Browse Source

error in update on Release information changes

The value of Origin, Label, Codename and co can be used in user
configuration from apts own pinning to unattended upgrades.
A repository changing this values can therefore have serious effects on
the behaviour of apt and other tools using these values.

In a first step we will generate error messages for these changes now
explaining the need for explicit confirmation and provide config options
and commandline flags to accept them.
tags/debian/1.5_alpha1
David Kalnischkies 4 years ago
parent
commit
081fbea14d
11 changed files with 277 additions and 43 deletions
  1. +55
    -5
      apt-pkg/acquire-item.cc
  2. +18
    -1
      apt-pkg/deb/debmetaindex.cc
  3. +30
    -2
      apt-pkg/metaindex.cc
  4. +12
    -1
      apt-pkg/metaindex.h
  5. +9
    -2
      apt-private/private-cmndline.cc
  6. +17
    -0
      doc/apt-get.8.xml
  7. +30
    -12
      doc/apt-secure.8.xml
  8. +28
    -7
      doc/examples/configure-index
  9. +77
    -0
      test/integration/test-apt-update-releaseinfo-changes
  10. +0
    -12
      test/integration/test-bug-841874-warning-for-mismatching-distribution
  11. +1
    -1
      test/integration/test-policy-pinning

+ 55
- 5
apt-pkg/acquire-item.cc View File

@@ -1605,13 +1605,63 @@ bool pkgAcqMetaBase::VerifyVendor(string const &) /*{{{*/
if (TransactionManager->MetaIndexParser->CheckDist(ExpectedDist) == false)
_error->Warning(_("Conflicting distribution: %s (expected %s but got %s)"),
Desc.Description.c_str(), ExpectedDist.c_str(), NowCodename.c_str());
// might be okay, might be not

// changed info potentially breaks user config like pinning
if (TransactionManager->LastMetaIndexParser != nullptr)
{
auto const LastCodename = TransactionManager->LastMetaIndexParser->GetCodename();
if (LastCodename.empty() == false && NowCodename.empty() == false && LastCodename != NowCodename)
_error->Warning(_("Conflicting distribution: %s (expected %s but got %s)"),
Desc.Description.c_str(), LastCodename.c_str(), NowCodename.c_str());
auto const AllowInfoChange = _config->FindB("Acquire::AllowReleaseInfoChange", false);
auto const quietInfoChange = _config->FindB("quiet::ReleaseInfoChange", false);
struct {
char const * const Type;
bool const Allowed;
decltype(&metaIndex::GetOrigin) const Getter;
} checkers[] = {
{ "Origin", AllowInfoChange, &metaIndex::GetOrigin },
{ "Label", AllowInfoChange, &metaIndex::GetLabel },
{ "Version", true, &metaIndex::GetVersion }, // numbers change all the time, that is okay
{ "Suite", AllowInfoChange, &metaIndex::GetSuite },
{ "Codename", AllowInfoChange, &metaIndex::GetCodename },
{ nullptr, false, nullptr }
};
auto const CheckReleaseInfo = [&](char const * const Type, bool const AllowChange, decltype(checkers[0].Getter) const Getter) {
std::string const Last = (TransactionManager->LastMetaIndexParser->*Getter)();
std::string const Now = (TransactionManager->MetaIndexParser->*Getter)();
if (Last == Now)
return true;
auto const Allow = _config->FindB(std::string("Acquire::AllowReleaseInfoChange::").append(Type), AllowChange);
auto const msg = _("Repository '%s' changed its '%s' value from '%s' to '%s'");
if (Allow == false)
_error->Error(msg, Desc.Description.c_str(), Type, Last.c_str(), Now.c_str());
else if (_config->FindB(std::string("quiet::ReleaseInfoChange::").append(Type), quietInfoChange) == false)
_error->Notice(msg, Desc.Description.c_str(), Type, Last.c_str(), Now.c_str());
return Allow;
};
bool CRI = true;
for (short i = 0; checkers[i].Type != nullptr; ++i)
if (CheckReleaseInfo(checkers[i].Type, checkers[i].Allowed, checkers[i].Getter) == false)
CRI = false;

