Re: RFC auth patch

To: debian-boot@lists.debian.org
Subject: Re: RFC auth patch
From: Joey Hess <joeyh@debian.org>
Date: Thu, 15 Feb 2007 15:49:39 -0500
Message-id: <[🔎] 20070215204939.GA28427@kitenet.net>
Mail-followup-to: debian-boot@lists.debian.org
In-reply-to: <[🔎] 200702152024.07142.elendil@planet.nl>
References: <[🔎] 20070215190516.GA15915@kitenet.net> <[🔎] 200702152024.07142.elendil@planet.nl>

Frans Pop wrote:
> Would it be worth creating an alias for it (as it is very long in its raw form)?

I don't want to make it too easy to use this.

> Should this be really be kept by default for the target system? If so, 
> that should be documented very clearly.

Probably best to remove it at the end.

Updated patch:

Index: manual/en/appendix/preseed.xml
===================================================================
--- manual/en/appendix/preseed.xml	(revision 45117)
+++ manual/en/appendix/preseed.xml	(working copy)
@@ -1048,6 +1048,11 @@
 # apt will complain about the unauthenticated repository and so the
 # sources.list line will be left commented out
 #d-i apt-setup/local0/key string http://local.server/key
+
+# By default the installer requires that repositories be authenticated
+# using a known gpg key. This setting can be used to disable that
+# authentication. Warning: Insecure, not recommended.
+#d-i debian-installer/allow_unauthenticated string true
 </screen></informalexample>
 
   </sect2>
Index: manual/en/boot-installer/parameters.xml
===================================================================
--- manual/en/boot-installer/parameters.xml	(revision 45117)
+++ manual/en/boot-installer/parameters.xml	(working copy)
@@ -362,6 +362,17 @@
 </para></listitem>
 </varlistentry>
 
+<varlistentry>
+<term>debian-installer/allow_unauthenticated</term>
+<listitem><para>
+
+By default the installer requires that repositories be authenticated
+using a known gpg key. Set to <userinput>true</userinput> to 
+disable that authentication. Warning: Insecure, not recommended.
+
+</para></listitem>
+</varlistentry>
+
 <varlistentry arch="alpha;m68k;mips;mipsel">
 <term>ramdisk_size</term>
 <listitem><para>
Index: packages/rootskel/debian/changelog
===================================================================
--- packages/rootskel/debian/changelog	(revision 45117)
+++ packages/rootskel/debian/changelog	(working copy)
@@ -1,3 +1,11 @@
+rootskel (1.50) UNRELEASED; urgency=low
+
+  * Add new debian-installer/allow_unauthenticated template, will be used by
+    choose-mirror and base-installer to allow forcing installation even if
+    the mirror doesn't auth.
+
+ -- Joey Hess <joeyh@debian.org>  Thu, 15 Feb 2007 13:51:22 -0500
+
 rootskel (1.49) unstable; urgency=low
 
   * Support blacklisting of modules from the boot prompt using the syntax
Index: packages/rootskel/debian/templates-arch
===================================================================
--- packages/rootskel/debian/templates-arch	(revision 45117)
+++ packages/rootskel/debian/templates-arch	(working copy)
@@ -22,3 +22,8 @@
 Type: string
 Description: for internal use; can be preseeded
  Theme to use for the (newt or gtk) frontend
+
+Template: debian-installer/allow_unauthenticated
+Type: boolean
+Default: false
+Description: for internal use; can be preseeded
Index: packages/net-retriever/debian/changelog
===================================================================
--- packages/net-retriever/debian/changelog	(revision 45117)
+++ packages/net-retriever/debian/changelog	(working copy)
@@ -1,3 +1,10 @@
+net-retriever (1.14) UNRELEASED; urgency=low
+
+  * If debian-installer/allow_unauthenticated is true, only log a warning
+    if authentication fails.
+
+ -- Joey Hess <joeyh@debian.org>  Thu, 15 Feb 2007 14:04:02 -0500
+
 net-retriever (1.13) unstable; urgency=low
 
