Bug#592717: apt: Implement SFTP/SCP method for APT (not just SSH)
Package: apt
Version: 0.7.25.3
Severity: wishlist
Hi there!
I'd really like to see SCP/SFTP support in APT so that I can use OpenSSH's
internal-sftp with my privately hosted Debian mirror.
The current SSH method works, but only if the user who accesses the repository
has shell access on that host.
If the SSH server hosting the repository is configured like this (in
/etc/ssh/sshd_config)
Subsystem sftp internal-sftp
Match user dpkg-user
ChrootDirectory %h
ForceCommand internal-sftp
Then using a package source like
deb ssh://dpkg-user@MYHOST/MYREPO/debian/ MYCODENAME main
Fails with an error message like
Err ssh://dpkg-user@MYHOST MYCODENAME/main Packages
Read error - read (0 Success)
Fetched 3373B in 2s (1621B/s)
W: Failed to fetch ssh://dpkg-
user@MYHOST/MYREPO//debian/dists/MYCODENAME/main/binary-amd64/Packages Read
error - read (0 Success)
E: Some index files failed to download, they have been ignored, or old ones
used instead.
All necessary files exist in the right places and I have enabled password-less
authentication with a public SSH key (i.e. I can use SCP just fine with the
setup).
If I understand correctly, the current SSH method just logs in via plain SSH
and uses the "find" and "dd" commands for file transfer. This is obviously not
allowed for users with a forced internal-sftp command.
Cheers,
Christian Blichmann
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "1";
APT::Install-Suggests "0";
APT::Acquire "";
APT::Acquire::Translation "environment";
APT::Update "";
APT::Update::Post-Invoke "";
APT::Update::Post-Invoke:: "[ ! -x /usr/lib/ia32-libs-tools/update-arch-all.list ] || /usr/lib/ia32-libs-tools/update-arch-all.list";
APT::Update::Post-Invoke-Success "";
APT::Update::Post-Invoke-Success:: "touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";
APT::Update::Post-Invoke-Success:: "[ ! -f /var/run/dbus/system_bus_socket ] || /usr/bin/dbus-send --system --dest=org.debian.apt --type=signal /org/debian/apt org.debian.apt.CacheChanged || true";
APT::Authentication "";
APT::Authentication::TrustCDROM "true";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^linux-image.*";
APT::NeverAutoRemove:: "^linux-restricted-modules.*";
APT::NeverAutoRemove:: "^kfreebsd-image.*";
APT::Default-Release "testing";
APT::Periodic "";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
APT::Archives "";
APT::Archives::MaxAge "30";
APT::Archives::MinAge "2";
APT::Archives::MaxSize "500";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::userstatus "status.user";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Media "";
Dir::Media::MountPath "/media/apt";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Unattended-Upgrade "";
Unattended-Upgrade::Allowed-Origins "";
Unattended-Upgrade::Allowed-Origins:: "Debian stable";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Post-Invoke "";
DPkg::Post-Invoke:: "if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; if [ -e /var/lib/update-notifier/updates-available ]; then echo > /var/lib/update-notifier/updates-available; fi ";
-- /etc/apt/preferences --
Package: *
Pin: release a=testing
Pin-Priority: 700
Package: *
Pin: release a=unstable
Pin-Priority: 650
Package: *
Pin: release a=experimental
Pin-Priority: 101
-- /etc/apt/sources.list --
deb http://intranet/apt-mirror/debian/ squeeze main contrib non-free
deb-src http://intranet/apt-mirror/debian/ squeeze main contrib non-free
deb http://intranet/apt-mirror/security/ squeeze/updates main contrib
deb-src http://intranet/apt-mirror/security/ squeeze/updates main contrib
deb http://intranet/apt-mirror/virtualbox/ lenny non-free
deb http://intranet/apt-mirror/debian/ sid main contrib non-free
deb-src http://intranet/apt-mirror/debian/ sid main contrib non-free
deb http://www.debian-multimedia.org testing main
deb-src http://www.debian-multimedia.org testing main
#deb http://intranet/dpkg/vxclass/debian/ virulent main
deb ssh://vxclass-dpkg-repo@storage.zynamics.com/dpkg/vxclass/debian/ virulent main
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (650, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt depends on:
ii debian-archive-keyring 2009.01.31 GnuPG archive keys of the Debian a
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.4-7 GCC support library
ii libstdc++6 4.4.4-7 The GNU Standard C++ Library v3
apt recommends no packages.
Versions of packages apt suggests:
pn apt-doc <none> (no description available)
ii aptitude 0.6.3-3 terminal-based package manager (te
ii bzip2 1.0.5-4 high-quality block-sorting file co
ii dpkg-dev 1.15.7.2 Debian package development tools
ii lzma 4.43-14 Compression method of 7z format in
ii python-apt 0.7.96.1 Python interface to libapt-pkg
ii synaptic 0.63.2 Graphical package manager
-- no debconf information
Reply to: