// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: acquire-method.cc,v 1.25 2001/02/20 07:03:17 jgg Exp $
+// $Id: acquire-method.cc,v 1.26 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
Acquire Method
#include <apt-pkg/configuration.h>
#include <apt-pkg/strutl.h>
#include <apt-pkg/fileutl.h>
-
+#include <apt-pkg/hashes.h>
+
#include <stdarg.h>
#include <stdio.h>
#include <unistd.h>
if (Res.MD5Sum.empty() == false)
End += snprintf(End,sizeof(S)-50 - (End - S),"MD5-Hash: %s\n",Res.MD5Sum.c_str());
+ if (Res.SHA1Sum.empty() == false)
+ End += snprintf(End,sizeof(S)-50 - (End - S),"SHA1-Hash: %s\n",Res.SHA1Sum.c_str());
if (Res.ResumePoint != 0)
End += snprintf(End,sizeof(S)-50 - (End - S),"Resume-Point: %lu\n",
if (Alt->MD5Sum.empty() == false)
End += snprintf(End,sizeof(S)-50 - (End - S),"Alt-MD5-Hash: %s\n",
Alt->MD5Sum.c_str());
+ if (Alt->SHA1Sum.empty() == false)
+ End += snprintf(End,sizeof(S)-50 - (End - S),"Alt-SHA1-Hash: %s\n",
+ Alt->SHA1Sum.c_str());
if (Alt->IMSHit == true)
strcat(End,"Alt-IMS-Hit: true\n");
{
}
/*}}}*/
+// AcqMethod::FetchResult::TakeHashes - Load hashes /*{{{*/
+// ---------------------------------------------------------------------
+/* This hides the number of hashes we are supporting from the caller.
+ It just deals with the hash class. */
+void pkgAcqMethod::FetchResult::TakeHashes(Hashes &Hash)
+{
+ MD5Sum = Hash.MD5.Result();
+ SHA1Sum = Hash.SHA1.Result();
+}
+ /*}}}*/
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: acquire-method.h,v 1.14 2001/02/20 07:03:17 jgg Exp $
+// $Id: acquire-method.h,v 1.15 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
Acquire Method - Method helper class + functions
#pragma interface "apt-pkg/acquire-method.h"
#endif
+class Hashes;
class pkgAcqMethod
{
protected:
struct FetchResult
{
string MD5Sum;
+ string SHA1Sum;
time_t LastModified;
bool IMSHit;
string Filename;
unsigned long Size;
- unsigned long ResumePoint;
+ unsigned long ResumePoint;
+
+ void TakeHashes(Hashes &Hash);
FetchResult();
};
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: cachefile.cc,v 1.5 2001/02/20 07:03:17 jgg Exp $
+// $Id: cachefile.cc,v 1.6 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
CacheFile - Simple wrapper class for opening, generating and whatnot
/* This sux, remove it someday */
if (_error->empty() == false)
- _error->Warning(_("You may want to run apt-get update to correct these missing files"));
+ _error->Warning(_("You may want to run apt-get update to correct these problems"));
Cache = new pkgCache(Map);
if (_error->PendingError() == true)
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: debindexfile.cc,v 1.3 2001/02/23 06:41:55 jgg Exp $
+// $Id: debindexfile.cc,v 1.4 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
Debian Specific sources.list types and the three sorts of Debian
public:
bool CreateItem(vector<pkgIndexFile *> &List,string URI,
- string Dist,string Section) const
+ string Dist,string Section,
+ pkgSourceList::Vendor const *Vendor) const
{
List.push_back(new debPackagesIndex(URI,Dist,Section));
return true;
public:
bool CreateItem(vector<pkgIndexFile *> &List,string URI,
- string Dist,string Section) const
- {
+ string Dist,string Section,
+ pkgSourceList::Vendor const *Vendor) const
+ {
List.push_back(new debSourcesIndex(URI,Dist,Section));
return true;
};
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: debrecords.cc,v 1.9 2001/02/20 07:03:17 jgg Exp $
+// $Id: debrecords.cc,v 1.10 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
Debian Package Records - Parser for debian package records