   [ Updated translations ]
Index: packages/net-retriever/net-retriever
===================================================================
--- packages/net-retriever/net-retriever	(revision 45117)
+++ packages/net-retriever/net-retriever	(working copy)
@@ -105,7 +105,7 @@
 		Release="/tmp/net-retriever-$$-Release"
 		fetch "dists/$codename/Release" "$Release" || exit $?
 		# If gpgv and a keyring are installed, authentication is
-		# mandatory.
+		# mandatory by default.
 		if type gpgv >/dev/null && [ -f "$keyring" ]; then
 			if ! fetch "dists/$codename/Release.gpg" "$Release.gpg"; then
 				error "dists/$codename/Release is unsigned."
@@ -114,7 +114,11 @@
 			     gpgv --status-fd 1 --keyring "$keyring" \
 			     --ignore-time-conflict \
 			     "$Release.gpg" "$Release" | read_gpg_status; then
-				error "Bad signature on $Release."
+			     	if db_get debian-installer/allow_unauthenticated && [ "$RET" = true ]; then
+					log "Ignoring bad signature on $Release."
+				else
+					error "Bad signature on $Release."
+				fi
 			fi
 		fi
 
Index: packages/base-installer/debian/postinst
===================================================================
--- packages/base-installer/debian/postinst	(revision 45117)
+++ packages/base-installer/debian/postinst	(working copy)
@@ -173,7 +173,9 @@
 		exclude="--exclude=${EXCLUDES}"
 	fi
 	if type gpgv >/dev/null && [ -f "$KEYRING" ]; then
-		keyring="--keyring=${KEYRING}"
+		if ! db_get debian-installer/allow_unauthenticated || [ "$RET" != true ]; then
+			keyring="--keyring=${KEYRING}"
+		fi
 	fi
 
 	test -d $ETCDIR || mkdir -p $ETCDIR
@@ -259,6 +261,14 @@
 	cat > /target/etc/apt/apt.conf.d/00IgnoreTimeConflict << EOT
 Acquire::gpgv::Options { "--ignore-time-conflict"; };
 EOT
+
+	if db_get debian-installer/allow_unauthenticated && [ "$RET" = true ]; then
+		# This file will be left in place until the end of the install.
+		cat > /target/etc/apt/apt.conf.d/00AllowUnauthenticated << EOT
+APT::Get::AllowUnauthenticated "true";
+EOT
+	fi
+
 	# let apt inside the chroot see the cdrom
 	if [ "$PROTOCOL" = file ] ; then
 		if [ -n "$DIRECTORY" ]; then
Index: packages/base-installer/debian/changelog
===================================================================
--- packages/base-installer/debian/changelog	(revision 45167)
+++ packages/base-installer/debian/changelog	(working copy)
@@ -5,8 +5,11 @@
 
   [ Joey Hess ]
   * Add support for armel.
+  * If debian-installer/allow_unauthenticated exists and is true, write a
+    /etc/apt/apt.conf.d/00AllowUnauthenticated file making apt allow
+    unauthenticated mirrors.
 
- -- Joey Hess <joeyh@debian.org>  Wed, 14 Feb 2007 16:28:10 -0500
+ -- Joey Hess <joeyh@debian.org>  Thu, 15 Feb 2007 13:58:34 -0500
 
 base-installer (1.72) unstable; urgency=low
 
Index: packages/base-installer/finish-install
===================================================================
--- packages/base-installer/finish-install	(revision 45117)
+++ packages/base-installer/finish-install	(working copy)
@@ -2,4 +2,5 @@
 set -e
 
 rm -f /target/etc/apt/apt.conf.d/00NoMountCDROM \
-	/target/etc/apt/apt.conf.d/00IgnoreTimeConflict
+	/target/etc/apt/apt.conf.d/00IgnoreTimeConflict \
+	/target/etc/apt/apt.conf.d/00AllowUnauthenticated

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: RFC auth patch
  - From: Frans Pop <elendil@planet.nl>

References:
- RFC auth patch
  - From: Joey Hess <joeyh@debian.org>
- Re: RFC auth patch
  - From: Frans Pop <elendil@planet.nl>

Prev by Date: Bug#410354: Suomi vs. Suomeksi
Next by Date: Re: RFC auth patch
Previous by thread: Re: RFC auth patch
Next by thread: Re: RFC auth patch
Index(es):
- Date
- Thread