Package: apt
Version: 0.7.6
Apt does not support netrc in authentication.
Although I'm unsure this is a wanted feature as-is for Debian itself, it
helps in situations when you're accessing repositories for packages not
related to the host you're using but some other target system (chroot,
scratchbox environment, etc ...)
And for those cases the username:password is written cleartext in the
repository url in sources.list. Still in cleartext with netrc, however,
but at least in a different file.
Patch should be applicable as-is for apt 0.7.20.2 (lenny), but probably
it needs some rethinking, something like an option in apt.conf to enable
this feature or enabling this only for "user-mode" apt in situations
like described above.
diff -Nur org/apt-0.7.6/methods/https.cc new/apt-0.7.6/methods/https.cc
--- org/apt-0.7.6/methods/https.cc 2008-12-15 15:58:05.000000000 +0200
+++ new/apt-0.7.6/methods/https.cc 2008-12-15 15:59:35.000000000 +0200
@@ -130,6 +130,7 @@
curl_easy_setopt(curl, CURLOPT_NOPROGRESS, false);
curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
curl_easy_setopt(curl, CURLOPT_FILETIME, true);
+ curl_easy_setopt(curl, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
// FIXME: https: offer various options of verification
bool peer_verify = _config->FindB("Acquire::https::Verify-Peer", false);
