Bug#775454: Allow user blocking of https fallback
Package: debootstrap
Severity: important
Tags: security patch
In the event of a GPG keyring not being found, debootstrap may fallback
to the alternative security of an https mirror.
Users lacking the requisite GPG keyring file (or perhaps just making a
typo in their parameters) may not necessarily be satisfied with the
security of https. They might like a choice of simply receiving an error
instead, prompting them to investigate and resolve the missing keyring
issue, and should not be expected to have to take care to watch the log
output to check the file was found and if not then terminate the process
in such cases.
The attached patch adds a simple new --no-https-fallback parameter to
provide users with control over the fallback behaviour.
Note, this patch builds upon my patches for bugs #661501 and #775449; I
haven't checked whether conflicts occur if applying it without those
already in place, applogies for that, I have a lot of work to do.
commit f2283fe99cac2f103d71cd4e5bab2757829d58f0
Author: jnqnfe <jnqnfe@gmail.com>
Date: Thu Jan 15 20:27:47 2015 +0000
Add new --no-https-fallback param
Allows the user to prevents falling back to a default https mirror in the event that a GPG keyring is not found (they may not consider https secure enough).
diff --git a/debootstrap b/debootstrap
index 8d40818..e024560 100755
--- a/debootstrap
+++ b/debootstrap
@@ -27,6 +27,7 @@ LANG=C
USE_COMPONENTS=main
KEYRING=""
DISABLE_KEYRING=""
+DISABLE_HTTPS_FALLBACK=""
VARIANT=""
ARCH=""
HOST_ARCH=""
@@ -105,6 +106,9 @@ usage()
scratchbox, minbase)
--keyring=K check Release files against keyring K
--no-check-gpg avoid checking Release file signatures
+ --no-https-fallback avoid falling back to https in the event of not having
+ a gpg keyring to use for Release verification, instead
+ allowing this to result in an error
--no-resolve-deps don't try to resolve dependencies automatically
--unpack-tarball=T acquire .debs from a tarball instead of http
@@ -322,6 +326,10 @@ if [ $# != 0 ] ; then
shift 1
DISABLE_KEYRING=1
;;
+ --no-https-fallback)
+ shift 1
+ DISABLE_HTTPS_FALLBACK=1
+ ;;
--certificate|--certificate=?*)
if [ "$1" = "--certificate" -a -n "$2" ]; then
CERTIFICATE="--certificate=$2"
diff --git a/functions b/functions
index c94faf8..82b4b24 100644
--- a/functions
+++ b/functions
@@ -200,7 +200,7 @@ keyring () {
if [ -e "$1" ]; then
KEYRING="$1"
elif [ -z "$DISABLE_KEYRING" ]; then
- if [ -n "$DEF_HTTPS_MIRROR" ] && [ -z "$USER_MIRROR" ] ; then
+ if [ -n "$DEF_HTTPS_MIRROR" ] && [ -z "$USER_MIRROR" ] && [ -z "$DISABLE_HTTPS_FALLBACK" ] ; then
info KEYRING "Keyring file not available at %s; switching to https mirror %s" "$1" "$DEF_HTTPS_MIRROR"
USER_MIRROR="$DEF_HTTPS_MIRROR"
else
Reply to: