/debian/apt-transport-https/
# generated from *.in files
+/cmdline/apt-key
+/doc/apt-vendor.ent
/doc/examples/sources.list
/debian/libapt-pkg*.install
/debian/libapt-inst*.install
/debian/libapt-pkg-dev.install
+/vendor/current
+/vendor/debian/sources.list
+/vendor/ubuntu/sources.list
.PHONY: headers library clean veryclean all binary program doc test update-po
all headers library clean veryclean binary program doc manpages debiandoc test update-po startup dirs:
+ $(MAKE) -C vendor $@
$(MAKE) -C apt-pkg $@
$(MAKE) -C apt-inst $@
$(MAKE) -C apt-private $@
$(MAKE) -C dselect $@
$(MAKE) -C doc $@
$(MAKE) -C po $@
- $(MAKE) -C test $@
+ $(MAKE) -C test $@
all headers library clean veryclean binary program doc manpages debiandoc test update-po: startup dirs
/* */
bool FileFd::Truncate(unsigned long long To)
{
+ // truncating /dev/null is always successful - as we get an error otherwise
+ if (To == 0 && FileName == "/dev/null")
+ return true;
#if defined HAVE_ZLIB || defined HAVE_BZ2
if (d != NULL && (d->gz != NULL || d->bz2 != NULL))
return FileFdError("Truncating compressed files is not implemented (%s)", FileName.c_str());
}
// do not report out-of-memory failures
- if(strstr(errormsg, strerror(ENOMEM)) != NULL) {
+ if(strstr(errormsg, strerror(ENOMEM)) != NULL ||
+ strstr(errormsg, "failed to allocate memory") != NULL) {
std::clog << _("No apport report written because the error message indicates a out of memory error") << std::endl;
return;
}
- // do not report dpkg I/O errors
- // XXX - this message is localized, but this only matches the English version. This is better than nothing.
- if(strstr(errormsg, "short read in buffer_copy (")) {
- std::clog << _("No apport report written because the error message indicates a dpkg I/O error") << std::endl;
+ // do not report bugs regarding inaccessible local files
+ if(strstr(errormsg, strerror(ENOENT)) != NULL ||
+ strstr(errormsg, "cannot access archive") != NULL) {
+ std::clog << _("No apport report written because the error message indicates an issue on the local system") << std::endl;
return;
}
+ // do not report errors encountered when decompressing packages
+ if(strstr(errormsg, "--fsys-tarfile returned error exit status 2") != NULL) {
+ std::clog << _("No apport report written because the error message indicates an issue on the local system") << std::endl;
+ return;
+ }
+
+ // do not report dpkg I/O errors, this is a format string, so we compare
+ // the prefix and the suffix of the error with the dpkg error message
+ vector<string> io_errors;
+ io_errors.push_back(string("failed to read on buffer copy for %s"));
+ io_errors.push_back(string("failed in write on buffer copy for %s"));
+ io_errors.push_back(string("short read on buffer copy for %s"));
+
+ for (vector<string>::iterator I = io_errors.begin(); I != io_errors.end(); I++)
+ {
+ vector<string> list = VectorizeString(dgettext("dpkg", (*I).c_str()), '%');
+ if (list.size() > 1) {
+ // we need to split %s, VectorizeString only allows char so we need
+ // to kill the "s" manually
+ if (list[1].size() > 1) {
+ list[1].erase(0, 1);
+ if(strstr(errormsg, list[0].c_str()) &&
+ strstr(errormsg, list[1].c_str())) {
+ std::clog << _("No apport report written because the error message indicates a dpkg I/O error") << std::endl;
+ return;
+ }
+ }
+ }
+ }
+
// get the pkgname and reportfile
pkgname = flNotDir(pkgpath);
pos = pkgname.find('_');
if(log != NULL)
{
char buf[1024];
+ while( fgets(buf, sizeof(buf), log) != NULL)
+ fprintf(report, " %s", buf);
+ fprintf(report, " \n");
+ fclose(log);
+ }
+ }
+
+ // attach history log it if we have it
+ string histfile_name = _config->FindFile("Dir::Log::History");
+ if (!histfile_name.empty())
+ {
+ FILE *log = NULL;
+ char buf[1024];
+
+ fprintf(report, "DpkgHistoryLog:\n");
+ log = fopen(histfile_name.c_str(),"r");
+ if(log != NULL)
+ {
while( fgets(buf, sizeof(buf), log) != NULL)
fprintf(report, " %s", buf);
fclose(log);
Cnf.CndSet("APT::Install-Suggests", false);
Cnf.CndSet("Dir","/");
- // State
+ // State
Cnf.CndSet("Dir::State","var/lib/apt/");
-
- /* Just in case something goes horribly wrong, we can fall back to the
- old /var/state paths.. */
- struct stat St;
- if (stat("/var/lib/apt/.",&St) != 0 &&
- stat("/var/state/apt/.",&St) == 0)
- Cnf.CndSet("Dir::State","var/state/apt/");
-
Cnf.CndSet("Dir::State::lists","lists/");
Cnf.CndSet("Dir::State::cdroms","cdroms.list");
Cnf.CndSet("Dir::State::mirrors","mirrors/");
#include <apt-pkg/configuration.h>
#include <apt-pkg/metaindex.h>
#include <apt-pkg/indexfile.h>
+#include <apt-pkg/tagfile.h>
#include <fstream>
return true;
}
/*}}}*/
-
// SourceList::pkgSourceList - Constructors /*{{{*/
// ---------------------------------------------------------------------
/* */
delete *I;
}
/*}}}*/
- /*}}}*/
// SourceList::ReadMainList - Read the main source list from etc /*{{{*/
// ---------------------------------------------------------------------
/* */
return Res;
}
/*}}}*/
-// CNC:2003-03-03 - Needed to preserve backwards compatibility.
// SourceList::Reset - Clear the sourcelist contents /*{{{*/
// ---------------------------------------------------------------------
/* */
SrcList.erase(SrcList.begin(),SrcList.end());
}
/*}}}*/
-// CNC:2003-03-03 - Function moved to ReadAppend() and Reset().
// SourceList::Read - Parse the sourcelist file /*{{{*/
// ---------------------------------------------------------------------
/* */
// ---------------------------------------------------------------------
/* */
bool pkgSourceList::ReadAppend(string File)
+{
+ if (_config->FindB("APT::Sources::Use-Deb822", true) == true)
+ if (ParseFileDeb822(File))
+ return true;
+ return ParseFileOldStyle(File);
+}
+
+// SourceList::ReadFileOldStyle - Read Traditional style sources.list /*{{{*/
+// ---------------------------------------------------------------------
+/* */
+bool pkgSourceList::ParseFileOldStyle(string File)
{
// Open the stream for reading
ifstream F(File.c_str(),ios::in /*| ios::nocreate*/);
if (!F != 0)
return _error->Errno("ifstream::ifstream",_("Opening %s"),File.c_str());
-
-#if 0 // Now Reset() does this.
- for (const_iterator I = SrcList.begin(); I != SrcList.end(); I++)
- delete *I;
- SrcList.erase(SrcList.begin(),SrcList.end());
-#endif
+
// CNC:2003-12-10 - 300 is too short.
char Buffer[1024];
return true;
}
/*}}}*/
+// SourceList::ParseFileDeb822 - Parse deb822 style sources.list /*{{{*/
+// ---------------------------------------------------------------------
+/* */
+bool pkgSourceList::ParseFileDeb822(string File)
+{
+
+ pkgTagSection Tags;
+ map<string, string> Options;
+ unsigned int i=0;
+
+ // see if we can read the file
+ _error->PushToStack();
+ FileFd Fd(File, FileFd::ReadOnly);
+ pkgTagFile Sources(&Fd);
+ if (_error->PendingError() == true)
+ {
+ _error->RevertToStack();
+ return false;
+ }
+ _error->MergeWithStack();
+
+ // read step by step
+ while (Sources.Step(Tags) == true)
+ {
+ if(!Tags.Exists("Type"))
+ continue;
+
+ string const type = Tags.FindS("Type");
+ Type *Parse = Type::GetType(type.c_str());
+ if (Parse == 0)
+ return _error->Error(_("Type '%s' is not known on stanza %u in source list %s"),type.c_str(),i,Fd.Name().c_str());
+
+ string URI = Tags.FindS("URL");
+ if (!Parse->FixupURI(URI))
+ return _error->Error(_("Malformed stanza %u in source list %s (URI parse)"),i,Fd.Name().c_str());
+
+ string Dist = Tags.FindS("Dist");
+ Dist = SubstVar(Dist,"$(ARCH)",_config->Find("APT::Architecture"));
+
+ // check if there are any options we support
+ const char* option_str[] = {
+ "arch", "arch+", "arch-", "trusted" };
+ for (unsigned int j=0; j < sizeof(option_str)/sizeof(char*); j++)
+ if (Tags.Exists(option_str[j]))
+ Options[option_str[j]] = Tags.FindS(option_str[j]);
+
+ // now create one item per section
+ string const Section = Tags.FindS("Section");
+ std::vector<std::string> list;
+ if (Section.find(","))
+ list = StringSplit(Section, ",");
+ else
+ list = StringSplit(Section, " ");
+ for (std::vector<std::string>::const_iterator I = list.begin();
+ I != list.end(); I++)
+ Parse->CreateItem(SrcList, URI, Dist, (*I), Options);
+
+ i++;
+ }
+
+ // we are done
+ if(i>0)
+ return true;
+
+ return false;
+}
+ /*}}}*/
// SourceList::FindIndex - Get the index associated with a file /*{{{*/
// ---------------------------------------------------------------------
/* */
protected:
std::vector<metaIndex *> SrcList;
-
+
+ bool ParseFileDeb822(std::string File);
+ bool ParseFileOldStyle(std::string File);
+
public:
bool ReadMainList();
# generate a list of accepted man page translations
SOURCE = $(patsubst %.xml,%,$(wildcard *.$(LC).?.xml))
-INCLUDES = apt.ent apt-verbatim.ent
+INCLUDES = apt.ent apt-verbatim.ent apt-vendor.ent
manpages:
veryclean: veryclean/$(LOCAL)
apt-verbatim.ent: ../apt-verbatim.ent
- cp ../apt-verbatim.ent .
+ cp -a ../apt-verbatim.ent .
+
+apt-vendor.ent: ../apt-vendor.ent
+ cp -a ../apt-vendor.ent .
manpage-style.xsl: ../manpage-style.xsl
sed "/<!-- LANGUAGE -->/ i\
+++ /dev/null
-#!/bin/sh
-
-set -e
-unset GREP_OPTIONS
-
-GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
-
-# gpg needs a trustdb to function, but it can't be invalid (not even empty)
-# so we create a temporary directory to store our fresh readable trustdb in
-TRUSTDBDIR="$(mktemp -d)"
-CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';"
-trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
-chmod 700 "$TRUSTDBDIR"
-# We also don't use a secret keyring, of course, but gpg panics and
-# implodes if there isn't one available - and writeable for imports
-SECRETKEYRING="${TRUSTDBDIR}/secring.gpg"
-touch $SECRETKEYRING
-GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING"
-GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg"
-
-# now create the trustdb with an (empty) dummy keyring
-$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING
-# and make sure that gpg isn't trying to update the file
-GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always"
-
-GPG="$GPG_CMD"
-
-MASTER_KEYRING=""
-#MASTER_KEYRING=/usr/share/keyrings/debian-master-keyring.gpg
-eval $(apt-config shell MASTER_KEYRING APT::Key::MasterKeyring)
-ARCHIVE_KEYRING_URI=""
-#ARCHIVE_KEYRING_URI=http://ftp.debian.org/debian/debian-archive-keyring.gpg
-eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI)
-
-ARCHIVE_KEYRING=/usr/share/keyrings/debian-archive-keyring.gpg
-eval $(apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring)
-REMOVED_KEYS=/usr/share/keyrings/debian-archive-removed-keys.gpg
-eval $(apt-config shell REMOVED_KEYS APT::Key::RemovedKeys)
-
-requires_root() {
- if [ "$(id -u)" -ne 0 ]; then
- echo >&1 "ERROR: This command can only be used by root."
- exit 1
- fi
-}
-
-# gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead.
-init_keyring() {
- for path; do
- if ! [ -e "$path" ]; then
- touch -- "$path"
- chmod 0644 -- "$path"
- fi
- done
-}
-
-add_keys_with_verify_against_master_keyring() {
- ADD_KEYRING=$1
- MASTER=$2
-
- if [ ! -f "$ADD_KEYRING" ]; then
- echo "ERROR: '$ADD_KEYRING' not found"
- return
- fi
- if [ ! -f "$MASTER" ]; then
- echo "ERROR: '$MASTER' not found"
- return
- fi
-
- # when adding new keys, make sure that the archive-master-keyring
- # is honored. so:
- # all keys that are exported must have a valid signature
- # from a key in the $distro-master-keyring
- add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5`
- master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5`
- for add_key in $add_keys; do
- ADDED=0
- for master_key in $master_keys; do
- if $GPG_CMD --keyring $ADD_KEYRING --list-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then
- $GPG_CMD --quiet --batch --keyring $ADD_KEYRING --export $add_key | $GPG --import
- ADDED=1
- fi
- done
- if [ $ADDED = 0 ]; then
- echo >&2 "Key '$add_key' not added. It is not signed with a master key"
- fi
- done
-}
-
-# update the current archive signing keyring from a network URI
-# the archive-keyring keys needs to be signed with the master key
-# (otherwise it does not make sense from a security POV)
-net_update() {
- if [ -z "$ARCHIVE_KEYRING_URI" ]; then
- echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set"
- exit 1
- fi
- requires_root
- # in theory we would need to depend on wget for this, but this feature
- # isn't useable in debian anyway as we have no keyring uri nor a master key
- if ! which wget >/dev/null 2>&1; then
- echo >&2 "ERROR: an installed wget is required for a network-based update"
- exit 1
- fi
- if [ ! -d /var/lib/apt/keyrings ]; then
- mkdir -p /var/lib/apt/keyrings
- fi
- keyring=/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING)
- old_mtime=0
- if [ -e $keyring ]; then
- old_mtime=$(stat -c %Y $keyring)
- fi
- (cd /var/lib/apt/keyrings; wget -q -N $ARCHIVE_KEYRING_URI)
- if [ ! -e $keyring ]; then
- return
- fi
- new_mtime=$(stat -c %Y $keyring)
- if [ $new_mtime -ne $old_mtime ]; then
- echo "Checking for new archive signing keys now"
- add_keys_with_verify_against_master_keyring $keyring $MASTER_KEYRING
- fi
-}
-
-update() {
- if [ ! -f $ARCHIVE_KEYRING ]; then
- echo >&2 "ERROR: Can't find the archive-keyring"
- echo >&2 "Is the debian-archive-keyring package installed?"
- exit 1
- fi
- requires_root
-
- # add new keys from the package;
-
- # we do not use add_keys_with_verify_against_master_keyring here,
- # because "update" is run on regular package updates. A
- # attacker might as well replace the master-archive-keyring file
- # in the package and add his own keys. so this check wouldn't
- # add any security. we *need* this check on net-update though
- $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import
-
- if [ -r "$REMOVED_KEYS" ]; then
- # remove no-longer supported/used keys
- keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys | grep ^pub | cut -d: -f5`
- for key in $keys; do
- if $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5 | grep -q $key; then
- $GPG --quiet --batch --delete-key --yes ${key}
- fi
- done
- else
- echo "Warning: removed keys keyring $REMOVED_KEYS missing or not readable" >&2
- fi
-}
-
-remove_key_from_keyring() {
- local GPG="$GPG_CMD --keyring $1"
- # check if the key is in this keyring: the key id is in the 5 column at the end
- if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+$2:"; then
- return
- fi
- if [ ! -w "$1" ]; then
- echo >&2 "Key ${2} is in keyring ${1}, but can't be removed as it is read only."
- return
- fi
- # check if it is the only key in the keyring and if so remove the keyring alltogether
- if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then
- mv -f "$1" "${1}~" # behave like gpg
- return
- fi
- # we can't just modify pointed to files as these might be in /usr or something
- local REALTARGET
- if [ -L "$1" ]; then
- REALTARGET="$(readlink -f "$1")"
- mv -f "$1" "${1}.dpkg-tmp"
- cp -a "$REALTARGET" "$1"
- ls "$(dirname $1)"
- fi
- # delete the key from the keyring
- $GPG --batch --delete-key --yes "$2"
- if [ -n "$REALTARGET" ]; then
- # the real backup is the old link, not the copy we made
- mv -f "${1}.dpkg-tmp" "${1}~"
- fi
-}
-
-remove_key() {
- requires_root
-
- # if a --keyring was given, just remove from there
- if [ -n "$FORCED_KEYRING" ]; then
- remove_key_from_keyring "$FORCED_KEYRING" "$1"
- else
- # otherwise all known keyrings are up for inspection
- local TRUSTEDFILE="/etc/apt/trusted.gpg"
- eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring)
- eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f)
- remove_key_from_keyring "$TRUSTEDFILE" "$1"
- TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
- eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)
- if [ -d "$TRUSTEDPARTS" ]; then
- for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do
- remove_key_from_keyring "$trusted" "$1"
- done
- fi
- fi
- echo "OK"
-}
-
-
-usage() {
- echo "Usage: apt-key [--keyring file] [command] [arguments]"
- echo
- echo "Manage apt's list of trusted keys"
- echo
- echo " apt-key add <file> - add the key contained in <file> ('-' for stdin)"
- echo " apt-key del <keyid> - remove the key <keyid>"
- echo " apt-key export <keyid> - output the key <keyid>"
- echo " apt-key exportall - output all trusted keys"
- echo " apt-key update - update keys using the keyring package"
- echo " apt-key net-update - update keys using the network"
- echo " apt-key list - list keys"
- echo " apt-key finger - list fingerprints"
- echo " apt-key adv - pass advanced options to gpg (download key)"
- echo
- echo "If no specific keyring file is given the command applies to all keyring files."
-}
-
-while [ -n "$1" ]; do
- case "$1" in
- --keyring)
- shift
- TRUSTEDFILE="$1"
- FORCED_KEYRING="$1"
- if [ -r "$TRUSTEDFILE" ] || [ "$2" = 'add' ] || [ "$2" = 'adv' ]; then
- GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE"
- else
- echo >&2 "Error: The specified keyring »$TRUSTEDFILE« is missing or not readable"
- exit 1
- fi
- shift
- ;;
- --fakeroot)
- requires_root() { true; }
- shift
- ;;
- --*)
- echo >&2 "Unknown option: $1"
- usage
- exit 1;;
- *)
- break;;
- esac
-done
-
-if [ -z "$TRUSTEDFILE" ]; then
- TRUSTEDFILE="/etc/apt/trusted.gpg"
- eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring)
- eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f)
- if [ -r "$TRUSTEDFILE" ]; then
- GPG="$GPG --keyring $TRUSTEDFILE"
- fi
- GPG="$GPG --primary-keyring $TRUSTEDFILE"
- TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
- eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)
- if [ -d "$TRUSTEDPARTS" ]; then
- # strip / suffix as gpg will double-slash in that case (#665411)
- STRIPPED_TRUSTEDPARTS="${TRUSTEDPARTS%/}"
- if [ "${STRIPPED_TRUSTEDPARTS}/" = "$TRUSTEDPARTS" ]; then
- TRUSTEDPARTS="$STRIPPED_TRUSTEDPARTS"
- fi
- for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do
- GPG="$GPG --keyring $trusted"
- done
- fi
-fi
-
-command="$1"
-if [ -z "$command" ]; then
- usage
- exit 1
-fi
-shift
-
-if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then
- echo >&2 "Warning: gnupg does not seem to be installed."
- echo >&2 "Warning: apt-key requires gnupg for most operations."
- echo >&2
-fi
-
-case "$command" in
- add)
- requires_root
- init_keyring "$TRUSTEDFILE"
- $GPG --quiet --batch --import "$1"
- echo "OK"
- ;;
- del|rm|remove)
- init_keyring "$TRUSTEDFILE"
- remove_key "$1"
- ;;
- update)
- init_keyring "$TRUSTEDFILE"
- update
- ;;
- net-update)
- init_keyring "$TRUSTEDFILE"
- net_update
- ;;
- list)
- init_keyring "$TRUSTEDFILE"
- $GPG --batch --list-keys
- ;;
- finger*)
- init_keyring "$TRUSTEDFILE"
- $GPG --batch --fingerprint
- ;;
- export)
- init_keyring "$TRUSTEDFILE"
- $GPG --armor --export "$1"
- ;;
- exportall)
- init_keyring "$TRUSTEDFILE"
- $GPG --armor --export
- ;;
- adv*)
- init_keyring "$TRUSTEDFILE"
- echo "Executing: $GPG $*"
- $GPG $*
- ;;
- help)
- usage
- ;;
- *)
- usage
- exit 1
- ;;
-esac
--- /dev/null
+#!/bin/sh
+
+set -e
+unset GREP_OPTIONS
+
+GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
+
+# gpg needs a trustdb to function, but it can't be invalid (not even empty)
+# so we create a temporary directory to store our fresh readable trustdb in
+TRUSTDBDIR="$(mktemp -d)"
+CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';"
+trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
+chmod 700 "$TRUSTDBDIR"
+# We also don't use a secret keyring, of course, but gpg panics and
+# implodes if there isn't one available - and writeable for imports
+SECRETKEYRING="${TRUSTDBDIR}/secring.gpg"
+touch $SECRETKEYRING
+GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING"
+GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg"
+
+# now create the trustdb with an (empty) dummy keyring
+$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING
+# and make sure that gpg isn't trying to update the file
+GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always"
+
+GPG="$GPG_CMD"
+
+MASTER_KEYRING='&keyring-master-filename;'
+eval $(apt-config shell MASTER_KEYRING APT::Key::MasterKeyring)
+ARCHIVE_KEYRING='&keyring-filename;'
+eval $(apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring)
+REMOVED_KEYS='&keyring-removed-filename;'
+eval $(apt-config shell REMOVED_KEYS APT::Key::RemovedKeys)
+ARCHIVE_KEYRING_URI='&keyring-uri;'
+eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI)
+TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg
+
+requires_root() {
+ if [ "$(id -u)" -ne 0 ]; then
+ echo >&1 "ERROR: This command can only be used by root."
+ exit 1
+ fi
+}
+
+# gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead.
+init_keyring() {
+ for path; do
+ if ! [ -e "$path" ]; then
+ touch -- "$path"
+ chmod 0644 -- "$path"
+ fi
+ done
+}
+
+add_keys_with_verify_against_master_keyring() {
+ ADD_KEYRING=$1
+ MASTER=$2
+
+ if [ ! -f "$ADD_KEYRING" ]; then
+ echo "ERROR: '$ADD_KEYRING' not found"
+ return
+ fi
+ if [ ! -f "$MASTER" ]; then
+ echo "ERROR: '$MASTER' not found"
+ return
+ fi
+
+ # when adding new keys, make sure that the archive-master-keyring
+ # is honored. so:
+ # all keys that are exported must have a valid signature
+ # from a key in the $distro-master-keyring
+ add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5`
+ all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5`
+ master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5`
+
+ # ensure there are no colisions LP: #857472
+ for all_add_key in $all_add_keys; do
+ for master_key in $master_keys; do
+ if [ "$all_add_key" = "$master_key" ]; then
+ echo >&2 "Keyid collision for '$all_add_key' detected, operation aborted"
+ return 1
+ fi
+ done
+ done
+
+ for add_key in $add_keys; do
+ # export the add keyring one-by-one
+ rm -f $TMP_KEYRING
+ $GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key
+ # check if signed with the master key and only add in this case
+ ADDED=0
+ for master_key in $master_keys; do
+ if $GPG_CMD --keyring $MASTER --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then
+ $GPG --import $TMP_KEYRING
+ ADDED=1
+ fi
+ done
+ if [ $ADDED = 0 ]; then
+ echo >&2 "Key '$add_key' not added. It is not signed with a master key"
+ fi
+ done
+ rm -f $TMP_KEYRING
+}
+
+# update the current archive signing keyring from a network URI
+# the archive-keyring keys needs to be signed with the master key
+# (otherwise it does not make sense from a security POV)
+net_update() {
+ # Disabled for now as code is insecure (LP: #1013639 (and 857472, 1013128))
+ exit 1
+
+ if [ -z "$ARCHIVE_KEYRING_URI" ]; then
+ echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set"
+ exit 1
+ fi
+ requires_root
+ # in theory we would need to depend on wget for this, but this feature
+ # isn't useable in debian anyway as we have no keyring uri nor a master key
+ if ! which wget >/dev/null 2>&1; then
+ echo >&2 "ERROR: an installed wget is required for a network-based update"
+ exit 1
+ fi
+ if [ ! -d /var/lib/apt/keyrings ]; then
+ mkdir -p /var/lib/apt/keyrings
+ fi
+ keyring=/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING)
+ old_mtime=0
+ if [ -e $keyring ]; then
+ old_mtime=$(stat -c %Y $keyring)
+ fi
+ (cd /var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI)
+ if [ ! -e $keyring ]; then
+ return
+ fi
+ new_mtime=$(stat -c %Y $keyring)
+ if [ $new_mtime -ne $old_mtime ]; then
+ echo "Checking for new archive signing keys now"
+ add_keys_with_verify_against_master_keyring $keyring $MASTER_KEYRING
+ fi
+}
+
+update() {
+ if [ ! -f $ARCHIVE_KEYRING ]; then
+ echo >&2 "ERROR: Can't find the archive-keyring"
+ echo >&2 "Is the &keyring-package; package installed?"
