From 4a242c5b86679bde52bc42f1efb89a7ca8deb280 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 21 Dec 2004 15:25:07 +0000 Subject: * added apt-key update method --- cmdline/apt-key | 39 ++++++++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/cmdline/apt-key b/cmdline/apt-key index 583cde191..ed5847c55 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -2,6 +2,36 @@ set -e +# We don't use a secret keyring, of course, but gpg panics and +# implodes if there isn't one available + +GPG_CMD="gpg --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg" +GPG="$GPG_CMD --keyring /etc/apt/trusted.gpg" + + +ARCHIVE_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg +REMOVED_KEYS=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg + + +update() { + if [ ! -f $ARCHIVE_KEYRING ]; then + echo >&2 "ERROR: Can't find the archive-keyring" + echo >&2 "Is the ubuntu-keyring package installed?" + exit 1 + fi + + # add new keys + $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import + + # remove no-longer used keys + keys=`$GPG_CMD --keyring $REMOVED_KEYS --list-keys|awk '/^pub/{print $2}'` + for key in $keys; do + if $GPG --list-keys | awk '/^pub/{print $2}'|grep -q $key; then + $GPG --quiet --batch --delete-key --yes "${key#*/}" + fi + done +} + usage() { echo "Usage: apt-key [command] [arguments]" echo @@ -9,6 +39,7 @@ usage() { echo echo " apt-key add - add the key contained in ('-' for stdin)" echo " apt-key del - remove the key " + echo " apt-key update - update keys using the keyring package" echo " apt-key list - list keys" echo } @@ -26,11 +57,6 @@ if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then echo >&2 fi -# We don't use a secret keyring, of course, but gpg panics and -# implodes if there isn't one available - -GPG="gpg --no-options --no-default-keyring --keyring /etc/apt/trusted.gpg --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg" - case "$command" in add) $GPG --quiet --batch --import "$1" @@ -40,6 +66,9 @@ case "$command" in $GPG --quiet --batch --delete-key --yes "$1" echo "OK" ;; + update) + update + ;; list) $GPG --batch --list-keys ;; -- cgit v1.2.3-70-g09d2 From 5f0ccad882f7d811e4bea2a7b269f32be2fb1bd9 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 23 Dec 2004 10:02:47 +0000 Subject: * if a sign-file download fails, delete the the partial download in "partial/" also --- apt-pkg/acquire-item.cc | 3 +++ po/apt-all.pot | 10 +++++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index f40c6a50d..fcd655f2a 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -392,6 +392,9 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) // mistakenly trusted string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI); unlink(Final.c_str()); + Final = _config->FindDir("Dir::State::lists") + "partial/"+ URItoFileName(RealURI); + unlink(Final.c_str()); + // queue a pkgAcqMetaIndex with no sigfile new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc, diff --git a/po/apt-all.pot b/po/apt-all.pot index 7d8e9d40f..c57945afa 100644 --- a/po/apt-all.pot +++ b/po/apt-all.pot @@ -2259,31 +2259,31 @@ msgstr "" msgid "rename failed, %s (%s -> %s)." msgstr "" -#: apt-pkg/acquire-item.cc:235 apt-pkg/acquire-item.cc:893 +#: apt-pkg/acquire-item.cc:235 apt-pkg/acquire-item.cc:896 msgid "MD5Sum mismatch" msgstr "" -#: apt-pkg/acquire-item.cc:707 +#: apt-pkg/acquire-item.cc:710 #, c-format msgid "" "I wasn't able to locate a file for the %s package. This might mean you need " "to manually fix this package. (due to missing arch)" msgstr "" -#: apt-pkg/acquire-item.cc:760 +#: apt-pkg/acquire-item.cc:763 #, c-format msgid "" "I wasn't able to locate file for the %s package. This might mean you need to " "manually fix this package." msgstr "" -#: apt-pkg/acquire-item.cc:796 +#: apt-pkg/acquire-item.cc:799 #, c-format msgid "" "The package index files are corrupted. No Filename: field for package %s." msgstr "" -#: apt-pkg/acquire-item.cc:883 +#: apt-pkg/acquire-item.cc:886 msgid "Size mismatch" msgstr "" -- cgit v1.2.3-70-g09d2 From a789b983b99696793857dd58f6d4ea1efe17470e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 23 Dec 2004 11:29:13 +0000 Subject: * changelog updated, version is now 0.6.27ubuntu4; added DEB_BUILD_PROG_OPTS to debian/rules --- apt-pkg/acquire-item.cc | 12 +++++++++--- configure.in | 2 +- debian/changelog | 11 +++++++++++ debian/rules | 2 +- po/apt-all.pot | 12 ++++++------ 5 files changed, 28 insertions(+), 11 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index