Merge apt--authentication--0

Patches applied:

 * apt@arch.ubuntu.com/apt--experimental--0.6--base-0
   tag of apt@arch.ubuntu.com/apt--MAIN--0--patch-1190

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-1
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-2
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-3
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-4
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-5
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-6
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-7
   Merge working copy of v0.6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-8
   0.6.0 is headed for experimental, not unstable

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-9
   Date

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-10
   Update LIB_APT_PKG_MAJOR

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-11
   - Fix a heap corruption bug in pkgSrcRecords::pkgSrcRec...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-12
   Resynch

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-13
   * Merge apt 0.5.17

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-14
   * Rearrange Release file authentication code to be more...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-15
   * Convert distribution "../project/experimental" to "ex...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-16
   Merge 1.11

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-17
   Merge 1.7

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-18
   Merge 1.10

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-19
   * Make a number of Release file errors into warnings; f...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-20
   * Add space between package names when multiple unauthe...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-21
   * Provide apt-key with a secret keyring and a trustdb, ...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-22
   * Fix typo in apt-key(8) (standard input is '-', not '/')

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-23
   0.6.2

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-24
   Resynch

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-25
   * Fix MetaIndexURI for flat ("foo/") sources

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-26
   0.6.3

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-27
   * Use the top-level Release file in LoadReleaseInfo, ra...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-28
   0.6.4

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-29
   Clarify

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-30
   * Move the authentication check into a separate functio...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-31
   * Fix display of unauthenticated packages when they are...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-32
   * Move the authentication check into a separate functio...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-33
   * Restore the ugly hack I removed from indexRecords::Lo...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-34
   0.6.6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-35
   * Forgot to revert part of the changes to tagfile in 0....

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-36
   * Add a config option and corresponding command line option

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-37
   0.6.8

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-38
   hopefully avoid more segfaults

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-39
   XXX

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-40
   * Another tagfile workaround

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-41
   * Use "Codename" (woody, sarge, etc.) to supply the val...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-42
   * Support IMS requests of Release.gpg and Release

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-43
   * Have pkgAcquireIndex calculate an MD5 sum if one is n...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-44
   * Merge 0.5.18

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-45
   apt (0.6.13) experimental; urgency=low

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-46
   0.6.13

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-47
   Merge 0.5.20

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-48
   The source list works a bit differently in 0.6; fix the...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-49
   * s/Debug::Acquire::gpg/&v/

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-50
   * Honor the [vendor] syntax in sources.list again (thou...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-51
   * Don't ship vendors.list(5) since it isn't used yet

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-52
   * Revert change from 0.6.10; it was right in the first ...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-53
   * Fix some cases where the .gpg file could be left in p...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-54
   Print a warning if gnupg is not installed

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-55
   * Handle more IMS stuff correctly

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-56
   0.6.17

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-57
   * Merge 0.5.21

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-58
   * Add new Debian Archive Automatic Signing Key to the d...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-59
   0.6.18

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-60
   * Merge 0.5.22

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-61
   * Convert apt-key(8) to docbook XML

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-62
   Merge 0.5.23

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-63
   Remove bogus partial 0.5.22 changelog entry

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-64
   Make the auth warning a bit less redundant

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-65
   * Merge 0.5.24

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-66
   * Make the unauthenticated packages prompt more intuiti...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-67
   Merge 0.5.25

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-68
   * Remove obsolete pkgIterator::TargetVer() (Closes: #230159)

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-69
   * Reverse test in CheckAuth to match new prompt (Closes...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-70
   Update version

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-71
   Fix backwards sense of CheckAuth prompt

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-72
   0.6.24

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-73
   Close bug

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-74
   * Fix handling of two-part sources for sources.list deb...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-75
   0.6.25

 * apt@packages.debian.org/apt--authentication--0--base-0
   tag of apt@arch.ubuntu.com/apt--experimental--0.6--patch-75

 * apt@packages.debian.org/apt--authentication--0--patch-1
   Michael Vogt's merge of apt--experimental--0 onto apt--main--0

 * apt@packages.debian.org/apt--authentication--0--patch-2
   Merge from apt--main--0

 * apt@packages.debian.org/apt--authentication--0--patch-3
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-4
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-5
   Update version number in configure.in

 * apt@packages.debian.org/apt--authentication--0--patch-6
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-7
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-8
   Merge from mvo's branch

 * apt@packages.debian.org/apt--authentication--0--patch-9
   Merge from mvo's tree

 * apt@packages.debian.org/apt--authentication--0--patch-10
   Merge from mvo

 * apt@packages.debian.org/apt--authentication--0--patch-11
   Fix permissions AGAIN

 * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--base-0
   tag of michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12

 * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--patch-1
   * star-merged matt's changes (bz2 support for data-members in debs)

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-1
   tag of apt@packages.debian.org/apt--authentication--0--base-0

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-2
   merged "tla apply-delta -A foo@ apt@arch.ubuntu.com/apt--MAIN--0--patch-1190 apt@arch.ubuntu.com/apt--MAIN--0--patch-1343" and cleaned up conflicts

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-3
   * missing bits from the merge added

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-4
   * star-merged with apt@packages.debian.org/apt--main--0

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-5
   * tree-synced to the apt--authentication tree

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-6
   * use the ubuntu-key in this version

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-7
   * imported the patches from mdz

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-8
   * apt-get update --print-uris works now as before (fallback to 0.5.x behaviour)

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-9
   * fix for the "if any source unauthenticated, all other sources are unauthenticated too" problem

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-10
   * reworked the "--print-uris" patch. it no longer uses: "APT::Get::Print-URIs" in the library

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-11
   * version of the library set to 3.6

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12
   * changelog finallized, will upload to people.ubuntulinux.org/~mvo/apt-authentication

 * michael.vogt@canonical.com--2004/apt--main-authentication--0--base-0
   tag of apt@packages.debian.org/apt--main--0--patch-22

 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-1
   * star-merge from apt--experimental--0.6

 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-2
   * compile failure fix for methods/http.cc, po-file fixes

4 files changed, 136 insertions, 11 deletions

diff --git a/cmdline/apt-cache.cc b/cmdline/apt-cache.cc
index b3468a97a..18680a5db 100644
--- a/cmdline/apt-cache.cc
+++ b/cmdline/apt-cache.cc
@@ -1599,11 +1599,16 @@ bool Madison(CommandLine &CmdL)
                // Locate the associated index files so we can derive a description
                for (pkgSourceList::const_iterator S = SrcList->begin(); S != SrcList->end(); S++)
                {
-                  if ((*S)->FindInCache(*(VF.File().Cache())) == VF.File())
-                  {
-                     cout << setw(10) << Pkg.Name() << " | " << setw(10) << V.VerStr() << " | "
-                          << (*S)->Describe(true) << endl;
-                  }
+                    vector<pkgIndexFile *> *Indexes = (*S)->GetIndexFiles();
+                    for (vector<pkgIndexFile *>::const_iterator IF = Indexes->begin();
+                         IF != Indexes->end(); IF++)
+                    {
+                         if ((*IF)->FindInCache(*(VF.File().Cache())) == VF.File())
+                         {
+                                   cout << setw(10) << Pkg.Name() << " | " << setw(10) << V.VerStr() << " | "
+                                        << (*IF)->Describe(true) << endl;
+                         }
+                    }
                }
             }
          }
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index 0d7e5239c..6dbb8285f 100644
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -111,7 +111,7 @@ class CacheFile : public pkgCacheFile
 // YnPrompt - Yes No Prompt.						/*{{{*/
 // ---------------------------------------------------------------------
 /* Returns true on a Yes.*/
-bool YnPrompt()
+bool YnPrompt(bool Default=true)
 {
    if (_config->FindB("APT::Get::Assume-Yes",false) == true)
    {
@@ -126,7 +126,7 @@ bool YnPrompt()
       return false;
 
    if (strlen(response) == 0)
-      return true;
+      return Default;
 
    regex_t Pattern;
    int Res;
@@ -544,6 +544,7 @@ bool ShowEssential(ostream &out,CacheFile &Cache)
    return ShowList(out,_("WARNING: The following essential packages will be removed\n"
 			 "This should NOT be done unless you know exactly what you are doing!"),List,VersionsList);
 }
+
 									/*}}}*/
 // Stats - Show some statistics						/*{{{*/
 // ---------------------------------------------------------------------
@@ -666,6 +667,49 @@ bool CacheFile::CheckDeps(bool AllowBroken)
       
    return true;
 }
+
+static bool CheckAuth(pkgAcquire& Fetcher)
+{
+   string UntrustedList;
+   for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
+   {
+      if (!(*I)->IsTrusted())
+      {
+         UntrustedList += string((*I)->ShortDesc()) + " ";
+      }
+   }
+
+   if (UntrustedList == "")
+   {
+      return true;
+   }
+        
+   ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
+
+   if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
+   {
+      c2out << "Authentication warning overridden.\n";
+      return true;
+   }
+
+   if (_config->FindI("quiet",0) < 2
+       && _config->FindB("APT::Get::Assume-Yes",false) == false)
+   {
+      c2out << _("Install these packages without verification? [y/N] ") << flush;
+      if (!YnPrompt(false))
+         return _error->Error(_("Some packages could not be authenticated"));
+
+      return true;
+   }
+   else if (_config->FindB("APT::Get::Force-Yes",false) == true)
+   {
+      return true;
+   }
+
+   return _error->Error(_("There are problems and -y was used without --force-yes"));
+}
+
+
 									/*}}}*/
 
 // InstallPackages - Actually download and install the packages		/*{{{*/
@@ -701,7 +745,7 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask = true,
         Essential = !ShowEssential(c1out,Cache);
    Fail |= Essential;
    Stats(c1out,Cache);
-   
+
    // Sanity check
    if (Cache->BrokenCount() != 0)
    {
@@ -860,6 +904,9 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask = true,
       return true;
    }
 
+   if (!CheckAuth(Fetcher))
+      return false;
+
    /* Unlock the dpkg lock if we are not going to be doing an install
       after. */
    if (_config->FindB("APT::Get::Download-Only",false) == true)
@@ -1252,19 +1299,25 @@ bool DoUpdate(CommandLine &CmdL)
    AcqTextStatus Stat(ScreenWidth,_config->FindI("quiet",0));
    pkgAcquire Fetcher(&Stat);
 
-   // Populate it with the source selection
-   if (List.GetIndexes(&Fetcher) == false)
-	 return false;
    
    // Just print out the uris an exit if the --print-uris flag was used
    if (_config->FindB("APT::Get::Print-URIs") == true)
    {
+      // Populate it with the source selection and get all Indexes 
+      // (GetAll=true)
+      if (List.GetIndexes(&Fetcher,true) == false)
+	 return false;
+
       pkgAcquire::UriIterator I = Fetcher.UriBegin();
       for (; I != Fetcher.UriEnd(); I++)
 	 cout << '\'' << I->URI << "' " << flNotDir(I->Owner->DestFile) << ' ' << 
 	       I->Owner->FileSize << ' ' << I->Owner->MD5Sum() << endl;
       return true;
    }
+
+   // Populate it with the source selection
+   if (List.GetIndexes(&Fetcher) == false)
+	 return false;
    
    // Run it
    if (Fetcher.Run() == pkgAcquire::Failed)
@@ -2412,6 +2465,7 @@ int main(int argc,const char *argv[])
       {0,"remove","APT::Get::Remove",0},
       {0,"only-source","APT::Get::Only-Source",0},
       {0,"arch-only","APT::Get::Arch-Only",0},
+      {0,"allow-unauthenticated","APT::Get::AllowUnauthenticated",0},
       {'c',"config-file",0,CommandLine::ConfigFile},
       {'o',"option",0,CommandLine::ArbItem},
       {0,0,0,0}};
diff --git a/cmdline/apt-key b/cmdline/apt-key
new file mode 100644
index 000000000..583cde191
--- /dev/null
+++ b/cmdline/apt-key
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+usage() {
+    echo "Usage: apt-key [command] [arguments]"
+    echo
+    echo "Manage apt's list of trusted keys"
+    echo
+    echo "  apt-key add <file>          - add the key contained in <file> ('-' for stdin)"
+    echo "  apt-key del <keyid>         - remove the key <keyid>"
+    echo "  apt-key list                - list keys"
+    echo
+}
+
+command="$1"
+if [ -z "$command" ]; then
+    usage
+    exit 1
+fi
+shift
+
+if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then
+    echo >&2 "Warning: gnupg does not seem to be installed."
+    echo >&2 "Warning: apt-key requires gnupg for most operations."
+    echo >&2
+fi
+
+# We don't use a secret keyring, of course, but gpg panics and
+# implodes if there isn't one available
+
+GPG="gpg --no-options --no-default-keyring --keyring /etc/apt/trusted.gpg --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg"
+
+case "$command" in
+    add)
+        $GPG --quiet --batch --import "$1"
+        echo "OK"
+        ;;
+    del|rm|remove)
+        $GPG --quiet --batch --delete-key --yes "$1"
+        echo "OK"
+        ;;
+    list)
+        $GPG --batch --list-keys
+        ;;
+    finger*)
+        $GPG --batch --fingerprint
+        ;;
+    adv*)
+        echo "Executing: $GPG $*"
+        $GPG $*
+        ;;
+    help)
+        usage
+        ;;
+    *)
+        usage
+        exit 1
+        ;;
+esac
diff --git a/cmdline/makefile b/cmdline/makefile
index 0c34c1ff9..21a6d47d4 100644
--- a/cmdline/makefile
+++ b/cmdline/makefile
@@ -46,3 +46,9 @@ SLIBS = -lapt-pkg -lapt-inst
 LIB_MAKES = apt-pkg/makefile
 SOURCE = apt-extracttemplates.cc 
 include $(PROGRAM_H)
+
+# The apt-key program
+SOURCE=apt-key
+TO=$(BIN)
+TARGET=program
+include $(COPY_H)