From 2510eea4a0922b7b6da8099deb70ca87851633ce Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 22 Aug 2013 22:30:20 +0200 Subject: do chdir("/") after chroot() --- cmdline/apt-mark.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-mark.cc b/cmdline/apt-mark.cc index eb3410be1..ebb1f9892 100644 --- a/cmdline/apt-mark.cc +++ b/cmdline/apt-mark.cc @@ -209,7 +209,7 @@ bool DoHold(CommandLine &CmdL) dup2(nullfd, STDIN_FILENO); dup2(nullfd, STDOUT_FILENO); dup2(nullfd, STDERR_FILENO); - if (chrootDir != "/" && chroot(chrootDir.c_str()) != 0) + if (chrootDir != "/" && chroot(chrootDir.c_str()) != 0 && chdir("/") != 0) _error->WarningE("getArchitecture", "Couldn't chroot into %s for dpkg --assert-multi-arch", chrootDir.c_str()); execvp(Args[0], (char**) &Args[0]); _error->WarningE("dpkgGo", "Can't detect if dpkg supports multi-arch!"); @@ -279,7 +279,7 @@ bool DoHold(CommandLine &CmdL) { close(external[1]); std::string const chrootDir = _config->FindDir("DPkg::Chroot-Directory"); - if (chrootDir != "/" && chroot(chrootDir.c_str()) != 0) + if (chrootDir != "/" && chroot(chrootDir.c_str()) != 0 && chdir("/") != 0) _error->WarningE("getArchitecture", "Couldn't chroot into %s for dpkg --set-selections", chrootDir.c_str()); int const nullfd = open("/dev/null", O_RDONLY); dup2(external[0], STDIN_FILENO); -- cgit v1.2.3 From d8a8f9d7f01c75a7bbad7a488bf359a94291d1de Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 27 Aug 2013 08:50:06 +0200 Subject: allow pkg manipulation in the upgrade/dist-upgrade commandline, e.g. apt-get dist-upgrade 2vcard- 4g8+ --- cmdline/apt-get.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 93c21651f..c273dfaaa 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -350,9 +350,6 @@ bool DoMarkAuto(CommandLine &CmdL) /* Intelligent upgrader that will install and remove packages at will */ bool DoDistUpgrade(CommandLine &CmdL) { - if (CmdL.FileSize() != 1) - return _error->Error(_("The dist-upgrade command takes no arguments")); - CacheFile Cache; if (Cache.OpenForInstall() == false || Cache.CheckDeps() == false) return false; @@ -365,6 +362,10 @@ bool DoDistUpgrade(CommandLine &CmdL) return false; } + // parse additional cmdline pkg manipulation switches + if(!DoCacheManipulationFromCommandLine(CmdL, Cache)) + return false; + c0out << _("Done") << endl; return InstallPackages(Cache,true); -- cgit v1.2.3 From c678a0443518aa5e8f328f358fca7b35252df84e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 28 Aug 2013 11:28:40 +0200 Subject: add man-page, improve option, use --with-new-pkgs as the flag --- cmdline/apt-get.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 93c21651f..392eafe4f 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -1627,7 +1627,7 @@ void SigWinch(int) bool DoUpgrade(CommandLine &CmdL) { - if (_config->FindB("APT::Get::UpgradeAllowNew", false) == true) + if (_config->FindB("APT::Get::Upgrade-Allow-New", false) == true) return DoUpgradeWithAllowNewPackages(CmdL); else return DoUpgradeNoNewPackages(CmdL); -- cgit v1.2.3 From ee0167c4a0bf0c6de5437d3b641e7e7c0c614f17 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 30 Aug 2013 17:18:20 +0200 Subject: fix vim-style foldmarker Git-Dch: Ignore --- cmdline/apt-get.cc | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index c273dfaaa..8a30ac38d 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -84,11 +84,8 @@ #include /*}}}*/ - using namespace std; - - // TryToInstallBuildDep - Try to install a single package /*{{{*/ // --------------------------------------------------------------------- /* This used to be inlined in DoInstall, but with the advent of regex package @@ -1625,15 +1622,14 @@ void SigWinch(int) #endif } /*}}}*/ - -bool DoUpgrade(CommandLine &CmdL) +bool DoUpgrade(CommandLine &CmdL) /*{{{*/ { if (_config->FindB("APT::Get::UpgradeAllowNew", false) == true) return DoUpgradeWithAllowNewPackages(CmdL); else return DoUpgradeNoNewPackages(CmdL); } - + /*}}}*/ int main(int argc,const char *argv[]) /*{{{*/ { CommandLine::Dispatch Cmds[] = {{"update",&DoUpdate}, -- cgit v1.2.3 From 866893a619e00966ae6b1549c4bfce92d6c17db1 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 3 Oct 2013 14:45:41 +0200 Subject: put fetch errors in 'source' on our errorstack refactor the fetching process so that it looks more like the others we have in the hope that we can reuse code in the future. This is a soft interface change as 'source' previously printed errors directly on stderr, while it will now push it onto our usual error stack. --- cmdline/apt-get.cc | 28 ++++++---------------------- 1 file changed, 6 insertions(+), 22 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 8a30ac38d..a37f06741 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -50,7 +50,7 @@ #include #include - +#include #include #include #include @@ -62,9 +62,11 @@ #include #include +#include +#include + #include #include -#include #include #include #include @@ -76,7 +78,6 @@ #include #include #include -#include #include #include @@ -812,27 +813,10 @@ bool DoSource(CommandLine &CmdL) delete[] Dsc; return true; } - - // Run it - if (Fetcher.Run() == pkgAcquire::Failed) - { - delete[] Dsc; - return false; - } - // Print error messages + // Run it bool Failed = false; - for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I != Fetcher.ItemsEnd(); ++I) - { - if ((*I)->Status == pkgAcquire::Item::StatDone && - (*I)->Complete == true) - continue; - - fprintf(stderr,_("Failed to fetch %s %s\n"),(*I)->DescURI().c_str(), - (*I)->ErrorText.c_str()); - Failed = true; - } - if (Failed == true) + if (AcquireRun(Fetcher, 0, &Failed, NULL) == false || Failed == true) { delete[] Dsc; return _error->Error(_("Failed to fetch some archives.")); -- cgit v1.2.3 From d57f6084aaa3972073114973d149ea2291b36682 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 3 Oct 2013 15:11:21 +0200 Subject: use pkgAcqArchive in 'download' for proper errors With a bit of trickery we can reuse the usual infrastructure we have in place to acquire deb files for the 'download' operation as well, which gains us authentification check & display, error messages, correct filenames and "downloads" from the root-owned archives. --- cmdline/apt-get.cc | 80 ++++++++++++++++++++++++------------------------------ 1 file changed, 35 insertions(+), 45 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index a37f06741..630a9489b 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -525,7 +525,7 @@ bool DoDownload(CommandLine &CmdL) CacheFile Cache; if (Cache.ReadOnlyOpen() == false) return false; - + APT::CacheSetHelper helper(c0out); APT::VersionList verset = APT::VersionList::FromCommandLine(Cache, CmdL.FileList + 1, APT::VersionList::CANDIDATE, helper); @@ -533,67 +533,57 @@ bool DoDownload(CommandLine &CmdL) if (verset.empty() == true) return false; + AcqTextStatus Stat(ScreenWidth, _config->FindI("quiet", 0)); pkgAcquire Fetcher; - AcqTextStatus Stat(ScreenWidth, _config->FindI("quiet",0)); - if (_config->FindB("APT::Get::Print-URIs") == false) - Fetcher.Setup(&Stat); + if (Fetcher.Setup(&Stat) == false) + return false; pkgRecords Recs(Cache); pkgSourceList *SrcList = Cache.GetSourceList(); - bool gotAll = true; - for (APT::VersionList::const_iterator Ver = verset.begin(); - Ver != verset.end(); - ++Ver) + // reuse the usual acquire methods for deb files, but don't drop them into + // the usual directories - keep everything in the current directory + std::vector storefile(verset.size()); + std::string const cwd = SafeGetCWD(); + _config->Set("Dir::Cache::Archives", cwd); + int i = 0; + for (APT::VersionList::const_iterator Ver = verset.begin(); + Ver != verset.end(); ++Ver, ++i) { - string descr; - // get the right version - pkgCache::PkgIterator Pkg = Ver.ParentPkg(); - pkgRecords::Parser &rec=Recs.Lookup(Ver.FileList()); - pkgCache::VerFileIterator Vf = Ver.FileList(); - if (Vf.end() == true) - { - _error->Error("Can not find VerFile for %s in version %s", Pkg.FullName().c_str(), Ver.VerStr()); - gotAll = false; - continue; - } - pkgCache::PkgFileIterator F = Vf.File(); - pkgIndexFile *index; - if(SrcList->FindIndex(F, index) == false) - { - _error->Error(_("Can't find a source to download version '%s' of '%s'"), Ver.VerStr(), Pkg.FullName().c_str()); - gotAll = false; - continue; - } - string uri = index->ArchiveURI(rec.FileName()); - strprintf(descr, _("Downloading %s %s"), Pkg.Name(), Ver.VerStr()); - // get the most appropriate hash - HashString hash; - if (rec.SHA512Hash() != "") - hash = HashString("sha512", rec.SHA512Hash()); - else if (rec.SHA256Hash() != "") - hash = HashString("sha256", rec.SHA256Hash()); - else if (rec.SHA1Hash() != "") - hash = HashString("sha1", rec.SHA1Hash()); - else if (rec.MD5Hash() != "") - hash = HashString("md5", rec.MD5Hash()); - // get the file - new pkgAcqFile(&Fetcher, uri, hash.toStr(), (*Ver)->Size, descr, Pkg.Name(), "."); + pkgAcquire::Item *I = new pkgAcqArchive(&Fetcher, SrcList, &Recs, *Ver, storefile[i]); + std::string const filename = cwd + flNotDir(storefile[i]); + storefile[i].assign(filename); + I->DestFile.assign(filename); } - if (gotAll == false) - return false; // Just print out the uris and exit if the --print-uris flag was used if (_config->FindB("APT::Get::Print-URIs") == true) { pkgAcquire::UriIterator I = Fetcher.UriBegin(); for (; I != Fetcher.UriEnd(); ++I) - cout << '\'' << I->URI << "' " << flNotDir(I->Owner->DestFile) << ' ' << + cout << '\'' << I->URI << "' " << flNotDir(I->Owner->DestFile) << ' ' << I->Owner->FileSize << ' ' << I->Owner->HashSum() << endl; return true; } - return (Fetcher.Run() == pkgAcquire::Continue); + if (_error->PendingError() == true || CheckAuth(Fetcher, false) == false) + return false; + + bool Failed = false; + if (AcquireRun(Fetcher, 0, &Failed, NULL) == false) + return false; + + // copy files in local sources to the current directory + for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I != Fetcher.ItemsEnd(); ++I) + if ((*I)->Local == true && (*I)->Status == pkgAcquire::Item::StatDone) + { + std::string const filename = cwd + flNotDir((*I)->DestFile); + std::ifstream src((*I)->DestFile.c_str(), std::ios::binary); + std::ofstream dst(filename.c_str(), std::ios::binary); + dst << src.rdbuf(); + } + + return Failed == false; } /*}}}*/ // DoCheck - Perform the check operation /*{{{*/ -- cgit v1.2.3 From 5ca0cf51194422fb0f094bbf5e61e9f5eb57f013 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 5 Oct 2013 11:54:08 +0200 Subject: cleanup upgrade API some more (thanks for the feedback from David) --- cmdline/apt-get.cc | 26 -------------------------- 1 file changed, 26 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 8a30ac38d..64c7506ae 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -342,32 +342,6 @@ bool DoMarkAuto(CommandLine &CmdL) return false; } /*}}}*/ -// DoDistUpgrade - Automatic smart upgrader /*{{{*/ -// --------------------------------------------------------------------- -/* Intelligent upgrader that will install and remove packages at will */ -bool DoDistUpgrade(CommandLine &CmdL) -{ - CacheFile Cache; - if (Cache.OpenForInstall() == false || Cache.CheckDeps() == false) - return false; - - c0out << _("Calculating upgrade... ") << flush; - if (pkgDistUpgrade(*Cache) == false) - { - c0out << _("Failed") << endl; - ShowBroken(c1out,Cache,false); - return false; - } - - // parse additional cmdline pkg manipulation switches - if(!DoCacheManipulationFromCommandLine(CmdL, Cache)) - return false; - - c0out << _("Done") << endl; - - return InstallPackages(Cache,true); -} - /*}}}*/ // DoDSelectUpgrade - Do an upgrade by following dselects selections /*{{{*/ // --------------------------------------------------------------------- /* Follows dselect's selections */ -- cgit v1.2.3 From 82e369c4b93b5b81db7988ab377a3c5bd388268e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 5 Oct 2013 12:15:03 +0200 Subject: * move upgrade releated code into upgrade.{cc,h} The upgrade releated code is moved into upgrade.{cc,h} and all pkg*Upgrade* prototypes are included in algorihms.h to avoid breaking API (unless build with APT_9_CLEANER_HEADERS). --- cmdline/apt-get.cc | 2 +- cmdline/apt-internal-solver.cc | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 64c7506ae..1025005a2 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -49,7 +49,7 @@ #include #include #include - +#include #include #include diff --git a/cmdline/apt-internal-solver.cc b/cmdline/apt-internal-solver.cc index aef7636e9..53b38ea43 100644 --- a/cmdline/apt-internal-solver.cc +++ b/cmdline/apt-internal-solver.cc @@ -19,6 +19,7 @@ #include #include #include +#include #include #include -- cgit v1.2.3 From cfacba5230f2e6bb88a1949505843ac22ed342d5 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Mon, 25 Nov 2013 08:36:57 +0100 Subject: add basic "edit-sources" command --- cmdline/apt-get.cc | 19 +------------------ cmdline/apt.cc | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+), 18 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 15373b050..912b2d609 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -59,6 +59,7 @@ #include #include #include +#include #include @@ -1378,24 +1379,6 @@ bool DownloadChangelog(CacheFile &CacheFile, pkgAcquire &Fetcher, return _error->Error("changelog download failed"); } /*}}}*/ -// DisplayFileInPager - Display File with pager /*{{{*/ -void DisplayFileInPager(string filename) -{ - pid_t Process = ExecFork(); - if (Process == 0) - { - const char *Args[3]; - Args[0] = "/usr/bin/sensible-pager"; - Args[1] = filename.c_str(); - Args[2] = 0; - execvp(Args[0],(char **)Args); - exit(100); - } - - // Wait for the subprocess - ExecWait(Process, "sensible-pager", false); -} - /*}}}*/ // DoChangelog - Get changelog from the command line /*{{{*/ // --------------------------------------------------------------------- bool DoChangelog(CommandLine &CmdL) diff --git a/cmdline/apt.cc b/cmdline/apt.cc index e30967ec2..ef31d0029 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -54,8 +54,28 @@ #include #include #include +#include /*}}}*/ +// EditSource - EditSourcesList /*{{{*/ +// --------------------------------------------------------------------- +bool EditSources(CommandLine &CmdL) +{ + // FIXME: suport CmdL.FileList to specify sources.list.d files + + std::string sourceslist = _config->FindFile("Dir::Etc::sourcelist"); + + // FIXME: take hash before, + // when changed display message to apt update + // do syntax check after save (like visudo) + + EditFileInSensibleEditor(sourceslist); + + return true; +} + /*}}}*/ + + bool ShowHelp(CommandLine &CmdL) { ioprintf(c1out,_("%s %s for %s compiled on %s %s\n"),PACKAGE,PACKAGE_VERSION, @@ -74,6 +94,8 @@ bool ShowHelp(CommandLine &CmdL) " update - update list of available packages\n" " install - install packages\n" " upgrade - upgrade the systems packages\n" + "\n" + " edit-sources - edit the source information file\n" ); return true; @@ -89,6 +111,8 @@ int main(int argc, const char *argv[]) /*{{{*/ {"remove", &DoInstall}, {"update",&DoUpdate}, {"upgrade",&DoUpgradeWithAllowNewPackages}, + // misc + {"edit-sources",&EditSources}, // helper {"moo",&DoMoo}, {"help",&ShowHelp}, -- cgit v1.2.3 From d2524a53bbd219ee6d069006fd243a5bcda0245b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 26 Nov 2013 09:22:40 +0100 Subject: add syntax check for sources.list --- cmdline/apt.cc | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt.cc b/cmdline/apt.cc index ef31d0029..38610e731 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -67,9 +67,22 @@ bool EditSources(CommandLine &CmdL) // FIXME: take hash before, // when changed display message to apt update - // do syntax check after save (like visudo) - - EditFileInSensibleEditor(sourceslist); + bool res; + pkgSourceList sl; + + do { + EditFileInSensibleEditor(sourceslist); + _error->PushToStack(); + res = sl.Read(sourceslist); + if (!res) { + std::string outs; + strprintf(outs, _("Failed to parse %s. Edit again? "), + sourceslist.c_str()); + std::cout << outs; + res = !YnPrompt(true); + } + _error->RevertToStack(); + } while (res == false); return true; } -- cgit v1.2.3 From e6645b9fb9ba3a7ff7b6663af3f5e1bcb6f23d78 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 26 Nov 2013 10:32:21 +0100 Subject: add check when sources.list changed --- cmdline/apt.cc | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 38610e731..47187fac2 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -41,6 +41,7 @@ #include #include #include +#include #include @@ -61,21 +62,21 @@ // --------------------------------------------------------------------- bool EditSources(CommandLine &CmdL) { - // FIXME: suport CmdL.FileList to specify sources.list.d files + bool res; + pkgSourceList sl; + std::string outs; + // FIXME: suport CmdL.FileList to specify sources.list.d files std::string sourceslist = _config->FindFile("Dir::Etc::sourcelist"); - // FIXME: take hash before, - // when changed display message to apt update - bool res; - pkgSourceList sl; + HashString before; + before.FromFile(sourceslist); do { EditFileInSensibleEditor(sourceslist); _error->PushToStack(); res = sl.Read(sourceslist); if (!res) { - std::string outs; strprintf(outs, _("Failed to parse %s. Edit again? "), sourceslist.c_str()); std::cout << outs; @@ -84,6 +85,13 @@ bool EditSources(CommandLine &CmdL) _error->RevertToStack(); } while (res == false); + if (!before.VerifyFile(sourceslist)) { + strprintf( + outs, _("Your '%s' file changed, please run 'apt-get update'."), + sourceslist.c_str()); + std::cout << outs << std::endl; + } + return true; } /*}}}*/ -- cgit v1.2.3 From 9e6b13f3751f8a1287ff79861980afb7792a5f9e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 28 Nov 2013 12:15:47 +0100 Subject: move EditSources into its own file --- cmdline/apt.cc | 38 +------------------------------------- 1 file changed, 1 insertion(+), 37 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 47187fac2..4bcae0aba 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -56,45 +56,9 @@ #include #include #include +#include /*}}}*/ -// EditSource - EditSourcesList /*{{{*/ -// --------------------------------------------------------------------- -bool EditSources(CommandLine &CmdL) -{ - bool res; - pkgSourceList sl; - std::string outs; - - // FIXME: suport CmdL.FileList to specify sources.list.d files - std::string sourceslist = _config->FindFile("Dir::Etc::sourcelist"); - - HashString before; - before.FromFile(sourceslist); - - do { - EditFileInSensibleEditor(sourceslist); - _error->PushToStack(); - res = sl.Read(sourceslist); - if (!res) { - strprintf(outs, _("Failed to parse %s. Edit again? "), - sourceslist.c_str()); - std::cout << outs; - res = !YnPrompt(true); - } - _error->RevertToStack(); - } while (res == false); - - if (!before.VerifyFile(sourceslist)) { - strprintf( - outs, _("Your '%s' file changed, please run 'apt-get update'."), - sourceslist.c_str()); - std::cout << outs << std::endl; - } - - return true; -} - /*}}}*/ bool ShowHelp(CommandLine &CmdL) -- cgit v1.2.3 From f87338d2da95ba7d55a1a67b4506717e94d49bca Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 30 Nov 2013 23:07:20 +0100 Subject: cherry-pick ubuntus (disabled) net-update fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With the net-update command a special keyring can be downloaded and imported into apt, which must be signed by a master key. Its is currently disabled because of security problems with it – and the only known user before that was Ubuntu. --- cmdline/apt-key | 44 +++++++++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 13 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-key b/cmdline/apt-key index 713a41c07..64cf5a6f4 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -25,17 +25,15 @@ GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" GPG="$GPG_CMD" -MASTER_KEYRING="" -#MASTER_KEYRING=/usr/share/keyrings/debian-master-keyring.gpg +MASTER_KEYRING='' eval $(apt-config shell MASTER_KEYRING APT::Key::MasterKeyring) -ARCHIVE_KEYRING_URI="" -#ARCHIVE_KEYRING_URI=http://ftp.debian.org/debian/debian-archive-keyring.gpg -eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI) - -ARCHIVE_KEYRING=/usr/share/keyrings/debian-archive-keyring.gpg +ARCHIVE_KEYRING='/usr/share/keyrings/debian-archive-keyring.gpg' eval $(apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring) -REMOVED_KEYS=/usr/share/keyrings/debian-archive-removed-keys.gpg +REMOVED_KEYS='/usr/share/keyrings/debian-archive-removed-keys.gpg' eval $(apt-config shell REMOVED_KEYS APT::Key::RemovedKeys) +ARCHIVE_KEYRING_URI='' +eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI) +TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg requires_root() { if [ "$(id -u)" -ne 0 ]; then @@ -57,7 +55,7 @@ init_keyring() { add_keys_with_verify_against_master_keyring() { ADD_KEYRING=$1 MASTER=$2 - + if [ ! -f "$ADD_KEYRING" ]; then echo "ERROR: '$ADD_KEYRING' not found" return @@ -72,12 +70,28 @@ add_keys_with_verify_against_master_keyring() { # all keys that are exported must have a valid signature # from a key in the $distro-master-keyring add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` + all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5` master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` + + # ensure there are no colisions LP: #857472 + for all_add_key in $all_add_keys; do + for master_key in $master_keys; do + if [ "$all_add_key" = "$master_key" ]; then + echo >&2 "Keyid collision for '$all_add_key' detected, operation aborted" + return 1 + fi + done + done + for add_key in $add_keys; do - ADDED=0 + # export the add keyring one-by-one + rm -f $TMP_KEYRING + $GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key + # check if signed with the master key and only add in this case + ADDED=0 for master_key in $master_keys; do - if $GPG_CMD --keyring $ADD_KEYRING --list-sigs --with-colons $add_key | grep ^sig | cut -d: -f5 | grep -q $master_key; then - $GPG_CMD --quiet --batch --keyring $ADD_KEYRING --export $add_key | $GPG --import + if $GPG_CMD --keyring $MASTER --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then + $GPG --import $TMP_KEYRING ADDED=1 fi done @@ -85,12 +99,16 @@ add_keys_with_verify_against_master_keyring() { echo >&2 "Key '$add_key' not added. It is not signed with a master key" fi done + rm -f $TMP_KEYRING } # update the current archive signing keyring from a network URI # the archive-keyring keys needs to be signed with the master key # (otherwise it does not make sense from a security POV) net_update() { + # Disabled for now as code is insecure (LP: #1013639 (and 857472, 1013128)) + exit 1 + if [ -z "$ARCHIVE_KEYRING_URI" ]; then echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set" exit 1 @@ -110,7 +128,7 @@ net_update() { if [ -e $keyring ]; then old_mtime=$(stat -c %Y $keyring) fi - (cd /var/lib/apt/keyrings; wget -q -N $ARCHIVE_KEYRING_URI) + (cd /var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI) if [ ! -e $keyring ]; then return fi -- cgit v1.2.3 From 5b2c6ddcc0e45c92c544032ad2bb91bdf7222d7c Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 30 Nov 2013 23:11:43 +0100 Subject: generate apt-key script with vendor info about keys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The apt-key script uses quiet a few keyring files for operation which are specific to the distribution it is build on and is hence one of the most patched parts – even if it is not that often used anymore now that a fragment directory for trusted.gpg exists. --- cmdline/apt-key | 354 ----------------------------------------------------- cmdline/apt-key.in | 354 +++++++++++++++++++++++++++++++++++++++++++++++++++++ cmdline/makefile | 8 ++ 3 files changed, 362 insertions(+), 354 deletions(-) delete mode 100755 cmdline/apt-key create mode 100644 cmdline/apt-key.in (limited to 'cmdline') diff --git a/cmdline/apt-key b/cmdline/apt-key deleted file mode 100755 index 64cf5a6f4..000000000 --- a/cmdline/apt-key +++ /dev/null @@ -1,354 +0,0 @@ -#!/bin/sh - -set -e -unset GREP_OPTIONS - -GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" - -# gpg needs a trustdb to function, but it can't be invalid (not even empty) -# so we create a temporary directory to store our fresh readable trustdb in -TRUSTDBDIR="$(mktemp -d)" -CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';" -trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM -chmod 700 "$TRUSTDBDIR" -# We also don't use a secret keyring, of course, but gpg panics and -# implodes if there isn't one available - and writeable for imports -SECRETKEYRING="${TRUSTDBDIR}/secring.gpg" -touch $SECRETKEYRING -GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING" -GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg" - -# now create the trustdb with an (empty) dummy keyring -$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING -# and make sure that gpg isn't trying to update the file -GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" - -GPG="$GPG_CMD" - -MASTER_KEYRING='' -eval $(apt-config shell MASTER_KEYRING APT::Key::MasterKeyring) -ARCHIVE_KEYRING='/usr/share/keyrings/debian-archive-keyring.gpg' -eval $(apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring) -REMOVED_KEYS='/usr/share/keyrings/debian-archive-removed-keys.gpg' -eval $(apt-config shell REMOVED_KEYS APT::Key::RemovedKeys) -ARCHIVE_KEYRING_URI='' -eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI) -TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg - -requires_root() { - if [ "$(id -u)" -ne 0 ]; then - echo >&1 "ERROR: This command can only be used by root." - exit 1 - fi -} - -# gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. -init_keyring() { - for path; do - if ! [ -e "$path" ]; then - touch -- "$path" - chmod 0644 -- "$path" - fi - done -} - -add_keys_with_verify_against_master_keyring() { - ADD_KEYRING=$1 - MASTER=$2 - - if [ ! -f "$ADD_KEYRING" ]; then - echo "ERROR: '$ADD_KEYRING' not found" - return - fi - if [ ! -f "$MASTER" ]; then - echo "ERROR: '$MASTER' not found" - return - fi - - # when adding new keys, make sure that the archive-master-keyring - # is honored. so: - # all keys that are exported must have a valid signature - # from a key in the $distro-master-keyring - add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` - all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5` - master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` - - # ensure there are no colisions LP: #857472 - for all_add_key in $all_add_keys; do - for master_key in $master_keys; do - if [ "$all_add_key" = "$master_key" ]; then - echo >&2 "Keyid collision for '$all_add_key' detected, operation aborted" - return 1 - fi - done - done - - for add_key in $add_keys; do - # export the add keyring one-by-one - rm -f $TMP_KEYRING - $GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key - # check if signed with the master key and only add in this case - ADDED=0 - for master_key in $master_keys; do - if $GPG_CMD --keyring $MASTER --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then - $GPG --import $TMP_KEYRING - ADDED=1 - fi - done - if [ $ADDED = 0 ]; then - echo >&2 "Key '$add_key' not added. It is not signed with a master key" - fi - done - rm -f $TMP_KEYRING -} - -# update the current archive signing keyring from a network URI -# the archive-keyring keys needs to be signed with the master key -# (otherwise it does not make sense from a security POV) -net_update() { - # Disabled for now as code is insecure (LP: #1013639 (and 857472, 1013128)) - exit 1 - - if [ -z "$ARCHIVE_KEYRING_URI" ]; then - echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set" - exit 1 - fi - requires_root - # in theory we would need to depend on wget for this, but this feature - # isn't useable in debian anyway as we have no keyring uri nor a master key - if ! which wget >/dev/null 2>&1; then - echo >&2 "ERROR: an installed wget is required for a network-based update" - exit 1 - fi - if [ ! -d /var/lib/apt/keyrings ]; then - mkdir -p /var/lib/apt/keyrings - fi - keyring=/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING) - old_mtime=0 - if [ -e $keyring ]; then - old_mtime=$(stat -c %Y $keyring) - fi - (cd /var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI) - if [ ! -e $keyring ]; then - return - fi - new_mtime=$(stat -c %Y $keyring) - if [ $new_mtime -ne $old_mtime ]; then - echo "Checking for new archive signing keys now" - add_keys_with_verify_against_master_keyring $keyring $MASTER_KEYRING - fi -} - -update() { - if [ ! -f $ARCHIVE_KEYRING ]; then - echo >&2 "ERROR: Can't find the archive-keyring" - echo >&2 "Is the debian-archive-keyring package installed?" - exit 1 - fi - requires_root - - # add new keys from the package; - - # we do not use add_keys_with_verify_against_master_keyring here, - # because "update" is run on regular package updates. A - # attacker might as well replace the master-archive-keyring file - # in the package and add his own keys. so this check wouldn't - # add any security. we *need* this check on net-update though - $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import - - if [ -r "$REMOVED_KEYS" ]; then - # remove no-longer supported/used keys - keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys | grep ^pub | cut -d: -f5` - for key in $keys; do - if $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5 | grep -q $key; then - $GPG --quiet --batch --delete-key --yes ${key} - fi - done - else - echo "Warning: removed keys keyring $REMOVED_KEYS missing or not readable" >&2 - fi -} - -remove_key_from_keyring() { - local GPG="$GPG_CMD --keyring $1" - # check if the key is in this keyring: the key id is in the 5 column at the end - if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+$2:"; then - return - fi - if [ ! -w "$1" ]; then - echo >&2 "Key ${2} is in keyring ${1}, but can't be removed as it is read only." - return - fi - # check if it is the only key in the keyring and if so remove the keyring alltogether - if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then - mv -f "$1" "${1}~" # behave like gpg - return - fi - # we can't just modify pointed to files as these might be in /usr or something - local REALTARGET - if [ -L "$1" ]; then - REALTARGET="$(readlink -f "$1")" - mv -f "$1" "${1}.dpkg-tmp" - cp -a "$REALTARGET" "$1" - ls "$(dirname $1)" - fi - # delete the key from the keyring - $GPG --batch --delete-key --yes "$2" - if [ -n "$REALTARGET" ]; then - # the real backup is the old link, not the copy we made - mv -f "${1}.dpkg-tmp" "${1}~" - fi -} - -remove_key() { - requires_root - - # if a --keyring was given, just remove from there - if [ -n "$FORCED_KEYRING" ]; then - remove_key_from_keyring "$FORCED_KEYRING" "$1" - else - # otherwise all known keyrings are up for inspection - local TRUSTEDFILE="/etc/apt/trusted.gpg" - eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) - eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) - remove_key_from_keyring "$TRUSTEDFILE" "$1" - TRUSTEDPARTS="/etc/apt/trusted.gpg.d" - eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) - if [ -d "$TRUSTEDPARTS" ]; then - for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do - remove_key_from_keyring "$trusted" "$1" - done - fi - fi - echo "OK" -} - - -usage() { - echo "Usage: apt-key [--keyring file] [command] [arguments]" - echo - echo "Manage apt's list of trusted keys" - echo - echo " apt-key add - add the key contained in ('-' for stdin)" - echo " apt-key del - remove the key " - echo " apt-key export - output the key " - echo " apt-key exportall - output all trusted keys" - echo " apt-key update - update keys using the keyring package" - echo " apt-key net-update - update keys using the network" - echo " apt-key list - list keys" - echo " apt-key finger - list fingerprints" - echo " apt-key adv - pass advanced options to gpg (download key)" - echo - echo "If no specific keyring file is given the command applies to all keyring files." -} - -while [ -n "$1" ]; do - case "$1" in - --keyring) - shift - TRUSTEDFILE="$1" - FORCED_KEYRING="$1" - if [ -r "$TRUSTEDFILE" ] || [ "$2" = 'add' ] || [ "$2" = 'adv' ]; then - GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE" - else - echo >&2 "Error: The specified keyring »$TRUSTEDFILE« is missing or not readable" - exit 1 - fi - shift - ;; - --fakeroot) - requires_root() { true; } - shift - ;; - --*) - echo >&2 "Unknown option: $1" - usage - exit 1;; - *) - break;; - esac -done - -if [ -z "$TRUSTEDFILE" ]; then - TRUSTEDFILE="/etc/apt/trusted.gpg" - eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) - eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) - if [ -r "$TRUSTEDFILE" ]; then - GPG="$GPG --keyring $TRUSTEDFILE" - fi - GPG="$GPG --primary-keyring $TRUSTEDFILE" - TRUSTEDPARTS="/etc/apt/trusted.gpg.d" - eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) - if [ -d "$TRUSTEDPARTS" ]; then - # strip / suffix as gpg will double-slash in that case (#665411) - STRIPPED_TRUSTEDPARTS="${TRUSTEDPARTS%/}" - if [ "${STRIPPED_TRUSTEDPARTS}/" = "$TRUSTEDPARTS" ]; then - TRUSTEDPARTS="$STRIPPED_TRUSTEDPARTS" - fi - for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do - GPG="$GPG --keyring $trusted" - done - fi -fi - -command="$1" -if [ -z "$command" ]; then - usage - exit 1 -fi -shift - -if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then - echo >&2 "Warning: gnupg does not seem to be installed." - echo >&2 "Warning: apt-key requires gnupg for most operations." - echo >&2 -fi - -case "$command" in - add) - requires_root - init_keyring "$TRUSTEDFILE" - $GPG --quiet --batch --import "$1" - echo "OK" - ;; - del|rm|remove) - init_keyring "$TRUSTEDFILE" - remove_key "$1" - ;; - update) - init_keyring "$TRUSTEDFILE" - update - ;; - net-update) - init_keyring "$TRUSTEDFILE" - net_update - ;; - list) - init_keyring "$TRUSTEDFILE" - $GPG --batch --list-keys - ;; - finger*) - init_keyring "$TRUSTEDFILE" - $GPG --batch --fingerprint - ;; - export) - init_keyring "$TRUSTEDFILE" - $GPG --armor --export "$1" - ;; - exportall) - init_keyring "$TRUSTEDFILE" - $GPG --armor --export - ;; - adv*) - init_keyring "$TRUSTEDFILE" - echo "Executing: $GPG $*" - $GPG $* - ;; - help) - usage - ;; - *) - usage - exit 1 - ;; -esac diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in new file mode 100644 index 000000000..779872b4c --- /dev/null +++ b/cmdline/apt-key.in @@ -0,0 +1,354 @@ +#!/bin/sh + +set -e +unset GREP_OPTIONS + +GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" + +# gpg needs a trustdb to function, but it can't be invalid (not even empty) +# so we create a temporary directory to store our fresh readable trustdb in +TRUSTDBDIR="$(mktemp -d)" +CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';" +trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM +chmod 700 "$TRUSTDBDIR" +# We also don't use a secret keyring, of course, but gpg panics and +# implodes if there isn't one available - and writeable for imports +SECRETKEYRING="${TRUSTDBDIR}/secring.gpg" +touch $SECRETKEYRING +GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING" +GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg" + +# now create the trustdb with an (empty) dummy keyring +$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING +# and make sure that gpg isn't trying to update the file +GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" + +GPG="$GPG_CMD" + +MASTER_KEYRING='&keyring-master-filename;' +eval $(apt-config shell MASTER_KEYRING APT::Key::MasterKeyring) +ARCHIVE_KEYRING='&keyring-filename;' +eval $(apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring) +REMOVED_KEYS='&keyring-removed-filename;' +eval $(apt-config shell REMOVED_KEYS APT::Key::RemovedKeys) +ARCHIVE_KEYRING_URI='&keyring-uri;' +eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI) +TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg + +requires_root() { + if [ "$(id -u)" -ne 0 ]; then + echo >&1 "ERROR: This command can only be used by root." + exit 1 + fi +} + +# gpg defaults to mode 0600 for new keyrings. Create one with 0644 instead. +init_keyring() { + for path; do + if ! [ -e "$path" ]; then + touch -- "$path" + chmod 0644 -- "$path" + fi + done +} + +add_keys_with_verify_against_master_keyring() { + ADD_KEYRING=$1 + MASTER=$2 + + if [ ! -f "$ADD_KEYRING" ]; then + echo "ERROR: '$ADD_KEYRING' not found" + return + fi + if [ ! -f "$MASTER" ]; then + echo "ERROR: '$MASTER' not found" + return + fi + + # when adding new keys, make sure that the archive-master-keyring + # is honored. so: + # all keys that are exported must have a valid signature + # from a key in the $distro-master-keyring + add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^pub | cut -d: -f5` + all_add_keys=`$GPG_CMD --keyring $ADD_KEYRING --with-colons --list-keys | grep ^[ps]ub | cut -d: -f5` + master_keys=`$GPG_CMD --keyring $MASTER --with-colons --list-keys | grep ^pub | cut -d: -f5` + + # ensure there are no colisions LP: #857472 + for all_add_key in $all_add_keys; do + for master_key in $master_keys; do + if [ "$all_add_key" = "$master_key" ]; then + echo >&2 "Keyid collision for '$all_add_key' detected, operation aborted" + return 1 + fi + done + done + + for add_key in $add_keys; do + # export the add keyring one-by-one + rm -f $TMP_KEYRING + $GPG_CMD --keyring $ADD_KEYRING --output $TMP_KEYRING --export $add_key + # check if signed with the master key and only add in this case + ADDED=0 + for master_key in $master_keys; do + if $GPG_CMD --keyring $MASTER --keyring $TMP_KEYRING --check-sigs --with-colons $add_key | grep '^sig:!:' | cut -d: -f5 | grep -q $master_key; then + $GPG --import $TMP_KEYRING + ADDED=1 + fi + done + if [ $ADDED = 0 ]; then + echo >&2 "Key '$add_key' not added. It is not signed with a master key" + fi + done + rm -f $TMP_KEYRING +} + +# update the current archive signing keyring from a network URI +# the archive-keyring keys needs to be signed with the master key +# (otherwise it does not make sense from a security POV) +net_update() { + # Disabled for now as code is insecure (LP: #1013639 (and 857472, 1013128)) + exit 1 + + if [ -z "$ARCHIVE_KEYRING_URI" ]; then + echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set" + exit 1 + fi + requires_root + # in theory we would need to depend on wget for this, but this feature + # isn't useable in debian anyway as we have no keyring uri nor a master key + if ! which wget >/dev/null 2>&1; then + echo >&2 "ERROR: an installed wget is required for a network-based update" + exit 1 + fi + if [ ! -d /var/lib/apt/keyrings ]; then + mkdir -p /var/lib/apt/keyrings + fi + keyring=/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING) + old_mtime=0 + if [ -e $keyring ]; then + old_mtime=$(stat -c %Y $keyring) + fi + (cd /var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI) + if [ ! -e $keyring ]; then + return + fi + new_mtime=$(stat -c %Y $keyring) + if [ $new_mtime -ne $old_mtime ]; then + echo "Checking for new archive signing keys now" + add_keys_with_verify_against_master_keyring $keyring $MASTER_KEYRING + fi +} + +update() { + if [ ! -f $ARCHIVE_KEYRING ]; then + echo >&2 "ERROR: Can't find the archive-keyring" + echo >&2 "Is the &keyring-package; package installed?" + exit 1 + fi + requires_root + + # add new keys from the package; + + # we do not use add_keys_with_verify_against_master_keyring here, + # because "update" is run on regular package updates. A + # attacker might as well replace the master-archive-keyring file + # in the package and add his own keys. so this check wouldn't + # add any security. we *need* this check on net-update though + $GPG_CMD --quiet --batch --keyring $ARCHIVE_KEYRING --export | $GPG --import + + if [ -r "$REMOVED_KEYS" ]; then + # remove no-longer supported/used keys + keys=`$GPG_CMD --keyring $REMOVED_KEYS --with-colons --list-keys | grep ^pub | cut -d: -f5` + for key in $keys; do + if $GPG --list-keys --with-colons | grep ^pub | cut -d: -f5 | grep -q $key; then + $GPG --quiet --batch --delete-key --yes ${key} + fi + done + else + echo "Warning: removed keys keyring $REMOVED_KEYS missing or not readable" >&2 + fi +} + +remove_key_from_keyring() { + local GPG="$GPG_CMD --keyring $1" + # check if the key is in this keyring: the key id is in the 5 column at the end + if ! $GPG --with-colons --list-keys 2>&1 | grep -q "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+$2:"; then + return + fi + if [ ! -w "$1" ]; then + echo >&2 "Key ${2} is in keyring ${1}, but can't be removed as it is read only." + return + fi + # check if it is the only key in the keyring and if so remove the keyring alltogether + if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then + mv -f "$1" "${1}~" # behave like gpg + return + fi + # we can't just modify pointed to files as these might be in /usr or something + local REALTARGET + if [ -L "$1" ]; then + REALTARGET="$(readlink -f "$1")" + mv -f "$1" "${1}.dpkg-tmp" + cp -a "$REALTARGET" "$1" + ls "$(dirname $1)" + fi + # delete the key from the keyring + $GPG --batch --delete-key --yes "$2" + if [ -n "$REALTARGET" ]; then + # the real backup is the old link, not the copy we made + mv -f "${1}.dpkg-tmp" "${1}~" + fi +} + +remove_key() { + requires_root + + # if a --keyring was given, just remove from there + if [ -n "$FORCED_KEYRING" ]; then + remove_key_from_keyring "$FORCED_KEYRING" "$1" + else + # otherwise all known keyrings are up for inspection + local TRUSTEDFILE="/etc/apt/trusted.gpg" + eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) + eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) + remove_key_from_keyring "$TRUSTEDFILE" "$1" + TRUSTEDPARTS="/etc/apt/trusted.gpg.d" + eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) + if [ -d "$TRUSTEDPARTS" ]; then + for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do + remove_key_from_keyring "$trusted" "$1" + done + fi + fi + echo "OK" +} + + +usage() { + echo "Usage: apt-key [--keyring file] [command] [arguments]" + echo + echo "Manage apt's list of trusted keys" + echo + echo " apt-key add - add the key contained in ('-' for stdin)" + echo " apt-key del - remove the key " + echo " apt-key export - output the key " + echo " apt-key exportall - output all trusted keys" + echo " apt-key update - update keys using the keyring package" + echo " apt-key net-update - update keys using the network" + echo " apt-key list - list keys" + echo " apt-key finger - list fingerprints" + echo " apt-key adv - pass advanced options to gpg (download key)" + echo + echo "If no specific keyring file is given the command applies to all keyring files." +} + +while [ -n "$1" ]; do + case "$1" in + --keyring) + shift + TRUSTEDFILE="$1" + FORCED_KEYRING="$1" + if [ -r "$TRUSTEDFILE" ] || [ "$2" = 'add' ] || [ "$2" = 'adv' ]; then + GPG="$GPG --keyring $TRUSTEDFILE --primary-keyring $TRUSTEDFILE" + else + echo >&2 "Error: The specified keyring »$TRUSTEDFILE« is missing or not readable" + exit 1 + fi + shift + ;; + --fakeroot) + requires_root() { true; } + shift + ;; + --*) + echo >&2 "Unknown option: $1" + usage + exit 1;; + *) + break;; + esac +done + +if [ -z "$TRUSTEDFILE" ]; then + TRUSTEDFILE="/etc/apt/trusted.gpg" + eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) + eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) + if [ -r "$TRUSTEDFILE" ]; then + GPG="$GPG --keyring $TRUSTEDFILE" + fi + GPG="$GPG --primary-keyring $TRUSTEDFILE" + TRUSTEDPARTS="/etc/apt/trusted.gpg.d" + eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d) + if [ -d "$TRUSTEDPARTS" ]; then + # strip / suffix as gpg will double-slash in that case (#665411) + STRIPPED_TRUSTEDPARTS="${TRUSTEDPARTS%/}" + if [ "${STRIPPED_TRUSTEDPARTS}/" = "$TRUSTEDPARTS" ]; then + TRUSTEDPARTS="$STRIPPED_TRUSTEDPARTS" + fi + for trusted in $(run-parts --list "$TRUSTEDPARTS" --regex '^.*\.gpg$'); do + GPG="$GPG --keyring $trusted" + done + fi +fi + +command="$1" +if [ -z "$command" ]; then + usage + exit 1 +fi +shift + +if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then + echo >&2 "Warning: gnupg does not seem to be installed." + echo >&2 "Warning: apt-key requires gnupg for most operations." + echo >&2 +fi + +case "$command" in + add) + requires_root + init_keyring "$TRUSTEDFILE" + $GPG --quiet --batch --import "$1" + echo "OK" + ;; + del|rm|remove) + init_keyring "$TRUSTEDFILE" + remove_key "$1" + ;; + update) + init_keyring "$TRUSTEDFILE" + update + ;; + net-update) + init_keyring "$TRUSTEDFILE" + net_update + ;; + list) + init_keyring "$TRUSTEDFILE" + $GPG --batch --list-keys + ;; + finger*) + init_keyring "$TRUSTEDFILE" + $GPG --batch --fingerprint + ;; + export) + init_keyring "$TRUSTEDFILE" + $GPG --armor --export "$1" + ;; + exportall) + init_keyring "$TRUSTEDFILE" + $GPG --armor --export + ;; + adv*) + init_keyring "$TRUSTEDFILE" + echo "Executing: $GPG $*" + $GPG $* + ;; + help) + usage + ;; + *) + usage + exit 1 + ;; +esac diff --git a/cmdline/makefile b/cmdline/makefile index e77ad5669..06f170b6a 100644 --- a/cmdline/makefile +++ b/cmdline/makefile @@ -41,6 +41,14 @@ SOURCE = apt-cdrom.cc include $(PROGRAM_H) # The apt-key program +apt-key: apt-key.in + sed -e "s#&keyring-filename;#$(shell ../vendor/getinfo keyring-filename)#" \ + -e "s#&keyring-removed-filename;#$(shell ../vendor/getinfo keyring-removed-filename)#" \ + -e "s#&keyring-master-filename;#$(shell ../vendor/getinfo keyring-master-filename)#" \ + -e "s#&keyring-uri;#$(shell ../vendor/getinfo keyring-uri)#" \ + -e "s#&keyring-package;#$(shell ../vendor/getinfo keyring-package)#" $< > $@ + chmod 755 $@ + SOURCE=apt-key TO=$(BIN) TARGET=program -- cgit v1.2.3 From 7014e1482942d00b66eb30061b0cf5d2a7b3ebf3 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 5 Dec 2013 08:11:11 +0100 Subject: * enable release based selection for deb-src (closes: 731102) --- cmdline/apt-get.cc | 122 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 97 insertions(+), 25 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 912b2d609..7e59f3d67 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -50,6 +50,8 @@ #include #include #include +#include +#include #include #include @@ -61,6 +63,8 @@ #include #include +#include + #include #include @@ -130,22 +134,80 @@ bool TryToInstallBuildDep(pkgCache::PkgIterator Pkg,pkgCacheFile &Cache, return true; } /*}}}*/ + + +// helper that can go wit hthe next ABI break +#if (APT_PKG_MAJOR >= 4 && APT_PKG_MINOR < 13) +std::string MetaIndexFileNameOnDisk(metaIndex *metaindex) +{ + // FIXME: this cast is the horror, the horror + debReleaseIndex *r = (debReleaseIndex*)metaindex; + + // see if we have a InRelease file + std::string PathInRelease = r->MetaIndexFile("InRelease"); + if (FileExists(PathInRelease)) + return PathInRelease; + + // and if not return the normal one + if (FileExists(PathInRelease)) + return r->MetaIndexFile("Release"); + + return ""; +} +#endif + +// GetReleaseForSourceRecord - Return Suite for the given srcrecord /*{{{*/ +// --------------------------------------------------------------------- +/* */ +std::string GetReleaseForSourceRecord(pkgSourceList *SrcList, + pkgSrcRecords::Parser *Parse) +{ + // try to find release + const pkgIndexFile& CurrentIndexFile = Parse->Index(); + + for (pkgSourceList::const_iterator S = SrcList->begin(); + S != SrcList->end(); ++S) + { + vector *Indexes = (*S)->GetIndexFiles(); + for (vector::const_iterator IF = Indexes->begin(); + IF != Indexes->end(); ++IF) + { + if (&CurrentIndexFile == (*IF)) + { +#if (APT_PKG_MAJOR >= 4 && APT_PKG_MINOR < 13) + std::string path = MetaIndexFileNameOnDisk(*S); +#else + std::string path = (*S)->LocalFileName(); +#endif + if (path != "") + { + indexRecords records; + records.Load(path); + return records.GetSuite(); + } + } + } + } + return ""; +} + /*}}}*/ // FindSrc - Find a source record /*{{{*/ // --------------------------------------------------------------------- /* */ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, pkgSrcRecords &SrcRecs,string &Src, - pkgDepCache &Cache) + CacheFile &CacheFile) { string VerTag; - string DefRel = _config->Find("APT::Default-Release"); + string RelTag = _config->Find("APT::Default-Release"); string TmpSrc = Name; + pkgDepCache *Cache = CacheFile.GetDepCache(); // extract the version/release from the pkgname const size_t found = TmpSrc.find_last_of("/="); if (found != string::npos) { if (TmpSrc[found] == '/') - DefRel = TmpSrc.substr(found+1); + RelTag = TmpSrc.substr(found+1); else VerTag = TmpSrc.substr(found+1); TmpSrc = TmpSrc.substr(0,found); @@ -155,10 +217,10 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, install a version and determine the source package name, then look in the archive for a source package of the same name. */ bool MatchSrcOnly = _config->FindB("APT::Get::Only-Source"); - const pkgCache::PkgIterator Pkg = Cache.FindPkg(TmpSrc); + const pkgCache::PkgIterator Pkg = Cache->FindPkg(TmpSrc); if (MatchSrcOnly == false && Pkg.end() == false) { - if(VerTag.empty() == false || DefRel.empty() == false) + if(VerTag.empty() == false || RelTag.empty() == false) { bool fuzzy = false; // we have a default release, try to locate the pkg. we do it like @@ -180,7 +242,7 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, } // We match against a concrete version (or a part of this version) if (VerTag.empty() == false && - (fuzzy == true || Cache.VS().CmpVersion(VerTag, Ver.VerStr()) != 0) && // exact match + (fuzzy == true || Cache->VS().CmpVersion(VerTag, Ver.VerStr()) != 0) && // exact match (fuzzy == false || strncmp(VerTag.c_str(), Ver.VerStr(), VerTag.size()) != 0)) // fuzzy match continue; @@ -198,8 +260,8 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, // or we match against a release if(VerTag.empty() == false || - (VF.File().Archive() != 0 && VF.File().Archive() == DefRel) || - (VF.File().Codename() != 0 && VF.File().Codename() == DefRel)) + (VF.File().Archive() != 0 && VF.File().Archive() == RelTag) || + (VF.File().Codename() != 0 && VF.File().Codename() == RelTag)) { pkgRecords::Parser &Parse = Recs.Lookup(VF); Src = Parse.SourcePkg(); @@ -217,22 +279,14 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, if (Src.empty() == false) break; } - if (Src.empty() == true) - { - // Sources files have no codename information - if (VerTag.empty() == true && DefRel.empty() == false) - { - _error->Error(_("Ignore unavailable target release '%s' of package '%s'"), DefRel.c_str(), TmpSrc.c_str()); - return 0; - } - } } if (Src.empty() == true) { // if we don't have found a fitting package yet so we will // choose a good candidate and proceed with that. // Maybe we will find a source later on with the right VerTag - pkgCache::VerIterator Ver = Cache.GetCandidateVer(Pkg); + // or RelTag + pkgCache::VerIterator Ver = Cache->GetCandidateVer(Pkg); if (Ver.end() == false) { pkgRecords::Parser &Parse = Recs.Lookup(Ver.FileList()); @@ -244,7 +298,9 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, } if (Src.empty() == true) + { Src = TmpSrc; + } else { /* if we have a source pkg name, make sure to only search @@ -262,6 +318,7 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, pkgSrcRecords::Parser *Last = 0; unsigned long Offset = 0; string Version; + pkgSourceList *SrcList = CacheFile.GetSourceList(); /* Iterate over all of the hits, which includes the resulting binary packages in the search */ @@ -273,25 +330,40 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, { const string Ver = Parse->Version(); + // See if we need to look for a specific release tag + if (RelTag != "") + { + const string Rel = GetReleaseForSourceRecord(SrcList, Parse); + + if (Rel == RelTag) + { + ioprintf(c1out, "Selectied version '%s' (%s) for %s\n", + Ver.c_str(), RelTag.c_str(), Src.c_str()); + Last = Parse; + Offset = Parse->Offset(); + break; + } + } + // Ignore all versions which doesn't fit if (VerTag.empty() == false && - Cache.VS().CmpVersion(VerTag, Ver) != 0) // exact match + Cache->VS().CmpVersion(VerTag, Ver) != 0) // exact match continue; // Newer version or an exact match? Save the hit - if (Last == 0 || Cache.VS().CmpVersion(Version,Ver) < 0) { + if (Last == 0 || Cache->VS().CmpVersion(Version,Ver) < 0) { Last = Parse; Offset = Parse->Offset(); Version = Ver; } - // was the version check above an exact match? If so, we don't need to look further - if (VerTag.empty() == false && VerTag.size() == Ver.size()) + // was the version check above an exact match? + // If so, we don't need to look further + if (VerTag.empty() == false && (VerTag == Ver)) break; } if (Last != 0 || VerTag.empty() == true) break; - //if (VerTag.empty() == false && Last == 0) _error->Error(_("Ignore unavailable version '%s' of package '%s'"), VerTag.c_str(), TmpSrc.c_str()); return 0; } @@ -628,7 +700,7 @@ bool DoSource(CommandLine &CmdL) for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++) { string Src; - pkgSrcRecords::Parser *Last = FindSrc(*I,Recs,SrcRecs,Src,*Cache); + pkgSrcRecords::Parser *Last = FindSrc(*I,Recs,SrcRecs,Src,Cache); if (Last == 0) { delete[] Dsc; @@ -925,7 +997,7 @@ bool DoBuildDep(CommandLine &CmdL) for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++) { string Src; - pkgSrcRecords::Parser *Last = FindSrc(*I,Recs,SrcRecs,Src,*Cache); + pkgSrcRecords::Parser *Last = FindSrc(*I,Recs,SrcRecs,Src,Cache); if (Last == 0) return _error->Error(_("Unable to find a source package for %s"),Src.c_str()); -- cgit v1.2.3 From 651ae5ce5f376ae5274933c621a3b897ac5152a6 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 10 Dec 2013 16:35:44 +0100 Subject: if there is only deb-src pick higest version in deb-src release matching --- cmdline/apt-get.cc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 7e59f3d67..3853f94c2 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -337,11 +337,9 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, if (Rel == RelTag) { - ioprintf(c1out, "Selectied version '%s' (%s) for %s\n", - Ver.c_str(), RelTag.c_str(), Src.c_str()); Last = Parse; Offset = Parse->Offset(); - break; + Version = Ver; } } @@ -362,6 +360,10 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, if (VerTag.empty() == false && (VerTag == Ver)) break; } + if (Version != "" && RelTag != "") + ioprintf(c1out, "Selectied version '%s' (%s) for %s\n", + Version.c_str(), RelTag.c_str(), Src.c_str()); + if (Last != 0 || VerTag.empty() == true) break; _error->Error(_("Ignore unavailable version '%s' of package '%s'"), VerTag.c_str(), TmpSrc.c_str()); -- cgit v1.2.3 From bfa7bfc8e426f662ee5a5d0fcba3daeea23fe2ae Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 10 Dec 2013 17:02:30 +0100 Subject: fix typo --- cmdline/apt-get.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 3853f94c2..da04561c0 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -361,7 +361,7 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, break; } if (Version != "" && RelTag != "") - ioprintf(c1out, "Selectied version '%s' (%s) for %s\n", + ioprintf(c1out, "Selected version '%s' (%s) for %s\n", Version.c_str(), RelTag.c_str(), Src.c_str()); if (Last != 0 || VerTag.empty() == true) -- cgit v1.2.3 From 65dcff55dc5c9b47230d340a70c5067921eec4bf Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 10 Dec 2013 17:09:56 +0100 Subject: user-requested version tag gets precedence in apt-get source -t dist pkg=version requests --- cmdline/apt-get.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index da04561c0..581466326 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -198,7 +198,7 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, pkgSrcRecords &SrcRecs,string &Src, CacheFile &CacheFile) { - string VerTag; + string VerTag, UserRequestedVerTag; string RelTag = _config->Find("APT::Default-Release"); string TmpSrc = Name; pkgDepCache *Cache = CacheFile.GetDepCache(); @@ -209,7 +209,7 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, if (TmpSrc[found] == '/') RelTag = TmpSrc.substr(found+1); else - VerTag = TmpSrc.substr(found+1); + VerTag = UserRequestedVerTag = TmpSrc.substr(found+1); TmpSrc = TmpSrc.substr(0,found); } @@ -331,7 +331,7 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, const string Ver = Parse->Version(); // See if we need to look for a specific release tag - if (RelTag != "") + if (RelTag != "" && UserRequestedVerTag == "") { const string Rel = GetReleaseForSourceRecord(SrcList, Parse); @@ -360,7 +360,7 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, if (VerTag.empty() == false && (VerTag == Ver)) break; } - if (Version != "" && RelTag != "") + if (UserRequestedVerTag == "" && Version != "" && RelTag != "") ioprintf(c1out, "Selected version '%s' (%s) for %s\n", Version.c_str(), RelTag.c_str(), Src.c_str()); -- cgit v1.2.3 From adf379e7ad1900db6d3942ac7dca5cec4737d9a1 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 11 Dec 2013 08:21:04 +0100 Subject: add support for "apt-get source pkg:arch" --- cmdline/apt-get.cc | 60 +++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 50 insertions(+), 10 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 581466326..9cc5b4031 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -198,18 +198,31 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, pkgSrcRecords &SrcRecs,string &Src, CacheFile &CacheFile) { - string VerTag, UserRequestedVerTag; + string VerTag, UserRequestedVerTag; + string ArchTag = ""; string RelTag = _config->Find("APT::Default-Release"); string TmpSrc = Name; pkgDepCache *Cache = CacheFile.GetDepCache(); - // extract the version/release from the pkgname - const size_t found = TmpSrc.find_last_of("/="); - if (found != string::npos) { - if (TmpSrc[found] == '/') - RelTag = TmpSrc.substr(found+1); - else - VerTag = UserRequestedVerTag = TmpSrc.substr(found+1); + // extract release + size_t found = TmpSrc.find_last_of("/"); + if (found != string::npos) + { + RelTag = TmpSrc.substr(found+1); + TmpSrc = TmpSrc.substr(0,found); + } + // extract the version + found = TmpSrc.find_last_of("="); + if (found != string::npos) + { + VerTag = UserRequestedVerTag = TmpSrc.substr(found+1); + TmpSrc = TmpSrc.substr(0,found); + } + // extract arch + found = TmpSrc.find_last_of(":"); + if (found != string::npos) + { + ArchTag = TmpSrc.substr(found+1); TmpSrc = TmpSrc.substr(0,found); } @@ -217,10 +230,25 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, install a version and determine the source package name, then look in the archive for a source package of the same name. */ bool MatchSrcOnly = _config->FindB("APT::Get::Only-Source"); - const pkgCache::PkgIterator Pkg = Cache->FindPkg(TmpSrc); + pkgCache::PkgIterator Pkg; + if (ArchTag != "") + Pkg = Cache->FindPkg(TmpSrc, ArchTag); + else + Pkg = Cache->FindPkg(TmpSrc); + + // if we can't find a package but the user qualified with a arch, + // error out here + if (Pkg.end() && ArchTag != "") + { + Src = Name; + _error->Error(_("Can not find a package for architecture '%s'"), + ArchTag.c_str()); + return 0; + } + if (MatchSrcOnly == false && Pkg.end() == false) { - if(VerTag.empty() == false || RelTag.empty() == false) + if(VerTag != "" || RelTag != "" || ArchTag != "") { bool fuzzy = false; // we have a default release, try to locate the pkg. we do it like @@ -240,6 +268,17 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, if (Ver.end() == true) break; } + + // pick highest version for the arch unless the user wants + // something else + if (ArchTag != "" && VerTag == "" && RelTag == "") + { + if(Ver.Arch() != ArchTag) + continue; + if(Cache->VS().CmpVersion(VerTag, Ver.VerStr()) < 0) + VerTag = Ver.VerStr(); + } + // We match against a concrete version (or a part of this version) if (VerTag.empty() == false && (fuzzy == true || Cache->VS().CmpVersion(VerTag, Ver.VerStr()) != 0) && // exact match @@ -280,6 +319,7 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, break; } } + if (Src.empty() == true) { // if