Bug#874773: forensics-all: Use of /var/lib/apt/lists internals

2017-09-12 Thread Julian Andres Klode 
On Tue, Sep 12, 2017 at 09:17:26PM -0300, Eriberto Mota wrote:
> Hi Julian,
> 
> Thanks for your message. I have some considerations.
> 
> 
> 2017-09-09 11:11 GMT-03:00 Julian Andres Klode <j...@debian.org>:
> >
> > your package appears to be relying on the internal layout of 
> > /var/lib/apt/lists
> > and the location of that directory (which is configurable), as it matches 
> > the
> > following regular expression (and a quick check did not rule out a false 
> > positive):
> >
> > /var/lib/apt/lists/.*(Packages|Sources)
> >
> > For the matches found, you can have a quick look at:
> >
> > 
> > https://codesearch.debian.net/search?q=%2Fvar%2Flib%2Fapt%2Flists%2F.*%28Packages%7CSources%29+package%3Aforensics-all
> >
> > APT since some time supports compressed indices using the option
> > `Acquire::gzipIndexes`. Starting with 1.2, index files are stored
> > with lz4 compression if that option is enabled, providing significant
> > space savings at low overhead.
> >
> > Some platforms and users might already have these indexes compressed by 
> > default
> > in order to save space, and your package might not be working for them.
> 
> 
> This is a native source that provides a metapackage. The content of
> the script isn't for use by final users and this script isn't
> installed by the package. The script is used by maintainers only to
> aid to create a control file. After this, the new control file must be
> double checked to avoid mistakes. Our machines (my machine and
> Giovani's machine) and ours Debians are compliant with the script.

[...]
 
> It is interesting but I think that not applicable. As I said, the
> script has a special goal and is not destinated to final users. We
> have a strict control over the packages list, independently of
> compression or other issues.

It will break next month when compressed index files become
the default, unless you change the default back. And the default
compressor might change in the future, too.

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.

___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

Bug#874773: forensics-all: Use of /var/lib/apt/lists internals

2017-09-09 Thread Julian Andres Klode 
Package: forensics-all
Severity: important
User: de...@lists.debian.org
Usertags: apt-internals

Dear Maintainer of forensics-all,

your package appears to be relying on the internal layout of /var/lib/apt/lists
and the location of that directory (which is configurable), as it matches the
following regular expression (and a quick check did not rule out a false 
positive):

/var/lib/apt/lists/.*(Packages|Sources)

For the matches found, you can have a quick look at:


https://codesearch.debian.net/search?q=%2Fvar%2Flib%2Fapt%2Flists%2F.*%28Packages%7CSources%29+package%3Aforensics-all

APT since some time supports compressed indices using the option
`Acquire::gzipIndexes`. Starting with 1.2, index files are stored
with lz4 compression if that option is enabled, providing significant
space savings at low overhead.

Some platforms and users might already have these indexes compressed by default
in order to save space, and your package might not be working for them.

Instead of relying on internals, please use the interfaces provided by
APT 1.1 and newer:

## Command-line interfaces
In order to get paths to index files, please use:

apt-get indextargets --format '$(FILENAME)' "Created-By: $creator"

where `$creator` is `Packages`, `Sources`, `Contents-deb`, `Contents-udeb`,
or `Contents-deb-legacy`, depending on which files you need.

To read the file, use

/usr/lib/apt/apt-helper cat-file ...

This transparently handles compression supported by apt.

## C++ interface
When reading files in C++, you might want to use APT's FileFd class. It
provides the same transparent compression support as `apt-helper cat-file`
(if turned on).

___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel