[Aptitude-devel] Bug#773715: aptitude: let's configure you to install untrusted packages, but always becomes interactive with no default answer otherwise

[Manuel A. Fernandez Montecelo]

Control: tags -1 + moreinfo


Hi Axel,

2014-12-22 14:58 Axel Beckert:

Package: aptitude
Version: 0.6.11-1
Severity: important
Affects: aptitude-robot

Citing from src/cmdline/cmdline_prompt.cc:

   524   if(!untrusted.empty())
   525     {
   526       printf(_("WARNING: untrusted versions of the following packages will be 
installed!\n\n"
   527                "Untrusted packages could compromise your system's 
security.\n"
   528                "You should only proceed with the installation if you are 
certain that\n"
   529                "this is what you want to do.\n\n"));
   530
   531       cmdline_show_pkglist(untrusted, term_metrics);
   532
   533       printf("\n");
   534
   535
   536       if(aptcfg->FindB(PACKAGE "::CmdLine::Ignore-Trust-Violations", 
false))
   537         {
   538           printf(_("*** WARNING ***   Ignoring these trust violations 
because\n"
   539                    "                  %s::CmdLine::Ignore-Trust-Violations is 
'true'!\n"),
   540                  PACKAGE);
   541           return true;
   542         }
   543
   544       if(aptcfg->FindB("Apt::Get::AllowUnauthenticated", false))
   545         {
   546           printf("%s",
   547                  _("*** WARNING ***   Ignoring these trust violations 
because\n"
   548                    "                  Apt::Get::AllowUnauthenticated is 
'true'!\n"));
   549           return true;
   550         }
   […]
   573       while(1)
   574         {
   575           printf(_("Do you want to ignore this warning and proceed 
anyway?\n"));
   576           printf(_("To continue, enter \"%s\"; to abort, enter \"%s\": 
"), okstr.c_str(), abortstr.c_str());
   577           char buf[1024];
   578           cin.getline(buf, 1023);
   579           buf[1023]='\0';
   580
   581           if(cin.eof())
   582             throw StdinEOFException();
   583
   584
   585           const bool is_ok =             strncasecmp(okstr.c_str(), buf, 
okstr.size()) == 0;
   586           const bool is_fallback_ok =    
strncasecmp(fallback_okstr.c_str(), buf, fallback_okstr.size()) == 0;
   587           const bool is_abort =          strncasecmp(abortstr.c_str(), 
buf, abortstr.size()) == 0;
   588           const bool is_fallback_abort = 
strncasecmp(fallback_abortstr.c_str(), buf, fallback_abortstr.size()) == 0;
   589
   590           const bool rval = is_ok || (is_fallback_ok && !is_abort);
   591
   592           if(!is_ok && !is_abort && !is_fallback_ok && 
!is_fallback_abort)
   593             printf(_("Unrecognized input.  Enter either \"%s\" or 
\"%s\".\n"), okstr.c_str(), abortstr.c_str());
   594           else
   595             return rval;
   596         }
   597     }

Lines 536 and 544 check for configuration settings allowing untrusted
packages to be installed anyways, but there's no way to preconfigure
that you want packages to be _not_ installed in such a case.

Which leads to the fact that aptitude _always_ requires input in the
case that you got untrusted packages (e.g. in case of an BADSIG error)
and want them to be skipped.

There's not even a default answer upon pressing enter as it's the case
with AFAIK all interactive dpkg and apt-get question, i.e. using "yes ''
| aptitude" to get a sane default (as aptitude-robot does) isn't
possible and currently leads to aptitude filling the logs quickly with
the following lines:

WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.

  <package list>

Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No": Unrecognized input.  Enter either "Yes" 
or "No".
Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No": Unrecognized input.  Enter either "Yes" 
or "No".
Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No": Unrecognized input.  Enter either "Yes" 
or "No".
[…]

And no, using "yes 'No' | aptitude" is no option since "No" is not
always the default answer.

What do you think that would be the best way to solve this?

One way would be to interpret any of those variables, if *set* and *set
to false*, to just return from the function with "false".

The problem that I see is that the variable as documented is already of
default "false" (but not set by default, just interpreted as "false"
unless set to "true"), and still it asks in a case-by-case basis.

So we would have to change the current logic in the code above, like
this:

 if ::CmdLine::Ignore-Trust-Violations set and true
    return true
 else if ::CmdLine::Ignore-Trust-Violations set and false
    return false
 else
    // ... continue with the prompt

But I don't know if it would have some harmful consequences, like
people/automatic-software already setting it to false, and relying on
current behaviour to continue with the prompt anyway.


Adding yet another option is always an option (pun maybe
intended)... but I am a bit concerned of the proliferation of options
(in fact this option is basically just an alias of
APT::Get::AllowUnauthenticated, so completely unneded in the first place
-- unless it predated apt's).


Cheers.
--
Manuel A. Fernandez Montecelo <manuel.montez...@gmail.com>

_______________________________________________
Aptitude-devel mailing list
Aptitude-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/aptitude-devel