diff -Nru landscape-client-16.03/debian/changelog landscape-client-16.03/debian/changelog --- landscape-client-16.03/debian/changelog 2018-01-23 16:21:35.000000000 +0000 +++ landscape-client-16.03/debian/changelog 2018-02-07 19:04:24.000000000 +0000 @@ -1,3 +1,9 @@ +landscape-client (16.03-0ubuntu3.17.10.3) artful; urgency=medium + + * Implicitly trust file-local sources managed by landscape (LP: #1736576) + + -- Simon Poirier Wed, 07 Feb 2018 19:04:24 +0000 + landscape-client (16.03-0ubuntu3.17.10.2) artful; urgency=medium * d/p/set-vm-info-to-kvm-for-aws-C5-instances.patch: diff -Nru landscape-client-16.03/debian/landscape-client.postinst landscape-client-16.03/debian/landscape-client.postinst --- landscape-client-16.03/debian/landscape-client.postinst 2017-11-10 17:44:17.000000000 +0000 +++ landscape-client-16.03/debian/landscape-client.postinst 2018-02-07 19:04:24.000000000 +0000 @@ -127,8 +127,16 @@ USER_UPDATE_FLAG_FILE="$DATA_PATH/user-update-flag" install --owner=landscape /dev/null $USER_UPDATE_FLAG_FILE echo "This file indicates that the Landscape client needs to send updated user information to the server." >> $USER_UPDATE_FLAG_FILE - ;; + # To work around bug #1736576 we rewrite file-local landscape sources + # with the trusted flag, as they have no release file, thus are + # unsigned repositories. It exists while package profile is applying. + LANDSCAPE_INTERNAL_SOURCES=/etc/apt/sources.list.d/_landscape-internal-facade.list + if grep -q -e "^deb file:" $LANDSCAPE_INTERNAL_SOURCES; then + sed -i 's/^deb file:/deb [ trusted=yes ] file:/' $LANDSCAPE_INTERNAL_SOURCES + fi + ;; + abort-upgrade|abort-remove|abort-deconfigure) ;; diff -Nru landscape-client-16.03/debian/patches/series landscape-client-16.03/debian/patches/series --- landscape-client-16.03/debian/patches/series 2018-01-23 15:49:18.000000000 +0000 +++ landscape-client-16.03/debian/patches/series 2018-02-07 18:47:28.000000000 +0000 @@ -6,3 +6,4 @@ config-no-reregister-1618483.diff set-vm-info-to-kvm-for-aws-C5-instances.patch set-vm-info-to-kvm-for-digitalocean-instances.patch +trusted-package-profiles-1736576.diff diff -Nru landscape-client-16.03/debian/patches/trusted-package-profiles-1736576.diff landscape-client-16.03/debian/patches/trusted-package-profiles-1736576.diff --- landscape-client-16.03/debian/patches/trusted-package-profiles-1736576.diff 1970-01-01 00:00:00.000000000 +0000 +++ landscape-client-16.03/debian/patches/trusted-package-profiles-1736576.diff 2018-02-07 19:04:24.000000000 +0000 @@ -0,0 +1,727 @@ +Description: Trust file-local repositories explicitely. + Behaviour of apt is now to verify all repository signatures. + Ephemeral "file://" repositories are created by landscape during + application of package profiles policies. Those local apt sources are now to + be flagged as trusted to avoid regression with new apt default. +Author: Simon Poirier +Origin: upstream, https://github.com/CanonicalLtd/landscape-client/commit/d640643a15414b0d8e4330179e11d5a6036a6e42 +Bug: https://bugs.launchpad.net/bugs/1736576 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1736576 +--- a/landscape/package/facade.py ++++ b/landscape/package/facade.py +@@ -264,15 +264,21 @@ + sources_dir = apt_pkg.config.find_dir("Dir::Etc::sourceparts") + return os.path.join(sources_dir, "_landscape-internal-facade.list") + +- def add_channel_apt_deb(self, url, codename, components=None): ++ def add_channel_apt_deb(self, url, codename, components=None, ++ trusted=None): + """Add a deb URL which points to a repository. + + @param url: The base URL of the repository. + @param codename: The dist in the repository. + @param components: The components to be included. ++ @param trusted: Whether validation should be skipped (if local). + """ + sources_file_path = self._get_internal_sources_list() +- sources_line = "deb %s %s" % (url, codename) ++ source_options = "" ++ if trusted is not None and url.startswith("file:"): ++ trusted_val = "yes" if trusted else "no" ++ source_options = "[ trusted={} ] ".format(trusted_val) ++ sources_line = "deb {}{} {}".format(source_options, url, codename) + if components: + sources_line += " %s" % " ".join(components) + if os.path.exists(sources_file_path): +@@ -291,7 +297,9 @@ + about the deb files. + """ + self._create_packages_file(path) +- self.add_channel_apt_deb("file://%s" % path, "./", None) ++ # yakkety+ validate even file repository by default. deb dirs don't ++ # have a signed Release file but are local so they should be trusted. ++ self.add_channel_apt_deb("file://%s" % path, "./", None, trusted=True) + + def clear_channels(self): + """Clear the channels that have been added through the facade. +--- a/landscape/package/tests/test_facade.py ++++ b/landscape/package/tests/test_facade.py +@@ -145,7 +145,8 @@ + deb_dir = self.makeDir() + self._add_system_package("foo", version="1.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="1.5") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + self.assertEqual( + [("foo", "1.0"), ("foo", "1.5")], +@@ -219,6 +220,38 @@ + "deb http://example.com/ubuntu lucid main restricted\n", + sources_contents) + ++ def test_add_channel_apt_deb_trusted(self): ++ """add_channel_apt_deb sets trusted option if trusted and local.""" ++ # Don't override trust on unsigned/signed remotes. ++ self.facade.add_channel_apt_deb( ++ "http://example.com/ubuntu", "unsigned", ["main"], trusted=True) ++ self.facade.add_channel_apt_deb( ++ "http://example.com/ubuntu", "signed", ["main"], trusted=False) ++ ++ # We explicitly trust local ++ self.facade.add_channel_apt_deb( ++ "file://opt/spam", "unsigned", ["main"], trusted=True) ++ # We explicitly distrust local (thus check gpg signatures) ++ self.facade.add_channel_apt_deb( ++ "file://opt/spam", "signed", ["main"], trusted=False) ++ # apt defaults (which is to check signatures on >xenial) ++ self.facade.add_channel_apt_deb( ++ "file://opt/spam", "default", ["main"]) ++ ++ list_filename = ( ++ self.apt_root + ++ "/etc/apt/sources.list.d/_landscape-internal-facade.list") ++ sources_contents = read_file(list_filename) ++ self.assertEqual( ++ textwrap.dedent("""\ ++ deb http://example.com/ubuntu unsigned main ++ deb http://example.com/ubuntu signed main ++ deb [ trusted=yes ] file://opt/spam unsigned main ++ deb [ trusted=no ] file://opt/spam signed main ++ deb file://opt/spam default main ++ """), ++ sources_contents) ++ + def test_add_channel_deb_dir_adds_deb_channel(self): + """ + C{add_channel_deb_dir()} adds a deb channel pointing to the +@@ -397,7 +430,8 @@ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") + self._add_package_to_deb_dir(deb_dir, "bar") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + self.assertEqual( + ["bar", "foo"], +@@ -412,7 +446,8 @@ + """ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + new_facade = AptFacade(root=self.apt_root) + self._add_package_to_deb_dir(deb_dir, "bar") +@@ -432,7 +467,8 @@ + """ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + new_facade = AptFacade(root=self.apt_root) + self._add_package_to_deb_dir(deb_dir, "foo", version="2.0") +@@ -450,7 +486,8 @@ + """ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + self._add_package_to_deb_dir(deb_dir, "bar") + self._touch_packages_file(deb_dir) +@@ -504,7 +541,8 @@ + + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.refetch_package_index = True + self.facade._cache.update = new_apt_update + self.facade.reload_channels(force_reload_binaries=True) +@@ -525,7 +563,8 @@ + + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.refetch_package_index = False + self.facade._cache.update = new_apt_update + self.facade.reload_channels(force_reload_binaries=True) +@@ -546,7 +585,8 @@ + + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.refetch_package_index = False + self.facade._cache.update = old_apt_update + self.facade.reload_channels(force_reload_binaries=True) +@@ -885,7 +925,8 @@ + """ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo", version="1.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [package] = self.facade.get_packages() + self.assertFalse(self.facade.is_package_upgrade(package)) +@@ -898,7 +939,8 @@ + deb_dir = self.makeDir() + self._add_system_package("foo", version="0.5") + self._add_package_to_deb_dir(deb_dir, "foo", version="1.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [version_05, version_10] = sorted(self.facade.get_packages()) + self.assertTrue(self.facade.is_package_upgrade(version_10)) +@@ -912,7 +954,8 @@ + deb_dir = self.makeDir() + self._add_system_package("foo", version="1.5") + self._add_package_to_deb_dir(deb_dir, "foo", version="1.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [version_10, version_15] = sorted(self.facade.get_packages()) + self.assertFalse(self.facade.is_package_upgrade(version_10)) +@@ -927,7 +970,8 @@ + deb_dir = self.makeDir() + self._add_system_package("foo", version="1.