/* */
string debRecordParser::MD5Hash()
{
- return Section.FindS("MD5sum");
+ return Section.FindS("MD5Sum");
+}
+ /*}}}*/
+// RecordParser::SHA1Hash - Return the archive hash /*{{{*/
+// ---------------------------------------------------------------------
+/* */
+string debRecordParser::SHA1Hash()
+{
+ return Section.FindS("SHA1Sum");
}
/*}}}*/
// RecordParser::Maintainer - Return the maintainer email /*{{{*/
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: debrecords.h,v 1.7 2001/02/20 07:03:17 jgg Exp $
+// $Id: debrecords.h,v 1.8 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
Debian Package Records - Parser for debian package records
// These refer to the archive file for the Version
virtual string FileName();
virtual string MD5Hash();
+ virtual string SHA1Hash();
virtual string SourcePkg();
// These are some general stats about the package
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: init.cc,v 1.15 2001/02/20 07:03:17 jgg Exp $
+// $Id: init.cc,v 1.16 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
Init - Initialize the package library
// Configuration
Cnf.Set("Dir::Etc","etc/apt/");
Cnf.Set("Dir::Etc::sourcelist","sources.list");
+ Cnf.Set("Dir::Etc::vendorlist","vendors.list");
+ Cnf.Set("Dir::Etc::vendorparts","vendors.list.d");
Cnf.Set("Dir::Etc::main","apt.conf");
Cnf.Set("Dir::Etc::parts","apt.conf.d");
Cnf.Set("Dir::Etc::preferences","preferences");
Cnf.Set("Dir::Bin::methods","/usr/lib/apt/methods");
-
+
bool Res = true;
// Read an alternate config file
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: pkgrecords.h,v 1.5 2001/02/20 07:03:17 jgg Exp $
+// $Id: pkgrecords.h,v 1.6 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
Package Records - Allows access to complete package description records
// These refer to the archive file for the Version
virtual string FileName() {return string();};
virtual string MD5Hash() {return string();};
+ virtual string SHA1Hash() {return string();};
virtual string SourcePkg() {return string();};
// These are some general stats about the package
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: sourcelist.cc,v 1.18 2001/02/20 07:03:17 jgg Exp $
+// $Id: sourcelist.cc,v 1.19 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
List of Sources
URI = SubstVar(URI,"$(ARCH)",_config->Find("APT::Architecture"));
- // Make sure that the URN is / postfixed
+ // Make sure that the URI is / postfixed
if (URI[URI.size() - 1] != '/')
URI += '/';
/* This is a generic one that is the 'usual' format for sources.list
Weird types may override this. */
bool pkgSourceList::Type::ParseLine(vector<pkgIndexFile *> &List,
+ Vendor const *Vendor,
const char *Buffer,
unsigned long CurLine,
string File) const
if (ParseQuoteWord(Buffer,Section) == true)
return _error->Error(_("Malformed line %lu in source list %s (Absolute dist)"),CurLine,File.c_str());
Dist = SubstVar(Dist,"$(ARCH)",_config->Find("APT::Architecture"));
- return CreateItem(List,URI,Dist,Section);
+ return CreateItem(List,URI,Dist,Section,Vendor);
}
// Grab the rest of the dists
do
{
- if (CreateItem(List,URI,Dist,Section) == false)
+ if (CreateItem(List,URI,Dist,Section,Vendor) == false)
return false;
}
while (ParseQuoteWord(Buffer,Section) == true);
Read(File);
}
/*}}}*/
+// SourceList::ReadVendors - Read list of known package vendors /*{{{*/
+// ---------------------------------------------------------------------
+/* This also scans a directory of vendor files similar to apt.conf.d
+ which can contain the usual suspects of distribution provided data.
