Re: apt security model
On Tue, Dec 07, 2004 at 09:59:13AM -0500, Daniel Burrows wrote:
[..]
> > The latest version does no longer contains that lines. It now starts
> > with Trusted=false and if it finds a trusted source, it will switch to
> > "package is trusted" mode. That means it will only download it from a
> > trusted source (for cases like when the package is available from
> > various sources).
>
> Oh, I see. By the way, would it be possible for IsTrusted to (also) be a
> method on VerIterators? It looks to me like there's nothing that prevents
> this, and it would be nice to not have to either generate AcquireItems or
> reimplement it. At the moment I'm reimplementing it.
Would something like the attached patch do? I don't like the fact that
it needs to pass a pkgSourceList* to the iterator so better ideas are
welcome :)
> And, to answer another question I was asking in case anyone is
> searching the archives, I discovered that the installed version of a
> package never has a corresponding IndexFile object. So it's
> expected that some trusted packages have VersionFiles without an
> IndexFile.
It looks like this happens if you install a trusted package and it's
later no longer downloadable. So it only affects "Obsolete and Locally
Created Packages" I think.
> I tried to use arch once and my head exploded :).
It usually happens when people are exposed to arch for the first time ;)
bye,
Michael
--
The first rule of holes is: when you find yourself in one, stop digging. - PJ
Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo
--- orig/apt-pkg/cacheiterators.h
+++ mod/apt-pkg/cacheiterators.h
@@ -35,6 +35,9 @@
#pragma interface "apt-pkg/cacheiterators.h"
#endif
+class pkgSourceList;
+class pkgIndexFile;
+
// Package Iterator
class pkgCache::PkgIterator
{
@@ -133,6 +136,7 @@
inline VerFileIterator FileList() const;
inline unsigned long Index() const {return Ver - Owner->VerP;};
bool Downloadable() const;
+ bool IsTrusted(pkgSourceList *Source) const;
inline const char *PriorityType() {return Owner->Priority(Ver->Priority);};
string RelStr();
--- orig/apt-pkg/pkgcache.cc
+++ mod/apt-pkg/pkgcache.cc
@@ -26,6 +26,7 @@
#endif
#include <apt-pkg/pkgcache.h>
+#include <apt-pkg/sourcelist.h>
#include <apt-pkg/version.h>
#include <apt-pkg/error.h>
#include <apt-pkg/strutl.h>
@@ -465,6 +466,28 @@
return true;
return false;
}
+
+// VerIterator::IsTrusted - Checks if the version is trusted /*{{{*/
+// ---------------------------------------------------------------------
+/* */
+bool pkgCache::VerIterator::IsTrusted(pkgSourceList *Sources) const
+{
+ VerFileIterator i = FileList();
+ for (; i.end() == false; i++) {
+ pkgIndexFile *Index;
+ if (Sources->FindIndex(i.File(),Index) == false)
+ continue;
+ if (_config->FindB("Debug::pkgAcquire::Auth", false))
+ {
+ std::cerr << "Checking index: " << Index->Describe()
+ << "(Trusted=" << Index->IsTrusted() << ")\n";
+ }
+ if (Index->IsTrusted())
+ return true;
+ }
+ return false;
+}
+
/*}}}*/
// VerIterator::Automatic - Check if this version is 'automatic' /*{{{*/
// ---------------------------------------------------------------------
Reply to: