Bug#596498: sources.list: add option to mark unsigned (local) repository as trusted
- To: 596498@bugs.debian.org
- Subject: Bug#596498: sources.list: add option to mark unsigned (local) repository as trusted
- From: Ansgar Burchardt <ansgar@43-1.org>
- Date: Sun, 12 Sep 2010 21:54:27 +0900
- Message-id: <[🔎] 8762ybazr0.fsf@marvin.43-1.org>
- Reply-to: Ansgar Burchardt <ansgar@43-1.org>, 596498@bugs.debian.org
- In-reply-to: <20100912063418.4802.20955.reportbug__25753.8129379556$1284273385$gmane$org@marvin.43-1.org> (Ansgar Burchardt's message of "Sun, 12 Sep 2010 15:34:18 +0900")
- References: <20100912063418.4802.20955.reportbug__25753.8129379556$1284273385$gmane$org@marvin.43-1.org>
tags 596498 + patch
thanks
> It would be nice if a repository could be marked as trusted in the
> sources.list. This would make it easier to use local repositories with,
> for example, pbuilder without having to generate a PGP key, signing the
> repository and finally importing the key into apt, see also [1].
Attached is a patch to add a [trusted=1] option to sources.list. When
present, the source is regarded as trusted even without a Release.gpg.
Documentation of this feature is still missing.
I did the following testing using apt 0.8.3 with the patch applied:
Installing from an unsigned (or signed with unknown key) repository
causes warning when [trusted=0] or no option is given in sources.list;
installing from an unsigned (or signed with unknown key) repository does
not warn when [trusted=1] is given in sources.list.
Note that "apt-get update" still warns about unknown signatures even
when [trusted=1] is given for the source. I do not think this is
harmful as the option is mainly intended for unsigned (local)
repositories anyway.
Regards,
Ansgar
>From 8be695d713ad952381069950e4e6ca22498e37ab Mon Sep 17 00:00:00 2001
From: Ansgar Burchardt <ansgar@43-1.org>
Date: Sun, 12 Sep 2010 20:23:38 +0900
Subject: [PATCH] Add trusted option to sources.list
Signed-off-by: Ansgar Burchardt <ansgar@43-1.org>
---
apt-pkg/deb/debmetaindex.cc | 12 ++++++++++--
apt-pkg/deb/debmetaindex.h | 3 ++-
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 717d0bc..754ea08 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -119,11 +119,12 @@ string debReleaseIndex::SourceIndexURI(const char *Type, const string &Section)
return URI + "dists/" + Dist + "/" + SourceIndexURISuffix(Type, Section);
}
-debReleaseIndex::debReleaseIndex(string const &URI, string const &Dist) {
+debReleaseIndex::debReleaseIndex(string const &URI, string const &Dist, bool Trusted) {
this->URI = URI;
this->Dist = Dist;
this->Indexes = NULL;
this->Type = "deb";
+ this->Trusted = Trusted;
}
debReleaseIndex::~debReleaseIndex() {
@@ -224,6 +225,9 @@ bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll) const
bool debReleaseIndex::IsTrusted() const
{
+ if (Trusted)
+ return Trusted;
+
string VerifiedSigFile = _config->FindDir("Dir::State::lists") +
URItoFileName(MetaIndexURI("Release")) + ".gpg";
@@ -341,9 +345,13 @@ class debSLTypeDebian : public pkgSourceList::Type
return true;
}
}
+
+ map<string, string>::const_iterator const trusted = Options.find("trusted");
+ bool Trusted = (trusted != Options.end()) ? StringToBool(trusted->second, 0) : false;
+
// No currently created Release file indexes this entry, so we create a new one.
// XXX determine whether this release is trusted or not
- debReleaseIndex *Deb = new debReleaseIndex(URI, Dist);
+ debReleaseIndex *Deb = new debReleaseIndex(URI, Dist, Trusted);
if (IsSrc == true)
Deb->PushSectionEntry ("source", new debReleaseIndex::debSectionEntry(Section, IsSrc));
else
diff --git a/apt-pkg/deb/debmetaindex.h b/apt-pkg/deb/debmetaindex.h
index 360fa54..f47e74b 100644
--- a/apt-pkg/deb/debmetaindex.h
+++ b/apt-pkg/deb/debmetaindex.h
@@ -20,10 +20,11 @@ class debReleaseIndex : public metaIndex {
private:
std::map<string, vector<debSectionEntry const*> > ArchEntries;
+ bool Trusted;
public:
- debReleaseIndex(string const &URI, string const &Dist);
+ debReleaseIndex(string const &URI, string const &Dist, bool Trusted = false);
~debReleaseIndex();
virtual string ArchiveURI(string const &File) const {return URI + File;};
--
1.7.1
Reply to: