Bug#886745: marked as done (apt: sources.list option to fetch InRelease by specified hash)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Thu, 18 Jan 2018 15:34:29 +0000
with message-id <E1ecCCz-000GTs-Fa@fasolo.debian.org>
and subject line Bug#886745: fixed in apt 1.6~alpha7
has caused the Debian Bug report #886745,
regarding apt: sources.list option to fetch InRelease by specified hash
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
886745: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886745
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: apt: sources.list option to fetch InRelease by specified hash
• From: Colin Watson <cjwatson@debian.org>
• Date: Tue, 9 Jan 2018 13:37:12 +0000
• Message-id: <[🔎] 20180109133712.q3267jc423ch6y5i@riva.ucam.org>

Package: apt
Version: 1.6~alpha6
Severity: wishlist

We've been looking at ways to make our image building more reliable
across publisher runs (Launchpad in our case).  Conceptually, we'd like
to be able to build images from a snapshot of the archive, so that we
can schedule several image builds at the same time and they'll all be
constructed based on the same view of the archive even if the builds are
dispatched at slightly different times.  However, we don't really have
an archive snapshotting facility at the moment, and putting that
together just for this would be quite resource-intensive.

A much less resource-intensive option would be a sources.list option
that tweaks the path to the InRelease file within the suite to be a
by-hash path.  For example, we might do something like this:

  deb [inrelease-by-hash=$sha256sum] http://...

Or this:

  deb [inrelease-path=by-hash/SHA256/$sha256sum] http://...

With this, and the corresponding publisher changes to store InRelease
files in by-hash with some suitable stay of execution, then all we'd
need to do would be adjust the sources.list that's dispatched to the
builder, and as long as all the builds in question started within some
reasonable time then they'd all build with the exact same view of the
archive even if there's a little bit of skew in exactly when they start.
It would be like a cheaper version of snapshot that's limited to the
time that index files hang around in by-hash.

I think this is probably just a matter of a few tweaks around
constructMetaIndexURI and friends.  If you think this makes sense, I
could deal with extending the Launchpad publisher to save InRelease
files in by-hash.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---

--- Begin Message ---

• To: 886745-close@bugs.debian.org
• Subject: Bug#886745: fixed in apt 1.6~alpha7
• From: Julian Andres Klode <jak@debian.org>
• Date: Thu, 18 Jan 2018 15:34:29 +0000
• Message-id: <E1ecCCz-000GTs-Fa@fasolo.debian.org>

Source: apt
Source-Version: 1.6~alpha7

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 886745@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 18 Jan 2018 14:44:14 +0000
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 1.6~alpha7
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - transitional package for https support
 apt-utils  - package management related utility programs
 libapt-inst2.0 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.0 - package management runtime library
Closes: 886250 886429 886745 887017 887607
Changes:
 apt (1.6~alpha7) unstable; urgency=medium
 .
   [ Mert Dirik ]
   * Turkish program translation update (Closes: 886250)
 .
   [ David Kalnischkies ]
   * dpkg status parsing: check if name is valid before use
 .
   [ Julian Andres Klode ]
   * apt-compat.cron.daily: Correctly handle undetermined power status
     (LP: #1742378)
   * Introduce inrelease-path option for sources.list (Closes: #886745)
   * Drop obsolete Suggests on python-apt (Closes: #887607)
   * Point people to salsa.d.o instead of anonscm.d.o for git
 .
   [ Justin B Rye ]
   * review and fix the three new apt-transport- manpages
 .
   [ Holger Wansing ]
   * German program translation update (Closes: 886429)
 .
   [ Julien Patriarca ]
   * French program translation update (Closes: 887017)
Checksums-Sha1:
 bab31a2070d81dcc5e6ac3daf39483b8cda115d7 2733 apt_1.6~alpha7.dsc
 f016fa5a9f639ec212f83c9a344fea5d3b6bcb8e 2116452 apt_1.6~alpha7.tar.xz
 2785e0d4e2f72869608881aff58494bee225bb7c 7358 apt_1.6~alpha7_source.buildinfo
Checksums-Sha256:
 4263057a9cb1379191da24ac1bf888e2a5569fd066e4250deacfd4f46b462d75 2733 apt_1.6~alpha7.dsc
 5db7bffbbb454211bb8ffa011ba8502a2f0d5e16dd7dc5933aab838831bcd166 2116452 apt_1.6~alpha7.tar.xz
 8b6cc4ef31c19321493d80d82d5f1e3b27094864bb7e53fd6561ee01d5b960a7 7358 apt_1.6~alpha7_source.buildinfo
Files:
 8b5f77c42c59924732fd267ffe4c0ead 2733 admin important apt_1.6~alpha7.dsc
 2c518d4adcf3c990ea11977ad35bbb61 2116452 admin important apt_1.6~alpha7.tar.xz
 d9f738e8a686df3430f531370b8be297 7358 admin important apt_1.6~alpha7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEzeVhi4gF/W4gLOnC1zw55WWAs4YFAlpgtEsPHGpha0BkZWJp
YW4ub3JnAAoJENc8OeVlgLOGIpcQAIBh/To767ReYbbg19pNpXjMn1VN+2f3P3O0
aBdc7/iNZ6kn29IxBLvt/Zt5hXNRS7R7LFyGceO6rzsyKNSaYnevHplOEmJR63bH
3kUvVZZlnHxbcVYg0yFckUDhWqgprGYBrPy1yjFWGW3aZBF1wLwW4qdNN52rs/gh
JekdBeUqVipDRwfzGA1ubby9slNqSNZbklZQymoYaXtAW6vfcZo3gw3D0MgAbXcS
E1ZIq1V5tb54ITNObRlHd92ky4KUiC/k8tzDNkIoVqU65t/3dUlIhTamtEou/DAP
y9Ll2gmsJnmRJzt/0McJKtiQU5nmz3EqVSAY4Dv664gPqf23vt1eGOHO00hTiPmL
eJ9KK6ZDRvKa7P24Qc07ZUY0xuDwlZ15MY4iklpyCtj9vRKKBIWUv4ZVjQgT0WMY
q7OqELap8p5J30DRz2vzUzR95Q20FaDU6Jlk7N6FReBKXuJbFJib6+VFnTjbi3T1
s02as9B/p4FUgFKjRa5yGRfA6HZXR8HOF/4FtAoxkMmOf/7kb7i7pK5dWOqo1GwS
Zd7mtdBygxuVq9BGxLsyxOoc3i2SlqNzad8vfCHTMDn7ru/2y1Uz4sF7vyOKY/l6
/Xyryiqyf+XZ+GbZ3Re+FOxCeLWAiDEn2UmNQNv7/Ejc8DHz2VPqSF/W2uEbcLDC
KYzYZz5f
=Zy0z
-----END PGP SIGNATURE-----

--- End Message ---