[buildd-tools-devel] Bug#588035: Bug#588035: Sbuild::AptitudeBuildDepSatisfier: Always passes Aptitude::CmdLine::Ignore-Trust-Violations=true

[Ansgar Burchardt]

tags 588035 + patch
thanks

Roger Leigh <rleigh at codelibre.net> writes:

> On Sun, Jul 04, 2010 at 07:56:49PM +0900, Ansgar Burchardt wrote:
>> Sbuild::AptitudeBuildDepSatisfier always passes the option
>> Aptitude::CmdLine::Ignore-Trust-Violations=true to aptitude, allowing
>> the installation of unauthenticated packages.  I think this should
>> depend on the $apt_allow_unauthenticated option in the configuration
>> file:
>> 
>>   # Force APT to accept unauthenticated packages.
>>   # This is disabled by default: only enable it if you know what you are
>>   # doing.
>>   #$apt_allow_unauthenticated = 0;
>
> This certainly looks like we should be defaulting to what is
> set in $apt_allow_unauthenticated, unless there's some reason
> not to do that for dependency resolving?  Do you see any
> problems if you set
> Aptitude::CmdLine::Ignore-Trust-Violations=false ?

I changed the setting in the source and it works just fine.  I have
prepared two patches to

 · No longer pass '-o Apt::Install-Recommends=false' to aptitude.
   This option is implied by --without-recommends according to
   aptitude(8).
   (This should only be a cosmetic change.)

 · Set the value of Aptitude::CmdLine::Ignore-Trust-Violations depending
   on the $apt_allow_unauthenticated option.

The patches are against the 0.60.0 version currently in unstable.

I tested the patch with $apt_allow_unauthenticated set to both true and
false and the correct option is passed to aptitude.

Regards,
Ansgar