]> git.saurik.com Git - apt.git/blobdiff - apt-pkg/deb/debmetaindex.cc
Fix segfault and out-of-bounds read in Binary fields
[apt.git] / apt-pkg / deb / debmetaindex.cc
index 10ab0f8443c4d417451c7a8c7ff605bf65685358..8d84409a13b767814970d5c069a67c2ebea47e65 100644 (file)
 #include <string>
 #include <utility>
 #include <vector>
-#include <set>
 #include <algorithm>
+#include <sstream>
 
-#include <sys/types.h>
 #include <sys/stat.h>
-#include <unistd.h>
 #include <string.h>
 
 #include <apti18n.h>
@@ -35,10 +33,13 @@ class APT_HIDDEN debReleaseIndexPrivate                                     /*{{{*/
    public:
    struct APT_HIDDEN debSectionEntry
    {
-      std::string Name;
-      std::vector<std::string> Targets;
-      std::vector<std::string> Architectures;
-      std::vector<std::string> Languages;
+      std::string const sourcesEntry;
+      std::string const Name;
+      std::vector<std::string> const Targets;
+      std::vector<std::string> const Architectures;
+      std::vector<std::string> const Languages;
+      bool const UsePDiffs;
+      std::string const UseByHash;
    };
 
    std::vector<debSectionEntry> DebEntries;
@@ -48,7 +49,11 @@ class APT_HIDDEN debReleaseIndexPrivate                                      /*{{{*/
    time_t ValidUntilMin;
    time_t ValidUntilMax;
 
-   debReleaseIndexPrivate() : CheckValidUntil(metaIndex::TRI_UNSET), ValidUntilMin(0), ValidUntilMax(0) {}
+   std::vector<std::string> Architectures;
+   std::vector<std::string> NoSupportForAll;
+   std::map<std::string, std::string> const ReleaseOptions;
+
+   debReleaseIndexPrivate(std::map<std::string, std::string> const &Options) : CheckValidUntil(metaIndex::TRI_UNSET), ValidUntilMin(0), ValidUntilMax(0), ReleaseOptions(Options) {}
 };
                                                                        /*}}}*/
 // ReleaseIndex::MetaIndex* - display helpers                          /*{{{*/
@@ -76,28 +81,27 @@ std::string debReleaseIndex::MetaIndexFile(const char *Type) const
    return _config->FindDir("Dir::State::lists") +
       URItoFileName(MetaIndexURI(Type));
 }
-
-std::string debReleaseIndex::MetaIndexURI(const char *Type) const
+static std::string constructMetaIndexURI(std::string URI, std::string const &Dist, char const * const Type)
 {
-   std::string Res;
-
    if (Dist == "/")
-      Res = URI;
+      ;
    else if (Dist[Dist.size()-1] == '/')
-      Res = URI + Dist;
+      URI += Dist;
    else
-      Res = URI + "dists/" + Dist + "/";
-   
-   Res += Type;
-   return Res;
+      URI += "dists/" + Dist + "/";
+   return URI + Type;
+}
+std::string debReleaseIndex::MetaIndexURI(const char *Type) const
+{
+   return constructMetaIndexURI(URI, Dist, Type);
 }
                                                                        /*}}}*/
 // ReleaseIndex Con- and Destructors                                   /*{{{*/
-debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist) :
-                                       metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate())
+debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, std::map<std::string, std::string> const &Options) :
+                                       metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate(Options))
 {}
-debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, bool const pTrusted) :
-                                       metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate())
+debReleaseIndex::debReleaseIndex(std::string const &URI, std::string const &Dist, bool const pTrusted, std::map<std::string, std::string> const &Options) :
+                                       metaIndex(URI, Dist, "deb"), d(new debReleaseIndexPrivate(Options))
 {
    Trusted = pTrusted ? TRI_YES : TRI_NO;
 }
@@ -109,35 +113,88 @@ debReleaseIndex::~debReleaseIndex() {
 // ReleaseIndex::GetIndexTargets                                       /*{{{*/
 static void GetIndexTargetsFor(char const * const Type, std::string const &URI, std::string const &Dist,
       std::vector<debReleaseIndexPrivate::debSectionEntry> const &entries,
-      std::vector<IndexTarget> &IndexTargets)
+      std::vector<IndexTarget> &IndexTargets, std::map<std::string, std::string> const &ReleaseOptions)
 {
    bool const flatArchive = (Dist[Dist.length() - 1] == '/');
-   std::string baseURI = URI;
-   if (flatArchive)
-   {
-      if (Dist != "/")
-         baseURI += Dist;
-   }
-   else
-      baseURI += "dists/" + Dist + "/";
+   std::string const baseURI = constructMetaIndexURI(URI, Dist, "");
    std::string const Release = (Dist == "/") ? "" : Dist;
    std::string const Site = ::URI::ArchiveOnly(URI);
 
+   std::string DefCompressionTypes;
+   {
+      std::vector<std::string> types = APT::Configuration::getCompressionTypes();
+      if (types.empty() == false)
+      {
+        std::ostringstream os;
+        std::copy(types.begin(), types.end()-1, std::ostream_iterator<std::string>(os, " "));
+        os << *types.rbegin();
+        DefCompressionTypes = os.str();
+      }
+   }
+   std::string DefKeepCompressedAs;
+   {
+      std::vector<APT::Configuration::Compressor> comps = APT::Configuration::getCompressors();
+      if (comps.empty() == false)
+      {
+        std::sort(comps.begin(), comps.end(),
+              [](APT::Configuration::Compressor const &a, APT::Configuration::Compressor const &b) { return a.Cost < b.Cost; });
+        std::ostringstream os;
+        for (auto const &c : comps)
+           if (c.Cost != 0)
+              os << c.Extension.substr(1) << ' ';
+        DefKeepCompressedAs = os.str();
+      }
+      DefKeepCompressedAs += "uncompressed";
+   }
+
+   std::vector<std::string> const NativeArchs = { _config->Find("APT::Architecture"), "implicit:all" };
    bool const GzipIndex = _config->FindB("Acquire::GzipIndexes", false);
    for (std::vector<debReleaseIndexPrivate::debSectionEntry>::const_iterator E = entries.begin(); E != entries.end(); ++E)
    {
       for (std::vector<std::string>::const_iterator T = E->Targets.begin(); T != E->Targets.end(); ++T)
       {
-#define APT_T_CONFIG(X) _config->Find(std::string("APT::Acquire::Targets::") + Type  + "::" + *T + "::" + (X))
-        std::string const tplMetaKey = APT_T_CONFIG(flatArchive ? "flatMetaKey" : "MetaKey");
-        std::string const tplShortDesc = APT_T_CONFIG("ShortDescription");
-        std::string const tplLongDesc = APT_T_CONFIG(flatArchive ? "flatDescription" : "Description");
-        bool const IsOptional = _config->FindB(std::string("APT::Acquire::Targets::") + Type + "::" + *T + "::Optional", true);
-        bool const KeepCompressed = _config->FindB(std::string("APT::Acquire::Targets::") + Type + "::" + *T + "::KeepCompressed", GzipIndex);
-#undef APT_T_CONFIG
+#define APT_T_CONFIG_STR(X, Y) _config->Find(std::string("Acquire::IndexTargets::") + Type  + "::" + *T + "::" + (X), (Y))
+#define APT_T_CONFIG_BOOL(X, Y) _config->FindB(std::string("Acquire::IndexTargets::") + Type  + "::" + *T + "::" + (X), (Y))
+        std::string const tplMetaKey = APT_T_CONFIG_STR(flatArchive ? "flatMetaKey" : "MetaKey", "");
+        std::string const tplShortDesc = APT_T_CONFIG_STR("ShortDescription", "");
+        std::string const tplLongDesc = "$(SITE) " + APT_T_CONFIG_STR(flatArchive ? "flatDescription" : "Description", "");
+        std::string const tplIdentifier = APT_T_CONFIG_STR("Identifier", *T);
+        bool const IsOptional = APT_T_CONFIG_BOOL("Optional", true);
+        bool const KeepCompressed = APT_T_CONFIG_BOOL("KeepCompressed", GzipIndex);
+        bool const DefaultEnabled = APT_T_CONFIG_BOOL("DefaultEnabled", true);
+        bool const UsePDiffs = APT_T_CONFIG_BOOL("PDiffs", E->UsePDiffs);
+        std::string const UseByHash = APT_T_CONFIG_STR("By-Hash", E->UseByHash);
+        std::string const CompressionTypes = APT_T_CONFIG_STR("CompressionTypes", DefCompressionTypes);
+        std::string KeepCompressedAs = APT_T_CONFIG_STR("KeepCompressedAs", "");
+        std::string const FallbackOf = APT_T_CONFIG_STR("Fallback-Of", "");
+#undef APT_T_CONFIG_BOOL
+#undef APT_T_CONFIG_STR
         if (tplMetaKey.empty())
            continue;
 
+        if (KeepCompressedAs.empty())
+           KeepCompressedAs = DefKeepCompressedAs;
+        else
+        {
+           std::vector<std::string> const defKeep = VectorizeString(DefKeepCompressedAs, ' ');
+           std::vector<std::string> const valKeep = VectorizeString(KeepCompressedAs, ' ');
+           std::vector<std::string> keep;
+           for (auto const &val : valKeep)
+           {
+              if (val.empty())
+                 continue;
+              if (std::find(defKeep.begin(), defKeep.end(), val) == defKeep.end())
+                 continue;
+              keep.push_back(val);
+           }
+           if (std::find(keep.begin(), keep.end(), "uncompressed") == keep.end())
+              keep.push_back("uncompressed");
+           std::ostringstream os;
+           std::copy(keep.begin(), keep.end()-1, std::ostream_iterator<std::string>(os, " "));
+           os << *keep.rbegin();
+           KeepCompressedAs = os.str();
+        }
+
         for (std::vector<std::string>::const_iterator L = E->Languages.begin(); L != E->Languages.end(); ++L)
         {
            if (*L == "none" && tplMetaKey.find("$(LANGUAGE)") != std::string::npos)
@@ -145,40 +202,129 @@ static void GetIndexTargetsFor(char const * const Type, std::string const &URI,
 
