[Aptitude-devel] Bug#773715: aptitude: let's configure you to install untrusted packages, but always becomes interactive with no default answer otherwise

Manuel A. Fernandez Montecelo manuel.montezelo at gmail.com
Sat Dec 12 16:05:55 UTC 2015 

Control: tags -1 + moreinfo


Hi Axel,

2014-12-22 14:58 Axel Beckert:
>Package: aptitude
>Version: 0.6.11-1
>Severity: important
>Affects: aptitude-robot
>
>Citing from src/cmdline/cmdline_prompt.cc:
>
>    524   if(!untrusted.empty())
>    525     {
>    526       printf(_("WARNING: untrusted versions of the following packages will be installed!\n\n"
>    527                "Untrusted packages could compromise your system's security.\n"
>    528                "You should only proceed with the installation if you are certain that\n"
>    529                "this is what you want to do.\n\n"));
>    530
>    531       cmdline_show_pkglist(untrusted, term_metrics);
>    532
>    533       printf("\n");
>    534
>    535
>    536       if(aptcfg->FindB(PACKAGE "::CmdLine::Ignore-Trust-Violations", false))
>    537         {
>    538           printf(_("*** WARNING ***   Ignoring these trust violations because\n"
>    539                    "                  %s::CmdLine::Ignore-Trust-Violations is 'true'!\n"),
>    540                  PACKAGE);
>    541           return true;
>    542         }
>    543
>    544       if(aptcfg->FindB("Apt::Get::AllowUnauthenticated", false))
>    545         {
>    546           printf("%s",
>    547                  _("*** WARNING ***   Ignoring these trust violations because\n"
>    548                    "                  Apt::Get::AllowUnauthenticated is 'true'!\n"));
>    549           return true;
>    550         }
>    […]
>    573       while(1)
>    574         {
>    575           printf(_("Do you want to ignore this warning and proceed anyway?\n"));
>    576           printf(_("To continue, enter \"%s\"; to abort, enter \"%s\": "), okstr.c_str(), abortstr.c_str());
>    577           char buf[1024];
>    578           cin.getline(buf, 1023);
>    579           buf[1023]='\0';
>    580
>    581           if(cin.eof())
>    582             throw StdinEOFException();
>    583
>    584
>    585           const bool is_ok =             strncasecmp(okstr.c_str(), buf, okstr.size()) == 0;
>    586           const bool is_fallback_ok =    strncasecmp(fallback_okstr.c_str(), buf, fallback_okstr.size()) == 0;
>    587           const bool is_abort =          strncasecmp(abortstr.c_str(), buf, abortstr.size()) == 0;
>    588           const bool is_fallback_abort = strncasecmp(fallback_abortstr.c_str(), buf, fallback_abortstr.size()) == 0;
>    589
>    590           const bool rval = is_ok || (is_fallback_ok && !is_abort);
>    591
>    592           if(!is_ok && !is_abort && !is_fallback_ok && !is_fallback_abort)
>    593             printf(_("Unrecognized input.  Enter either \"%s\" or \"%s\".\n"), okstr.c_str(), abortstr.c_str());
>    594           else
>    595             return rval;
>    596         }
>    597     }
>
>Lines 536 and 544 check for configuration settings allowing untrusted
>packages to be installed anyways, but there's no way to preconfigure
>that you want packages to be _not_ installed in such a case.
>
>Which leads to the fact that aptitude _always_ requires input in the
>case that you got untrusted packages (e.g. in case of an BADSIG error)
>and want them to be skipped.
>
>There's not even a default answer upon pressing enter as it's the case
>with AFAIK all interactive dpkg and apt-get question, i.e. using "yes ''
>| aptitude" to get a sane default (as aptitude-robot does) isn't
>possible and currently leads to aptitude filling the logs quickly with
>the following lines:
>
>> WARNING: untrusted versions of the following packages will be installed!
>>
>> Untrusted packages could compromise your system's security.
>> You should only proceed with the installation if you are certain that
>> this is what you want to do.
>>
>>   <package list>
>>
>> Do you want to ignore this warning and proceed anyway?
>> To continue, enter "Yes"; to abort, enter "No": Unrecognized input.  Enter either "Yes" or "No".
>> Do you want to ignore this warning and proceed anyway?
>> To continue, enter "Yes"; to abort, enter "No": Unrecognized input.  Enter either "Yes" or "No".
>> Do you want to ignore this warning and proceed anyway?
>> To continue, enter "Yes"; to abort, enter "No": Unrecognized input.  Enter either "Yes" or "No".
>> […]
>
>And no, using "yes 'No' | aptitude" is no option since "No" is not
>always the default answer.

What do you think that would be the best way to solve this?

One way would be to interpret any of those variables, if *set* and *set
to false*, to just return from the function with "false".

The problem that I see is that the variable as documented is already of
default "false" (but not set by default, just interpreted as "false"
unless set to "true"), and still it asks in a case-by-case basis.

So we would have to change the current logic in the code above, like
this:

  if ::CmdLine::Ignore-Trust-Violations set and true
     return true
  else if ::CmdLine::Ignore-Trust-Violations set and false
     return false
  else
     // ... continue with the prompt

But I don't know if it would have some harmful consequences, like
people/automatic-software already setting it to false, and relying on
current behaviour to continue with the prompt anyway.


Adding yet another option is always an option (pun maybe
intended)... but I am a bit concerned of the proliferation of options
(in fact this option is basically just an alias of
APT::Get::AllowUnauthenticated, so completely unneded in the first place
-- unless it predated apt's).


Cheers.
-- 
Manuel A. Fernandez Montecelo <manuel.montezelo at gmail.com>

More information about the Aptitude-devel mailing list