Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.7.11 2016-08-17T12:12:25Z 2016-08-17T12:12:25Z David Kalnischkies david@kalnischkies.de 2016-08-16T18:08:29Z urn:sha1:8bd823d0a1f7e08ad94a7110bb118f73348133a1 We support "./foobar.deb" as a way to install a deb file directly. Recently .changes files were added. This highlights a problem as you can't add the changes file without also trying to install all of them. Now, it could also be handy to add entire Packages/Sources files to perhaps get a bunch of packages in without installing them all implicitly. This commit introduces --with-source which allows to add *.deb, *.changes, *.dsc, source-dirs, Packages & Sources files (the later can also be compressed) without also installing them. 2016-07-22T14:05:09Z David Kalnischkies david@kalnischkies.de 2016-07-08T13:59:23Z urn:sha1:92296fe4b0862a04ea3d965b4cd2d4a420e3be9f We support installing ./foo.deb (and ./foo.dsc for source) for a while now, but it can be a bit clunky to work with those directly if you e.g. build packages locally in a 'central' build-area. The changes files also include hashsums and can be signed, so this can also be considered an enhancement in terms of security as a user "just" has to verify the signature on the changes file then rather than checking all deb files individually in these manual installation procedures. 2016-07-01T20:00:52Z David Kalnischkies david@kalnischkies.de 2016-07-01T20:00:52Z urn:sha1:08fcf9628806af202e555bd02b3611e4e9a3d757 apt-key needs gnupg for most of its operations, but depending on it isn't very efficient as apt-key is hardly used by users – and scripts shouldn't use it to begin with as it is just a silly wrapper. To draw more attention on the fact that e.g. 'apt-key add' should not be used in favor of "just" dropping a keyring file into the trusted.gpg.d directory this commit implements the display of warnings. 2016-05-01T13:50:04Z David Kalnischkies david@kalnischkies.de 2016-05-01T12:43:23Z urn:sha1:5f17b19f8f99eb6f80a10846d5891f53c16178dc We want to stop hard-depending on gnupg and for this it is essential that apt-key isn't used in any critical execution path, which maintainerscript are. Especially as it is likely that these script call apt-key either only for (potentially now outdated cleanup) or still not use the much simpler trusted.gpg.d infrastructure.