Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs

To: Branden Robinson <branden@debian.org>
Cc: <debian-dpkg@lists.debian.org>, <161593-quiet@bugs.debian.org>
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
From: Adam Heath <doogie@debian.org>
Date: Mon, 23 Sep 2002 11:32:24 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.33.0209231125000.2276-100000@gradall.private.brainfood.com>
In-reply-to: <[🔎] 20020923160802.GI14540@deadbeast.net>

On Mon, 23 Sep 2002, Branden Robinson wrote:

> On Sun, Sep 22, 2002 at 07:20:35PM -0500, Adam Heath wrote:
> > On Sun, 22 Sep 2002, Branden Robinson wrote:
> > > One of the selling points of the Debian package format is that it can be
> > > manipulated with "standard tools".
> >
> > manipulated != created
>
> Creation is a subset of manipulation.  Other "manipulations" include
> extraction, appending members, replacement of members, and listing the
> contents.

You can create debs with standard tools.  That scenario is not going away.

However, official creators must follow the standard(which, until just
recently, wasn't well known).

Being able to create debs with standard tools is really only to be used by
humans doing something quick and dirty, not for real programs doing real work
on behalf of the project.

> > debsigs is an official creator.  Therefor, it *must* not put / on the end of
> > the member names.
>
> Fine; I suggest that we either hack ar in our binutils to support
> options that enable it to create .deb-correct ar files, or that we ship
> a tool in debianutils ("dar"?) that is capable of doing so.

We never defined which ar that was.  Creating deb compatiable ar files can be
done in shell(following the spec I have laid out, which doesn't support long
names.  Even then, the bsd-format long name support should be easy to do in
shell as well).

> We must do either of the above, abandon our claim that Debian package
> files have anything to do with the ar format, or make our tools more
> intelligent, so that they can understand a .deb that any
> standard-compliant ar program created.

ar created debs work fine.  But debsigs is an official program, so must follow
the official spec.

> > > Apt refusing to deal with ar files that have the Debian components in
> > > the proper order, but which were generated by the only ar program that
> > > Debian provides is *perverse*.
> >
> > This is true.  But debsigs is still buggy.
>
> Debian has long claimed that our packages are just "ar files".  This
> implies that you can use ar(1) to create them, but you can't (well, you
> can, but they won't work).

You can create debs with ar(1), and dpkg-deb will handle them just fine.  The
fact that apt-ftparchive does not is a bug in apt-ftparchive.  However, just
because you *can* do this, doesn't make it right.

Also, ar(1) can be used to extract/list dpkg-deb created debs.  dpkg-deb does
*not* add the '/' to the end of the names, and ar(1) handles this fine.

> I suggest we not abandon this claim.

We aren't.

Reply to:

References:
- Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
  - From: Branden Robinson <branden@debian.org>

Prev by Date: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Next by Date: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Previous by thread: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Next by thread: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Index(es):
- Date
- Thread