Package: apt-move Version: 4.2.27-1 Severity: important I created a patch for apt-move to add sha256 support for - the Packages files - the Sources files This patch also includes to former patches for version 4.2.27-1 so it also adds sha256 support for - The Release file On a squeeze system I installed apt-move_4.2.27-1+b8_i386.deb and just after the installation of the deb file the patch can be applied. The other patches in this bug must not be applied for that patch to work. I applied the patch with: cd / patch -p1 < /pathtopatch/apt-move-sha256issue-2013082102.patch On my squeeze system the apt-move dependencies have the following versions: bc Version: 1.06.95-2 dash Version: 0.5.5.1-7.4 libapt-pkg4.10: not installed on my system libc6 Version: 2.11.3-3 libgcc1 Version: 1:4.4.5-8 libstdc++6 Version: 4.4.5-8 Please find the patch attached to this post. sincerely yours Mario Koppensteiner
diff -Naur 4.2.27-1+b8_i386/usr/bin/apt-move work/usr/bin/apt-move --- 4.2.27-1+b8_i386/usr/bin/apt-move 2013-08-20 19:25:56.000000000 +0200 +++ work/usr/bin/apt-move 2013-08-21 14:24:21.000000000 +0200 @@ -137,6 +137,20 @@ exit 64 } +apt_move_sha1() { + while read line + do + sha1sum ${line} | cut -d" " -f 1 + done +} + +apt_move_sha256() { + while read line + do + sha256sum ${line} | cut -d" " -f 1 + done +} + apt_move_stat() { perl -lpe '$_ = (stat)[7];' } @@ -754,8 +768,8 @@ local pf i bif pf=$TMPHOME/movefiles - rm -f $pf-fifo1 $pf-fifo2 - mkfifo $pf-fifo1 $pf-fifo2 + rm -f $pf-fifo1 $pf-fifo2 $pf-fifo3 $pf-fifo4 + mkfifo $pf-fifo1 $pf-fifo2 $pf-fifo3 $pf-fifo4 rm -rf $pf mkdir $pf @@ -787,15 +801,19 @@ if [ $GET_BINARY ]; then < $pf-deb apt_move_stat > $pf-fifo1& + < $pf-deb apt_move_sha256 > $pf-fifo3& + < $pf-deb apt_move_sha1 > $pf-fifo4& < $pf-deb xargs -r md5sum | - $MOVE4 $pf/deb $pf-fifo1 $pf-skip1 $pf-pkg $CONTENTS + $MOVE4 $pf/deb $pf-fifo1 $pf-skip1 $pf-fifo3 $pf-fifo4 $pf-pkg $CONTENTS waitall fi > $pf-mvdeb if [ $GET_SOURCE ]; then < $pf-dsc apt_move_stat > $pf-fifo1& + < $pf-dsc apt_move_sha256 > $pf-fifo3& + < $pf-dsc apt_move_sha1 > $pf-fifo4& < $pf-dsc xargs -r md5sum | - $MOVE4 $pf/dsc $pf-fifo1 $pf-skip2 > $pf-dsc1 + $MOVE4 $pf/dsc $pf-fifo1 $pf-skip2 $pf-fifo3 $pf-fifo4 > $pf-dsc1 waitall sort -t _ -k 2 .apt-move/source > $pf-sdist @@ -856,14 +874,18 @@ \) < $pf-deb apt_move_stat > $pf-fifo1& + < $pf-deb apt_move_sha256 > $pf-fifo3& + < $pf-deb apt_move_sha1 > $pf-fifo4& < $pf-deb xargs -r md5sum | - $MOVE4 $pf/deb $pf-fifo1 $pf-skip1 $pf-pkg $CONTENTS \ + $MOVE4 $pf/deb $pf-fifo1 $pf-skip1 $pf-fifo3 $pf-fifo4 $pf-pkg $CONTENTS \ > $pf-mvdeb waitall < $pf-dsc apt_move_stat > $pf-fifo1& + < $pf-dsc apt_move_sha256 > $pf-fifo3& + < $pf-dsc apt_move_sha1 > $pf-fifo4& < $pf-dsc xargs -r md5sum | - $MOVE4 $pf/dsc $pf-fifo1 $pf-skip2 > $pf-dsc1 + $MOVE4 $pf/dsc $pf-fifo1 $pf-skip2 $pf-fifo3 $pf-fifo4 > $pf-dsc1 waitall cd .apt-move @@ -933,8 +955,8 @@ dofsck() { local pf fifos i readlink bif overawk pf=$TMPHOME/dofsck - rm -f $pf-fifo1 $pf-fifo2 - mkfifo $pf-fifo1 $pf-fifo2 + rm -f $pf-fifo1 $pf-fifo2 $pf-fifo3 $pf-fifo4 + mkfifo $pf-fifo1 $pf-fifo2 $pf-fifo3 $pf-fifo4 rm -rf $pf mkdir $pf @@ -1253,6 +1275,8 @@ $(md5sum $l) $size $j/$k/$l printf ' %40s%.s %16d %s\n' \ $(sha1sum $l) $size $j/$k/$l >&3 + printf ' %64s%.s %16d %s\n' \ + $(sha256sum $l) $size $j/$k/$l >&4 done } @@ -1312,7 +1336,7 @@ fi cd $prev - done > $pf-md5sum 3> $pf-sha1sum + done > $pf-md5sum 3> $pf-sha1sum 4> $pf-sha256sum [ -n "$compo" ] || return 0 @@ -1334,6 +1358,8 @@ cat $pf-md5sum echo SHA1: cat $pf-sha1sum + echo SHA256: + cat $pf-sha256sum exec >&- diff -Naur 4.2.27-1+b8_i386/usr/share/apt-move/move4 work/usr/share/apt-move/move4 --- 4.2.27-1+b8_i386/usr/share/apt-move/move4 2013-08-20 19:25:56.000000000 +0200 +++ work/usr/share/apt-move/move4 2013-08-21 14:29:03.000000000 +0200 @@ -19,6 +19,28 @@ return toupper(substr(s, 1, 1)) substr(s, 2) } +function readsha256(sha256f, sha256) { + err = getline sha256 < sha256f + if (err < 0) { + print "getline failed on " sha256f > "/dev/stderr" + exit 1 + } else if (err == 0) { + return -1 + } + return sha256 +} + +function readsha1(sha1f, sha1) { + err = getline sha1 < sha1f + if (err < 0) { + print "getline failed on " sha1f > "/dev/stderr" + exit 1 + } else if (err == 0) { + return -1 + } + return sha1 +} + function readsize(sizef, size) { err = getline size < sizef if (err < 0) { @@ -34,8 +56,10 @@ pref = ARGV[1] sizef = ARGV[2] skipf = ARGV[3] - pkgf = ARGV[4] - contents = ARGV[5] == "yes" + sha256f = ARGV[4] + sha1f = ARGV[5] + pkgf = ARGV[6] + contents = ARGV[7] == "yes" ARGC = 1 isbin = pref ~ /deb$/ @@ -72,7 +96,8 @@ pri[++i] = "Filename" pri[++i] = "Size" pri[++i] = "MD5sum" - pri[++i] = "SHA1sum" + pri[++i] = "SHA1" + pri[++i] = "SHA256" pri[++i] = "Description" } else { pri[++i] = "Package" @@ -90,10 +115,14 @@ pri[++i] = "Format" pri[++i] = "Directory" pri[++i] = "Files" + pri[++i] = "Checksums-sha1" + pri[++i] = "Checksums-sha256" } prilen = i nextsize = readsize(sizef) + nextsha256 = readsha256(sha256f) + nextsha1 = readsha1(sha1f) printf "" > skipf if (isbin) { printf "" > pkgf @@ -110,6 +139,16 @@ nextsize = readsize(sizef) } +{ + sha256 = nextsha256 + nextsha256 = readsha256(sha256f) +} + +{ + sha1 = nextsha1 + nextsha1 = readsha1(sha1f) +} + isbin { suffix = substr($2, length($2) - 3) if (suffix == "udeb") { @@ -147,6 +186,8 @@ tv["md5sum"] = " " $1 tv["size"] = " " size + tv["sha256"] = " " sha256 + tv["sha1"] = " " sha1 if ("revision" in tv) { tv["version"] = tv["version"] "-" tv["revision"] delete tv["revision"] @@ -216,6 +257,8 @@ files = files " " a[i] } tv["files"] = "\n " $1 " " size " " file tv["files"] + tv["checksums-sha256"] = "\n " sha256 " " size " " file tv["checksums-sha256"] + tv["checksums-sha1"] = "\n " sha1 " " size " " file tv["checksums-sha1"] tv["section"] = tv["section"] tv["priority"] = tv["priority"] tv["directory"] = tv["directory"]
Attachment:
signature.asc
Description: Digital signature