we don't have found a fitting package yet so we will -- cgit v1.2.3 From 37f45a579d4344c3ef6a044b12b992353e238301 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 11 Dec 2013 09:21:26 +0100 Subject: improve error message for apt-get source pkg:arch{=ver,/release} --- cmdline/apt-get.cc | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 9cc5b4031..c2b59a83c 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -269,15 +269,15 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, break; } + // ignore arches that are not for us + if (ArchTag != "" && Ver.Arch() != ArchTag) + continue; + // pick highest version for the arch unless the user wants // something else if (ArchTag != "" && VerTag == "" && RelTag == "") - { - if(Ver.Arch() != ArchTag) - continue; if(Cache->VS().CmpVersion(VerTag, Ver.VerStr()) < 0) VerTag = Ver.VerStr(); - } // We match against a concrete version (or a part of this version) if (VerTag.empty() == false && @@ -320,6 +320,16 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, } } + if (Src == "" && ArchTag != "") + { + _error->Error(_("Can not find a package '%s' with version '%s' and " + "release '%s'"), Pkg.FullName().c_str(), + VerTag.c_str(), RelTag.c_str()); + Src = Name; + return 0; + } + + if (Src.empty() == true) { // if we don't have found a fitting package yet so we will -- cgit v1.2.3 From c9829e0744ca678e105aa0af26b87588023d7536 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 11 Dec 2013 14:03:53 +0100 Subject: improve error message --- cmdline/apt-get.cc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index c2b59a83c..0b980cdf4 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -322,9 +322,12 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, if (Src == "" && ArchTag != "") { - _error->Error(_("Can not find a package '%s' with version '%s' and " - "release '%s'"), Pkg.FullName().c_str(), - VerTag.c_str(), RelTag.c_str()); + if (VerTag != "") + _error->Error(_("Can not find a package '%s' with version '%s'"), + Pkg.FullName().c_str(), VerTag.c_str()); + if (RelTag != "") + _error->Error(_("Can not find a package '%s' with release '%s'"), + Pkg.FullName().c_str(), RelTag.c_str()); Src = Name; return 0; } -- cgit v1.2.3 From 017d3f3b4b0da976b1d2ecfcd26251369c5aec88 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 12 Dec 2013 07:41:17 +0100 Subject: clarify error message when apt-get source=ver fails, print a real error message instead of "ignoring" --- cmdline/apt-get.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index c2b59a83c..6973901dc 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -416,7 +416,7 @@ pkgSrcRecords::Parser *FindSrc(const char *Name,pkgRecords &Recs, if (Last != 0 || VerTag.empty() == true) break; - _error->Error(_("Ignore unavailable version '%s' of package '%s'"), VerTag.c_str(), TmpSrc.c_str()); + _error->Error(_("Can not find version '%s' of package '%s'"), VerTag.c_str(), TmpSrc.c_str()); return 0; } -- cgit v1.2.3 From 5acf154d810a0225cc7d14637d101205e43ceba8 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 13 Dec 2013 14:37:14 +0100 Subject: make apt-key net-update actually testable --- cmdline/apt-key.in | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 779872b4c..c7d3ce8b5 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -25,6 +25,9 @@ GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" GPG="$GPG_CMD" +APT_DIR="/" +eval $(apt-config shell APT_DIR Dir) + MASTER_KEYRING='&keyring-master-filename;' eval $(apt-config shell MASTER_KEYRING APT::Key::MasterKeyring) ARCHIVE_KEYRING='&keyring-filename;' @@ -33,7 +36,7 @@ REMOVED_KEYS='&keyring-removed-filename;' eval $(apt-config shell REMOVED_KEYS APT::Key::RemovedKeys) ARCHIVE_KEYRING_URI='&keyring-uri;' eval $(apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI) -TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg +TMP_KEYRING=${APT_DIR}/var/lib/apt/keyrings/maybe-import-keyring.gpg requires_root() { if [ "$(id -u)" -ne 0 ]; then @@ -107,7 +110,11 @@ add_keys_with_verify_against_master_keyring() { # (otherwise it does not make sense from a security POV) net_update() { # Disabled for now as code is insecure (LP: #1013639 (and 857472, 1013128)) - exit 1 + APT_KEY_NET_UPDATE_ENABLED="" + eval $(apt-config shell APT_KEY_NET_UPDATE_ENABLED APT::Key::Net-Update-Enabled) + if [ -z "$APT_KEY_NET_UPDATE_ENABLED" ]; then + exit 1 + fi if [ -z "$ARCHIVE_KEYRING_URI" ]; then echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set" @@ -120,15 +127,15 @@ net_update() { echo >&2 "ERROR: an installed wget is required for a network-based update" exit 1 fi - if [ ! -d /var/lib/apt/keyrings ]; then - mkdir -p /var/lib/apt/keyrings + if [ ! -d ${APT_DIR}/var/lib/apt/keyrings ]; then + mkdir -p ${APT_DIR}/var/lib/apt/keyrings fi - keyring=/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING) + keyring=${APT_DIR}/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING) old_mtime=0 if [ -e $keyring ]; then old_mtime=$(stat -c %Y $keyring) fi - (cd /var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI) + (cd ${APT_DIR}/var/lib/apt/keyrings; wget --timeout=90 -q -N $ARCHIVE_KEYRING_URI) if [ ! -e $keyring ]; then return fi -- cgit v1.2.3 From e5543ea5a236426dd33e74e427e8485a030a2540 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 19 Dec 2013 16:43:50 +0100 Subject: fix apt-key net-update test to use the buildin webserver --- cmdline/apt-key.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cmdline') diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index c7d3ce8b5..463e4b4b4 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -130,7 +130,7 @@ net_update() { if [ ! -d ${APT_DIR}/var/lib/apt/keyrings ]; then mkdir -p ${APT_DIR}/var/lib/apt/keyrings fi - keyring=${APT_DIR}/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING) + keyring=${APT_DIR}/var/lib/apt/keyrings/$(basename $ARCHIVE_KEYRING_URI) old_mtime=0 if [ -e $keyring ]; then old_mtime=$(stat -c %Y $keyring) -- cgit v1.2.3 From 68e0172140872d8044b3c768a6bea3ac58d426c4 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sun, 22 Dec 2013 22:15:52 +0100 Subject: factor GetTempDir out --- cmdline/apt-extracttemplates.cc | 11 +++-------- cmdline/apt-get.cc | 10 ++++------ 2 files changed, 7 insertions(+), 14 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-extracttemplates.cc b/cmdline/apt-extracttemplates.cc index 8fe15fdf9..8e1937113 100644 --- a/cmdline/apt-extracttemplates.cc +++ b/cmdline/apt-extracttemplates.cc @@ -47,8 +47,6 @@ using namespace std; -#define TMPDIR "/tmp" - pkgCache *DebFile::Cache = 0; // DebFile::DebFile - Construct the DebFile object /*{{{*/ @@ -253,14 +251,11 @@ string WriteFile(const char *package, const char *prefix, const char *data) { char fn[512]; static int i; - const char *tempdir = NULL; - - tempdir = getenv("TMPDIR"); - if (tempdir == NULL) - tempdir = TMPDIR; + std::string tempdir = GetTempDir(); snprintf(fn, sizeof(fn), "%s/%s.%s.%u%d", - _config->Find("APT::ExtractTemplates::TempDir", tempdir).c_str(), + _config->Find("APT::ExtractTemplates::TempDir", + tempdir.c_str()).c_str(), package, prefix, getpid(), i++); FileFd f; if (data == NULL) diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 730d3ea18..8a0772ce2 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -1536,14 +1536,12 @@ bool DoChangelog(CommandLine &CmdL) bool const downOnly = _config->FindB("APT::Get::Download-Only", false); char tmpname[100]; - char* tmpdir = NULL; + const char* tmpdir = NULL; if (downOnly == false) { - const char* const tmpDir = getenv("TMPDIR"); - if (tmpDir != NULL && *tmpDir != '\0') - snprintf(tmpname, sizeof(tmpname), "%s/apt-changelog-XXXXXX", tmpDir); - else - strncpy(tmpname, "/tmp/apt-changelog-XXXXXX", sizeof(tmpname)); + std::string systemTemp = GetTempDir(); + snprintf(tmpname, sizeof(tmpname), "%s/apt-changelog-XXXXXX", + systemTemp.c_str()); tmpdir = mkdtemp(tmpname); if (tmpdir == NULL) return _error->Errno("mkdtemp", "mkdtemp failed"); -- cgit v1.2.3 From 5fd25d678f51cfa013643efe3429eb08b9504058 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 16 Jan 2014 23:00:27 +0100 Subject: use gpg --homedir instead of explicit file placement Avoids that gpg gets the idea it could use files from the user which weren't overridden specifically like secret keyring and trustdb as before. --- cmdline/apt-key.in | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 463e4b4b4..0ced500db 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -5,22 +5,23 @@ unset GREP_OPTIONS GPG_CMD="gpg --ignore-time-conflict --no-options --no-default-keyring" -# gpg needs a trustdb to function, but it can't be invalid (not even empty) -# so we create a temporary directory to store our fresh readable trustdb in -TRUSTDBDIR="$(mktemp -d)" -CURRENTTRAP="${CURRENTTRAP} rm -rf '${TRUSTDBDIR}';" +# gpg needs (in different versions more or less) files to function correctly, +# so we give it its own homedir and generate some valid content for it +GPGHOMEDIR="$(mktemp -d)" +CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';" trap "${CURRENTTRAP}" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM -chmod 700 "$TRUSTDBDIR" -# We also don't use a secret keyring, of course, but gpg panics and +chmod 700 "$GPGHOMEDIR" +# We don't use a secret keyring, of course, but gpg panics and # implodes if there isn't one available - and writeable for imports -SECRETKEYRING="${TRUSTDBDIR}/secring.gpg" +SECRETKEYRING="${GPGHOMEDIR}/secring.gpg" touch $SECRETKEYRING -GPG_CMD="$GPG_CMD --secret-keyring $SECRETKEYRING" -GPG_CMD="$GPG_CMD --trustdb-name ${TRUSTDBDIR}/trustdb.gpg" - -# now create the trustdb with an (empty) dummy keyring -$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING -# and make sure that gpg isn't trying to update the file +GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR" +# create the trustdb with an (empty) dummy keyring +# older gpgs required it, newer gpgs even warn that it isn't needed, +# but require it nontheless for some commands, so we just play safe +# here for the foreseeable future and create a dummy one +$GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1 +# tell gpg that it shouldn't try to maintain a trustdb file GPG_CMD="$GPG_CMD --no-auto-check-trustdb --trust-model always" GPG="$GPG_CMD" -- cgit v1.2.3 From 82e7f817a434e29df9ec6fbf19acfd8e7cd890e5 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 17 Jan 2014 07:48:43 +0100 Subject: add apt upgrade --dist --- cmdline/apt.cc | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'cmdline') diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 4bcae0aba..4dc826632 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -86,6 +86,15 @@ bool ShowHelp(CommandLine &CmdL) return true; } +// figure out what kind of upgrade the user wants +bool DoAptUpgrade(CommandLine &CmdL) +{ + if (_config->FindB("Apt::Cmd::Dist-Upgrade")) + return DoDistUpgrade(CmdL); + else + return DoUpgradeWithAllowNewPackages(CmdL); +} + int main(int argc, const char *argv[]) /*{{{*/ { CommandLine::Dispatch Cmds[] = {{"list",&List}, @@ -95,7 +104,7 @@ int main(int argc, const char *argv[]) /*{{{*/ {"install",&DoInstall}, {"remove", &DoInstall}, {"update",&DoUpdate}, - {"upgrade",&DoUpgradeWithAllowNewPackages}, + {"upgrade",&DoAptUpgrade}, // misc {"edit-sources",&EditSources}, // helper -- cgit v1.2.3 From b7159ec8835e61ea3069213d9188be91c109e32c Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 17 Jan 2014 07:52:22 +0100 Subject: reword !isatty() warning --- cmdline/apt.cc | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 4dc826632..2d3966e86 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -117,10 +117,9 @@ int main(int argc, const char *argv[]) /*{{{*/ if(!isatty(1)) { std::cerr << std::endl - << "WARNING WARNING " - << argv[0] - << " is *NOT* intended for scripts " - << "use at your own peril^Wrisk" + << "WARNING: " << argv[0] << " " + << "does not have a stable CLI interface yet. " + << "Use with caution in scripts." << std::endl << std::endl; } -- cgit v1.2.3 From 1410955589dc9f0eaa290907cac070b7ebf93b6a Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 17 Jan 2014 08:43:14 +0100 Subject: add missing integration test for "apt list" --- cmdline/apt.cc | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 2d3966e86..8dc4c292a 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -114,16 +114,6 @@ int main(int argc, const char *argv[]) /*{{{*/ std::vector Args = getCommandArgs("apt", CommandLine::GetCommand(Cmds, argc, argv)); - if(!isatty(1)) - { - std::cerr << std::endl - << "WARNING: " << argv[0] << " " - << "does not have a stable CLI interface yet. " - << "Use with caution in scripts." - << std::endl - << std::endl; - } - InitOutput(); // Set up gettext support @@ -149,6 +139,19 @@ int main(int argc, const char *argv[]) /*{{{*/ return 100; } + if(!isatty(STDOUT_FILENO) && + _config->FindB("Apt::Cmd::Disable-Script-Warning", false) == false) + { + std::cerr << std::endl + << "WARNING: " << argv[0] << " " + << "does not have a stable CLI interface yet. " + << "Use with caution in scripts." + << std::endl + << std::endl; + } + if (!isatty(STDOUT_FILENO) && _config->FindI("quiet", -1) == -1) + _config->Set("quiet","1"); + // See if the help should be shown if (_config->FindB("help") == true || _config->FindB("version") == true || -- cgit v1.2.3 From 8a59cc322ac57c6662949e957611ed718a5f5119 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 17 Jan 2014 21:38:23 +0100 Subject: add purge to the apt cmdline --- cmdline/apt.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'cmdline') diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 8dc4c292a..61d5d938a 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -71,13 +71,16 @@ bool ShowHelp(CommandLine &CmdL) _("Usage: apt [options] command\n" "\n" "CLI for apt.\n" - "Commands: \n" + "Basic commands: \n" " list - list packages based on package names\n" " search - search in package descriptions\n" " show - show package details\n" "\n" " update - update list of available packages\n" + "\n" " install - install packages\n" + " remove - remove packages\n" + "\n" " upgrade - upgrade the systems packages\n" "\n" " edit-sources - edit the source information file\n" @@ -103,6 +106,7 @@ int main(int argc, const char *argv[]) /*{{{*/ // needs root {"install",&DoInstall}, {"remove", &DoInstall}, + {"purge", &DoInstall}, {"update",&DoUpdate}, {"upgrade",&DoAptUpgrade}, // misc -- cgit v1.2.3 From 6d73fe5be080e66a4f6ff2b250ed1957ae7ac063 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 22 Jan 2014 16:41:00 +0100 Subject: add test for apt show --- cmdline/apt.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'cmdline') diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 61d5d938a..07ade6b7c 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -103,10 +103,11 @@ int main(int argc, const char *argv[]) /*{{{*/ CommandLine::Dispatch Cmds[] = {{"list",&List}, {"search", &FullTextSearch}, {"show", &APT::Cmd::ShowPackage}, - // needs root + // package stuff {"install",&DoInstall}, {"remove", &DoInstall}, {"purge", &DoInstall}, + // system wide stuff {"update",&DoUpdate}, {"upgrade",&DoAptUpgrade}, // misc -- cgit v1.2.3 From 59e81cec3e2277e367f14f113168421909c42035 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 24 Jan 2014 20:33:02 +0100 Subject: add "apt full-upgrade" and tweak "apt upgrade" There is a new "apt full-upgrade" that performs a apt-get dist-upgrade. "apt dist-upgrade" is still supported as a alias. The "apt upgrade" code is changed so that it mirrors the behavior of "apt-get upgrade --with-new-pkgs" and also honors "apt uprade --no-new-pkgs". --- cmdline/apt-get.cc | 8 -------- cmdline/apt.cc | 32 +++++++++++++++++--------------- 2 files changed, 17 insertions(+), 23 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 8a0772ce2..da7d28a1e 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -1677,14 +1677,6 @@ void SigWinch(int) if (ioctl(1, TIOCGWINSZ, &ws) != -1 && ws.ws_col >= 5) ScreenWidth = ws.ws_col - 1; #endif -} - /*}}}*/ -bool DoUpgrade(CommandLine &CmdL) /*{{{*/ -{ - if (_config->FindB("APT::Get::Upgrade-Allow-New", false) == true) - return DoUpgradeWithAllowNewPackages(CmdL); - else - return DoUpgradeNoNewPackages(CmdL); } /*}}}*/ int main(int argc,const char *argv[]) /*{{{*/ diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 07ade6b7c..6fe25e3f3 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -81,7 +81,8 @@ bool ShowHelp(CommandLine &CmdL) " install - install packages\n" " remove - remove packages\n" "\n" - " upgrade - upgrade the systems packages\n" + " upgrade - upgrade the system by installing/upgrading packages\n" + "full-upgrade - upgrade the system by removing/installing/upgrading packages\n" "\n" " edit-sources - edit the source information file\n" ); @@ -89,29 +90,29 @@ bool ShowHelp(CommandLine &CmdL) return true; } -// figure out what kind of upgrade the user wants -bool DoAptUpgrade(CommandLine &CmdL) -{ - if (_config->FindB("Apt::Cmd::Dist-Upgrade")) - return DoDistUpgrade(CmdL); - else - return DoUpgradeWithAllowNewPackages(CmdL); -} - int main(int argc, const char *argv[]) /*{{{*/ { - CommandLine::Dispatch Cmds[] = {{"list",&List}, + CommandLine::Dispatch Cmds[] = { + // query + {"list",&List}, {"search", &FullTextSearch}, {"show", &APT::Cmd::ShowPackage}, + // package stuff {"install",&DoInstall}, {"remove", &DoInstall}, {"purge", &DoInstall}, + // system wide stuff {"update",&DoUpdate}, - {"upgrade",&DoAptUpgrade}, + {"upgrade",&DoUpgrade}, + {"full-upgrade",&DoDistUpgrade}, + // for compat with muscle memory + {"dist-upgrade",&DoDistUpgrade}, + // misc {"edit-sources",&EditSources}, + // helper {"moo",&DoMoo}, {"help",&ShowHelp}, @@ -131,9 +132,10 @@ int main(int argc, const char *argv[]) /*{{{*/ return 100; } - // FIXME: move into a new libprivate/private-install.cc:Install() - _config->Set("DPkgPM::Progress", "1"); - _config->Set("Apt::Color", "1"); + // some different defaults + _config->CndSet("DPkgPM::Progress", "1"); + _config->CndSet("Apt::Color", "1"); + _config->CndSet("APT::Get::Upgrade-Allow-New", true); // Parse the command line and initialize the package library CommandLine CmdL(Args.data(), _config); -- cgit v1.2.3 From 1aef66d5e150c608276fabdf1c2d2aaca9c45b7f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 24 Jan 2014 22:59:36 +0100 Subject: apt-mark help shows all commands now --- cmdline/apt-mark.cc | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'cmdline') diff --git a/cmdline/apt-mark.cc b/cmdline/apt-mark.cc index ebb1f9892..d3a3a780b 100644 --- a/cmdline/apt-mark.cc +++ b/cmdline/apt-mark.cc @@ -386,6 +386,11 @@ bool ShowHelp(CommandLine &CmdL) "Commands:\n" " auto - Mark the given packages as automatically installed\n" " manual - Mark the given packages as manually installed\n" + " hold - Mark a package as held back\n" + " unhold - Unset a package set as held back\n" + " showauto - Print the list of automatically installed packages\n" + " showmanual - Print the list of manually installed packages\n" + " showhold - Print the list of package on hold\n" "\n" "Options:\n" " -h This help text.\n" -- cgit v1.2.3 From 6ae22905f66064f46c0abf05d269e47869c664be Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 29 Jan 2014 10:37:17 +0100 Subject: fix apt-get download truncation (closes: #736962) --- cmdline/apt-get.cc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index da7d28a1e..6bff6e7de 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -678,14 +678,17 @@ bool DoDownload(CommandLine &CmdL) // copy files in local sources to the current directory for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I != Fetcher.ItemsEnd(); ++I) - if ((*I)->Local == true && (*I)->Status == pkgAcquire::Item::StatDone) + { + std::string const filename = cwd + flNotDir((*I)->DestFile); + if ((*I)->Local == true && + filename != (*I)->DestFile && + (*I)->Status == pkgAcquire::Item::StatDone) { - std::string const filename = cwd + flNotDir((*I)->DestFile); std::ifstream src((*I)->DestFile.c_str(), std::ios::binary); std::ofstream dst(filename.c_str(), std::ios::binary); dst << src.rdbuf(); } - + } return Failed == false; } /*}}}*/ -- cgit v1.2.3 From 33b813ce44c7bafeb2a36b66fd004f8d94a2cbe4 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 5 Feb 2014 17:35:33 +0100 Subject: move isatty() check into InitOutput() --- cmdline/apt-get.cc | 4 ---- cmdline/apt.cc | 2 -- 2 files changed, 6 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 6bff6e7de..1019ff325 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -1736,10 +1736,6 @@ int main(int argc,const char *argv[]) /*{{{*/ // see if we are in simulate mode CheckSimulateMode(CmdL); - // Deal with stdout not being a tty - if (!isatty(STDOUT_FILENO) && _config->FindI("quiet", -1) == -1) - _config->Set("quiet","1"); - // Setup the output streams InitOutput(); diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 6fe25e3f3..6ad470faa 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -156,8 +156,6 @@ int main(int argc, const char *argv[]) /*{{{*/ << std::endl << std::endl; } - if (!isatty(STDOUT_FILENO) && _config->FindI("quiet", -1) == -1) - _config->Set("quiet","1"); // See if the help should be shown if (_config->FindB("help") == true || -- cgit v1.2.3 From e209542632e61b9bf07b809c333f1e4b9de7fde9 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 10 Feb 2014 18:06:28 +0100 Subject: use VersionSet in download to handle repeats Closes: 738103 --- cmdline/apt-get.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 6bff6e7de..2a9964722 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -630,8 +630,8 @@ bool DoDownload(CommandLine &CmdL) return false; APT::CacheSetHelper helper(c0out); - APT::VersionList verset = APT::VersionList::FromCommandLine(Cache, - CmdL.FileList + 1, APT::VersionList::CANDIDATE, helper); + APT::VersionSet verset = APT::VersionSet::FromCommandLine(Cache, + CmdL.FileList + 1, APT::VersionSet::CANDIDATE, helper); if (verset.empty() == true) return false; @@ -650,7 +650,7 @@ bool DoDownload(CommandLine &CmdL) std::string const cwd = SafeGetCWD(); _config->Set("Dir::Cache::Archives", cwd); int i = 0; - for (APT::VersionList::const_iterator Ver = verset.begin(); + for (APT::VersionSet::const_iterator Ver = verset.begin(); Ver != verset.end(); ++Ver, ++i) { pkgAcquire::Item *I = new pkgAcqArchive(&Fetcher, SrcList, &Recs, *Ver, storefile[i]); -- cgit v1.2.3 From 62dcbf84c4aee8cb01e40c594d4c7f3a23b64836 Mon Sep 17 00:00:00 2001 From: John Ogness Date: Fri, 13 Dec 2013 20:59:31 +0100 Subject: apt-cdrom should succeed if any drive succeeds If there are multiple CD-ROM drives, `apt-cdrom add` will abort with an error if any of the drives do not contain a Debian CD which is against the documentation we have saying "a CD-ROM" and also scripts do not expect it this way. This patch modifies apt-cdrom to return success if any of the drives succeeded. If failures occur, apt-cdrom will still continue trying all the drives and report the last failure (if none of them succeeded). The 'ident' command was also changed to match the new 'add' behavior. Closes: 728153 --- cmdline/apt-cdrom.cc | 76 ++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 59 insertions(+), 17 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-cdrom.cc b/cmdline/apt-cdrom.cc index 17a60ddcb..20c6e8892 100644 --- a/cmdline/apt-cdrom.cc +++ b/cmdline/apt-cdrom.cc @@ -111,10 +111,12 @@ OpProgress* pkgCdromTextStatus::GetOpProgress() }; /*}}}*/ // SetupAutoDetect /*{{{*/ -bool AutoDetectCdrom(pkgUdevCdromDevices &UdevCdroms, unsigned int &i) +bool AutoDetectCdrom(pkgUdevCdromDevices &UdevCdroms, unsigned int &i, bool &automounted) { bool Debug = _config->FindB("Debug::Acquire::cdrom", false); + automounted = false; + vector v = UdevCdroms.Scan(); if (i >= v.size()) return false; @@ -137,6 +139,8 @@ bool AutoDetectCdrom(pkgUdevCdromDevices &UdevCdroms, unsigned int &i) mkdir(AptMountPoint.c_str(), 0750); if(MountCdrom(AptMountPoint, v[i].DeviceName) == false) _error->Warning(_("Failed to mount '%s' to '%s'"), v[i].DeviceName.c_str(), AptMountPoint.c_str()); + else + automounted = true; _config->Set("Acquire::cdrom::mount", AptMountPoint); _config->Set("APT::CDROM::NoMount", true); } @@ -160,17 +164,35 @@ bool DoAdd(CommandLine &) bool AutoDetect = _config->FindB("Acquire::cdrom::AutoDetect", true); unsigned int count = 0; + string AptMountPoint = _config->FindDir("Dir::Media::MountPath"); + bool automounted = false; if (AutoDetect && UdevCdroms.Dlopen()) - while (AutoDetectCdrom(UdevCdroms, count)) - res &= cdrom.Add(&log); - if (count == 0) { - res = cdrom.Add(&log); - if (res == false) { - _error->Error("%s", _(W_NO_CDROM_FOUND)); + while (AutoDetectCdrom(UdevCdroms, count, automounted)) { + if (count == 1) { + // begin loop with res false to detect any success using OR + res = false; + } + + // dump any warnings/errors from autodetect + if (_error->empty() == false) + _error->DumpErrors(); + + res |= cdrom.Add(&log); + + if (automounted) + UnmountCdrom(AptMountPoint); + + // dump any warnings/errors from add/unmount + if (_error->empty() == false) + _error->DumpErrors(); } - } - if(res) + if (count == 0) + res = cdrom.Add(&log); + + if (res == false) + _error->Error("%s", _(W_NO_CDROM_FOUND)); + else cout << _("Repeat this process for the rest of the CDs in your set.") << endl; return res; @@ -187,18 +209,38 @@ bool DoIdent(CommandLine &) pkgCdrom cdrom; bool res = true; - bool AutoDetect = _config->FindB("Acquire::cdrom::AutoDetect"); + bool AutoDetect = _config->FindB("Acquire::cdrom::AutoDetect", true); unsigned int count = 0; + string AptMountPoint = _config->FindDir("Dir::Media::MountPath"); + bool automounted = false; if (AutoDetect && UdevCdroms.Dlopen()) - while (AutoDetectCdrom(UdevCdroms, count)) - res &= cdrom.Ident(ident, &log); - if (count == 0) { - res = cdrom.Ident(ident, &log); - if (res == false) { - _error->Error("%s", _(W_NO_CDROM_FOUND)); + while (AutoDetectCdrom(UdevCdroms, count, automounted)) { + if (count == 1) { + // begin loop with res false to detect any success using OR + res = false; + } + + // dump any warnings/errors from autodetect + if (_error->empty() == false) + _error->DumpErrors(); + + res |= cdrom.Ident(ident, &log); + + if (automounted) + UnmountCdrom(AptMountPoint); + + // dump any warnings/errors from add/unmount + if (_error->empty() == false) + _error->DumpErrors(); } - } + + if (count == 0) + res = cdrom.Ident(ident, &log); + + if (res == false) + _error->Error("%s", _(W_NO_CDROM_FOUND)); + return res; } /*}}}*/ -- cgit v1.2.3 From 8f3594c3487800edc2a97af1f3290049776dc556 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 12 Feb 2014 07:59:07 +0100 Subject: Use a APT::VersionSet instead of a VersionList Use a APT::VersionSet instead of a APT::VersionList in DoDownload() to ensure that there is only one version in the set even if the user passes multiple identical name/versions on the commandline (Bug#738103) --- cmdline/apt-get.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 1019ff325..4d609104c 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -630,8 +630,8 @@ bool DoDownload(CommandLine &CmdL) return false; APT::CacheSetHelper helper(c0out); - APT::VersionList verset = APT::VersionList::FromCommandLine(Cache, - CmdL.FileList + 1, APT::VersionList::CANDIDATE, helper); + APT::VersionSet verset = APT::VersionSet::FromCommandLine(Cache, + CmdL.FileList + 1, APT::VersionSet::CANDIDATE, helper); if (verset.empty() == true) return false; @@ -650,7 +650,7 @@ bool DoDownload(CommandLine &CmdL) std::string const cwd = SafeGetCWD(); _config->Set("Dir::Cache::Archives", cwd); int i = 0; - for (APT::VersionList::const_iterator Ver = verset.begin(); + for (APT::VersionSet::const_iterator Ver = verset.begin(); Ver != verset.end(); ++Ver, ++i) { pkgAcquire::Item *I = new pkgAcqArchive(&Fetcher, SrcList, &Recs, *Ver, storefile[i]); -- cgit v1.2.3 From 52090faab4401ad6a2acb4d2c0c2cb53aa6b8f7f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 13 Feb 2014 14:47:34 +0100 Subject: trivial indent fix --- cmdline/apt.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cmdline') diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 6ad470faa..7ef9060aa 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -82,7 +82,7 @@ bool ShowHelp(CommandLine &CmdL) " remove - remove packages\n" "\n" " upgrade - upgrade the system by installing/upgrading packages\n" - "full-upgrade - upgrade the system by removing/installing/upgrading packages\n" + " full-upgrade - upgrade the system by removing/installing/upgrading packages\n" "\n" " edit-sources - edit the source information file\n" ); -- cgit v1.2.3 From 46a78c652d80818b4643c471432ae961b1ca5bd9 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 22 Feb 2014 18:07:43 +0100 Subject: remove auto-generated apt-key and sources.list on clean (closes: 739749) --- cmdline/makefile | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'cmdline') diff --git a/cmdline/makefile b/cmdline/makefile index 06f170b6a..f89192e10 100644 --- a/cmdline/makefile +++ b/cmdline/makefile @@ -40,20 +40,6 @@ LIB_MAKES = apt-pkg/makefile SOURCE = apt-cdrom.cc include $(PROGRAM_H) -# The apt-key program -apt-key: apt-key.in - sed -e "s#&keyring-filename;#$(shell ../vendor/getinfo keyring-filename)#" \ - -e "s#&keyring-removed-filename;#$(shell ../vendor/getinfo keyring-removed-filename)#" \ - -e "s#&keyring-master-filename;#$(shell ../vendor/getinfo keyring-master-filename)#" \ - -e "s#&keyring-uri;#$(shell ../vendor/getinfo keyring-uri)#" \ - -e "s#&keyring-package;#$(shell ../vendor/getinfo keyring-package)#" $< > $@ - chmod 755 $@ - -SOURCE=apt-key -TO=$(BIN) -TARGET=program -include $(COPY_H) - # The apt-mark program PROGRAM=apt-mark SLIBS = -lapt-pkg -lapt-private $(INTLLIBS) @@ -99,3 +85,22 @@ SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = apt-dump-solver.cc include $(PROGRAM_H) + +# The apt-key program +apt-key: apt-key.in + sed -e "s#&keyring-filename;#$(shell ../vendor/getinfo keyring-filename)#" \ + -e "s#&keyring-removed-filename;#$(shell ../vendor/getinfo keyring-removed-filename)#" \ + -e "s#&keyring-master-filename;#$(shell ../vendor/getinfo keyring-master-filename)#" \ + -e "s#&keyring-uri;#$(shell ../vendor/getinfo keyring-uri)#" \ + -e "s#&keyring-package;#$(shell ../vendor/getinfo keyring-package)#" $< > $@ + chmod 755 $@ + +SOURCE=apt-key +TO=$(BIN) +TARGET=program +include $(COPY_H) + +clean: clean/apt-key + +clean/apt-key: + rm -f apt-key -- cgit v1.2.3 From 1e3f4083db29bba600b9725e9456b0e140975c99 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 22 Feb 2014 18:34:33 +0100 Subject: Fix typos in documentation (codespell) --- cmdline/apt-config.cc | 2 +- cmdline/apt-get.cc | 4 ++-- cmdline/apt-internal-solver.cc | 6 +++--- cmdline/apt-key.in | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-config.cc b/cmdline/apt-config.cc index 3481eaf5f..30c2a22d5 100644 --- a/cmdline/apt-config.cc +++ b/cmdline/apt-config.cc @@ -8,7 +8,7 @@ This program will parse a config file and then do something with it. Commands: - shell - Shell mode. After this a series of word pairs should occure. + shell - Shell mode. After this a series of word pairs should occur. The first is the environment var to set and the second is the key to set it from. Use like: eval `apt-config shell QMode apt::QMode` diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 4d609104c..12e385b69 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -15,7 +15,7 @@ upgrade - Smart-Download the newest versions of all packages dselect-upgrade - Follows dselect's changes to the Status: field and installes new and removes old packages - dist-upgrade - Powerfull upgrader designed to handle the issues with + dist-upgrade - Powerful upgrader designed to handle the issues with a new distribution. install - Download and install a given package (by name, not by .deb) check - Update the package cache and check for broken packages @@ -513,7 +513,7 @@ bool DoDSelectUpgrade(CommandLine &CmdL) } /* Resolve any problems that dselect created, allupgrade cannot handle - such things. We do so quite agressively too.. */ + such things. We do so quite aggressively too.. */ if (Cache->BrokenCount() != 0) { pkgProblemResolver Fix(Cache); diff --git a/cmdline/apt-internal-solver.cc b/cmdline/apt-internal-solver.cc index 53b38ea43..bf5b8c1fe 100644 --- a/cmdline/apt-internal-solver.cc +++ b/cmdline/apt-internal-solver.cc @@ -160,16 +160,16 @@ int main(int argc,const char *argv[]) /*{{{*/ if (upgrade == true) { if (pkgAllUpgrade(CacheFile) == false) { - EDSP::WriteError("ERR_UNSOLVABLE_UPGRADE", "An upgrade error occured", output); + EDSP::WriteError("ERR_UNSOLVABLE_UPGRADE", "An upgrade error occurred", output); return 0; } } else if (distUpgrade == true) { if (pkgDistUpgrade(CacheFile) == false) { - EDSP::WriteError("ERR_UNSOLVABLE_DIST_UPGRADE", "An dist-upgrade error occured", output); + EDSP::WriteError("ERR_UNSOLVABLE_DIST_UPGRADE", "An dist-upgrade error occurred", output); return 0; } } else if (Fix.Resolve() == false) { - EDSP::WriteError("ERR_UNSOLVABLE", "An error occured", output); + EDSP::WriteError("ERR_UNSOLVABLE", "An error occurred", output); return 0; } diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 0ced500db..0774cf4b7 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -18,7 +18,7 @@ touch $SECRETKEYRING GPG_CMD="$GPG_CMD --homedir $GPGHOMEDIR" # create the trustdb with an (empty) dummy keyring # older gpgs required it, newer gpgs even warn that it isn't needed, -# but require it nontheless for some commands, so we just play safe +# but require it nonetheless for some commands, so we just play safe # here for the foreseeable future and create a dummy one $GPG_CMD --quiet --check-trustdb --keyring $SECRETKEYRING >/dev/null 2>&1 # tell gpg that it shouldn't try to maintain a trustdb file @@ -187,7 +187,7 @@ remove_key_from_keyring() { echo >&2 "Key ${2} is in keyring ${1}, but can't be removed as it is read only." return fi - # check if it is the only key in the keyring and if so remove the keyring alltogether + # check if it is the only key in the keyring and if so remove the keyring altogether if [ '1' = "$($GPG --with-colons --list-keys | grep "^pub:[^:]*:[^:]*:[^:]*:[0-9A-F]\+:" | wc -l)" ]; then mv -f "$1" "${1}~" # behave like gpg return -- cgit v1.2.3 From e7f56293f029505f59670be2bad244f6d9912369 Mon Sep 17 00:00:00 2001 From: Guillem Jover Date: Sun, 16 Feb 2014 23:30:48 +0100 Subject: Add support for data.tar, control.tar and control.tar.xz Sync the deb(5) format support with latest dpkg, by allowing uncompressed tar members and xz compressed control.tar. This also refactors the control.tar member extraction by using ExtractTarMember(), which also means future changes only need to be implemented in a single place. --- cmdline/apt-extracttemplates.cc | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) (limited to 'cmdline') diff --git a/cmdline/apt-extracttemplates.cc b/cmdline/apt-extracttemplates.cc index 8e1937113..2408a7d9d 100644 --- a/cmdline/apt-extracttemplates.cc +++ b/cmdline/apt-extracttemplates.cc @@ -24,8 +24,7 @@ #include #include #include -#include -#include +#include #include #include #include @@ -91,18 +90,9 @@ string DebFile::GetInstalledVer(const string &package) /* */ bool DebFile::Go() { - ARArchive AR(File); - if (_error->PendingError() == true) - return false; - - const ARArchive::Member *Member = AR.FindMember("control.tar.gz"); - if (Member == 0) - return _error->Error(_("%s not a valid DEB package."),File.Name().c_str()); - - if (File.Seek(Member->Start) == false) - return false; - ExtractTar Tar(File, Member->Size,"gzip"); - return Tar.Go(*this); + debDebFile Deb(File); + + return Deb.ExtractTarMember(*this, "control.tar"); } /*}}}*/ // DebFile::DoItem examine element in package and mark /*{{{*/ -- cgit v1.2.3