* apt-pkg/deb/debmetaindex.cc:

- add trusted=yes option to mark unsigned (local) repository as trusted
    based on a patch from Ansgar Burchardt, thanks a lot! (Closes: #596498)

Note that "apt-get update" still warns about unknown signatures even
when [trusted=yes] is given for the source.

apt-pkg/deb/debmetaindex.cc

@@ -142,11 +142,13 @@ string debReleaseIndex::TranslationIndexURI(const char *Type, const string &Sect
       return URI + "dists/" + Dist + "/" + TranslationIndexURISuffix(Type, Section);
 }
 
-debReleaseIndex::debReleaseIndex(string const &URI, string const &Dist) {
-	this->URI = URI;
-	this->Dist = Dist;
-	this->Indexes = NULL;
-	this->Type = "deb";
+debReleaseIndex::debReleaseIndex(string const &URI, string const &Dist) :
+					metaIndex(URI, Dist, "deb"), Trusted(CHECK_TRUST)
+{}
+
+debReleaseIndex::debReleaseIndex(string const &URI, string const &Dist, bool const Trusted) :
+					metaIndex(URI, Dist, "deb") {
+	SetTrusted(Trusted);
 }
 
 debReleaseIndex::~debReleaseIndex() {
@@ -252,8 +254,22 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
 	return true;
 }
 
+void debReleaseIndex::SetTrusted(bool const Trusted)
+{
+	if (Trusted == true)
+		this->Trusted = ALWAYS_TRUSTED;
+	else
+		this->Trusted = NEVER_TRUSTED;
+}
+
 bool debReleaseIndex::IsTrusted() const
 {
+   if (Trusted == ALWAYS_TRUSTED)
+      return true;
+   else if (Trusted == NEVER_TRUSTED)
+      return false;
+
+
    if(_config->FindB("APT::Authentication::TrustCDROM", false))
       if(URI.substr(0,strlen("cdrom:")) == "cdrom:")
 	 return true;
@@ -349,6 +365,7 @@ class debSLTypeDebian : public pkgSourceList::Type
       vector<string> const Archs =
 		(arch != Options.end()) ? VectorizeString(arch->second, ',') :
 				APT::Configuration::getArchitectures();
+      map<string, string>::const_iterator const trusted = Options.find("trusted");
 
       for (vector<metaIndex *>::const_iterator I = List.begin();
 	   I != List.end(); I++)
@@ -358,6 +375,9 @@ class debSLTypeDebian : public pkgSourceList::Type
 	    continue;
 
 	 debReleaseIndex *Deb = (debReleaseIndex *) (*I);
+	 if (trusted != Options.end())
+	    Deb->SetTrusted(StringToBool(trusted->second, false));
+
 	 /* This check insures that there will be only one Release file
 	    queued for all the Packages files and Sources files it
 	    corresponds to. */
@@ -375,9 +395,14 @@ class debSLTypeDebian : public pkgSourceList::Type
 	    return true;
 	 }
       }
+
       // No currently created Release file indexes this entry, so we create a new one.
-      // XXX determine whether this release is trusted or not
-      debReleaseIndex *Deb = new debReleaseIndex(URI, Dist);
+      debReleaseIndex *Deb;
+      if (trusted != Options.end())
+	 Deb = new debReleaseIndex(URI, Dist, StringToBool(trusted->second, false));
+      else
+	 Deb = new debReleaseIndex(URI, Dist);
+
       if (IsSrc == true)
 	 Deb->PushSectionEntry ("source", new debReleaseIndex::debSectionEntry(Section, IsSrc));
       else

apt-pkg/deb/debmetaindex.h

@@ -22,10 +22,12 @@ class debReleaseIndex : public metaIndex {
    /** \brief dpointer placeholder (for later in case we need it) */
    void *d;
    std::map<string, vector<debSectionEntry const*> > ArchEntries;
+   enum { ALWAYS_TRUSTED, NEVER_TRUSTED, CHECK_TRUST } Trusted;
 
    public:
 
    debReleaseIndex(string const &URI, string const &Dist);
+   debReleaseIndex(string const &URI, string const &Dist, bool const Trusted);
    virtual ~debReleaseIndex();
 
    virtual string ArchiveURI(string const &File) const {return URI + File;};
@@ -43,6 +45,7 @@ class debReleaseIndex : public metaIndex {
    string TranslationIndexURISuffix(const char *Type, const string &Section) const;
    virtual vector <pkgIndexFile *> *GetIndexFiles();
 
+   void SetTrusted(bool const Trusted);
    virtual bool IsTrusted() const;
 
    void PushSectionEntry(vector<string> const &Archs, const debSectionEntry *Entry);

apt-pkg/metaindex.h

@@ -39,6 +39,10 @@ class metaIndex
    virtual vector<pkgIndexFile *> *GetIndexFiles() = 0; 
    virtual bool IsTrusted() const = 0;
 
+   metaIndex(string const &URI, string const &Dist, char const * const Type) :
+		Indexes(NULL), Type(Type), URI(URI), Dist(Dist) {
+   }
+
    virtual ~metaIndex() {
       if (Indexes == 0)
 	 return;

debian/changelog

@@ -11,13 +11,16 @@ apt (0.8.16~exp3) UNRELEASEDexperimental; urgency=low
     - generate all checksums in one run over the file for Release
   * cmdline/apt-get.cc:
     - add an --assume-no option for testing to say 'no' to everything
+  * apt-pkg/deb/debmetaindex.cc:
+    - add trusted=yes option to mark unsigned (local) repository as trusted
+      based on a patch from Ansgar Burchardt, thanks a lot! (Closes: #596498)
 
   [ Michael Vogt ]
   * merge fixes from the debian/unstable upload
   * merge lp:~mvo/apt/sha512-template to get fixes for the 
     sha1/md5 verifiation (closes: #632520)
 
- -- David Kalnischkies <kalnischkies@gmail.com>  Thu, 14 Jul 2011 12:01:53 +0200
+ -- David Kalnischkies <kalnischkies@gmail.com>  Thu, 14 Jul 2011 20:56:45 +0200
 
 apt (0.8.16~exp2) experimental; urgency=low
 

doc/sources.list.5.xml

@@ -117,8 +117,13 @@
    <itemizedlist><listitem><para><literal>arch=<replaceable>arch1</replaceable>,<replaceable>arch2</replaceable>,…</literal>
    can be used to specify for which architectures packages information should
    be downloaded. If this option is not set all architectures defined by the
-   <literal>APT::Architectures</literal> option will be downloaded.</para>
-   </listitem></itemizedlist></para>
+   <literal>APT::Architectures</literal> option will be downloaded.</para></listitem>
+   <listitem><para><literal>trusted=yes</literal> can be set to indicate that packages
+   from this source are always authenificated even if the <filename>Release</filename> file
+   is not signed or the signature can't be checked. This disables parts of &apt-secure;
+   and should therefore only be used in a local and trusted context. <literal>trusted=no</literal>
+   is the opposite which handles even correctly authenificated sources as not authenificated.</para></listitem>
+   </itemizedlist></para>
 
    <para>It is important to list sources in order of preference, with the most
    preferred source listed first. Typically this will result in sorting

test/integration/test-bug-596498-trusted-unsigned-repo

@@ -0,0 +1,47 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'i386'
+
+buildsimplenativepackage 'cool' 'i386' '1.0' 'unstable'
+
+setupaptarchive
+
+aptgetupdate() {
+	rm -rf rootdir/var/lib/apt/ rootdir/var/cache/apt/*.bin
+	aptget update -qq
+}
+
+PKGTEXT="$(aptget install cool --assume-no -d | head -n 7)"
+DEBFILE='rootdir/etc/apt/sources.list.d/apt-test-unstable-deb.list'
+
+testequal "$PKGTEXT
+Download complete and in download only mode" aptget install cool --assume-no -d
+
+sed -i -e 's#deb#deb [trusted=no]#' $DEBFILE
+aptgetupdate
+
+testequal "$PKGTEXT
+WARNING: The following packages cannot be authenticated!
+  cool
+Install these packages without verification [y/N]? N
+E: Some packages could not be authenticated" aptget install cool --assume-no -d
+
+find aptarchive/ \( -name 'Release.gpg' -o -name 'InRelease' \) -delete
+sed -i -e 's#deb \[trusted=no\]#deb#' $DEBFILE
+aptgetupdate
+
+testequal "$PKGTEXT
+WARNING: The following packages cannot be authenticated!
+  cool
+Install these packages without verification [y/N]? N
+E: Some packages could not be authenticated" aptget install cool --assume-no -d
+
+sed -i -e 's#deb#deb [trusted=yes]#' $DEBFILE
+aptgetupdate
+
+testequal "$PKGTEXT
+Download complete and in download only mode" aptget install cool --assume-no -d