diff options
Diffstat (limited to 'cmdline')
| -rw-r--r-- | cmdline/apt-get.cc | 48 | ||||
| -rwxr-xr-x | cmdline/apt-key | 44 | ||||
| -rw-r--r-- | cmdline/apt-mark.cc | 16 |
3 files changed, 77 insertions, 31 deletions
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index d4c7f4200..4bbe0c492 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -1434,7 +1434,7 @@ bool TryToInstallBuildDep(pkgCache::PkgIterator Pkg,pkgCacheFile &Cache, if (Cache[Pkg].CandidateVer == 0 && Pkg->ProvidesList != 0) { CacheSetHelperAPTGet helper(c1out); - helper.showErrors(AllowFail == false); + helper.showErrors(false); pkgCache::VerIterator Ver = helper.canNotFindNewestVer(Cache, Pkg); if (Ver.end() == false) Pkg = Ver.ParentPkg(); @@ -2895,11 +2895,15 @@ bool DoBuildDep(CommandLine &CmdL) if (StripMultiArch == false && D->Type != pkgSrcRecords::Parser::BuildDependIndep) { size_t const colon = D->Package.find(":"); - if (colon != string::npos && - (strcmp(D->Package.c_str() + colon, ":any") == 0 || strcmp(D->Package.c_str() + colon, ":native") == 0)) - Pkg = Cache->FindPkg(D->Package.substr(0,colon)); + if (colon != string::npos) + { + if (strcmp(D->Package.c_str() + colon, ":any") == 0 || strcmp(D->Package.c_str() + colon, ":native") == 0) + Pkg = Cache->FindPkg(D->Package.substr(0,colon)); + else + Pkg = Cache->FindPkg(D->Package); + } else - Pkg = Cache->FindPkg(D->Package); + Pkg = Cache->FindPkg(D->Package, hostArch); // a bad version either is invalid or doesn't satify dependency #define BADVER(Ver) (Ver.end() == true || \ @@ -2918,13 +2922,13 @@ bool DoBuildDep(CommandLine &CmdL) } if (verlist.empty() == true) { - pkgCache::PkgIterator HostPkg = Cache->FindPkg(D->Package, hostArch); - if (HostPkg.end() == false) + pkgCache::PkgIterator BuildPkg = Cache->FindPkg(D->Package, "native"); + if (BuildPkg.end() == false && Pkg != BuildPkg) { - pkgCache::VerIterator Ver = (*Cache)[HostPkg].InstVerIter(*Cache); + pkgCache::VerIterator Ver = (*Cache)[BuildPkg].InstVerIter(*Cache); if (BADVER(Ver) == false) verlist.insert(Ver); - Ver = (*Cache)[HostPkg].CandidateVerIter(*Cache); + Ver = (*Cache)[BuildPkg].CandidateVerIter(*Cache); if (BADVER(Ver) == false) verlist.insert(Ver); } @@ -2937,12 +2941,14 @@ bool DoBuildDep(CommandLine &CmdL) for (; Ver != verlist.end(); ++Ver) { forbidden.clear(); - if (Ver->MultiArch == pkgCache::Version::None || Ver->MultiArch == pkgCache::Version::All) + if (Ver->MultiArch == pkgCache::Version::None) { if (colon == string::npos) Pkg = Ver.ParentPkg().Group().FindPkg(hostArch); else if (strcmp(D->Package.c_str() + colon, ":any") == 0) forbidden = "Multi-Arch: none"; + else if (strcmp(D->Package.c_str() + colon, ":native") == 0) + Pkg = Ver.ParentPkg().Group().FindPkg("native"); } else if (Ver->MultiArch == pkgCache::Version::Same) { @@ -2950,11 +2956,15 @@ bool DoBuildDep(CommandLine &CmdL) Pkg = Ver.ParentPkg().Group().FindPkg(hostArch); else if (strcmp(D->Package.c_str() + colon, ":any") == 0) forbidden = "Multi-Arch: same"; - // :native gets the buildArch + else if (strcmp(D->Package.c_str() + colon, ":native") == 0) + Pkg = Ver.ParentPkg().Group().FindPkg("native"); } - else if ((Ver->MultiArch & pkgCache::Version::Foreign) == pkgCache::Version::Foreign) + else if ((Ver->MultiArch & pkgCache::Version::Foreign) == pkgCache::Version::Foreign || Ver->MultiArch == pkgCache::Version::All) { - if (colon != string::npos) + if (colon == string::npos) + Pkg = Ver.ParentPkg().Group().FindPkg("native"); + else if (strcmp(D->Package.c_str() + colon, ":any") == 0 || + strcmp(D->Package.c_str() + colon, ":native") == 0) forbidden = "Multi-Arch: foreign"; } else if ((Ver->MultiArch & pkgCache::Version::Allowed) == pkgCache::Version::Allowed) @@ -2972,7 +2982,8 @@ bool DoBuildDep(CommandLine &CmdL) if (Pkg.end() == true) Pkg = Grp.FindPreferredPkg(true); } - // native gets buildArch + else if (strcmp(D->Package.c_str() + colon, ":native") == 0) + Pkg = Ver.ParentPkg().Group().FindPkg("native"); } if (forbidden.empty() == false) @@ -3004,7 +3015,7 @@ bool DoBuildDep(CommandLine &CmdL) else Pkg = Cache->FindPkg(D->Package); - if (Pkg.end() == true) + if (Pkg.end() == true || (Pkg->VersionList == 0 && Pkg->ProvidesList == 0)) { if (_config->FindB("Debug::BuildDeps",false) == true) cout << " (not found)" << (*D).Package << endl; @@ -3087,7 +3098,7 @@ bool DoBuildDep(CommandLine &CmdL) } } - if (TryToInstallBuildDep(Pkg,Cache,Fix,false,false) == true) + if (TryToInstallBuildDep(Pkg,Cache,Fix,false,false,false) == true) { // We successfully installed something; skip remaining alternatives skipAlternatives = hasAlternatives; @@ -3239,7 +3250,10 @@ bool DownloadChangelog(CacheFile &CacheFile, pkgAcquire &Fetcher, return true; // error - return _error->Error("changelog download failed"); + pkgRecords Recs(CacheFile); + pkgRecords::Parser &rec=Recs.Lookup(Ver.FileList()); + string srcpkg = rec.SourcePkg().empty() ? Pkg.Name() : rec.SourcePkg(); + return _error->Error("changelog for this version is not (yet) available; try https://launchpad.net/ubuntu/+source/%s/+changelog", srcpkg.c_str()); } /*}}}*/ // DisplayFileInPager - Display File with pager /*{{{*/ diff --git a/cmdline/apt-key b/cmdline/apt-key index c184e3e75..166508c8e 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -17,13 +17,13 @@ fi GPG="$GPG_CMD" -MASTER_KEYRING="" -ARCHIVE_KEYRING_URI="" -#MASTER_KEYRING=/usr/share/keyrings/debian-master-keyring.gpg -#ARCHIVE_KEYRING_URI=http://ftp.debian.org/debian/debian-archive-keyring.gpg -ARCHIVE_KEYRING=/usr/share/keyrings/debian-archive-keyring.gpg -REMOVED_KEYS=/usr/share/keyrings/debian-archive-removed-keys.gpg +# ubuntu keyrings +MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg +ARCHIVE_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg +REMOVED_KEYS=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg +ARCHIVE_KEYRING_URI=http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg +TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg requires_root() { if [ "$(id -u)" -ne 0 ]; then @@ -35,7 +35,7 @@ requires_root() { add_keys_with_verify_against_master_keyring() { ADD_KEYRING=$1 MASTER=$2 - + if [ ! -f "$ADD_KEYRING" ]; then echo "ERROR: '$ADD_KEYRING' not found" return @@ -50,12 +50,28 @@ add_keys_with_verify_against_master_keyring() { # all keys that are exported must have a valid signature # from a key in the $distro-master-keyring add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` + all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5` master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` + + # ensure there are no colisions LP: #857472 + for all_add_key in $all_add_keys; do + for master_key in $master_keys; do + if [ "$all_add_key" = "$master_key" ]; then + echo >&2 "Keyid collision for '$all_add_key' detected, operation aborted" + return 1 + fi + done + done + for add_key in $add_keys; do - ADDED=0 + # export the add keyring one-by-one + rm -f $TMP_KEYRING + $GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key + # check if signed with the master key and only add in this case + ADDED=0 for master_key in $master_keys; do - if $GPG_CMD --keyring $ADD_KEYRING --list-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then - $GPG_CMD --quiet --batch --keyring $ADD_KEYRING --export $add_key | $GPG --import + if $GPG_CMD --keyring $MASTER --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then + $GPG --import $TMP_KEYRING ADDED=1 fi done @@ -63,12 +79,16 @@ add_keys_with_verify_against_master_keyring() { echo >&2 "Key '$add_key' not added. It is not signed with a master key" fi done + rm -f $TMP_KEYRING } # update the current archive signing keyring from a network URI # the archive-keyring keys needs to be signed with the master key # (otherwise it does not make sense from a security POV) net_update() { + # Disabled for now as code is insecure (LP: #1013639 (and 857472, 1013128)) + exit 1 + if [ -z "$ARCHIVE_KEYRING_URI" ]; then echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set" exit 1 @@ -88,7 +108,7 @@ net_update() { if [ -e $keyring ]; then old_mtime=$(stat -c %Y $keyring) fi - (cd /var/lib/apt/keyrings; wget -q -N $ARCHIVE_KEYRING_URI) + (cd /var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI) if [ ! -e $keyring ]; then return fi @@ -102,7 +122,7 @@ net_update() { update() { if [ ! -f $ARCHIVE_KEYRING ]; then echo >&2 "ERROR: Can't find the archive-keyring" - echo >&2 "Is the debian-archive-keyring package installed?" + echo >&2 "Is the ubuntu-keyring package installed?" exit 1 fi requires_root diff --git a/cmdline/apt-mark.cc b/cmdline/apt-mark.cc index 2a093c55a..c5b7ca496 100644 --- a/cmdline/apt-mark.cc +++ b/cmdline/apt-mark.cc @@ -291,14 +291,26 @@ bool DoHold(CommandLine &CmdL) FILE* dpkg = fdopen(external[1], "w"); for (APT::PackageList::iterator Pkg = pkgset.begin(); Pkg != pkgset.end(); ++Pkg) { + if (dpkgMultiArch == false) + fprintf(dpkg, "%s", Pkg.FullName(true).c_str()); + else + { + if (Pkg->CurrentVer != 0) + fprintf(dpkg, "%s:%s", Pkg.Name(), Pkg.CurrentVer().Arch()); + else if (Pkg.VersionList().end() == false) + fprintf(dpkg, "%s:%s", Pkg.Name(), Pkg.VersionList().Arch()); + else + fprintf(dpkg, "%s", Pkg.FullName(false).c_str()); + } + if (MarkHold == true) { - fprintf(dpkg, "%s hold\n", Pkg.FullName(!dpkgMultiArch).c_str()); + fprintf(dpkg, " hold\n"); ioprintf(c1out,_("%s set on hold.\n"), Pkg.FullName(true).c_str()); } else { - fprintf(dpkg, "%s install\n", Pkg.FullName(!dpkgMultiArch).c_str()); + fprintf(dpkg, " install\n"); ioprintf(c1out,_("Canceled hold on %s.\n"), Pkg.FullName(true).c_str()); } } |