* merged changes from the conference

Patches applied:

 * apt@arch.ubuntu.com/apt--experimental--0.6--base-0
   tag of apt@arch.ubuntu.com/apt--MAIN--0--patch-1190

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-1
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-2
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-3
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-4
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-5
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-6
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-7
   Merge working copy of v0.6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-8
   0.6.0 is headed for experimental, not unstable

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-9
   Date

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-10
   Update LIB_APT_PKG_MAJOR

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-11
   - Fix a heap corruption bug in pkgSrcRecords::pkgSrcRec...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-12
   Resynch

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-13
   * Merge apt 0.5.17

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-14
   * Rearrange Release file authentication code to be more...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-15
   * Convert distribution "../project/experimental" to "ex...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-16
   Merge 1.11

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-17
   Merge 1.7

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-18
   Merge 1.10

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-19
   * Make a number of Release file errors into warnings; f...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-20
   * Add space between package names when multiple unauthe...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-21
   * Provide apt-key with a secret keyring and a trustdb, ...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-22
   * Fix typo in apt-key(8) (standard input is '-', not '/')

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-23
   0.6.2

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-24
   Resynch

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-25
   * Fix MetaIndexURI for flat ("foo/") sources

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-26
   0.6.3

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-27
   * Use the top-level Release file in LoadReleaseInfo, ra...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-28
   0.6.4

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-29
   Clarify

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-30
   * Move the authentication check into a separate functio...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-31
   * Fix display of unauthenticated packages when they are...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-32
   * Move the authentication check into a separate functio...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-33
   * Restore the ugly hack I removed from indexRecords::Lo...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-34
   0.6.6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-35
   * Forgot to revert part of the changes to tagfile in 0....

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-36
   * Add a config option and corresponding command line option

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-37
   0.6.8

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-38
   hopefully avoid more segfaults

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-39
   XXX

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-40
   * Another tagfile workaround

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-41
   * Use "Codename" (woody, sarge, etc.) to supply the val...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-42
   * Support IMS requests of Release.gpg and Release

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-43
   * Have pkgAcquireIndex calculate an MD5 sum if one is n...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-44
   * Merge 0.5.18

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-45
   apt (0.6.13) experimental; urgency=low

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-46
   0.6.13

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-47
   Merge 0.5.20

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-48
   The source list works a bit differently in 0.6; fix the...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-49
   * s/Debug::Acquire::gpg/&v/

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-50
   * Honor the [vendor] syntax in sources.list again (thou...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-51
   * Don't ship vendors.list(5) since it isn't used yet

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-52
   * Revert change from 0.6.10; it was right in the first ...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-53
   * Fix some cases where the .gpg file could be left in p...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-54
   Print a warning if gnupg is not installed

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-55
   * Handle more IMS stuff correctly

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-56
   0.6.17

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-57
   * Merge 0.5.21

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-58
   * Add new Debian Archive Automatic Signing Key to the d...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-59
   0.6.18

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-60
   * Merge 0.5.22

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-61
   * Convert apt-key(8) to docbook XML

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-62
   Merge 0.5.23

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-63
   Remove bogus partial 0.5.22 changelog entry

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-64
   Make the auth warning a bit less redundant

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-65
   * Merge 0.5.24

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-66
   * Make the unauthenticated packages prompt more intuiti...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-67
   Merge 0.5.25

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-68
   * Remove obsolete pkgIterator::TargetVer() (Closes: #230159)

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-69
   * Reverse test in CheckAuth to match new prompt (Closes...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-70
   Update version

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-71
   Fix backwards sense of CheckAuth prompt

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-72
   0.6.24

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-73
   Close bug

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-74
   * Fix handling of two-part sources for sources.list deb...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-75
   0.6.25

 * apt@packages.debian.org/apt--authentication--0--base-0
   tag of apt@arch.ubuntu.com/apt--experimental--0.6--patch-75

 * apt@packages.debian.org/apt--authentication--0--patch-1
   Michael Vogt's merge of apt--experimental--0 onto apt--main--0

 * apt@packages.debian.org/apt--authentication--0--patch-2
   Merge from apt--main--0

 * apt@packages.debian.org/apt--authentication--0--patch-3
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-4
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-5
   Update version number in configure.in

 * apt@packages.debian.org/apt--authentication--0--patch-6
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-7
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-8
   Merge from mvo's branch

 * apt@packages.debian.org/apt--authentication--0--patch-9
   Merge from mvo's tree

 * apt@packages.debian.org/apt--authentication--0--patch-10
   Merge from mvo

 * apt@packages.debian.org/apt--authentication--0--patch-11
   Fix permissions AGAIN

 * apt@packages.debian.org/apt--bzip2-debs--0--base-0
   tag of apt@packages.debian.org/apt--main--0--patch-30

 * apt@packages.debian.org/apt--bzip2-debs--0--patch-1
   Create baz branch

 * apt@packages.debian.org/apt--bzip2-debs--0--patch-2
   Implement data.tar.bz2 support

 * apt@packages.debian.org/apt--main--0--patch-30
   Fix changelog

 * apt@packages.debian.org/apt--main--0--patch-31
   Fix permissions again

 * apt@packages.debian.org/apt--main--0--patch-32
   Fix permissions again

 * apt@packages.debian.org/apt--main--0--patch-33
   Use baz instead of tla

 * apt@packages.debian.org/apt--main--0--patch-34
   Merge bzip2-debs branch

 * apt@packages.debian.org/apt--main--0--patch-35
   Fix changelog

 * apt@packages.debian.org/apt--main--0--patch-36
   untagged-source precious

 * apt@packages.debian.org/apt--main--0--patch-37
   Add .arch-inventory files

 * apt@packages.debian.org/apt--main--0--patch-38
   Fix permissions again

 * apt@packages.debian.org/apt--main--0--patch-39
   Merge apt--authentication--0

 * apt@packages.debian.org/apt--main--0--patch-40
   Merge misc-abi-changes

 * apt@packages.debian.org/apt--main--0--patch-41
   Merge from mvo

 * apt@packages.debian.org/apt--misc-abi-changes--0--base-0
   tag of apt@packages.debian.org/apt--main--0--patch-16

 * apt@packages.debian.org/apt--misc-abi-changes--0--patch-1
   Fix apt-get -s remove to not display the candidate version

 * apt@packages.debian.org/apt--misc-abi-changes--0--patch-2
   Merge from main

 * apt@packages.debian.org/apt--misc-abi-changes--0--patch-3
   Use pid_t throughout to hold process IDs

 * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--base-0
   tag of michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12

 * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--patch-1
   * star-merged matt's changes (bz2 support for data-members in debs)

 * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--patch-2
   * ignore errors when a Packages.bz2/Sources.bz2 can't be found and try with Packages.gz/Sources.gz again

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--base-0
   tag of apt@packages.debian.org/apt--main--0--patch-34

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-1
   * merged matt's tree (with all those apt-authentication changes)

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-2
   don't display a error if a bzip2 package can not be downloaded, just ignore (Ign) it

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-3
   * "chmod 755 cmdline/apt-key", changed version to 0.6.27ubuntu1

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-4
   * fix for a stupid merge error (from 0.5->0.6)

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-5
   * unstable should really be hoary

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-6
   * stronger dependencies for libapt-pkg-dev (depends on the source version of apt and apt-watch now)

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-7
   * distro really should be hoary, not unstable :/

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-8
   * documented the "--allow-unauthenticated" switch

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-1
   tag of apt@packages.debian.org/apt--authentication--0--base-0

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-2
   merged "tla apply-delta -A foo@ apt@arch.ubuntu.com/apt--MAIN--0--patch-1190 apt@arch.ubuntu.com/apt--MAIN--0--patch-1343" and cleaned up conflicts

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-3
   * missing bits from the merge added

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-4
   * star-merged with apt@packages.debian.org/apt--main--0

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-5
   * tree-synced to the apt--authentication tree

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-6
   * use the ubuntu-key in this version

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-7
   * imported the patches from mdz

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-8
   * apt-get update --print-uris works now as before (fallback to 0.5.x behaviour)

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-9
   * fix for the "if any source unauthenticated, all other sources are unauthenticated too" problem

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-10
   * reworked the "--print-uris" patch. it no longer uses: "APT::Get::Print-URIs" in the library

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-11
   * version of the library set to 3.6

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12
   * changelog finallized, will upload to people.ubuntulinux.org/~mvo/apt-authentication

 * michael.vogt@canonical.com--2004/apt--main-authentication--0--base-0
   tag of apt@packages.debian.org/apt--main--0--patch-22

 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-1
   * star-merge from apt--experimental--0.6

 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-2
   * compile failure fix for methods/http.cc, po-file fixes

1 files changed, 65 insertions, 11 deletions

diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h
index 9dab78f36..ea71153d5 100644
--- a/apt-pkg/acquire-item.h
+++ b/apt-pkg/acquire-item.h
@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: acquire-item.h,v 1.26 2003/02/02 03:13:13 doogie Exp $
+// $Id: acquire-item.h,v 1.26.2.3 2004/01/02 18:51:00 mdz Exp $
 /* ######################################################################
 
    Acquire Item - Item to acquire
@@ -22,7 +22,10 @@
 
 #include <apt-pkg/acquire.h>
 #include <apt-pkg/indexfile.h>
+#include <apt-pkg/vendor.h>
+#include <apt-pkg/sourcelist.h>
 #include <apt-pkg/pkgrecords.h>
+#include <apt-pkg/indexrecords.h>
 
 #ifdef __GNUG__
 #pragma interface "apt-pkg/acquire-item.h"
@@ -45,7 +48,7 @@ class pkgAcquire::Item
    public:
 
    // State of the item
-   enum {StatIdle, StatFetching, StatDone, StatError} Status;
+   enum {StatIdle, StatFetching, StatDone, StatError, StatAuthError} Status;
    string ErrorText;
    unsigned long FileSize;
    unsigned long PartialSize;   
@@ -67,11 +70,13 @@ class pkgAcquire::Item
    virtual void Start(string Message,unsigned long Size);
    virtual string Custom600Headers() {return string();};
    virtual string DescURI() = 0;
+   virtual string ShortDesc() {return DescURI();}
    virtual void Finished() {};
    
    // Inquire functions
    virtual string MD5Sum() {return string();};
    pkgAcquire *GetOwner() {return Owner;};
+   virtual bool IsTrusted() {return false;};
    
    Item(pkgAcquire *Owner);
    virtual ~Item();
@@ -86,6 +91,7 @@ class pkgAcqIndex : public pkgAcquire::Item
    bool Erase;
    pkgAcquire::ItemDesc Desc;
    string RealURI;
+   string ExpectedMD5;
    
    public:
    
@@ -97,28 +103,73 @@ class pkgAcqIndex : public pkgAcquire::Item
    virtual string DescURI() {return RealURI + ".gz";};
 
    pkgAcqIndex(pkgAcquire *Owner,string URI,string URIDesc,
-	       string ShortDesct);
+	       string ShortDesct, string ExpectedMD5, string compressExt="");
 };
 
-// Item class for index files
-class pkgAcqIndexRel : public pkgAcquire::Item
+struct IndexTarget
+{
+   string URI;
+   string Description;
+   string ShortDesc;
+   string MetaKey;
+};
+
+// Item class for index signatures
+class pkgAcqMetaSig : public pkgAcquire::Item
 {
    protected:
    
    pkgAcquire::ItemDesc Desc;
-   string RealURI;
-   
+   string RealURI,MetaIndexURI,MetaIndexURIDesc,MetaIndexShortDesc;
+   indexRecords* MetaIndexParser;
+   const vector<struct IndexTarget*>* IndexTargets;
+
    public:
    
    // Specialized action members
    virtual void Failed(string Message,pkgAcquire::MethodConfig *Cnf);
    virtual void Done(string Message,unsigned long Size,string Md5Hash,
-		     pkgAcquire::MethodConfig *Cnf);   
+		     pkgAcquire::MethodConfig *Cnf);
    virtual string Custom600Headers();
-   virtual string DescURI() {return RealURI;};
+   virtual string DescURI() {return RealURI; };
+
+   pkgAcqMetaSig(pkgAcquire *Owner,string URI,string URIDesc, string ShortDesc,
+		 string MetaIndexURI, string MetaIndexURIDesc, string MetaIndexShortDesc,
+		 const vector<struct IndexTarget*>* IndexTargets,
+		 indexRecords* MetaIndexParser);
+};
+
+// Item class for index signatures
+class pkgAcqMetaIndex : public pkgAcquire::Item
+{
+   protected:
+   
+   pkgAcquire::ItemDesc Desc;
+   string RealURI; // FIXME: is this redundant w/ Desc.URI?
+   string SigFile;
+   const vector<struct IndexTarget*>* IndexTargets;
+   indexRecords* MetaIndexParser;
+   bool AuthPass;
+
+   bool VerifyVendor();
+   void RetrievalDone(string Message);
+   void AuthDone(string Message);
+   void QueueIndexes(bool verify);
+   
+   public:
    
-   pkgAcqIndexRel(pkgAcquire *Owner,string URI,string URIDesc,
-	       string ShortDesct);
+   // Specialized action members
+   virtual void Failed(string Message,pkgAcquire::MethodConfig *Cnf);
+   virtual void Done(string Message,unsigned long Size,string Md5Hash,
+		     pkgAcquire::MethodConfig *Cnf);
+   virtual string Custom600Headers();
+   virtual string DescURI() {return RealURI; };
+
+   pkgAcqMetaIndex(pkgAcquire *Owner,
+		   string URI,string URIDesc, string ShortDesc,
+		   string SigFile,
+		   const vector<struct IndexTarget*>* IndexTargets,
+		   indexRecords* MetaIndexParser);
 };
 
 // Item class for archive files
@@ -135,6 +186,7 @@ class pkgAcqArchive : public pkgAcquire::Item
    string &StoreFilename;
    pkgCache::VerFileIterator Vf;
    unsigned int Retries;
+   bool Trusted; 
 
    // Queue the next available file for download.
    bool QueueNext();
@@ -147,7 +199,9 @@ class pkgAcqArchive : public pkgAcquire::Item
 		     pkgAcquire::MethodConfig *Cnf);
    virtual string MD5Sum() {return MD5;};
    virtual string DescURI() {return Desc.URI;};
+   virtual string ShortDesc() {return Desc.ShortDesc;};
    virtual void Finished();
+   virtual bool IsTrusted();
    
    pkgAcqArchive(pkgAcquire *Owner,pkgSourceList *Sources,
 		 pkgRecords *Recs,pkgCache::VerIterator const &Version,