From 268ffcebb9ae4278b1e3c3f89f8167f229164dbd Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 22 Jun 2015 12:34:11 +0200 Subject: [PATCH] detect and error out on conflicting Trusted settings A specific trust state can be enforced via a sources.list option, but it effects all entries handled by the same Release file, not just the entry it was given on so we enforce acknowledgement of this by requiring the same value to be (not) set on all such entries. --- apt-pkg/deb/debmetaindex.cc | 43 ++++++++++++------- apt-pkg/deb/debmetaindex.h | 8 ++-- apt-pkg/metaindex.cc | 2 +- apt-pkg/metaindex.h | 1 - doc/sources.list.5.xml | 8 ++++ .../test-bug-596498-trusted-unsigned-repo | 8 ++-- .../test-sourceslist-trusted-options | 17 ++++++++ 7 files changed, 63 insertions(+), 24 deletions(-) diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index f690a8d64..1f725ba05 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -29,6 +29,8 @@ #include #include +#include + class APT_HIDDEN debReleaseIndexPrivate /*{{{*/ { public: @@ -42,6 +44,11 @@ class APT_HIDDEN debReleaseIndexPrivate /*{{{*/ std::vector DebEntries; std::vector DebSrcEntries; + + debReleaseIndex::TriState Trusted; + + debReleaseIndexPrivate() : Trusted(debReleaseIndex::TRI_UNSET) {} + debReleaseIndexPrivate(bool const pTrusted) : Trusted(pTrusted ? debReleaseIndex::TRI_YES : debReleaseIndex::TRI_NO) {} }; /*}}}*/ // ReleaseIndex::MetaIndex* - display helpers /*{{{*/ @@ -101,12 +108,11 @@ std::string debReleaseIndex::LocalFileName() const /*{{{*/ /*}}}*/ // ReleaseIndex Con- and Destructors /*{{{*/ debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist) : - metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate()), Trusted(CHECK_TRUST) + metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate()) {} debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, bool const Trusted) : - metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate()) { - SetTrusted(Trusted); -} + metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate(Trusted)) +{} debReleaseIndex::~debReleaseIndex() { if (d != NULL) delete d; @@ -225,9 +231,9 @@ void debReleaseIndex::AddComponent(bool const isSrc, std::string const &Name,/*{ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const/*{{{*/ { indexRecords * const iR = new indexRecords(Dist); - if (Trusted == ALWAYS_TRUSTED) + if (d->Trusted == TRI_YES) iR->SetTrusted(true); - else if (Trusted == NEVER_TRUSTED) + else if (d->Trusted == TRI_NO) iR->SetTrusted(false); // special case for --print-uris @@ -246,19 +252,21 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const/*{ return true; } /*}}}*/ -// ReleaseIndex::*Trusted setters and checkers /*{{{*/ -void debReleaseIndex::SetTrusted(bool const Trusted) +// ReleaseIndex::IsTrusted /*{{{*/ +bool debReleaseIndex::SetTrusted(TriState const Trusted) { - if (Trusted == true) - this->Trusted = ALWAYS_TRUSTED; - else - this->Trusted = NEVER_TRUSTED; + if (d->Trusted == TRI_UNSET) + d->Trusted = Trusted; + else if (d->Trusted != Trusted) + // TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite + return _error->Error(_("Conflicting values set for option %s concerning source %s %s"), "Trusted", URI.c_str(), Dist.c_str()); + return true; } bool debReleaseIndex::IsTrusted() const { - if (Trusted == ALWAYS_TRUSTED) + if (d->Trusted == TRI_YES) return true; - else if (Trusted == NEVER_TRUSTED) + else if (d->Trusted == TRI_NO) return false; @@ -476,7 +484,12 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type /*{{{*/ std::map::const_iterator const trusted = Options.find("trusted"); if (trusted != Options.end()) - Deb->SetTrusted(StringToBool(trusted->second, false)); + { + if (Deb->SetTrusted(StringToBool(trusted->second, false) ? debReleaseIndex::TRI_YES : debReleaseIndex::TRI_NO) == false) + return false; + } + else if (Deb->SetTrusted(debReleaseIndex::TRI_DONTCARE) == false) + return false; return true; } diff --git a/apt-pkg/deb/debmetaindex.h b/apt-pkg/deb/debmetaindex.h index 9b60b6137..a6db4e287 100644 --- a/apt-pkg/deb/debmetaindex.h +++ b/apt-pkg/deb/debmetaindex.h @@ -27,8 +27,6 @@ class APT_HIDDEN debReleaseIndex : public metaIndex { debReleaseIndexPrivate * const d; - enum APT_HIDDEN { ALWAYS_TRUSTED, NEVER_TRUSTED, CHECK_TRUST } Trusted; - public: APT_HIDDEN std::string MetaIndexInfo(const char *Type) const; @@ -51,7 +49,11 @@ class APT_HIDDEN debReleaseIndex : public metaIndex virtual std::vector *GetIndexFiles(); - void SetTrusted(bool const Trusted); + enum APT_HIDDEN TriState { + TRI_YES, TRI_DONTCARE, TRI_NO, TRI_UNSET + }; + bool SetTrusted(TriState const Trusted); + virtual bool IsTrusted() const; void AddComponent(bool const isSrc, std::string const &Name, diff --git a/apt-pkg/metaindex.cc b/apt-pkg/metaindex.cc index d96349974..0c88ee9cd 100644 --- a/apt-pkg/metaindex.cc +++ b/apt-pkg/metaindex.cc @@ -41,7 +41,7 @@ bool metaIndex::Merge(pkgCacheGenerator &Gen,OpProgress *) const metaIndex::metaIndex(std::string const &URI, std::string const &Dist, char const * const Type) -: d(NULL), Indexes(NULL), Type(Type), URI(URI), Dist(Dist), Trusted(false) +: d(NULL), Indexes(NULL), Type(Type), URI(URI), Dist(Dist) { /* nothing */ } diff --git a/apt-pkg/metaindex.h b/apt-pkg/metaindex.h index 1bcec1c4a..9667e1c92 100644 --- a/apt-pkg/metaindex.h +++ b/apt-pkg/metaindex.h @@ -34,7 +34,6 @@ class metaIndex const char *Type; std::string URI; std::string Dist; - bool Trusted; public: diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml index 8506017ad..f87dcda23 100644 --- a/doc/sources.list.5.xml +++ b/doc/sources.list.5.xml @@ -223,7 +223,15 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [. source. If not specified, the default set is defined by the APT::Acquire::Targets configuration scope. + + + Further more, there are options which if set effect + all sources with the same URI and Suite, so they + have to be set on all such entries and can not be varied between + different components. APT will try to detect and error out on such + anomalies. + Trusted (trusted) is a tri-state value which defaults to APT deciding if a source is considered trusted or if warnings should be raised before e.g. diff --git a/test/integration/test-bug-596498-trusted-unsigned-repo b/test/integration/test-bug-596498-trusted-unsigned-repo index 1ff0f1d8d..c515837a3 100755 --- a/test/integration/test-bug-596498-trusted-unsigned-repo +++ b/test/integration/test-bug-596498-trusted-unsigned-repo @@ -18,7 +18,7 @@ aptgetupdate() { PKGTEXT="$(aptget install cool --assume-no -d | head -n 8)" DOWNLOG="$(echo "$PKGTEXT" | tail -n 1)" PKGTEXT="$(echo "$PKGTEXT" | head -n 7)" -DEBFILE='rootdir/etc/apt/sources.list.d/apt-test-unstable-deb.list' +DEBFILE='rootdir/etc/apt/sources.list.d/apt-test-unstable-*.list' testsuccessequal "$PKGTEXT $DOWNLOG @@ -28,7 +28,7 @@ testsuccessequal "$PKGTEXT $DOWNLOG Download complete and in download only mode" aptget install cool --assume-no -d --allow-unauthenticated -sed -i -e 's#deb#deb [trusted=no]#' $DEBFILE +sed -i -e 's#\(deb\(-src\)\?\) #\1 [trusted=no] #' $DEBFILE aptgetupdate 'testsuccess' testfailureequal "$PKGTEXT @@ -38,7 +38,7 @@ Install these packages without verification? [y/N] N E: Some packages could not be authenticated" aptget install cool --assume-no -d find aptarchive/ \( -name 'Release.gpg' -o -name 'InRelease' \) -delete -sed -i -e 's#deb \[trusted=no\]#deb#' $DEBFILE +sed -i -e 's#\(deb\(-src\)\?\) \[trusted=no\] #\1 #' $DEBFILE aptgetupdate testfailureequal "$PKGTEXT @@ -54,7 +54,7 @@ Authentication warning overridden. $DOWNLOG Download complete and in download only mode" aptget install cool --assume-no -d --allow-unauthenticated -sed -i -e 's#deb#deb [trusted=yes]#' $DEBFILE +sed -i -e 's#\(deb\(-src\)\?\) #\1 [trusted=yes] #' $DEBFILE aptgetupdate testsuccessequal "$PKGTEXT diff --git a/test/integration/test-sourceslist-trusted-options b/test/integration/test-sourceslist-trusted-options index 5fe4933ce..86036e242 100755 --- a/test/integration/test-sourceslist-trusted-options +++ b/test/integration/test-sourceslist-trusted-options @@ -199,3 +199,20 @@ insecureaptgetupdate everythingfails everythingfails -t stable everythingfails -t testing + +msgmsg 'Test conflicting trusted options are refused' +testsource() { + echo "$@" > rootdir/etc/apt/sources.list.d/example.list + testfailuremsg 'E: Conflicting values set for option Trusted concerning source http://example.org/bad/ unstable +E: The list of sources could not be read.' aptget update --print-uris +} +for VAL in 'yes' 'no'; do + testsource "deb http://example.org/bad unstable main +deb [trusted=${VAL}] http://example.org/bad unstable non-free" + testsource "deb [trusted=${VAL}] http://example.org/bad unstable main +deb http://example.org/bad unstable non-free" +done +testsource 'deb [trusted=yes] http://example.org/bad unstable main +deb [trusted=no] http://example.org/bad unstable non-free' +testsource 'deb [trusted=no] http://example.org/bad unstable main +deb [trusted=yes] http://example.org/bad unstable non-free' -- 2.45.2