summaryrefslogtreecommitdiff
path: root/cmdline
diff options
context:
space:
mode:
Diffstat (limited to 'cmdline')
-rw-r--r--cmdline/apt-get.cc11
-rwxr-xr-xcmdline/apt-key40
2 files changed, 35 insertions, 16 deletions
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index c996017b8..1c6d39824 100644
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -2496,7 +2496,7 @@ bool DoSource(CommandLine &CmdL)
Src.c_str(), vcs.c_str(), uri.c_str());
if(vcs == "Bzr")
ioprintf(c1out,_("Please use:\n"
- "bzr get %s\n"
+ "bzr branch %s\n"
"to retrieve the latest (possibly unreleased) "
"updates to the package.\n"),
uri.c_str());
@@ -2913,7 +2913,7 @@ bool DoBuildDep(CommandLine &CmdL)
if ((BADVER(Ver)) == false)
{
string forbidden;
- if (Ver->MultiArch == pkgCache::Version::None || Ver->MultiArch == pkgCache::Version::All)
+ if (Ver->MultiArch == pkgCache::Version::None)
{
if (colon == string::npos)
{
@@ -2928,7 +2928,7 @@ bool DoBuildDep(CommandLine &CmdL)
forbidden = "Multi-Arch: same";
// :native gets the buildArch
}
- else if ((Ver->MultiArch & pkgCache::Version::Foreign) == pkgCache::Version::Foreign)
+ else if ((Ver->MultiArch & pkgCache::Version::Foreign) == pkgCache::Version::Foreign || Ver->MultiArch == pkgCache::Version::All)
{
if (colon != string::npos)
forbidden = "Multi-Arch: foreign";
@@ -3204,7 +3204,10 @@ bool DownloadChangelog(CacheFile &CacheFile, pkgAcquire &Fetcher,
return true;
// error
- return _error->Error("changelog download failed");
+ pkgRecords Recs(CacheFile);
+ pkgRecords::Parser &rec=Recs.Lookup(Ver.FileList());
+ string srcpkg = rec.SourcePkg().empty() ? Pkg.Name() : rec.SourcePkg();
+ return _error->Error("changelog for this version is not (yet) available; try https://launchpad.net/ubuntu/+source/%s/+changelog", srcpkg.c_str());
}
/*}}}*/
// DisplayFileInPager - Display File with pager /*{{{*/
diff --git a/cmdline/apt-key b/cmdline/apt-key
index 97d6e0323..c3d9d9aff 100755
--- a/cmdline/apt-key
+++ b/cmdline/apt-key
@@ -16,13 +16,13 @@ fi
GPG="$GPG_CMD"
-MASTER_KEYRING=""
-ARCHIVE_KEYRING_URI=""
-#MASTER_KEYRING=/usr/share/keyrings/debian-master-keyring.gpg
-#ARCHIVE_KEYRING_URI=http://ftp.debian.org/debian/debian-archive-keyring.gpg
-ARCHIVE_KEYRING=/usr/share/keyrings/debian-archive-keyring.gpg
-REMOVED_KEYS=/usr/share/keyrings/debian-archive-removed-keys.gpg
+# ubuntu keyrings
+MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
+ARCHIVE_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
+REMOVED_KEYS=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
+ARCHIVE_KEYRING_URI=http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
+TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg
requires_root() {
if [ "$(id -u)" -ne 0 ]; then
@@ -34,7 +34,7 @@ requires_root() {
add_keys_with_verify_against_master_keyring() {
ADD_KEYRING=$1
MASTER=$2
-
+
if [ ! -f "$ADD_KEYRING" ]; then
echo "ERROR: '$ADD_KEYRING' not found"
return
@@ -50,11 +50,25 @@ add_keys_with_verify_against_master_keyring() {
# from a key in the $distro-master-keyring
add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5`
master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5`
+
for add_key in $add_keys; do
- ADDED=0
+
+ # ensure there are no colisions LP: #857472
+ for master_key in $master_keys; do
+ if [ "$add_key" = "$master_key" ]; then
+ echo >&2 "Keyid collision for '$add_key' detected, operation aborted"
+ return 1
+ fi
+ done
+
+ # export the add keyring one-by-one
+ rm -f $TMP_KEYRING
+ $GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key
+ # check if signed with the master key and only add in this case
+ ADDED=0
for master_key in $master_keys; do
- if $GPG_CMD --keyring $ADD_KEYRING --list-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then
- $GPG_CMD --quiet --batch --keyring $ADD_KEYRING --export $add_key | $GPG --import
+ if $GPG_CMD --keyring $MASTER --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then
+ $GPG --import $TMP_KEYRING
ADDED=1
fi
done
@@ -62,12 +76,14 @@ add_keys_with_verify_against_master_keyring() {
echo >&2 "Key '$add_key' not added. It is not signed with a master key"
fi
done
+ rm -f $TMP_KEYRING
}
# update the current archive signing keyring from a network URI
# the archive-keyring keys needs to be signed with the master key
# (otherwise it does not make sense from a security POV)
net_update() {
+
if [ -z "$ARCHIVE_KEYRING_URI" ]; then
echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set"
exit 1
@@ -87,7 +103,7 @@ net_update() {
if [ -e $keyring ]; then
old_mtime=$(stat -c %Y $keyring)
fi
- (cd /var/lib/apt/keyrings; wget -q -N $ARCHIVE_KEYRING_URI)
+ (cd /var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI)
if [ ! -e $keyring ]; then
return
fi
@@ -101,7 +117,7 @@ net_update() {
update() {
if [ ! -f $ARCHIVE_KEYRING ]; then
echo >&2 "ERROR: Can't find the archive-keyring"
- echo >&2 "Is the debian-archive-keyring package installed?"
+ echo >&2 "Is the ubuntu-keyring package installed?"
exit 1
fi
requires_root