summaryrefslogtreecommitdiff
path: root/apt-private
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-03-18 14:46:24 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2016-06-22 14:05:01 +0200
commit952ee63b0af14a534c0aca00c11d1a99be6b22b2 (patch)
tree098154a03b1616e00289074eda11d4bee72ead8c /apt-private
parentb1bdfe682054ea6fc202416968c5342d59b403b1 (diff)
downloadapt-952ee63b0af14a534c0aca00c11d1a99be6b22b2.tar.gz
forbid insecure repositories by default expect in apt-get
With this commit all APT-based clients default to refusing to work with unsigned or otherwise insufficently secured repositories. In terms of apt and apt-get this changes nothing, but it effects all tools using libapt like aptitude, synaptic or packagekit. The exception remains apt-get for stretch for now as this might break too many scripts/usecases too quickly. The documentation is updated and extended to reflect how to opt out or in on this behaviour change. Closes: 808367
Diffstat (limited to 'apt-private')
-rw-r--r--apt-private/private-cmndline.cc25
1 files changed, 17 insertions, 8 deletions
diff --git a/apt-private/private-cmndline.cc b/apt-private/private-cmndline.cc
index ba64c5b46..481c23c94 100644
--- a/apt-private/private-cmndline.cc
+++ b/apt-private/private-cmndline.cc
@@ -372,7 +372,6 @@ std::vector<CommandLine::Args> getCommandArgs(APT_CMD const Program, char const
return Args;
}
/*}}}*/
-#undef CmdMatches
#undef addArg
static void ShowHelpListCommands(std::vector<aptDispatchWithHelp> const &Cmds)/*{{{*/
{
@@ -445,15 +444,22 @@ static void BinarySpecificConfiguration(char const * const Binary) /*{{{*/
_config->CndSet("Binary::apt::APT::Get::Upgrade-Allow-New", true);
_config->CndSet("Binary::apt::APT::Cmd::Show-Update-Stats", true);
_config->CndSet("Binary::apt::DPkg::Progress-Fancy", true);
- _config->CndSet("Binary::apt::Acquire::AllowInsecureRepositories", false);
_config->CndSet("Binary::apt::APT::Keep-Downloaded-Packages", false);
}
+ if (binary == "apt-config")
+ _config->CndSet("Binary::apt-get::Acquire::AllowInsecureRepositories", true);
_config->Set("Binary", binary);
- std::string const conf = "Binary::" + binary;
- _config->MoveSubTree(conf.c_str(), NULL);
}
/*}}}*/
+static void BinaryCommandSpecificConfiguration(char const * const Binary, char const * const Cmd)/*{{{*/
+{
+ std::string const binary = flNotDir(Binary);
+ if (binary == "apt-get" && CmdMatches("update"))
+ _config->CndSet("Binary::apt-get::Acquire::AllowInsecureRepositories", true);
+}
+#undef CmdMatches
+ /*}}}*/
std::vector<CommandLine::Dispatch> ParseCommandLine(CommandLine &CmdL, APT_CMD const Binary,/*{{{*/
Configuration * const * const Cnf, pkgSystem ** const Sys, int const argc, const char *argv[],
bool (*ShowHelp)(CommandLine &), std::vector<aptDispatchWithHelp> (*GetCommands)(void))
@@ -481,11 +487,14 @@ std::vector<CommandLine::Dispatch> ParseCommandLine(CommandLine &CmdL, APT_CMD c
// Args running out of scope invalidates the pointer stored in CmdL,
// but we don't use the pointer after this function, so we ignore
// this problem for now and figure something out if we have to.
- std::vector<CommandLine::Args> Args;
+ char const * CmdCalled = nullptr;
if (Cmds.empty() == false && Cmds[0].Handler != nullptr)
- Args = getCommandArgs(Binary, CommandLine::GetCommand(Cmds.data(), argc, argv));
- else
- Args = getCommandArgs(Binary, nullptr);
+ CmdCalled = CommandLine::GetCommand(Cmds.data(), argc, argv);
+ if (CmdCalled != nullptr)
+ BinaryCommandSpecificConfiguration(argv[0], CmdCalled);
+ std::string const conf = "Binary::" + _config->Find("Binary");
+ _config->MoveSubTree(conf.c_str(), nullptr);
+ auto Args = getCommandArgs(Binary, CmdCalled);
CmdL = CommandLine(Args.data(), _config);
if (CmdL.Parse(argc,argv) == false ||