Aptdaemon

does not warn/fail if a package comes from a untrusted repository

Bug #435313 reported by Michael Vogt on 2009-09-23

This bug affects 1 person

	Status	Importance	Assigned to
Aptdaemon	Fix Released	Undecided	Unassigned
aptdaemon (Ubuntu)	Fix Released	Critical	Unassigned
software-center (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

There is currently no way to disallow untrusted packages (packages from untrusted sources).

I would suggest we add a allow_untrusted=False to the API for the install/upgrade/commit methods.

Related branches

lp:~aptdaemon-developers/aptdaemon/ubuntu-karmic

lp:ubuntu/karmic/aptdaemon

Michael Vogt (mvo) on 2009-09-23

Changed in aptdaemon:
status:	New → Confirmed
Changed in aptdaemon (Ubuntu):
status:	New → Triaged
importance:	Undecided → Critical

Revision history for this message

Michael Vogt (mvo) wrote on 2009-09-28:

There is a branch for this at lp:~mvo/aptdaemon/allow-unauthenticated now. It will require integration into software-center to show a propper error message (instead of the generic error).

Changed in aptdaemon (Ubuntu):
status:	Triaged → In Progress
Changed in software-center (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Medium

Michael Vogt (mvo) on 2009-10-02

Changed in aptdaemon:
status:	Confirmed → Fix Committed
Changed in aptdaemon (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-10-02:

This bug was fixed in the package aptdaemon - 0.10+bzr242-0ubuntu1

---------------
aptdaemon (0.10+bzr242-0ubuntu1) karmic; urgency=low

  * aptdaemon/core.py:
    - do not fail on a not running syslog daemon (LP: #428843)
  * Include dpkg errors in the error output
  * debian/rules:
    - move to simple-patchsys (for now) to make maintaining the
      patches simpler
  * debian/patches/disallow-unauthenticated-branch.diff:
    Patch generated from lp:~mvo/aptdaemon/allow-unauthenticated
    to support controlling if unauthenticated packages are allowed
    during a transaction. Default to "not allow unauthenticated"
    (LP: #435313)
  * debian/patches/mvo-branch.patch:
    Patch generated from lp:~mvo/aptdaemon/mvo that fixes:
    - aptdaemon/worker.py: check the apt download dir lock
      in _watch_lock to avoid possible race with apt-get LP: #437709
    - aptdaemon/progress.py: fix crash in error handling (LP: #436808)
    - aptdaemon/progress.py: fix crash in INSTALL_TIMEOUT handling
      (LP: #430860)
    - aptdaemon/gtkwidgets.py: make the dialog resizable and add bigger
      default size (LP: #434937)
    - aptdaemon/core.py: add _remove_from_connection_no_raise() that
      will discard errors if the object is not exported (LP: #422585)

-- Michael Vogt <email address hidden> Mon, 28 Sep 2009 09:39:34 +0200

Changed in aptdaemon (Ubuntu):
status:	Fix Committed → Fix Released

Sebastian Heinlein (glatzor) on 2009-10-04

Changed in aptdaemon:
status:	Fix Committed → Fix Released

Michael Vogt (mvo) on 2009-10-07

Changed in software-center (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.