On Sat, Dec 14, 2013 at 6:47 AM, adrelanos wrote: > is it possible to hook apt-get somehow to do some action done before > apt-get starts any network activity?
Based on a quick grep of the apt package, APT::Update::Pre-Invoke might be what you want. Here is an extremely dangerous example of how it can be used: http://www.webupd8.org/2009/06/automatically-import-launchpad-ppa-keys.html It would be possible to do it in a secure way but that example is definitely not secure. > I would like to add refresh gpg keys from a server first to check if any > of them have been revoked in meanwhile. That sounds like a useful feature to have. When you implement this, please ensure it isn't vulnerable to any duplicate-keyid problems: http://debian-administration.org/users/dkg/weblog/105 > (I am asking this because I would like to add such a feature to Whonix, > which is a derivative of Debian. Hope you don't mind me asking here.) I would encourage you to get that (or a background cron job) into Debian instead, it is a pretty important security enhancement IMO. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKTje6G2PCMxVOUAMtQPthE3KAns005juoxU4xskdHnZt=x...@mail.gmail.com
