Re: Bug#93612: Support for new archive structure

2001-05-08 Thread J.A. Bezemer
[Sorry for the terrible delay. It's just that I'm completely overloaded and also try to do my thesis work at the same time, so I'm only now catching up with the older discussions. Actually, I had scheduled some time yesterday to spend on this, and was planning to write some large and fundamental

Re: Bug#93612: Support for new archive structure

2001-04-19 Thread Wookey
On Sun 15 Apr, Philip Charles wrote: > On Sat, 14 Apr 2001, Jason Gunthorpe wrote: > > CD's may in fact contain content from the Debian site and it should be > > possible to validate that content was part of a Debian release without > > having to jump through any special hopps. That is independen

Re: Bug#93612: Support for new archive structure

2001-04-17 Thread Nate Duehr
On Sat, Apr 14, 2001 at 01:08:11PM +0200, Santiago Vila wrote: > I use this too, and I even have a burner. > > A loopback ISO mount is always faster than the real CD. > If this is not going to be possible anymore, we lose *valuable* functionality. Hope I'm not too late here, but I use this funct

Re: Bug#93612: Support for new archive structure

2001-04-16 Thread Attila Nagy
Hello, > - works with dpkg-multicd and apt-cdrom > It's difficult to check automatically for those. But we'd need such a > tool for sure. I think checking this could be done automatically and the integration of this step into debian-cd would be a very good thing... --

Re: Bug#93612: Support for new archive structure

2001-04-15 Thread Raphael Hertzog
Le Sun, Apr 15, 2001 at 06:55:43PM +0200, Attila Nagy écrivait: > So could somebody tell what are the exact parameters of a good Debian CD? - bootable (at least the first CD) - good official packages - good documentation - works with dpkg-multicd and apt-cdrom It's difficult to check automatical

Re: Bug#93612: Support for new archive structure

2001-04-15 Thread Jason Gunthorpe
On Sun, 15 Apr 2001, Raphael Hertzog wrote: > Le Sun, Apr 15, 2001 at 12:18:26AM -0600, Jason Gunthorpe écrivait: > > 1) Make the empty file dists/woody/aptignr > > - This tells apt-cdrom that the CD is foobar'd below this directory > >and it should just ignore it. > > Does thi

Re: Bug#93612: Support for new archive structure

2001-04-15 Thread bbennet
On Sat, 14 Apr 2001, Cristian Ionescu-Idbohrn wrote: >On Sat, 14 Apr 2001, Santiago Vila wrote: > >> On Fri, 13 Apr 2001, Philip Charles wrote: >> >> > On Fri, 13 Apr 2001, Jason Gunthorpe wrote: >> > >> > > No more than all the other ugly things that have been suggested, and this >> > > only aff

Re: Bug#93612: Support for new archive structure

2001-04-15 Thread Attila Nagy
Hello, > If it is unoffical, loop mount it and compare the image's /md5sums.txt > with the archives ./indices/md5sums.gz That's not enough. For example I have Packages* files with a length of 0 byte. It could be important to check the MD5 checksums, but it is more important to check the other sm

Re: Bug#93612: Support for new archive structure

2001-04-15 Thread Raphael Hertzog
Le Sun, Apr 15, 2001 at 12:18:26AM -0600, Jason Gunthorpe écrivait: > 1) Make the empty file dists/woody/aptignr > - This tells apt-cdrom that the CD is foobar'd below this directory >and it should just ignore it. Does this feature already exist ? If not, please consider calling i

Re: Bug#93612: Support for new archive structure

2001-04-15 Thread Raphael Hertzog
Le Sat, Apr 14, 2001 at 08:15:49PM -0600, Jason Gunthorpe écrivait: > > > It will add them both and it becomes trivial for someone to defeat the > > > security mechanisms. > > > Why ? > > What do you mean 'Why?' Put the bad files in the insecure space and > let-er-rip. I can't understand tha

Re: Bug#93612: Support for new archive structure

2001-04-15 Thread Richard Atterer
On Sat, Apr 14, 2001 at 05:02:10PM -0600, Jason Gunthorpe wrote: [snip] > I *really* don't see why this is necessary. How is writing: > deb file:/.../ woody-secured main > any better than writing > deb-partial file:/.../ woody main > ? > > Even with this scheme you still need to have the 'deb-par

Re: Bug#93612: Support for new archive structure

2001-04-15 Thread Philip Charles
On Sun, 15 Apr 2001, Attila Nagy wrote: > Hello, > > > > I have used this myself. It is a good way to test an image. It is also > > > used by people who have borrowed CDs and do not have a burner. > I think a validity checking part in debian-cd would be very nice. > > BTW, what's the correct

Re: Bug#93612: Support for new archive structure

2001-04-15 Thread Philip Charles
On Sat, 14 Apr 2001, Jason Gunthorpe wrote: > > On Sat, 14 Apr 2001, Philip Charles wrote: > > > A CD (or iso image) is essentially one file and the integrity of this can > > be verified by a single signed checksum. > > No, that is such an oversimplification and what you have described of the

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Jason Gunthorpe
On Sun, 15 Apr 2001, Anthony Towns wrote: > Having random insecure files, however tempting they may look, shouldn't > stop a user from at least knowing whether they're using something straight > from Debian or not. I would prefer that instructions be as simple as possible to minimize errors. I

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Anthony Towns
On Sat, Apr 14, 2001 at 08:15:49PM -0600, Jason Gunthorpe wrote: > On Sun, 15 Apr 2001, Raphael Hertzog wrote: > > > Having more than one tree means it will be detected more than once and > > > that certianly is not desirable, any may cause problems, like it asking > > > for the disks in a non-ide

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Jason Gunthorpe
On Sun, 15 Apr 2001, Raphael Hertzog wrote: > > Having more than one tree means it will be detected more than once and > > that certianly is not desirable, any may cause problems, like it asking > > for the disks in a non-ideal order, or something equally lame. > May or will cause problem ? I

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Raphael Hertzog
Le Sat, Apr 14, 2001 at 05:02:10PM -0600, Jason Gunthorpe écrivait: > Having more than one tree means it will be detected more than once and > that certianly is not desirable, any may cause problems, like it asking > for the disks in a non-ideal order, or something equally lame. May or will cause

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Jason Gunthorpe
On Sat, 14 Apr 2001, Raphael Hertzog wrote: > Le Sat, Apr 14, 2001 at 02:05:35PM -0600, Jason Gunthorpe écrivait: > > How exactly do you propose that apt-cdrom determine that these two random > > trees of stuff are actually the same tree of stuff? Current apt-cdrom will > > not properly handle C

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Attila Nagy
Hello, > > I have used this myself. It is a good way to test an image. It is also > > used by people who have borrowed CDs and do not have a burner. I think a validity checking part in debian-cd would be very nice. BTW, what's the correct way to check an ISO made with the debian-cd script? And

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Raphael Hertzog
Le Sat, Apr 14, 2001 at 02:05:35PM -0600, Jason Gunthorpe écrivait: > How exactly do you propose that apt-cdrom determine that these two random > trees of stuff are actually the same tree of stuff? Current apt-cdrom will > not properly handle CD's made like this, so you've broke that. Explain us

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Jason Gunthorpe
On Sat, 14 Apr 2001, Philip Charles wrote: > A CD (or iso image) is essentially one file and the integrity of this can > be verified by a single signed checksum. No, that is such an oversimplification and what you have described of the HURD CD's prooves that. CD's may in fact contain content f

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Jason Gunthorpe
On Sat, 14 Apr 2001, J.A. Bezemer wrote: > > Nope, packages fails verification and APT will stop without using the > > file, ditto for ftp, http, etc. > > EVERY access method up to current potato APT will work nicely with this. If > woody/sid APT suddenly stops working correctly, thats a grave

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Jason Gunthorpe
On Sat, 14 Apr 2001, Raphael Hertzog wrote: > Le Sun, Apr 15, 2001 at 12:27:19AM +1000, Anthony Towns écrivait: > > So anyway, how does the above idea (two woody trees in dists), > > sound? Workable, or are there other problems? > > I don't see any apart from the fact that most tools will use

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Filip Van Raemdonck
On Fri, Apr 13, 2001 at 11:14:30PM +, Philip Charles wrote: > On Fri, 13 Apr 2001, Jason Gunthorpe wrote: > > > > > > > you can tell it to read Packages.cd directly > > > > > I don't want that, it's a hack. :) > > > > No more than all the other ugly things that have been suggested, and th

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Steve McIntyre
On Sat, Apr 14, 2001 at 06:05:04PM +0200, Raphael Hertzog wrote: >Le Sun, Apr 15, 2001 at 12:27:19AM +1000, Anthony Towns ?crivait: >> Instead of changing the name of the Packages file, how about we try something >> completely different? >> >> dists/ woody-secured/ >[...] >> That should be p

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Raphael Hertzog
Le Sun, Apr 15, 2001 at 12:27:19AM +1000, Anthony Towns écrivait: > Instead of changing the name of the Packages file, how about we try something > completely different? > > dists/ woody-secured/ [...] > That should be pretty easy to do right now, and shouldn't cause any > problems to anyon

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Anthony Towns
On Sat, Apr 14, 2001 at 03:06:09PM +0200, J.A. Bezemer wrote: > That's because APT (and ONLY apt) is effectively changing the very definition > of "Packages file". Up to this moment: > Packages = file that is an index to all packages (virtually) available > in&under current director

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Philip Charles
I think that we are trying to turn apples into oranges. The security of CDs is relatively simple, that of a mirror more complex and they need to be approached differently. A mirror can have one corrupt or sabotaged file amongst 2-3 and there needs to be a way of detecting this. The proposed

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread J.A. Bezemer
On Fri, 13 Apr 2001, Jason Gunthorpe wrote: > On Sat, 14 Apr 2001, J.A. Bezemer wrote: > > > > b) Use verbatim package files and call them 'Packages.something' > > > - Everyone can make CD set, and we still have end-to-end security > > > - apt file:/../ does not work properly on those discs

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Cristian Ionescu-Idbohrn
On Sat, 14 Apr 2001, Santiago Vila wrote: > On Fri, 13 Apr 2001, Philip Charles wrote: > > > On Fri, 13 Apr 2001, Jason Gunthorpe wrote: > > > > > No more than all the other ugly things that have been suggested, and this > > > only affects the 3 people silly enough to loopback mount ISO's and try

Re: Bug#93612: Support for new archive structure

2001-04-14 Thread Santiago Vila
On Fri, 13 Apr 2001, Philip Charles wrote: > On Fri, 13 Apr 2001, Jason Gunthorpe wrote: > > > No more than all the other ugly things that have been suggested, and this > > only affects the 3 people silly enough to loopback mount ISO's and try to > > use APT on them. > > I have used this myself.

Re: Bug#93612: Support for new archive structure

2001-04-13 Thread Philip Charles
Can someone point me to a document which sets out goals, objectives and the like for this archive structure? Thanks, Phil. - Philip Charles; 39a Paterson St., Dunedin, New Zealand; +64 3 4882818 Mobile 025 267 9420. I sell GNU/Linux CDs. See http://www.copyleft.co.nz [EMAIL PROTECTED]

Re: Bug#93612: Support for new archive structure

2001-04-13 Thread Jason Gunthorpe
On Sat, 14 Apr 2001, J.A. Bezemer wrote: > > b) Use verbatim package files and call them 'Packages.something' > > - Everyone can make CD set, and we still have end-to-end security > > - apt file:/../ does not work properly on those discs > e) The Packages of the FTP archive is copied verba

Re: Bug#93612: Support for new archive structure

2001-04-13 Thread J.A. Bezemer
On Fri, 13 Apr 2001, Jason Gunthorpe wrote: > On Fri, 13 Apr 2001, Raphael Hertzog wrote: > > > > > I'm really beginning to think that the only valid alternative is > > > > to have a Release file and its signature for each CD. > > > > > > Absolutely not. > > > > Why ? Of course, it's a pain f

Re: Bug#93612: Support for new archive structure

2001-04-13 Thread Philip Charles
On Fri, 13 Apr 2001, Jason Gunthorpe wrote: > > > > you can tell it to read Packages.cd directly > > > I don't want that, it's a hack. :) > > No more than all the other ugly things that have been suggested, and this > only affects the 3 people silly enough to loopback mount ISO's and try to >

Re: Bug#93612: Support for new archive structure

2001-04-13 Thread Jason Gunthorpe
On Fri, 13 Apr 2001, Raphael Hertzog wrote: > That's the first time I see Debian willing to accept "invalid" CDs instead > of designing cleanly the thing from scratch so that such problem don't > exist. Ha! It hasn't been until recently that Debian has had 'valid' CDs at all. > > > I'm really

Re: Bug#93612: Support for new archive structure

2001-04-13 Thread Raphael Hertzog
Le Fri, Apr 13, 2001 at 02:23:41PM -0600, Jason Gunthorpe écrivait: > Because no matter what you do your CD will be invalid in some form, and > using a verbatim Packages file is the least pain. That's the first time I see Debian willing to accept "invalid" CDs instead of designing cleanly the thi

Re: Bug#93612: Support for new archive structure

2001-04-13 Thread Jason Gunthorpe
On Fri, 13 Apr 2001, Raphael Hertzog wrote: > > It works because you got lucky, you had a CD that was fortunately > > constructed properly. It is not supported, and if it does not work, I > > totally don't care. > > Of course, the CDs are constructed properly ! I'm in charge of maintaining > d

Re: Bug#93612: Support for new archive structure

2001-04-13 Thread Anthony Towns
On Thu, Apr 12, 2001 at 10:42:33PM -0600, Jason Gunthorpe wrote: > Or if you ask particularly nice I might extend the sources.list syntax so > you can tell it to read Packages.cd directly What would happen if you made apt stat every .deb in a file:// url too, on apt-get update, say, and trimmed t

Re: Bug#93612: Support for new archive structure

2001-04-13 Thread Philip Charles
On Fri, 13 Apr 2001, Raphael Hertzog wrote: > Of course, the CDs are constructed properly ! I'm in charge of maintaining > debian-cd so that it builds "properly constructed" CDs ... > > I don't see why I need to change it to something where CDs are no more > properly constructed ! > > /me grumb

Re: Bug#93612: Support for new archive structure

2001-04-13 Thread Raphael Hertzog
Le Thu, Apr 12, 2001 at 10:42:33PM -0600, Jason Gunthorpe écrivait: > It works because you got lucky, you had a CD that was fortunately > constructed properly. It is not supported, and if it does not work, I > totally don't care. Of course, the CDs are constructed properly ! I'm in charge of mai

Re: Bug#93612: Support for new archive structure

2001-04-13 Thread Anthony Towns
On Fri, Apr 13, 2001 at 06:28:24AM +, Philip Charles wrote: > > I don't see any additions to the CD set from another site being a concern > > at all, as long as they are properly put in a seperate directory. > If you tie the security too tightly to CD installation custom Debian CD > builders w

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Philip Charles
On Thu, 12 Apr 2001, Jason Gunthorpe wrote: > > On Fri, 13 Apr 2001, Philip Charles wrote: > > > Apt-cdrom does not work. dselect works if the file system is strangely > > modified. apt will work if the CD is copied to a separate partition. > > Hurd even had apt-cdrom? The ancient version tha

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Jason Gunthorpe
On Fri, 13 Apr 2001, Philip Charles wrote: > Apt-cdrom does not work. dselect works if the file system is strangely > modified. apt will work if the CD is copied to a separate partition. Hurd even had apt-cdrom? The ancient version that was packaged sure didn't include it, so I'm not amazed if

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Philip Charles
On Thu, 12 Apr 2001, Jason Gunthorpe wrote: > > On Fri, 13 Apr 2001, Philip Charles wrote: > > > With the Hurd CDs it is even worse. The file structure on the CDs has > > only a passing resemblance to any file system found on a Debian CD or > > mirror past or present. It has to be like that o

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Jason Gunthorpe
On Fri, 13 Apr 2001, Philip Charles wrote: > With the Hurd CDs it is even worse. The file structure on the CDs has > only a passing resemblance to any file system found on a Debian CD or > mirror past or present. It has to be like that or it will not work. I don't even think I want to know..

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Jason Gunthorpe
On Thu, 12 Apr 2001, Raphael Hertzog wrote: > > APT does not support that, if it does not work then too bad, I don't care. > > :P > Apt always supported that. If I put my CD and mount it on /cdrom and > use "deb file:/cdrom/debian woody main contrib non-free" in sources.list, > it does work !

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Philip Charles
On Thu, 12 Apr 2001, Raphael Hertzog wrote: ** > Why should the normal Packages file be named differently and not the new > files that we are introducing ? > > > People who do that are more likely to copy the entire CD set to the hard > > disk so they do in fact have a complete mirror, and s

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Raphael Hertzog
Le Thu, Apr 12, 2001 at 10:01:14AM -0600, Jason Gunthorpe écrivait: > > By old tools, I meant standard tools, not tools dedicated to CDs. Actually > > many people use standalone Debian CD like a Debian mirror : > > APT does not support that, if it does not work then too bad, I don't care. > :P A

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Jason Gunthorpe
On Thu, 12 Apr 2001, Philip Charles wrote: > On Thu, 12 Apr 2001, J.A. Bezemer wrote: > > So I think we should continue to generate _correct_ Packages files for > > each CD, and solve the "signing issue" using some other method. > > I repeat my earlier suggestion. Sign md5sums.gz, this is supp

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Jason Gunthorpe
On Thu, 12 Apr 2001, Raphael Hertzog wrote: > Le Thu, Apr 12, 2001 at 02:20:49AM -0600, Jason Gunthorpe écrivait: > > I think the best suggestion was to have a Packages.cd which could be used > > Packages.cd files exists but exists only for dpkg-multicd which is a > dselect method. And it's qu

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Anthony Towns
On Thu, Apr 12, 2001 at 08:58:30AM +0200, Raphael Hertzog wrote: > > (and was going to use the md5sums in it to ensure the Packages > > file wasn't corrupt, too :-/) > Duh. Couldn't we generate new Release files and sign them again ? > Wouldn't you trust the debian-cd build ? Not if I can avoid i

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Philip Charles
On Thu, 12 Apr 2001, J.A. Bezemer wrote: > So I think we should continue to generate _correct_ Packages files for > each CD, and solve the "signing issue" using some other method. I repeat my earlier suggestion. Sign md5sums.gz, this is supposed to be the accuracy and security file. A s

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread J.A. Bezemer
On Thu, 12 Apr 2001, Jason Gunthorpe wrote: > On Wed, 11 Apr 2001, Raphael Hertzog wrote: > > > > 2a) Check that the md5sums of the Packages-signed.gz and > > > Sources-signed.gz files you have match the md5sums listed > > > in the Release file > > > 2b) Check that every packag

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Raphael Hertzog
Le Thu, Apr 12, 2001 at 02:20:49AM -0600, Jason Gunthorpe écrivait: > I think the best suggestion was to have a Packages.cd which could be used Packages.cd files exists but exists only for dpkg-multicd which is a dselect method. And it's quite ugly since those files lists all the packages availab

Re: Bug#93612: Support for new archive structure

2001-04-12 Thread Jason Gunthorpe
On Wed, 11 Apr 2001, Raphael Hertzog wrote: > > 2a) Check that the md5sums of the Packages-signed.gz and > > Sources-signed.gz files you have match the md5sums listed > > in the Release file > > 2b) Check that every package listed in each Packages.gz and > > Sou

Re: Bug#93612: Support for new archive structure

2001-04-11 Thread Raphael Hertzog
Le Thu, Apr 12, 2001 at 03:20:07PM +1000, Anthony Towns écrivait: > debootstrap uses the Release file to work out what Packages files and such > to download Many of the files listed in the Release file simply don't exist on all CDs. > (and was going to use the md5sums in it to ensure the Package

Re: Bug#93612: Support for new archive structure

2001-04-11 Thread Anthony Towns
On Wed, Apr 11, 2001 at 06:01:30PM +0200, Raphael Hertzog wrote: > Le Wed, Apr 11, 2001 at 11:15:34AM -0400, Adam Di Carlo écrivait: > > If you all on the debian-cd list could prioritize the issues which are > > preventing debootstrap from working (the one I know about is the > > dists/woody/Relea

Re: Bug#93612: Support for new archive structure

2001-04-11 Thread Raphael Hertzog
Le Wed, Apr 11, 2001 at 11:15:34AM -0400, Adam Di Carlo écrivait: > If you all on the debian-cd list could prioritize the issues which are > preventing debootstrap from working (the one I know about is the > dists/woody/Release file) that would be great. Right now I can't do > testing using woody

Re: Bug#93612: Support for new archive structure

2001-04-11 Thread Raphael Hertzog
Le Wed, Apr 11, 2001 at 06:59:10PM +1000, Anthony Towns écrivait: > Note that the two files: > > dists/woody/main/binary-i386/Release > dists/woody/Release > > are quite different. Are you already copying dists/woody/Release or just > dists/woody/main/binary-i386/Release? Only the l

Re: Bug#93612: Support for new archive structure

2001-04-11 Thread Philip Charles
IMHO is would be easier to include a signed version of md5sums.gz on each CD. This would still mean the the integrity of the packages could be checked with confidence and would enable the detection of foreign packages. Someone might want to write a script that would automate the process. Phil.

Re: Bug#93612: Support for new archive structure

2001-04-11 Thread Anthony Towns
Jason: wassup with apt-cdrom and dists/woody/Release and such? On Wed, Apr 11, 2001 at 09:45:58AM +0200, Raphael Hertzog wrote: > Le Wed, Apr 11, 2001 at 01:05:41PM +1000, Anthony Towns écrivait: > > For this to work, the Release and Release.gpg files should be verbatim > This is not a problem, w

Processed: Re: Bug#93612: Support for new archive structure

2001-04-11 Thread Debian Bug Tracking System
Processing commands for [EMAIL PROTECTED]: > reassign 93612 debian-cd Bug#93612: Support for new archive structure Bug reassigned from package `cdimage.debian.org' to `debian-cd'. > thanks Stopping processing here. Please contact me if you need assistance. Darren Benham (administrator, Debian

Re: Bug#93612: Support for new archive structure

2001-04-11 Thread Raphael Hertzog
Le Wed, Apr 11, 2001 at 01:05:41PM +1000, Anthony Towns écrivait: > For this to work, the Release and Release.gpg files should be verbatim This is not a problem, we just need to copy Release.gpg as well. > from the archive. For that to work, the Packages and Sources files also > must be verbatim