Project

General

Profile

Actions

Bug #6425

closed

Generic method for installing package freeze on debian with untrusted sources

Added by François ARMAND over 9 years ago. Updated over 2 years ago.

Status:
Rejected
Priority:
1 (highest)
Assignee:
-
Category:
Generic methods
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

When using package related generic method on Debian, if unstrusted sources are present, the agent freeze because aptitude ask for question under the hood:

root@orchestrateur-1:~# /usr/bin/aptitude --assume-yes --simulate --verbose full-upgrade
The following NEW packages will be installed:
  libnvpair1{a} libuutil1{a} libzfs2{a} libzpool2{a} zfs-doc{a} 
The following packages will be upgraded:
  apt-transport-https bind9-host dbus dmsetup dnsutils gnupg gpgv grub-common grub-pc grub-pc-bin grub2-common host krb5-locales libbind9-80 libcups2 libdbus-1-3 libdevmapper1.02.1 libdns88 
  libfreetype6 libfuse2 libgcrypt11 libgnutls26 libgssapi-krb5-2 libgssrpc4 libisc84 libisccc80 libisccfg82 libk5crypto3 libkrb5-3 libkrb5support0 liblwres80 libnss3 libpq5 libss2 libssh2-1 
  libusb-1.0-0 libxfont1 linux-image-3.2.0-4-amd64 locales multiarch-support ncf ncf-api-virtualenv ntp openjdk-7-jre-headless postgresql-9.1 postgresql-client-9.1 sudo tar tzdata tzdata-java 
  unzip 
The following packages are RECOMMENDED but will NOT be installed:
  gnupg-curl 
51 packages upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 99.6 MB of archives. After unpacking 12.5 MB will be used.
WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.

  dmsetup zfs-doc apt-transport-https libnvpair1 libdevmapper1.02.1 grub-pc libzpool2 libfuse2 libuutil1 libzfs2 tar grub-pc-bin grub-common grub2-common libusb-1.0-0 

Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No":

To prevent that, on the Rudder technique, we use the option: aptitude -o Aptitude::Cmdline::ignore-trust-violations=true
Which is missing in the generic method.


Related issues 1 (0 open1 closed)

Has duplicate Rudder - Bug #6696: aptitude hangs on unsigned packagesRejectedMatthieu CERDAActions
Actions

Also available in: Atom PDF