[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#481129: Bug#671503: general: APT repository format is not documented

On Fri, May 18, 2012 at 01:38:40PM +0200, Julian Andres Klode wrote:
> On Fri, May 18, 2012 at 12:02:47PM +0100, Ian Jackson wrote:
> > CC'ing the apt list deity@lists.debian.org.
> > 
> > Goswin von Brederlow writes ("Re: Bug#481129: Bug#671503: general: APT repository format is not documented"):
> > > Michal Suchanek <michal.suchanek@ruk.cuni.cz> writes:
> > > > [ discussions regarding documenting the apt repository format ]
> > > 
> > > I would suggest you look at existing repositories, whatever scraps of
> > > information is in the manuals and maybe a bit at the source and start to
> > > write a documentation. Once you have that offer it for review and other
> > > people can pitch in their bits of knowledge. Getting the current format
> > > documented right shouldn't be that hard if someone just starts.
> > 
> > Right.
> > 
> > > And once such a document exists it is much easier to get people do
> > > document changes or hit them over the head if they don't.
> > 
> > Can the apt maintainers confirm that once such a document exists, they
> > will insist that future contributions to apt which change the
> > repository format update the document ?
> > 
> > What form do the apt maintainers think the document should take ?
> > Should it eventually be in the apt source package or somewhere else ?
> I do not think that APT is responsible for the repository format. The
> repository format is defined by ftpmaster, not by APT. APT has to my
> knowledge not defined anything new, but only implemented changes to
> the repository format after they were introduced by ftpmaster (see
> InRelease files).
> We currently have three independent implementations of the repository
> format in the archive: APT, cupt, smartpm. Furthermore, tools like
> debian-cd probably also have some knowledge about the repository
> format.
> The repository format should thus be part of Policy, not part of
> APT. APT is one of the users of that format, not the one defining
> it (it might just get stricter in behavior from time to time, just
> like compilers). Changes to the format should require approval of
> ftpmaster, as they have to implement them on the server-side.

A working draft could be something like the following. It mostly
describes the current format for Release, Packages, and Sources
files. It's thus missing Contents and Translations, pdiffs, and
stuff, but it's a beginning.

It specifies different requirements for servers and clients,
in order to have clients be backwards compatible with more
repositories, and forcing servers to be stricter. Don't know
how good that is, though.

            = Debian Repository Format =

This documents a subset of the Debian repository format. This is a work
in progress.

"Release" files
The file "dists/$DIST/Release" shall contain meta-information about the
distribution and checksums for the indices. The file "dists/$DIST/Release.gpg"
shall be an GPG signature of the "Release" file, compatible with the format
used by the GPG options "-a -b -s". The file "dists/$DIST/InRelease" shall be
the "Release" file with a GPG clearsign signature  compatible with the format
used by the GPG options "-a -s --clearsign".

The following fields might be available:

    - Origin
    - Label
    - Suite
    - Codename
    - Date
    - Valid-Until
    - Architectures
    - Components
    - Description
    - MD5sum, SHA1, SHA256
    - NotAutomatic and ButAutomaticUpgrades

Servers shall provide the Release file, and its signed counterparts with at
least the following keys:

    - SHA256
    - Origin
    - Suite and/or Codename
    - Architectures

Clients shall accept missing Release files, and Release files without the
fields required for servers. They might reject Release files that do not
contain at least one of the fields defined herein.

Whitespace separated unique single words identifying Debian machine architectures
as described in Architecture specification strings, Section 11.1.

Shall indicate the origin of the repository.

Optional field including some kind of label.

The Suite field shall describe the suite. In Debian, this shall be one of
oldstable, stable, testing, unstable, or experimental; with optional suffixes
separated by "-" (such as "stable-updates").

The Suite field shall describe the codename of the release. This is mostly
a free-form string used to give a name to a release.

Date, Valid-Until
The Date field shall specify the time at which the Release file was created. The
Valid-Until field shall specify at which time the Release file should be
considered expired by the client. Client behaviour on expired Release files
is unspecified.

A whitespace separated list of areas.

    Components: main contrib non-free

MD5sum, SHA1, SHA256
Those fields shall be multi-line fields containing multiple lines of whitespace
separated data. Each line shall contain

    (1) The checksum of the file in the format corresponding to the field
    (2) The size of the file (integer >= 0)
    (3) The filename relative to the directory of the Release file

Each datum may be seperated by one or more whitespace characters.