+ The APT config mechanism allows the user to override these in their
+ configuration file. */
+bool pkgSourceList::ReadVendors()
+{
+ Configuration Cnf;
+
+ string CnfFile = _config->FindDir("Dir::Etc::vendorparts");
+ if (FileExists(CnfFile) == true)
+ if (ReadConfigDir(Cnf,CnfFile,true) == false)
+ return false;
+ CnfFile = _config->FindFile("Dir::Etc::vendorlist");
+ if (FileExists(CnfFile) == true)
+ if (ReadConfigFile(Cnf,CnfFile,true) == false)
+ return false;
+
+ // Process 'simple-key' type sections
+ const Configuration::Item *Top = Cnf.Tree("simple-key");
+ for (Top = (Top == 0?0:Top->Child); Top != 0; Top = Top->Next)
+ {
+ Configuration Block(Top);
+ Vendor *Vendor;
+
+ Vendor = new pkgSourceList::Vendor;
+
+ Vendor->VendorID = Top->Tag;
+ Vendor->FingerPrint = Block.Find("Fingerprint");
+ Vendor->Description = Block.Find("Name");
+
+ if (Vendor->FingerPrint.empty() == true ||
+ Vendor->Description.empty() == true)
+ {
+ _error->Error(_("Vendor block %s is invalid"), Vendor->VendorID.c_str());
+ delete Vendor;
+ continue;
+ }
+
+ VendorList.push_back(Vendor);
+ }
+
+ return !_error->PendingError();
+}
+ /*}}}*/
// SourceList::ReadMainList - Read the main source list from etc /*{{{*/
// ---------------------------------------------------------------------
/* */
bool pkgSourceList::ReadMainList()
{
- return Read(_config->FindFile("Dir::Etc::sourcelist"));
+ return ReadVendors() && Read(_config->FindFile("Dir::Etc::sourcelist"));
}
/*}}}*/
// SourceList::Read - Parse the sourcelist file /*{{{*/
if (!F != 0)
return _error->Errno("ifstream::ifstream",_("Opening %s"),File.c_str());
- List.erase(List.begin(),List.end());
+ SrcList.erase(SrcList.begin(),SrcList.end());
char Buffer[300];
int CurLine = 0;
if (Parse == 0)
return _error->Error(_("Type '%s' is not known in on line %u in source list %s"),LineType.c_str(),CurLine,File.c_str());
- if (Parse->ParseLine(List,C,CurLine,File) == false)
+ // Authenticated repository
+ Vendor const *Vndr = 0;
+ if (C[0] == '[')
+ {
+ string VendorID;
+
+ if (ParseQuoteWord(C,VendorID) == false)
+ return _error->Error(_("Malformed line %u in source list %s (vendor id)"),CurLine,File.c_str());
+
+ if (VendorID.length() < 2 || VendorID.end()[-1] != ']')
+ return _error->Error(_("Malformed line %u in source list %s (vendor id)"),CurLine,File.c_str());
+ VendorID = string(VendorID,1,VendorID.size()-2);
+
+ for (vector<Vendor const *>::const_iterator iter = VendorList.begin();
+ iter != VendorList.end(); iter++)
+ {
+ if ((*iter)->VendorID == VendorID)
+ {
+ Vndr = *iter;
+ break;
+ }
+ }
+
+ if (Vndr == 0)
+ return _error->Error(_("Unknown vendor ID '%s' in line %u of source list %s"),
+ VendorID.c_str(),CurLine,File.c_str());
+ }
+
+ if (Parse->ParseLine(SrcList,Vndr,C,CurLine,File) == false)
return false;
}
return true;
bool pkgSourceList::FindIndex(pkgCache::PkgFileIterator File,
pkgIndexFile *&Found) const
{
- for (const_iterator I = List.begin(); I != List.end(); I++)
+ for (const_iterator I = SrcList.begin(); I != SrcList.end(); I++)
{
if ((*I)->FindInCache(*File.Cache()) == File)
{
/* */
bool pkgSourceList::GetIndexes(pkgAcquire *Owner) const
{
- for (const_iterator I = List.begin(); I != List.end(); I++)
+ for (const_iterator I = SrcList.begin(); I != SrcList.end(); I++)
if ((*I)->GetIndexes(Owner) == false)
return false;
return true;
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: sourcelist.h,v 1.9 2001/02/20 07:03:17 jgg Exp $
+// $Id: sourcelist.h,v 1.10 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
SourceList - Manage a list of sources
files.sgml.
The types are mapped through a list of type definitions which handle
- the actual construction of the type. After loading a source list all
- you have is a list of package index files that have the ability
+ the actual construction of the back end type. After loading a source
+ list all you have is a list of package index files that have the ability
to be Acquired.
+ The vendor machanism is similar, except the vendor types are hard
+ wired. Before loading the source list the vendor list is loaded.
+ This doesn't load key data, just the checks to preform.
+
##################################################################### */
/*}}}*/
#ifndef PKGLIB_SOURCELIST_H
{
public:
+ // An available vendor
+ struct Vendor
+ {
+ string VendorID;
+ string FingerPrint;
+ string Description;
+
+ /* Lets revisit these..
+ bool MatchFingerPrint(string FingerPrint);
+ string FingerPrintDescr();*/
+ };
+
// List of supported source list types
class Type
{
bool FixupURI(string &URI) const;
virtual bool ParseLine(vector<pkgIndexFile *> &List,
+ Vendor const *Vendor,
const char *Buffer,
unsigned long CurLine,string File) const;
virtual bool CreateItem(vector<pkgIndexFile *> &List,string URI,
- string Dist,string Section) const = 0;
-
+ string Dist,string Section,
+ Vendor const *Vendor) const = 0;
+
Type();
virtual ~Type() {};
};
typedef vector<pkgIndexFile *>::const_iterator const_iterator;
protected:
-
- vector<pkgIndexFile *> List;
+
+ vector<pkgIndexFile *> SrcList;
+ vector<Vendor const *> VendorList;
public:
bool ReadMainList();
bool Read(string File);
+ bool ReadVendors();
// List accessors
- inline const_iterator begin() const {return List.begin();};
- inline const_iterator end() const {return List.end();};
- inline unsigned int size() const {return List.size();};
- inline bool empty() const {return List.empty();};
+ inline const_iterator begin() const {return SrcList.begin();};
+ inline const_iterator end() const {return SrcList.end();};
+ inline unsigned int size() const {return SrcList.size();};
+ inline bool empty() const {return SrcList.empty();};
bool FindIndex(pkgCache::PkgFileIterator File,
pkgIndexFile *&Found) const;
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: tagfile.cc,v 1.27 2001/02/23 06:41:55 jgg Exp $
+// $Id: tagfile.cc,v 1.28 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
Fast scanner for RFC-822 type header information
"Filename",
"Size",
"MD5Sum",
+ "SHA1Sum",
"MSDOS-Filename", // Obsolete
"Description",
0};
* Various cosmetic code updates. Closes: #89066, #89066, #89152
* Add "pre-auto" as an option for DSelect::Clean (run autoclean after
update).
-
+ * More patches from Alfredo for Vendors and more SHA-1 stuff
+
-- Jason Gunthorpe <jgg@debian.org> Thu, 8 Mar 2001 22:48:06 -0700
apt (0.5.3) unstable; urgency=low
<docinfo>
<address><email>apt@packages.debian.org</></address>
<author><firstname>Jason</> <surname>Gunthorpe</></>
- <copyright><year>1998-2000</> <holder>Jason Gunthorpe</></>
- <date>20 September 2000</>
+ <copyright><year>1998-2001</> <holder>Jason Gunthorpe</></>
+ <date>12 March 2001</>
</docinfo>
">
# Man pages
SOURCE = apt-cache.8 apt-get.8 apt-cdrom.8 apt.conf.5 sources.list.5 \
apt-config.8 apt-sortpkgs.1 apt-ftparchive.1 apt_preferences.5 \
- apt-extracttemplates.1
+ apt-extracttemplates.1 vendors.list.5
INCLUDES = apt.ent
include $(SGML_MANPAGE_H)
--- /dev/null
+<!-- -*- mode: sgml; mode: fold -*- -->
+<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V3.1//EN" [
+
+<!ENTITY % aptent SYSTEM "apt.ent">
+%aptent;
+
+]>
+
+<refentry>
+ &apt-docinfo;
+
+ <refmeta>
+ <refentrytitle>vendors.list</>
+ <manvolnum>5</>
+ </refmeta>
+
+ <!-- Man page title -->
+ <refnamediv>
+ <refname>vendors.list</>
+ <refpurpose>Security key configuration for APT</>
+ </refnamediv>
+
+ <RefSect1><Title>Description</>
+ <para>
+ The package vendor list contains a list of all vendors
+ from whom you wish to authenticate downloaded packages.
+ For each vendor listed, it must contain the corresponding
+ PGP key fingerprint, so that APT can perform signature
+ verification of the release file and subsequent checking
+ of the checksums of each downloaded package.