+ exit 1
+ fi
+ requires_root
+
+ # add new keys from the package;
+
+ # we do not use add_keys_with_verify_against_master_keyring here,
+ # because "update" is run on regular package updates. A
+ # attacker might as well replace the master-archive-keyring file
+ # in the package and add his own keys. so this check wouldn't
+ # add any security. we *need* this check on net-update though
+ $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import
+
+ if [ -r "$REMOVED_KEYS" ]; then
+ # remove no-longer supported/used keys
+ keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys | grep ^pub | cut -d: -f5`
+ for key in $keys; do
+ if $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5 | grep -q $key; then
+ $GPG --quiet --batch --delete-key --yes ${key}
+ fi
+ done
+ else
+ echo "Warning: removed keys keyring $REMOVED_KEYS missing or not readable" >&2
+ fi
+}
+
+remove_key_from_keyring() {
+ local GPG="$GPG_CMD --keyring $1"
+ # check if the key is in this keyring: the key id is in the 5 column at the end
+ if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+$2:"; then
+ return
+ fi
+ if [ ! -w "$1" ]; then
+ echo >&2 "Key ${2} is in keyring ${1}, but can't be removed as it is read only."
+ return
+ fi
+ # check if it is the only key in the keyring and if so remove the keyring alltogether
+ if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then
+ mv -f "$1" "${1}~" # behave like gpg
+ return
+ fi
+ # we can't just modify pointed to files as these might be in /usr or something
+ local REALTARGET
+ if [ -L "$1" ]; then
+ REALTARGET="$(readlink -f "$1")"
+ mv -f "$1" "${1}.dpkg-tmp"
+ cp -a "$REALTARGET" "$1"
+ ls "$(dirname $1)"
+ fi
+ # delete the key from the keyring
+ $GPG --batch --delete-key --yes "$2"
+ if [ -n "$REALTARGET" ]; then
+ # the real backup is the old link, not the copy we made
+ mv -f "${1}.dpkg-tmp" "${1}~"
+ fi
+}
+
+remove_key() {
+ requires_root
+
+ # if a --keyring was given, just remove from there
+ if [ -n "$FORCED_KEYRING" ]; then
+ remove_key_from_keyring "$FORCED_KEYRING" "$1"
+ else
+ # otherwise all known keyrings are up for inspection
+ local TRUSTEDFILE="/etc/apt/trusted.gpg"
+ eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring)
+ eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f)
+ remove_key_from_keyring "$TRUSTEDFILE" "$1"
+ TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
+ eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)
+ if [ -d "$TRUSTEDPARTS" ]; then
+ for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do
+ remove_key_from_keyring "$trusted" "$1"
+ done
+ fi
+ fi
+ echo "OK"
+}
+
+
+usage() {
+ echo "Usage: apt-key [--keyring file] [command] [arguments]"
+ echo
+ echo "Manage apt's list of trusted keys"
+ echo
+ echo " apt-key add <file> - add the key contained in <file> ('-' for stdin)"
+ echo " apt-key del <keyid> - remove the key <keyid>"
+ echo " apt-key export <keyid> - output the key <keyid>"
+ echo " apt-key exportall - output all trusted keys"
+ echo " apt-key update - update keys using the keyring package"
+ echo " apt-key net-update - update keys using the network"
+ echo " apt-key list - list keys"
+ echo " apt-key finger - list fingerprints"
+ echo " apt-key adv - pass advanced options to gpg (download key)"
+ echo
+ echo "If no specific keyring file is given the command applies to all keyring files."
+}
+
+while [ -n "$1" ]; do
+ case "$1" in
+ --keyring)
+ shift
+ TRUSTEDFILE="$1"
+ FORCED_KEYRING="$1"
+ if [ -r "$TRUSTEDFILE" ] || [ "$2" = 'add' ] || [ "$2" = 'adv' ]; then
+ GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE"
+ else
+ echo >&2 "Error: The specified keyring »$TRUSTEDFILE« is missing or not readable"
+ exit 1
+ fi
+ shift
+ ;;
+ --fakeroot)
+ requires_root() { true; }
+ shift
+ ;;
+ --*)
+ echo >&2 "Unknown option: $1"
+ usage
+ exit 1;;
+ *)
+ break;;
+ esac
+done
+
+if [ -z "$TRUSTEDFILE" ]; then
+ TRUSTEDFILE="/etc/apt/trusted.gpg"
+ eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring)
+ eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f)
+ if [ -r "$TRUSTEDFILE" ]; then
+ GPG="$GPG --keyring $TRUSTEDFILE"
+ fi
+ GPG="$GPG --primary-keyring $TRUSTEDFILE"
+ TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
+ eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)
+ if [ -d "$TRUSTEDPARTS" ]; then
+ # strip / suffix as gpg will double-slash in that case (#665411)
+ STRIPPED_TRUSTEDPARTS="${TRUSTEDPARTS%/}"
+ if [ "${STRIPPED_TRUSTEDPARTS}/" = "$TRUSTEDPARTS" ]; then
+ TRUSTEDPARTS="$STRIPPED_TRUSTEDPARTS"
+ fi
+ for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do
+ GPG="$GPG --keyring $trusted"
+ done
+ fi
+fi
+
+command="$1"
+if [ -z "$command" ]; then
+ usage
+ exit 1
+fi
+shift
+
+if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then
+ echo >&2 "Warning: gnupg does not seem to be installed."
+ echo >&2 "Warning: apt-key requires gnupg for most operations."
+ echo >&2
+fi
+
+case "$command" in
+ add)
+ requires_root
+ init_keyring "$TRUSTEDFILE"
+ $GPG --quiet --batch --import "$1"
+ echo "OK"
+ ;;
+ del|rm|remove)
+ init_keyring "$TRUSTEDFILE"
+ remove_key "$1"
+ ;;
+ update)
+ init_keyring "$TRUSTEDFILE"
+ update
+ ;;
+ net-update)
+ init_keyring "$TRUSTEDFILE"
+ net_update
+ ;;
+ list)
+ init_keyring "$TRUSTEDFILE"
+ $GPG --batch --list-keys
+ ;;
+ finger*)
+ init_keyring "$TRUSTEDFILE"
+ $GPG --batch --fingerprint
+ ;;
+ export)
+ init_keyring "$TRUSTEDFILE"
+ $GPG --armor --export "$1"
+ ;;
+ exportall)
+ init_keyring "$TRUSTEDFILE"
+ $GPG --armor --export
+ ;;
+ adv*)
+ init_keyring "$TRUSTEDFILE"
+ echo "Executing: $GPG $*"
+ $GPG $*
+ ;;
+ help)
+ usage
+ ;;
+ *)
+ usage
+ exit 1
+ ;;
+esac
include $(PROGRAM_H)
# The apt-key program
+apt-key: apt-key.in
+ sed -e "s#&keyring-filename;#$(shell ../vendor/getinfo keyring-filename)#" \
+ -e "s#&keyring-removed-filename;#$(shell ../vendor/getinfo keyring-removed-filename)#" \
+ -e "s#&keyring-master-filename;#$(shell ../vendor/getinfo keyring-master-filename)#" \
+ -e "s#&keyring-uri;#$(shell ../vendor/getinfo keyring-uri)#" \
+ -e "s#&keyring-package;#$(shell ../vendor/getinfo keyring-package)#" $< > $@
+ chmod 755 $@
+
SOURCE=apt-key
TO=$(BIN)
TARGET=program
Package: apt
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, debian-archive-keyring, gnupg
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gnupg
Replaces: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~)
Breaks: manpages-pl (<< 20060617-3~), manpages-it (<< 2.80-4~)
Conflicts: python-apt (<< 0.7.93.2~)
+++ /dev/null
-#! /bin/sh
-
-set -e
-
-# dpkg does this for us while we are upgrading..
-#if [ "$1" = "upgrade" -a -L /var/state/apt -a -e /var/lib/apt -a ! -L /var/state/apt ] && dpkg --compare-versions "$2" ">=" "0.4.10"; then
-# rm /var/state/apt
-#fi
-
-if [ "$1" = "upgrade" -o "$1" = "install" -a "$2" != "" ]; then
- if [ ! -e /var/lib/apt -a -e /var/state/apt ]; then
- # upgrading from /var/state/apt using apt.
- # it's probably running now so we want to ensure /var/state/apt
- # is still valid afterwards. and since we're upgrading
-
- if [ -x /usr/bin/perl -a -d /var/state/apt -a ! -L /var/state/apt ] &&
- perl -e 'exit 1 if ((stat("/var/lib"))[0] != (stat("/var/state/apt"))[0])'
- then
- # same fs, we can mv it
- mv /var/state/apt /var/lib/apt
- ln -s ../lib/apt /var/state/apt
- # note that this symlink (/var/state/apt) will be removed when
- # dpkg finishes unpacking the apt we're about to install; this is okay
- else
- # scary, let's just symlink it and hope
- ln -s /var/state/apt /var/lib/apt
- fi
- fi
- touch /var/lib/apt/lists/partial/.delete-me-later || true
-fi
-
-#DEBHELPER#
# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess.
# Some lines taken from debmake, by Christoph Lameter.
+# build in verbose mode by default to make it easy to diangose issues
+export NOISY=1
+
export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
export DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
dh_fixperms -p$@
dh_installdeb -p$@
dh_shlibdeps -p$@
- dh_gencontrol -p$@
+ dh_gencontrol -p$@ -- -Vapt:keyring="$(shell ./vendor/getinfo keyring-package)"
dh_md5sums -p$@
dh_builddeb -p$@
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
terminal window when packages are installed, upgraded or
removed. For a machine parsable version of this data see
README.progress-reporting in the apt doc directory.
- <literal>DpkgPM::Progress</literal>.</para></listitem>
+ Configuration Item: <literal>DpkgPM::Progress</literal> and <literal>Dpkg::Progress-Fancy</literal>.</para></listitem>
</varlistentry>
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
Update the local keyring with the archive keyring and remove from
the local keyring the archive keys which are no longer valid.
The archive keyring is shipped in the <literal>archive-keyring</literal> package of your
- distribution, e.g. the <literal>debian-archive-keyring</literal> package in Debian.
+ distribution, e.g. the &keyring-package; package in &keyring-distro;.
</para>
<listitem><para>Local trust database of archive keys.</para></listitem>
</varlistentry>
- <varlistentry><term><filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename></term>
- <listitem><para>Keyring of Debian archive trusted keys.</para></listitem>
+ <varlistentry><term>&keyring-filename;</term>
+ <listitem><para>Keyring of &keyring-distro; archive trusted keys.</para></listitem>
</varlistentry>
- <varlistentry><term><filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename></term>
- <listitem><para>Keyring of Debian archive removed trusted keys.</para></listitem>
+ <varlistentry><term>&keyring-removed-filename;</term>
+ <listitem><para>Keyring of &keyring-distro; archive removed trusted keys.</para></listitem>
</varlistentry>
</variablelist>
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
the maintainer signature is stripped off, and checksums of the package
are computed and put in the Packages file. The checksums of all of the
Packages files are then computed and put into the Release file. The
- Release file is then signed by the archive key for this Debian release,
+ Release file is then signed by the archive key for this &keyring-distro; release,
and distributed alongside the packages and the Packages files on
- Debian mirrors. The keys are in the Debian archive keyring available in
- the <package>debian-archive-keyring</package> package.
+ &keyring-distro; mirrors. The keys are in the &keyring-distro; archive keyring
+ available in the &keyring-package; package.
</para>
<para>
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
<!-- this will be updated by 'prepare-release' -->
<!ENTITY apt-product-version "0.9.7.6ubuntu2">
-<!-- Codenames for debian releases -->
+<!-- (Code)names for various things used all over the place -->
<!ENTITY oldstable-codename "squeeze">
<!ENTITY stable-codename "wheezy">
<!ENTITY testing-codename "jessie">
-<!ENTITY stable-version "7.0">
+<!ENTITY stable-version "7">
<!ENTITY ubuntu-codename "precise">
<!-- good and bad just refers to matching and not matching a pattern…
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
ifdef XSLTPROC
# generate a list of accepted man page translations
SOURCE = $(patsubst ../%.xml,%,$(wildcard ../*.?.xml))
-INCLUDES = ../apt.ent ../apt-verbatim.ent
+INCLUDES = ../apt.ent ../apt-verbatim.ent apt-vendor.ent
STYLESHEET=../manpage-style.xsl
LOCAL := manpage-$(firstword $(SOURCE))
$(LOCAL)-LIST := $(SOURCE)
+apt-vendor.ent: ../../vendor/current/apt-vendor.ent
+ ln -sf $(shell readlink -f $^) $@
+
# Install generation hooks
manpages: $($(LOCAL)-LIST) apt.8
veryclean: clean/$(LOCAL)
clean: clean/$(LOCAL)
clean/$(LOCAL):
- -rm -rf $($(@F)-LIST) apt.8
+ -rm -rf $($(@F)-LIST) apt.8 apt-vendor.ent
endif
# Chain to the manpage rule
+++ /dev/null
-# See sources.list(5) manpage for more information
-# Remember that CD-ROMs, DVDs and such are managed through the apt-cdrom tool.
-deb http://ftp.us.debian.org/debian &stable-codename; main contrib non-free
-deb http://security.debian.org &stable-codename;/updates main contrib non-free
-
-# Uncomment if you want the apt-get source function to work
-#deb-src http://ftp.us.debian.org/debian &stable-codename; main contrib non-free
-#deb-src http://security.debian.org &stable-codename;/updates main contrib non-free
doc: manpages debiandoc
-examples/sources.list: examples/sources.list.in apt-verbatim.ent
- sed -e 's#&stable-codename;#$(shell grep --max-count=1 '^<!ENTITY stable-codename "' apt-verbatim.ent | cut -d'"' -f 2)#g' examples/sources.list.in > examples/sources.list
+examples/sources.list: ../vendor/current/sources.list
+ ln -sf $(shell readlink -f $^) $@
+
+apt-vendor.ent: ../vendor/current/apt-vendor.ent
+ ln -sf $(shell readlink -f $^) $@
# Examples
SOURCE = examples/apt.conf examples/sources.list examples/configure-index examples/apt-https-method-example.conf
.PHONY: clean clean/subdirs veryclean veryclean/subdirs manpages/subdirs debiandoc/subdirs all binary doc stats
-clean: clean/subdirs
-veryclean: veryclean/subdirs
-manpages: manpages/subdirs
+clean: clean/subdirs clean/examples
+veryclean: veryclean/subdirs clean/examples
+manpages: manpages/subdirs apt-vendor.ent
debiandoc: debiandoc/subdirs
DOCUMENTATIONPO = $(patsubst %.po,%,$(notdir $(wildcard po/*.po)))
$(MAKE) -C $$dir $(patsubst %/subdirs,%,$@); \
done
+clean/examples:
+ rm -f examples/sources.list
+ rm -f apt-vendor.ent
+
stats:
for i in po/*.po; do echo -n "$$i: "; msgfmt --output-file=/dev/null --statistics $$i; done
"Update the local keyring with the archive keyring and remove from the local "
"keyring the archive keys which are no longer valid. The archive keyring is "
"shipped in the <literal>archive-keyring</literal> package of your "
-"distribution, e.g. the <literal>debian-archive-keyring</literal> package in "
-"Debian."
+"distribution, e.g. the &keyring-package; package in "
+"&keyring-distro;."
msgstr ""
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:183
-msgid "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
+msgid "&keyring-filename;"
msgstr ""
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:184
-msgid "Keyring of Debian archive trusted keys."
+msgid "Keyring of &keyring-distro; archive trusted keys."
msgstr ""
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:187
-msgid "<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+msgid "&keyring-removed-filename;"
msgstr ""
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:188
-msgid "Keyring of Debian archive removed trusted keys."
+msgid "Keyring of &keyring-distro; archive removed trusted keys."
msgstr ""
#. type: Content of: <refentry><refsect1><para>
"maintainer signature is stripped off, and checksums of the package are "
"computed and put in the Packages file. The checksums of all of the Packages "
"files are then computed and put into the Release file. The Release file is "
-"then signed by the archive key for this Debian release, and distributed "
-"alongside the packages and the Packages files on Debian mirrors. The keys "
-"are in the Debian archive keyring available in the "
-"<package>debian-archive-keyring</package> package."
+"then signed by the archive key for this &keyring-distro; release, and distributed "
+"alongside the packages and the Packages files on &keyring-distro; mirrors. The keys "
+"are in the &keyring-distro; archive keyring available in the "
+"&keyring-package; package."
msgstr ""
#. type: Content of: <refentry><refsect1><para>
"Update the local keyring with the archive keyring and remove from the local "
"keyring the archive keys which are no longer valid. The archive keyring is "
"shipped in the <literal>archive-keyring</literal> package of your "
-"distribution, e.g. the <literal>debian-archive-keyring</literal> package in "
-"Debian."
+"distribution, e.g. the &keyring-package; package in "
+"&keyring-distro;."
msgstr ""
"aktualisiert den lokalen Schlüsselbund mit dem Archivschlüsselbund und "
"entfernt die Archivschlüssel, die nicht länger gültig sind, aus dem lokalen "
"Schlüsselbund. Der Archivschlüsselbund wird im Paket <literal>archive-"
"keyring</literal> Ihrer Distribution mitgeliefert, z.B. dem Paket "
-"<literal>debian-archive-keyring</literal> in Debian."
+"&keyring-package; in &keyring-distro;."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:144
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:183
-msgid "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
-msgstr "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
+msgid "&keyring-filename;"
+msgstr "&keyring-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:184
-msgid "Keyring of Debian archive trusted keys."
-msgstr "Schlüsselbund vertrauenswürdiger Schlüssel des Debian-Archivs"
+msgid "Keyring of &keyring-distro; archive trusted keys."
+msgstr "Schlüsselbund vertrauenswürdiger Schlüssel des &keyring-distro;-Archivs"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:187
msgid ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
msgstr ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:188
-msgid "Keyring of Debian archive removed trusted keys."
+msgid "Keyring of &keyring-distro; archive removed trusted keys."
msgstr ""
-"Schlüsselbund entfernter vertrauenswürdiger Schlüssel des Debian-Archivs"
+"Schlüsselbund entfernter vertrauenswürdiger Schlüssel des &keyring-distro;-Archivs"
#. type: Content of: <refentry><refsect1><para>
#: apt-key.8.xml:197
"maintainer signature is stripped off, and checksums of the package are "
"computed and put in the Packages file. The checksums of all of the Packages "
"files are then computed and put into the Release file. The Release file is "
-"then signed by the archive key for this Debian release, and distributed "
-"alongside the packages and the Packages files on Debian mirrors. The keys "
-"are in the Debian archive keyring available in the <package>debian-archive-"
-"keyring</package> package."
+"then signed by the archive key for this &keyring-distro; release, and distributed "
+"alongside the packages and the Packages files on &keyring-distro; mirrors. The keys "
+"are in the &keyring-distro; archive keyring available in the &keyring-package; "
+"package."
msgstr ""
"Sobald das hochgeladene Paket überprüft und dem Archiv hinzugefügt wurde, "
"wird die Betreuersignatur entfernt, Prüfsummen des Pakets werden berechnet "
"und in die Datei Packages abgelegt. Die Prüfsummen aller Paketdateien werden "
"berechnet und in der Release-Datei abgelegt. Dann wird die Release-Datei "
-"durch den Archivschlüssel für diese Debian-Veröffentlichung signiert und "
-"zusammen mit den Paketen und Packages-Dateien auf Debian-Spiegel verteilt. "
-"Die Schlüssel sind im Debian-Archivschlüsselbund im Paket <package>debian-"
-"archive-keyring</package> verfügbar."
+"durch den Archivschlüssel für diese &keyring-distro;-Veröffentlichung signiert und "
+"zusammen mit den Paketen und Packages-Dateien auf &keyring-distro;-Spiegel verteilt. "
+"Die Schlüssel sind im &keyring-distro;-Archivschlüsselbund im Paket &keyring-package; "
+"verfügbar."
#. type: Content of: <refentry><refsect1><para>
#: apt-secure.8.xml:113
"Update the local keyring with the archive keyring and remove from the local "
"keyring the archive keys which are no longer valid. The archive keyring is "
"shipped in the <literal>archive-keyring</literal> package of your "
-"distribution, e.g. the <literal>debian-archive-keyring</literal> package in "
-"Debian."
+"distribution, e.g. the &keyring-package; package in "
+"&keyring-distro;."
msgstr ""
"Actualiza el registro de claves local con el registro de claves del archivo "
"y elimina del registro local las claves de archivo que ya no son válidas. El "
"registro de claves del archivo se encuentra en el paquete <literal>archive-"
-"keyring</literal> de su distribución; esto es, el paquete <literal>debian-"
-"archive-keyring</literal> en Debian."
+"keyring</literal> de su distribución; esto es, el paquete &keyring-package; "
+"en &keyring-distro;."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:144
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:183
-msgid "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
-msgstr "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
+msgid "&keyring-filename;"
+msgstr "&keyring-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:184
-msgid "Keyring of Debian archive trusted keys."
-msgstr "Registro de las claves de confianza del archivo de Debian."
+msgid "Keyring of &keyring-distro; archive trusted keys."
+msgstr "Registro de las claves de confianza del archivo de &keyring-distro;."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:187
msgid ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
msgstr ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:188
-msgid "Keyring of Debian archive removed trusted keys."
-msgstr "Registro de las claves de confianza eliminadas del archivo de Debian."
+msgid "Keyring of &keyring-distro; archive removed trusted keys."
+msgstr "Registro de las claves de confianza eliminadas del archivo de &keyring-distro;."
#. type: Content of: <refentry><refsect1><para>
#: apt-key.8.xml:197
"maintainer signature is stripped off, and checksums of the package are "
"computed and put in the Packages file. The checksums of all of the Packages "
"files are then computed and put into the Release file. The Release file is "
-"then signed by the archive key for this Debian release, and distributed "
-"alongside the packages and the Packages files on Debian mirrors. The keys "
-"are in the Debian archive keyring available in the <package>debian-archive-"
-"keyring</package> package."
+"then signed by the archive key for this &keyring-distro; release, and distributed "
+"alongside the packages and the Packages files on &keyring-distro; mirrors. The keys "
+"are in the &keyring-distro; archive keyring available in the &keyring-package; "
+"package."
msgstr ""
"Una vez que el paquete enviado se ha verificado e incluido en el archivo, se "
"elimina la firma del mantenedor, y se realizan las sumas de control del "
"paquete, que se incluyen en el fichero «Packages». A continuación, se "
"realiza una suma de control de todos los ficheros «Package», y se incluyen "
"en el fichero «Release». Acto seguido, el fichero «Release» se firma con la "
-"clave del archivo de esta distribución de Debian, y se distribuye junto con "
-"los paquetes y los ficheros «Packages» de las réplicas de Debian. Las claves "
-"están disponibles en el registro de claves del archivo Debian en el paquete "
-"<package>debian-archive-keyring</package> package."
+"clave del archivo de esta distribución de &keyring-distro;, y se distribuye junto con "
+"los paquetes y los ficheros «Packages» de las réplicas de &keyring-distro;. Las claves "
+"están disponibles en el registro de claves del archivo &keyring-distro; en el paquete "
+"&keyring-package; package."
#. type: Content of: <refentry><refsect1><para>
#: apt-secure.8.xml:113
"Update the local keyring with the archive keyring and remove from the local "
"keyring the archive keys which are no longer valid. The archive keyring is "
"shipped in the <literal>archive-keyring</literal> package of your "
-"distribution, e.g. the <literal>debian-archive-keyring</literal> package in "
-"Debian."
+"distribution, e.g. the &keyring-package; package in "
+"&keyring-distro;."
msgstr ""
"Mettre à jour le trousseau de clés local avec le trousseau de clés de "
"l'archive et y supprimer les clés qui ne sont plus valables. Le trousseau de "
"clés de l'archive est fourni dans le paquet <literal>archive-keyring</"
-"literal> de la distribution, par exemple le paquet <literal>debian-archive-"
-"keyring</literal> dans Debian."
+"literal> de la distribution, par exemple le paquet &keyring-package; "
+"dans &keyring-distro;."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:144
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:183
-msgid "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
-msgstr "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
+msgid "&keyring-filename;"
+msgstr "&keyring-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:184
-msgid "Keyring of Debian archive trusted keys."
-msgstr "Trousseau des clés fiables de l'archive Debian."
+msgid "Keyring of &keyring-distro; archive trusted keys."
+msgstr "Trousseau des clés fiables de l'archive &keyring-distro;."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:187
msgid ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
msgstr ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:188
-msgid "Keyring of Debian archive removed trusted keys."
-msgstr "Trousseau des clés fiables supprimées de l'archive Debian."
+msgid "Keyring of &keyring-distro; archive removed trusted keys."
+msgstr "Trousseau des clés fiables supprimées de l'archive &keyring-distro;."
#. type: Content of: <refentry><refsect1><para>
#: apt-key.8.xml:197
#. type: Content of: <refentry><refsect1><para>
#: apt-secure.8.xml:102
+#, fuzzy
msgid ""
"Once the uploaded package is verified and included in the archive, the "
"maintainer signature is stripped off, and checksums of the package are "
"computed and put in the Packages file. The checksums of all of the Packages "
"files are then computed and put into the Release file. The Release file is "
-"then signed by the archive key for this Debian release, and distributed "
-"alongside the packages and the Packages files on Debian mirrors. The keys "
-"are in the Debian archive keyring available in the <package>debian-archive-"
-"keyring</package> package."
+"then signed by the archive key for this &keyring-distro; release, and distributed "
+"alongside the packages and the Packages files on &keyring-distro; mirrors. The keys "
+"are in the &keyring-distro; archive keyring available in the &keyring-package; "
+"package."
msgstr ""
"Une fois que le paquet envoyé a été vérifié et inclus dans l'archive, la "
"signature du responsable est enlevée, une somme de contrôle du paquet est "
"paquets est ensuite calculée et mise dans le fichier Release. Ce fichier est "
"signé par la clé de l'archive pour la version courante de la distribution et "
"distribuée en même temps que les paquets et les fichiers Packages sur les "
-"miroirs. Les clés sont fournies par le paquet <package>debian-archive-"
-"keyring</package>."
+"miroirs. Les clés sont fournies par le paquet &keyring-package;."
#. type: Content of: <refentry><refsect1><para>
#: apt-secure.8.xml:113
"Update the local keyring with the archive keyring and remove from the local "
"keyring the archive keys which are no longer valid. The archive keyring is "
"shipped in the <literal>archive-keyring</literal> package of your "
-"distribution, e.g. the <literal>debian-archive-keyring</literal> package in "
-"Debian."
+"distribution, e.g. the &keyring-package; package in "
+"&keyring-distro;."
msgstr ""
"Aggiorna il portachiavi locale con il portachiavi dell'archivio e rimuove "
"dal portachiavi locale le chiavi di archivio che non sono più valide. Il "
"portachiavi degli archivi è fornito nel pacchetto <literal>archive-keyring</"
"literal> delle diverse distribuzioni, ad esempio il pacchetto "
-"<literal>debian-archive-keyring</literal> in Debian."
+"&keyring-package; in &keyring-distro;."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:144
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:183
-msgid "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
-msgstr "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
+msgid "&keyring-filename;"
+msgstr "&keyring-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:184
-msgid "Keyring of Debian archive trusted keys."
-msgstr "Portachiavi delle chiavi fidate degli archivi Debian."
+msgid "Keyring of &keyring-distro; archive trusted keys."
+msgstr "Portachiavi delle chiavi fidate degli archivi &keyring-distro;."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:187
msgid ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
msgstr ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:188
-msgid "Keyring of Debian archive removed trusted keys."
-msgstr "Portachiavi delle chiavi fidate rimosse degli archivi Debian."
+msgid "Keyring of &keyring-distro; archive removed trusted keys."
+msgstr "Portachiavi delle chiavi fidate rimosse degli archivi &keyring-distro;."
#. type: Content of: <refentry><refsect1><para>
#: apt-key.8.xml:197
"maintainer signature is stripped off, and checksums of the package are "
"computed and put in the Packages file. The checksums of all of the Packages "
"files are then computed and put into the Release file. The Release file is "
-"then signed by the archive key for this Debian release, and distributed "
-"alongside the packages and the Packages files on Debian mirrors. The keys "
-"are in the Debian archive keyring available in the <package>debian-archive-"
-"keyring</package> package."
+"then signed by the archive key for this &keyring-distro; release, and distributed "
+"alongside the packages and the Packages files on &keyring-distro; mirrors. The keys "
+"are in the &keyring-distro; archive keyring available in the &keyring-package; "
+"package."
msgstr ""
"Una volta che il pacchetto caricato è verificato e incluso nell'archivio, la "
"firma del manutentore viene rimossa e i codici di controllo del pacchetto "
"vengono calcolati e messi nel file Packages. Vengono quindi calcolati i "
"codici di controllo di tutti i file Packages e vengono messi nel file "
"Release. Il file Release viene poi firmato con la chiave dell'archivio per "
-"questo rilascio di Debian e viene distribuito insieme ai pacchetti e ai file "
-"Packages nei mirror Debian. Le chiavi sono nel portachiavi degli archivi "
-"Debian, disponibile nel pacchetto <package>debian-archive-keyring</package>."
+"questo rilascio di &keyring-distro; e viene distribuito insieme ai pacchetti e ai file "
+"Packages nei mirror &keyring-distro;. Le chiavi sono nel portachiavi degli archivi "
+"&keyring-distro;, disponibile nel pacchetto &keyring-package;."
#. type: Content of: <refentry><refsect1><para>
#: apt-secure.8.xml:113
"Update the local keyring with the archive keyring and remove from the local "
"keyring the archive keys which are no longer valid. The archive keyring is "
"shipped in the <literal>archive-keyring</literal> package of your "
-"distribution, e.g. the <literal>debian-archive-keyring</literal> package in "
-"Debian."
+"distribution, e.g. the &keyring-package; package in "
+"&keyring-distro;."
msgstr ""
"ローカルキーリングをアーカイブキーリングで更新し、もう有効でなくなったアーカ"
"イブキーをローカルキーリングから削除します。アーカイブキーリングは、使用中の"
"ディストリビューションにある <literal>archive-keyring</literal> パッケージ "
-"(例: Debian では <literal>debian-archive-keyring</literal> パッケージ) で提供"
+"(例: &keyring-distro; では &keyring-package; パッケージ) で提供"
"されています。"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:183
-msgid "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
-msgstr "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
+msgid "&keyring-filename;"
+msgstr "&keyring-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:184
-msgid "Keyring of Debian archive trusted keys."
-msgstr "Debian アーカイブ信頼キーのキーリングです。"
+msgid "Keyring of &keyring-distro; archive trusted keys."
+msgstr "&keyring-distro; アーカイブ信頼キーのキーリングです。"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:187
msgid ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
msgstr ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:188
-msgid "Keyring of Debian archive removed trusted keys."
-msgstr "削除された Debian アーカイブ信頼キーのキーリングです。"
+msgid "Keyring of &keyring-distro; archive removed trusted keys."
+msgstr "削除された &keyring-distro; アーカイブ信頼キーのキーリングです。"
#. type: Content of: <refentry><refsect1><para>
#: apt-key.8.xml:197
"maintainer signature is stripped off, and checksums of the package are "
"computed and put in the Packages file. The checksums of all of the Packages "
"files are then computed and put into the Release file. The Release file is "
-"then signed by the archive key for this Debian release, and distributed "
-"alongside the packages and the Packages files on Debian mirrors. The keys "
-"are in the Debian archive keyring available in the <package>debian-archive-"
-"keyring</package> package."
+"then signed by the archive key for this &keyring-distro; release, and distributed "
+"alongside the packages and the Packages files on &keyring-distro; mirrors. The keys "
+"are in the &keyring-distro; archive keyring available in the &keyring-package; "
+"package."
msgstr ""
"アップロードされたパッケージが検証されてアーカイブに格納されると、メンテナの"
"署名を取り外し、パッケージのチェックサムを計算して、Packages ファイルに格納し"
"ます。その後、全パッケージファイルのチェックサムを計算して、Release ファイル"
-"に格納します。Release ファイルは、その Debian リリースのアーカイブキーで署名"
-"され、Debian ミラーサイトでパッケージや Packages ファイルとともに配布されま"
-"す。このキーは、<package>debian-archive-keyring</package> パッケージに収録さ"
-"れている、Debian アーカイブキーリングに含まれます。"
+"に格納します。Release ファイルは、その &keyring-distro; リリースのアーカイブキーで署名"
+"され、&keyring-distro; ミラーサイトでパッケージや Packages ファイルとともに配布されま"
+"す。このキーは、&keyring-package; パッケージに収録さ"
+"れている、&keyring-distro; アーカイブキーリングに含まれます。"
#. type: Content of: <refentry><refsect1><para>
#: apt-secure.8.xml:113
"Update the local keyring with the archive keyring and remove from the local "
"keyring the archive keys which are no longer valid. The archive keyring is "
"shipped in the <literal>archive-keyring</literal> package of your "
-"distribution, e.g. the <literal>debian-archive-keyring</literal> package in "
-"Debian."
+"distribution, e.g. the &keyring-package; package in "
+"&keyring-distro;."
msgstr ""
"Aktualizuje lokalną składnicę kluczy używając składnicy kluczy archiwum i "
"usuwa z lokalnej składnicy niepoprawne klucze archiwum. Składnica kluczy "
"archiwum jest dostarczana przez pakiet <literal>archive-keyring</literal> "
-"Twojej dystrybucji, np. pakiet <literal>debian-archive-keyring</literal> w "
-"systemach Debiana."
+"Twojej dystrybucji, np. pakiet &keyring-package; w "
+"systemach &keyring-distro;."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:144
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:183
-msgid "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
-msgstr "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
+msgid "&keyring-filename;"
+msgstr "&keyring-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:184
-msgid "Keyring of Debian archive trusted keys."
-msgstr "Składnica zaufanych kluczy archiwum Debiana."
+msgid "Keyring of &keyring-distro; archive trusted keys."
+msgstr "Składnica zaufanych kluczy archiwum &keyring-distro;."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:187
msgid ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
msgstr ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:188
-msgid "Keyring of Debian archive removed trusted keys."
-msgstr "Składnica usuniętych zaufanych kluczy archiwum Debiana."
+msgid "Keyring of &keyring-distro; archive removed trusted keys."
+msgstr "Składnica usuniętych zaufanych kluczy archiwum &keyring-distro;."
#. type: Content of: <refentry><refsect1><para>
#: apt-key.8.xml:197
"maintainer signature is stripped off, and checksums of the package are "
"computed and put in the Packages file. The checksums of all of the Packages "
"files are then computed and put into the Release file. The Release file is "
-"then signed by the archive key for this Debian release, and distributed "
-"alongside the packages and the Packages files on Debian mirrors. The keys "
-"are in the Debian archive keyring available in the <package>debian-archive-"
-"keyring</package> package."
+"then signed by the archive key for this &keyring-distro; release, and distributed "
+"alongside the packages and the Packages files on &keyring-distro; mirrors. The keys "
+"are in the &keyring-distro; archive keyring available in the &keyring-package; "
+"package."
msgstr ""
"Po tym jak dostarczony przez opiekuna pakiet zostanie zweryfikowany i "
"dołączony do archiwum, sygnatura opiekuna jest usuwana, a sumy kontrolne "
"pakietu są wyliczane i umieszczane w pliku Packages. Sumy kontrolne "
"wszystkich plików Packages są następnie wyliczane i umieszczane w pliku "
"Release. Plik Release jest następnie podpisywany przy użyciu klucza archiwum "
-"tego wydania dystrybucji Debiana i dystrybuowany wraz z pakietami i plikami "
-"Packages przez serwery lustrzane Debiana. Klucze archiwum znajdują się w "
-"składnicy kluczy Debiana dostępnej w pakiecie <package>debian-archive-"
-"keyring</package>."
+"tego wydania dystrybucji &keyring-distro; i dystrybuowany wraz z pakietami i plikami "
+"Packages przez serwery lustrzane &keyring-distro;. Klucze archiwum znajdują się w "
+"składnicy kluczy &keyring-distro; dostępnej w pakiecie &keyring-package;."
#. type: Content of: <refentry><refsect1><para>
#: apt-secure.8.xml:113
"Update the local keyring with the archive keyring and remove from the local "
"keyring the archive keys which are no longer valid. The archive keyring is "
"shipped in the <literal>archive-keyring</literal> package of your "
-"distribution, e.g. the <literal>debian-archive-keyring</literal> package in "
-"Debian."
+"distribution, e.g. the &keyring-package; package in "
+"&keyring-distro;."
msgstr ""
"Actualiza o chaveiro local com o chaveiro do arquivo e remove do chaveiro "
"local as chaves de arquivo que já não são válidas. O chaveiro do arquivo é "
"submetido no pacote <literal>archive-keyring</literal> da sua distribuição, "
-"por exemplo o pacote <literal>debian-archive-keyring</literal> em Debian."
+"por exemplo o pacote &keyring-package; em &keyring-distro;."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:144
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:183
-msgid "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
-msgstr "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
+msgid "&keyring-filename;"
+msgstr "&keyring-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:184
-msgid "Keyring of Debian archive trusted keys."
-msgstr "Chaveiro das chaves de confiança dos arquivos Debian."
+msgid "Keyring of &keyring-distro; archive trusted keys."
+msgstr "Chaveiro das chaves de confiança dos arquivos &keyring-distro;."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:187
msgid ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
msgstr ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:188
-msgid "Keyring of Debian archive removed trusted keys."
-msgstr "Chaveiro das chaves de confiança removidas dos arquivos Debian."
+msgid "Keyring of &keyring-distro; archive removed trusted keys."
+msgstr "Chaveiro das chaves de confiança removidas dos arquivos &keyring-distro;."
#. type: Content of: <refentry><refsect1><para>
#: apt-key.8.xml:197
"maintainer signature is stripped off, and checksums of the package are "
"computed and put in the Packages file. The checksums of all of the Packages "
"files are then computed and put into the Release file. The Release file is "
-"then signed by the archive key for this Debian release, and distributed "
-"alongside the packages and the Packages files on Debian mirrors. The keys "
-"are in the Debian archive keyring available in the <package>debian-archive-"
-"keyring</package> package."
+"then signed by the archive key for this &keyring-distro; release, and distributed "
+"alongside the packages and the Packages files on &keyring-distro; mirrors. The keys "
+"are in the &keyring-distro; archive keyring available in the &keyring-package; "
+"package."
msgstr ""
"Assim que o pacote submetido é verificado e incluído no arquivo, a "
"assinatura do responsável é despojada, são computados sumários de "
"verificação do pacote e colocado no ficheiro Packages. Os sumários de "
"verificação de todos os ficheiros Packages são então computados e colocados "
"no ficheiro Release. O ficheiro Release é então assinado pela chave de "
-"arquivo para este lançamento de Debian, e distribuído juntamente com os "
-"pacotes e os ficheiros Packages em mirrors de Debian. As chaves estão no "
-"chaveiro do arquivo Debian no pacote <package>debian-archive-keyring</"
-"package>."
+"arquivo para este lançamento de &keyring-distro;, e distribuído juntamente com os "
+"pacotes e os ficheiros Packages em mirrors de &keyring-distro;. As chaves estão no "
+"chaveiro do arquivo &keyring-distro; no pacote &keyring-package;."
#. type: Content of: <refentry><refsect1><para>
#: apt-secure.8.xml:113
"Update the local keyring with the archive keyring and remove from the local "
"keyring the archive keys which are no longer valid. The archive keyring is "
"shipped in the <literal>archive-keyring</literal> package of your "
-"distribution, e.g. the <literal>debian-archive-keyring</literal> package in "
-"Debian."
+"distribution, e.g. the &keyring-package; package in "
+"&keyring-distro;."
msgstr ""
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:183
-msgid "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>"
+msgid "&keyring-filename;"
msgstr ""
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:184
-msgid "Keyring of Debian archive trusted keys."
+msgid "Keyring of &keyring-distro; archive trusted keys."
msgstr ""
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><term>
#: apt-key.8.xml:187
msgid ""
-"<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>"
+"&keyring-removed-filename;"
msgstr ""
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-key.8.xml:188
-msgid "Keyring of Debian archive removed trusted keys."
+msgid "Keyring of &keyring-distro; archive removed trusted keys."
msgstr ""
#. type: Content of: <refentry><refsect1><para>
"maintainer signature is stripped off, and checksums of the package are "
"computed and put in the Packages file. The checksums of all of the Packages "
"files are then computed and put into the Release file. The Release file is "
-"then signed by the archive key for this Debian release, and distributed "
-"alongside the packages and the Packages files on Debian mirrors. The keys "
-"are in the Debian archive keyring available in the <package>debian-archive-"
-"keyring</package> package."
+"then signed by the archive key for this &keyring-distro; release, and distributed "
+"alongside the packages and the Packages files on &keyring-distro; mirrors. The keys "
+"are in the &keyring-distro; archive keyring available in the &keyring-package; "
+"package."
msgstr ""
#. type: Content of: <refentry><refsect1><para>
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
%aptverbatiment;
+<!ENTITY % aptvendor SYSTEM "apt-vendor.ent">
+%aptvendor;
]>
<refentry>
#!/bin/sh
+set -e
+
VERSION=$(dpkg-parsechangelog | sed -n -e '/^Version:/s/^Version: //p')
DISTRIBUTION=$(dpkg-parsechangelog | sed -n -e '/^Distribution:/s/^Distribution: //p')
LIBAPTPKGVERSION="$(awk -v ORS='.' '/^\#define APT_PKG_M/ {print $3}' apt-pkg/init.h | sed 's/\.$//')"
LIBAPTINSTVERSION="$(egrep '^MAJOR=' apt-inst/makefile |cut -d '=' -f 2)"
+dpkg-checkbuilddeps -d 'libxml2-utils'
+
if [ "$1" = 'pre-export' ]; then
libraryversioncheck() {
local LIBRARY="$1"
fi
echo "DPKG::options:: \"--log=${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log\";" >> aptconfig.conf
echo 'quiet::NoUpdate "true";' >> aptconfig.conf
+ echo "Acquire::https::CaInfo \"${TESTDIR}/apt.pem\";" > rootdir/etc/apt/apt.conf.d/99https
export LC_ALL=C
export PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
msgdone "info"
}
+webserverconfig() {
+ msgtest "Set webserver config option '${1}' to" "$2"
+ downloadfile "http://localhost:8080/_config/set/${1}/${2}" '/dev/null' >/dev/null
+ local DOWNLOG='download-testfile.log'
+ rm -f "$DOWNLOG"
+ local STATUS="$(mktemp)"
+ addtrap "rm $STATUS;"
+ downloadfile "http://localhost:8080/_config/find/aptwebserver::last-status-code" "$STATUS" > "$DOWNLOG"
+ if [ "$(cat "$STATUS")" = '200' ]; then
+ msgpass
+ else
+ cat >&2 "$DOWNLOG"
+ msgfail "Statuscode was $(cat "$STATUS")"
+ fi
+}
+
rewritesourceslist() {
local APTARCHIVE="file://$(readlink -f "${TMPWORKINGDIRECTORY}/aptarchive")"
for LIST in $(find rootdir/etc/apt/sources.list.d/ -name 'apt-test-*.list'); do
}
changetowebserver() {
+ if [ "$1" != '--no-rewrite' ]; then
+ rewritesourceslist 'http://localhost:8080/'
+ else
+ shift
+ fi
local LOG='/dev/null'
if test -x ${BUILDDIRECTORY}/aptwebserver; then
cd aptarchive
else
msgdie 'You have to build aptwerbserver or install a webserver'
fi
- if [ "$1" != '--no-rewrite' ]; then
- rewritesourceslist 'http://localhost:8080/'
- fi
}
changetohttpswebserver() {
fi
echo "pid = ${TMPWORKINGDIRECTORY}/aptarchive/stunnel.pid
cert = ${TESTDIRECTORY}/apt.pem
+output = /dev/null
[https]
accept = 4433
--- /dev/null
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "i386"
+
+# mock
+requires_root() {
+ return 0
+}
+
+# extract net_update() and import it
+func=$( sed -n -e '/^add_keys_with_verify_against_master_keyring/,/^}/p' ${BUILDDIRECTORY}/apt-key )
+eval "$func"
+
+mkdir -p ./etc/apt
+TRUSTEDFILE=./etc/apt/trusted.gpg
+mkdir -p ./var/lib/apt/keyrings
+TMP_KEYRING=./var/lib/apt/keyrings/maybe-import-keyring.gpg
+GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring"
+GPG="$GPG_CMD --keyring $TRUSTEDFILE"
+MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
+
+
+msgtest "add_keys_with_verify_against_master_keyring"
+if [ ! -e $MASTER_KEYRING ]; then
+ echo -n "No $MASTER_KEYRING found"
+ msgskip
+ exit 0
+fi
+
+# test bad keyring and ensure its not added (LP: #857472)
+ADD_KEYRING=./keys/exploid-keyring-with-dupe-keys.pub
+if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
+ msgfail
+else
+ msgpass
+fi
+
+# ensure the keyring is still empty
+gpg_out=$($GPG --list-keys)
+msgtest "Test if keyring is empty"
+if [ -n "" ]; then
+ msgfail
+else
+ msgpass
+fi
+
+
+# test another possible attack vector using subkeys (LP: #1013128)
+msgtest "add_keys_with_verify_against_master_keyring with subkey attack"
+ADD_KEYRING=./keys/exploid-keyring-with-dupe-subkeys.pub
+if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
+ msgfail
+else
+ msgpass
+fi
+
+# ensure the keyring is still empty
+gpg_out=$($GPG --list-keys)
+msgtest "Test if keyring is empty"
+if [ -n "" ]; then
+ msgfail
+else
+ msgpass
+fi
+
+
+# test good keyring and ensure we get no errors
+ADD_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
+if add_keys_with_verify_against_master_keyring $ADD_KEYRING $MASTER_KEYRING; then
+ msgpass
+else
+ msgfail
+fi
+
+testequal './etc/apt/trusted.gpg
+---------------------
+pub 1024D/437D05B5 2004-09-12
+uid Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
+sub 2048g/79164387 2004-09-12
+
+pub 1024D/FBB75451 2004-12-30
+uid Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>
+
+pub 4096R/C0B21F32 2012-05-11
+uid Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
+
+pub 4096R/EFE21092 2012-05-11
+uid Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
+' $GPG --list-keys
+
--- /dev/null
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture "i386"
+
+BASE="Type: deb
+URL: http://ftp.debian.org/debian
+Dist: stable
+Section: main
+Comment: Some random string
+ that can be very long"
+
+# simple case
+echo "$BASE" > rootdir/etc/apt/sources.list
+
+testequal "'http://ftp.debian.org/debian/dists/stable/main/binary-i386/Packages.bz2' ftp.debian.org_debian_dists_stable_main_binary-i386_Packages 0 :
+'http://ftp.debian.org/debian/dists/stable/main/i18n/Translation-en.bz2' ftp.debian.org_debian_dists_stable_main_i18n_Translation-en 0 :
+'http://ftp.debian.org/debian/dists/stable/InRelease' ftp.debian.org_debian_dists_stable_InRelease 0 " aptget update --print-uris
+
+
+# two sections (we support both "," and " " as seperator)
+echo "$BASE" | sed s/main/"main,contrib"/ > rootdir/etc/apt/sources.list
+
+testequal "'http://ftp.debian.org/debian/dists/stable/main/binary-i386/Packages.bz2' ftp.debian.org_debian_dists_stable_main_binary-i386_Packages 0 :
+'http://ftp.debian.org/debian/dists/stable/contrib/binary-i386/Packages.bz2' ftp.debian.org_debian_dists_stable_contrib_binary-i386_Packages 0 :
+'http://ftp.debian.org/debian/dists/stable/contrib/i18n/Translation-en.bz2' ftp.debian.org_debian_dists_stable_contrib_i18n_Translation-en 0 :
+'http://ftp.debian.org/debian/dists/stable/main/i18n/Translation-en.bz2' ftp.debian.org_debian_dists_stable_main_i18n_Translation-en 0 :
+'http://ftp.debian.org/debian/dists/stable/InRelease' ftp.debian.org_debian_dists_stable_InRelease 0 " aptget update --print-uris
+
+
+# Two entries
+echo "$BASE" > rootdir/etc/apt/sources.list
+echo "" >> rootdir/etc/apt/sources.list
+echo "$BASE" | sed s/stable/unstable/ >> rootdir/etc/apt/sources.list
+
+testequal "'http://ftp.debian.org/debian/dists/stable/main/binary-i386/Packages.bz2' ftp.debian.org_debian_dists_stable_main_binary-i386_Packages 0 :
+'http://ftp.debian.org/debian/dists/stable/main/i18n/Translation-en.bz2' ftp.debian.org_debian_dists_stable_main_i18n_Translation-en 0 :
+'http://ftp.debian.org/debian/dists/stable/InRelease' ftp.debian.org_debian_dists_stable_InRelease 0
+'http://ftp.debian.org/debian/dists/unstable/main/binary-i386/Packages.bz2' ftp.debian.org_debian_dists_unstable_main_binary-i386_Packages 0 :
+'http://ftp.debian.org/debian/dists/unstable/main/i18n/Translation-en.bz2' ftp.debian.org_debian_dists_unstable_main_i18n_Translation-en 0 :
+'http://ftp.debian.org/debian/dists/unstable/InRelease' ftp.debian.org_debian_dists_unstable_InRelease 0 " aptget update --print-uris
+
+
+# ARCH option
+echo "$BASE" > rootdir/etc/apt/sources.list
+echo "Arch: amd64,armel" >> rootdir/etc/apt/sources.list
+
+testequal "'http://ftp.debian.org/debian/dists/stable/main/binary-amd64/Packages.bz2' ftp.debian.org_debian_dists_stable_main_binary-amd64_Packages 0 :
+'http://ftp.debian.org/debian/dists/stable/main/binary-armel/Packages.bz2' ftp.debian.org_debian_dists_stable_main_binary-armel_Packages 0 :
+'http://ftp.debian.org/debian/dists/stable/main/i18n/Translation-en.bz2' ftp.debian.org_debian_dists_stable_main_i18n_Translation-en 0 :
+'http://ftp.debian.org/debian/dists/stable/InRelease' ftp.debian.org_debian_dists_stable_InRelease 0 " aptget update --print-uris
Conf unrelated (2 unstable [all])' aptget install unrelated -s
testsuccess aptget install unrelated -y
testdpkginstalled unrelated
+ rm -rf rootdir/var/cache/apt/*.bin
cp -a rootdir/var/lib/dpkg/status-backup-noact rootdir/var/lib/dpkg/status
}
rm -f "$DOWNLOG"
msgtest "Testing download of file $2 with" "$1"
if ! downloadfile "$2" "$3" > "$DOWNLOG"; then
- cat "$DOWNLOG"
+ cat >&2 "$DOWNLOG"
msgfail
else
msgpass
if [ "$EXPECTED" "$4" "$hash" ]; then
msgpass
else
- cat "$DOWNLOG"
+ cat >&2 "$DOWNLOG"
msgfail "expected: $EXPECTED ; got: $hash"
fi
done
}
testwebserverlaststatuscode() {
- STATUS="$(mktemp)"
+ local DOWNLOG='download-testfile.log'
+ rm -f "$DOWNLOG"
+ local STATUS="$(mktemp)"
addtrap "rm $STATUS;"
msgtest 'Test last status code from the webserver was' "$1"
- downloadfile "http://localhost:8080/_config/find/aptwebserver::last-status-code" "$STATUS" >/dev/null
+ downloadfile "http://localhost:8080/_config/find/aptwebserver::last-status-code" "$STATUS" > "$DOWNLOG"
if [ "$(cat "$STATUS")" = "$1" ]; then
msgpass
else
- cat download-testfile.log
+ cat >&2 "$DOWNLOG"
msgfail "Status was $(cat "$STATUS")"
fi
}
cp -a ${TESTDIR}/framework $TESTFILE
testrun() {
- downloadfile "$1/_config/set/aptwebserver::support::range/true" '/dev/null' >/dev/null
- testwebserverlaststatuscode '200'
+ webserverconfig 'aptwebserver::support::range' 'true'
copysource $TESTFILE 0 ./testfile
testdownloadfile 'no data' "${1}/testfile" './testfile' '='
testdownloadfile 'old data' "${1}/testfile" './testfile' '='
testwebserverlaststatuscode '200'
- downloadfile "$1/_config/set/aptwebserver::support::range/false" '/dev/null' >/dev/null
- testwebserverlaststatuscode '200'
+ webserverconfig 'aptwebserver::support::range' 'false'
copysource $TESTFILE 20 ./testfile
testdownloadfile 'no server support' "${1}/testfile" './testfile' '='
setupflataptarchive
changetowebserver
-downloadfile "http://localhost:8080/_config/set/aptwebserver::support::range/false" '/dev/null' >/dev/null
+webserverconfig 'aptwebserver::support::range' 'false'
prepare() {
local DATE="${2:-now}"
date.append(TimeRFC1123(time(NULL)));
headers.push_back(date);
- std::clog << ">>> RESPONSE >>>" << std::endl;
+ std::clog << ">>> RESPONSE to " << client << " >>>" << std::endl;
bool Success = true;
for (std::list<std::string>::const_iterator h = headers.begin();
Success == true && h != headers.end(); ++h)
{
if (actual == 0)
break;
- if (Success == true)
- Success &= FileFd::Write(client, buffer, actual);
+ Success &= FileFd::Write(client, buffer, actual);
}
- if (Success == true)
- Success &= FileFd::Write(client, "\r\n", 2);
+ if (Success == false)
+ std::cerr << "SENDFILE: READ/WRITE ERROR to " << client << std::endl;
return Success;
}
/*}}}*/
bool sendData(int const client, std::string const &data) /*{{{*/
{
- bool Success = true;
- Success &= FileFd::Write(client, data.c_str(), data.size());
- if (Success == true)
- Success &= FileFd::Write(client, "\r\n", 2);
- return Success;
+ if (FileFd::Write(client, data.c_str(), data.size()) == false)
+ {
+ std::cerr << "SENDDATA: WRITE ERROR to " << client << std::endl;
+ return false;
+ }
+ return true;
}
/*}}}*/
void sendError(int const client, int const httpcode, std::string const &request,/*{{{*/
addDataHeaders(headers, response);
std::string location("Location: ");
if (strncmp(uri.c_str(), "http://", 7) != 0)
- location.append("http://").append(LookupTag(request, "Host")).append("/").append(uri);
+ {
+ location.append("http://").append(LookupTag(request, "Host")).append("/");
+ if (strncmp("/home/", uri.c_str(), strlen("/home/")) == 0 && uri.find("/public_html/") != std::string::npos)
+ {
+ std::string homeuri = SubstVar(uri, "/home/", "~");
+ homeuri = SubstVar(homeuri, "/public_html/", "/");
+ location.append(homeuri);
+ }
+ else
+ location.append(uri);
+ }
else
location.append(uri);
headers.push_back(location);
<< "</head>" << std::endl
<< "<body><h1>Index of " << dir << "</h1>" << std::endl
<< "<table><tr><th>#</th><th>Name</th><th>Size</th><th>Last-Modified</th></tr>" << std::endl;
- if (dir != ".")
+ if (dir != "./")
listing << "<tr><td>d</td><td><a href=\"..\">Parent Directory</a></td><td>-</td><td>-</td></tr>";
for (int i = 0; i < counter; ++i) {
struct stat fs;
}
/*}}}*/
bool parseFirstLine(int const client, std::string const &request, /*{{{*/
- std::string &filename, bool &sendContent,
+ std::string &filename, std::string ¶ms, bool &sendContent,
bool &closeConnection)
{
if (strncmp(request.c_str(), "HEAD ", 5) == 0)
sendError(client, 400, request, sendContent, "Request is absolutePath, but configured to not accept that");
return false;
}
+
+ size_t paramspos = filename.find('?');
+ if (paramspos != std::string::npos)
+ {
+ params = filename.substr(paramspos + 1);
+ filename.erase(paramspos);
+ }
+
filename = DeQuoteString(filename);
// this is not a secure server, but at least prevent the obvious …
// nuke the first character which is a / as we assured above
filename.erase(0, 1);
if (filename.empty() == true)
- filename = ".";
+ filename = "./";
+ // support ~user/ uris to refer to /home/user/public_html/ as a kind-of special directory
+ else if (filename[0] == '~')
+ {
+ // /home/user is actually not entirely correct, but good enough for now
+ size_t dashpos = filename.find('/');
+ if (dashpos != std::string::npos)
+ {
+ std::string home = filename.substr(1, filename.find('/') - 1);
+ std::string pubhtml = filename.substr(filename.find('/') + 1);
+ filename = "/home/" + home + "/public_html/" + pubhtml;
+ }
+ else
+ filename = "/home/" + filename.substr(1) + "/public_html/";
+ }
+
+ // if no filename is given, but a valid directory see if we can use an index or
+ // have to resort to a autogenerated directory listing later on
+ if (DirectoryExists(filename) == true)
+ {
+ std::string const directoryIndex = _config->Find("aptwebserver::directoryindex");
+ if (directoryIndex.empty() == false && directoryIndex == flNotDir(directoryIndex) &&
+ RealFileExists(filename + directoryIndex) == true)
+ filename += directoryIndex;
+ }
+
return true;
}
/*}}}*/
return false;
}
/*}}}*/
+void * handleClient(void * voidclient) /*{{{*/
+{
+ int client = *((int*)(voidclient));
+ std::clog << "ACCEPT client " << client << std::endl;
+ std::vector<std::string> messages;
+ while (ReadMessages(client, messages))
+ {
+ bool closeConnection = false;
+ for (std::vector<std::string>::const_iterator m = messages.begin();
+ m != messages.end() && closeConnection == false; ++m) {
+ std::clog << ">>> REQUEST from " << client << " >>>" << std::endl << *m
+ << std::endl << "<<<<<<<<<<<<<<<<" << std::endl;
+ std::list<std::string> headers;
+ std::string filename;
+ std::string params;
+ bool sendContent = true;
+ if (parseFirstLine(client, *m, filename, params, sendContent, closeConnection) == false)
+ continue;
+
+ // special webserver command request
+ if (filename.length() > 1 && filename[0] == '_')
+ {
+ std::vector<std::string> parts = VectorizeString(filename, '/');
+ if (parts[0] == "_config")
+ {
+ handleOnTheFlyReconfiguration(client, *m, parts);
+ continue;
+ }
+ }
+
+ // string replacements in the requested filename
+ ::Configuration::Item const *Replaces = _config->Tree("aptwebserver::redirect::replace");
+ if (Replaces != NULL)
+ {
+ std::string redirect = "/" + filename;
+ for (::Configuration::Item *I = Replaces->Child; I != NULL; I = I->Next)
+ redirect = SubstVar(redirect, I->Tag, I->Value);
+ redirect.erase(0,1);
+ if (redirect != filename)
+ {
+ sendRedirect(client, 301, redirect, *m, sendContent);
+ continue;
+ }
+ }
+
+ ::Configuration::Item const *Overwrite = _config->Tree("aptwebserver::overwrite");
+ if (Overwrite != NULL)
+ {
+ for (::Configuration::Item *I = Overwrite->Child; I != NULL; I = I->Next)
+ {
+ regex_t *pattern = new regex_t;
+ int const res = regcomp(pattern, I->Tag.c_str(), REG_EXTENDED | REG_ICASE | REG_NOSUB);
+ if (res != 0)
+ {
+ char error[300];
+ regerror(res, pattern, error, sizeof(error));
+ sendError(client, 500, *m, sendContent, error);
+ continue;
+ }
+ if (regexec(pattern, filename.c_str(), 0, 0, 0) == 0)
+ {
+ filename = _config->Find("aptwebserver::overwrite::" + I->Tag + "::filename", filename);
+ if (filename[0] == '/')
+ filename.erase(0,1);
+ regfree(pattern);
+ break;
+ }
+ regfree(pattern);
+ }
+ }
+
+ // deal with the request
+ if (RealFileExists(filename) == true)
+ {
+ FileFd data(filename, FileFd::ReadOnly);
+ std::string condition = LookupTag(*m, "If-Modified-Since", "");
+ if (_config->FindB("aptwebserver::support::modified-since", true) == true && condition.empty() == false)
+ {
+ time_t cache;
+ if (RFC1123StrToTime(condition.c_str(), cache) == true &&
+ cache >= data.ModificationTime())
+ {
+ sendHead(client, 304, headers);
+ continue;
+ }
+ }
+
+ if (_config->FindB("aptwebserver::support::range", true) == true)
+ condition = LookupTag(*m, "Range", "");
+ else
+ condition.clear();
+ if (condition.empty() == false && strncmp(condition.c_str(), "bytes=", 6) == 0)
+ {
+ time_t cache;
+ std::string ifrange;
+ if (_config->FindB("aptwebserver::support::if-range", true) == true)
+ ifrange = LookupTag(*m, "If-Range", "");
+ bool validrange = (ifrange.empty() == true ||
+ (RFC1123StrToTime(ifrange.c_str(), cache) == true &&
+ cache <= data.ModificationTime()));
+
+ // FIXME: support multiple byte-ranges (APT clients do not do this)
+ if (condition.find(',') == std::string::npos)
+ {
+ size_t start = 6;
+ unsigned long long filestart = strtoull(condition.c_str() + start, NULL, 10);
+ // FIXME: no support for last-byte-pos being not the end of the file (APT clients do not do this)
+ size_t dash = condition.find('-') + 1;
+ unsigned long long fileend = strtoull(condition.c_str() + dash, NULL, 10);
+ unsigned long long filesize = data.FileSize();
+ if ((fileend == 0 || (fileend == filesize && fileend >= filestart)) &&
+ validrange == true)
+ {
+ if (filesize > filestart)
+ {
+ data.Skip(filestart);
+ std::ostringstream contentlength;
+ contentlength << "Content-Length: " << (filesize - filestart);
+ headers.push_back(contentlength.str());
+ std::ostringstream contentrange;
+ contentrange << "Content-Range: bytes " << filestart << "-"
+ << filesize - 1 << "/" << filesize;
+ headers.push_back(contentrange.str());
+ sendHead(client, 206, headers);
+ if (sendContent == true)
+ sendFile(client, data);
+ continue;
+ }
+ else
+ {
+ headers.push_back("Content-Length: 0");
+ std::ostringstream contentrange;
+ contentrange << "Content-Range: bytes */" << filesize;
+ headers.push_back(contentrange.str());
+ sendHead(client, 416, headers);
+ continue;
+ }
+ }
+ }
+ }
+
+ addFileHeaders(headers, data);
+ sendHead(client, 200, headers);
+ if (sendContent == true)
+ sendFile(client, data);
+ }
+ else if (DirectoryExists(filename) == true)
+ {
+ if (filename[filename.length()-1] == '/')
+ sendDirectoryListing(client, filename, *m, sendContent);
+ else
+ sendRedirect(client, 301, filename.append("/"), *m, sendContent);
+ }
+ else
+ sendError(client, 404, *m, sendContent);
+ }
+ _error->DumpErrors(std::cerr);
+ messages.clear();
+ if (closeConnection == true)
+ break;
+ }
+ close(client);
+ std::clog << "CLOSE client " << client << std::endl;
+ return NULL;
+}
+ /*}}}*/
+
int main(int const argc, const char * argv[])
{
CommandLine::Args Args[] = {
// create socket, bind and listen to it {{{
// ignore SIGPIPE, this can happen on write() if the socket closes connection
signal(SIGPIPE, SIG_IGN);
+ // we don't care for our slaves, so ignore their death
+ signal(SIGCHLD, SIG_IGN);
+
int sock = socket(AF_INET6, SOCK_STREAM, 0);
if(sock < 0)
{
std::clog << "Serving ANY file on port: " << port << std::endl;
- listen(sock, 1);
+ int const slaves = _config->FindB("aptwebserver::slaves", SOMAXCONN);
+ listen(sock, slaves);
/*}}}*/
_config->CndSet("aptwebserver::response-header::Server", "APT webserver");
_config->CndSet("aptwebserver::response-header::Accept-Ranges", "bytes");
+ _config->CndSet("aptwebserver::directoryindex", "index.html");
- std::vector<std::string> messages;
- int client;
- while ((client = accept(sock, NULL, NULL)) != -1)
- {
- std::clog << "ACCEPT client " << client
- << " on socket " << sock << std::endl;
+ std::list<int> accepted_clients;
- while (ReadMessages(client, messages))
+ while (true)
+ {
+ int client = accept(sock, NULL, NULL);
+ if (client == -1)
{
- bool closeConnection = false;
- for (std::vector<std::string>::const_iterator m = messages.begin();
- m != messages.end() && closeConnection == false; ++m) {
- std::clog << ">>> REQUEST >>>>" << std::endl << *m
- << std::endl << "<<<<<<<<<<<<<<<<" << std::endl;
- std::list<std::string> headers;
- std::string filename;
- bool sendContent = true;
- if (parseFirstLine(client, *m, filename, sendContent, closeConnection) == false)
- continue;
-
- // special webserver command request
- if (filename.length() > 1 && filename[0] == '_')
- {
- std::vector<std::string> parts = VectorizeString(filename, '/');
- if (parts[0] == "_config")
- {
- handleOnTheFlyReconfiguration(client, *m, parts);
- continue;
- }
- }
-
- // string replacements in the requested filename
- ::Configuration::Item const *Replaces = _config->Tree("aptwebserver::redirect::replace");
- if (Replaces != NULL)
- {
- std::string redirect = "/" + filename;
- for (::Configuration::Item *I = Replaces->Child; I != NULL; I = I->Next)
- redirect = SubstVar(redirect, I->Tag, I->Value);
- redirect.erase(0,1);
- if (redirect != filename)
- {
- sendRedirect(client, 301, redirect, *m, sendContent);
- continue;
- }
- }
-
- ::Configuration::Item const *Overwrite = _config->Tree("aptwebserver::overwrite");
- if (Overwrite != NULL)
- {
- for (::Configuration::Item *I = Overwrite->Child; I != NULL; I = I->Next)
- {
- regex_t *pattern = new regex_t;
- int const res = regcomp(pattern, I->Tag.c_str(), REG_EXTENDED | REG_ICASE | REG_NOSUB);
- if (res != 0)
- {
- char error[300];
- regerror(res, pattern, error, sizeof(error));
- sendError(client, 500, *m, sendContent, error);
- continue;
- }
- if (regexec(pattern, filename.c_str(), 0, 0, 0) == 0)
- {
- filename = _config->Find("aptwebserver::overwrite::" + I->Tag + "::filename", filename);
- if (filename[0] == '/')
- filename.erase(0,1);
- regfree(pattern);
- break;
- }
- regfree(pattern);
- }
- }
-
- // deal with the request
- if (RealFileExists(filename) == true)
- {
- FileFd data(filename, FileFd::ReadOnly);
- std::string condition = LookupTag(*m, "If-Modified-Since", "");
- if (condition.empty() == false)
- {
- time_t cache;
- if (RFC1123StrToTime(condition.c_str(), cache) == true &&
- cache >= data.ModificationTime())
- {
- sendHead(client, 304, headers);
- continue;
- }
- }
-
- if (_config->FindB("aptwebserver::support::range", true) == true)
- condition = LookupTag(*m, "Range", "");
- else
- condition.clear();
- if (condition.empty() == false && strncmp(condition.c_str(), "bytes=", 6) == 0)
- {
- time_t cache;
- std::string ifrange;
- if (_config->FindB("aptwebserver::support::if-range", true) == true)
- ifrange = LookupTag(*m, "If-Range", "");
- bool validrange = (ifrange.empty() == true ||
- (RFC1123StrToTime(ifrange.c_str(), cache) == true &&
- cache <= data.ModificationTime()));
-
- // FIXME: support multiple byte-ranges (APT clients do not do this)
- if (condition.find(',') == std::string::npos)
- {
- size_t start = 6;
- unsigned long long filestart = strtoull(condition.c_str() + start, NULL, 10);
- // FIXME: no support for last-byte-pos being not the end of the file (APT clients do not do this)
- size_t dash = condition.find('-') + 1;
- unsigned long long fileend = strtoull(condition.c_str() + dash, NULL, 10);
- unsigned long long filesize = data.FileSize();
- if ((fileend == 0 || (fileend == filesize && fileend >= filestart)) &&
- validrange == true)
- {
- if (filesize > filestart)
- {
- data.Skip(filestart);
- std::ostringstream contentlength;
- contentlength << "Content-Length: " << (filesize - filestart);
- headers.push_back(contentlength.str());
- std::ostringstream contentrange;
- contentrange << "Content-Range: bytes " << filestart << "-"
- << filesize - 1 << "/" << filesize;
- headers.push_back(contentrange.str());
- sendHead(client, 206, headers);
- if (sendContent == true)
- sendFile(client, data);
- continue;
- }
- else
- {
- headers.push_back("Content-Length: 0");
- std::ostringstream contentrange;
- contentrange << "Content-Range: bytes */" << filesize;
- headers.push_back(contentrange.str());
- sendHead(client, 416, headers);
- continue;
- }
- }
- }
- }
+ if (errno == EINTR)
+ continue;
+ _error->Errno("accept", "Couldn't accept client on socket %d", sock);
+ _error->DumpErrors(std::cerr);
+ return 6;
+ }
- addFileHeaders(headers, data);
- sendHead(client, 200, headers);
- if (sendContent == true)
- sendFile(client, data);
- }
- else if (DirectoryExists(filename) == true)
- {
- if (filename == "." || filename[filename.length()-1] == '/')
- sendDirectoryListing(client, filename, *m, sendContent);
- else
- sendRedirect(client, 301, filename.append("/"), *m, sendContent);
- }
- else
- sendError(client, 404, *m, sendContent);
- }
+ pthread_attr_t attr;
+ if (pthread_attr_init(&attr) != 0 || pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED) != 0)
+ {
+ _error->Errno("pthread_attr", "Couldn't set detach attribute for a fresh thread to handle client %d on socket %d", client, sock);
_error->DumpErrors(std::cerr);
- messages.clear();
- if (closeConnection == true)
- break;
+ close(client);
+ continue;
}
- std::clog << "CLOSE client " << client
- << " on socket " << sock << std::endl;
- close(client);
+ pthread_t tid;
+ // thats rather dirty, but we need to store the client socket somewhere safe
+ accepted_clients.push_front(client);
+ if (pthread_create(&tid, &attr, &handleClient, &(*accepted_clients.begin())) != 0)
+ {
+ _error->Errno("pthread_create", "Couldn't create a fresh thread to handle client %d on socket %d", client, sock);
+ _error->DumpErrors(std::cerr);
+ close(client);
+ continue;
+ }
}
pidfile.Close();
# Program for testing udevcdrom
PROGRAM=aptwebserver
-SLIBS = -lapt-pkg
+SLIBS = -lapt-pkg -lpthread
LIB_MAKES = apt-pkg/makefile
SOURCE = aptwebserver.cc
include $(PROGRAM_H)
SOURCE = tagfile_test.cc
include $(PROGRAM_H)
+# test sourcelist
+PROGRAM = SourceList${BASENAME}
+SLIBS = -lapt-pkg
+SOURCE = sourcelist_test.cc
+include $(PROGRAM_H)
+
--- /dev/null
+#include <apt-pkg/sourcelist.h>
+#include <apt-pkg/tagfile.h>
+
+#include "assert.h"
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+char *tempfile = NULL;
+int tempfile_fd = -1;
+
+void remove_tmpfile(void)
+{
+ if (tempfile_fd > 0)
+ close(tempfile_fd);
+ if (tempfile != NULL) {
+ unlink(tempfile);
+ free(tempfile);
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ const char contents[] = ""
+ "Type: deb\n"
+ "URL: http://ftp.debian.org/debian\n"
+ "Dist: stable\n"
+ "Section: main\n"
+ "Comment: Some random string\n"
+ " that can be very long\n"
+ "\n"
+ "Type: deb\n"
+ "URL: http://ftp.debian.org/debian\n"
+ "Dist: unstable\n"
+ "Section: main non-free\n"
+ ;
+
+ FileFd fd;
+ tempfile = strdup("apt-test.XXXXXXXX");
+ tempfile_fd = mkstemp(tempfile);
+
+ /* (Re-)Open (as FileFd), write and seek to start of the temp file */
+ equals(fd.OpenDescriptor(tempfile_fd, FileFd::ReadWrite), true);
+ equals(fd.Write(contents, strlen(contents)), true);
+ equals(fd.Seek(0), true);
+
+ pkgSourceList sources(tempfile);
+ equals(sources.size(), 2);
+
+ /* clean up handled by atexit handler, so just return here */
+ return 0;
+}
--- /dev/null
+<!-- details about the keys used by the distribution -->
+<!ENTITY keyring-distro "Debian">
+<!ENTITY keyring-package "<package>debian-archive-keyring</package>">
+<!ENTITY keyring-filename "<filename>/usr/share/keyrings/debian-archive-keyring.gpg</filename>">
+<!ENTITY keyring-removed-filename "<filename>/usr/share/keyrings/debian-archive-removed-keys.gpg</filename>">
+<!ENTITY keyring-master-filename "">
+<!ENTITY keyring-uri "">
--- /dev/null
+# -*- make -*-
+BASE=../..
+SUBDIR=vendor/debian
+
+# Bring in the default rules
+include ../../buildlib/defaults.mak
+
+doc: sources.list
+
+sources.list: sources.list.in ../../doc/apt-verbatim.ent
+ sed -e 's#&stable-codename;#$(shell ../getinfo debian-stable-codename)#g' $< > $@
--- /dev/null
+# See sources.list(5) manpage for more information
+# Remember that CD-ROMs, DVDs and such are managed through the apt-cdrom tool.
+deb http://ftp.us.debian.org/debian &stable-codename; main contrib non-free
+deb http://security.debian.org &stable-codename;/updates main contrib non-free
+
+# Uncomment if you want the apt-get source function to work
+#deb-src http://ftp.us.debian.org/debian &stable-codename; main contrib non-free
+#deb-src http://security.debian.org &stable-codename;/updates main contrib non-free
--- /dev/null
+#!/bin/sh
+# small helper to extract information form *.ent files
+
+BASEDIR="$(readlink -f "$(dirname $0)")"
+INFO="$(readlink -f "${BASEDIR}/current/apt-vendor.ent")"
+
+if [ -z "$INFO" ] || [ ! -e "$INFO" ]; then
+ echo >&2 'The current vendor is not valid or not chosen by the buildsystem yet.'
+ exit 1
+fi
+
+getrawfield() {
+ grep --max-count=1 "^<!ENTITY $1 \"" "${2:-$INFO}" | cut -d'"' -f 2
+}
+
+getfield() {
+ local FIELD="$(getrawfield "$@")"
+ FIELD="${FIELD#*>}"
+ echo "${FIELD%<*}"
+}
+
+case "$1" in
+debian-stable-codename)
+ getrawfield 'stable-codename' "${BASEDIR}/../doc/apt-verbatim.ent"
+ ;;
+ubuntu-codename)
+ getrawfield 'stable-codename' "${BASEDIR}/../doc/apt-verbatim.ent"
+ ;;
+keyring-package|keyring-filename|keyring-master-filename|keyring-removed-filename|keyring-uri)
+ getfield "$1"
+ ;;
+*)
+ echo >&2 "Unknown data field $1 requested"
+ exit 2
+ ;;
+esac
--- /dev/null
+# -*- make -*-
+BASE=..
+SUBDIR=vendor
+
+# Bring in the default rules
+include ../buildlib/defaults.mak
+
+all headers library binary program doc manpages debiandoc test update-po startup dirs: current
+all: all/subdirs
+binary: binary/subdirs
+doc: doc/subdirs
+clean: clean/subdirs
+veryclean: veryclean/subdirs
+dirs: dirs/subdirs
+
+all/subdirs binary/subdirs doc/subdirs dirs/subdirs:
+ $(MAKE) -C current $(patsubst %/subdirs,%,$@)
+
+clean/subdirs veryclean/subdirs:
+ test ! -e current || $(MAKE) -C current $(patsubst %/subdirs,%,$@)
+
+current:
+ rm -f $@
+ # search for an exact match to use the correct sources.list example
+ find -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f 2 | while read DISTRO; do \
+ if dpkg-vendor --is $$DISTRO; then \
+ ln -s $$DISTRO $@; \
+ break; \
+ fi; \
+ done
+ # if we haven't found a specific, look for a deriving in hardcoded order
+ test -e $@ || \
+ (dpkg-vendor --derives-from ubuntu && cp ln -s ubuntu $@ ) || \
+ ln -s debian $@
+
+.PHONY: clean veryclean all binary vendor
+
+clean: clean/current
+
+clean/current:
+ test ! -e current || $(MAKE) -C current clean
+ rm -f current
--- /dev/null
+<!-- details about the keys used by the distribution -->
+<!ENTITY keyring-distro "Ubuntu">
+<!ENTITY keyring-package "<package>ubuntu-keyring</package>">
+<!ENTITY keyring-filename "<filename>/usr/share/keyrings/ubuntu-archive-keyring.gpg</filename>">
+<!ENTITY keyring-removed-filename "<filename>/usr/share/keyrings/ubuntu-archive-removed-keys.gpg</filename>">
+<!ENTITY keyring-master-filename "/usr/share/keyrings/ubuntu-master-keyring.gpg">
+<!ENTITY keyring-uri "http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg">
--- /dev/null
+# -*- make -*-
+BASE=../..
+SUBDIR=vendor/ubuntu
+
+# Bring in the default rules
+include ../../buildlib/defaults.mak
+
+doc: sources.list
+
+sources.list: sources.list.in ../../doc/apt-verbatim.ent
+ sed -e 's#&ubuntu-codename;#$(shell ../getinfo ubuntu-codename)#g' $< > $@
--- /dev/null
+ # See sources.list(5) manpage for more information
+ # Remember that CD-ROMs, DVDs and such are managed through the apt-cdrom tool.
+deb http://us.archive.ubuntu.com/ubuntu &ubuntu-codename; main restricted
+deb-src http://us.archive.ubuntu.com/ubuntu &ubuntu-codename; main restricted
+
+deb http://security.ubuntu.com/ubuntu &ubuntu-codename;-security main restricted
+deb-src http://security.ubuntu.com/ubuntu &ubuntu-codename;-security main restricted
+
+deb http://us.archive.ubuntu.com/ubuntu &ubuntu-codename;-updates main restricted
+deb-src http://us.archive.ubuntu.com/ubuntu &ubuntu-codename;-updates main restricted
projects / apt.git / commitdiff
