Bug #3396
closed
Debian/Ubuntu packages should support "allow untrusted" (optionnaly)
Description
In some cases Debian/Ubuntu packages wait forever:
Q:env DEBIAN_FRONTEND= ...:Reading package lists...
Q:env DEBIAN_FRONTEND= ...:Building dependency tree...
Q:env DEBIAN_FRONTEND= ...:Reading state information...
Q:env DEBIAN_FRONTEND= ...:Reading extended state information...
Q:env DEBIAN_FRONTEND= ...:Initializing package states...
Q:env DEBIAN_FRONTEND= ...:The following NEW packages will be installed:
Q:env DEBIAN_FRONTEND= ...: git git-man{a} liberror-perl{a} patch{a}
Q:env DEBIAN_FRONTEND= ...:0 packages upgraded, 4 newly installed, 0 to
remove and 87 not upgraded.
Q:env DEBIAN_FRONTEND= ...:Need to get 9361 kB of archives. After
unpacking 18.3 MB will be used.
Q:env DEBIAN_FRONTEND= ...:WARNING: untrusted versions of the following
packages will be installed!
Q:env DEBIAN_FRONTEND= ...:
Q:env DEBIAN_FRONTEND= ...:Untrusted packages could compromise your
system's security.
Q:env DEBIAN_FRONTEND= ...:You should only proceed with the installation
if you are certain that
Q:env DEBIAN_FRONTEND= ...:this is what you want to do.
Q:env DEBIAN_FRONTEND= ...:
Q:env DEBIAN_FRONTEND= ...: git-man git
Q:env DEBIAN_FRONTEND= ...:
Q:env DEBIAN_FRONTEND= ...:Do you want to ignore this warning and proceed
anyway?
This can be pretty easily solved in CFengine 3 by putting the following into cfengine_stdlib.cf:
have_aptitude::
package_add_command => "/usr/bin/env DEBIAN_FRONTEND=noninteractive LC_ALL=C /usr/bin/aptitude -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef --assume-yes install";
Or:
have_aptitude::
package_add_command => "/usr/bin/env DEBIAN_FRONTEND=noninteractive LC_ALL=C /usr/bin/aptitude -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef --assume-yes --allow-untrusted install";
Updated by Jonathan CLARKE over 11 years ago
- Project changed from Rudder to 24
- Subject changed from Debian/Ubuntu packages wait forever to Debian/Ubuntu packages should support "allow untrusted" (optionnaly)
- Category set to Techniques
- Status changed from New to 8
- Target version set to 2.3.12
Dennis,
I think it is unsafe to use this by default - the reason package repos are signed is to avoid potential attacks using modified packages.
However, I can see that you may need to use this sometimes. How about we add an option to the Technique, so that when you configure installation, you can select "Allow untrusted packages" - would that work for you?
Updated by
Updated by Matthieu CERDA over 11 years ago
- Status changed from 8 to In progress
- Assignee set to Matthieu CERDA
- Priority changed from N/A to 2
Updated by Matthieu CERDA over 11 years ago
- Status changed from In progress to Pending technical review
- % Done changed from 0 to 100
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/80
PR available.
Updated by Matthieu CERDA over 11 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset commit:9ad1f5a31490560917182682fa4e379c94433d0f.
Updated by Nicolas CHARLES over 11 years ago
Applied in changeset commit:56d4a6e5f1197b56f3302829bd08f15fc06c8e31.
Updated by Matthieu CERDA over 11 years ago
Applied in changeset commit:f40c443f91eae0f2b2fef951660736924ea1b08c.
Updated by Nicolas PERRON over 11 years ago
- Status changed from Pending release to Released
Updated by Benoît PECCATTE over 9 years ago
- Project changed from 24 to Rudder
- Category changed from Techniques to Techniques