Package: apt Severity: wishlist X-Debbugs-CC: apt-offline@packages.debian.org Control: block 871656 by -1 For machines that are in a location with no Internet, apt-offline is a semi-convenient way to perform updates, upgrades and installs. There are two situations where offline machines can occur: * systems in remote locations with no Internet access at all * systems that are air-gapped and recieve only incoming data, no outgoing data is allowed for security reasons. Unfortunately it was discovered that apt-offline does not check signatures properly and the package was removed from Debian buster. https://bugs.debian.org/871656 In addition the interface that apt-offline uses for exporting the list of files that should be downloaded is just the --print-uris option, which I noticed only prints MD5 hashes when installing packages. It would be nice to resolve both of these issues properly by creating a bidirectional interface between external downloaders and apt. I suggest that such an interface should have these properties: * be usable with all commands, including update, install, upgrade etc * allow the downloader to be run on any kind of system with Internet access, including Windows/macOS/Android etc machines * allow the downloader to be as sophisticated or as dumb as needed * tell the downloader what to download and what filenames to choose * tell the downloader how to verify each download was correct, including needed OpenPGP keys etc * optionally don't tell the downloader about local sources.list transports like file:// cdrom:// copy:// since those probably won't be available on the download system but in some circumstances they could be if the sysadmins have set them up correctly * some transports (mirror:// tor://) may need some special handling... * allow imports of downloaded data from a directory, probably best to leave it to apt-offline users to define how they transfer the data to the import directory * do verification twice, potentially once by the downloader (won't be possible in all situations) and always by apt These properties should make it usable in these situations: * For remote locations, a bi-directional sneakernet can be used to perform arbitrary apt operations as needed. * For air-gapped locations, an online clone/chroot/container of the remote system can be used to download updates, apply them locally and then ship the tested updates to the remote system; maintaining two identical systems, one with the air-gapped data and one without. -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part