From 51f13f6ab9c793b6972f6dd945149a4f97549e04 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 7 Jan 2008 21:41:08 +0100 Subject: finalize changelog and upload as 0.7.10 --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 9f78d5916..ef4a21b6f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -apt (0.7.10) UNRELEASED; urgency=low +apt (0.7.10) unstable; urgency=low [ Otavio Salvador ] * Applied patch from Mike O'Connor to add a manpage to @@ -68,7 +68,7 @@ apt (0.7.10) UNRELEASED; urgency=low * Fix wording for "After unpacking...". Thans to Michael Gilbert for the patch. Closes: #260825 - -- Christian Perrier Mon, 17 Dec 2007 10:10:17 +0530 + -- Michael Vogt Mon, 07 Jan 2008 21:40:47 +0100 apt (0.7.9) unstable; urgency=low -- cgit v1.2.3-70-g09d2 From b7c5ca8c3138c2a8045bb4ef3545cb348a05e67b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 10 Jan 2008 12:08:21 +0100 Subject: * apt-pkg/algorithms.cc: - Since APT::Get::List-Cleanup and APT::List-Cleanup both default to true, the effect of the compatibility code was to require both of them to be set to false in order to disable list cleanup; this broke the installer. Instead, disable list cleanup if either of them is set to false. --- apt-pkg/algorithms.cc | 2 +- debian/changelog | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/apt-pkg/algorithms.cc b/apt-pkg/algorithms.cc index 6e2b97557..57b85e24f 100644 --- a/apt-pkg/algorithms.cc +++ b/apt-pkg/algorithms.cc @@ -1356,7 +1356,7 @@ bool ListUpdate(pkgAcquireStatus &Stat, // Keep "APT::Get::List-Cleanup" name for compatibility, but // this is really a global option for the APT library now if (!TransientNetworkFailure && !Failed && - (_config->FindB("APT::Get::List-Cleanup",true) == true || + (_config->FindB("APT::Get::List-Cleanup",true) == true && _config->FindB("APT::List-Cleanup",true) == true)) { if (Fetcher.Clean(_config->FindDir("Dir::State::lists")) == false || diff --git a/debian/changelog b/debian/changelog index ef4a21b6f..700e93af7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +apt (0.7.11) UNRELEASED; urgency=low + + [ Colin Watson ] + * apt-pkg/algorithms.cc: + - Since APT::Get::List-Cleanup and APT::List-Cleanup both default to + true, the effect of the compatibility code was to require both of them + to be set to false in order to disable list cleanup; this broke the + installer. Instead, disable list cleanup if either of them is set to + false. + + -- Michael Vogt Thu, 10 Jan 2008 12:06:12 +0100 + apt (0.7.10) unstable; urgency=low [ Otavio Salvador ] -- cgit v1.2.3-70-g09d2 From 7fbe42c07e7dae58477819d25b1d6b2b53367aa7 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 16 Jan 2008 16:41:06 +0100 Subject: * cmdline/apt-key: - add support for a master-keyring that contains signing keys that can be used to sign the archive signing keys. This should make key-rollover easier. --- cmdline/apt-key | 30 +++++++++++++++++++++++++++--- debian/changelog | 6 ++++++ 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/cmdline/apt-key b/cmdline/apt-key index c7db9a25a..d716a088f 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -9,9 +9,27 @@ GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring --secret-k GPG="$GPG_CMD --keyring /etc/apt/trusted.gpg" +MASTER_KEYRING="" +#MASTER_KEYRING=/usr/share/keyrings/debian-master-keyring.gpg ARCHIVE_KEYRING=/usr/share/keyrings/debian-archive-keyring.gpg REMOVED_KEYS=/usr/share/keyrings/debian-archive-removed-keys.gpg +add_keys_with_verify_against_master_keyring() { + # when adding new keys, make sure that the archive-master-keyring + # is honored. so: + # all keys that are exported and have the name + # "Ubuntu Archive Automatic Signing Key" must have a valid signature + # from a key in the ubuntu-master-keyring + add_keys=`$GPG_CMD --keyring $ARCHIVE_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` + master_keys=`$GPG_CMD --keyring $MASTER_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` + for add_key in $add_keys; do + for master_key in $master_keys; do + if $GPG --list-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then + $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export $add_key | $GPG --import + fi + done + done +} update() { if [ ! -f $ARCHIVE_KEYRING ]; then @@ -20,10 +38,15 @@ update() { exit 1 fi - # add new keys - $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import + # add new keys, if no MASTER_KEYRING is used, use the traditional + # way + if [ -z "$MASTER_KEYRING" ]; then + $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import + else + add_keys_with_verify_against_master_keyring + fi - # remove no-longer used keys + # remove no-longer supported/used keys keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys | grep ^pub | cut -d: -f5` for key in $keys; do if $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5 | grep -q $key; then @@ -32,6 +55,7 @@ update() { done } + usage() { echo "Usage: apt-key [command] [arguments]" echo diff --git a/debian/changelog b/debian/changelog index 700e93af7..92fdcf57c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,12 @@ apt (0.7.11) UNRELEASED; urgency=low to be set to false in order to disable list cleanup; this broke the installer. Instead, disable list cleanup if either of them is set to false. + + [ Michael Vogt ] + * cmdline/apt-key: + - add support for a master-keyring that contains signing keys + that can be used to sign the archive signing keys. This should + make key-rollover easier. -- Michael Vogt Thu, 10 Jan 2008 12:06:12 +0100 -- cgit v1.2.3-70-g09d2 From 8c56b1e0db5b29ccdc47b6f1664b1d0bd899a225 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 16 Jan 2008 16:48:13 +0100 Subject: cmdline/apt-key: refactor the master key checking into a function --- cmdline/apt-key | 40 ++++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/cmdline/apt-key b/cmdline/apt-key index d716a088f..048105320 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -15,20 +15,32 @@ ARCHIVE_KEYRING=/usr/share/keyrings/debian-archive-keyring.gpg REMOVED_KEYS=/usr/share/keyrings/debian-archive-removed-keys.gpg add_keys_with_verify_against_master_keyring() { - # when adding new keys, make sure that the archive-master-keyring - # is honored. so: - # all keys that are exported and have the name - # "Ubuntu Archive Automatic Signing Key" must have a valid signature - # from a key in the ubuntu-master-keyring - add_keys=`$GPG_CMD --keyring $ARCHIVE_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` - master_keys=`$GPG_CMD --keyring $MASTER_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` - for add_key in $add_keys; do - for master_key in $master_keys; do - if $GPG --list-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then - $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export $add_key | $GPG --import - fi - done + ADD_KEYRING=$1 + MASTER=$2 + + if [ ! -f "$ADD_KEYRING" ]; then + echo "ERROR: '$ADD_KEYRING' not found" + return + fi + if [ ! -f "$MASTER" ]; then + echo "ERROR: '$MASTER' not found" + return + fi + + # when adding new keys, make sure that the archive-master-keyring + # is honored. so: + # all keys that are exported and have the name + # "Ubuntu Archive Automatic Signing Key" must have a valid signature + # from a key in the ubuntu-master-keyring + add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` + master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` + for add_key in $add_keys; do + for master_key in $master_keys; do + if $GPG --list-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then + $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export $add_key | $GPG --import + fi done + done } update() { @@ -43,7 +55,7 @@ update() { if [ -z "$MASTER_KEYRING" ]; then $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import else - add_keys_with_verify_against_master_keyring + add_keys_with_verify_against_master_keyring $ARCHIVE_KEYRING $MASTER_KEYRING fi # remove no-longer supported/used keys -- cgit v1.2.3-70-g09d2 From 51dbf3686ee62584d7c2a21b6209a45ebceac5c9 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 31 Jan 2008 10:06:00 +0100 Subject: * apt-pkg/deb/dpkgpm.cc: - merged patch from Kees Cook to fix anoying upper-case display on amd64 in sbuild --- apt-pkg/deb/dpkgpm.cc | 4 +++- debian/changelog | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/apt-pkg/deb/dpkgpm.cc b/apt-pkg/deb/dpkgpm.cc index 34e166447..bc15b8819 100644 --- a/apt-pkg/deb/dpkgpm.cc +++ b/apt-pkg/deb/dpkgpm.cc @@ -702,14 +702,16 @@ bool pkgDPkgPM::Go(int OutStatusFd) sighandler_t old_SIGINT = signal(SIGINT,SIG_IGN); struct termios tt; + struct termios tt_out; struct winsize win; int master; int slave; // FIXME: setup sensible signal handling (*ick*) tcgetattr(0, &tt); + tcgetattr(1, &tt_out); ioctl(0, TIOCGWINSZ, (char *)&win); - if (openpty(&master, &slave, NULL, &tt, &win) < 0) + if (openpty(&master, &slave, NULL, &tt_out, &win) < 0) { const char *s = _("Can not write log, openpty() " "failed (/dev/pts not mounted?)\n"); diff --git a/debian/changelog b/debian/changelog index 92fdcf57c..d0e0c754d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -13,6 +13,9 @@ apt (0.7.11) UNRELEASED; urgency=low - add support for a master-keyring that contains signing keys that can be used to sign the archive signing keys. This should make key-rollover easier. + * apt-pkg/deb/dpkgpm.cc: + - merged patch from Kees Cook to fix anoying upper-case display + on amd64 in sbuild -- Michael Vogt Thu, 10 Jan 2008 12:06:12 +0100 -- cgit v1.2.3-70-g09d2 From e06c72cd8d39433b04883f35dea81619b8464b0e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 1 Feb 2008 16:55:44 +0100 Subject: * apt-pkg/algorithms.cc: - add APT::Update::Post-Invoke-Success script slot --- apt-pkg/algorithms.cc | 6 +++++- debian/changelog | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/apt-pkg/algorithms.cc b/apt-pkg/algorithms.cc index 57b85e24f..503a928ac 100644 --- a/apt-pkg/algorithms.cc +++ b/apt-pkg/algorithms.cc @@ -1371,7 +1371,11 @@ bool ListUpdate(pkgAcquireStatus &Stat, return _error->Error(_("Some index files failed to download, they have been ignored, or old ones used instead.")); - // Run the scripts if all was fine + // Run the success scripts if all was fine + if(!TransientNetworkFailure && !Failed) + RunScripts("APT::Update::Post-Invoke-Success"); + + // Run the other scripts RunScripts("APT::Update::Post-Invoke"); return true; } diff --git a/debian/changelog b/debian/changelog index d0e0c754d..497053111 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,6 +16,8 @@ apt (0.7.11) UNRELEASED; urgency=low * apt-pkg/deb/dpkgpm.cc: - merged patch from Kees Cook to fix anoying upper-case display on amd64 in sbuild + * apt-pkg/algorithms.cc: + - add APT::Update::Post-Invoke-Success script slot -- Michael Vogt Thu, 10 Jan 2008 12:06:12 +0100 -- cgit v1.2.3-70-g09d2 From 5d149bfc7f34bc39e0edf8d9d98786cadefeeedf Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 4 Feb 2008 14:15:17 +0100 Subject: add APT::Update::Auth-Failure script --- apt-pkg/acquire-item.cc | 1 + test/pre-upload-check.py | 18 +++++++++++++----- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index ad48adcff..a00b0b6d3 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1179,6 +1179,7 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf) "GPG error: %s: %s\n"), Desc.Description.c_str(), LookupTag(Message,"Message").c_str()); + RunScripts("APT::Update::Auth-Failure"); return; } else { _error->Warning(_("GPG error: %s: %s"), diff --git a/test/pre-upload-check.py b/test/pre-upload-check.py index ca44ec726..de43122ce 100755 --- a/test/pre-upload-check.py +++ b/test/pre-upload-check.py @@ -25,7 +25,8 @@ class testAptAuthenticationReliability(unittest.TestCase): apt = "apt-get" def setUp(self): - pass + if os.path.exists("/tmp/autFailure"): + os.unlink("/tmp/authFailure"); def testRepositorySigFailure(self): """ test if a repository that used to be authenticated and fails on @@ -39,26 +40,33 @@ class testAptAuthenticationReliability(unittest.TestCase): os.utime("/var/lib/apt/lists/%s" % os.path.basename(f), (0,0)) res = call([self.apt, "update", - "-o","Dir::Etc::sourcelist=./authReliability/sources.list.failure" + "-o","Dir::Etc::sourcelist=./authReliability/sources.list.failure", + "-o",'APT::Update::Auth-Failure::=touch /tmp/authFailure', ] + apt_args, stdout=stdout, stderr=stderr) self.assert_(os.path.exists("/var/lib/apt/lists/people.ubuntu.com_%7emvo_apt_auth-test-suit_gpg-package-broken_Release.gpg"), "The gpg file disappeared, this should not happen") self.assert_(os.path.exists("/var/lib/apt/lists/people.ubuntu.com_%7emvo_apt_auth-test-suit_gpg-package-broken_Packages"), "The Packages file disappeared, this should not happen") + self.assert_(os.path.exists("/tmp/authFailure"), + "The APT::Update::Auth-Failure script did not run") + os.unlink("/tmp/authFailure"); # the same with i-m-s hit this time for f in glob.glob("./authReliability/lists/*"): shutil.copy(f,"/var/lib/apt/lists") os.utime("/var/lib/apt/lists/%s" % os.path.basename(f), (time.time(),time.time())) res = call([self.apt, "update", - "-o","Dir::Etc::sourcelist=./authReliability/sources.list.failure" + "-o","Dir::Etc::sourcelist=./authReliability/sources.list.failure", + "-o",'APT::Update::Auth-Failure::=touch /tmp/authFailure', ] + apt_args, stdout=stdout, stderr=stderr) self.assert_(os.path.exists("/var/lib/apt/lists/people.ubuntu.com_%7emvo_apt_auth-test-suit_gpg-package-broken_Release.gpg"), "The gpg file disappeared, this should not happen") self.assert_(os.path.exists("/var/lib/apt/lists/people.ubuntu.com_%7emvo_apt_auth-test-suit_gpg-package-broken_Packages"), "The Packages file disappeared, this should not happen") + self.assert_(os.path.exists("/tmp/authFailure"), + "The APT::Update::Auth-Failure script did not run") def testRepositorySigGood(self): """ test that a regular repository with good data stays good @@ -239,5 +247,5 @@ if __name__ == "__main__": stderr = sys.stderr # run only one for now - #unittest.main(defaultTest="testAptAuthenticationReliability") - unittest.main() + unittest.main(defaultTest="testAptAuthenticationReliability") + #unittest.main() -- cgit v1.2.3-70-g09d2