Hi,
attached is a small patch that allows apt-check-sigs to also check
absolute dists (i.e. ending in a '/') like:
deb http://people.debian.org/~foo/woody-backports bar/
(in case http://people.debian.org/~foo/woody-backports/bar/ contains a
signed release file with the md5sum of the Packages file in the same
directory, like:
Origin: people.debian.org
Label: foo
Suite: stable
Codename: woody
Component: main
Description: bar woody backport
MD5Sum:
4911ffcbb10d25e176507db4dc5f4be1 13742 Packages
c0ef0457b198e6dee176920f9ba0524c 1677 Sources
). This would allow maintainers to sign the Release files of their woody
backports or whatever if they want to.
Regards,
-- Guido
--- apt-check-sigs.orig Fri Apr 11 19:36:16 2003
+++ apt-check-sigs Mon Apr 14 13:42:26 2003
@@ -2,6 +2,8 @@
# Copyright (c) 2001 Anthony Towns <[EMAIL PROTECTED]>
#
+# support for absolute dists/ by Guido Guenther <[EMAIL PROTECTED]>
+#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
@@ -33,7 +35,7 @@
}
checkit () {
- local FILE="$1"
+ local FILE=`echo $1 | sed 's/~/%7e/g'`
local LOOKUP="$2"
Y="`get_md5sumsize Release "$LOOKUP"`"
@@ -49,6 +51,14 @@
echo "MISSING $Y"
return
fi
+ # we simply can't store the md5sum of the release file in the release
+ # file itself for absoule dists - it's okay not check it since we
already
+ # verified it's gpg signature
+ if [ "$LOOKUP" = "Release" ]; then
+ echo "$FILE" >>OK
+ echo "OK"
+ return
+ fi
if [ "$Y" = "" ]; then
echo "$FILE" >>NOCHECK
echo "NOCHECK"
@@ -86,11 +96,19 @@
continue
fi
- echo "Source: ${ty} ${url} ${dist} ${comps}"
-
+ if [ -z "$comps" -a `expr match $dist '.*/$'` != "0" ]; then
+ comps=$dist
+ unset dist
+ release=${url}/${comps}/Release
+ echo "Source: ${ty} ${url} ${comps}"
+ else
+ echo "Source: ${ty} ${url} ${dist} ${comps}"
+ release=${url}/dists/${dist}/Release
+ fi
+
rm -f Release Release.gpg
- lynx -reload -dump "${url}/dists/${dist}/Release" >/dev/null 2>&1
- wget -q -O Release "${url}/dists/${dist}/Release"
+ lynx -reload -dump $release >/dev/null 2>&1
+ wget -q -O Release $release
if ! grep -q '^' Release; then
echo " * NO TOP-LEVEL Release FILE"
@@ -107,12 +125,12 @@
echo " o $dateline"
echo " o $dscrline"
- if [ "${dist%%/*}" != "$suitline" -a "${dist%%/*}" !=
"$codeline" ]; then
+ if [ "$dist" -a "${dist%%/*}" != "$suitline" -a "${dist%%/*}"
!= "$codeline" ]; then
echo " * WARNING: asked for $dist, got
$suitline/$codeline"
fi
- lynx -reload -dump "${url}/dists/${dist}/Release.gpg"
>/dev/null 2>&1
- wget -q -O Release.gpg "${url}/dists/${dist}/Release.gpg"
+ lynx -reload -dump ${release}.gpg >/dev/null 2>&1
+ wget -q -O Release.gpg ${release}.gpg
gpgv --status-fd 3 Release.gpg Release 3>&1 >/dev/null 2>&1 |
sed -n "s/^\[GNUPG:\] //p" | (okay=0; err=""; while read gpgcode rest; do
if [ "$gpgcode" = "GOODSIG" ]; then
@@ -143,16 +161,26 @@
okaycomps=""
for comp in $comps; do
if [ "$ty" = "deb" ]; then
- X=$(checkit "`echo
"${baseurl}/dists/${dist}/${comp}/binary-${arch}/Release" | sed 's,//*,_,g'`"
"${comp}/binary-${arch}/Release")
- Y=$(checkit "`echo
"${baseurl}/dists/${dist}/${comp}/binary-${arch}/Packages" | sed 's,//*,_,g'`"
"${comp}/binary-${arch}/Packages")
+ if [ "$dist" ]; then
+ X=$(checkit "`echo
"${baseurl}/dists/${dist}/${comp}/binary-${arch}/Release" | sed 's,//*,_,g'`"
"${comp}/binary-${arch}/Release")
+ Y=$(checkit "`echo
"${baseurl}/dists/${dist}/${comp}/binary-${arch}/Packages" | sed 's,//*,_,g'`"
"${comp}/binary-${arch}/Packages")
+ else
+ X=$(checkit "`echo "${baseurl}/${comp}Release"
| sed 's,//*,_,g'`" "Release")
+ Y=$(checkit "`echo "${baseurl}/${comp}Packages"
| sed 's,//*,_,g'`" "Packages")
+ fi
if [ "$X $Y" = "OK OK" ]; then
okaycomps="$okaycomps $comp"
else
echo " * PROBLEMS WITH $comp ($X, $Y)"
fi
elif [ "$ty" = "deb-src" ]; then
- X=$(checkit "`echo
"${baseurl}/dists/${dist}/${comp}/source/Release" | sed 's,//*,_,g'`"
"${comp}/source/Release")
- Y=$(checkit "`echo
"${baseurl}/dists/${dist}/${comp}/source/Sources" | sed 's,//*,_,g'`"
"${comp}/source/Sources")
+ if [ "$dist" ]; then
+ X=$(checkit "`echo
"${baseurl}/dists/${dist}/${comp}/source/Release" | sed 's,//*,_,g'`"
"${comp}/source/Release")
+ Y=$(checkit "`echo
"${baseurl}/dists/${dist}/${comp}/source/Sources" | sed 's,//*,_,g'`"
"${comp}/source/Sources")
+ else
+ X=$(checkit "`echo "${baseurl}/${comp}Release"
| sed 's,//*,_,g'`" "Release")
+ Y=$(checkit "`echo "${baseurl}/${comp}Sources"
| sed 's,//*,_,g'`" "Sources")
+ fi
if [ "$X $Y" = "OK OK" ]; then
okaycomps="$okaycomps $comp"
else