{
auto const Last = TransactionManager->LastMetaIndexParser->GetDefaultPin();
auto const Now = TransactionManager->MetaIndexParser->GetDefaultPin();
if (Last != Now)
{
auto const Allow = _config->FindB("Acquire::AllowReleaseInfoChange::DefaultPin", AllowInfoChange);
auto const msg = _("Repository '%s' changed its default priority for %s from %hi to %hi.");
if (Allow == false)
_error->Error(msg, Desc.Description.c_str(), "apt_preferences(5)", Last, Now);
else if (_config->FindB("quiet::ReleaseInfoChange::DefaultPin", quietInfoChange) == false)
_error->Notice(msg, Desc.Description.c_str(), "apt_preferences(5)", Last, Now);
CRI &= Allow;
}
}
if (CRI == false)
{
// TRANSLATOR: %s is the name of the manpage in question, e.g. apt-secure(8)
_error->Notice(_("This must be accepted explicitly before updates for "
"this repository can be applied. See %s manpage for details."), "apt-secure(8)");
return false;
}
}
return true;
}


+ 18
- 1
apt-pkg/deb/debmetaindex.cc View File

@@ -393,6 +393,9 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
// FIXME: find better tag name
SupportsAcquireByHash = Section.FindB("Acquire-By-Hash", false);

SetOrigin(Section.FindS("Origin"));
SetLabel(Section.FindS("Label"));
SetVersion(Section.FindS("Version"));
Suite = Section.FindS("Suite");
Codename = Section.FindS("Codename");
{
@@ -415,6 +418,20 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
else // e.g. security.debian.org uses this style
d->SupportedComponents.push_back(comp.substr(pos + 1));
}
{
decltype(pkgCache::ReleaseFile::Flags) flags = 0;
Section.FindFlag("NotAutomatic", flags, pkgCache::Flag::NotAutomatic);
signed short defaultpin = 500;
if ((flags & pkgCache::Flag::NotAutomatic) == pkgCache::Flag::NotAutomatic)
{
Section.FindFlag("ButAutomaticUpgrades", flags, pkgCache::Flag::ButAutomaticUpgrades);
if ((flags & pkgCache::Flag::ButAutomaticUpgrades) == pkgCache::Flag::ButAutomaticUpgrades)
defaultpin = 100;
else
defaultpin = 1;
}
SetDefaultPin(defaultpin);
}

bool FoundHashSum = false;
bool FoundStrongHashSum = false;
@@ -472,7 +489,6 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro

if (CheckValidUntil == true)
{
std::string const Label = Section.FindS("Label");
std::string const StrValidUntil = Section.FindS("Valid-Until");

// if we have a Valid-Until header in the Release file, use it as default
@@ -485,6 +501,7 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
return false;
}
}
auto const Label = GetLabel();
// get the user settings for this archive and use what expires earlier
time_t MaxAge = d->ValidUntilMax;
if (MaxAge == 0)


+ 30
- 2
apt-pkg/metaindex.cc View File

@@ -9,6 +9,16 @@
#include <vector>
/*}}}*/

class metaIndexPrivate /*{{{*/
{
public:
std::string Origin;
std::string Label;
std::string Version;
signed short DefaultPin;
};
/*}}}*/

std::string metaIndex::Describe() const
{
return "Release";
@@ -26,7 +36,7 @@ bool metaIndex::Merge(pkgCacheGenerator &Gen,OpProgress *) const

metaIndex::metaIndex(std::string const &URI, std::string const &Dist,
char const * const Type)
: d(NULL), Indexes(NULL), Type(Type), URI(URI), Dist(Dist), Trusted(TRI_UNSET),
: d(new metaIndexPrivate()), Indexes(NULL), Type(Type), URI(URI), Dist(Dist), Trusted(TRI_UNSET),
Date(0), ValidUntil(0), SupportsAcquireByHash(false), LoadedSuccessfully(TRI_UNSET)
{
/* nothing */
@@ -43,6 +53,7 @@ metaIndex::~metaIndex()
}
for (auto const &E: Entries)
delete E.second;
delete d;
}

// one line Getters for public fields /*{{{*/
@@ -51,8 +62,12 @@ APT_PURE std::string metaIndex::GetDist() const { return Dist; }
APT_PURE const char* metaIndex::GetType() const { return Type; }
APT_PURE metaIndex::TriState metaIndex::GetTrusted() const { return Trusted; }
APT_PURE std::string metaIndex::GetSignedBy() const { return SignedBy; }
APT_PURE std::string metaIndex::GetOrigin() const { return d->Origin; }
APT_PURE std::string metaIndex::GetLabel() const { return d->Label; }
APT_PURE std::string metaIndex::GetVersion() const { return d->Version; }
APT_PURE std::string metaIndex::GetCodename() const { return Codename; }
APT_PURE std::string metaIndex::GetSuite() const { return Suite; }
APT_PURE signed short metaIndex::GetDefaultPin() const { return d->DefaultPin; }
APT_PURE bool metaIndex::GetSupportsAcquireByHash() const { return SupportsAcquireByHash; }
APT_PURE time_t metaIndex::GetValidUntil() const { return ValidUntil; }
APT_PURE time_t metaIndex::GetDate() const { return this->Date; }
@@ -104,11 +119,19 @@ std::vector<std::string> metaIndex::MetaKeys() const /*{{{*/
/*}}}*/
void metaIndex::swapLoad(metaIndex * const OldMetaIndex) /*{{{*/
{
std::swap(Entries, OldMetaIndex->Entries);
std::swap(SignedBy, OldMetaIndex->SignedBy);
std::swap(Suite, OldMetaIndex->Suite);
std::swap(Codename, OldMetaIndex->Codename);
std::swap(Date, OldMetaIndex->Date);
std::swap(ValidUntil, OldMetaIndex->ValidUntil);
std::swap(SupportsAcquireByHash, OldMetaIndex->SupportsAcquireByHash);
std::swap(Entries, OldMetaIndex->Entries);
std::swap(LoadedSuccessfully, OldMetaIndex->LoadedSuccessfully);

OldMetaIndex->SetOrigin(d->Origin);
OldMetaIndex->SetLabel(d->Label);
OldMetaIndex->SetVersion(d->Version);
OldMetaIndex->SetDefaultPin(d->DefaultPin);
}
/*}}}*/

@@ -136,3 +159,8 @@ bool metaIndex::HasSupportForComponent(std::string const &component) const/*{{{*
return true;
}
/*}}}*/

void metaIndex::SetOrigin(std::string const &origin) { d->Origin = origin; }
void metaIndex::SetLabel(std::string const &label) { d->Label = label; }
void metaIndex::SetVersion(std::string const &version) { d->Version = version; }
void metaIndex::SetDefaultPin(signed short const defaultpin) { d->DefaultPin = defaultpin; }

+ 12
- 1
apt-pkg/metaindex.h View File

@@ -25,6 +25,8 @@ class IndexTarget;
class pkgCacheGenerator;
class OpProgress;

class metaIndexPrivate;

class metaIndex
{
public:
@@ -43,7 +45,7 @@ public:
TRI_YES, TRI_DONTCARE, TRI_NO, TRI_UNSET
};
private:
void * const d;
metaIndexPrivate * const d;
protected:
std::vector <pkgIndexFile *> *Indexes;
// parsed from the sources.list
@@ -70,8 +72,12 @@ public:
TriState GetTrusted() const;
std::string GetSignedBy() const;