Server requirements:
    The field shall contain data about all uncompressed files, and should also
    contain information about all compressed files. The checksum and sizes shall
    match the actual existing files.

Client behaviour:

    Any file should be checked at least once, either in compressed or
    uncompressed form, depending on which data is available. If a file
    has no associated data, the client shall inform the user about this
    under possibly dangerous situations (such as installing a package
    from that repository). If a file does not match the data specified
    in the release file, the client shall not use any information from
    that file, inform the user, and might use old information (such as
    the previous locally kept information) instead.

NotAutomatic and ButAutomaticUpgrades
The NotAutomatic and ButAutomaticUpgrades fields are boolean fields
instructing the package manager. They may contain the values "yes"
and "no".

If "NotAutomatic: yes" is specified, the client should prevent installation
of packages from this repository unless explicitely requested (APT will assign
priority 1 to that repository).

If "ButAutomaticUpgrades: yes" is specified in addition to "NotAutomatic: yes",
the client should cause upgrades to packages from that repository to be
installed automatically (APT will assign priority 100 to that repository).

If both are either missing or set to "No", the repository should behave like
any other repository (APT will assign either priority 500 or 990 by default,
depending on whether the release is it's target release).

Other combinations are undefined.

"Packages" Indices
The files dists/$DIST/$COMP/binary-$ARCH/Packages are called Binary Packages
Indices. They consist of multiple paragraphs, where each paragraph has the
format defined in Policy 5.3 (Binary package control files -- DEBIAN/control),
and the additional fields defined in this section.

The Filename field shall list the path of the package archive relative to the
base directory of the repository.

    Filename: pool/main/a/apt/apt_0.9.3_amd64.deb
Required: yes

The size field shall give the size of the package file, in bytes.

    Size: 1158196
Required: yes

MD5sum, SHA1, SHA256, SHA512
Checksums for the package. They shall be represented in hexadecimal
notation. The SHA512 field is not in active use prior to this
specification, the MD5sum and SHA1 fields should be considered
deprecated, but should still be provided.


    MD5sum: 2519c8c1afd27e70cf4ac10a5fa46e32
    SHA1: 646eda5b6d51190181c15f5537428161f6f04c1d
    SHA256: 3183eff291d1e9d905e78a6b467bbfb90b20fc2808d50b5e91bf55158b4c18be

Server requirements: SHA256 shall be available
Client requirements: Shall accept files without any such fields, should warn
                     if those fields are missing and a package is used.

An md5sum of the english description. This will be used to lookup the
translations in the translation indices. If this field is not defined,
the md5sum shall be calculated from the Description field.

Server requirements:
    Either Description or Description-md5 shall be specified.
Client requirements:
    If neither Description, nor Description-MD5 is defined, the result shall
    be the same as if an empty description was specified for all languages.
    If Description-md5 is defined, the long description shall be looked up
    via translation indices if requested.
    Description-md5: 9fb97a88cb7383934ef963352b53b4a7

The Description field shall contain the complete package description, if
Description-md5 is not defined; or only the short description of the package,
if Description-md5 is defined.

"Sources" Indices
The files dists/$DIST/$COMP/source/Sources are called Sources indices. They
consist of multiple paragraphs, where each paragraph has the format defined
in Policy 5.5 (5.4 Debian source control files -- .dsc), with the following
changes and additional fields. The changes are:

    - The "Source" field is renamed to "Package"

    - A new mandatory field "Package-List"
    - A new mandatory field "Directory"
    - A new optional field "Priority"
    - A new optional field "Section"

The Package-List field shall contain multiple lines of package information,
where each line begins with a whitespace and has the following format:


$PKGNAME is the name of the package, $TYPE is "deb" or "udeb", $SECTION
is the section of the package, and $PRIORITY is the priority of the package.

     apt deb admin important
     apt-doc deb doc optional
     apt-transport-https deb admin optional
     apt-utils deb admin important
     libapt-inst1.5 deb admin important
     libapt-pkg-dev deb libdevel optional
     libapt-pkg-doc deb doc optional
     libapt-pkg4.12 deb admin important

The directory field shall list the location of the source package in the
repository, relative to the base directory of the repository.

    Directory: pool/main/a/apt

Shall contain the value "source".

    Priority: source

Shall contain the section specified for the source package??

    Section: admin

Julian Andres Klode  - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.

Attachment: pgpUSbcCt63GC.pgp
Description: PGP signature

Reply to: