Bug#320827: marked as done (apt-move should sign local archive...)

Mon, 07 May 2007 11:11:36 -0700 

Your message dated Mon, 07 May 2007 18:02:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#320827: fixed in apt-move 4.2.27-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: apt-move
Version: 4.2.23
Tags: patch

Hello,
  although apt-move needs rebuild to work with updated apt, so it
is currently uninstallable in unstable, if you'll rebuild it,
you'll notice that all packages are downloaded from the network
again and again as 'apt-get' prefers trusted signed sources
over unsigned, and there is no option how to disable this
behavior (only way I've found is modifying apt-get to treat
all sources as untrusted).

  So I've wrote patch below which I use on my system to get
apt-move happy again (and signed repository as an additional
effect).  Maybe someone else will need additional options passed
to the gpg (like removing --batch), but this is just what sufficed
to me.

  Patch applies to both 4.2.23 in unstable and to Herbert's
upstream 4.2.24.
                                Thanks,
                                        Petr Vandrovec



diff -urN apt-move-4.2.23.orig/apt-move apt-move-4.2.23/apt-move
--- apt-move-4.2.23.orig/apt-move       2004-11-22 00:04:26.000000000 +0100
+++ apt-move-4.2.23/apt-move    2005-08-01 21:31:02.000000000 +0200
@@ -52,6 +52,7 @@
 COPYONLY=no
 PKGCOMP=gzip
 CONTENTS=no
+SIGNINGKEY=
 LISTALL=
 
 # Remember where we came from.
@@ -1324,6 +1325,8 @@
        cat $pf-sha1sum
 
        exec >&-
+
+       [ -n "$SIGNINGKEY" ] && gpg --detach-sign -ao Release.gpg --default-key 
"$SIGNINGKEY" --batch --yes --sign Release
 }
 
 make_contents() {
diff -urN apt-move-4.2.23.orig/apt-move.8 apt-move-4.2.23/apt-move.8
--- apt-move-4.2.23.orig/apt-move.8     2004-11-22 00:04:26.000000000 +0100
+++ apt-move-4.2.23/apt-move.8  2005-08-01 21:35:24.000000000 +0200
@@ -399,6 +399,18 @@
 .B packages
 will generate Contents files.
 
+.TP
+.BR SIGNINGKEY= ""
+If this is set to non-empty string, then
+.B packages
+will sign generated Release files with specified signing key.  You
+must install gnupg before enabling this option.  With current apt 
+you should list compression
+.B none
+in
+.B PKGCOMP
+directive, otherwise apt will complain about missing files.
+
 .PP
 For the
 .I sync
diff -urN apt-move-4.2.23.orig/apt-move.conf apt-move-4.2.23/apt-move.conf
--- apt-move-4.2.23.orig/apt-move.conf  2004-11-21 23:23:15.000000000 +0100
+++ apt-move-4.2.23/apt-move.conf       2005-08-01 21:31:08.000000000 +0200
@@ -45,4 +45,7 @@
 # Set this to yes to make apt-move generate Contents files.
 CONTENTS=no
 
+# Set this to key name to be used for signing Release files.
+SIGNINGKEY=
+
 # End Configuration ------------------------------------------------------

--- End Message ---
--- Begin Message --- 
Source: apt-move
Source-Version: 4.2.27-1

We believe that the bug you reported is fixed in the latest version of
apt-move, which is due to be installed in the Debian FTP archive:

apt-move_4.2.27-1.diff.gz
  to pool/main/a/apt-move/apt-move_4.2.27-1.diff.gz
apt-move_4.2.27-1.dsc
  to pool/main/a/apt-move/apt-move_4.2.27-1.dsc
apt-move_4.2.27-1_i386.deb
  to pool/main/a/apt-move/apt-move_4.2.27-1_i386.deb
apt-move_4.2.27.orig.tar.gz
  to pool/main/a/apt-move/apt-move_4.2.27.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chuan-kai Lin <[EMAIL PROTECTED]> (supplier of updated apt-move package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  7 May 2007 10:34:13 -0700
Source: apt-move
Binary: apt-move
Architecture: source i386
Version: 4.2.27-1
Distribution: unstable
Urgency: low
Maintainer: Chuan-kai Lin <[EMAIL PROTECTED]>
Changed-By: Chuan-kai Lin <[EMAIL PROTECTED]>
Description: 
 apt-move   - Maintain Debian packages in a package pool
Closes: 320827 393530
Changes: 
 apt-move (4.2.27-1) unstable; urgency=low
 .
   * New upstream release (closes: #393530, #320827)
Files: 
 122430103d9b2c5eea12c94183c2f1b5 609 admin optional apt-move_4.2.27-1.dsc
 201d0fb501627a3e07d718bc62704706 46000 admin optional 
apt-move_4.2.27.orig.tar.gz
 bf7dcb08a73f90a1310e8a7e9705f9f7 8303 admin optional apt-move_4.2.27-1.diff.gz
 3531ab9adaf1c260446a5710a0cef368 49498 admin optional 
apt-move_4.2.27-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGP2Y+qq7AEt0PYmgRAhJeAJ4+ciRleCPPqHAB2MLB+uykzF5pgACgtZyE
gByhR9syxLiw8jx7rkbbp5Q=
=WbmJ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to