Re: mini-dinstall, repository signing and apt-get authentication

To: Ian Zimmerman <itz@madbat.mine.nu>
Cc: debian-mentors@lists.debian.org
Subject: Re: mini-dinstall, repository signing and apt-get authentication
From: Neil Williams <codehelp@debian.org>
Date: Tue, 31 Jul 2007 15:43:27 +0100
Message-id: <[🔎] 20070731154327.b286ebcf.codehelp@debian.org>
In-reply-to: <[🔎] 87abtc8ysz.fsf@unicorn.ahiker.homeip.net>
References: <44CA6FEC.5060004@codehelp.co.uk> <[🔎] 87abtc8ysz.fsf@unicorn.ahiker.homeip.net>

On 31 Jul 2007 09:53:16 -0400
Ian Zimmerman <itz@madbat.mine.nu> wrote:

> Neil> Time for a bug report, I think. But in order to actually get the
> Neil> thing working, I need more help.

I wish you'd included the fact that the original email is from:
Date: 2006-07-28 21:09 +100

It's very confusing getting a reply from an email that old!

http://lists.debian.org/debian-mentors/2006/07/msg00345.html

> Have you ever filed the report?  I can't find it searching on b.d.o.

Didn't need to - I switched to reprepro instead.

mini-dinstall isn't really designed for my kind of repository and I
didn't see any point filing a bug report to make mini-dinstall more
like reprepro when reprepro was (and is) simply a better choice for
anything more than a very simple repository.

> And this is my main question: have you figured out what causes this error?

Yes - the error is caused by not using reprepro.
:-)

> Let me describe my situation: I have a flat (single directory) archive
> of personal debs.  I see absolutely no point in maintaining "code names"
> and "suites" and what not. 

reprepro doesn't force these on you but it does not stop you adding
them later either.

> I generate the Packages.gz file by
> 
> cd /var/local/debian && apt-ftparchive packages ./ | gzip - > Packages.gz

Yuk. There should be no need to do this.

> and the Release file by
> 
> cd /var/local/debian && apt-ftparchive release ./ > /tmp/Release && mv /tmp/Release .

Nor that.

> All this works flawlessly until I introduce signing.  As soon as I add a Release.gpg
> file (generated by cd /var/local/debian && gpg -abs -o Release.gpg Release)
> apt-get starts giving me the above error message.  Now the wording made me think
> that perhaps perhaps I should NOT compress the Packages file, so I tried to omit
> the gzip step above.  But then apt-get complains it cannot retrieve Packages file!

No. The error is because mini-dinstall doesn't support what you want.

> <rant>
> It seems the security layer of apt was a quick hack which introduced this sort
> of confusion, instead of the thoughtful redesign it needed.
> </rant>

No. IMHO mini-dinstall is the quick hack which isn't capable of
supporting advanced features like SecureApt.

Use the right tool for the job.

-- 

Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/

Attachment: pgpBw45cwN3NN.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: mini-dinstall, repository signing and apt-get authentication
  - From: Ian Zimmerman <itz@madbat.mine.nu>

References:
- Re: mini-dinstall, repository signing and apt-get authentication
  - From: Ian Zimmerman <itz@madbat.mine.nu>

Prev by Date: Re: mini-dinstall, repository signing and apt-get authentication
Next by Date: Re: info about puiparts [was: Sponsor Checklist]
Previous by thread: Re: mini-dinstall, repository signing and apt-get authentication
Next by thread: Re: mini-dinstall, repository signing and apt-get authentication
Index(es):
- Date
- Thread