Valid-Until

Add a Valid-Until "header" to the generated Release files.
Meaning "$receiver shouldn't trust this files after that date".
Should be used by apt and similar tools to detect some kind of MITM attacks,
see #499897 for more information.
Currently set to "7 days from now".

Signed-off-by: Joerg Jaspert <joerg@debian.org>

diff --git a/ChangeLog b/ChangeLog
index 163c20e68d2b0d833f52ce0035de7cf6f6348565..4877270faa597850450783351f8fbf163d94e523 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2008-09-23  Joerg Jaspert  <joerg@debian.org>
+
+       * dak/generate_releases.py (main): Add a "Valid-Until" line into
+       our release files, meaning "$receiver shouldn't trust this files
+       after that date". Should be used by apt and similar tools to
+       detect some kind of MITM attacks, see #499897
+
 2008-09-21  Joerg Jaspert  <joerg@debian.org>
 
        * config/debian/cron.hourly: Generate the DEFERRED queue

diff --git a/dak/generate_releases.py b/dak/generate_releases.py
index c9dece836e70fe3a639fb527cedff46084d82713..543532fdfdf0057f97bfeac809b59789d8ee4372 100755 (executable)
--- a/dak/generate_releases.py
+++ b/dak/generate_releases.py
@@ -218,6 +218,7 @@ def main ():
         if codename != "":
             out.write("Codename: %s\n" % (codename))
         out.write("Date: %s\n" % (time.strftime("%a, %d %b %Y %H:%M:%S UTC", time.gmtime(time.time()))))
+        out.write("Valid-Until: %s\n" % (time.strftime("%a, %d %b %Y %H:%M:%S UTC", time.gmtime(time.time()+7*24*60*60))))
         if notautomatic != "":
             out.write("NotAutomatic: %s\n" % (notautomatic))
         out.write("Architectures: %s\n" % (" ".join(filter(utils.real_arch, SuiteBlock.ValueList("Architectures")))))