std::string GetOrigin() const;
std::string GetLabel() const;
std::string GetVersion() const;
std::string GetCodename() const;
std::string GetSuite() const;
signed short GetDefaultPin() const;
bool GetSupportsAcquireByHash() const;
time_t GetValidUntil() const;
time_t GetDate() const;
@@ -112,6 +118,11 @@ public:
bool IsArchitectureSupported(std::string const &arch) const;
bool IsArchitectureAllSupportedFor(IndexTarget const &target) const;
bool HasSupportForComponent(std::string const &component) const;
// FIXME: should be members of the class on abi break
APT_HIDDEN void SetOrigin(std::string const &origin);
APT_HIDDEN void SetLabel(std::string const &label);
APT_HIDDEN void SetVersion(std::string const &version);
APT_HIDDEN void SetDefaultPin(signed short const defaultpin);
};

#endif

+ 9
- 2
apt-private/private-cmndline.cc View File

@@ -203,6 +203,15 @@ static bool addArgumentsAPTGet(std::vector<CommandLine::Args> &Args, char const
else if (CmdMatches("update"))
{
addArg(0, "list-cleanup", "APT::Get::List-Cleanup", 0);
addArg(0, "allow-insecure-repositories", "Acquire::AllowInsecureRepositories", 0);
addArg(0, "allow-weak-repositories", "Acquire::AllowWeakRepositories", 0);
addArg(0, "allow-releaseinfo-change", "Acquire::AllowReleaseInfoChange", 0);
addArg(0, "allow-releaseinfo-change-origin", "Acquire::AllowReleaseInfoChange::Origin", 0);
addArg(0, "allow-releaseinfo-change-label", "Acquire::AllowReleaseInfoChange::Label", 0);
addArg(0, "allow-releaseinfo-change-version", "Acquire::AllowReleaseInfoChange::Version", 0);
addArg(0, "allow-releaseinfo-change-codename", "Acquire::AllowReleaseInfoChange::Codename", 0);
addArg(0, "allow-releaseinfo-change-suite", "Acquire::AllowReleaseInfoChange::Suite", 0);
addArg(0, "allow-releaseinfo-change-defaultpin", "Acquire::AllowReleaseInfoChange::DefaultPin", 0);
}
else if (CmdMatches("source"))
{
@@ -273,8 +282,6 @@ static bool addArgumentsAPTGet(std::vector<CommandLine::Args> &Args, char const
addArg(0,"remove","APT::Get::Remove",0);
addArg(0,"only-source","APT::Get::Only-Source",0);
addArg(0,"allow-unauthenticated","APT::Get::AllowUnauthenticated",0);
addArg(0,"allow-insecure-repositories","Acquire::AllowInsecureRepositories",0);
addArg(0,"allow-weak-repositories","Acquire::AllowWeakRepositories",0);
addArg(0,"install-recommends","APT::Install-Recommends",CommandLine::Boolean);
addArg(0,"install-suggests","APT::Install-Suggests",CommandLine::Boolean);
addArg(0,"fix-policy","APT::Get::Fix-Policy-Broken",0);


+ 17
- 0
doc/apt-get.8.xml View File

@@ -575,6 +575,23 @@
Configuration Item: <literal>Acquire::AllowInsecureRepositories</literal>.</para></listitem>
</varlistentry>

<varlistentry><term><option>--allow-releaseinfo-changes</option></term>
<listitem><para>Allow the update command to continue downloading
data from a repository which changed its information of the release
contained in the repository indicating e.g a new major release.
APT will fail at the update command for such repositories until the
change is confirmed to ensure the user is prepared for the change.
See also &apt-secure; for details on the concept and configuration.
</para><para>
Specialist options
(<literal>--allow-releaseinfo-changes-</literal><replaceable>field</replaceable>)
exist to allow changes only for certain fields like <literal>origin</literal>,
<literal>label</literal>, <literal>codename</literal>, <literal>suite</literal>,
<literal>version</literal> and <literal>defaultpin</literal>. See also &apt-preferences;.

