On Thu, Aug 21, 2003 at 01:51:32PM -0400, Colin Walters wrote: > Say company has a setup with a bunch of Debian stable machines, using > apt-secure. They of course use security.debian.org. However they also > have a trusted server on their intranet that provides some packages, and > all the other machines use it as an apt source. Because Debian doesn't > have any standard scripts for generating a secured apt source, and since > it's on their secure intranet, they don't bother checking the sigs on > the Release file.
So, why don't we just give them a script?
echo 'Origin: foocorp'
echo 'Label: foocorp'
echo 'Suite: testing/foocorp'
echo 'Codename: sarge/foocorp'
echo 'Date:' `date -R -u`
echo 'Architectures: i386'
echo 'Components: main'
echo 'Description: foocorp local packages'
echo 'MD5Sum:'
for a in */binary-*/{Release,Packages}* */source/{Release,Sources}*; do
m=`md5sum < $a | cut -d\ -f1`
s=`wc -c < $a | tr -d ' '`
printf ' %s %16d %s' $m $s $a
done
or something similar should do, really.
Cheers,
aj
--
Anthony Towns <[EMAIL PROTECTED]> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``Is this some kind of psych test?
Am I getting paid for this?''
pgpTv921Lw4A4.pgp
Description: PGP signature
