Closed lukpueh closed 5 years ago
Is there a warning or similar? At a minimum, apt should output something scary...
@JustinCappos, I agree. As a matter of fact, there is such a warning, but I it could be scarier.
The message is really unhelpful also! What does a user know about nofail? What does this really mean to them???
On Wed, Jan 2, 2019 at 5:20 AM lukpueh notifications@github.com wrote:
@JustinCappos https://github.com/JustinCappos, I agree. As a matter of fact, there is such a warning https://github.com/in-toto/apt-transport-in-toto/pull/17/files#diff-6d82cdf8bca0ebc9be432d640885a335R644, but I it could be scarier.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/in-toto/apt-transport-in-toto/pull/17#issuecomment-450828320, or mute the thread https://github.com/notifications/unsubscribe-auth/AA0XD0cXJ9iZdAJyOiZyy_7UYNY5D0zrks5u_IgJgaJpZM4ZePjc .
The notification about the setting is preceded by the verification failure reason, e.g.:
In-toto verification for '/var/cache/apt/archives/partial/libcanlock3_3.0.2-2_amd64.deb' failed, reason was: Step 'rebuild' requires '1' link metadata file(s), found '0'. The 'NoFail' setting was configured, installation continues.
Suggestions to make it more helpful are highly appreciated.
Note that I intend to add more detailed documentation about the configuration options with #14 (as stated in the PR description).
Fixes issue #: Closes #12
Description of the changes being introduced by the pull request: If set to "true"
NoFail
allows a client to install packages even if in-toto verification fails, but only if the fail reason is missing link metadata.This setting should be removed, once there is broader support for rebuilder in-toto link metadata.
This PR also configures the online demo (see Dockerfile) to enable the
NoFail
setting.Tests and documentation will be added with #9 and #14.
Please verify and check that the pull request fulfills the following requirements: