apt-move

Peter Dyballa Sat, 02 Apr 2022 04:21:13 -0700

Hello!

Recently I started to work for a small German bank that needs to provide its 
own mirror for the Debian packages ("Buster" right now, "Bullseye" to come 
soon) its Linux VMs are using. I decided to build a partial mirror according to 
a description in the Debian users manual (that's its German title) which 
utilises apt-move. The shell script /usr/bin/apt-move produces a Release file 
that apt-get on a Linux VM describes as "having no hashes" (probably because in 
its sources.list we use [trusted=yes] – the packages come from our safe 
server!). Actually it has, MD5 and SHA1 hashes, but modern apt-get expects 
SHA256 and/or SHA512 hashes.


It seems easy to extend the function get_checksum() to create also these hashes 
and write them via additional redirections in additional files which 
make_release() can handle and write at Release's end.

Do you have a better idea? (My employer, who has sent me to the bank, will own 
the IP, but I can send you a copy nevertheless.)


        get_checksum() {
                for l; do
                        [ -f $l ] || continue
                        size=$(perl -le 'print ((stat($ARGV[0]))[7]);' $l)
                        printf ' %32s%.s %16d %s\n' \
                                $(md5sum $l) $size $j/$k/$l
                        printf ' %40s%.s %16d %s\n' \
                                $(sha1sum $l) $size $j/$k/$l >&3
                        ########
                        printf ' %64s%.s %16d %s\n' \
                                $(sha1sum $l) $size $j/$k/$l >&4
                        printf ' %128s%.s %16d %s\n' \
                                $(sha1sum $l) $size $j/$k/$l >&5
                done
        }

        make_release()
                .
                .
                .
                #######
                done > $pf-md5sum 3> $pf-sha1sum 4> $pf-sha256sum 5> 
$pf-sha512sum
        
                [ -n "$compo" ] || return 0
        
                info "Building: $dir Release"
        
                [ $TEST ] && return
        
                exec > Release.new
        
                echo Origin: $origin
                echo Label: $label
                echo Suite: $suite
                echo Codename: $codename
                echo Date: $(TZ=UTC date '+%a, %d %b %Y %T %Z')
                echo Architectures: $(printf '%s\n' $arch | sort -u)
                echo Components:$compo
                echo Description: $desc
                echo MD5Sum:
                cat $pf-md5sum
                echo SHA1:
                cat $pf-sha1sum
                #######
                echo SHA256:
                cat $pf-sha256sum
                echo SHA512:
                cat $pf-sha512sum
                exec >&-
        
                if [ -n "$GPGKEY" ]; then
                        gpg --detach-sign -ao Release.gpg --default-key 
"$GPGKEY" \
                                --batch --yes --sign Release.new
                fi
                mv Release.new Release
        }


--
Greetings

  Pete

Never be afraid to try something new. Remember, amateurs built the ark.
Professionals built the Titanic.

apt-move

Reply via email to