Hi! On Tue, 2013-07-30 at 23:30:41 +0200, Guillem Jover wrote: > Package: apt-zip > Version: 0.18 > Severity: important
> This package contains some code to verify .deb files in the wget > method, but it only handles data.tar.gz deb members, it's at least > missing support, as documented in deb(5), for: > > data.tar > data.tar.bz2 > data.tar.xz > data.tar.lzma (deprecated) > > So the check function should be updated to cope with packages that > exist in the wild. Ok, here is a tentative untested patch. The current deb-format support in various tools is being tracked at <https://wiki.debian.org/Teams/Dpkg/DebSupport>. Thanks, Guillem
diff -Nru apt-zip-0.18/debian/changelog apt-zip-0.18+nmu1/debian/changelog --- apt-zip-0.18/debian/changelog 2008-02-01 08:18:33.000000000 +0100 +++ apt-zip-0.18+nmu1/debian/changelog 2014-08-03 10:59:53.000000000 +0200 @@ -1,3 +1,10 @@ +apt-zip (0.18+nmu1) UNRELEASED; urgency=low + + * Non-maintainer upload. + * Add support for data.tar, data.tar.xz, data.tar.bz2 and data.tar.lzma. + + -- Guillem Jover <[email protected]> Sun, 03 Aug 2014 10:59:35 +0200 + apt-zip (0.18) unstable; urgency=medium * Use sha256 instead of md5 for checksum, as in apt 0.7.7. diff -Nru apt-zip-0.18/methods/wget apt-zip-0.18+nmu1/methods/wget --- apt-zip-0.18/methods/wget 2008-02-01 07:54:37.000000000 +0100 +++ apt-zip-0.18+nmu1/methods/wget 2014-08-03 10:56:57.000000000 +0200 @@ -38,11 +38,39 @@ then return 0 else err \$1 "wrong checksum"; return 1 fi - [ "\`type gzip\`" ] && - if ar p \$1 data.tar.gz | gzip -t + case "\`ar t \$1 | grep data\\.tar\`" in + data.tar) + if ar p \$1 data.tar | tar -t >/dev/null then return 0 else err \$1 "wrong contents"; return 1 fi + data.tar.gz) + [ "\`type gzip\`" ] && + if ar p \$1 data.tar.gz | gzip -t + then return 0 + else err \$1 "wrong contents"; return 1 + fi + data.tar.xz) + [ "\`type xz\`" ] && + if ar p \$1 data.tar.xz | xz -t + then return 0 + else err \$1 "wrong contents"; return 1 + fi + data.tar.bz2) + [ "\`type bzip2\`" ] && + if ar p \$1 data.tar.bz2 | bzip2 -t + then return 0 + else err \$1 "wrong contents"; return 1 + fi + data.tar.lzma) + [ "\`type xz\`" ] && + if ar p \$1 data.tar.lzma | xz -t + then return 0 + else err \$1 "wrong contents"; return 1 + fi + *) + err \$1 "wrong contents"; return 1 + esac return \$3 } EOF

