Sorry for the cross-post, but this is relevant to several groups, and I wanted to be sure and hit them all. I have uploaded an experiemental dpkg (1.5.90, which is a pre 1.6.0). It is mainly testing of unstable features (outlined below). Some of these features are in regard to some current policy proposals, I hope this avenue of testing will enable a better result for these proposals (it's always nice to see things implemented before deciding they are crap/good). Here is an overview of the features: ## Bzip2 support for sources ## This is a simple modification to dpkg-source (and dpkg-buildpackage to pass the option) to take -z<compress type>. Right now it accepts "bz2" and "gz" (the default). This will generate a bzip2 compressed .diff and .tar. I did not implement seperate compressions for the diff and the tar, mainly because I think it's overly complex to do and isn't really needed. Dpkg-source also automatically recognizes (from the .dsc) the bzip2 compression and uses it to unpack the source. Now this is all working well. However, the main hurdle is to see what the ftp-admins say about dinstall/archive being able to handle this with current scripts. ## Bzip2 support for packages ## Dpkg-deb allows using bzip2 to compress the package members (control.tar and data.tar). This is based on a patch from bug #34727 with a lot of modifications. Dpkg-deb will handle this in two ways, 1) using the --compress option (which currently takes gz and bz2 as args) or 2) by checking the DPKGDEB_COMPRESS_TYPE environment variable (which overrides all other options, useful for autobuilders). Dpkg-deb will also automatically detect the compression type when unpacking the .deb. Note that the new .bz2 format will have a package format version of "3.0" so that older dpkg's that don't support this will give and error to the affect of "you need a newer dpkg" (for some reason a major version increase is needed for this to happen). Also the magic.diff file will patch /usr/share/misc/magic so that when you do `file foo.deb' it will give you the compression type in the output (bzip2 does not contain a date in it's header for compressed files, so I had to remove the date output to avoid erroneous ones for bz2 packages, the "file" maintainer has been notified, and will hopefully find a solution). My opinion on this is, if we implement it, we should not allow essential/base packages to use it for atleast one release after potato (so after woody as the case may be) and dpkg should never be packaged with anything other than gzip compression. ## Syslog support ## Basic implementation (read "raw") for output to be mirrored to syslog. Right now it sends to "user" which is in /var/lib/user.log. I need to document a little more on what type of messages are sent at what level. To enable it add --use-syslog to the dpkg command line, or add this to /etc/apt/apt.conf: DPkg::Options {"--use-syslog";}; Note that I still have much to finish with this, main part being to log the output from sub-processes (maintainer scripts, etc..). ## Package signing support ## This is the big wammo for this test release. Without losing compatiblity or affecting older dpkg's, we can now sign packages internally. This is done with two new elements (members) in the package called "_control.sig" and "_data.sig". The preceding '_' makes older dpkg-deb's ignore them. Just to prove the ability, the .debs for the test are signed. After installing them run `dpkg-signpackage -c *.deb' to see the output (note, you need the developer keyring or you need to have gpg setup to get unknown keys from a keyserver for this to work, also you need gpg, since I haven't finished the pgp support). To sign your own packages, you can either use dpkg-signpackage by itself or add '-sb' to dpkg-buildpackage's command line when building. Known problems, each .deb signed requires you to enter your passphrase twice (once for each member), which get's really old after the second or third package. Any help with getting around this would be nice. Also note that I plan on adding signature checking to dpkg-deb itself, but not generating signatures. Also, I need to have dpkg-signpackage -c give better parsing of errors in checking the signatures. Also note that the signatures are on the uncompressed .tar's in the .deb. This way packages can be recompressed without having the signatures go bad. Please test these thoroughly and report any fixes, extra features to me personally. Now that you have traversed this long winded email, you deserver the URL :) http://www.debian.org/~bcollins/dpkg-beta/ Thanks, Ben
Attachment:
pgpWhEujQ8xOC.pgp
Description: PGP signature