[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[ANNOUNCE] experiemental dpkg available



Sorry for the cross-post, but this is relevant to several groups, and I
wanted to be sure and hit them all.

I have uploaded an experiemental dpkg (1.5.90, which is a pre 1.6.0). It
is mainly testing of unstable features (outlined below). Some of these
features are in regard to some current policy proposals, I hope this
avenue of testing will enable a better result for these proposals (it's
always nice to see things implemented before deciding they are crap/good).

Here is an overview of the features:

## Bzip2 support for sources ##

This is a simple modification to dpkg-source (and dpkg-buildpackage to
pass the option) to take -z<compress type>. Right now it accepts "bz2"
and "gz" (the default). This will generate a bzip2 compressed .diff and
.tar. I did not implement seperate compressions for the diff and the tar,
mainly because I think it's overly complex to do and isn't really needed.

Dpkg-source also automatically recognizes (from the .dsc) the bzip2
compression and uses it to unpack the source.

Now this is all working well. However, the main hurdle is to see what the
ftp-admins say about dinstall/archive being able to handle this with
current scripts.


## Bzip2 support for packages ##

Dpkg-deb allows using bzip2 to compress the package members (control.tar
and data.tar). This is based on a patch from bug #34727 with a lot of
modifications. Dpkg-deb will handle this in two ways, 1) using the
--compress option (which currently takes gz and bz2 as args) or 2) by
checking the DPKGDEB_COMPRESS_TYPE environment variable (which overrides
all other options, useful for autobuilders).

Dpkg-deb will also automatically detect the compression type when
unpacking the .deb. Note that the new .bz2 format will have a package
format version of "3.0" so that older dpkg's that don't support this will
give and error to the affect of "you need a newer dpkg" (for some reason a
major version increase is needed for this to happen).

Also the magic.diff file will patch /usr/share/misc/magic so that when you
do `file foo.deb' it will give you the compression type in the output
(bzip2 does not contain a date in it's header for compressed files, so I
had to remove the date output to avoid erroneous ones for bz2 packages,
the "file" maintainer has been notified, and will hopefully find a
solution).

My opinion on this is, if we implement it, we should not allow
essential/base packages to use it for atleast one release after potato (so
after woody as the case may be) and dpkg should never be packaged with
anything other than gzip compression.


## Syslog support ##

Basic implementation (read "raw") for output to be mirrored to syslog.
Right now it sends to "user" which is in /var/lib/user.log. I need to
document a little more on what type of messages are sent at what level. To
enable it add --use-syslog to the dpkg command line, or add this to
/etc/apt/apt.conf:

DPkg::Options {"--use-syslog";};

Note that I still have much to finish with this, main part being to log
the output from sub-processes (maintainer scripts, etc..).


## Package signing support ##

This is the big wammo for this test release. Without losing compatiblity
or affecting older dpkg's, we can now sign packages internally. This is
done with two new elements (members) in the package called "_control.sig"
and "_data.sig". The preceding '_' makes older dpkg-deb's ignore them.
Just to prove the ability, the .debs for the test are signed. After
installing them run `dpkg-signpackage -c *.deb' to see the output (note,
you need the developer keyring or you need to have gpg setup to get
unknown keys from a keyserver for this to work, also you need gpg, since I
haven't finished the pgp support).

To sign your own packages, you can either use dpkg-signpackage by itself
or add '-sb' to dpkg-buildpackage's command line when building.

Known problems, each .deb signed requires you to enter your passphrase
twice (once for each member), which get's really old after the second or
third package. Any help with getting around this would be nice. Also note
that I plan on adding signature checking to dpkg-deb itself, but not
generating signatures. Also, I need to have dpkg-signpackage -c give
better parsing of errors in checking the signatures.

Also note that the signatures are on the uncompressed .tar's in the .deb.
This way packages can be recompressed without having the signatures go
bad.


Please test these thoroughly and report any fixes, extra features to me
personally. Now that you have traversed this long winded email, you
deserver the URL :)

http://www.debian.org/~bcollins/dpkg-beta/

Thanks,
  Ben

Attachment: pgpWhEujQ8xOC.pgp
Description: PGP signature


Reply to: