[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

apt-check-sigs and absoute dists/



Hi,
attached is a small patch that allows apt-check-sigs to also check
absolute dists (i.e. ending in a '/') like:
 deb http://people.debian.org/~foo/woody-backports bar/
(in case http://people.debian.org/~foo/woody-backports/bar/ contains a
signed release file with the md5sum of the Packages file in the same
directory, like: 

Origin: people.debian.org
Label: foo 
Suite: stable
Codename: woody
Component: main
Description: bar woody backport
MD5Sum:
 4911ffcbb10d25e176507db4dc5f4be1	13742	Packages
 c0ef0457b198e6dee176920f9ba0524c	1677	Sources

). This would allow maintainers to sign the Release files of their woody
backports or whatever if they want to.
Regards,
 -- Guido
--- apt-check-sigs.orig	Fri Apr 11 19:36:16 2003
+++ apt-check-sigs	Mon Apr 14 13:42:26 2003
@@ -2,6 +2,8 @@
 
 # Copyright (c) 2001 Anthony Towns <ajt@debian.org>
 #
+# support for absolute dists/ by Guido Guenther <agx@sigxcpu.org>
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
@@ -33,7 +35,7 @@
 }
 
 checkit () {
-	local FILE="$1"
+	local FILE=`echo $1 | sed 's/~/%7e/g'`
 	local LOOKUP="$2"
 
 	Y="`get_md5sumsize Release "$LOOKUP"`"
@@ -49,6 +51,14 @@
 		echo "MISSING $Y"
 		return
 	fi
+	# we simply can't store the md5sum of the release file in the release
+	# file itself for absoule dists - it's okay not check it since we already
+	# verified it's gpg signature
+	if [ "$LOOKUP" = "Release" ]; then
+		echo "$FILE" >>OK
+		echo "OK"
+		return
+	fi
 	if [ "$Y" = "" ]; then
 		echo "$FILE" >>NOCHECK
 		echo "NOCHECK"
@@ -86,11 +96,19 @@
 		continue
 	fi
 
-	echo "Source: ${ty} ${url} ${dist} ${comps}"
-	
+	if [ -z "$comps" -a `expr match $dist '.*/$'` != "0" ]; then
+		comps=$dist
+		unset dist
+		release=${url}/${comps}/Release
+		echo "Source: ${ty} ${url} ${comps}"
+	else
+		echo "Source: ${ty} ${url} ${dist} ${comps}"
+		release=${url}/dists/${dist}/Release
+	fi
+
 	rm -f Release Release.gpg
-	lynx -reload -dump "${url}/dists/${dist}/Release" >/dev/null 2>&1
-	wget -q -O Release "${url}/dists/${dist}/Release"
+	lynx -reload -dump $release >/dev/null 2>&1
+	wget -q -O Release $release
 
 	if ! grep -q '^' Release; then
 		echo "  * NO TOP-LEVEL Release FILE"
@@ -107,12 +125,12 @@
 		echo "  o $dateline"
 		echo "  o $dscrline"
 
-		if [ "${dist%%/*}" != "$suitline" -a "${dist%%/*}" != "$codeline" ]; then
+		if [ "$dist" -a "${dist%%/*}" != "$suitline" -a "${dist%%/*}" != "$codeline" ]; then
 			echo "  * WARNING: asked for $dist, got $suitline/$codeline"
 		fi
 
-		lynx -reload -dump "${url}/dists/${dist}/Release.gpg" >/dev/null 2>&1
-		wget -q -O Release.gpg "${url}/dists/${dist}/Release.gpg"
+		lynx -reload -dump ${release}.gpg >/dev/null 2>&1
+		wget -q -O Release.gpg ${release}.gpg
 		
 		gpgv --status-fd 3 Release.gpg Release 3>&1 >/dev/null 2>&1 | sed -n "s/^\[GNUPG:\] //p" | (okay=0; err=""; while read gpgcode rest; do
 			if [ "$gpgcode" = "GOODSIG" ]; then
@@ -143,16 +161,26 @@
 	okaycomps=""
 	for comp in $comps; do
 		if [ "$ty" = "deb" ]; then
-			X=$(checkit "`echo "${baseurl}/dists/${dist}/${comp}/binary-${arch}/Release" | sed 's,//*,_,g'`" "${comp}/binary-${arch}/Release")
-			Y=$(checkit "`echo "${baseurl}/dists/${dist}/${comp}/binary-${arch}/Packages" | sed 's,//*,_,g'`" "${comp}/binary-${arch}/Packages")
+			if [ "$dist" ]; then
+				X=$(checkit "`echo "${baseurl}/dists/${dist}/${comp}/binary-${arch}/Release" | sed 's,//*,_,g'`" "${comp}/binary-${arch}/Release")
+				Y=$(checkit "`echo "${baseurl}/dists/${dist}/${comp}/binary-${arch}/Packages" | sed 's,//*,_,g'`" "${comp}/binary-${arch}/Packages")
+			else
+				X=$(checkit "`echo "${baseurl}/${comp}Release" | sed 's,//*,_,g'`" "Release")
+				Y=$(checkit "`echo "${baseurl}/${comp}Packages" | sed 's,//*,_,g'`" "Packages")
+			fi
 			if [ "$X $Y" = "OK OK" ]; then
 				okaycomps="$okaycomps $comp"
 			else
 				echo "  * PROBLEMS WITH $comp ($X, $Y)"
 			fi
 		elif [ "$ty" = "deb-src" ]; then
-			X=$(checkit "`echo "${baseurl}/dists/${dist}/${comp}/source/Release" | sed 's,//*,_,g'`" "${comp}/source/Release")
-			Y=$(checkit "`echo "${baseurl}/dists/${dist}/${comp}/source/Sources" | sed 's,//*,_,g'`" "${comp}/source/Sources")
+			if [ "$dist" ]; then
+				X=$(checkit "`echo "${baseurl}/dists/${dist}/${comp}/source/Release" | sed 's,//*,_,g'`" "${comp}/source/Release")
+				Y=$(checkit "`echo "${baseurl}/dists/${dist}/${comp}/source/Sources" | sed 's,//*,_,g'`" "${comp}/source/Sources")
+			else
+				X=$(checkit "`echo "${baseurl}/${comp}Release" | sed 's,//*,_,g'`" "Release")
+				Y=$(checkit "`echo "${baseurl}/${comp}Sources" | sed 's,//*,_,g'`" "Sources")
+			fi
 			if [ "$X $Y" = "OK OK" ]; then
 				okaycomps="$okaycomps $comp"
 			else

Reply to: