Browse Source

* French manpage translation update

* spot & fix various typos in all manpages
* German manpage translation update
* cmdline/apt-cache.cc:
  - remove translatable marker from the "%4i %s\n" string
* buildlib/po4a_manpage.mak:
  - instruct debiandoc to build files with utf-8 encoding
* buildlib/tools.m4:
  - fix some warning from the buildtools
* apt-pkg/acquire-item.cc:
  - add configuration PDiffs::Limit-options to not download
    too many or too big patches (Closes: #554349)
* debian/control:
  - let all packages depend on ${misc:Depends}
* share/*-archive.gpg:
  - remove the horrible outdated files. We already depend on
    the keyring so we don't need to ship our own version
* cmdline/apt-key:
  - errors out if wget is not installed (Closes: #545754)
  - add --keyring option as we have now possibly many
* methods/gpgv.cc:
  - pass all keyrings (TrustedParts) to gpgv instead of
    using only one trusted.gpg keyring (Closes: #304846)
* methods/https.cc:
  - finally merge the rest of the patchset from Arnaud Ebalard
    with the CRL and Issuers options, thanks! (Closes: #485963)
tags/debian/0.7.25.1
Michael Vogt 12 years ago
parent
commit
46e39c8e14
35 changed files with 1144 additions and 656 deletions
  1. +2
    -0
      .bzrignore
  2. +49
    -13
      apt-pkg/acquire-item.cc
  3. +2
    -39
      apt-pkg/contrib/configuration.cc
  4. +50
    -0
      apt-pkg/contrib/fileutl.cc
  5. +3
    -0
      apt-pkg/contrib/fileutl.h
  6. +2
    -2
      apt-pkg/indexcopy.cc
  7. +1
    -1
      apt-pkg/pkgcache.cc
  8. +3
    -34
      apt-pkg/policy.cc
  9. +1
    -42
      apt-pkg/sourcelist.cc
  10. +1
    -1
      buildlib/po4a_manpage.mak
  11. +6
    -6
      buildlib/tools.m4
  12. +1
    -1
      cmdline/apt-cache.cc
  13. +42
    -5
      cmdline/apt-key
  14. +3
    -3
      configure.in
  15. +1
    -0
      debian/apt.dirs
  16. +0
    -6
      debian/apt.postinst
  17. +36
    -0
      debian/changelog
  18. +6
    -4
      debian/control
  19. +0
    -1
      debian/rules
  20. +18
    -6
      doc/apt-key.8.xml
  21. +11
    -4
      doc/apt.conf.5.xml
  22. +13
    -0
      doc/apt.ent
  23. +21
    -0
      doc/examples/apt-https-method-example.conf
  24. +6
    -6
      doc/examples/configure-index
  25. +3
    -3
      doc/guide.sgml
  26. +1
    -1
      doc/makefile
  27. +4
    -4
      doc/offline.sgml
  28. +746
    -401
      doc/po/de.po
  29. +31
    -15
      doc/po/fr.po
  30. +1
    -1
      doc/sources.list.5.xml
  31. +58
    -44
      methods/gpgv.cc
  32. +20
    -6
      methods/https.cc
  33. +2
    -7
      po/apt-all.pot
  34. BIN
      share/debian-archive.gpg
  35. BIN
      share/ubuntu-archive.gpg

+ 2
- 0
.bzrignore View File

@@ -8,6 +8,8 @@ aclocal.m4
autom4te.cache/
build/
configure
buildlib/config.sub
buildlib/config.guess

# generated files in the progress to build all
# apt man pages and other documentation


+ 49
- 13
apt-pkg/acquire-item.cc View File

@@ -219,19 +219,19 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string IndexDiffFile) /*{{{*/

if(TF.Step(Tags) == true)
{
string local_sha1;
bool found = false;
DiffInfo d;
string size;

string tmp = Tags.FindS("SHA1-Current");
string const tmp = Tags.FindS("SHA1-Current");
std::stringstream ss(tmp);
ss >> ServerSha1;
ss >> ServerSha1 >> size;
unsigned long const ServerSize = atol(size.c_str());

FileFd fd(CurrentPackagesFile, FileFd::ReadOnly);
SHA1Summation SHA1;
SHA1.AddFD(fd.Fd(), fd.Size());
local_sha1 = string(SHA1.Result());
string const local_sha1 = SHA1.Result();

if(local_sha1 == ServerSha1)
{
@@ -248,20 +248,56 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string IndexDiffFile) /*{{{*/
std::clog << "SHA1-Current: " << ServerSha1 << std::endl;

// check the historie and see what patches we need
string history = Tags.FindS("SHA1-History");
string const history = Tags.FindS("SHA1-History");
std::stringstream hist(history);
while(hist >> d.sha1 >> size >> d.file)
while(hist >> d.sha1 >> size >> d.file)
{
d.size = atoi(size.c_str());
// read until the first match is found
// from that point on, we probably need all diffs
if(d.sha1 == local_sha1)
found=true;
// from that point on, we probably need all diffs
if(found)
else if (found == false)
continue;

if(Debug)
std::clog << "Need to get diff: " << d.file << std::endl;
available_patches.push_back(d);
}

if (available_patches.empty() == false)
{
// patching with too many files is rather slow compared to a fast download
unsigned long const fileLimit = _config->FindI("Acquire::PDiffs::FileLimit", 0);
if (fileLimit != 0 && fileLimit < available_patches.size())
{
if (Debug)
std::clog << "Need " << available_patches.size() << " diffs (Limit is " << fileLimit
<< ") so fallback to complete download" << std::endl;
return false;
}

// see if the patches are too big
found = false; // it was true and it will be true again at the end
d = *available_patches.begin();
string const firstPatch = d.file;
unsigned long patchesSize = 0;
std::stringstream patches(Tags.FindS("SHA1-Patches"));
while(patches >> d.sha1 >> size >> d.file)
{
if (firstPatch == d.file)
found = true;
else if (found == false)
continue;

patchesSize += atol(size.c_str());
}
unsigned long const sizeLimit = ServerSize * _config->FindI("Acquire::PDiffs::SizeLimit", 100);
if (sizeLimit > 0 && (sizeLimit/100) < patchesSize)
{
if(Debug)
std::clog << "Need to get diff: " << d.file << std::endl;
available_patches.push_back(d);
if (Debug)
std::clog << "Need " << patchesSize << " bytes (Limit is " << sizeLimit/100
<< ") so fallback to complete download" << std::endl;
return false;
}
}
}
@@ -270,7 +306,7 @@ bool pkgAcqDiffIndex::ParseDiffIndex(string IndexDiffFile) /*{{{*/
if(found)
{
// queue the diffs
string::size_type last_space = Description.rfind(" ");
string::size_type const last_space = Description.rfind(" ");
if(last_space != string::npos)
Description.erase(last_space, Description.size()-last_space);
new pkgAcqIndexDiffs(Owner, RealURI, Description, Desc.ShortDesc,


+ 2
- 39
apt-pkg/contrib/configuration.cc View File

@@ -22,14 +22,8 @@
#include <apti18n.h>

#include <vector>
#include <algorithm>
#include <fstream>
#include <iostream>
#include <stdio.h>
#include <dirent.h>
#include <sys/stat.h>
#include <unistd.h>

using namespace std;
/*}}}*/
@@ -835,39 +829,8 @@ bool ReadConfigFile(Configuration &Conf,const string &FName,bool AsSectional,
// ReadConfigDir - Read a directory of config files /*{{{*/
// ---------------------------------------------------------------------
/* */
bool ReadConfigDir(Configuration &Conf,const string &Dir,bool AsSectional,
unsigned Depth)
{
DIR *D = opendir(Dir.c_str());
if (D == 0)
return _error->Errno("opendir",_("Unable to read %s"),Dir.c_str());

vector<string> List;
for (struct dirent *Ent = readdir(D); Ent != 0; Ent = readdir(D))
{
if (Ent->d_name[0] == '.')
continue;
// Skip bad file names ala run-parts
const char *C = Ent->d_name;
for (; *C != 0; C++)
if (isalpha(*C) == 0 && isdigit(*C) == 0 && *C != '_' && *C != '-')
break;
if (*C != 0)
continue;
// Make sure it is a file and not something else
string File = flCombine(Dir,Ent->d_name);
struct stat St;
if (stat(File.c_str(),&St) != 0 || S_ISREG(St.st_mode) == 0)
continue;
List.push_back(File);
}
closedir(D);
sort(List.begin(),List.end());
{
vector<string> const List = GetListOfFilesInDir(Dir, "", true);

// Read the files
for (vector<string>::const_iterator I = List.begin(); I != List.end(); I++)


+ 50
- 0
apt-pkg/contrib/fileutl.cc View File

@@ -34,9 +34,11 @@
#include <sys/types.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <dirent.h>
#include <signal.h>
#include <errno.h>
#include <set>
#include <algorithm>
/*}}}*/

using namespace std;
@@ -195,6 +197,54 @@ bool FileExists(string File)
return true;
}
/*}}}*/
// GetListOfFilesInDir - returns a vector of files in the given dir /*{{{*/
// ---------------------------------------------------------------------
/* If an extension is given only files with this extension are included
in the returned vector, otherwise every "normal" file is included. */
std::vector<string> GetListOfFilesInDir(string const &Dir, string const &Ext,
bool const &SortList)
{
std::vector<string> List;
DIR *D = opendir(Dir.c_str());
if (D == 0)
{
_error->Errno("opendir",_("Unable to read %s"),Dir.c_str());
return List;
}

for (struct dirent *Ent = readdir(D); Ent != 0; Ent = readdir(D))
{
if (Ent->d_name[0] == '.')
continue;

if (Ext.empty() == false && flExtension(Ent->d_name) != Ext)
continue;

// Skip bad file names ala run-parts
const char *C = Ent->d_name;
for (; *C != 0; ++C)
if (isalpha(*C) == 0 && isdigit(*C) == 0
&& *C != '_' && *C != '-' && *C != '.')
break;

if (*C != 0)
continue;

// Make sure it is a file and not something else
string const File = flCombine(Dir,Ent->d_name);
struct stat St;
if (stat(File.c_str(),&St) != 0 || S_ISREG(St.st_mode) == 0)
continue;

List.push_back(File);
}
closedir(D);

if (SortList == true)
std::sort(List.begin(),List.end());
return List;
}
/*}}}*/
// SafeGetCWD - This is a safer getcwd that returns a dynamic string /*{{{*/
// ---------------------------------------------------------------------
/* We return / on failure. */


+ 3
- 0
apt-pkg/contrib/fileutl.h View File

@@ -23,6 +23,7 @@


#include <string>
#include <vector>

using std::string;

@@ -81,6 +82,8 @@ bool RunScripts(const char *Cnf);
bool CopyFile(FileFd &From,FileFd &To);
int GetLock(string File,bool Errors = true);
bool FileExists(string File);
std::vector<string> GetListOfFilesInDir(string const &Dir, string const &Ext,
bool const &SortList);
string SafeGetCWD();
void SetCloseExec(int Fd,bool Close);
void SetNonBlock(int Fd,bool Block);


+ 2
- 2
apt-pkg/indexcopy.cc View File

@@ -275,7 +275,7 @@ bool IndexCopy::CopyPackages(string CDROM,string Name,vector<string> &List,
_error->Warning("No valid records were found.");

if (NotFound + WrongSize > 10)
_error->Warning("Alot of entries were discarded, something may be wrong.\n");
_error->Warning("A lot of entries were discarded, something may be wrong.\n");

return true;
@@ -847,7 +847,7 @@ bool TranslationsCopy::CopyTranslations(string CDROM,string Name, /*{{{*/
_error->Warning("No valid records were found.");

if (NotFound + WrongSize > 10)
_error->Warning("Alot of entries were discarded, something may be wrong.\n");
_error->Warning("A lot of entries were discarded, something may be wrong.\n");

return true;


+ 1
- 1
apt-pkg/pkgcache.cc View File

@@ -298,7 +298,7 @@ const char *
pkgCache::PkgIterator::CandVersion() const
{
//TargetVer is empty, so don't use it.
VerIterator version = pkgPolicy::pkgPolicy(Owner).GetCandidateVer(*this);
VerIterator version = pkgPolicy(Owner).GetCandidateVer(*this);
if (version.IsGood())
return version.VerStr();
return 0;


+ 3
- 34
apt-pkg/policy.cc View File

@@ -27,14 +27,12 @@
#include <apt-pkg/configuration.h>
#include <apt-pkg/tagfile.h>
#include <apt-pkg/strutl.h>
#include <apt-pkg/fileutl.h>
#include <apt-pkg/error.h>
#include <apt-pkg/sptr.h>
#include <apti18n.h>

#include <dirent.h>
#include <sys/stat.h>
#include <algorithm>
#include <iostream>
#include <sstream>
/*}}}*/
@@ -282,36 +280,7 @@ bool ReadPinDir(pkgPolicy &Plcy,string Dir)
return true;
}

DIR *D = opendir(Dir.c_str());
if (D == 0)
return _error->Errno("opendir",_("Unable to read %s"),Dir.c_str());

vector<string> List;

for (struct dirent *Ent = readdir(D); Ent != 0; Ent = readdir(D))
{
if (Ent->d_name[0] == '.')
continue;

// Skip bad file names ala run-parts
const char *C = Ent->d_name;
for (; *C != 0; C++)
if (isalpha(*C) == 0 && isdigit(*C) == 0 && *C != '_' && *C != '-')
break;
if (*C != 0)
continue;

// Make sure it is a file and not something else
string File = flCombine(Dir,Ent->d_name);
struct stat St;
if (stat(File.c_str(),&St) != 0 || S_ISREG(St.st_mode) == 0)
continue;

List.push_back(File);
}
closedir(D);

sort(List.begin(),List.end());
vector<string> const List = GetListOfFilesInDir(Dir, "", true);

// Read the files
for (vector<string>::const_iterator I = List.begin(); I != List.end(); I++)


+ 1
- 42
apt-pkg/sourcelist.cc View File

@@ -17,13 +17,6 @@
#include <apti18n.h>

#include <fstream>

// CNC:2003-03-03 - This is needed for ReadDir stuff.
#include <algorithm>
#include <stdio.h>
#include <dirent.h>
#include <sys/stat.h>
#include <unistd.h>
/*}}}*/

using namespace std;
@@ -322,41 +315,7 @@ bool pkgSourceList::GetIndexes(pkgAcquire *Owner, bool GetAll) const
/* */
bool pkgSourceList::ReadSourceDir(string Dir)
{
DIR *D = opendir(Dir.c_str());
if (D == 0)
return _error->Errno("opendir",_("Unable to read %s"),Dir.c_str());

vector<string> List;
for (struct dirent *Ent = readdir(D); Ent != 0; Ent = readdir(D))
{
if (Ent->d_name[0] == '.')
continue;

// CNC:2003-12-02 Only accept .list files as valid sourceparts
if (flExtension(Ent->d_name) != "list")
continue;
// Skip bad file names ala run-parts
const char *C = Ent->d_name;
for (; *C != 0; C++)
if (isalpha(*C) == 0 && isdigit(*C) == 0
&& *C != '_' && *C != '-' && *C != '.')
break;
if (*C != 0)
continue;
// Make sure it is a file and not something else
string File = flCombine(Dir,Ent->d_name);
struct stat St;
if (stat(File.c_str(),&St) != 0 || S_ISREG(St.st_mode) == 0)
continue;
List.push_back(File);
}
closedir(D);
sort(List.begin(),List.end());
vector<string> const List = GetListOfFilesInDir(Dir, "list", true);

// Read the files
for (vector<string>::const_iterator I = List.begin(); I != List.end(); I++)


+ 1
- 1
buildlib/po4a_manpage.mak View File

@@ -57,5 +57,5 @@ endif

# Debian Doc SGML Documents
SOURCE := $(wildcard *.$(LC).sgml)
DEBIANDOC_HTML_OPTIONS=-l $(LC)
DEBIANDOC_HTML_OPTIONS=-l $(LC).UTF-8
include $(DEBIANDOC_H)

+ 6
- 6
buildlib/tools.m4 View File

@@ -1,4 +1,4 @@
AC_DEFUN(ah_HAVE_GETCONF,
AC_DEFUN([ah_HAVE_GETCONF],
[AC_ARG_WITH(getconf,
[ --with-getconf Enable automagical buildtime configuration],
[if test "$withval" = "yes"; then
@@ -14,7 +14,7 @@ AC_DEFUN(ah_HAVE_GETCONF,
])

dnl ah_GET_CONF(variable, value ..., [default])
AC_DEFUN(ah_GET_GETCONF,
AC_DEFUN([ah_GET_GETCONF],
[AC_REQUIRE([ah_HAVE_GETCONF])
if test ! -z "$GETCONF";then
old_args="[$]@"
@@ -28,7 +28,7 @@ AC_DEFUN(ah_GET_GETCONF,
eval $1="$3"
fi
])
AC_DEFUN(ah_NUM_CPUS,
AC_DEFUN([ah_NUM_CPUS],
[AC_MSG_CHECKING([number of cpus])
AC_ARG_WITH(cpus,
[ --with-cpus The number of cpus to be used for building(see --with-procs, default 1)],
@@ -56,7 +56,7 @@ AC_DEFUN(ah_NUM_CPUS,
AC_MSG_RESULT([$ah_NUM_CPUS_msg])
AC_SUBST(NUM_CPUS)
])
AC_DEFUN(ah_PROC_MULTIPLY,
AC_DEFUN([ah_PROC_MULTIPLY],
[AC_REQUIRE([ah_NUM_CPUS])
AC_MSG_CHECKING([processor multiplier])
AC_ARG_WITH(proc-multiply,
@@ -72,7 +72,7 @@ AC_DEFUN(ah_PROC_MULTIPLY,
AC_SUBST(PROC_MULTIPLY)
])

AC_DEFUN(ah_NUM_PROCS,
AC_DEFUN([ah_NUM_PROCS],
[AC_REQUIRE([ah_PROC_MULTIPLY])
AC_REQUIRE([ah_NUM_CPUS])
AC_MSG_CHECKING([number of processes to run during make])
@@ -89,7 +89,7 @@ AC_DEFUN(ah_NUM_PROCS,
AC_SUBST(NUM_PROCS)
])

AC_DEFUN(ah_GCC3DEP,[
AC_DEFUN([ah_GCC3DEP],[
AC_MSG_CHECKING(if $CXX -MD works)
touch gcc3dep.cc
${CXX-c++} -MD -o gcc3dep_test.o -c gcc3dep.cc


+ 1
- 1
cmdline/apt-cache.cc View File

@@ -1620,7 +1620,7 @@ bool Policy(CommandLine &CmdL)
if (SrcList->FindIndex(VF.File(),Indx) == false &&
_system->FindIndex(VF.File(),Indx) == false)
return _error->Error(_("Cache is out of sync, can't x-ref a package file"));
printf(_(" %4i %s\n"),Plcy.GetPriority(VF.File()),
printf(" %4i %s\n",Plcy.GetPriority(VF.File()),
Indx->Describe(true).c_str());
}
}


+ 42
- 5
cmdline/apt-key View File

@@ -5,10 +5,8 @@ unset GREP_OPTIONS

# We don't use a secret keyring, of course, but gpg panics and
# implodes if there isn't one available

GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg"
GPG="$GPG_CMD --keyring /etc/apt/trusted.gpg"

GPG="$GPG_CMD"

MASTER_KEYRING=""
ARCHIVE_KEYRING_URI=""
@@ -56,7 +54,14 @@ add_keys_with_verify_against_master_keyring() {
# (otherwise it does not make sense from a security POV)
net_update() {
if [ -z "$ARCHIVE_KEYRING_URI" ]; then
echo "ERROR: no location for the archive-keyring given"
echo "ERROR: no location for the archive-keyring given"
exit 1
fi
# in theory we would need to depend on wget for this, but this feature
# isn't useable in debian anyway as we have no keyring uri nor a master key
if ! which wget >/dev/null 2>&1; then
echo "ERROR: an installed wget is required for a network-based update"
exit 1
fi
if [ ! -d /var/lib/apt/keyrings ]; then
mkdir -p /var/lib/apt/keyrings
@@ -108,7 +113,7 @@ update() {


usage() {
echo "Usage: apt-key [command] [arguments]"
echo "Usage: apt-key [--keyring file] [command] [arguments]"
echo
echo "Manage apt's list of trusted keys"
echo
@@ -122,8 +127,40 @@ usage() {
echo " apt-key finger - list fingerprints"
echo " apt-key adv - pass advanced options to gpg (download key)"
echo
echo "If no specific keyring file is given the command applies to all keyring files."
}

# Determine on which keyring we want to work
if [ "$1" = "--keyring" ]; then
#echo "keyfile given"
shift
TRUSTEDFILE="$1"
if [ -r "$TRUSTEDFILE" ]; then
GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE"
else
echo >&2 "Error: The specified keyring »$TRUSTEDFILE« is missing or not readable"
exit 1
fi
shift
# otherwise use the default
else
#echo "generate list"
TRUSTEDFILE="/etc/apt/trusted.gpg"
if [ -r "$TRUSTEDFILE" ]; then
GPG="$GPG --keyring $TRUSTEDFILE"
fi
GPG="$GPG --primary-keyring $TRUSTEDFILE"
TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
if [ -d "$TRUSTEDPARTS" ]; then
#echo "parts active"
for trusted in $(run-parts --list $TRUSTEDPARTS --regex '^.*\.gpg$'); do
#echo "part -> $trusted"
GPG="$GPG --keyring $trusted"
done
fi
fi
#echo "COMMAND: $GPG"

command="$1"
if [ -z "$command" ]; then
usage


+ 3
- 3
configure.in View File

@@ -96,10 +96,10 @@ AC_MSG_RESULT($archset)
AC_DEFINE_UNQUOTED(COMMON_ARCH,"$archset")

dnl We use C99 types if at all possible
AC_CACHE_CHECK([for C99 integer types],c9x_ints,[
AC_CACHE_CHECK([for C99 integer types],apt_cv_c9x_ints,[
AC_TRY_COMPILE([#include <inttypes.h>],
[uint8_t Foo1;uint16_t Foo2;uint32_t Foo3;],
c9x_ints=yes,c9x_ints=no)])
apt_cv_c9x_ints=yes,apt_cv_c9x_ints=no)])

dnl Single Unix Spec statvfs
AC_CHECK_FUNC(statvfs,[HAVE_STATVFS=yes])
@@ -150,7 +150,7 @@ AC_C_BIGENDIAN
dnl We do not need this if we have inttypes!
HAVE_C9X=yes
if test x"$c9x_ints" = x"no"; then
if test x"$apt_cv_c9x_ints" = x"no"; then
AC_CHECK_SIZEOF(char,$size_char)
AC_CHECK_SIZEOF(int,$size_int)
AC_CHECK_SIZEOF(short,$size_short)


+ 1
- 0
debian/apt.dirs View File

@@ -5,6 +5,7 @@ etc/apt
etc/apt/apt.conf.d
etc/apt/preferences.d
etc/apt/sources.list.d
etc/apt/trusted.gpg.d
etc/logrotate.d
var/cache/apt/archives/partial
var/lib/apt/lists/partial


+ 0
- 6
debian/apt.postinst View File

@@ -15,13 +15,7 @@ set -e

case "$1" in
configure)

if ! test -f /etc/apt/trusted.gpg; then
cp /usr/share/apt/debian-archive.gpg /etc/apt/trusted.gpg
fi

apt-key update

;;

abort-upgrade|abort-remove|abort-deconfigure)


+ 36
- 0
debian/changelog View File

@@ -1,3 +1,39 @@
apt (0.7.25.1) UNRELEASED; urgency=low

[ Christian Perrier ]
* French manpage translation update
[Chris Leick]
* spot & fix various typos in all manpages
* German manpage translation update

[ David Kalnischkies ]
* cmdline/apt-cache.cc:
- remove translatable marker from the "%4i %s\n" string
* buildlib/po4a_manpage.mak:
- instruct debiandoc to build files with utf-8 encoding
* buildlib/tools.m4:
- fix some warning from the buildtools
* apt-pkg/acquire-item.cc:
- add configuration PDiffs::Limit-options to not download
too many or too big patches (Closes: #554349)
* debian/control:
- let all packages depend on ${misc:Depends}
* share/*-archive.gpg:
- remove the horrible outdated files. We already depend on
the keyring so we don't need to ship our own version
* cmdline/apt-key:
- errors out if wget is not installed (Closes: #545754)
- add --keyring option as we have now possibly many
* methods/gpgv.cc:
- pass all keyrings (TrustedParts) to gpgv instead of
using only one trusted.gpg keyring (Closes: #304846)
* methods/https.cc:
- finally merge the rest of the patchset from Arnaud Ebalard
with the CRL and Issuers options, thanks! (Closes: #485963)

-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 08 Jan 2010 20:17:28 +0100

apt (0.7.25) unstable; urgency=low

[ Christian Perrier ]


+ 6
- 4
debian/control View File

@@ -11,7 +11,7 @@ Vcs-Bzr: http://bzr.debian.org/apt/debian-sid/

Package: apt
Architecture: any
Depends: ${shlibs:Depends}, debian-archive-keyring
Depends: ${shlibs:Depends}, debian-archive-keyring, ${misc:Depends}
Replaces: libapt-pkg-doc (<< 0.3.7), libapt-pkg-dev (<< 0.3.7)
Provides: ${libapt-pkg:provides}
Suggests: aptitude | synaptic | wajig, dpkg-dev, apt-doc, bzip2, lzma, python-apt
@@ -26,6 +26,7 @@ Description: Advanced front-end for dpkg
Package: apt-doc
Architecture: all
Priority: optional
Depends: ${misc:Depends}
Replaces: apt (<< 0.5.4.9)
Section: doc
Description: Documentation for APT
@@ -35,7 +36,7 @@ Description: Documentation for APT
Package: libapt-pkg-dev
Architecture: any
Priority: optional
Depends: apt (= ${binary:Version}), apt-utils (= ${binary:Version}), ${libapt-pkg:provides}, ${libapt-inst:provides}
Depends: apt (= ${binary:Version}), apt-utils (= ${binary:Version}), ${libapt-pkg:provides}, ${libapt-inst:provides}, ${misc:Depends}
Section: libdevel
Description: Development files for APT's libapt-pkg and libapt-inst
This package contains the header files and libraries for
@@ -45,6 +46,7 @@ Description: Development files for APT's libapt-pkg and libapt-inst
Package: libapt-pkg-doc
Architecture: all
Priority: optional
Depends: ${misc:Depends}
Section: doc
Description: Documentation for APT development
This package contains documentation for development of the APT
@@ -52,7 +54,7 @@ Description: Documentation for APT development

Package: apt-utils
Architecture: any
Depends: ${shlibs:Depends}
Depends: ${shlibs:Depends}, ${misc:Depends}
Provides: ${libapt-inst:provides}
Replaces: apt (<< 0.5.9)
Description: APT utility programs
@@ -65,7 +67,7 @@ Description: APT utility programs

Package: apt-transport-https
Architecture: any
Depends: ${shlibs:Depends}
Depends: ${shlibs:Depends}, ${misc:Depends}
Priority: optional
Description: APT https transport
This package contains a APT https transport. It makes it possible to


+ 0
- 1
debian/rules View File

@@ -213,7 +213,6 @@ apt: build build-doc debian/shlibs.local
cp debian/bugscript debian/$@/usr/share/bug/apt/script
cp debian/apt.logrotate debian/$@/etc/logrotate.d/apt

cp share/debian-archive.gpg debian/$@/usr/share/$@
cp debian/apt.conf.autoremove debian/$@/etc/apt/apt.conf.d/01autoremove
# head -n 500 ChangeLog > debian/ChangeLog



+ 18
- 6
doc/apt-key.8.xml View File

@@ -26,7 +26,8 @@
<refsynopsisdiv>
<cmdsynopsis>
<command>apt-key</command>
<arg><replaceable>command</replaceable>/</arg>
<arg><option>--keyring <replaceable>filename</replaceable></option></arg>
<arg><replaceable>command</replaceable></arg>
<arg rep="repeat"><option><replaceable>arguments</replaceable></option></arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -135,11 +136,24 @@
</variablelist>
</refsect1>

<refsect1><title>Options</title>
<para>Note that options need to be defined before the commands described in the previous section.</para>
<variablelist>
<varlistentry><term>--keyring <replaceable>filename</replaceable></term>
<listitem><para>With this option it is possible to specify a specific keyring
file the command should operate on. The default is that a command is executed
on the <filename>trusted.gpg</filename> file as well as on all parts in the
<filename>trusted.gpg.d</filename> directory, through <filename>trusted.gpg</filename>
is the primary keyring which means that e.g. new keys are added to this one.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>

<refsect1><title>Files</title>
<variablelist>
<varlistentry><term><filename>/etc/apt/trusted.gpg</filename></term>
<listitem><para>Keyring of local trusted keys, new keys will be added here.</para></listitem>
</varlistentry>

&file-trustedgpg;

<varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term>
<listitem><para>Local trust database of archive keys.</para></listitem>
@@ -153,8 +167,6 @@
<listitem><para>Keyring of Debian archive removed trusted keys.</para></listitem>
</varlistentry>



</variablelist>

</refsect1>


+ 11
- 4
doc/apt.conf.5.xml View File

@@ -166,10 +166,10 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
longer guaranteed to work as their dependency on A is not longer satisfied. The immediate configuration marker
is also applied to all dependencies which can generate a problem if the dependencies e.g. form a circle
as a dependency with the immediate flag is comparable with a Pre-Dependency. So in theory it is possible
that APT encounters a situation in which it is unable to perform immediate configuration, error out and
refers to this option so the user can deactivate the immediate configuration temporary to be able to perform
that APT encounters a situation in which it is unable to perform immediate configuration, errors out and
refers to this option so the user can deactivate the immediate configuration temporarily to be able to perform
an install/upgrade again. Note the use of the word "theory" here as this problem was only encountered by now
in real world a few times in non-stable distribution versions and caused by wrong dependencies of the package
in real world a few times in non-stable distribution versions and was caused by wrong dependencies of the package
in question or by a system in an already broken state, so you should not blindly disable this option as
the mentioned scenario above is not the only problem immediate configuration can help to prevent in the first place.
Before a big operation like <literal>dist-upgrade</literal> is run with this option disabled it should be tried to
@@ -221,7 +221,14 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
<varlistentry><term>PDiffs</term>
<listitem><para>Try to download deltas called <literal>PDiffs</literal> for
Packages or Sources files instead of downloading whole ones. True
by default.</para></listitem>
by default.</para>
<para>Two sub-options to limit the use of PDiffs are also available:
With <literal>FileLimit</literal> can be specified how many PDiff files
are downloaded at most to patch a file. <literal>SizeLimit</literal>
on the other hand is the maximum precentage of the size of all patches
compared to the size of the targeted file. If one of these limits is
exceeded the complete file is downloaded instead of the patches.
</para></listitem>
</varlistentry>

<varlistentry><term>Queue-Mode</term>


+ 13
- 0
doc/apt.ent View File

@@ -353,3 +353,16 @@
Configuration Item: <literal>Dir::State::Lists</literal> (implicit partial).</para></listitem>
</varlistentry>
">

<!ENTITY file-trustedgpg "
<varlistentry><term><filename>/etc/apt/trusted.gpg</filename></term>
<listitem><para>Keyring of local trusted keys, new keys will be added here.
Configuration Item: <literal>Dir::Etc::Trusted</literal>.</para></listitem>
</varlistentry>

<varlistentry><term><filename>/etc/apt/trusted.gpg.d/</filename></term>
<listitem><para>File fragments for the trusted keys, additional keyrings can
be stored here (by other packages or the administrator).
Configuration Item <literal>Dir::Etc::TrustedParts</literal>.</para></listitem>
</varlistentry>
">

+ 21
- 0
doc/examples/apt-https-method-example.conf View File

@@ -36,6 +36,8 @@
to access its content.
- The certificate presented by both server have (as expected) a CN that
matches their respective DNS names.
- We have CRL available for both dom1.tld and dom2.tld PKI, and intend
to use them.
- It somtimes happens that we had other more generic https available
repository to our list. We want the checks to be performed against
a common list of anchors (like the one provided by ca-certificates
@@ -56,10 +58,13 @@ Acquire::https::CaInfo "/etc/ssl/certs/ca-certificates.pem";
// Use a specific anchor and associated CRL. Enforce issuer of
// server certificate using its cert.
Acquire::https::secure.dom1.tld::CaInfo "/etc/apt/certs/ca-dom1-crt.pem";
Acquire::https::secure.dom1.tld::CrlFile "/etc/apt/certs/ca-dom1-crl.pem";
Acquire::https::secure.dom1.tld::IssuerCert "/etc/apt/certs/secure.dom1-issuer-crt.pem";

// Like previous for anchor and CRL, but also provide our
// certificate and keys for client authentication.
Acquire::https::secure.dom2.tld::CaInfo "/etc/apt/certs/ca-dom2-crt.pem";
Acquire::https::secure.dom2.tld::CrlFile "/etc/apt/certs/ca-dom2-crl.pem";
Acquire::https::secure.dom2.tld::SslCert "/etc/apt/certs/my-crt.pem";
Acquire::https::secure.dom2.tld::SslKey "/etc/apt/certs/my-key.pem";

@@ -97,6 +102,22 @@ Acquire::https::secure.dom2.tld::SslKey "/etc/apt/certs/my-key.pem";
used for the https entries in the sources.list file that use that
repository (with the same name).

Acquire::https[::repo.domain.tld]::CrlFile "/path/to/all/crl.pem";

Like previous knob but for passing the list of CRL files (in PEM
format) to be used to verify revocation status. Again, if the
option is defined with no specific mirror (probably makes little
sense), this CRL information is used for all defined https entries
in sources.list file. In a mirror specific context, it only applies
to that mirror.

Acquire::https[::repo.domain.tld]::IssuerCert "/path/to/issuer/cert.pem";

Allows to constrain the issuer of the server certificate (for all
https mirrors or a specific one) to a specific issuer. If the
server certificate has not been issued by this certificate,
connection fails.

Acquire::https[::repo.domain.tld]::Verify-Peer "true";

When authenticating the server, if the certificate verification fails


+ 6
- 6
doc/examples/configure-index View File

@@ -90,11 +90,6 @@ APT
TrustCDROM "false"; // consider the CDROM always trusted
};

GPGV
{
TrustedKeyring "/etc/apt/trusted.gpg";
};

// Some general options
Ignore-Hold "false";
Clean-Installed "true";
@@ -176,7 +171,10 @@ Acquire
Source-Symlinks "true";

PDiffs "true"; // try to get the IndexFile diffs
PDiffs::FileLimit "4"; // don't use diffs if we would need more than 4 diffs
PDiffs::SizeLimit "50"; // don't use diffs if size of all patches excess
// 50% of the size of the original file

// HTTP method configuration
http
{
@@ -308,6 +306,8 @@ Dir "/"
SourceParts "sources.list.d";
VendorList "vendors.list";
VendorParts "vendors.list.d";
Trusted "trusted.gpg";
TrustedParts "trusted.gpg.d";
};
// Locations of binaries


+ 3
- 3
doc/guide.sgml View File

@@ -56,7 +56,7 @@ requires another package to be installed at the same time to work properly.

<p>
For instance, mailcrypt is an emacs extension that aids in encrypting email
with GPG. Without GPGP installed mail-crypt is useless, so mailcrypt has a
with GPG. Without GPGP installed mailcrypt is useless, so mailcrypt has a
simple dependency on GPG. Also, because it is an emacs extension it has a
simple dependency on emacs, without emacs it is completely useless.

@@ -171,7 +171,7 @@ the <prgn>dselect</> package selection GUI. <prgn>dselect</> is used to
select the packages to be installed or removed and APT actually installs them.

<p>
To enable the APT method you need to to select [A]ccess in <prgn>dselect</>
To enable the APT method you need to select [A]ccess in <prgn>dselect</>
and then choose the APT method. You will be prompted for a set of
<em>Sources</> which are places to fetch archives from. These can be remote
Internet sites, local Debian mirrors or CDROMs. Each source can provide
@@ -239,7 +239,7 @@ prompt until you have specified all that you want.

<p>
Before starting to use <prgn>dselect</> it is necessary to update the
available list by selecting [U]pdate from the menu. This is a super-set of
available list by selecting [U]pdate from the menu. This is a superset of
<tt>apt-get update</> that makes the fetched information available to
<prgn>dselect</>. [U]pdate must be performed even if <tt>apt-get update</>
has been run before.


+ 1
- 1
doc/makefile View File

@@ -8,7 +8,7 @@ include ../buildlib/defaults.mak

# Debian Doc SGML Documents
SOURCE = $(wildcard *.sgml)
DEBIANDOC_HTML_OPTIONS=-l en
DEBIANDOC_HTML_OPTIONS=-l en.UTF-8
include $(DEBIANDOC_H)

# Do not use XMLTO, build the manpages directly with XSLTPROC


+ 4
- 4
doc/offline.sgml View File

@@ -50,7 +50,7 @@ no connection.

<p>
This is achieved by creatively manipulating the APT configuration file. The
essential premis to tell APT to look on a disc for it's archive files. Note
essential premise to tell APT to look on a disc for it's archive files. Note
that the disc should be formated with a filesystem that can handle long file
names such as ext2, fat32 or vfat.

@@ -129,7 +129,7 @@ configuration file in <em>/usr/share/doc/apt/examples/apt.conf</em>.
<p>
On the target machine the first thing to do is mount the disc and copy
<em>/var/lib/dpkg/status</em> to it. You will also need to create the directories
outlined in the Overview, <em>archives/partial/</em> and <em>lists/partial/</em>
outlined in the Overview, <em>archives/partial/</em> and <em>lists/partial/</em>.
Then take the disc to the remote machine and configure the sources.list.
On the remote machine execute the following:

@@ -141,9 +141,9 @@ On the remote machine execute the following:
[ APT fetches all the packages needed to upgrade the target machine ]
</example>

The dist-upgrade command can be replaced with any-other standard APT commands,
The dist-upgrade command can be replaced with any other standard APT commands,
particularly dselect-upgrade. You can even use an APT front end such as
<em>dselect</em> However this presents a problem in communicating your
<em>dselect</em>. However this presents a problem in communicating your
selections back to the local computer.

<p>


+ 746
- 401
doc/po/de.po
File diff suppressed because it is too large
View File


+ 31
- 15
doc/po/fr.po View File

@@ -2597,7 +2597,8 @@ msgstr ""

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-ftparchive.1.xml:82 apt-ftparchive.1.xml:106
msgid "The option <option>--db</option> can be used to specify a binary caching DB."
msgid ""
"The option <option>--db</option> can be used to specify a binary caching DB."
msgstr ""
"On peut se servir de l'option <option>--db</option> pour demander un cache "
"binaire."
@@ -2752,8 +2753,10 @@ msgstr ""

#. type: Content of: <refentry><refsect1><para>
#: apt-ftparchive.1.xml:155
msgid "The generate configuration has 4 separate sections, each described below."
msgstr "Ce fichier de configuration possède quatre sections, décrites ci-dessous."
msgid ""
"The generate configuration has 4 separate sections, each described below."
msgstr ""
"Ce fichier de configuration possède quatre sections, décrites ci-dessous."

#. type: Content of: <refentry><refsect1><refsect2><title>
#: apt-ftparchive.1.xml:157
@@ -4949,7 +4952,8 @@ msgstr "<filename>/etc/apt/trusted.gpg</filename>"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:141
msgid "Keyring of local trusted keys, new keys will be added here."
msgstr "Trousseau de clés locales fiables : les nouvelles clés y seront ajoutées."
msgstr ""
"Trousseau de clés locales fiables : les nouvelles clés y seront ajoutées."

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:144
@@ -4973,8 +4977,10 @@ msgstr "Trousseau des clés fiables de l'archive Debian."

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:152
msgid "<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
msgstr "<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
msgid ""
"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
msgstr ""
"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:153
@@ -5114,8 +5120,10 @@ msgstr ""

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-mark.8.xml:93
msgid "<option>-f=<filename><replaceable>FILENAME</replaceable></filename></option>"
msgstr "<option>-f=<filename><replaceable>FICHIER</replaceable></filename></option>"
msgid ""
"<option>-f=<filename><replaceable>FILENAME</replaceable></filename></option>"
msgstr ""
"<option>-f=<filename><replaceable>FICHIER</replaceable></filename></option>"

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-mark.8.xml:94
@@ -5866,6 +5874,7 @@ msgstr ""

#. type: Content of: <refentry><refsect1><para>
#: apt.conf.5.xml:118
#, fuzzy
msgid ""
"Note that you can use :: only for appending one item per line to a list and "
"that you should not use it in combination with the scope syntax. (The scope "
@@ -7413,7 +7422,8 @@ msgstr "<literal>Debug::Acquire::cdrom</literal>"

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt.conf.5.xml:693
msgid "Print information related to accessing <literal>cdrom://</literal> sources."
msgid ""
"Print information related to accessing <literal>cdrom://</literal> sources."
msgstr ""
"Affiche les informations concernant les sources de type <literal>cdrom://</"
"literal>"
@@ -7426,7 +7436,8 @@ msgstr "<literal>Debug::Acquire::ftp</literal>"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt.conf.5.xml:704
msgid "Print information related to downloading packages using FTP."
msgstr "Affiche les informations concernant le téléchargement de paquets par FTP."
msgstr ""
"Affiche les informations concernant le téléchargement de paquets par FTP."

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt.conf.5.xml:711
@@ -7436,7 +7447,8 @@ msgstr "<literal>Debug::Acquire::http</literal>"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt.conf.5.xml:715
msgid "Print information related to downloading packages using HTTP."
msgstr "Affiche les informations concernant le téléchargement de paquets par HTTP."
msgstr ""
"Affiche les informations concernant le téléchargement de paquets par HTTP."

