194 lines
5.7 KiB
Diff
194 lines
5.7 KiB
Diff
|
This patch comes from:
|
||
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=73;filename=apt_0.9.7.9%2Bdeb7u2.debdiff;att=1;bug=749795
|
||
|
|
||
|
Upstream-Status: Backport
|
||
|
|
||
|
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
|
||
|
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
|
||
|
|
||
|
diff -uarN apt-0.9.9.4-org/cmdline/apt-get.cc apt-0.9.9.4/cmdline/apt-get.cc
|
||
|
--- apt-0.9.9.4-org/cmdline/apt-get.cc 2014-08-29 15:37:42.587156134 +0800
|
||
|
+++ apt-0.9.9.4/cmdline/apt-get.cc 2014-08-29 15:51:16.672334086 +0800
|
||
|
@@ -1046,25 +1046,8 @@
|
||
|
return true;
|
||
|
}
|
||
|
/*}}}*/
|
||
|
-// CheckAuth - check if each download comes form a trusted source /*{{{*/
|
||
|
-// ---------------------------------------------------------------------
|
||
|
-/* */
|
||
|
-static bool CheckAuth(pkgAcquire& Fetcher)
|
||
|
+static bool AuthPrompt(std::string UntrustedList, bool const PromptUser)
|
||
|
{
|
||
|
- string UntrustedList;
|
||
|
- for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
|
||
|
- {
|
||
|
- if (!(*I)->IsTrusted())
|
||
|
- {
|
||
|
- UntrustedList += string((*I)->ShortDesc()) + " ";
|
||
|
- }
|
||
|
- }
|
||
|
-
|
||
|
- if (UntrustedList == "")
|
||
|
- {
|
||
|
- return true;
|
||
|
- }
|
||
|
-
|
||
|
ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
|
||
|
|
||
|
if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
|
||
|
@@ -1073,6 +1056,9 @@
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
+ if (PromptUser == false)
|
||
|
+ return _error->Error(_("Some packages could not be authenticated"));
|
||
|
+
|
||
|
if (_config->FindI("quiet",0) < 2
|
||
|
&& _config->FindB("APT::Get::Assume-Yes",false) == false)
|
||
|
{
|
||
|
@@ -1090,6 +1076,28 @@
|
||
|
return _error->Error(_("There are problems and -y was used without --force-yes"));
|
||
|
}
|
||
|
/*}}}*/
|
||
|
+// CheckAuth - check if each download comes form a trusted source /*{{{*/
|
||
|
+// ---------------------------------------------------------------------
|
||
|
+/* */
|
||
|
+static bool CheckAuth(pkgAcquire& Fetcher, bool PromptUser=true)
|
||
|
+{
|
||
|
+ string UntrustedList;
|
||
|
+ for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
|
||
|
+ {
|
||
|
+ if (!(*I)->IsTrusted())
|
||
|
+ {
|
||
|
+ UntrustedList += string((*I)->ShortDesc()) + " ";
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
+ if (UntrustedList == "")
|
||
|
+ {
|
||
|
+ return true;
|
||
|
+ }
|
||
|
+
|
||
|
+ return AuthPrompt(UntrustedList, PromptUser);
|
||
|
+}
|
||
|
+
|
||
|
// InstallPackages - Actually download and install the packages /*{{{*/
|
||
|
// ---------------------------------------------------------------------
|
||
|
/* This displays the informative messages describing what is going to
|
||
|
@@ -2482,6 +2490,7 @@
|
||
|
|
||
|
// Load the requestd sources into the fetcher
|
||
|
unsigned J = 0;
|
||
|
+ std::string UntrustedList;
|
||
|
for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++)
|
||
|
{
|
||
|
string Src;
|
||
|
@@ -2491,7 +2500,10 @@
|
||
|
delete[] Dsc;
|
||
|
return _error->Error(_("Unable to find a source package for %s"),Src.c_str());
|
||
|
}
|
||
|
-
|
||
|
+
|
||
|
+ if (Last->Index().IsTrusted() == false)
|
||
|
+ UntrustedList += Src + " ";
|
||
|
+
|
||
|
string srec = Last->AsStr();
|
||
|
string::size_type pos = srec.find("\nVcs-");
|
||
|
while (pos != string::npos)
|
||
|
@@ -2575,7 +2587,11 @@
|
||
|
Last->Index().SourceInfo(*Last,*I),Src);
|
||
|
}
|
||
|
}
|
||
|
-
|
||
|
+
|
||
|
+ // check authentication status of the source as well
|
||
|
+ if (UntrustedList != "" && !AuthPrompt(UntrustedList, false))
|
||
|
+ return false;
|
||
|
+
|
||
|
// Display statistics
|
||
|
unsigned long long FetchBytes = Fetcher.FetchNeeded();
|
||
|
unsigned long long FetchPBytes = Fetcher.PartialPresent();
|
||
|
diff -uarN apt-0.9.9.4-org/test/integration/framework apt-0.9.9.4/test/integration/framework
|
||
|
--- apt-0.9.9.4-org/test/integration/framework 2014-08-29 15:37:42.623156154 +0800
|
||
|
+++ apt-0.9.9.4/test/integration/framework 2014-08-29 15:55:23.592197940 +0800
|
||
|
@@ -151,7 +151,7 @@
|
||
|
mkdir rootdir aptarchive keys
|
||
|
cd rootdir
|
||
|
mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d
|
||
|
- mkdir -p var/cache var/lib var/log
|
||
|
+ mkdir -p var/cache var/lib var/log tmp
|
||
|
mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers
|
||
|
touch var/lib/dpkg/available
|
||
|
mkdir -p usr/lib/apt
|
||
|
@@ -910,3 +910,35 @@
|
||
|
local IGNORE
|
||
|
read IGNORE
|
||
|
}
|
||
|
+
|
||
|
+testsuccess() {
|
||
|
+ if [ "$1" = '--nomsg' ]; then
|
||
|
+ shift
|
||
|
+ else
|
||
|
+ msgtest 'Test for successful execution of' "$*"
|
||
|
+ fi
|
||
|
+ local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testsuccess.output"
|
||
|
+ if $@ >${OUTPUT} 2>&1; then
|
||
|
+ msgpass
|
||
|
+ else
|
||
|
+ echo >&2
|
||
|
+ cat >&2 $OUTPUT
|
||
|
+ msgfail
|
||
|
+ fi
|
||
|
+}
|
||
|
+
|
||
|
+testfailure() {
|
||
|
+ if [ "$1" = '--nomsg' ]; then
|
||
|
+ shift
|
||
|
+ else
|
||
|
+ msgtest 'Test for failure in execution of' "$*"
|
||
|
+ fi
|
||
|
+ local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output"
|
||
|
+ if $@ >${OUTPUT} 2>&1; then
|
||
|
+ echo >&2
|
||
|
+ cat >&2 $OUTPUT
|
||
|
+ msgfail
|
||
|
+ else
|
||
|
+ msgpass
|
||
|
+ fi
|
||
|
+}
|
||
|
diff -uarN apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated apt-0.9.9.4/test/integration/test-apt-get-source-authenticated
|
||
|
--- apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated 1970-01-01 08:00:00.000000000 +0800
|
||
|
+++ apt-0.9.9.4/test/integration/test-apt-get-source-authenticated 2014-08-29 15:58:06.137156796 +0800
|
||
|
@@ -0,0 +1,31 @@
|
||
|
+#!/bin/sh
|
||
|
+#
|
||
|
+# Regression test for debian bug #749795. Ensure that we fail with
|
||
|
+# a error if apt-get source foo will download a source that comes
|
||
|
+# from a unauthenticated repository
|
||
|
+#
|
||
|
+set -e
|
||
|
+
|
||
|
+TESTDIR=$(readlink -f $(dirname $0))
|
||
|
+. $TESTDIR/framework
|
||
|
+
|
||
|
+setupenvironment
|
||
|
+configarchitecture "i386"
|
||
|
+
|
||
|
+# a "normal" package with source and binary
|
||
|
+buildsimplenativepackage 'foo' 'all' '2.0'
|
||
|
+
|
||
|
+setupaptarchive --no-update
|
||
|
+
|
||
|
+APTARCHIVE=$(readlink -f ./aptarchive)
|
||
|
+rm -f $APTARCHIVE/dists/unstable/*Release*
|
||
|
+
|
||
|
+# update without authenticated InRelease file
|
||
|
+testsuccess aptget update
|
||
|
+
|
||
|
+# this all should fail
|
||
|
+testfailure aptget install -y foo
|
||
|
+testfailure aptget source foo
|
||
|
+
|
||
|
+# allow overriding the warning
|
||
|
+testsuccess aptget source --allow-unauthenticated foo
|