Bug#981166: support origin pins based on path
Quack,
Sorry for the lag.
On 2021-01-27 21:01, Julian Andres Klode wrote:
So effectively, what you are asking for is to allow origin to pin based
on the path, not just the hostname, like we allow for apt_auth.conf.
I need to way to securely restrict sources, so that a custom source for
a handful of packages is not going to touch anything else on my system.
From a security point of view that's not sufficient of course but I
would like to avoid a project adding a custom build of some lib to
workaround a problem or other such situation.
Since o= is taken from the repo metadata it's clearly not a good fit, so
I tried with the origin, and if I do not use acng that's working fine.
Unless you could suggest anything else with the current features it
would be nice to add path support. It could totally be another keyword,
I can adapt to the syntax you prefer.
It's possible to do this in 2.x since we have an extensible cache API
with private pointers where we could store an extended origin, without
breaking existing uses of origin.
:-)
Arguably we could also hack up a solution for acng's hack, but that
feels like the wrong approach.
I'm not sure how other caches handle the HTTPS case but yes clearly
there's no reason to add dirty hacks.
Regards.
\_o<
--
Marc Dequènes
Reply to: