 168
      test/integration/test-sourceslist-trusted-options

6
apt-pkg/acquire-item.cc

@ -1777,7 +1777,7 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/
TransactionManager->TransactionStageRemoval(this, DestFile);
// only allow going further if the users explicitely wants it
if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
{
// we parse the indexes here because at this point the user wanted
// a repository that may potentially harm him
@ -2155,7 +2155,7 @@ void pkgAcqMetaIndex::Failed(string Message,
// No Release file was present so fall
// back to queueing Packages files without verification
// only allow going further if the users explicitely wants it
if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
{
// Done, queue for rename on transaction finished
if (FileExists(DestFile))
@ -2279,7 +2279,7 @@ void pkgAcqMetaClearSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) /*
// No Release file was present, or verification failed, so fall
// back to queueing Packages files without verification
// only allow going further if the users explicitely wants it
if(_config->FindB("Acquire::AllowInsecureRepositories") == true)
if(MetaIndexParser->IsAlwaysTrusted() || _config->FindB("Acquire::AllowInsecureRepositories") == true)
{
Status = StatDone;

12
apt-pkg/deb/debmetaindex.cc

@ -253,6 +253,12 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
{
bool const tryInRelease = _config->FindB("Acquire::TryInRelease", true);
indexRecords * const iR = new indexRecords(Dist);
if (Trusted == ALWAYS_TRUSTED)
iR->SetTrusted(true);
else if (Trusted == NEVER_TRUSTED)
iR->SetTrusted(false);
// special case for --print-uris
if (GetAll) {
vector <IndexTarget *> *targets = ComputeIndexTargets();
@ -270,7 +276,7 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
MetaIndexInfo("Release"), "Release",
MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg",
ComputeIndexTargets(),
new indexRecords (Dist));
iR);
}
if (tryInRelease == true)
new pkgAcqMetaClearSig(Owner,
@ -278,13 +284,13 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg",
ComputeIndexTargets(),
new indexRecords (Dist));
iR);
else
new pkgAcqMetaIndex(Owner, NULL,
MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
MetaIndexURI("Release.gpg"), MetaIndexInfo("Release.gpg"), "Release.gpg",
ComputeIndexTargets(),
new indexRecords (Dist));
iR);
return true;
}

24
apt-pkg/indexrecords.cc

@ -253,12 +253,30 @@ bool indexRecords::parseSumData(const char *&Start, const char *End, /*{{{*/
return true;
}
/*}}}*/
indexRecords::indexRecords()
APT_PURE bool indexRecords::IsAlwaysTrusted() const
{
if (Trusted == ALWAYS_TRUSTED)
return true;
return false;
}
APT_PURE bool indexRecords::IsNeverTrusted() const
{
if (Trusted == NEVER_TRUSTED)
return true;
return false;
}
void indexRecords::SetTrusted(bool const Trusted)
{
if (Trusted == true)
this->Trusted = ALWAYS_TRUSTED;
else
this->Trusted = NEVER_TRUSTED;
}
indexRecords::indexRecords(const string ExpectedDist) :
ExpectedDist(ExpectedDist), ValidUntil(0), SupportsAcquireByHash(false)
indexRecords::indexRecords(const string &ExpectedDist) :
Trusted(CHECK_TRUST), d(NULL), ExpectedDist(ExpectedDist), ValidUntil(0),
SupportsAcquireByHash(false)
{
}

27
apt-pkg/indexrecords.h

@ -26,9 +26,12 @@ class indexRecords
public:
struct checkSum;
std::string ErrorText;
// dpointer (for later9
private:
enum APT_HIDDEN { ALWAYS_TRUSTED, NEVER_TRUSTED, CHECK_TRUST } Trusted;
// dpointer (for later)
void * d;
protected:
std::string Dist;
std::string Suite;
@ -40,8 +43,7 @@ class indexRecords
public:
indexRecords();
indexRecords(const std::string ExpectedDist);
indexRecords(const std::string &ExpectedDist = "");
// Lookup function
virtual checkSum *Lookup(const std::string MetaKey);
@ -50,12 +52,27 @@ class indexRecords
std::vector<std::string> MetaKeys();
virtual bool Load(std::string Filename);
virtual bool CheckDist(const std::string MaybeDist) const;
std::string GetDist() const;
std::string GetSuite() const;
bool GetSupportsAcquireByHash() const;
time_t GetValidUntil() const;
virtual bool CheckDist(const std::string MaybeDist) const;
std::string GetExpectedDist() const;
/** \brief check if source is marked as always trusted */
bool IsAlwaysTrusted() const;
/** \brief check if source is marked as never trusted */
bool IsNeverTrusted() const;
/** \brief sets an explicit trust value
*
* \b true means that the source should always be considered trusted,
* while \b false marks a source as always untrusted, even if we have
* a valid signature and everything.
*/
void SetTrusted(bool const Trusted);
virtual ~indexRecords();
};

9
test/integration/framework

@ -859,6 +859,7 @@ setupaptarchive() {
signreleasefiles() {
local SIGNER="${1:-Joe Sixpack}"
local REPODIR="${2:-aptarchive}"
local KEY="keys/$(echo "$SIGNER" | tr 'A-Z' 'a-z' | sed 's# ##g')"
local GPG="aptkey --quiet --keyring ${KEY}.pub --secret-keyring ${KEY}.sec --readonly adv --batch --yes"
msgninfo "\tSign archive with $SIGNER key $KEY… "
@ -885,7 +886,7 @@ signreleasefiles() {
cp ${REXKEY}.pub $PUBUNEXPIRED
fi
fi
for RELEASE in $(find aptarchive/ -name Release); do
for RELEASE in $(find ${REPODIR}/ -name Release); do
$GPG --default-key "$SIGNER" --armor --detach-sign --sign --output ${RELEASE}.gpg ${RELEASE}
local INRELEASE="$(echo "${RELEASE}" | sed 's#/Release$#/InRelease#')"
$GPG --default-key "$SIGNER" --clearsign --output $INRELEASE $RELEASE
@ -1167,9 +1168,10 @@ testsuccess() {
if $@ >${OUTPUT} 2>&1; then
msgpass
else
local EXITCODE=$?
echo >&2
cat >&2 $OUTPUT
msgfail
msgfail "exitcode $EXITCODE"
fi
}
@ -1181,9 +1183,10 @@ testfailure() {
fi
local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output"
if $@ >${OUTPUT} 2>&1; then
local EXITCODE=$?
echo >&2
cat >&2 $OUTPUT
msgfail
msgfail "exitcode $EXITCODE"
else
msgpass
fi

168
test/integration/test-sourceslist-trusted-options

@ -0,0 +1,168 @@
#!/bin/sh
set -e
TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework
setupenvironment
configarchitecture 'amd64'
buildsimplenativepackage 'foo' 'amd64' '1' 'stable'
buildsimplenativepackage 'foo' 'amd64' '2' 'testing'
setupaptarchive --no-update
APTARCHIVE=$(readlink -f ./aptarchive)
everythingsucceeds() {
testequal 'Listing...
foo/testing 2 amd64
foo/stable 1 amd64
' apt list foo -a
rm -f foo_1_amd64.deb foo_2_amd64.deb
testsuccess aptget download foo "$@"
testsuccess test -s foo_1_amd64.deb -o -s foo_2_amd64.deb
rm -f foo_1.dsc foo_2.dsc
testsuccess aptget source foo --dsc-only -d "$@"
testsuccess test -s foo_1.dsc -o -s foo_2.dsc
}
everythingfails() {
testequal 'Listing...
foo/testing 2 amd64
foo/stable 1 amd64
' apt list foo -a
local WARNING='WARNING: The following packages cannot be authenticated!
foo
E: Some packages could not be authenticated'
rm -f foo_1_amd64.deb foo_2_amd64.deb
testfailure aptget download foo "$@"
testequal "$WARNING" tail -n 3 rootdir/tmp/testfailure.output
testfailure test -s foo_1_amd64.deb -o -s foo_2_amd64.deb
rm -f foo_1.dsc foo_2.dsc
testfailure aptget source foo --dsc-only -d "$@"
testequal "$WARNING" tail -n 3 rootdir/tmp/testfailure.output
testfailure test -s foo_1.dsc -o -s foo_2.dsc
}
cp -a rootdir/etc/apt/sources.list.d/ rootdir/etc/apt/sources.list.d.bak/
aptgetupdate() {
rm -rf rootdir/var/lib/apt/lists
# note that insecure with trusted=yes are allowed
# as the trusted=yes indicates that security is provided by
# something above the understanding of apt
testsuccess aptget update --no-allow-insecure-repositories
}
insecureaptgetupdate() {
rm -rf rootdir/var/lib/apt/lists
testfailure aptget update
rm -rf rootdir/var/lib/apt/lists
testsuccess aptget update --allow-insecure-repositories
}
msgmsg 'Test without trusted option and good sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
aptgetupdate
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing
msgmsg 'Test with trusted=yes option and good sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
aptgetupdate
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing
msgmsg 'Test with trusted=no option and good sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
# we want the warnings on the actions, but for 'update' everything is fine
aptgetupdate
everythingfails
everythingfails -t stable
everythingfails -t testing
find aptarchive/dists/stable \( -name 'InRelease' -o -name 'Release.gpg' \) -delete
msgmsg 'Test without trusted option and good and unsigned sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
insecureaptgetupdate
everythingsucceeds
everythingfails -t stable
everythingsucceeds -t testing
msgmsg 'Test with trusted=yes option and good and unsigned sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
aptgetupdate
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing
msgmsg 'Test with trusted=no option and good and unsigned sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
insecureaptgetupdate
everythingfails
everythingfails -t stable
everythingfails -t testing
signreleasefiles 'Marvin Paranoid' 'aptarchive/dists/stable'
msgmsg 'Test without trusted option and good and unknown sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
insecureaptgetupdate
everythingsucceeds
everythingfails -t stable
everythingsucceeds -t testing
msgmsg 'Test with trusted=yes option and good and unknown sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
aptgetupdate
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing
msgmsg 'Test with trusted=no option and good and unknown sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
insecureaptgetupdate
everythingfails
everythingfails -t stable
everythingfails -t testing
signreleasefiles 'Rex Expired' 'aptarchive/dists/stable'
cp -a keys/rexexpired.pub rootdir/etc/apt/trusted.gpg.d/rexexpired.gpg
msgmsg 'Test without trusted option and good and expired sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
insecureaptgetupdate
everythingsucceeds
everythingfails -t stable
everythingsucceeds -t testing
msgmsg 'Test with trusted=yes option and good and expired sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=yes] #' rootdir/etc/apt/sources.list.d/*
aptgetupdate
everythingsucceeds
everythingsucceeds -t stable
everythingsucceeds -t testing
msgmsg 'Test with trusted=no option and good and expired sources'
cp -a rootdir/etc/apt/sources.list.d.bak/* rootdir/etc/apt/sources.list.d/
sed -i 's#^deb\(-src\)\? #deb\1 [trusted=no] #' rootdir/etc/apt/sources.list.d/*
insecureaptgetupdate
everythingfails
everythingfails -t stable
everythingfails -t testing
Loading…
Cancel
Save