}
}
// get the user settings for this archive and use what expires earlier
- int MaxAge = _config->FindI("APT::Acquire::Max-Default-Age", 0);
+ int MaxAge = _config->FindI("Acquire::Max-ValidTime", 0);
if (Label.empty() == true)
- MaxAge = _config->FindI(string("APT::Acquire::Max-Default-Age::" + Label).c_str(), MaxAge);
+ MaxAge = _config->FindI(string("Acquire::Max-ValidTime::" + Label).c_str(), MaxAge);
if(MaxAge == 0) // No user settings, use the one from the Release file
return true;
-apt (0.7.26~exp5) experimental; urgency=low
+apt (0.7.26~exp6) UNRELEASED; urgency=low
[ David Kalnischkies ]
+ * doc/apt.conf.5.xml:
+ - document the new Valid-Until related options
* apt-pkg/indexrecords.cc:
- backport forgotten Valid-Until patch from the obsolete experimental
branch to prevent replay attacks better, thanks to Thomas Viehmann
for the initial patch! (Closes: #499897)
+ * apt-pkg/contrib/strutl.cc:
+ - split StrToTime() into HTTP1.1 and FTP date parser methods and
+ use strptime() instead of some self-made scanf mangling
+ - use the portable timegm shown in his manpage instead of a strange
+ looking code copycat from wget
+ * ftparchive/writer.cc:
+ - add ValidTime option to generate a Valid-Until header in Release file
+
+ -- David Kalnischkies <kalnischkies@gmail.com> Wed, 09 Jun 2010 10:43:58 +0200
+
+apt (0.7.26~exp5) experimental; urgency=low
+
+ [ David Kalnischkies ]
* cmdline/apt-get.cc:
- rerun dpkg-source in source if --fix-broken is given (Closes: #576752)
- don't suggest held packages as they are installed (Closes: #578135)
- add 'disappear' to the known processing states, thanks Jonathan Nieder
* apt-pkg/packagemanager.h:
- export info about disappeared packages with GetDisappearedPackages()
- * apt-pkg/contrib/strutl.cc:
- - split StrToTime() into HTTP1.1 and FTP date parser methods and
- use strptime() instead of some selfmade scanf mangling
- - use the portable timegm shown in his manpage instead of a strange
- looking code copycat from wget
- * ftparchive/writer.cc:
- - add ValidTime option to generate a Valid-Until header in Release file
[ Michael Vogt ]
* methods/http.{cc,h}:
and the URI handlers.
<variablelist>
+ <varlistentry><term>Check-Valid-Until</term>
+ <listitem><para>Security related option defaulting to true as an
+ expiring validation for a Release file prevents longtime replay attacks
+ and can e.g. also help users to identify no longer updated mirrors -
+ but the feature depends on the correctness of the time on the user system.
+ Archive maintainers are encouraged to create Release files with the
+ <literal>Valid-Until</literal> header, but if they don't or a stricter value
+ is volitional the following <literal>Max-ValidTime</literal> option can be used.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry><term>Max-ValidTime</term>
+ <listitem><para>Seconds the Release file should be considered valid after
+ it was created. The default is "for ever" (0) if the Release file of the
+ archive doesn't include a <literal>Valid-Until</literal> header.
+ If it does then this date is the default. The date from the Release file or
+ the date specified by the creation time of the Release file
+ (<literal>Date</literal> header) plus the seconds specified with this
+ options are used to check if the validation of a file has expired by using
+ the earlier date of the two. Archive specific settings can be made by
+ appending the label of the archive to the option name.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry><term>PDiffs</term>
<listitem><para>Try to download deltas called <literal>PDiffs</literal> for
Packages or Sources files instead of downloading whole ones. True
PDiffs::SizeLimit "50"; // don't use diffs if size of all patches excess
// 50% of the size of the original file
+ Check-Valid-Until "true";
+ Max-ValidTime "864000"; // 10 days
+ Max-ValidTime::Debian-Security "604800"; // 7 days, label specific configuration
+
// HTTP method configuration
http
{
projects / apt.git / commitdiff