Configuration Item: <literal>Acquire::AllowReleaseInfoChanges</literal>.</para></listitem>
</varlistentry>

<varlistentry><term><option>--show-progress</option></term>
<listitem><para>Show user friendly progress information in the
terminal window when packages are installed, upgraded or


+ 30
- 12
doc/apt-secure.8.xml View File

@@ -13,7 +13,7 @@
&apt-email;
&apt-product;
<!-- The last update date -->
<date>2016-08-06T00:00:00Z</date>
<date>2017-04-12T00:00:00Z</date>
</refentryinfo>

<refmeta>
@@ -50,9 +50,19 @@
that data like packages in the archive can't be modified by people who
have no access to the Release file signing key. Starting with version 1.1
<command>APT</command> requires repositories to provide recent authentication
information for unimpeded usage of the repository.
information for unimpeded usage of the repository. Since version 1.5 changes
in the information contained in the Release file about the repository need to be
confirmed before APT continues to apply updates from this repository.
</para>

<para>
Note: All APT-based package management front-ends like &apt-get;, &aptitude;
and &synaptic; support this authentication feature, so this manpage uses
<literal>APT</literal> to refer to them all for simplicity only.
</para>
</refsect1>

<refsect1><title>Unsigned Repositories</title>
<para>
If an archive has an unsigned Release file or no Release file at all
current APT versions will refuse to download data from them by default
@@ -83,16 +93,9 @@
to <literal>true</literal> or for Individual repositories with the &sources-list;
option <literal>allow-downgrade-to-insecure=yes</literal>.
</para>

<para>
Note: All APT-based package management front-ends like &apt-get;, &aptitude;
and &synaptic; support this authentication feature, so this manpage uses
<literal>APT</literal> to refer to them all for simplicity only.
</para>
</refsect1>

<refsect1><title>Trusted Repositories</title>

<refsect1><title>Signed Repositories</title>
<para>
The chain of trust from an APT archive to the end user is made up of
several steps. <command>apt-secure</command> is the last step in
@@ -162,7 +165,22 @@
this mechanism can complement a per-package signature.</para>
</refsect1>

<refsect1><title>User Configuration</title>
<refsect1><title>Information changes</title>
<para>
A Release file contains beside the checksums for the files in the repository
also general information about the repository like the origin, codename or
version number of the release.
</para><para>
This information is shown in various places so a repository owner should always
ensure correctness. Further more user configuration like &apt-preferences;
can depend and make use of this information. Since version 1.5 the user must
therefore explicitly confirm changes to signal that the user is sufficently
prepared e.g. for the new major release of the distribution shipped in the
repository (as e.g. indicated by the codename).
</para>
</refsect1>

<refsect1><title>User Configuration</title>
<para>
<command>apt-key</command> is the program that manages the list of keys used
by APT to trust repositories. It can be used to add or remove keys as well
@@ -183,7 +201,7 @@
</para>
</refsect1>

<refsect1><title>Archive Configuration</title>
<refsect1><title>Repository Configuration</title>
<para>
If you want to provide archive signatures in an archive under your
maintenance you have to:


+ 28
- 7
doc/examples/configure-index View File

@@ -29,10 +29,20 @@
and the syntax of configuration files and commandline options!
*/

quiet "<INT>";
quiet::NoUpdate "<BOOL>"; // never update progress information - included in -q=1
quiet::NoProgress "<BOOL>"; // disables the 0% → 100% progress on cache generation and stuff
quiet::NoStatistic "<BOOL>"; // no "42 kB downloaded" stats in update
quiet "<INT>" {
NoUpdate "<BOOL>"; // never update progress information - included in -q=1
NoProgress "<BOOL>"; // disables the 0% → 100% progress on cache generation and stuff
NoStatistic "<BOOL>"; // no "42 kB downloaded" stats in update
ReleaseInfoChange "<BOOL>" // don't even print the notices if the info change is allowed
{
Origin "<BOOL>";
Label "<BOOL>";
Version "<BOOL>";
Codename "<BOOL>";
Suite "<BOOL>";
DefaultPin "<BOOL>";
};
};

// Options for APT in general
APT
@@ -221,6 +231,20 @@ Acquire

SameMirrorForAllIndexes "<BOOL>"; // use the mirror serving the Release file for Packages & co

AllowInsecureRepositories "<BOOL>";
AllowWeakRepositories "<BOOL>";
AllowDowngradeToInsecureRepositories "<BOOL>";
// allow repositories to change information potentally breaking user config like pinning
AllowReleaseInfoChange "<BOOL>"
{
Origin "<BOOL>";
Label "<BOOL>";
Version "<BOOL>"; // allowed by default
Codename "<BOOL>";
Suite "<BOOL>";
DefaultPin "<BOOL>";
};

// HTTP method configuration
http
{
@@ -686,9 +710,6 @@ acquire::cdrom::mount "<DIR>";
acquire::maxreleasefilesize "<INT>";
acquire::queuehost::limit "<INT>";
acquire::max-pipeline-depth "<INT>";
acquire::allowinsecurerepositories "<BOOL>";
acquire::allowweakrepositories "<BOOL>";
acquire::allowdowngradetoinsecurerepositories "<BOOL>";
acquire::progress::diffpercent "<BOOL>";
acquire::gzipindexes "<BOOL>";
acquire::indextargets::randomized "<BOOL>";


+ 77
- 0
test/integration/test-apt-update-releaseinfo-changes View File

@@ -0,0 +1,77 @@
#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
configarchitecture 'amd64'

insertpackage 'earth' 'human' 'all' '1'

getoriginfromsuite() { echo -n 'Earth'; }
getlabelfromsuite() { echo -n 'Blue Planet'; }
getcodenamefromsuite() { echo -n 'home'; }
getreleaseversionfromsuite() { echo -n '1.0'; }
getnotautomaticfromsuite() { echo -n 'yes'; }
getbutautomaticupgradesfromsuite() { echo -n 'yes'; }
setupaptarchive --no-update
testsuccess aptget update

cp -a aptarchive/dists aptarchive/dists.bak
cp -a rootdir/var/lib/apt/lists rootdir/var/lib/apt/lists.bak
APTARCHIVE="$(readlink -f './aptarchive')"

sed -i -e 's#^Origin: Earth#Origin: Mars#' $(find ./aptarchive -name 'Release')
signreleasefiles
testfailuremsg "E: Repository 'file:$APTARCHIVE earth InRelease' changed its 'Origin' value from 'Earth' to 'Mars'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details." apt update
testfailure apt update --allow-releaseinfo-change-label
testsuccesswithnotice apt update --allow-releaseinfo-change
testequal "All packages are up to date.
N: Repository 'file:$APTARCHIVE earth InRelease' changed its 'Origin' value from 'Earth' to 'Mars'" tail -n 2 rootdir/tmp/testsuccesswithnotice.output

rm -rf rootdir/var/lib/apt/lists
cp -a rootdir/var/lib/apt/lists.bak rootdir/var/lib/apt/lists
sed -i -e 's#^Label: Blue#Label: Red#' $(find ./aptarchive -name 'Release')
signreleasefiles
testfailuremsg "E: Repository 'file:$APTARCHIVE earth InRelease' changed its 'Origin' value from 'Earth' to 'Mars'
E: Repository 'file:$APTARCHIVE earth InRelease' changed its 'Label' value from 'Blue Planet' to 'Red Planet'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details." apt update
testfailure apt update --allow-releaseinfo-change-label
testfailuremsg "N: Repository 'file:$APTARCHIVE earth InRelease' changed its 'Origin' value from 'Earth' to 'Mars'
E: Repository 'file:$APTARCHIVE earth InRelease' changed its 'Label' value from 'Blue Planet' to 'Red Planet'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details." apt update --allow-releaseinfo-change-origin
testsuccess apt update --allow-releaseinfo-change-origin --allow-releaseinfo-change-label -o quiet::ReleaseInfoChange=true

# version changes are allowed by default
sed -i -e 's#^Version: 1#Version: 2#' $(find ./aptarchive -name 'Release')
signreleasefiles
testfailuremsg "E: Repository 'file:$APTARCHIVE earth InRelease' changed its 'Version' value from '1.0' to '2.0'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details." apt update --no-allow-releaseinfo-change-version
testsuccesswithnotice apt update
testequal "All packages are up to date.
N: Repository 'file:$APTARCHIVE earth InRelease' changed its 'Version' value from '1.0' to '2.0'" tail -n 2 rootdir/tmp/testsuccesswithnotice.output

sed -i -e 's#^Codename: home#Codename: colony#' $(find ./aptarchive -name 'Release')
signreleasefiles
testfailuremsg "E: Repository 'file:$APTARCHIVE earth InRelease' changed its 'Codename' value from 'home' to 'colony'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details." apt update --no-allow-releaseinfo-change-codename
testsuccesswithnotice apt update --allow-releaseinfo-change-codename
testequal "All packages are up to date.
N: Repository 'file:$APTARCHIVE earth InRelease' changed its 'Codename' value from 'home' to 'colony'" tail -n 2 rootdir/tmp/testsuccesswithnotice.output

sed -i -e '/^ButAutomaticUpgrades: / d' $(find ./aptarchive -name 'Release')
signreleasefiles
testfailuremsg "E: Repository 'file:$APTARCHIVE earth InRelease' changed its default priority for apt_preferences(5) from 100 to 1.
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details." apt update
testsuccesswithnotice apt update --allow-releaseinfo-change
testequal "All packages are up to date.
N: Repository 'file:$APTARCHIVE earth InRelease' changed its default priority for apt_preferences(5) from 100 to 1." tail -n 2 rootdir/tmp/testsuccesswithnotice.output

sed -i -e '/^NotAutomatic: / d' $(find ./aptarchive -name 'Release')
signreleasefiles
testfailuremsg "E: Repository 'file:$APTARCHIVE earth InRelease' changed its default priority for apt_preferences(5) from 1 to 500.
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details." apt update
testsuccesswithnotice apt update --allow-releaseinfo-change-defaultpin
testequal "All packages are up to date.
N: Repository 'file:$APTARCHIVE earth InRelease' changed its default priority for apt_preferences(5) from 1 to 500." tail -n 2 rootdir/tmp/testsuccesswithnotice.output

+ 0
- 12
test/integration/test-bug-841874-warning-for-mismatching-distribution View File

@@ -47,15 +47,3 @@ testfailure apt show foo
ln -s "${APTARCHIVE}/dists/testing" "${APTARCHIVE}/dists/buster"
testsuccess apt update
testsuccess apt show foo

# changing codenames gets a warning, too
rm -rf rootdir/var/lib/apt/lists
sed -i -e 's#buster#testing#g' rootdir/etc/apt/sources.list.d/*
testsuccess apt update
testsuccess apt show foo
sed -i -e 's#^Codename: buster#Codename: zurg#g' $(find ./aptarchive -name 'Release')
signreleasefiles
testwarningmsg "W: Conflicting distribution: file:$APTARCHIVE testing/updates InRelease (expected buster/updates but got zurg/updates)" apt update
testsuccess apt show foo
testsuccess apt update
testsuccess apt show foo

+ 1
- 1
test/integration/test-policy-pinning View File

@@ -238,7 +238,7 @@ testequalpolicycoolstuff "2.0~bpo1" "2.0~bpo1" 990 500 990 "" -o Test=ButAutomat

rm incoming/backports.main.pkglist incoming/backports.main.srclist
buildsimplenativepackage "coolstuff" "all" "2.0~bpo2" "backports"
setupaptarchive
setupaptarchive --no-update

sed -i aptarchive/dists/backports/Release -e 1i"NotAutomatic: yes"
signreleasefiles


Loading…
Cancel
Save