Project

General

Profile

Actions

Bug #3396

closed

Debian/Ubuntu packages should support "allow untrusted" (optionnaly)

Added by Dennis Cabooter over 11 years ago. Updated almost 10 years ago.

Status:
Released
Priority:
2
Assignee:
Matthieu CERDA
Category:
Techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

In some cases Debian/Ubuntu packages wait forever:

Q:env DEBIAN_FRONTEND= ...:Reading package lists...
Q:env DEBIAN_FRONTEND= ...:Building dependency tree...
Q:env DEBIAN_FRONTEND= ...:Reading state information...
Q:env DEBIAN_FRONTEND= ...:Reading extended state information...
Q:env DEBIAN_FRONTEND= ...:Initializing package states...
Q:env DEBIAN_FRONTEND= ...:The following NEW packages will be installed:
Q:env DEBIAN_FRONTEND= ...: git git-man{a} liberror-perl{a} patch{a}
Q:env DEBIAN_FRONTEND= ...:0 packages upgraded, 4 newly installed, 0 to
remove and 87 not upgraded.
Q:env DEBIAN_FRONTEND= ...:Need to get 9361 kB of archives. After
unpacking 18.3 MB will be used.
Q:env DEBIAN_FRONTEND= ...:WARNING: untrusted versions of the following
packages will be installed!
Q:env DEBIAN_FRONTEND= ...:
Q:env DEBIAN_FRONTEND= ...:Untrusted packages could compromise your
system's security.
Q:env DEBIAN_FRONTEND= ...:You should only proceed with the installation
if you are certain that
Q:env DEBIAN_FRONTEND= ...:this is what you want to do.
Q:env DEBIAN_FRONTEND= ...:
Q:env DEBIAN_FRONTEND= ...: git-man git
Q:env DEBIAN_FRONTEND= ...:
Q:env DEBIAN_FRONTEND= ...:Do you want to ignore this warning and proceed
anyway?

This can be pretty easily solved in CFengine 3 by putting the following into cfengine_stdlib.cf:

have_aptitude::
package_add_command => "/usr/bin/env DEBIAN_FRONTEND=noninteractive LC_ALL=C /usr/bin/aptitude -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef --assume-yes install";

Or:

have_aptitude::
package_add_command => "/usr/bin/env DEBIAN_FRONTEND=noninteractive LC_ALL=C /usr/bin/aptitude -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef --assume-yes --allow-untrusted install";


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #3491: The 1.2 version of aptPackageInstallation should follow the best practices for Technique redactionReleasedMatthieu CERDA2013-04-22Actions
Actions #1

Updated by Jonathan CLARKE over 11 years ago

  • Project changed from Rudder to 24
  • Subject changed from Debian/Ubuntu packages wait forever to Debian/Ubuntu packages should support "allow untrusted" (optionnaly)
  • Category set to Techniques
  • Status changed from New to 8
  • Target version set to 2.3.12

Dennis,

I think it is unsafe to use this by default - the reason package repos are signed is to avoid potential attacks using modified packages.

However, I can see that you may need to use this sometimes. How about we add an option to the Technique, so that when you configure installation, you can select "Allow untrusted packages" - would that work for you?

Actions #2

Updated by Dennis Cabooter over 11 years ago

Yes, that sounds good to me. :)

Actions #3

Updated by Matthieu CERDA over 11 years ago

  • Status changed from 8 to In progress
  • Assignee set to Matthieu CERDA
  • Priority changed from N/A to 2
Actions #4

Updated by Matthieu CERDA over 11 years ago

  • Status changed from In progress to Pending technical review
  • % Done changed from 0 to 100
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/80

PR available.

Actions #5

Updated by Matthieu CERDA over 11 years ago

  • Status changed from Pending technical review to Pending release

Applied in changeset commit:9ad1f5a31490560917182682fa4e379c94433d0f.

Actions #6

Updated by Nicolas CHARLES over 11 years ago

Applied in changeset commit:56d4a6e5f1197b56f3302829bd08f15fc06c8e31.

Actions #7

Updated by Matthieu CERDA over 11 years ago

Applied in changeset commit:f40c443f91eae0f2b2fef951660736924ea1b08c.

Actions #8

Updated by Nicolas PERRON over 11 years ago

  • Status changed from Pending release to Released
Actions #9

Updated by Benoît PECCATTE almost 10 years ago

  • Project changed from 24 to Rudder
  • Category changed from Techniques to Techniques
Actions

Also available in: Atom PDF