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="1.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [package] = self.facade.get_packages() + self.assertFalse(self.facade.is_package_upgrade(package)) +@@ -956,7 +1000,8 @@ + self._add_system_package("foo", version="0.5") + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo", version="1.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [version_05, version_10] = sorted(self.facade.get_packages()) + self.assertFalse(self.facade.is_package_upgrade(version_10)) +@@ -978,7 +1023,8 @@ + deb_dir = self.makeDir() + self._add_system_package("foo", version="1.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="1.5") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + self.assertEqual( + [("foo", "1.0"), ("foo", "1.5")], +@@ -1012,7 +1058,8 @@ + """ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1045,7 +1092,8 @@ + """ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1070,7 +1118,8 @@ + """ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1099,7 +1148,8 @@ + self.facade.max_dpkg_retries = 1 + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1128,7 +1178,8 @@ + self.facade.max_dpkg_retries = 1 + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1233,7 +1284,8 @@ + """ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + foo = self.facade.get_packages_by_name("foo")[0] + self.facade.mark_install(foo) +@@ -1268,7 +1320,8 @@ + deb_dir, "bar", + control_fields={"Depends": "also-missing | also-lost (>= 1.0)", + "Pre-Depends": "also-pre-missing | also-pre-lost"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [bar] = self.facade.get_packages_by_name("bar") +@@ -1309,7 +1362,8 @@ + deb_dir = self.makeDir() + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Depends": "bar"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + self.assertEqual(set(), self.facade._get_broken_packages()) + self.assertEqual("", self.facade._get_unmet_dependency_info()) +@@ -1323,7 +1377,8 @@ + deb_dir = self.makeDir() + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Depends": "bar"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1345,7 +1400,8 @@ + deb_dir = self.makeDir() + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Pre-Depends": "bar"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1367,7 +1423,8 @@ + deb_dir = self.makeDir() + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Depends": "bar (>= 1.0)"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1391,7 +1448,8 @@ + self._add_package_to_deb_dir(deb_dir, "bar", version="0.5") + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Depends": "bar (>= 1.0)"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [bar] = self.facade.get_packages_by_name("bar") +@@ -1418,7 +1476,8 @@ + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Depends": "bar (>= 3.0)"}) + self._add_package_to_deb_dir(deb_dir, "bar", version="2.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [bar1, bar2] = sorted(self.facade.get_packages_by_name("bar")) +@@ -1445,7 +1504,8 @@ + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Depends": "bar (>= 3.0)"}) + self._add_package_to_deb_dir(deb_dir, "bar", version="2.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [bar1, bar2] = sorted(self.facade.get_packages_by_name("bar")) +@@ -1474,7 +1534,8 @@ + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Depends": "bar (>= 3.0)"}) + self._add_package_to_deb_dir(deb_dir, "bar", version="1.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [bar1, bar2] = sorted(self.facade.get_packages_by_name("bar")) +@@ -1500,7 +1561,8 @@ + deb_dir = self.makeDir() + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Depends": "bar | baz (>= 1.0)"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1524,7 +1586,8 @@ + self._add_system_package("foo") + self._add_package_to_deb_dir( + deb_dir, "bar", control_fields={"Conflicts": "foo"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [bar] = self.facade.get_packages_by_name("bar") +@@ -1551,7 +1614,8 @@ + deb_dir, "foo", control_fields={"Depends": "bar"}) + self._add_package_to_deb_dir( + deb_dir, "bar", control_fields={"Breaks": "foo"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [bar] = self.facade.get_packages_by_name("bar") +@@ -1577,7 +1641,8 @@ + deb_dir, "bar", + control_fields={"Conflicts": "foo, baz", "Breaks": "foo, baz"}) + self._add_package_to_deb_dir(deb_dir, "baz") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [bar] = self.facade.get_packages_by_name("bar") +@@ -1606,7 +1671,8 @@ + deb_dir, "bar", + control_fields={"Conflicts": "foo, baz", "Breaks": "foo, baz"}) + self._add_system_package("baz") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [bar] = self.facade.get_packages_by_name("bar") +@@ -1637,7 +1703,8 @@ + self._add_package_to_deb_dir( + deb_dir, "foo", + control_fields={"Depends": "there1, missing1, there2 | missing2"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1660,7 +1727,8 @@ + deb_dir, "foo", control_fields={"Depends": "bar"}) + self._add_package_to_deb_dir( + deb_dir, "another-foo", control_fields={"Depends": "another-bar"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [another_foo] = self.facade.get_packages_by_name("another-foo") +@@ -1724,7 +1792,8 @@ + """ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1743,7 +1812,8 @@ + """ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1769,7 +1839,8 @@ + self._add_system_package("bar", version="1.0") + self._add_package_to_deb_dir(deb_dir, "bar", version="1.5") + self._add_system_package("baz") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self._add_system_package("quux", version="1.0") + self._add_system_package("wibble", version="1.0") + self.facade.reload_channels() +@@ -1799,7 +1870,8 @@ + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Depends": "bar"}) + self._add_package_to_deb_dir(deb_dir, "bar") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -1831,7 +1903,8 @@ + deb_dir = self.makeDir() + self._add_system_package("foo", version="1.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="1.5") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + foo_10 = sorted(self.facade.get_packages_by_name("foo"))[0] + self.facade.mark_global_upgrade() +@@ -1858,7 +1931,8 @@ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo", version="1.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="2.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + foo1, foo2 = sorted(self.facade.get_packages_by_name("foo")) + self.assertEqual(foo2, foo1.package.candidate) +@@ -1896,7 +1970,8 @@ + deb_dir, "single-arch", architecture="amd64", version="2.0") + self._add_package_to_deb_dir( + deb_dir, "single-arch", architecture="i386", version="2.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + + multi_arch1, multi_arch2 = sorted( +@@ -1941,7 +2016,8 @@ + self._add_package_to_deb_dir( + deb_dir, "multi-arch", architecture="i386", version="2.0", + control_fields={"Multi-Arch": "same"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + + multi_arch1, multi_arch2 = sorted( +@@ -1971,7 +2047,8 @@ + self._add_system_package("bar") + self._add_package_to_deb_dir(deb_dir, "foo", version="2.0") + self._add_package_to_deb_dir(deb_dir, "baz") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + foo1, foo2 = sorted(self.facade.get_packages_by_name("foo")) + self.facade.mark_global_upgrade() +@@ -1991,7 +2068,8 @@ + self._add_system_package("foo", version="1.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="2.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="3.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + foo1, foo2, foo3 = sorted(self.facade.get_packages_by_name("foo")) + self.assertEqual(foo3, foo1.package.candidate) +@@ -2010,7 +2088,8 @@ + self._add_system_package("foo", version="3.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="2.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="1.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + foo3 = sorted(self.facade.get_packages_by_name("foo"))[-1] + self.assertEqual(foo3, foo3.package.candidate) +@@ -2026,7 +2105,8 @@ + self._add_package_to_deb_dir(deb_dir, "auto", version="2.0") + self._add_system_package("noauto", version="1.0") + self._add_package_to_deb_dir(deb_dir, "noauto", version="2.