}
// check if we have one trusted source for the package. if so, switch
- // to "TrustedOnly" mode
+ // to "TrustedOnly" mode - but only if not in AllowUnauthenticated mode
+ bool const allowUnauth = _config->FindB("APT::Get::AllowUnauthenticated", false);
+ bool const debugAuth = _config->FindB("Debug::pkgAcquire::Auth", false);
+ bool seenUntrusted = false;
for (pkgCache::VerFileIterator i = Version.FileList(); i.end() == false; ++i)
{
pkgIndexFile *Index;
if (Sources->FindIndex(i.File(),Index) == false)
continue;
- if (_config->FindB("Debug::pkgAcquire::Auth", false))
- {
+
+ if (debugAuth == true)
std::cerr << "Checking index: " << Index->Describe()
- << "(Trusted=" << Index->IsTrusted() << ")\n";
- }
- if (Index->IsTrusted()) {
+ << "(Trusted=" << Index->IsTrusted() << ")" << std::endl;
+
+ if (Index->IsTrusted() == true)
+ {
Trusted = true;
- break;
+ if (allowUnauth == false)
+ break;
}
+ else
+ seenUntrusted = true;
}
// "allow-unauthenticated" restores apts old fetching behaviour
// that means that e.g. unauthenticated file:// uris are higher
// priority than authenticated http:// uris
- if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
+ if (allowUnauth == true && seenUntrusted == true)
Trusted = false;
// Select a source
testequal "$PKGTEXT
Download complete and in download only mode" aptget install cool --assume-no -d
+testequal "$PKGTEXT
+Download complete and in download only mode" aptget install cool --assume-no -d --allow-unauthenticated
+
sed -i -e 's#deb#deb [trusted=no]#' $DEBFILE
aptgetupdate
Install these packages without verification? [y/N] N
E: Some packages could not be authenticated" aptget install cool --assume-no -d
+testequal "$PKGTEXT
+WARNING: The following packages cannot be authenticated!
+ cool
+Authentication warning overridden.
+Download complete and in download only mode" aptget install cool --assume-no -d --allow-unauthenticated
+
sed -i -e 's#deb#deb [trusted=yes]#' $DEBFILE
aptgetupdate
--- /dev/null
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'i386'
+
+buildsimplenativepackage 'cool' 'i386' '1.0' 'unstable'
+
+setupaptarchive --no-update
+
+testfileexists() {
+ msgtest 'Test for existance of file' "$1"
+ test -e "$1" && msgpass || msgfail
+ rm -f "$1"
+}
+
+testfilemissing() {
+ msgtest 'Test for non-existance of file' "$1"
+ test -e "$1" && msgfail || msgpass
+ rm -f "$1"
+}
+
+testrun() {
+ rm -rf rootdir/var/lib/apt
+ testsuccess aptget update
+
+ testsuccess aptget download cool
+ testfileexists 'cool_1.0_i386.deb'
+
+ mv aptarchive/pool/cool_1.0_i386.deb aptarchive/pool/cool_1.0_i386.deb.bak
+ echo 'this is not a good package' > aptarchive/pool/cool_1.0_i386.deb
+ # FIXME: apt-get download should exit non-zero if download fails
+ aptget download cool
+ testfilemissing cool_1.0_i386.deb
+
+ # FIXME: apt-get download should exit non-zero if download fails
+ aptget download cool --allow-unauthenticated # unauthenticated doesn't mean unchecked
+ testfilemissing cool_1.0_i386.deb
+
+ rm -f aptarchive/pool/cool_1.0_i386.deb
+ mv aptarchive/pool/cool_1.0_i386.deb.bak aptarchive/pool/cool_1.0_i386.deb
+ testsuccess aptget download cool --allow-unauthenticated
+ testfileexists 'cool_1.0_i386.deb'
+}
+
+testrun
+
+find aptarchive/ \( -name 'Release.gpg' -o -name 'InRelease' \) -delete
+# FIXME: apt-get download should warn about untrusted downloads
+testrun