This enables more fine grained control over such exceptions.
addArg(0,"ignore-hold","APT::Ignore-Hold",0);
addArg(0,"upgrade","APT::Get::upgrade",0);
addArg(0,"only-upgrade","APT::Get::Only-Upgrade",0);
+ addArg(0,"allow-change-held-packages","APT::Get::allow-change-held-packages",CommandLine::Boolean);
+ addArg(0,"allow-remove-essential","APT::Get::allow-remove-essential",CommandLine::Boolean);
+ addArg(0,"allow-downgrades","APT::Get::allow-downgrades",CommandLine::Boolean);
addArg(0,"force-yes","APT::Get::force-yes",0);
addArg(0,"print-uris","APT::Get::Print-URIs",0);
addArg(0,"trivial-only","APT::Get::Trivial-Only",0);
return true;
}
- else if (_config->FindB("APT::Get::Force-Yes",false) == true)
+ else if (_config->FindB("APT::Get::Force-Yes",false) == true) {
+ _error->Warning(_("--force-yes is deprecated, use one of the options starting with --allow instead."));
return true;
+ }
- return _error->Error(_("There are problems and -y was used without --force-yes"));
+ return _error->Error(_("There were unauthenticated packages and -y was used without --allow-unauthenticated"));
}
/*}}}*/
bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure)/*{{{*/
}
}
- bool Fail = false;
+ bool Hold = false;
+ bool Downgrade = false;
bool Essential = false;
// Show all the various warning indicators
ShowNew(c1out,Cache);
if (ShwKept == true)
ShowKept(c1out,Cache);
- Fail |= !ShowHold(c1out,Cache);
+ Hold = !ShowHold(c1out,Cache);
if (_config->FindB("APT::Get::Show-Upgraded",true) == true)
ShowUpgraded(c1out,Cache);
- Fail |= !ShowDowngraded(c1out,Cache);
+ Downgrade = !ShowDowngraded(c1out,Cache);
+
if (_config->FindB("APT::Get::Download-Only",false) == false)
Essential = !ShowEssential(c1out,Cache);
- Fail |= Essential;
+
+ // All kinds of failures
+ bool Fail = (Essential || Downgrade || Hold);
+
Stats(c1out,Cache);
// Sanity check
// No remove flag
if (Cache->DelCount() != 0 && _config->FindB("APT::Get::Remove",true) == false)
return _error->Error(_("Packages need to be removed but remove is disabled."));
-
+
+ // Fail safe check
+ if (_config->FindI("quiet",0) >= 2 ||
+ _config->FindB("APT::Get::Assume-Yes",false) == true)
+ {
+ if (_config->FindB("APT::Get::Force-Yes",false) == true) {
+ _error->Warning(_("--force-yes is deprecated, use one of the options starting with --allow instead."));
+ }
+
+ if (Fail == true && _config->FindB("APT::Get::Force-Yes",false) == false) {
+ if (Essential == true && _config->FindB("APT::Get::allow-remove-essential", false) == false)
+ return _error->Error(_("Essential packages were removed and -y was used without --allow-remove-essential."));
+ if (Downgrade == true && _config->FindB("APT::Get::allow-downgrades", false) == false)
+ return _error->Error(_("Packages were downgraded and -y was used without --allow-downgrades."));
+ if (Hold == true && _config->FindB("APT::Get::allow-change-held-packages", false) == false)
+ return _error->Error(_("Held packages were changed and -y was used without --allow-change-held-packages."));
+ }
+ }
+
// Run the simulator ..
if (_config->FindB("APT::Get::Simulate") == true)
{
if (CheckFreeSpaceBeforeDownload(_config->FindDir("Dir::Cache::Archives"), (FetchBytes - FetchPBytes)) == false)
return false;
- // Fail safe check
- if (_config->FindI("quiet",0) >= 2 ||
- _config->FindB("APT::Get::Assume-Yes",false) == true)
- {
- if (Fail == true && _config->FindB("APT::Get::Force-Yes",false) == false)
- return _error->Error(_("There are problems and -y was used without --force-yes"));
- }
-
- if (Essential == true && Safety == true)
+ if (Essential == true && Safety == true && _config->FindB("APT::Get::allow-remove-essential", false) == false)
{
if (_config->FindB("APT::Get::Trivial-Only",false) == true)
return _error->Error(_("Trivial Only specified but this is not a trivial operation."));
Configuration Item: <literal>APT::Get::Only-Upgrade</literal>.</para></listitem>
</varlistentry>
+ <varlistentry><term><option>--allow-downgrades</option></term>
+ <listitem><para>This is a dangerous option that will cause apt to continue
+ without prompting if it is doing downgrades. It
+ should not be used except in very special situations. Using
+ it can potentially destroy your system!
+ Configuration Item: <literal>APT::Get::allow-downgrades</literal>. Introduced in APT 1.1.</para></listitem>
+ </varlistentry>
+
+ <varlistentry><term><option>--allow-remove-essential</option></term>
+ <listitem><para>Force yes; this is a dangerous option that will cause apt to continue
+ without prompting if it is removing essentials. It
+ should not be used except in very special situations. Using
+ it can potentially destroy your system!
+ Configuration Item: <literal>APT::Get::allow-remove-essential</literal>. Introduced in APT 1.1.</para></listitem>
+ </varlistentry>
+
+ <varlistentry><term><option>--allow-change-held-packages</option></term>
+ <listitem><para>Force yes; this is a dangerous option that will cause apt to continue
+ without prompting if it is changing held packages. It
+ should not be used except in very special situations. Using
+ it can potentially destroy your system!
+ Configuration Item: <literal>APT::Get::allow-change-held-packages</literal>. Introduced in APT 1.1.</para></listitem>
+ </varlistentry>
+
<varlistentry><term><option>--force-yes</option></term>
<listitem><para>Force yes; this is a dangerous option that will cause apt to continue
without prompting if it is doing something potentially harmful. It
should not be used except in very special situations. Using
<literal>force-yes</literal> can potentially destroy your system!
- Configuration Item: <literal>APT::Get::force-yes</literal>.</para></listitem>
+ Configuration Item: <literal>APT::Get::force-yes</literal>. This is deprecated and replaced by <option>--allow-downgrades</option>, <option>--allow-remove-essential</option>, <option>--allow-change-held-packages</option> in 1.1. </para></listitem>
</varlistentry>
<varlistentry><term><option>--print-uris</option></term>
--- /dev/null
+#!/bin/sh
+#
+# Test for --allow-remove-essential and friends replacing --force-yes
+#
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'amd64'
+
+insertpackage 'unstable' 'downgrade' 'all' '1'
+insertinstalledpackage 'downgrade' 'all' '2'
+
+insertpackage 'unstable' 'hold' 'all' '2'
+insertinstalledpackage 'hold' 'all' '1'
+
+insertinstalledpackage 'essential' 'all' '1' 'Essential: yes'
+
+setupaptarchive
+
+testsuccess aptmark hold hold
+
+# Test --allow-remove--essential
+
+testfailureequal 'Reading package lists...
+Building dependency tree...
+The following packages will be REMOVED:
+ essential
+WARNING: The following essential packages will be removed.
+This should NOT be done unless you know exactly what you are doing!
+ essential
+0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded.
+E: Essential packages were removed and -y was used without --allow-remove-essential.' aptget remove essential -y -s
+
+testsuccessequal 'Reading package lists...
+Building dependency tree...
+The following packages will be REMOVED:
+ essential
+WARNING: The following essential packages will be removed.
+This should NOT be done unless you know exactly what you are doing!
+ essential
+0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded.
+Remv essential [1]' aptget remove essential -y --allow-remove-essential -s
+
+# Test --allow-change-held-packages (should not influence dist-upgrade, but an install)
+
+testsuccessequal 'Reading package lists...
+Building dependency tree...
+Calculating upgrade...
+The following packages have been kept back:
+ hold
+0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.' aptget dist-upgrade --allow-change-held-packages -s
+
+testfailureequal 'Reading package lists...
+Building dependency tree...
+The following held packages will be changed:
+ hold
+The following packages will be upgraded:
+ hold
+1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+E: Held packages were changed and -y was used without --allow-change-held-packages.' aptget install hold -y -s
+
+testfailureequal 'Reading package lists...
+Building dependency tree...
+The following held packages will be changed:
+ hold
+The following packages will be upgraded:
+ hold
+1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+E: Held packages were changed and -y was used without --allow-change-held-packages.' aptget install hold -y -s
+
+testsuccessequal 'Reading package lists...
+Building dependency tree...
+The following held packages will be changed:
+ hold
+The following packages will be upgraded:
+ hold
+1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Inst hold [1] (2 unstable [all])
+Conf hold (2 unstable [all])' aptget install hold -y -s --allow-change-held-packages
+
+# Test --allow-downgrades
+
+testfailureequal 'Reading package lists...
+Building dependency tree...
+The following packages will be DOWNGRADED:
+ downgrade
+0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 1 not upgraded.
+E: Packages were downgraded and -y was used without --allow-downgrades.' aptget install downgrade=1 -y -s
+
+testsuccessequal 'Reading package lists...
+Building dependency tree...
+The following packages will be DOWNGRADED:
+ downgrade
+0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 1 not upgraded.
+Inst downgrade [2] (1 unstable [all])
+Conf downgrade (1 unstable [all])' aptget install downgrade=1 --allow-downgrades -y -s
# ensure we can not install the package
testfailureequal "WARNING: The following packages cannot be authenticated!
foo
-E: There are problems and -y was used without --force-yes" aptget install -qq -y foo
+E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y foo
# test that installed/upgraded auto-pkgs are not set to manual
-testsuccess aptget install browser=41 -y --force-yes
+testsuccess aptget install browser=41 -y --allow-downgrades
testmarkedmanual 'browser' 'dpkg' 'foreignpkg:i386' 'nosection'
testmarkedauto
# but that the individual packages are still considered untrusted
testfailureequal "WARNING: The following packages cannot be authenticated!
evil
-E: There are problems and -y was used without --force-yes" aptget install -qq -y evil
+E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y evil
}
test_cve_2012_0214()
listcurrentlistsdirectory > lists.before
testfailureequal "WARNING: The following packages cannot be authenticated!
old
-E: There are problems and -y was used without --force-yes" aptget install -qq -y old
+E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old
# go to authenticated but not correct
add_new_package '+1hour'
testfailure ls rootdir/var/lib/apt/lists/*_InRelease
testfailureequal "WARNING: The following packages cannot be authenticated!
old
-E: There are problems and -y was used without --force-yes" aptget install -qq -y old
+E: There were unauthenticated packages and -y was used without --allow-unauthenticated" aptget install -qq -y old
}
test_inrelease_to_unauth_inrelease() {
observehook() {
rm -f ${hook}-v2.list ${hook}-v3.list
msgtest 'Observe hooks while' "$*"
- testsuccess --nomsg aptget "$@" -y --force-yes
+ testsuccess --nomsg aptget "$@" -y --allow-downgrades
}
testrun() {
After this operation, 5370 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
apt
-E: There are problems and -y was used without --force-yes' aptget install apt -dy
+E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget install apt -dy
}
failaptnew() {
After this operation, 5808 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
apt
-E: There are problems and -y was used without --force-yes' aptget install apt -dy
+E: There were unauthenticated packages and -y was used without --allow-unauthenticated' aptget install apt -dy
}
# fake our downloadable file
projects / apt.git / commitdiff