+ To have authentication enabled, you must add the
+ vendor identification string (see below) enclosed in
+ square braces to the sources.list line for all sites that mirror
+ the repository provided by that vendor.
+ <para>
+ The format of this file is similar to the one used by
+ apt.conf. It consists of an arbitrary number of blocks of
+ vendors, where each block starts with a string telling the
+ <replaceable/key_type/ and the <replaceable/vendor_id/.
+ <para>
+ Some vendors may have multiple blocks that define different
+ security policies for their distributions. Debian for instance
+ uses a different signing methodology for stable and unstable releases.
+ <para>
+ <replaceable/key_type/ is the type of the check required.
+ Currently, there is only one type available which is
+ <literal/simple-key/.
+ <para>
+ <replaceable/vendor_id/ is the vendor identification string. It is an
+ arbitrary string you must supply to uniquely identifify a
+ vendor that's listed in this file.
+
+ Example:
+<informalexample><programlisting>
+single_key "joe"
+{
+ Fingerprint "0987AB4378FSD872343298787ACC";
+ Name "Joe Shmoe <joe@shmoe.com>";
+}
+</programlisting></informalexample>
+
+ </RefSect1>
+
+ <RefSect1><Title>The simple-key type</>
+ <para>
+ This type of verification is used when the vendor has a single
+ secured key that must be used to sign the Release file. The
+ following items should be present
+
+ <VariableList>
+ <VarListEntry><Term>Fingerprint</Term>
+ <ListItem><Para>
+ The PGP fingerprint for the key. The fingerprint should be
+ expressed in the standard notion with or without spaces.
+ The <option/--fingerprint/ option for
+ <CiteRefEntry><RefEntryTitle><command/gpg/</RefEntryTitle><ManVolNum/1/</CiteRefEntry>
+ will show the fingerprint for the selected keys(s).
+ </VarListEntry>
+
+ <VarListEntry><Term>Name</Term>
+ <ListItem><Para>
+ A string containing a description of the owner of
+ the key or vendor. You may put the vendor name and it's
+ email. The string must be quoted with ".
+ </VarListEntry>
+
+ </VariableList>
+ </RefSect1>
+
+ <RefSect1><Title>Files</>
+ <para>
+ <filename>/etc/apt/vendors.list</>
+ </RefSect1>
+
+ <RefSect1><Title>See Also</>
+ <para>
+ &sources-list;
+ </RefSect1>
+
+ &manbugs;
+ &manauthor;
+
+</refentry>
+
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: ftp.cc,v 1.24 2001/03/06 07:15:29 jgg Exp $
+// $Id: ftp.cc,v 1.25 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
FTP Aquire Method - This is the FTP aquire method for APT.
}
Res.LastModified = FailTime;
- Res.MD5Sum = Hash.MD5.Result();
+ Res.TakeHashes(Hash);
// Timestamp
struct utimbuf UBuf;
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: gzip.cc,v 1.14 2001/03/11 22:37:35 jgg Exp $
+// $Id: gzip.cc,v 1.15 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
GZip method - Take a file URI in and decompress it into the target
// Return a Done response
Res.LastModified = Buf.st_mtime;
Res.Size = Buf.st_size;
- Res.MD5Sum = Hash.MD5.Result();
+ Res.TakeHashes(Hash);
URIDone(Res);
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: http.cc,v 1.50 2001/03/06 07:15:29 jgg Exp $
+// $Id: http.cc,v 1.51 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
HTTP Aquire Method - This is the HTTP aquire method for APT.
// Send status to APT
if (Result == true)
{
- Res.MD5Sum = Server->In.Hash->MD5.Result();
+ Res.TakeHashes(*Server->In.Hash);
URIDone(Res);
}
else
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
-// $Id: rsh.cc,v 1.3 2001/03/06 07:15:29 jgg Exp $
+// $Id: rsh.cc,v 1.4 2001/03/13 06:51:46 jgg Exp $
/* ######################################################################
RSH method - Transfer files via rsh compatible program
}
Res.LastModified = FailTime;
- Res.MD5Sum = Hash.MD5.Result();
+ Res.TakeHashes(Hash);
// Timestamp
struct utimbuf UBuf;
projects / apt.git / commitdiff
