tags 588035 + patch thanks Roger Leigh <rle...@codelibre.net> writes:
> On Sun, Jul 04, 2010 at 07:56:49PM +0900, Ansgar Burchardt wrote: >> Sbuild::AptitudeBuildDepSatisfier always passes the option >> Aptitude::CmdLine::Ignore-Trust-Violations=true to aptitude, allowing >> the installation of unauthenticated packages. I think this should >> depend on the $apt_allow_unauthenticated option in the configuration >> file: >> >> # Force APT to accept unauthenticated packages. >> # This is disabled by default: only enable it if you know what you are >> # doing. >> #$apt_allow_unauthenticated = 0; > > This certainly looks like we should be defaulting to what is > set in $apt_allow_unauthenticated, unless there's some reason > not to do that for dependency resolving? Do you see any > problems if you set > Aptitude::CmdLine::Ignore-Trust-Violations=false ? I changed the setting in the source and it works just fine. I have prepared two patches to · No longer pass '-o Apt::Install-Recommends=false' to aptitude. This option is implied by --without-recommends according to aptitude(8). (This should only be a cosmetic change.) · Set the value of Aptitude::CmdLine::Ignore-Trust-Violations depending on the $apt_allow_unauthenticated option. The patches are against the 0.60.0 version currently in unstable. I tested the patch with $apt_allow_unauthenticated set to both true and false and the correct option is passed to aptitude. Regards, Ansgar
>From dfd1dd20fd4fe57357e3f03e256b59ae700958b6 Mon Sep 17 00:00:00 2001 From: Ansgar Burchardt <ans...@43-1.org> Date: Mon, 5 Jul 2010 17:02:24 +0900 Subject: [PATCH 1/2] Do not pass -o Apt::Install-Recommends=false to aptitude The option --without-recommends corresponds to the configuration options Apt::Install-Recommends and Apt::AutoRemove::InstallRecommends. There is no need to pass the option explicitly. Signed-off-by: Ansgar Burchardt <ans...@43-1.org> --- lib/Sbuild/AptitudeBuildDepSatisfier.pm | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/lib/Sbuild/AptitudeBuildDepSatisfier.pm b/lib/Sbuild/AptitudeBuildDepSatisfier.pm index 6dbf287..6f362b2 100644 --- a/lib/Sbuild/AptitudeBuildDepSatisfier.pm +++ b/lib/Sbuild/AptitudeBuildDepSatisfier.pm @@ -152,7 +152,6 @@ EOF 'aptitude', '-y', '--without-recommends', - '-o', 'APT::Install-Recommends=false', '-o', 'Aptitude::CmdLine::Ignore-Trust-Violations=true', '-o', 'Aptitude::ProblemResolver::StepScore=100', 'install', -- 1.7.1
>From 629b9fb435c8fce2693b49eb24a349b28b19ce41 Mon Sep 17 00:00:00 2001 From: Ansgar Burchardt <ans...@43-1.org> Date: Mon, 5 Jul 2010 17:11:25 +0900 Subject: [PATCH 2/2] Do not ignore trust violations Set the value of Aptitude::CmdLine::Ignore-Trust-Violations depending on the $apt_allow_unauthenticated option. Bug-Debian: http://bugs.debian.org/588035 Signed-off-by: Ansgar Burchardt <ans...@43-1.org> --- lib/Sbuild/AptitudeBuildDepSatisfier.pm | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/lib/Sbuild/AptitudeBuildDepSatisfier.pm b/lib/Sbuild/AptitudeBuildDepSatisfier.pm index 6f362b2..c4cec31 100644 --- a/lib/Sbuild/AptitudeBuildDepSatisfier.pm +++ b/lib/Sbuild/AptitudeBuildDepSatisfier.pm @@ -148,11 +148,13 @@ EOF my @non_default_deps = $self->get_non_default_deps($dep, {}); + my $ignore_trust_violations = $self->get_conf('APT_ALLOW_UNAUTHENTICATED') ? 'true' : 'false'; + my @aptitude_install_command = ( 'aptitude', '-y', '--without-recommends', - '-o', 'Aptitude::CmdLine::Ignore-Trust-Violations=true', + '-o', "Aptitude::CmdLine::Ignore-Trust-Violations=$ignore_trust_violations", '-o', 'Aptitude::ProblemResolver::StepScore=100', 'install', $dummy_pkg_name, -- 1.7.1
