summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2017-07-14 17:07:22 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2017-07-26 19:09:04 +0200
commit8580574ec63fedd39a3ab3b9f0025e08eae5f620 (patch)
tree601b38dc82e987ad0ed141caa31b480e6f6fb4ca
parent054243fd0febfef5f1ba89f61eed0e6a34c6a25f (diff)
downloadapt-8580574ec63fedd39a3ab3b9f0025e08eae5f620.tar.gz
suggest using auth.conf for sources with passwords
The feature exists for a long while even if we get around to document it properly only now, so we should push for its adoption a bit to avoid the problems its supposed to solve like avoiding usage of non-world readable configuration files as they can cause strange behaviour for the unsuspecting user (like different solutions as root and non-root).
-rw-r--r--apt-private/private-update.cc13
-rwxr-xr-xtest/integration/test-apt-get-update-sourceslist-warning14
-rwxr-xr-xtest/integration/test-authentication-basic6
3 files changed, 32 insertions, 1 deletions
diff --git a/apt-private/private-update.cc b/apt-private/private-update.cc
index f235a6191..c9113ddd3 100644
--- a/apt-private/private-update.cc
+++ b/apt-private/private-update.cc
@@ -103,6 +103,19 @@ bool DoUpdate(CommandLine &CmdL)
"See press release %s for details.",
(*S)->GetURI().c_str(), "https://debian.org/News/2017/20170425");
}
+ for (pkgSourceList::const_iterator S = List->begin(); S != List->end(); ++S)
+ {
+ URI uri((*S)->GetURI());
+ if (uri.User.empty() && uri.Password.empty())
+ continue;
+ // we can't really predict if a +http method supports everything http does,
+ // so we play it safe and use a whitelist here.
+ char const *const affected[] = {"http", "https", "tor+http", "tor+https", "ftp"};
+ if (std::find(std::begin(affected), std::end(affected), uri.Access) != std::end(affected))
+ // TRANSLATOR: the first two are manpage references, the last the URI from a sources.list
+ _error->Notice(_("Usage of %s should be preferred over embedding login information directly in the %s entry for '%s'"),
+ "apt_auth.conf(5)", "sources.list(5)", URI::ArchiveOnly(uri).c_str());
+ }
}
// show basic stats (if the user whishes)
diff --git a/test/integration/test-apt-get-update-sourceslist-warning b/test/integration/test-apt-get-update-sourceslist-warning
index b466e85eb..a99356b8b 100755
--- a/test/integration/test-apt-get-update-sourceslist-warning
+++ b/test/integration/test-apt-get-update-sourceslist-warning
@@ -29,3 +29,17 @@ Building dependency tree...
All packages are up to date.
W: Debian shuts down public FTP services currently still used in your sources.list(5) as 'ftp://ftp.tlh.debian.org/debian/'.
See press release https://debian.org/News/2017/20170425 for details." apt update --no-download
+
+
+echo 'deb http://apt:debian@ftp.tlh.debian.org/debian zurg main' > rootdir/etc/apt/sources.list.d/ftpshutdown.list
+testsuccessequal "Reading package lists...
+Building dependency tree...
+All packages are up to date.
+N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'http://ftp.tlh.debian.org/debian'" apt update --no-download
+
+
+echo 'deb tor+https://apt:debian@ftp.tlh.debian.org/debian zurg main' > rootdir/etc/apt/sources.list.d/ftpshutdown.list
+testsuccessequal "Reading package lists...
+Building dependency tree...
+All packages are up to date.
+N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'tor+https://ftp.tlh.debian.org/debian'" apt update --no-download
diff --git a/test/integration/test-authentication-basic b/test/integration/test-authentication-basic
index d29b38256..011f205af 100755
--- a/test/integration/test-authentication-basic
+++ b/test/integration/test-authentication-basic
@@ -38,7 +38,11 @@ testauthsuccess() {
fi
rm -rf rootdir/var/lib/apt/lists
- testsuccess aptget update
+ if expr index "$1" '@' >/dev/null; then
+ testsuccesswithnotice aptget update
+ else
+ testsuccess aptget update
+ fi
testsuccessequal 'Reading package lists...
Building dependency tree...
The following NEW packages will be installed: