Procházet zdrojové kódy

rename the options, document them and reorder the changelog a bit

David Kalnischkies před 16 roky
rodič
revize
b02fffa648
4 změnil soubory, kde provedl 46 přidání a 10 odebrání
  1. 2 2
      apt-pkg/indexrecords.cc
  2. 16 8
      debian/changelog
  3. 24 0
      doc/apt.conf.5.xml
  4. 4 0
      doc/examples/configure-index

+ 2 - 2
apt-pkg/indexrecords.cc

@@ -104,9 +104,9 @@ bool indexRecords::Load(const string Filename)				/*{{{*/
       }
       }
    }
    }
    // get the user settings for this archive and use what expires earlier
    // get the user settings for this archive and use what expires earlier
-   int MaxAge = _config->FindI("APT::Acquire::Max-Default-Age", 0);
+   int MaxAge = _config->FindI("Acquire::Max-ValidTime", 0);
    if (Label.empty() == true)
    if (Label.empty() == true)
-      MaxAge = _config->FindI(string("APT::Acquire::Max-Default-Age::" + Label).c_str(), MaxAge);
+      MaxAge = _config->FindI(string("Acquire::Max-ValidTime::" + Label).c_str(), MaxAge);
 
 
    if(MaxAge == 0) // No user settings, use the one from the Release file
    if(MaxAge == 0) // No user settings, use the one from the Release file
       return true;
       return true;

+ 16 - 8
debian/changelog

@@ -1,10 +1,25 @@
-apt (0.7.26~exp5) experimental; urgency=low
+apt (0.7.26~exp6) UNRELEASED; urgency=low
 
 
   [ David Kalnischkies ]
   [ David Kalnischkies ]
+  * doc/apt.conf.5.xml:
+    - document the new Valid-Until related options
   * apt-pkg/indexrecords.cc:
   * apt-pkg/indexrecords.cc:
     - backport forgotten Valid-Until patch from the obsolete experimental
     - backport forgotten Valid-Until patch from the obsolete experimental
       branch to prevent replay attacks better, thanks to Thomas Viehmann
       branch to prevent replay attacks better, thanks to Thomas Viehmann
       for the initial patch! (Closes: #499897)
       for the initial patch! (Closes: #499897)
+  * apt-pkg/contrib/strutl.cc:
+    - split StrToTime() into HTTP1.1 and FTP date parser methods and
+      use strptime() instead of some self-made scanf mangling
+    - use the portable timegm shown in his manpage instead of a strange
+      looking code copycat from wget
+  * ftparchive/writer.cc:
+    - add ValidTime option to generate a Valid-Until header in Release file
+
+ -- David Kalnischkies <kalnischkies@gmail.com>  Wed, 09 Jun 2010 10:43:58 +0200
+
+apt (0.7.26~exp5) experimental; urgency=low
+
+  [ David Kalnischkies ]
   * cmdline/apt-get.cc:
   * cmdline/apt-get.cc:
     - rerun dpkg-source in source if --fix-broken is given (Closes: #576752)
     - rerun dpkg-source in source if --fix-broken is given (Closes: #576752)
     - don't suggest held packages as they are installed (Closes: #578135)
     - don't suggest held packages as they are installed (Closes: #578135)
@@ -44,13 +59,6 @@ apt (0.7.26~exp5) experimental; urgency=low
     - add 'disappear' to the known processing states, thanks Jonathan Nieder
     - add 'disappear' to the known processing states, thanks Jonathan Nieder
   * apt-pkg/packagemanager.h:
   * apt-pkg/packagemanager.h:
     - export info about disappeared packages with GetDisappearedPackages()
     - export info about disappeared packages with GetDisappearedPackages()
-  * apt-pkg/contrib/strutl.cc:
-    - split StrToTime() into HTTP1.1 and FTP date parser methods and
-      use strptime() instead of some selfmade scanf mangling
-    - use the portable timegm shown in his manpage instead of a strange
-      looking code copycat from wget
-  * ftparchive/writer.cc:
-    - add ValidTime option to generate a Valid-Until header in Release file
 
 
   [ Michael Vogt ]
   [ Michael Vogt ]
   * methods/http.{cc,h}:
   * methods/http.{cc,h}:

+ 24 - 0
doc/apt.conf.5.xml

@@ -230,6 +230,30 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
    and the URI handlers. 
    and the URI handlers. 
 
 
    <variablelist>
    <variablelist>
+     <varlistentry><term>Check-Valid-Until</term>
+	 <listitem><para>Security related option defaulting to true as an
+	 expiring validation for a Release file prevents longtime replay attacks
+	 and can e.g. also help users to identify no longer updated mirrors -
+	 but the feature depends on the correctness of the time on the user system.
+	 Archive maintainers are encouraged to create Release files with the
+	 <literal>Valid-Until</literal> header, but if they don't or a stricter value
+	 is volitional the following <literal>Max-ValidTime</literal> option can be used.
+	 </para></listitem>
+     </varlistentry>
+
+     <varlistentry><term>Max-ValidTime</term>
+	 <listitem><para>Seconds the Release file should be considered valid after
+	 it was created. The default is "for ever" (0) if the Release file of the
+	 archive doesn't include a <literal>Valid-Until</literal> header.
+	 If it does then this date is the default. The date from the Release file or
+	 the date specified by the creation time of the Release file
+	 (<literal>Date</literal> header) plus the seconds specified with this
+	 options are used to check if the validation of a file has expired by using
+	 the earlier date of the two. Archive specific settings can be made by
+	 appending the label of the archive to the option name.
+	 </para></listitem>
+     </varlistentry>
+
      <varlistentry><term>PDiffs</term>
      <varlistentry><term>PDiffs</term>
 	 <listitem><para>Try to download deltas called <literal>PDiffs</literal> for
 	 <listitem><para>Try to download deltas called <literal>PDiffs</literal> for
 	 Packages or Sources files instead of downloading whole ones. True
 	 Packages or Sources files instead of downloading whole ones. True

+ 4 - 0
doc/examples/configure-index

@@ -176,6 +176,10 @@ Acquire
   PDiffs::SizeLimit "50"; // don't use diffs if size of all patches excess
   PDiffs::SizeLimit "50"; // don't use diffs if size of all patches excess
 			  // 50% of the size of the original file
 			  // 50% of the size of the original file
 
 
+  Check-Valid-Until "true";
+  Max-ValidTime "864000"; // 10 days
+  Max-ValidTime::Debian-Security "604800"; // 7 days, label specific configuration
+
   // HTTP method configuration
   // HTTP method configuration
   http 
   http 
   {
   {