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt.conf.5.xml:722
@@ -7597,7 +7609,8 @@ msgstr "<literal>Debug::pkgAcquire::Worker</literal>"

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt.conf.5.xml:844
msgid "Log all interactions with the sub-processes that actually perform downloads."
msgid ""
"Log all interactions with the sub-processes that actually perform downloads."
msgstr ""
"Affiche toutes les interactions avec les processus enfants qui se chargent "
"effectivement des téléchargements."
@@ -7738,7 +7751,8 @@ msgstr "<literal>Debug::pkgPackageManager</literal>"

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt.conf.5.xml:945
msgid "Output status messages tracing the steps performed when invoking &dpkg;."
msgid ""
"Output status messages tracing the steps performed when invoking &dpkg;."
msgstr "Affiche le détail des opérations liées à l'invocation de &dpkg;."

#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
@@ -7959,7 +7973,8 @@ msgstr "une priorité égale à 990"

#. type: Content of: <refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><simpara>
#: apt_preferences.5.xml:94
msgid "to the versions that are not installed and belong to the target release."
msgid ""
"to the versions that are not installed and belong to the target release."
msgstr ""
"est affectée aux versions qui ne sont pas installées et qui appartiennent à "
"la distribution par défaut."
@@ -8444,7 +8459,8 @@ msgstr ""
#. type: Content of: <refentry><refsect1><refsect2><title>
#: apt_preferences.5.xml:306
msgid "Determination of Package Version and Distribution Properties"
msgstr "Détermination de la version des paquets et des propriétés des distributions"
msgstr ""
"Détermination de la version des paquets et des propriétés des distributions"

#. type: Content of: <refentry><refsect1><refsect2><para>
#: apt_preferences.5.xml:308


+ 1
- 1
doc/sources.list.5.xml View File

@@ -180,7 +180,7 @@ deb http://http.us.debian.org/debian dists/stable-updates/
APT can be extended with more methods shipped in other optional packages which should
follow the nameing scheme <literal>apt-transport-<replaceable>method</replaceable></literal>.
The APT team e.g. maintains also the <literal>apt-transport-https</literal> package which
provides access methods for https-URIs with features similiar to the http method, but other
provides access methods for https-URIs with features similar to the http method, but other
methods for using e.g. debtorrent are also available, see <citerefentry>
<refentrytitle><filename>apt-transport-debtorrent</filename></refentrytitle>
<manvolnum>1</manvolnum></citerefentry>.


+ 58
- 44
methods/gpgv.cc View File

@@ -1,10 +1,9 @@
#include <apt-pkg/error.h>
#include <apt-pkg/acquire-method.h>
#include <apt-pkg/strutl.h>
#include <apt-pkg/fileutl.h>
#include <apti18n.h>

#include <sys/stat.h>
#include <unistd.h>
#include <utime.h>
#include <stdio.h>
#include <fcntl.h>
@@ -45,42 +44,47 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
vector<string> &WorthlessSigners,
vector<string> &NoPubKeySigners)
{
bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
// setup a (empty) stringstream for formating the return value
std::stringstream ret;
ret.str("");

if (_config->FindB("Debug::Acquire::gpgv", false))
{
std::cerr << "inside VerifyGetSigners" << std::endl;
}
if (Debug == true)
std::clog << "inside VerifyGetSigners" << std::endl;

pid_t pid;
int fd[2];
FILE *pipein;
int status;
struct stat buff;
string gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
string pubringpath = _config->Find("APT::GPGV::TrustedKeyring", "/etc/apt/trusted.gpg");
if (_config->FindB("Debug::Acquire::gpgv", false))
string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
// FIXME: remove support for deprecated APT::GPGV setting
string const trustedFile = _config->FindFile("Dir::Etc::Trusted",
_config->Find("APT::GPGV::TrustedKeyring", "/etc/apt/trusted.gpg").c_str());
string const trustedPath = _config->FindDir("Dir::Etc::TrustedParts", "/etc/apt/trusted.gpg.d");
if (Debug == true)
{
std::cerr << "gpgv path: " << gpgvpath << std::endl;
std::cerr << "Keyring path: " << pubringpath << std::endl;
std::clog << "gpgv path: " << gpgvpath << std::endl;
std::clog << "Keyring file: " << trustedFile << std::endl;
std::clog << "Keyring path: " << trustedPath << std::endl;
}

if (stat(pubringpath.c_str(), &buff) != 0)
vector<string> keyrings = GetListOfFilesInDir(trustedPath, "gpg", false);
if (FileExists(trustedFile) == true)
keyrings.push_back(trustedFile);

if (keyrings.empty() == true)
{
ioprintf(ret, _("Couldn't access keyring: '%s'"), strerror(errno));
// TRANSLATOR: %s is the trusted keyring parts directory
ioprintf(ret, _("No keyring installed in %s."), trustedPath.c_str());
return ret.str();
}

if (pipe(fd) < 0)
{
return "Couldn't create pipe";
}

pid = fork();
if (pid < 0)
{
return string("Couldn't spawn new process") + strerror(errno);
}
else if (pid == 0)
{
const char *Args[400];
@@ -90,8 +94,17 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
Args[i++] = "--status-fd";
Args[i++] = "3";
Args[i++] = "--ignore-time-conflict";
Args[i++] = "--keyring";
Args[i++] = pubringpath.c_str();
for (vector<string>::const_iterator K = keyrings.begin();
K != keyrings.end(); ++K)
{
Args[i++] = "--keyring";
Args[i++] = K->c_str();
// check overflow (minus a bit of extra space at the end)
if(i >= sizeof(Args)/sizeof(char*)-5) {
std::clog << _("E: Too many keyrings should be passed to gpgv. Exiting.") << std::endl;
exit(111);
}
}

Configuration::Item const *Opts;
Opts = _config->Tree("Acquire::gpgv::Options");
@@ -103,8 +116,9 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
if (Opts->Value.empty() == true)
continue;
Args[i++] = Opts->Value.c_str();
if(i >= 395) {
std::cerr << _("E: Argument list from Acquire::gpgv::Options too long. Exiting.") << std::endl;
// check overflow (minus a bit of extra space at the end)
if(i >= sizeof(Args)/sizeof(char*)-5) {
std::clog << _("E: Argument list from Acquire::gpgv::Options too long. Exiting.") << std::endl;
exit(111);
}
}
@@ -113,14 +127,14 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
Args[i++] = outfile;
Args[i++] = NULL;

if (_config->FindB("Debug::Acquire::gpgv", false))
if (Debug == true)
{
std::cerr << "Preparing to exec: " << gpgvpath;
std::clog << "Preparing to exec: " << gpgvpath;
for(unsigned int j=0;Args[j] != NULL; j++)
std::cerr << " " << Args[j];
std::cerr << std::endl;
std::clog << " " << Args[j];
std::clog << std::endl;
}
int nullfd = open("/dev/null", O_RDONLY);
int const nullfd = open("/dev/null", O_RDONLY);
close(fd[0]);
// Redirect output to /dev/null; we read from the status fd
dup2(nullfd, STDOUT_FILENO);
@@ -159,8 +173,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
break;
*(buffer+bufferoff) = '\0';
bufferoff = 0;
if (_config->FindB("Debug::Acquire::gpgv", false))
std::cerr << "Read: " << buffer << std::endl;
if (Debug == true)
std::clog << "Read: " << buffer << std::endl;

// Push the data into three separate vectors, which
// we later concatenate. They're kept separate so
@@ -168,33 +182,33 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
// it will be better.
if (strncmp(buffer, GNUPGBADSIG, sizeof(GNUPGBADSIG)-1) == 0)
{
if (_config->FindB("Debug::Acquire::gpgv", false))
std::cerr << "Got BADSIG! " << std::endl;
if (Debug == true)
std::clog << "Got BADSIG! " << std::endl;
BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
}
if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0)
{
if (_config->FindB("Debug::Acquire::gpgv", false))
std::cerr << "Got NO_PUBKEY " << std::endl;
if (Debug == true)
std::clog << "Got NO_PUBKEY " << std::endl;
NoPubKeySigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
}
if (strncmp(buffer, GNUPGNODATA, sizeof(GNUPGBADSIG)-1) == 0)
{
if (_config->FindB("Debug::Acquire::gpgv", false))
std::cerr << "Got NODATA! " << std::endl;
if (Debug == true)
std::clog << "Got NODATA! " << std::endl;
BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
}
if (strncmp(buffer, GNUPGKEYEXPIRED, sizeof(GNUPGKEYEXPIRED)-1) == 0)
{
if (_config->FindB("Debug::Acquire::gpgv", false))
std::cerr << "Got KEYEXPIRED! " << std::endl;
if (Debug == true)
std::clog << "Got KEYEXPIRED! " << std::endl;
WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
}
if (strncmp(buffer, GNUPGREVKEYSIG, sizeof(GNUPGREVKEYSIG)-1) == 0)
{
if (_config->FindB("Debug::Acquire::gpgv", false))
std::cerr << "Got REVKEYSIG! " << std::endl;
if (Debug == true)
std::clog << "Got REVKEYSIG! " << std::endl;
WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
}
if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
@@ -204,17 +218,17 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
while (*p && isxdigit(*p))
p++;
*p = 0;
if (_config->FindB("Debug::Acquire::gpgv", false))
std::cerr << "Got GOODSIG, key ID:" << sig << std::endl;
if (Debug == true)
std::clog << "Got GOODSIG, key ID:" << sig << std::endl;
GoodSigners.push_back(string(sig));
}
}
fclose(pipein);

waitpid(pid, &status, 0);
if (_config->FindB("Debug::Acquire::gpgv", false))
if (Debug == true)
{
std::cerr << "gpgv exited\n";
std::clog << "gpgv exited\n";
}
if (WEXITSTATUS(status) == 0)
@@ -305,7 +319,7 @@ bool GPGVMethod::Fetch(FetchItem *Itm)

if (_config->FindB("Debug::Acquire::gpgv", false))
{
std::cerr << "gpgv succeeded\n";
std::clog << "gpgv succeeded\n";
}

return true;


+ 20
- 6
methods/https.cc View File

@@ -133,7 +133,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
string cainfo = _config->Find("Acquire::https::CaInfo","");
string knob = "Acquire::https::"+remotehost+"::CaInfo";
cainfo = _config->Find(knob.c_str(),cainfo.c_str());
if(cainfo != "")
if(cainfo.empty() == false)
curl_easy_setopt(curl, CURLOPT_CAINFO,cainfo.c_str());

// Check server certificate against previous CA list ...
@@ -151,18 +151,25 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
default_verify = 0;
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify);

// Also enforce issuer of server certificate using its cert
string issuercert = _config->Find("Acquire::https::IssuerCert","");
knob = "Acquire::https::"+remotehost+"::IssuerCert";
issuercert = _config->Find(knob.c_str(),issuercert.c_str());
if(issuercert.empty() == false)
curl_easy_setopt(curl, CURLOPT_ISSUERCERT,issuercert.c_str());

// For client authentication, certificate file ...
string pem = _config->Find("Acquire::https::SslCert","");
knob = "Acquire::https::"+remotehost+"::SslCert";
pem = _config->Find(knob.c_str(),pem.c_str());
if(pem != "")
if(pem.empty() == false)
curl_easy_setopt(curl, CURLOPT_SSLCERT, pem.c_str());

// ... and associated key.
string key = _config->Find("Acquire::https::SslKey","");
knob = "Acquire::https::"+remotehost+"::SslKey";
key = _config->Find(knob.c_str(),key.c_str());
if(key != "")
if(key.empty() == false)
curl_easy_setopt(curl, CURLOPT_SSLKEY, key.c_str());

// Allow forcing SSL version to SSLv3 or TLSv1 (SSLv2 is not
@@ -177,6 +184,13 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
final_version = CURL_SSLVERSION_SSLv3;
curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version);

// CRL file
string crlfile = _config->Find("Acquire::https::CrlFile","");
knob = "Acquire::https::"+remotehost+"::CrlFile";
crlfile = _config->Find(knob.c_str(),crlfile.c_str());
if(crlfile.empty() == false)
curl_easy_setopt(curl, CURLOPT_CRLFILE, crlfile.c_str());

// cache-control
if(_config->FindB("Acquire::https::No-Cache",
_config->FindB("Acquire::http::No-Cache",false)) == false)
@@ -196,7 +210,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);

// speed limit
int dlLimit = _config->FindI("Acquire::https::Dl-Limit",
int const dlLimit = _config->FindI("Acquire::https::Dl-Limit",
_config->FindI("Acquire::http::Dl-Limit",0))*1024;
if (dlLimit > 0)
curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit);
@@ -208,7 +222,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
"Debian APT-CURL/1.0 ("VERSION")").c_str()).c_str());

// set timeout
int timeout = _config->FindI("Acquire::https::Timeout",
int const timeout = _config->FindI("Acquire::https::Timeout",
_config->FindI("Acquire::http::Timeout",120));
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout);
//set really low lowspeed timeout (see #497983)
@@ -216,7 +230,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, timeout);

// set redirect options and default to 10 redirects
bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
bool const AllowRedirect = _config->FindB("Acquire::https::AllowRedirect",
_config->FindB("Acquire::http::AllowRedirect",true));
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect);
curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10);


+ 2
- 7
po/apt-all.pot View File

@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2009-12-10 22:06+0100\n"
"POT-Creation-Date: 2010-01-01 19:13+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -144,11 +144,6 @@ msgstr ""
msgid " Version table:"
msgstr ""

#: cmdline/apt-cache.cc:1623
#, c-format
msgid " %4i %s\n"
msgstr ""

#: cmdline/apt-cache.cc:1718 cmdline/apt-cdrom.cc:134 cmdline/apt-config.cc:70
#: cmdline/apt-extracttemplates.cc:225 ftparchive/apt-ftparchive.cc:547
#: cmdline/apt-get.cc:2665 cmdline/apt-sortpkgs.cc:144
@@ -2781,7 +2776,7 @@ msgstr ""
msgid "Can not write log, openpty() failed (/dev/pts not mounted?)\n"
msgstr ""

#: apt-pkg/deb/dpkgpm.cc:908
#: apt-pkg/deb/dpkgpm.cc:909
msgid "Running dpkg"
msgstr ""



BIN
share/debian-archive.gpg View File


BIN
share/ubuntu-archive.gpg View File


Loading…
Cancel
Save