--- /dev/null
+This patch comes from:
+https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=73;filename=apt_0.9.7.9%2Bdeb7u2.debdiff;att=1;bug=749795
+
+Upstream-Status: Backport
+
+Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
+Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
+
+diff -uarN apt-0.9.9.4-org/cmdline/apt-get.cc apt-0.9.9.4/cmdline/apt-get.cc
+--- apt-0.9.9.4-org/cmdline/apt-get.cc 2014-08-29 15:37:42.587156134 +0800
++++ apt-0.9.9.4/cmdline/apt-get.cc 2014-08-29 15:51:16.672334086 +0800
+@@ -1046,25 +1046,8 @@
+ return true;
+ }
+ /*}}}*/
+-// CheckAuth - check if each download comes form a trusted source /*{{{*/
+-// ---------------------------------------------------------------------
+-/* */
+-static bool CheckAuth(pkgAcquire& Fetcher)
++static bool AuthPrompt(std::string UntrustedList, bool const PromptUser)
+ {
+- string UntrustedList;
+- for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
+- {
+- if (!(*I)->IsTrusted())
+- {
+- UntrustedList += string((*I)->ShortDesc()) + " ";
+- }
+- }
+-
+- if (UntrustedList == "")
+- {
+- return true;
+- }
+-
+ ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
+
+ if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
+@@ -1073,6 +1056,9 @@
+ return true;
+ }
+
++ if (PromptUser == false)
++ return _error->Error(_("Some packages could not be authenticated"));
++
+ if (_config->FindI("quiet",0) < 2
+ && _config->FindB("APT::Get::Assume-Yes",false) == false)
+ {
+@@ -1090,6 +1076,28 @@
+ return _error->Error(_("There are problems and -y was used without --force-yes"));
+ }
+ /*}}}*/
++// CheckAuth - check if each download comes form a trusted source /*{{{*/
++// ---------------------------------------------------------------------
++/* */
++static bool CheckAuth(pkgAcquire& Fetcher, bool PromptUser=true)
++{
++ string UntrustedList;
++ for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
++ {
++ if (!(*I)->IsTrusted())
++ {
++ UntrustedList += string((*I)->ShortDesc()) + " ";
++ }
++ }
++
++ if (UntrustedList == "")
++ {
++ return true;
++ }
++
++ return AuthPrompt(UntrustedList, PromptUser);
++}
++
+ // InstallPackages - Actually download and install the packages /*{{{*/
+ // ---------------------------------------------------------------------
+ /* This displays the informative messages describing what is going to
+@@ -2482,6 +2490,7 @@
+
+ // Load the requestd sources into the fetcher
+ unsigned J = 0;
++ std::string UntrustedList;
+ for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++)
+ {
+ string Src;
+@@ -2491,7 +2500,10 @@
+ delete[] Dsc;
+ return _error->Error(_("Unable to find a source package for %s"),Src.c_str());
+ }
+-
++
++ if (Last->Index().IsTrusted() == false)
++ UntrustedList += Src + " ";
++
+ string srec = Last->AsStr();
+ string::size_type pos = srec.find("\nVcs-");
+ while (pos != string::npos)
+@@ -2575,7 +2587,11 @@
+ Last->Index().SourceInfo(*Last,*I),Src);
+ }
+ }
+-
++
++ // check authentication status of the source as well
++ if (UntrustedList != "" && !AuthPrompt(UntrustedList, false))
++ return false;
++
+ // Display statistics
+ unsigned long long FetchBytes = Fetcher.FetchNeeded();
+ unsigned long long FetchPBytes = Fetcher.PartialPresent();
+diff -uarN apt-0.9.9.4-org/test/integration/framework apt-0.9.9.4/test/integration/framework
+--- apt-0.9.9.4-org/test/integration/framework 2014-08-29 15:37:42.623156154 +0800
++++ apt-0.9.9.4/test/integration/framework 2014-08-29 15:55:23.592197940 +0800
+@@ -151,7 +151,7 @@
+ mkdir rootdir aptarchive keys
+ cd rootdir
+ mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d
+- mkdir -p var/cache var/lib var/log
++ mkdir -p var/cache var/lib var/log tmp
+ mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers
+ touch var/lib/dpkg/available
+ mkdir -p usr/lib/apt
+@@ -910,3 +910,35 @@
+ local IGNORE
+ read IGNORE
+ }
++
++testsuccess() {
++ if [ "$1" = '--nomsg' ]; then
++ shift
++ else
++ msgtest 'Test for successful execution of' "$*"
++ fi
++ local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testsuccess.output"
++ if $@ >${OUTPUT} 2>&1; then
++ msgpass
++ else
++ echo >&2
++ cat >&2 $OUTPUT
++ msgfail
++ fi
++}
++
++testfailure() {
++ if [ "$1" = '--nomsg' ]; then
++ shift
++ else
++ msgtest 'Test for failure in execution of' "$*"
++ fi
++ local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output"
++ if $@ >${OUTPUT} 2>&1; then
++ echo >&2
++ cat >&2 $OUTPUT
++ msgfail
++ else
++ msgpass
++ fi
++}
+diff -uarN apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated apt-0.9.9.4/test/integration/test-apt-get-source-authenticated
+--- apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated 1970-01-01 08:00:00.000000000 +0800
++++ apt-0.9.9.4/test/integration/test-apt-get-source-authenticated 2014-08-29 15:58:06.137156796 +0800
+@@ -0,0 +1,31 @@
++#!/bin/sh
++#
++# Regression test for debian bug #749795. Ensure that we fail with
++# a error if apt-get source foo will download a source that comes
++# from a unauthenticated repository
++#
++set -e
++
++TESTDIR=$(readlink -f $(dirname $0))
++. $TESTDIR/framework
++
++setupenvironment
++configarchitecture "i386"
++
++# a "normal" package with source and binary
++buildsimplenativepackage 'foo' 'all' '2.0'
++
++setupaptarchive --no-update
++
++APTARCHIVE=$(readlink -f ./aptarchive)
++rm -f $APTARCHIVE/dists/unstable/*Release*
++
++# update without authenticated InRelease file
++testsuccess aptget update
++
++# this all should fail
++testfailure aptget install -y foo
++testfailure aptget source foo
++
++# allow overriding the warning
++testsuccess aptget source --allow-unauthenticated foo