            for (std::vector<std::string>::const_iterator A = E->Architectures.begin(); A != E->Architectures.end(); ++A)
            {
-
-              std::map<std::string, std::string> Options;
-              Options.insert(std::make_pair("SITE", Site));
-              Options.insert(std::make_pair("RELEASE", Release));
-              if (tplMetaKey.find("$(COMPONENT)") != std::string::npos)
-                 Options.insert(std::make_pair("COMPONENT", E->Name));
-              if (tplMetaKey.find("$(LANGUAGE)") != std::string::npos)
-                 Options.insert(std::make_pair("LANGUAGE", *L));
-              if (tplMetaKey.find("$(ARCHITECTURE)") != std::string::npos)
-                 Options.insert(std::make_pair("ARCHITECTURE", *A));
-              Options.insert(std::make_pair("BASE_URI", baseURI));
-              Options.insert(std::make_pair("REPO_URI", URI));
-              Options.insert(std::make_pair("TARGET_OF", "deb-src"));
-              Options.insert(std::make_pair("CREATED_BY", *T));
-
-              std::string MetaKey = tplMetaKey;
-              std::string ShortDesc = tplShortDesc;
-              std::string LongDesc = tplLongDesc;
-              for (std::map<std::string, std::string>::const_iterator O = Options.begin(); O != Options.end(); ++O)
+              for (auto const &NativeArch: NativeArchs)
               {
-                 MetaKey = SubstVar(MetaKey, std::string("$(") + O->first + ")", O->second);
-                 ShortDesc = SubstVar(ShortDesc, std::string("$(") + O->first + ")", O->second);
-                 LongDesc = SubstVar(LongDesc, std::string("$(") + O->first + ")", O->second);
+                 constexpr static auto BreakPoint = "$(NATIVE_ARCHITECTURE)";
+                 // available in templates
+                 std::map<std::string, std::string> Options;
+                 Options.insert(std::make_pair("SITE", Site));
+                 Options.insert(std::make_pair("RELEASE", Release));
+                 if (tplMetaKey.find("$(COMPONENT)") != std::string::npos)
+                    Options.emplace("COMPONENT", E->Name);
+                 if (tplMetaKey.find("$(LANGUAGE)") != std::string::npos)
+                    Options.emplace("LANGUAGE", *L);
+                 if (tplMetaKey.find("$(ARCHITECTURE)") != std::string::npos)
+                    Options.emplace("ARCHITECTURE", (*A == "implicit:all") ? "all" : *A);
+                 else if (tplMetaKey.find("$(NATIVE_ARCHITECTURE)") != std::string::npos)
+                    Options.emplace("ARCHITECTURE", (NativeArch == "implicit:all") ? "all" : NativeArch);
+                 if (tplMetaKey.find("$(NATIVE_ARCHITECTURE)") != std::string::npos)
+                    Options.emplace("NATIVE_ARCHITECTURE", (NativeArch == "implicit:all") ? "all" : NativeArch);
+
+                 std::string MetaKey = tplMetaKey;
+                 std::string ShortDesc = tplShortDesc;
+                 std::string LongDesc = tplLongDesc;
+                 std::string Identifier = tplIdentifier;
+                 for (std::map<std::string, std::string>::const_iterator O = Options.begin(); O != Options.end(); ++O)
+                 {
+                    std::string const varname = "$(" + O->first + ")";
+                    MetaKey = SubstVar(MetaKey, varname, O->second);
+                    ShortDesc = SubstVar(ShortDesc, varname, O->second);
+                    LongDesc = SubstVar(LongDesc, varname, O->second);
+                    Identifier = SubstVar(Identifier, varname, O->second);
+                 }
+
+                 {
+                    auto const dup = std::find_if(IndexTargets.begin(), IndexTargets.end(), [&](IndexTarget const &IT) {
+                       return MetaKey == IT.MetaKey && baseURI == IT.Option(IndexTarget::BASE_URI) &&
+                          E->sourcesEntry == IT.Option(IndexTarget::SOURCESENTRY) && *T == IT.Option(IndexTarget::CREATED_BY);
+                    });
+                    if (dup != IndexTargets.end())
+                    {
+                       if (tplMetaKey.find(BreakPoint) == std::string::npos)
+                          break;
+                       continue;
+                    }
+                 }
+
+                 {
+                    auto const dup = std::find_if(IndexTargets.begin(), IndexTargets.end(), [&](IndexTarget const &IT) {
+                       return MetaKey == IT.MetaKey && baseURI == IT.Option(IndexTarget::BASE_URI) &&
+                          E->sourcesEntry == IT.Option(IndexTarget::SOURCESENTRY) && *T != IT.Option(IndexTarget::CREATED_BY);
+                       });
+                    if (dup != IndexTargets.end())
+                    {
+                       std::string const dupT = dup->Option(IndexTarget::CREATED_BY);
+                       std::string const dupEntry = dup->Option(IndexTarget::SOURCESENTRY);
+                       //TRANSLATOR: an identifier like Packages; Releasefile key indicating
+                       // a file like main/binary-amd64/Packages; another identifier like Contents;
+                       // filename and linenumber of the sources.list entry currently parsed
+                       _error->Warning(_("Target %s wants to acquire the same file (%s) as %s from source %s"),
+                             T->c_str(), MetaKey.c_str(), dupT.c_str(), dupEntry.c_str());
+                       if (tplMetaKey.find(BreakPoint) == std::string::npos)
+                          break;
+                       continue;
+                    }
+                 }
+
+                 {
+                    auto const dup = std::find_if(IndexTargets.begin(), IndexTargets.end(), [&](IndexTarget const &T) {
+                       return MetaKey == T.MetaKey && baseURI == T.Option(IndexTarget::BASE_URI) &&
+                          E->sourcesEntry != T.Option(IndexTarget::SOURCESENTRY);
+                    });
+                    if (dup != IndexTargets.end())
+                    {
+                       std::string const dupEntry = dup->Option(IndexTarget::SOURCESENTRY);
+                       //TRANSLATOR: an identifier like Packages; Releasefile key indicating
+                       // a file like main/binary-amd64/Packages; filename and linenumber of
+                       // two sources.list entries
+                       _error->Warning(_("Target %s (%s) is configured multiple times in %s and %s"),
+                             T->c_str(), MetaKey.c_str(), dupEntry.c_str(), E->sourcesEntry.c_str());
+                       if (tplMetaKey.find(BreakPoint) == std::string::npos)
+                          break;
+                       continue;
+                    }
+                 }
+
+                 // not available in templates, but in the indextarget
+                 Options.insert(ReleaseOptions.begin(), ReleaseOptions.end());
+                 Options.insert(std::make_pair("IDENTIFIER", Identifier));
+                 Options.insert(std::make_pair("TARGET_OF", Type));
+                 Options.insert(std::make_pair("CREATED_BY", *T));
+                 Options.insert(std::make_pair("FALLBACK_OF", FallbackOf));
+                 Options.insert(std::make_pair("PDIFFS", UsePDiffs ? "yes" : "no"));
+                 Options.insert(std::make_pair("BY_HASH", UseByHash));
+                 Options.insert(std::make_pair("DEFAULTENABLED", DefaultEnabled ? "yes" : "no"));
+                 Options.insert(std::make_pair("COMPRESSIONTYPES", CompressionTypes));
+                 Options.insert(std::make_pair("KEEPCOMPRESSEDAS", KeepCompressedAs));
+                 Options.insert(std::make_pair("SOURCESENTRY", E->sourcesEntry));
+
+                 bool IsOpt = IsOptional;
+                 {
+                    auto const arch = Options.find("ARCHITECTURE");
+                    if (arch != Options.end() && arch->second == "all")
+                    {
+                       // one of them must be implicit:all then
+                       if (*A != "all" && NativeArch != "all")
+                          IsOpt = true;
+                       else // user used arch=all explicitly
+                          Options.emplace("Force-Support-For-All", "yes");
+                    }
+                 }
+
+                 IndexTarget Target(
+                       MetaKey,
+                       ShortDesc,
+                       LongDesc,
+                       baseURI + MetaKey,
+                       IsOpt,
+                       KeepCompressed,
+                       Options
+                       );
+                 IndexTargets.push_back(Target);
+
+                 if (tplMetaKey.find(BreakPoint) == std::string::npos)
+                    break;
               }
-              IndexTarget Target(
-                    MetaKey,
-                    ShortDesc,
-                    LongDesc,
-                    Options.find("BASE_URI")->second + MetaKey,
-                    IsOptional,
-                    KeepCompressed,
-                    Options
-                    );
-              IndexTargets.push_back(Target);
 
               if (tplMetaKey.find("$(ARCHITECTURE)") == std::string::npos)
                  break;
@@ -196,20 +342,22 @@ static void GetIndexTargetsFor(char const * const Type, std::string const &URI,
 std::vector<IndexTarget> debReleaseIndex::GetIndexTargets() const
 {
    std::vector<IndexTarget> IndexTargets;
-   GetIndexTargetsFor("deb-src", URI, Dist, d->DebSrcEntries, IndexTargets);
-   GetIndexTargetsFor("deb", URI, Dist, d->DebEntries, IndexTargets);
+   GetIndexTargetsFor("deb-src", URI, Dist, d->DebSrcEntries, IndexTargets, d->ReleaseOptions);
+   GetIndexTargetsFor("deb", URI, Dist, d->DebEntries, IndexTargets, d->ReleaseOptions);
    return IndexTargets;
 }
                                                                        /*}}}*/
-void debReleaseIndex::AddComponent(bool const isSrc, std::string const &Name,/*{{{*/
+void debReleaseIndex::AddComponent(std::string const &sourcesEntry,    /*{{{*/
+        bool const isSrc, std::string const &Name,
         std::vector<std::string> const &Targets,
         std::vector<std::string> const &Architectures,
-        std::vector<std::string> Languages)
+        std::vector<std::string> Languages,
+        bool const usePDiffs, std::string const &useByHash)
 {
    if (Languages.empty() == true)
       Languages.push_back("none");
    debReleaseIndexPrivate::debSectionEntry const entry = {
-      Name, Targets, Architectures, Languages
+      sourcesEntry, Name, Targets, Architectures, Languages, usePDiffs, useByHash
    };
    if (isSrc)
       d->DebSrcEntries.push_back(entry);
@@ -226,7 +374,7 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
       return false;
 
    pkgTagFile TagFile(&Fd, Fd.Size());
-   if (_error->PendingError() == true)
+   if (Fd.IsOpen() == false || Fd.Failed())
    {
       if (ErrorText != NULL)
         strprintf(*ErrorText, _("Unable to parse Release file %s"),Filename.c_str());
@@ -246,11 +394,23 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
 