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + auto1, auto2 = sorted(self.facade.get_packages_by_name("auto")) + noauto1, noauto2 = sorted(self.facade.get_packages_by_name("noauto")) +@@ -2085,7 +2165,8 @@ + "broken", control_fields={"Depends": "missing"}) + self._add_package_to_deb_dir(deb_dir, "foo") + self._add_package_to_deb_dir(deb_dir, "missing") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_install(foo) +@@ -2107,7 +2188,8 @@ + deb_dir, "foo", control_fields={"Depends": "bar"}) + self._add_package_to_deb_dir(deb_dir, "bar") + self._add_package_to_deb_dir(deb_dir, "missing") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [bar] = self.facade.get_packages_by_name("bar") +@@ -2126,7 +2208,8 @@ + "broken", control_fields={"Depends": "missing"}) + self._add_system_package("foo") + self._add_package_to_deb_dir(deb_dir, "missing") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + self.facade.mark_remove(foo) +@@ -2151,7 +2234,8 @@ + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Depends": "really-missing"}) + self._add_package_to_deb_dir(deb_dir, "missing") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [broken] = self.facade.get_packages_by_name("broken") + [foo] = self.facade.get_packages_by_name("foo") +@@ -2218,7 +2302,8 @@ + self._add_package_to_deb_dir( + deb_dir, "foo", control_fields={"Depends": "bar"}) + self._add_package_to_deb_dir(deb_dir, "bar") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo] = self.facade.get_packages_by_name("foo") + [bar] = self.facade.get_packages_by_name("bar") +@@ -2235,7 +2320,8 @@ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo", version="1.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="2.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo1, foo2] = sorted(self.facade.get_packages_by_name("foo")) + self.assertEqual(foo1.package, foo2.package) +@@ -2259,7 +2345,8 @@ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo", version="1.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="2.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo1, foo2] = sorted(self.facade.get_packages_by_name("foo")) + self.assertEqual(foo1.package, foo2.package) +@@ -2301,7 +2388,8 @@ + self._add_system_package("foo", version="1.0") + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo", version="2.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo1, foo2] = sorted(self.facade.get_packages_by_name("foo")) + self.assertEqual(foo1.package, foo2.package) +@@ -2324,7 +2412,8 @@ + self._add_system_package("foo", version="1.0") + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo", version="2.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo1, foo2] = sorted(self.facade.get_packages_by_name("foo")) + self.assertEqual(foo1.package, foo2.package) +@@ -2348,7 +2437,8 @@ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo", version="1.0") + self._add_package_to_deb_dir(deb_dir, "foo", version="3.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo1, foo2] = sorted(self.facade.get_packages_by_name("foo"))[:2] + self.assertEqual(foo1.package, foo2.package) +@@ -2374,7 +2464,8 @@ + self._add_package_to_deb_dir( + deb_dir, "foo", version="1.5", control_fields={"Depends": "bar"}) + self._add_package_to_deb_dir(deb_dir, "bar") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + foo_10, foo_15 = sorted(self.facade.get_packages_by_name("foo")) + [bar] = self.facade.get_packages_by_name("bar") +@@ -2432,7 +2523,8 @@ + self._add_system_package("bar", version="1.0") + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "bar", version="2.0") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + bar_1, bar_2 = sorted(self.facade.get_packages_by_name("bar")) + self.facade.mark_install(bar_2) +@@ -2453,7 +2545,8 @@ + control_fields={"Status": "hold ok installed"}) + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo", version="1.5") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo_10, foo_15] = sorted(self.facade.get_packages_by_name("foo")) + self.facade.mark_global_upgrade() +@@ -2477,7 +2570,8 @@ + self._add_package_to_deb_dir( + deb_dir, "bar", version="2.0", + control_fields={"Depends": "foo (>> 1.0)"}) +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [foo_1, foo_2] = sorted(self.facade.get_packages_by_name("foo")) + [bar_1, bar_2] = sorted(self.facade.get_packages_by_name("bar")) +@@ -2514,7 +2608,8 @@ + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "foo", version="1.5") + self._add_package_to_deb_dir(deb_dir, "bar", version="1.5") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + foo_10 = sorted(self.facade.get_packages_by_name("foo"))[0] + self.assertEqual([foo_10], self.facade.get_locked_packages()) +@@ -2647,7 +2742,8 @@ + self._add_system_package("foo") + deb_dir = self.makeDir() + self._add_package_to_deb_dir(deb_dir, "bar") +- self.facade.add_channel_apt_deb("file://%s" % deb_dir, "./") ++ self.facade.add_channel_apt_deb( ++ "file://%s" % deb_dir, "./", trusted=True) + self.facade.reload_channels() + [bar] = self.facade.get_packages_by_name("bar") + self.facade.mark_remove_hold(bar)