Browse Source

Show unauthenticated warning for source packages as well

This will show the same unauthenticated warning for source packages
as for binary packages and will not download a source package if
it is unauthenticated. This can be overridden with
--allow-unauthenticated

Closes: #749795
tags/debian/1.0.4
Michael Vogt Michael Vogt 7 years ago
parent
commit
a3f1d60cb7
4 changed files with 51 additions and 0 deletions
  1. +5
    -0
      apt-private/private-download.cc
  2. +6
    -0
      apt-private/private-download.h
  3. +9
    -0
      cmdline/apt-get.cc
  4. +31
    -0
      test/integration/test-apt-get-source-authenticated

+ 5
- 0
apt-private/private-download.cc View File

@@ -28,6 +28,11 @@ bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
if (UntrustedList == "")
return true;

return AuthPrompt(UntrustedList, PromptUser);
}

bool AuthPrompt(std::string UntrustedList, bool const PromptUser)
{
ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");

if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)


+ 6
- 0
apt-private/private-download.h View File

@@ -5,7 +5,13 @@

class pkgAcquire;

// Check if all files in the fetcher are authenticated
APT_PUBLIC bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser);

// show a authentication warning prompt and return true if the system
// should continue
APT_PUBLIC bool AuthPrompt(std::string UntrustedList, bool const PromptUser);

APT_PUBLIC bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure);

#endif

+ 9
- 0
cmdline/apt-get.cc View File

@@ -76,6 +76,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/statfs.h>
#include <sys/statvfs.h>
@@ -755,6 +756,7 @@ static bool DoSource(CommandLine &CmdL)

// Load the requestd sources into the fetcher
unsigned J = 0;
std::string UntrustedList;
for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++)
{
string Src;
@@ -763,6 +765,9 @@ static bool DoSource(CommandLine &CmdL)
if (Last == 0) {
return _error->Error(_("Unable to find a source package for %s"),Src.c_str());
}

if (Last->Index().IsTrusted() == false)
UntrustedList += Src + " ";
string srec = Last->AsStr();
string::size_type pos = srec.find("\nVcs-");
@@ -846,6 +851,10 @@ static bool DoSource(CommandLine &CmdL)
Last->Index().SourceInfo(*Last,*I),Src);
}
}

// check authentication status of the source as well
if (UntrustedList != "" && !AuthPrompt(UntrustedList, false))
return false;
// Display statistics
unsigned long long FetchBytes = Fetcher.FetchNeeded();


+ 31
- 0
test/integration/test-apt-get-source-authenticated View File

@@ -0,0 +1,31 @@
#!/bin/sh
#
# Regression test for debian bug #749795. Ensure that we fail with
# a error if apt-get source foo will download a source that comes
# from a unauthenticated repository
#
set -e

TESTDIR=$(readlink -f $(dirname $0))
. $TESTDIR/framework

setupenvironment
configarchitecture "i386"

# a "normal" package with source and binary
buildsimplenativepackage 'foo' 'all' '2.0'

setupaptarchive --no-update

APTARCHIVE=$(readlink -f ./aptarchive)
rm -f $APTARCHIVE/dists/unstable/*Release*

# update without authenticated InRelease file
testsuccess aptget update

# this all should fail
testfailure aptget install -y foo
testfailure aptget source foo

# allow overriding the warning
testsuccess aptget source --allow-unauthenticated foo

Loading…
Cancel
Save