Bug#775454: Allow user blocking of https fallback

To: submit@bugs.debian.org
Subject: Bug#775454: Allow user blocking of https fallback
From: jnqnfe <jnqnfe@gmail.com>
Date: Thu, 15 Jan 2015 20:42:42 +0000
Message-id: <[🔎] 54B82642.204@gmail.com>
Reply-to: jnqnfe <jnqnfe@gmail.com>, 775454@bugs.debian.org

Package: debootstrap
Severity: important
Tags: security patch

In the event of a GPG keyring not being found, debootstrap may fallback
to the alternative security of an https mirror.

Users lacking the requisite GPG keyring file (or perhaps just making a
typo in their parameters) may not necessarily be satisfied with the
security of https. They might like a choice of simply receiving an error
instead, prompting them to investigate and resolve the missing keyring
issue, and should not be expected to have to take care to watch the log
output to check the file was found and if not then terminate the process
in such cases.

The attached patch adds a simple new --no-https-fallback parameter to
provide users with control over the fallback behaviour.

Note, this patch builds upon my patches for bugs #661501 and #775449; I
haven't checked whether conflicts occur if applying it without those
already in place, applogies for that, I have a lot of work to do.

commit f2283fe99cac2f103d71cd4e5bab2757829d58f0
Author: jnqnfe <jnqnfe@gmail.com>
Date:   Thu Jan 15 20:27:47 2015 +0000

    Add new --no-https-fallback param
    
    Allows the user to prevents falling back to a default https mirror in the event that a GPG keyring is not found (they may not consider https secure enough).

diff --git a/debootstrap b/debootstrap
index 8d40818..e024560 100755
--- a/debootstrap
+++ b/debootstrap
@@ -27,6 +27,7 @@ LANG=C
 USE_COMPONENTS=main
 KEYRING=""
 DISABLE_KEYRING=""
+DISABLE_HTTPS_FALLBACK=""
 VARIANT=""
 ARCH=""
 HOST_ARCH=""
@@ -105,6 +106,9 @@ usage()
                               scratchbox, minbase)
       --keyring=K            check Release files against keyring K
       --no-check-gpg         avoid checking Release file signatures
+      --no-https-fallback    avoid falling back to https in the event of not having
+                             a gpg keyring to use for Release verification, instead
+                             allowing this to result in an error
       --no-resolve-deps      don't try to resolve dependencies automatically
 
       --unpack-tarball=T     acquire .debs from a tarball instead of http
@@ -322,6 +326,10 @@ if [ $# != 0 ] ; then
 			shift 1
 			DISABLE_KEYRING=1
 		;;
+	    --no-https-fallback)
+			shift 1
+			DISABLE_HTTPS_FALLBACK=1
+		;;
 	    --certificate|--certificate=?*)
 		if [ "$1" = "--certificate" -a -n "$2" ]; then
 			CERTIFICATE="--certificate=$2"
diff --git a/functions b/functions
index c94faf8..82b4b24 100644
--- a/functions
+++ b/functions
@@ -200,7 +200,7 @@ keyring () {
 		if [ -e "$1" ]; then
 			KEYRING="$1"
 		elif [ -z "$DISABLE_KEYRING" ]; then
-			if [ -n "$DEF_HTTPS_MIRROR" ] && [ -z "$USER_MIRROR" ] ; then
+			if [ -n "$DEF_HTTPS_MIRROR" ] && [ -z "$USER_MIRROR" ] && [ -z "$DISABLE_HTTPS_FALLBACK" ] ; then
 				info KEYRING "Keyring file not available at %s; switching to https mirror %s" "$1" "$DEF_HTTPS_MIRROR"
 				USER_MIRROR="$DEF_HTTPS_MIRROR"
 			else

Reply to:

Prev by Date: Re: Grub-legacy graphics issue
Next by Date: Bug#775449: Provide sha size param instead of using environmental variable
Previous by thread: Bug#775449: Provide sha size param instead of using environmental variable
Next by thread: Bug#775454: Allow user blocking of https fallback
Index(es):
- Date
- Thread