    Suite = Section.FindS("Suite");
    Codename = Section.FindS("Codename");
+   {
+      std::string const archs = Section.FindS("Architectures");
+      if (archs.empty() == false)
+        d->Architectures = VectorizeString(archs, ' ');
+   }
+   {
+      std::string const targets = Section.FindS("No-Support-for-Architecture-all");
+      if (targets.empty() == false)
+        d->NoSupportForAll = VectorizeString(targets, ' ');
+   }
 
    bool FoundHashSum = false;
-   for (int i=0;HashString::SupportedHashes()[i] != NULL; i++)
+   bool FoundStrongHashSum = false;
+   auto const SupportedHashes = HashString::SupportedHashes();
+   for (int i=0; SupportedHashes[i] != NULL; i++)
    {
-      if (!Section.Find(HashString::SupportedHashes()[i], Start, End))
+      if (!Section.Find(SupportedHashes[i], Start, End))
         continue;
 
       std::string Name;
@@ -261,33 +421,36 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
         if (!parseSumData(Start, End, Name, Hash, Size))
            return false;
 
+        HashString const hs(SupportedHashes[i], Hash);
          if (Entries.find(Name) == Entries.end())
          {
             metaIndex::checkSum *Sum = new metaIndex::checkSum;
             Sum->MetaKeyFilename = Name;
             Sum->Size = Size;
            Sum->Hashes.FileSize(Size);
-            APT_IGNORE_DEPRECATED(Sum->Hash = HashString(HashString::SupportedHashes()[i],Hash);)
+            APT_IGNORE_DEPRECATED(Sum->Hash = hs;)
             Entries[Name] = Sum;
          }
-         Entries[Name]->Hashes.push_back(HashString(HashString::SupportedHashes()[i],Hash));
+         Entries[Name]->Hashes.push_back(hs);
          FoundHashSum = true;
+        if (FoundStrongHashSum == false && hs.usable() == true)
+           FoundStrongHashSum = true;
       }
    }
 
+   bool AuthPossible = false;
    if(FoundHashSum == false)
-   {
-      if (ErrorText != NULL)
-        strprintf(*ErrorText, _("No Hash entry in Release file %s"), Filename.c_str());
-      return false;
-   }
+      _error->Warning(_("No Hash entry in Release file %s"), Filename.c_str());
+   else if(FoundStrongHashSum == false)
+      _error->Warning(_("No Hash entry in Release file %s which is considered strong enough for security purposes"), Filename.c_str());
+   else
+      AuthPossible = true;
 
    std::string const StrDate = Section.FindS("Date");
    if (RFC1123StrToTime(StrDate.c_str(), Date) == false)
    {
-      if (ErrorText != NULL)
-        strprintf(*ErrorText, _("Invalid 'Date' entry in Release file %s"), Filename.c_str());
-      return false;
+      _error->Warning( _("Invalid '%s' entry in Release file %s"), "Date", Filename.c_str());
+      Date = 0;
    }
 
    bool CheckValidUntil = _config->FindB("Acquire::Check-Valid-Until", true);
@@ -307,7 +470,7 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
         if(RFC1123StrToTime(StrValidUntil.c_str(), ValidUntil) == false)
         {
            if (ErrorText != NULL)
-              strprintf(*ErrorText, _("Invalid 'Valid-Until' entry in Release file %s"), Filename.c_str());
+              strprintf(*ErrorText, _("Invalid '%s' entry in Release file %s"), "Valid-Until", Filename.c_str());
            return false;
         }
       }
@@ -327,30 +490,61 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
            MinAge = _config->FindI(("Acquire::Min-ValidTime::" + Label).c_str(), MinAge);
       }
 
-      if (MinAge != 0 && ValidUntil != 0) {
-        time_t const min_date = Date + MinAge;
-        if (ValidUntil < min_date)
-           ValidUntil = min_date;
+      if (MinAge != 0 || ValidUntil != 0 || MaxAge != 0)
+      {
+        if (MinAge != 0 && ValidUntil != 0) {
+           time_t const min_date = Date + MinAge;
+           if (ValidUntil < min_date)
+              ValidUntil = min_date;
+        }
+        if (MaxAge != 0 && Date != 0) {
+           time_t const max_date = Date + MaxAge;
+           if (ValidUntil == 0 || ValidUntil > max_date)
+              ValidUntil = max_date;
+        }
       }
-      if (MaxAge != 0) {
-        time_t const max_date = Date + MaxAge;
-        if (ValidUntil == 0 || ValidUntil > max_date)
-           ValidUntil = max_date;
+   }
+
+   /* as the Release file is parsed only after it was verified, the Signed-By field
+      does not effect the current, but the "next" Release file */
+   auto Sign = Section.FindS("Signed-By");
+   if (Sign.empty() == false)
+   {
+      std::transform(Sign.begin(), Sign.end(), Sign.begin(), [&](char const c) {
+        return (isspace(c) == 0) ? c : ',';
+      });
+      auto fingers = VectorizeString(Sign, ',');
+      std::transform(fingers.begin(), fingers.end(), fingers.begin(), [&](std::string finger) {
+        std::transform(finger.begin(), finger.end(), finger.begin(), ::toupper);
+        if (finger.length() != 40 || finger.find_first_not_of("0123456789ABCDEF") != std::string::npos)
+        {
+           if (ErrorText != NULL)
+              strprintf(*ErrorText, _("Invalid '%s' entry in Release file %s"), "Signed-By", Filename.c_str());
+           return std::string();
+        }
+        return finger;
+      });
+      if (fingers.empty() == false && std::find(fingers.begin(), fingers.end(), "") == fingers.end())
+      {
+        std::stringstream os;
+        std::copy(fingers.begin(), fingers.end(), std::ostream_iterator<std::string>(os, ","));
+        SignedBy = os.str();
       }
    }
 
-   LoadedSuccessfully = TRI_YES;
-   return true;
+   if (AuthPossible)
+      LoadedSuccessfully = TRI_YES;
+   return AuthPossible;
 }
                                                                        /*}}}*/
 metaIndex * debReleaseIndex::UnloadedClone() const                     /*{{{*/
 {
    if (Trusted == TRI_NO)
-      return new debReleaseIndex(URI, Dist, false);
+      return new debReleaseIndex(URI, Dist, false, d->ReleaseOptions);
    else if (Trusted == TRI_YES)
-      return new debReleaseIndex(URI, Dist, true);
+      return new debReleaseIndex(URI, Dist, true, d->ReleaseOptions);
    else
-      return new debReleaseIndex(URI, Dist);
+      return new debReleaseIndex(URI, Dist, d->ReleaseOptions);
 }
                                                                        /*}}}*/
 bool debReleaseIndex::parseSumData(const char *&Start, const char *End,        /*{{{*/
@@ -415,18 +609,15 @@ bool debReleaseIndex::parseSumData(const char *&Start, const char *End,   /*{{{*/
 
 bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool const &GetAll)/*{{{*/
 {
-   std::vector<IndexTarget> const targets = GetIndexTargets();
-#define APT_TARGET(X) IndexTarget("", X, MetaIndexInfo(X), MetaIndexURI(X), false, false, std::map<std::string,std::string>())
+#define APT_TARGET(X) IndexTarget("", X, MetaIndexInfo(X), MetaIndexURI(X), false, false, d->ReleaseOptions)
    pkgAcqMetaClearSig * const TransactionManager = new pkgAcqMetaClearSig(Owner,
-        APT_TARGET("InRelease"), APT_TARGET("Release"), APT_TARGET("Release.gpg"),
-        targets, this);
+        APT_TARGET("InRelease"), APT_TARGET("Release"), APT_TARGET("Release.gpg"), this);
 #undef APT_TARGET
    // special case for --print-uris
    if (GetAll)
-   {
-      for (std::vector<IndexTarget>::const_iterator Target = targets.begin(); Target != targets.end(); ++Target)
-        new pkgAcqIndex(Owner, TransactionManager, *Target);
-   }
+      for (auto const &Target: GetIndexTargets())
+        if (Target.Option(IndexTarget::FALLBACK_OF).empty())
+           new pkgAcqIndex(Owner, TransactionManager, Target);
 
    return true;
 }
@@ -438,7 +629,7 @@ bool debReleaseIndex::SetTrusted(TriState const pTrusted)
       Trusted = pTrusted;
    else if (Trusted != pTrusted)
       // TRANSLATOR: The first is an option name from sources.list manpage, the other two URI and Suite
-      return _error->Error(_("Conflicting values set for option %s concerning source %s %s"), "Trusted", URI.c_str(), Dist.c_str());
+      return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), "Trusted", URI.c_str(), Dist.c_str());
    return true;
 }
 bool debReleaseIndex::SetCheckValidUntil(TriState const pCheckValidUntil)
@@ -446,7 +637,7 @@ bool debReleaseIndex::SetCheckValidUntil(TriState const pCheckValidUntil)
    if (d->CheckValidUntil == TRI_UNSET)
       d->CheckValidUntil = pCheckValidUntil;
    else if (d->CheckValidUntil != pCheckValidUntil)
-      return _error->Error(_("Conflicting values set for option %s concerning source %s %s"), "Check-Valid-Until", URI.c_str(), Dist.c_str());
+      return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), "Check-Valid-Until", URI.c_str(), Dist.c_str());
    return true;
 }
 bool debReleaseIndex::SetValidUntilMin(time_t const Valid)
@@ -454,7 +645,7 @@ bool debReleaseIndex::SetValidUntilMin(time_t const Valid)
    if (d->ValidUntilMin == 0)
       d->ValidUntilMin = Valid;
    else if (d->ValidUntilMin != Valid)
-      return _error->Error(_("Conflicting values set for option %s concerning source %s %s"), "Min-ValidTime", URI.c_str(), Dist.c_str());
+      return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), "Min-ValidTime", URI.c_str(), Dist.c_str());
    return true;
 }
 bool debReleaseIndex::SetValidUntilMax(time_t const Valid)
@@ -462,7 +653,7 @@ bool debReleaseIndex::SetValidUntilMax(time_t const Valid)
    if (d->ValidUntilMax == 0)
       d->ValidUntilMax = Valid;
    else if (d->ValidUntilMax != Valid)
-      return _error->Error(_("Conflicting values set for option %s concerning source %s %s"), "Max-ValidTime", URI.c_str(), Dist.c_str());
+      return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), "Max-ValidTime", URI.c_str(), Dist.c_str());
    return true;
 }
 bool debReleaseIndex::SetSignedBy(std::string const &pSignedBy)
@@ -470,22 +661,38 @@ bool debReleaseIndex::SetSignedBy(std::string const &pSignedBy)
    if (SignedBy.empty() == true && pSignedBy.empty() == false)
    {
       if (pSignedBy[0] == '/') // no check for existence as we could be chrooting later or such things
-        ; // absolute path to a keyring file
+        SignedBy = pSignedBy; // absolute path to a keyring file
       else
       {
         // we could go all fancy and allow short/long/string matches as gpgv/apt-key does,
         // but fingerprints are harder to fake than the others and this option is set once,
         // not interactively all the time so easy to type is not really a concern.
-        std::string finger = pSignedBy;
-        finger.erase(std::remove(finger.begin(), finger.end(), ' '), finger.end());
-        std::transform(finger.begin(), finger.end(), finger.begin(), ::toupper);
-        if (finger.length() != 40 || finger.find_first_not_of("0123456789ABCDEF") != std::string::npos)
-           return _error->Error(_("Invalid value set for option %s concerning source %s %s (%s)"), "Signed-By", URI.c_str(), Dist.c_str(), "not a fingerprint");
+        auto fingers = VectorizeString(pSignedBy, ',');
+        std::transform(fingers.begin(), fingers.end(), fingers.begin(), [&](std::string finger) {
+           std::transform(finger.begin(), finger.end(), finger.begin(), ::toupper);
+           if (finger.length() != 40 || finger.find_first_not_of("0123456789ABCDEF") != std::string::npos)
+           {
+              _error->Error(_("Invalid value set for option %s regarding source %s %s (%s)"), "Signed-By", URI.c_str(), Dist.c_str(), "not a fingerprint");
+              return std::string();
+           }
+           return finger;
+        });
+        std::stringstream os;
+        std::copy(fingers.begin(), fingers.end(), std::ostream_iterator<std::string>(os, ","));
+        SignedBy = os.str();
       }
-      SignedBy = pSignedBy;
+      // Normalize the string: Remove trailing commas
+      while (SignedBy[SignedBy.size() - 1] == ',')
+        SignedBy.resize(SignedBy.size() - 1);
+   }
+   else {
+      // Only compare normalized strings
+      auto pSignedByView = APT::StringView(pSignedBy);
+      while (pSignedByView[pSignedByView.size() - 1] == ',')
+        pSignedByView = pSignedByView.substr(0, pSignedByView.size() - 1);
+      if (pSignedByView != SignedBy)
+        return _error->Error(_("Conflicting values set for option %s regarding source %s %s: %s != %s"), "Signed-By", URI.c_str(), Dist.c_str(), SignedBy.c_str(), pSignedByView.to_string().c_str());
    }
-   else if (SignedBy != pSignedBy)
-      return _error->Error(_("Conflicting values set for option %s concerning source %s %s"), "Signed-By", URI.c_str(), Dist.c_str());
    return true;
 }
                                                                        /*}}}*/
@@ -508,27 +715,48 @@ bool debReleaseIndex::IsTrusted() const
    return FileExists(MetaIndexFile("InRelease"));
 }
                                                                        /*}}}*/
+bool debReleaseIndex::IsArchitectureSupported(std::string const &arch) const/*{{{*/
+{
+   if (d->Architectures.empty())
+      return true;
+   return std::find(d->Architectures.begin(), d->Architectures.end(), arch) != d->Architectures.end();
+}
+                                                                       /*}}}*/
+bool debReleaseIndex::IsArchitectureAllSupportedFor(IndexTarget const &target) const/*{{{*/
+{
+   if (target.Options.find("Force-Support-For-All") != target.Options.end())
+      return true;
+   if (IsArchitectureSupported("all") == false)
+      return false;
+   if (d->NoSupportForAll.empty())
+      return true;
+   return std::find(d->NoSupportForAll.begin(), d->NoSupportForAll.end(), target.Option(IndexTarget::CREATED_BY)) == d->NoSupportForAll.end();
+}
+                                                                       /*}}}*/
 std::vector <pkgIndexFile *> *debReleaseIndex::GetIndexFiles()         /*{{{*/
 {
    if (Indexes != NULL)
       return Indexes;
 
    Indexes = new std::vector<pkgIndexFile*>();
-   std::vector<IndexTarget> const Targets = GetIndexTargets();
    bool const istrusted = IsTrusted();
-   for (std::vector<IndexTarget>::const_iterator T = Targets.begin(); T != Targets.end(); ++T)
+   for (auto const &T: GetIndexTargets())
    {
-      std::string const TargetName = T->Option(IndexTarget::CREATED_BY);
+      std::string const TargetName = T.Option(IndexTarget::CREATED_BY);
       if (TargetName == "Packages")
-        Indexes->push_back(new debPackagesIndex(*T, istrusted));
+        Indexes->push_back(new debPackagesIndex(T, istrusted));
       else if (TargetName == "Sources")
-        Indexes->push_back(new debSourcesIndex(*T, istrusted));
+        Indexes->push_back(new debSourcesIndex(T, istrusted));
       else if (TargetName == "Translations")
-        Indexes->push_back(new debTranslationsIndex(*T));
+        Indexes->push_back(new debTranslationsIndex(T));
    }
    return Indexes;
 }
                                                                        /*}}}*/
+std::map<std::string, std::string> debReleaseIndex::GetReleaseOptions()
+{
+   return d->ReleaseOptions;
+}
 
 static bool ReleaseFileName(debReleaseIndex const * const That, std::string &ReleaseFile)/*{{{*/
 {
@@ -562,8 +790,6 @@ bool debReleaseIndex::Merge(pkgCacheGenerator &Gen,OpProgress * /*Prog*/) const/
    // signature for an 'InRelease' file couldn't be checked
    if (OpenMaybeClearSignedFile(ReleaseFile, Rel) == false)
       return false;
-   if (_error->PendingError() == true)
-      return false;
 
    // Store the IMS information
    pkgCache::RlsFileIterator File = Gen.GetCurRlsFile();
@@ -577,7 +803,7 @@ bool debReleaseIndex::Merge(pkgCacheGenerator &Gen,OpProgress * /*Prog*/) const/
 
    pkgTagFile TagFile(&Rel, Rel.Size());
    pkgTagSection Section;
-   if (_error->PendingError() == true || TagFile.Step(Section) == false)
+   if (Rel.IsOpen() == false || Rel.Failed() || TagFile.Step(Section) == false)
       return false;
 
    std::string data;
@@ -586,6 +812,7 @@ bool debReleaseIndex::Merge(pkgCacheGenerator &Gen,OpProgress * /*Prog*/) const/
    if (data.empty() == false) \
    { \
       map_stringitem_t const storage = Gen.StoreString(pkgCacheGenerator::TYPE, data); \
+      if (storage == 0) return false; \
       STORE = storage; \
    }
    APT_INRELEASE(MIXED, "Suite", File->Archive)
@@ -597,7 +824,7 @@ bool debReleaseIndex::Merge(pkgCacheGenerator &Gen,OpProgress * /*Prog*/) const/
    Section.FindFlag("NotAutomatic", File->Flags, pkgCache::Flag::NotAutomatic);
    Section.FindFlag("ButAutomaticUpgrades", File->Flags, pkgCache::Flag::ButAutomaticUpgrades);
 
-   return !_error->PendingError();
+   return true;
 }
                                                                        /*}}}*/
 // ReleaseIndex::FindInCache - Find this index                         /*{{{*/
@@ -638,38 +865,114 @@ pkgCache::RlsFileIterator debReleaseIndex::FindInCache(pkgCache &Cache, bool con
 }
                                                                        /*}}}*/
 
-static std::vector<std::string> parsePlusMinusOptions(std::string const &Name, /*{{{*/
-      std::map<std::string, std::string> const &Options, std::vector<std::string> const &defaultValues)
+class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type          /*{{{*/
 {
-   std::map<std::string, std::string>::const_iterator val = Options.find(Name);
-   std::vector<std::string> Values;
-   if (val != Options.end())
-      Values = VectorizeString(val->second, ',');
-   else
-      Values = defaultValues;
-
-   if ((val = Options.find(Name + "+")) != Options.end())
+   static std::vector<std::string> getDefaultSetOf(std::string const &Name,
+        std::map<std::string, std::string> const &Options, std::vector<std::string> const &defaultValues)
    {
-      std::vector<std::string> const plusArch = VectorizeString(val->second, ',');
-      for (std::vector<std::string>::const_iterator plus = plusArch.begin(); plus != plusArch.end(); ++plus)
-        if (std::find(Values.begin(), Values.end(), *plus) == Values.end())
-           Values.push_back(*plus);
+      auto const val = Options.find(Name);
+      if (val != Options.end())
+        return VectorizeString(val->second, ',');
+      return defaultValues;
    }
-   if ((val = Options.find(Name + "-")) != Options.end())
+   static std::vector<std::string> applyPlusMinusOptions(std::string const &Name,
+        std::map<std::string, std::string> const &Options, std::vector<std::string> &&Values)
    {
-      std::vector<std::string> const minusArch = VectorizeString(val->second, ',');
-      for (std::vector<std::string>::const_iterator minus = minusArch.begin(); minus != minusArch.end(); ++minus)
+      auto val = Options.find(Name + "+");
+      if (val != Options.end())
       {
-        std::vector<std::string>::iterator kill = std::find(Values.begin(), Values.end(), *minus);
-        if (kill != Values.end())
-           Values.erase(kill);
+        std::vector<std::string> const plus = VectorizeString(val->second, ',');
+        std::copy_if(plus.begin(), plus.end(), std::back_inserter(Values), [&Values](std::string const &v) {
+              return std::find(Values.begin(), Values.end(), v) == Values.end();
+              });
       }
+      if ((val = Options.find(Name + "-")) != Options.end())
+      {
+        std::vector<std::string> const minus = VectorizeString(val->second, ',');
+        Values.erase(std::remove_if(Values.begin(), Values.end(), [&minus](std::string const &v) {
+                 return std::find(minus.begin(), minus.end(), v) != minus.end();
+                 }), Values.end());
+      }
+      return Values;
    }
-   return Values;
-}
-                                                                       /*}}}*/
-class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type          /*{{{*/
-{
+   static std::vector<std::string> parsePlusMinusOptions(std::string const &Name,
+        std::map<std::string, std::string> const &Options, std::vector<std::string> const &defaultValues)
+   {
+      return applyPlusMinusOptions(Name, Options, getDefaultSetOf(Name, Options, defaultValues));
+   }
+   static std::vector<std::string> parsePlusMinusArchOptions(std::string const &Name,
+        std::map<std::string, std::string> const &Options)
+   {
+      auto Values = getDefaultSetOf(Name, Options, APT::Configuration::getArchitectures());
+      // all is a very special architecture users shouldn't be concerned with explicitly
+      // but if the user does, do not override the choice
+      auto const val = Options.find(Name + "-");
+      if (val != Options.end())
+      {
+        std::vector<std::string> const minus = VectorizeString(val->second, ',');
+        if (std::find(minus.begin(), minus.end(), "all") != minus.end())
+           return applyPlusMinusOptions(Name, Options, std::move(Values));
+      }
+      Values = applyPlusMinusOptions(Name, Options, std::move(Values));
+      if (std::find(Values.begin(), Values.end(), "all") == Values.end())
+        Values.push_back("implicit:all");
+      return Values;
+   }
+   static std::vector<std::string> parsePlusMinusTargetOptions(char const * const Name,
+        std::map<std::string, std::string> const &Options)
+   {
+      std::vector<std::string> const alltargets = _config->FindVector(std::string("Acquire::IndexTargets::") + Name, "", true);
+      std::vector<std::string> deftargets;
+      deftargets.reserve(alltargets.size());
+      std::copy_if(alltargets.begin(), alltargets.end(), std::back_inserter(deftargets), [&](std::string const &t) {
+        std::string c = "Acquire::IndexTargets::";
+        c.append(Name).append("::").append(t).append("::DefaultEnabled");
+        return _config->FindB(c, true);
+      });
+      std::vector<std::string> mytargets = parsePlusMinusOptions("target", Options, deftargets);
+      for (auto const &target : alltargets)
+      {
+        std::map<std::string, std::string>::const_iterator const opt = Options.find(target);
+        if (opt == Options.end())
+           continue;
+        auto const idMatch = [&](std::string const &t) {
+           return target == _config->Find(std::string("Acquire::IndexTargets::") + Name + "::" + t + "::Identifier", t);
+        };
+        if (StringToBool(opt->second))
+           std::copy_if(alltargets.begin(), alltargets.end(), std::back_inserter(mytargets), idMatch);
+        else
+           mytargets.erase(std::remove_if(mytargets.begin(), mytargets.end(), idMatch), mytargets.end());
+      }
+      // if we can't order it in a 1000 steps we give up… probably a cycle
+      for (auto i = 0; i < 1000; ++i)
+      {
+        bool Changed = false;
+        for (auto t = mytargets.begin(); t != mytargets.end(); ++t)
+        {
+           std::string const fallback = _config->Find(std::string("Acquire::IndexTargets::") + Name + "::" + *t + "::Fallback-Of");
+           if (fallback.empty())
+              continue;
+           auto const faller = std::find(mytargets.begin(), mytargets.end(), fallback);
+           if (faller == mytargets.end() || faller < t)
+              continue;
+           Changed = true;
+           auto const tv = *t;
+           mytargets.erase(t);
+           mytargets.emplace_back(tv);
+        }
+        if (Changed == false)
+           break;
+      }
+      // remove duplicates without changing the order (in first appearance)
+      {
+        std::set<std::string> seenOnce;
+        mytargets.erase(std::remove_if(mytargets.begin(), mytargets.end(), [&](std::string const &t) {
+           return seenOnce.insert(t).second == false;
+        }), mytargets.end());
+      }
+      return mytargets;
+   }
+
    metaIndex::TriState GetTriStateOption(std::map<std::string, std::string>const &Options, char const * const name) const
    {
       std::map<std::string, std::string>::const_iterator const opt = Options.find(name);
@@ -678,7 +981,7 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type               /*{{{*/
       return metaIndex::TRI_DONTCARE;
    }
 
-   time_t GetTimeOption(std::map<std::string, std::string>const &Options, char const * const name) const
+   static time_t GetTimeOption(std::map<std::string, std::string>const &Options, char const * const name)
    {
       std::map<std::string, std::string>::const_iterator const opt = Options.find(name);
       if (opt == Options.end())
@@ -686,44 +989,135 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type            /*{{{*/
       return strtoull(opt->second.c_str(), NULL, 10);
    }
 
-   protected:
+   static bool GetBoolOption(std::map<std::string, std::string> const &Options, char const * const name, bool const defVal)
+   {
+      std::map<std::string, std::string>::const_iterator const opt = Options.find(name);
+      if (opt == Options.end())
+        return defVal;
+      return StringToBool(opt->second, defVal);
+   }
 
-   bool CreateItemInternal(std::vector<metaIndex *> &List, std::string const &URI,
-                          std::string const &Dist, std::string const &Section,
-                          bool const &IsSrc, std::map<std::string, std::string> const &Options) const
+   static std::vector<std::string> GetMapKeys(std::map<std::string, std::string> const &Options)
+   {
+      std::vector<std::string> ret;
+      ret.reserve(Options.size());
+      for (auto &&O: Options)
+        ret.emplace_back(O.first);
+      std::sort(ret.begin(), ret.end());
+      return ret;
+   }
+
+   static bool MapsAreEqual(std::map<std::string, std::string> const &OptionsA,
+        std::map<std::string, std::string> const &OptionsB,
+        std::string const &URI, std::string const &Dist)
+   {
+      auto const KeysA = GetMapKeys(OptionsA);
+      auto const KeysB = GetMapKeys(OptionsB);
+      auto const m = std::mismatch(KeysA.begin(), KeysA.end(), KeysB.begin());
+      if (m.first != KeysA.end())
+      {
+        if (std::find(KeysB.begin(), KeysB.end(), *m.first) == KeysB.end())
+           return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.first->c_str(), "<set>", "<unset>");
+        else
+           return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.second->c_str(), "<set>", "<unset>");
+      }
+      if (m.second != KeysB.end())
+      {
+        if (std::find(KeysA.begin(), KeysA.end(), *m.second) == KeysA.end())
+           return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.first->c_str(), "<set>", "<unset>");
+        else
+           return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), m.second->c_str(), "<set>", "<unset>");
+      }
+      for (auto&& key: KeysA)
+      {
+        if (key == "BASE_URI" || key == "REPO_URI")
+           continue;
+        auto const a = OptionsA.find(key);
+        auto const b = OptionsB.find(key);
+        if (unlikely(a == OptionsA.end() || b == OptionsB.end()) || a->second != b->second)
+           return _error->Error(_("Conflicting values set for option %s regarding source %s %s"), key.c_str(), URI.c_str(), Dist.c_str());
+      }
+      return true;
+   }
+
+   static debReleaseIndex * GetDebReleaseIndexBy(std::vector<metaIndex *> &List, std::string const &URI,
+                          std::string const &Dist, std::map<std::string, std::string> const &Options)
    {
-      debReleaseIndex *Deb = NULL;
-      for (std::vector<metaIndex *>::const_iterator I = List.begin();
-          I != List.end(); ++I)
+      std::map<std::string,std::string> ReleaseOptions = {{
+        { "BASE_URI", constructMetaIndexURI(URI, Dist, "") },
+        { "REPO_URI", URI },
+      }};
+      if (GetBoolOption(Options, "allow-insecure", _config->FindB("Acquire::AllowInsecureRepositories")))
+        ReleaseOptions.emplace("ALLOW_INSECURE", "true");
+      if (GetBoolOption(Options, "allow-weak", _config->FindB("Acquire::AllowWeakRepositories")))
+        ReleaseOptions.emplace("ALLOW_WEAK", "true");
+      if (GetBoolOption(Options, "allow-downgrade-to-insecure", _config->FindB("Acquire::AllowDowngradeToInsecureRepositories")))
+        ReleaseOptions.emplace("ALLOW_DOWNGRADE_TO_INSECURE", "true");
+
+      debReleaseIndex * Deb = nullptr;
+      std::string const FileName = URItoFileName(constructMetaIndexURI(URI, Dist, "Release"));
+      for (auto const &I: List)
       {
         // We only worry about debian entries here
-        if (strcmp((*I)->GetType(), "deb") != 0)
+        if (strcmp(I->GetType(), "deb") != 0)
+           continue;
+
+        auto const D = dynamic_cast<debReleaseIndex*>(I);
+        if (unlikely(D == nullptr))
            continue;
 
-        /* This check insures that there will be only one Release file
+        /* This check ensures that there will be only one Release file
            queued for all the Packages files and Sources files it
            corresponds to. */
-        if ((*I)->GetURI() == URI && (*I)->GetDist() == Dist)
+        if (URItoFileName(D->MetaIndexURI("Release")) == FileName)
         {
-           Deb = dynamic_cast<debReleaseIndex*>(*I);
-           if (Deb != NULL)
-              break;
+           if (MapsAreEqual(ReleaseOptions, D->GetReleaseOptions(), URI, Dist) == false)
+              return nullptr;
+           Deb = D;
+           break;
         }
       }
 
       // No currently created Release file indexes this entry, so we create a new one.
-      if (Deb == NULL)
+      if (Deb == nullptr)
       {
-        Deb = new debReleaseIndex(URI, Dist);
+        Deb = new debReleaseIndex(URI, Dist, ReleaseOptions);
         List.push_back(Deb);
       }
+      return Deb;
+   }
+
+   protected:
+
+   bool CreateItemInternal(std::vector<metaIndex *> &List, std::string const &URI,
+                          std::string const &Dist, std::string const &Section,
+                          bool const &IsSrc, std::map<std::string, std::string> const &Options) const
+   {
+      auto const Deb = GetDebReleaseIndexBy(List, URI, Dist, Options);
+
+      bool const UsePDiffs = GetBoolOption(Options, "pdiffs", _config->FindB("Acquire::PDiffs", true));
+
+      std::string UseByHash = _config->Find("APT::Acquire::By-Hash", "yes");
+      UseByHash = _config->Find("Acquire::By-Hash", UseByHash);
+      {
+        std::string const host = ::URI(URI).Host;
+        UseByHash = _config->Find("APT::Acquire::" + host + "::By-Hash", UseByHash);
+        UseByHash = _config->Find("Acquire::" + host + "::By-Hash", UseByHash);
+        std::map<std::string, std::string>::const_iterator const opt = Options.find("by-hash");
+        if (opt != Options.end())
+           UseByHash = opt->second;
+      }
 
+      auto const entry = Options.find("sourceslist-entry");
       Deb->AddComponent(
+           entry->second,
            IsSrc,
            Section,
-           parsePlusMinusOptions("target", Options, _config->FindVector(std::string("APT::Acquire::Targets::") + Name, "", true)),
-           parsePlusMinusOptions("arch", Options, APT::Configuration::getArchitectures()),
-           parsePlusMinusOptions("lang", Options, APT::Configuration::getLanguages(true))
+           parsePlusMinusTargetOptions(Name, Options),
+           parsePlusMinusArchOptions("arch", Options),
+           parsePlusMinusOptions("lang", Options, APT::Configuration::getLanguages(true)),
+           UsePDiffs,
+           UseByHash
            );
 
       if (Deb->SetTrusted(GetTriStateOption(Options, "trusted")) == false ||
@@ -735,7 +1129,30 @@ class APT_HIDDEN debSLTypeDebian : public pkgSourceList::Type             /*{{{*/
       std::map<std::string, std::string>::const_iterator const signedby = Options.find("signed-by");
       if (signedby == Options.end())
       {
-        if (Deb->SetSignedBy("") == false)
+        bool alreadySet = false;
+        std::string filename;
+        if (ReleaseFileName(Deb, filename))
+        {
+           auto OldDeb = Deb->UnloadedClone();
+           _error->PushToStack();
+           OldDeb->Load(filename, nullptr);
+           bool const goodLoad = _error->PendingError() == false;
+           _error->RevertToStack();
+           if (goodLoad)
+           {
+              if (OldDeb->GetValidUntil() > 0)
+              {
+                 time_t const invalid_since = time(NULL) - OldDeb->GetValidUntil();
+                 if (invalid_since <= 0)
+                 {
+                    Deb->SetSignedBy(OldDeb->GetSignedBy());
+                    alreadySet = true;
+                 }
+              }
+           }
+           delete OldDeb;
+        }
+        if (alreadySet == false && Deb->SetSignedBy("") == false)
            return false;
       }
       else
@@ -758,7 +1175,7 @@ class APT_HIDDEN debSLTypeDeb : public debSLTypeDebian                     /*{{{*/
 
    bool CreateItem(std::vector<metaIndex *> &List, std::string const &URI,
                   std::string const &Dist, std::string const &Section,
-                  std::map<std::string, std::string> const &Options) const
+                  std::map<std::string, std::string> const &Options) const APT_OVERRIDE
    {
       return CreateItemInternal(List, URI, Dist, Section, false, Options);
    }
@@ -774,7 +1191,7 @@ class APT_HIDDEN debSLTypeDebSrc : public debSLTypeDebian          /*{{{*/
 
    bool CreateItem(std::vector<metaIndex *> &List, std::string const &URI,
                   std::string const &Dist, std::string const &Section,
-                  std::map<std::string, std::string> const &Options) const
+                  std::map<std::string, std::string> const &Options) const APT_OVERRIDE
    {
       return CreateItemInternal(List, URI, Dist, Section, true, Options);
    }
@@ -785,34 +1202,5 @@ class APT_HIDDEN debSLTypeDebSrc : public debSLTypeDebian         /*{{{*/
 };
                                                                        /*}}}*/
 
-debDebFileMetaIndex::debDebFileMetaIndex(std::string const &DebFile)   /*{{{*/
-   : metaIndex(DebFile, "local-uri", "deb-dist"), d(NULL), DebFile(DebFile)
-{
-   DebIndex = new debDebPkgFileIndex(DebFile);
-   Indexes = new std::vector<pkgIndexFile *>();
-   Indexes->push_back(DebIndex);
-}
-debDebFileMetaIndex::~debDebFileMetaIndex() {}
-                                                                       /*}}}*/
-class APT_HIDDEN debSLTypeDebFile : public pkgSourceList::Type         /*{{{*/
-{
-   public:
-
-   bool CreateItem(std::vector<metaIndex *> &List, std::string const &URI,
-                  std::string const &/*Dist*/, std::string const &/*Section*/,
-                  std::map<std::string, std::string> const &/*Options*/) const
-   {
-      metaIndex *mi = new debDebFileMetaIndex(URI);
-      List.push_back(mi);
-      return true;
-   }
-
-   debSLTypeDebFile() : Type("deb-file", "Debian local deb file")
-   {
-   }
-};
-                                                                       /*}}}*/
-
 APT_HIDDEN debSLTypeDeb _apt_DebType;
 APT_HIDDEN debSLTypeDebSrc _apt_DebSrcType;
-APT_HIDDEN debSLTypeDebFile _apt_DebFileType;