[Aptitude-devel] Bug#773715: aptitude: let's configure you to install untrusted packages, but always becomes interactive with no default answer otherwise
Axel Beckert
abe at debian.org
Mon Dec 22 14:58:00 UTC 2014
Package: aptitude
Version: 0.6.11-1
Severity: important
Affects: aptitude-robot
Citing from src/cmdline/cmdline_prompt.cc:
524 if(!untrusted.empty())
525 {
526 printf(_("WARNING: untrusted versions of the following packages will be installed!\n\n"
527 "Untrusted packages could compromise your system's security.\n"
528 "You should only proceed with the installation if you are certain that\n"
529 "this is what you want to do.\n\n"));
530
531 cmdline_show_pkglist(untrusted, term_metrics);
532
533 printf("\n");
534
535
536 if(aptcfg->FindB(PACKAGE "::CmdLine::Ignore-Trust-Violations", false))
537 {
538 printf(_("*** WARNING *** Ignoring these trust violations because\n"
539 " %s::CmdLine::Ignore-Trust-Violations is 'true'!\n"),
540 PACKAGE);
541 return true;
542 }
543
544 if(aptcfg->FindB("Apt::Get::AllowUnauthenticated", false))
545 {
546 printf("%s",
547 _("*** WARNING *** Ignoring these trust violations because\n"
548 " Apt::Get::AllowUnauthenticated is 'true'!\n"));
549 return true;
550 }
[…]
573 while(1)
574 {
575 printf(_("Do you want to ignore this warning and proceed anyway?\n"));
576 printf(_("To continue, enter \"%s\"; to abort, enter \"%s\": "), okstr.c_str(), abortstr.c_str());
577 char buf[1024];
578 cin.getline(buf, 1023);
579 buf[1023]='\0';
580
581 if(cin.eof())
582 throw StdinEOFException();
583
584
585 const bool is_ok = strncasecmp(okstr.c_str(), buf, okstr.size()) == 0;
586 const bool is_fallback_ok = strncasecmp(fallback_okstr.c_str(), buf, fallback_okstr.size()) == 0;
587 const bool is_abort = strncasecmp(abortstr.c_str(), buf, abortstr.size()) == 0;
588 const bool is_fallback_abort = strncasecmp(fallback_abortstr.c_str(), buf, fallback_abortstr.size()) == 0;
589
590 const bool rval = is_ok || (is_fallback_ok && !is_abort);
591
592 if(!is_ok && !is_abort && !is_fallback_ok && !is_fallback_abort)
593 printf(_("Unrecognized input. Enter either \"%s\" or \"%s\".\n"), okstr.c_str(), abortstr.c_str());
594 else
595 return rval;
596 }
597 }
Lines 536 and 544 check for configuration settings allowing untrusted
packages to be installed anyways, but there's no way to preconfigure
that you want packages to be _not_ installed in such a case.
Which leads to the fact that aptitude _always_ requires input in the
case that you got untrusted packages (e.g. in case of an BADSIG error)
and want them to be skipped.
There's not even a default answer upon pressing enter as it's the case
with AFAIK all interactive dpkg and apt-get question, i.e. using "yes ''
| aptitude" to get a sane default (as aptitude-robot does) isn't
possible and currently leads to aptitude filling the logs quickly with
the following lines:
> WARNING: untrusted versions of the following packages will be installed!
>
> Untrusted packages could compromise your system's security.
> You should only proceed with the installation if you are certain that
> this is what you want to do.
>
> <package list>
>
> Do you want to ignore this warning and proceed anyway?
> To continue, enter "Yes"; to abort, enter "No": Unrecognized input. Enter either "Yes" or "No".
> Do you want to ignore this warning and proceed anyway?
> To continue, enter "Yes"; to abort, enter "No": Unrecognized input. Enter either "Yes" or "No".
> Do you want to ignore this warning and proceed anyway?
> To continue, enter "Yes"; to abort, enter "No": Unrecognized input. Enter either "Yes" or "No".
> […]
And no, using "yes 'No' | aptitude" is no option since "No" is not
always the default answer.
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (990, 'unstable'), (600, 'testing'), (110, 'experimental'), (109, 'buildd-unstable'), (109, 'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.18.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages aptitude depends on:
ii aptitude-common 0.6.11-1
ii libapt-pkg4.12 1.0.9.4
ii libboost-iostreams1.55.0 1.55.0+dfsg-3
ii libc6 2.19-13
ii libcwidget3 0.5.17-2
ii libgcc1 1:4.9.2-9
ii libncursesw5 5.9+20140913-1+b1
ii libsigc++-2.0-0c2a 2.4.0-1
ii libsqlite3-0 3.8.7.2-1
ii libstdc++6 4.9.2-9
ii libtinfo5 5.9+20140913-1+b1
ii libxapian22 1.2.19-1
Versions of packages aptitude recommends:
ii aptitude-doc-en [aptitude-doc] 0.6.11-1
ii libparse-debianchangelog-perl 1.2.0-1.1
ii sensible-utils 0.0.9
Versions of packages aptitude suggests:
ii apt-xapian-index 0.47
ii debtags 1.12.3
ii tasksel 3.29
-- no debconf information
More information about the Aptitude-devel
mailing list