fcd655f2a..d1bed417b 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -352,7 +352,7 @@ string pkgAcqMetaSig::Custom600Headers() struct stat Buf; if (stat(Final.c_str(),&Buf) != 0) return "\nIndex-File: true"; - + return "\nIndex-File: true\nLast-Modified: " + TimeRFC1123(Buf.st_mtime); } @@ -392,8 +392,14 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) // mistakenly trusted string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI); unlink(Final.c_str()); - Final = _config->FindDir("Dir::State::lists") + "partial/"+ URItoFileName(RealURI); - unlink(Final.c_str()); + + // if we debug leave the sig-file in partial/ to see what went wrong + // else delete it + if (!_config->FindB("Debug::pkgAcquire::Auth", false)) { + + Final = _config->FindDir("Dir::State::lists") + "partial/"+ URItoFileName(RealURI); + unlink(Final.c_str()); + } // queue a pkgAcqMetaIndex with no sigfile diff --git a/configure.in b/configure.in index 55062a2b8..b46decc11 100644 --- a/configure.in +++ b/configure.in @@ -18,7 +18,7 @@ AC_CONFIG_AUX_DIR(buildlib) AC_CONFIG_HEADER(include/config.h:buildlib/config.h.in include/apti18n.h:buildlib/apti18n.h.in) dnl -- SET THIS TO THE RELEASE VERSION -- -AC_DEFINE_UNQUOTED(VERSION,"0.6.27ubuntu3") +AC_DEFINE_UNQUOTED(VERSION,"0.6.27ubuntu4") PACKAGE="apt" AC_DEFINE_UNQUOTED(PACKAGE,"$PACKAGE") AC_SUBST(PACKAGE) diff --git a/debian/changelog b/debian/changelog index f32aa5a94..7825c85a9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +apt (0.6.27ubuntu4) hoary; urgency=low + + * if a sign-file download fails, delete the the partial downloaded + file in "partial/" + * added apt-key update method (uses ubuntu-keyring) + * documented the "--allow-unauthenticated" switch + * added DEB_BUILD_PROG_OPTS to debian/rules (additonal options can be + passed to DEB_BUILD_PROG like "-S") + + -- Michael Vogt Thu, 23 Dec 2004 11:12:51 +0100 + apt (0.6.27ubuntu3) hoary; urgency=low * added a exact dependency from libapt-pkg-dev to the apt version it was diff --git a/debian/rules b/debian/rules index 1fbbb61d1..b756b3b32 100755 --- a/debian/rules +++ b/debian/rules @@ -36,7 +36,7 @@ endif # Default rule build: -DEB_BUILD_PROG:=debuild --preserve-envvar PATH --preserve-envvar CCACHE_DIR -us -uc +DEB_BUILD_PROG:=debuild --preserve-envvar PATH --preserve-envvar CCACHE_DIR -us -uc $(DEB_BUILD_PROG_OPTS) APT_DEBVER=$(shell dpkg-parsechangelog |sed -n -e '/^Version:/s/^Version: //p') APT_CONFVER=$(shell sed -n -e 's/^AC_DEFINE_UNQUOTED(VERSION,"\(.*\)")/\1/p' configure.in) APT_CVSTAG=$(shell echo "$(APT_DEBVER)" | sed -e 's/^/v/' -e 's/\./_/g') diff --git a/po/apt-all.pot b/po/apt-all.pot index c57945afa..8b0b9eb7d 100644 --- a/po/apt-all.pot +++ b/po/apt-all.pot @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2004-12-20 10:20+0100\n" +"POT-Creation-Date: 2004-12-23 11:46+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -2259,31 +2259,31 @@ msgstr "" msgid "rename failed, %s (%s -> %s)." msgstr "" -#: apt-pkg/acquire-item.cc:235 apt-pkg/acquire-item.cc:896 +#: apt-pkg/acquire-item.cc:235 apt-pkg/acquire-item.cc:904 msgid "MD5Sum mismatch" msgstr "" -#: apt-pkg/acquire-item.cc:710 +#: apt-pkg/acquire-item.cc:718 #, c-format msgid "" "I wasn't able to locate a file for the %s package. This might mean you need " "to manually fix this package. (due to missing arch)" msgstr "" -#: apt-pkg/acquire-item.cc:763 +#: apt-pkg/acquire-item.cc:771 #, c-format msgid "" "I wasn't able to locate file for the %s package. This might mean you need to " "manually fix this package." msgstr "" -#: apt-pkg/acquire-item.cc:799 +#: apt-pkg/acquire-item.cc:807 #, c-format msgid "" "The package index files are corrupted. No Filename: field for package %s." msgstr "" -#: apt-pkg/acquire-item.cc:886 +#: apt-pkg/acquire-item.cc:894 msgid "Size mismatch" msgstr "" -- cgit v1.2.3-70-g09d2 From f6237efdccd4b176efddaede6c9d90b8cecc0aa3 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 23 Dec 2004 12:08:47 +0000 Subject: * removed Release.gpg files in partial/ before fetching a new one --- apt-pkg/acquire-item.cc | 13 ++++--------- debian/changelog | 4 ++-- po/apt-all.pot | 12 ++++++------ 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index d1bed417b..d96ea1ffb 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -321,6 +321,10 @@ pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner, DestFile = _config->FindDir("Dir::State::lists") + "partial/"; DestFile += URItoFileName(URI); + // remove any partial downloaded sig-file. it may confuse proxies + // and is too small to warrant a partial download anyway + unlink(DestFile.c_str()); + // Create the item Desc.Description = URIDesc; Desc.Owner = this; @@ -393,15 +397,6 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf) string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI); unlink(Final.c_str()); - // if we debug leave the sig-file in partial/ to see what went wrong - // else delete it - if (!_config->FindB("Debug::pkgAcquire::Auth", false)) { - - Final = _config->FindDir("Dir::State::lists") + "partial/"+ URItoFileName(RealURI); - unlink(Final.c_str()); - } - - // queue a pkgAcqMetaIndex with no sigfile new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc, "", IndexTargets, MetaIndexParser); diff --git a/debian/changelog b/debian/changelog index 7825c85a9..421914b36 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,7 @@ apt (0.6.27ubuntu4) hoary; urgency=low - * if a sign-file download fails, delete the the partial downloaded - file in "partial/" + * remove old sig-file in partial/ before starting to fetch a new sig-file + (see ubuntu #4769 for the rational) * added apt-key update method (uses ubuntu-keyring) * documented the "--allow-unauthenticated" switch * added DEB_BUILD_PROG_OPTS to debian/rules (additonal options can be diff --git a/po/apt-all.pot b/po/apt-all.pot index 8b0b9eb7d..dfafb2c4f 100644 --- a/po/apt-all.pot +++ b/po/apt-all.pot @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2004-12-23 11:46+0100\n" +"POT-Creation-Date: 2004-12-23 12:36+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -2259,31 +2259,31 @@ msgstr "" msgid "rename failed, %s (%s -> %s)." msgstr "" -#: apt-pkg/acquire-item.cc:235 apt-pkg/acquire-item.cc:904 +#: apt-pkg/acquire-item.cc:235 apt-pkg/acquire-item.cc:897 msgid "MD5Sum mismatch" msgstr "" -#: apt-pkg/acquire-item.cc:718 +#: apt-pkg/acquire-item.cc:711 #, c-format msgid "" "I wasn't able to locate a file for the %s package. This might mean you need " "to manually fix this package. (due to missing arch)" msgstr "" -#: apt-pkg/acquire-item.cc:771 +#: apt-pkg/acquire-item.cc:764 #, c-format msgid "" "I wasn't able to locate file for the %s package. This might mean you need to " "manually fix this package." msgstr "" -#: apt-pkg/acquire-item.cc:807 +#: apt-pkg/acquire-item.cc:800 #, c-format msgid "" "The package index files are corrupted. No Filename: field for package %s." msgstr "" -#: apt-pkg/acquire-item.cc:894 +#: apt-pkg/acquire-item.cc:887 msgid "Size mismatch" msgstr "" -- cgit v1.2.3-70-g09d2 From 500bd9999c105dfc58013bda69f0a3ac741a21c0 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 23 Dec 2004 12:20:59 +0000 Subject: * some comments about the pkgAcqMetaSig::Custom600Headers() added --- apt-pkg/acquire-item.cc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index d96ea1ffb..de8cfe8f2 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -350,6 +350,13 @@ pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner, /* The only header we use is the last-modified header. */ string pkgAcqMetaSig::Custom600Headers() { + // mvo: we don't really need the last-modified header here + // 1) it points to "Final" and that was renamed to "DestFile" + // so it's never send anyway + // 2) because DestFIle is in partial/ we will send a partial request + // with if-range in the http method (or the equivalent for ftp). + // that should give the same result + string Final = _config->FindDir("Dir::State::lists"); Final += URItoFileName(RealURI); -- cgit v1.2.3-70-g09d2 -- cgit v1.2.3-70-g09d2 From 32133629d8c49029f3d04886aa605de4864b486e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 24 Dec 2004 08:09:43 +0000 Subject: * use gpg --with-colons --- cmdline/apt-key | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmdline/apt-key b/cmdline/apt-key index ed5847c55..a96afe944 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -24,10 +24,10 @@ update() { $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import # remove no-longer used keys - keys=`$GPG_CMD --keyring $REMOVED_KEYS --list-keys|awk '/^pub/{print $2}'` + keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys|awk '/^pub/{FS=":";print $5}'` for key in $keys; do - if $GPG --list-keys | awk '/^pub/{print $2}'|grep -q $key; then - $GPG --quiet --batch --delete-key --yes "${key#*/}" + if $GPG --list-keys --with-colons | awk '/^pub/{FS=":";print $5}'|grep -q $key; then + $GPG --quiet --batch --delete-key --yes ${key} fi done } -- cgit v1.2.3-70-g09d2