Bug#617690: [PATCH] Fix #617690 (APT::Get::AllowUnauthenticated=true always

To: 'David Kalnischkies' <kalnischkies+debian@gmail.com>, 617690-submitter@bugs.debian.org, 617690@bugs.debian.org
Subject: Bug#617690: [PATCH] Fix #617690 (APT::Get::AllowUnauthenticated=true always
From: Markovtsev Vadim <v.markovtsev@samsung.com>
Date: Fri, 27 Sep 2013 14:23:57 +0400
Message-id: <[🔎] 007001cebb6b$ad8fa490$08aeedb0$%markovtsev@samsung.com>
Reply-to: Markovtsev Vadim <v.markovtsev@samsung.com>, 617690@bugs.debian.org
In-reply-to: <[🔎] CAAZ6_fBey_UzYZ+N0RYujdCra2iKrwnXfZWE13dy12K9NyCE9Q@mail.gmail.com>
References: <[🔎] 000c01ceb53b$be2e8220$3a8b8660$%markovtsev@samsung.com> <[🔎] CAAZ6_fB7w2FVH3trBB2uqB_x+kQqw3djFH38aEBxL-VZYarv4w@mail.gmail.com> <[🔎] 006001cebb4b$a951ba50$fbf52ef0$%markovtsev@samsung.com> <[🔎] CAAZ6_fBey_UzYZ+N0RYujdCra2iKrwnXfZWE13dy12K9NyCE9Q@mail.gmail.com>

Great! Thank you very much for the fix! And thanks for the information,
I will try to pass your words to Linaro guys, who activated AllowUntrusted
by default in their distribution.

Regards,
Vadim Markovtsev.

-----Original Message-----
From: donkult@gmail.com [mailto:donkult@gmail.com] On Behalf Of David
Kalnischkies
Sent: Friday, September 27, 2013 12:01 PM
To: Markovtsev Vadim
Cc: 617690@bugs.debian.org; 617690-submitter@bugs.debian.org
Subject: Re: Bug#617690: [PATCH] Fix #617690
(APT::Get::AllowUnauthenticated=true always

Hello Vadim,

On Fri, Sep 27, 2013 at 8:34 AM, Markovtsev Vadim <v.markovtsev@samsung.com>
wrote:
> Your patch works and indeed is better than mine.
> The only thing that I suggest is to cache the setting before entering 
> the
> cycle:

Indeed, caching is better.
Unfortunately the patch as included here opens a security hole. :/

The problem is: The code is marking all packages as untrusted so that the
acquire code can later decide to acquire the package from an untrusted
source - which in turn means that someone could have tempered with this
source.
So APT (and co) have to warn about this, even though at the stage it prints
this message it isn't clear if it will really come from a trusted source or
not.

So, if you have an untrusted and a trusted source, with my patch above you
will get no warning while you get a package from an untrusted source.
That is bad.

So, I redid the patch completely and said: Keep all packages which only have
trusted sources as being trusted (so don't show warning for them), but if
the package has at least one untrusted source mark it as untrusted so that
the warning gets displayed and the acquire system can choose this source.
(It can be any source, not just the first, as the acquire system can fall
back)

Nowadays, its really better to just enable [trusted=yes] in the sources.list
if you can be sure that the source is trusted (e.g. local mirror) rather
than this old workaround (to get pre-0.6 behavior)

Best regards

David Kalnischkies

Reply to:

References:
- Bug#617690: [PATCH] Fix #617690 (APT::Get::AllowUnauthenticated=true always
  - From: Markovtsev Vadim <v.markovtsev@samsung.com>
- Bug#617690: [PATCH] Fix #617690 (APT::Get::AllowUnauthenticated=true always
  - From: David Kalnischkies <kalnischkies+debian@gmail.com>
- Bug#617690: [PATCH] Fix #617690 (APT::Get::AllowUnauthenticated=true always
  - From: Markovtsev Vadim <v.markovtsev@samsung.com>
- Bug#617690: [PATCH] Fix #617690 (APT::Get::AllowUnauthenticated=true always
  - From: David Kalnischkies <kalnischkies+debian@gmail.com>

Prev by Date: Bug#617690: [PATCH] Fix #617690 (APT::Get::AllowUnauthenticated=true always
Next by Date: Bug#724582: message should mention other solutions to 'dpkg was interrupted'
Previous by thread: Bug#617690: [PATCH] Fix #617690 (APT::Get::AllowUnauthenticated=true always
Next by thread: Bug#723815: python3-apt: aptsources.sourceslist.uniq(s) throws an exception in python3
Index(es):
- Date
- Thread