Debian Bug report logs - #161593
[libapt-inst] Should support both BSD and SysV ar formats

version graph

Package: apt-utils; Maintainer for apt-utils is APT Development Team <deity@lists.debian.org>; Source for apt-utils is src:apt.

Reported by: "Joey Hess" <joeyh@debian.org>

Date: Thu, 19 Sep 2002 23:18:03 UTC

Severity: normal

Tags: patch

Merged with 222701

Found in version 0.5.14.1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to "Joey Hess" <joeyh@debian.org>:
New Bug report received and forwarded. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Joey Hess" <joeyh@debian.org>
To: "Debian Bug Tracking System" <submit@bugs.debian.org>
Subject: apt-utils: apt-ftparchive fumbles on signed debs
Date: Thu, 19 Sep 2002 19:15:35 -0400
Package: apt-utils
Version: 0.5.4
Severity: normal

If I sign a deb with debsign and then run apt-ftparchive on it, it
claims it is not a valid deb.

E: This is not a valid DEB archive, missing 'debian-binary' member

joey@dragon:~/debian/unstable>ar t debconf-utils_1.2.3_all.deb
debian-binary
control.tar.gz
data.tar.gz
_gpgmaint
_gpgorigin
joey@dragon:~/debian/unstable>file debconf-utils_1.2.3_all.deb
debconf-utils_1.2.3_all.deb: Debian binary package (format 2.0), uses gzip compression
joey@dragon:~/debian/unstable>sudo dpkg -i debconf-utils_1.2.3_all.deb 
Password:
(Reading database ... 53652 files and directories currently installed.)
Preparing to replace debconf-utils 1.1.30 (using debconf-utils_1.2.3_all.deb) ...
Unpacking replacement debconf-utils ...
Setting up debconf-utils (1.2.3) ...

Gosh, I sure ish I could come up with a rationalle for making this critical
priority. :-P

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux dragon 2.4.19 #1 Thu Sep 5 18:51:06 EDT 2002 i586
Locale: LANG=C, LC_CTYPE=C

Versions of packages apt-utils depends on:
ii  apt [libapt-pkg-libc6.2-3-2- 0.5.4       Advanced front-end for dpkg
ii  libc6                        2.2.5-14    GNU C Library: Shared libraries an
ii  libdb2                       2:2.7.7.0-8 The Berkeley database routines (ru
ii  libstdc++2.10-glibc2.2       1:2.95.4-11 The GNU stdc++ library




Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Jason Gunthorpe <jgg@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #10 received at 161593@bugs.debian.org (full text, mbox):

From: Jason Gunthorpe <jgg@debian.org>
To: Joey Hess <joeyh@debian.org>, 161593@bugs.debian.org
Cc: APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Thu, 19 Sep 2002 17:44:10 -0600 (MDT)
On Thu, 19 Sep 2002, Joey Hess wrote:

> If I sign a deb with debsign and then run apt-ftparchive on it, it
> claims it is not a valid deb.

Could I have the .deb please?

Jason




Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Joey Hess <joeyh@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #15 received at 161593@bugs.debian.org (full text, mbox):

From: Joey Hess <joeyh@debian.org>
To: Jason Gunthorpe <jgg@debian.org>
Cc: 161593@bugs.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Thu, 19 Sep 2002 20:06:46 -0400
[Message part 1 (text/plain, inline)]
Jason Gunthorpe wrote:
> On Thu, 19 Sep 2002, Joey Hess wrote:
> 
> > If I sign a deb with debsign and then run apt-ftparchive on it, it
> > claims it is not a valid deb.
> 
> Could I have the .deb please?

Nuked it, but here is a new one for you. BTW, this breaks debconf
preconfiguration too.

joey@dragon:~package>apt-extracttemplates mindterm_1.2.1-7_all.deb 
E: mindterm_1.2.1-7_all.deb not a valid DEB package.

http://people.debian.org/~joeyh/mindterm_1.2.1-7_all.deb

-- 
see shy jo
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Randolph Chung <tausq@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #20 received at 161593@bugs.debian.org (full text, mbox):

From: Randolph Chung <tausq@debian.org>
To: Joey Hess <joeyh@debian.org>
Cc: Jason Gunthorpe <jgg@debian.org>, 161593@bugs.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Thu, 19 Sep 2002 21:11:39 -0700
[Message part 1 (text/plain, inline)]
> joey@dragon:~package>apt-extracttemplates mindterm_1.2.1-7_all.deb 
> E: mindterm_1.2.1-7_all.deb not a valid DEB package.
> 
> http://people.debian.org/~joeyh/mindterm_1.2.1-7_all.deb

neat...

a working deb:
pippin[21:04] build% bin/apt-extracttemplates /tmp/locales_2.2.5-14.3_all.deb
read name == debian-binary
read name == control.tar.gz
read name == data.tar.gz
locales 2.2.5-14.3 /tmp/template.182200 /tmp/config.182201

your mindterm deb:
pippin[21:04] build% bin/apt-extracttemplates /tmp/mindterm_1.2.1-7_all.deb
read name == debian-binary/
read name == control.tar.gz/
read name == data.tar.gz/
read name == _gpgmaint/
E: /tmp/mindterm_1.2.1-7_all.deb not a valid DEB package.

what's the deal with the /s ?

randolph
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Adam Heath <doogie@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #25 received at 161593@bugs.debian.org (full text, mbox):

From: Adam Heath <doogie@debian.org>
Cc: <161593@bugs.debian.org>
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Thu, 19 Sep 2002 23:19:39 -0500 (CDT)
On Thu, 19 Sep 2002, Randolph Chung wrote:

> > joey@dragon:~package>apt-extracttemplates mindterm_1.2.1-7_all.deb
> > E: mindterm_1.2.1-7_all.deb not a valid DEB package.
> >
> > http://people.debian.org/~joeyh/mindterm_1.2.1-7_all.deb
>
> neat...
>
> a working deb:
> pippin[21:04] build% bin/apt-extracttemplates /tmp/locales_2.2.5-14.3_all.deb
> read name == debian-binary
> read name == control.tar.gz
> read name == data.tar.gz
> locales 2.2.5-14.3 /tmp/template.182200 /tmp/config.182201
>
> your mindterm deb:
> pippin[21:04] build% bin/apt-extracttemplates /tmp/mindterm_1.2.1-7_all.deb
> read name == debian-binary/
> read name == control.tar.gz/
> read name == data.tar.gz/
> read name == _gpgmaint/
> E: /tmp/mindterm_1.2.1-7_all.deb not a valid DEB package.
>
> what's the deal with the /s ?

The ar standard says names are delimited with /




Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Jason Gunthorpe <jgg@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #30 received at 161593@bugs.debian.org (full text, mbox):

From: Jason Gunthorpe <jgg@debian.org>
To: Randolph Chung <tausq@debian.org>
Cc: Joey Hess <joeyh@debian.org>, 161593@bugs.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Thu, 19 Sep 2002 22:32:12 -0600 (MDT)
On Thu, 19 Sep 2002, Randolph Chung wrote:

> read name == data.tar.gz/
> read name == _gpgmaint/
> E: /tmp/mindterm_1.2.1-7_all.deb not a valid DEB package.
> 
> what's the deal with the /s ?

Pretty much what I expected.. I've seen tools mangle AR's before, and I'm
picky enough about it to not accept the /'s.

It would probably be better to fix the debsign program not to change the
deb output unnecessarily.

Jason




Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Randolph Chung <tausq@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #35 received at 161593@bugs.debian.org (full text, mbox):

From: Randolph Chung <tausq@debian.org>
To: Adam Heath <doogie@debian.org>, 161593@bugs.debian.org
Cc: deity@lists.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Thu, 19 Sep 2002 21:46:45 -0700
> > what's the deal with the /s ?
> 
> The ar standard says names are delimited with /

ok, that's easy enough to fix... :-) commited to cvs.

randolph



Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Jason Gunthorpe <jgg@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #40 received at 161593@bugs.debian.org (full text, mbox):

From: Jason Gunthorpe <jgg@debian.org>
To: Adam Heath <doogie@debian.org>, 161593@bugs.debian.org
Cc: Deity Creation Team <deity@lists.debian.org>
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Thu, 19 Sep 2002 22:42:41 -0600 (MDT)
On Thu, 19 Sep 2002, Adam Heath wrote:

> The ar standard says names are delimited with /

'Standard'? 

The definitive reference is the 4.5 BSD ar(5) man page and it makes no
mention of the /. I suspect the was introduced after that for some reason 
or another.

Jason




Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Adam Heath <doogie@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #45 received at 161593@bugs.debian.org (full text, mbox):

From: Adam Heath <doogie@debian.org>
Cc: <161593@bugs.debian.org>
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Thu, 19 Sep 2002 23:57:42 -0500 (CDT)
On Thu, 19 Sep 2002, Jason Gunthorpe wrote:

>
> On Thu, 19 Sep 2002, Adam Heath wrote:
>
> > The ar standard says names are delimited with /
>
> 'Standard'?
>
> The definitive reference is the 4.5 BSD ar(5) man page and it makes no
> mention of the /. I suspect the was introduced after that for some reason
> or another.

I used an hp manpage.




Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Adam Heath <doogie@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #50 received at 161593@bugs.debian.org (full text, mbox):

From: Adam Heath <doogie@debian.org>
To: <161593@bugs.debian.org>
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Thu, 19 Sep 2002 23:58:14 -0500 (CDT)
On Thu, 19 Sep 2002, Jason Gunthorpe wrote:

>
> On Thu, 19 Sep 2002, Randolph Chung wrote:
>
> > read name == data.tar.gz/
> > read name == _gpgmaint/
> > E: /tmp/mindterm_1.2.1-7_all.deb not a valid DEB package.
> >
> > what's the deal with the /s ?
>
> Pretty much what I expected.. I've seen tools mangle AR's before, and I'm
> picky enough about it to not accept the /'s.
>
> It would probably be better to fix the debsign program not to change the
> deb output unnecessarily.

Er, dpkg-deb handles /




Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Jason Gunthorpe <jgg@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #55 received at 161593@bugs.debian.org (full text, mbox):

From: Jason Gunthorpe <jgg@debian.org>
To: Adam Heath <doogie@debian.org>, 161593@bugs.debian.org, tausq@debian.org
Cc: deity@lists.debian.org, debian-bugs-dist@lists.debian.org, apt@packages.qa.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Thu, 19 Sep 2002 23:24:25 -0600 (MDT)
On Thu, 19 Sep 2002, Adam Heath wrote:

> > The definitive reference is the 4.5 BSD ar(5) man page and it makes no
> > mention of the /. I suspect the was introduced after that for some reason
> > or another.
> 
> I used an hp manpage.

Well, uh, the HP man page describe an AR format that is different from
that described by 4.4 BSD, and different from what original dpkg-deb
supported.

The HP ar handles filenames with spaces by using / as the terminator.

The BSD ar handles filenames with spaces by using the long filename
mechansim.

The HP long filename mechanism has a long filename table at the end
of the archive in a member with a name of //

The BSD long filename mechanism places /<len> in the archive header and
puts the long file name after the member archive. It also allows a full 16
char filename before going to LFN.

dpkg-deb does not put a trailing / on file names and thus is producing a
BSD Format ar.

Original version of dpkg-deb truely ONLY supported BSD formats, and had
this code:

       if (memcmp(arh.ar_name,"debian-binary   ",sizeof(arh.ar_name)))
          ohshit(_("file `%.250s' is not a debian binary archive (try dpkg-split?)"),debar);

APT is not prepared to deal with the complexities of an AR in the HP
format and I think it is perfectly right to drop it early on. 

Jason





Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Joey Hess <joeyh@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #60 received at 161593@bugs.debian.org (full text, mbox):

From: Joey Hess <joeyh@debian.org>
To: Randolph Chung <tausq@debian.org>
Cc: Jason Gunthorpe <jgg@debian.org>, 161593@bugs.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org, branden@debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Fri, 20 Sep 2002 11:58:24 -0400
[Message part 1 (text/plain, inline)]
Randolph Chung wrote:
> neat...
> 
> a working deb:
> pippin[21:04] build% bin/apt-extracttemplates /tmp/locales_2.2.5-14.3_all.deb
> read name == debian-binary
> read name == control.tar.gz
> read name == data.tar.gz
> locales 2.2.5-14.3 /tmp/template.182200 /tmp/config.182201
> 
> your mindterm deb:
> pippin[21:04] build% bin/apt-extracttemplates /tmp/mindterm_1.2.1-7_all.deb
> read name == debian-binary/
> read name == control.tar.gz/
> read name == data.tar.gz/
> read name == _gpgmaint/
> E: /tmp/mindterm_1.2.1-7_all.deb not a valid DEB package.
> 
> what's the deal with the /s ?

Hmm, no idea. ar t doesn't show those. I can see them in the raw file
though.

Question is, does this violate the dpkg/ar spec and should debsigs be
fixed, or apt (or both..).

-- 
see shy jo
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Randolph Chung <tausq@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #65 received at 161593@bugs.debian.org (full text, mbox):

From: Randolph Chung <tausq@debian.org>
To: Joey Hess <joeyh@debian.org>
Cc: Jason Gunthorpe <jgg@debian.org>, 161593@bugs.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org, branden@debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Fri, 20 Sep 2002 09:00:48 -0700
[Message part 1 (text/plain, inline)]
> Hmm, no idea. ar t doesn't show those. I can see them in the raw file
> though.
> 
> Question is, does this violate the dpkg/ar spec and should debsigs be
> fixed, or apt (or both..).

according to Jason:
dpkg originally used the BSD ar 'standard', whose encoding does not 
put / at the end of ar archives. 

SVr4/GNU ar puts the /s there (and has other encoding differences).

apt only supports the BSD format. As did dpkg, until recently it started
supporting decoding a bit of the GNU format.

i *think* the conclusion was that in general apt will only support 
the BSD format (i.e. debsigs should be fixed). For this particular /
issue we can easily patch apt to handle it (in fact I checked in and
later reverted a patch to do this last night.. can repatch if needed :)

so i guess we should reassign this to debsigs.

randolph
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Joey Hess <joeyh@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #70 received at 161593@bugs.debian.org (full text, mbox):

From: Joey Hess <joeyh@debian.org>
To: Jason Gunthorpe <jgg@debian.org>
Cc: Randolph Chung <tausq@debian.org>, 161593@bugs.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org, branden@debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Fri, 20 Sep 2002 12:09:41 -0400
[Message part 1 (text/plain, inline)]
Jason Gunthorpe wrote:
> Pretty much what I expected.. I've seen tools mangle AR's before, and I'm
> picky enough about it to not accept the /'s.

I've taken a look at the debsigs "arf" module, and if it's mangling ar,
it's using ar itself to do it. :-P

joey@dragon:~package>grep debian-binary/ debhelper_4.1.10_all.deb
joey@dragon:~package>ar -r debhelper_4.1.10_all.deb /etc/passwd
joey@dragon:~package>grep debian-binary/ debhelper_4.1.10_all.deb
Binary file debhelper_4.1.10_all.deb matches

-- 
see shy jo
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Branden Robinson <branden@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #75 received at 161593@bugs.debian.org (full text, mbox):

From: Branden Robinson <branden@debian.org>
To: Randolph Chung <tausq@debian.org>
Cc: Joey Hess <joeyh@debian.org>, Jason Gunthorpe <jgg@debian.org>, 161593@bugs.debian.org, APT Development Team <deity@lists.debian.org>, debian-dpkg@lists.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Fri, 20 Sep 2002 13:25:50 -0500
[Message part 1 (text/plain, inline)]
On Fri, Sep 20, 2002 at 09:00:48AM -0700, Randolph Chung wrote:
> > Hmm, no idea. ar t doesn't show those. I can see them in the raw file
> > though.
> > 
> > Question is, does this violate the dpkg/ar spec and should debsigs be
> > fixed, or apt (or both..).
> 
> according to Jason:
> dpkg originally used the BSD ar 'standard', whose encoding does not 
> put / at the end of ar archives. 
> 
> SVr4/GNU ar puts the /s there (and has other encoding differences).
> 
> apt only supports the BSD format. As did dpkg, until recently it started
> supporting decoding a bit of the GNU format.

Shouldn't apt be a bit more flexible, especially if dpkg is going to be?

> i *think* the conclusion was that in general apt will only support 
> the BSD format

Why?

-- 
G. Branden Robinson                |    It's like I have a shotgun in my
Debian GNU/Linux                   |    mouth, I've got my finger on the
branden@debian.org                 |    trigger, and I like the taste of
http://people.debian.org/~branden/ |    the gunmetal. -- Robert Downey, Jr.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Adam Heath <doogie@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #80 received at 161593@bugs.debian.org (full text, mbox):

From: Adam Heath <doogie@debian.org>
Cc: <161593@bugs.debian.org>
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Fri, 20 Sep 2002 15:31:38 -0500 (CDT)
clone 161593 -1
reassign -1 debsigs
thanks

On Fri, 20 Sep 2002, Randolph Chung wrote:

> so i guess we should reassign this to debsigs.

No, both are incorrect.

apt-ftparchive needs to handle the format.  And debsigs needs to produce the
debs correctly.

Here is what conclusion Jason and I agreed upon:

For official deb extractors:

  * Must support both bsd and sysv style ar formats.
  * debian-binary must always be first.
  * For < deb format 3.0, the first three members, in order, are:
    debian-binary, control, data.  Anything else is an error.
  * For >= deb format 3.0, the first member is debian-binary.  All other
    members can be in any order.

For official deb creators:

  * must create archive in bsd format
  * debian-binary must always be first.
  * The order of the members is: debian-binary, control, data.
  * Optional members follow the required members, and are prefixed with '_'.

Deb format 3.0 introduces several new features.

  * The control member will always be control.tar.gz.
  * The data member can have different compression formats, based on the
    extension after the tar.  The current supported list is:

    .gz		gzip
    .bz2	bzip2
    <empty>	no compression

Additionally, there is no long name support.  BSD and SysV are radically
different, so we decided not to support it at all.

The format of the embedded tar has not been decided upon.  dpkg has
traditionally used gnu(as it has no limit on name length or link length), but
this has not been enforced.  I've been thinking of modifying
dpkg-deb/extract.c to support posix long names(just for the hell of it).

I shall be typing up something more official, and better written, soon.




Bug 161593 cloned as bug 161680. Request was from Adam Heath <doogie@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Branden Robinson <branden@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #87 received at 161593-quiet@bugs.debian.org (full text, mbox):

From: Branden Robinson <branden@debian.org>
To: Randolph Chung <tausq@debian.org>
Cc: 161593-quiet@bugs.debian.org, APT Development Team <deity@lists.debian.org>, debian-dpkg@lists.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Sun, 22 Sep 2002 19:15:41 -0500
[Message part 1 (text/plain, inline)]
On Fri, Sep 20, 2002 at 01:25:50PM -0500, Branden Robinson wrote:
> On Fri, Sep 20, 2002 at 09:00:48AM -0700, Randolph Chung wrote:
> > according to Jason:
> > dpkg originally used the BSD ar 'standard', whose encoding does not 
> > put / at the end of ar archives. 
> > 
> > SVr4/GNU ar puts the /s there (and has other encoding differences).
> > 
> > apt only supports the BSD format. As did dpkg, until recently it started
> > supporting decoding a bit of the GNU format.
> 
> Shouldn't apt be a bit more flexible, especially if dpkg is going to be?
> 
> > i *think* the conclusion was that in general apt will only support 
> > the BSD format
> 
> Why?

I'm still waiting for an answer to these questions.

One of the selling points of the Debian package format is that it can be
manipulated with "standard tools".

Apt refusing to deal with ar files that have the Debian components in
the proper order, but which were generated by the only ar program that
Debian provides is *perverse*.

-- 
G. Branden Robinson                |
Debian GNU/Linux                   |         Ab abusu ad usum non valet
branden@debian.org                 |         consequentia.
http://people.debian.org/~branden/ |
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Adam Heath <doogie@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>, apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #92 received at 161593@bugs.debian.org (full text, mbox):

From: Adam Heath <doogie@debian.org>
To: Branden Robinson <branden@debian.org>
Cc: <161593@bugs.debian.org>
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Sun, 22 Sep 2002 19:20:35 -0500 (CDT)
On Sun, 22 Sep 2002, Branden Robinson wrote:

> On Fri, Sep 20, 2002 at 01:25:50PM -0500, Branden Robinson wrote:
> > On Fri, Sep 20, 2002 at 09:00:48AM -0700, Randolph Chung wrote:
> > > according to Jason:
> > > dpkg originally used the BSD ar 'standard', whose encoding does not
> > > put / at the end of ar archives.
> > >
> > > SVr4/GNU ar puts the /s there (and has other encoding differences).
> > >
> > > apt only supports the BSD format. As did dpkg, until recently it started
> > > supporting decoding a bit of the GNU format.
> >
> > Shouldn't apt be a bit more flexible, especially if dpkg is going to be?
> >
> > > i *think* the conclusion was that in general apt will only support
> > > the BSD format
> >
> > Why?
>
> I'm still waiting for an answer to these questions.
>
> One of the selling points of the Debian package format is that it can be
> manipulated with "standard tools".

manipulated != created

debsigs is an official creator.  Therefor, it *must* not put / on the end of
the member names.

> Apt refusing to deal with ar files that have the Debian components in
> the proper order, but which were generated by the only ar program that
> Debian provides is *perverse*.

This is true.  But debsigs is still buggy.




Information forwarded to apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Randolph Chung <tausq@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #97 received at 161593-quiet@bugs.debian.org (full text, mbox):

From: Randolph Chung <tausq@debian.org>
To: Branden Robinson <branden@debian.org>
Cc: 161593-quiet@bugs.debian.org, APT Development Team <deity@lists.debian.org>, debian-dpkg@lists.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Sun, 22 Sep 2002 22:08:26 -0700
[Message part 1 (text/plain, inline)]
> Apt refusing to deal with ar files that have the Debian components in
> the proper order, but which were generated by the only ar program that
> Debian provides is *perverse*.

The patch to handle the / case in apt is a one-liner. I can commit 
that (again) into apt... but I agree with Jason's point that we need 
to be careful about this -- GNU ar format is more than just /, so if 
we are really commiting to support that, there're many more changes 
that need to happen in dpkg/apt, and I'm not sure that's where we want 
to go...

it seems to be reasonable that "standard" Debian deb creation tools 
should create debs in the same format.... debsigs shouldn't be silently
converting debs to different ar formats....

randolph
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Branden Robinson <branden@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #102 received at 161593-quiet@bugs.debian.org (full text, mbox):

From: Branden Robinson <branden@debian.org>
To: debian-dpkg@lists.debian.org
Cc: 161593-quiet@bugs.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Mon, 23 Sep 2002 11:08:02 -0500
[Message part 1 (text/plain, inline)]
On Sun, Sep 22, 2002 at 07:20:35PM -0500, Adam Heath wrote:
> On Sun, 22 Sep 2002, Branden Robinson wrote:
> > One of the selling points of the Debian package format is that it can be
> > manipulated with "standard tools".
> 
> manipulated != created

Creation is a subset of manipulation.  Other "manipulations" include
extraction, appending members, replacement of members, and listing the
contents.

> debsigs is an official creator.  Therefor, it *must* not put / on the end of
> the member names.

Fine; I suggest that we either hack ar in our binutils to support
options that enable it to create .deb-correct ar files, or that we ship
a tool in debianutils ("dar"?) that is capable of doing so.

We must do either of the above, abandon our claim that Debian package
files have anything to do with the ar format, or make our tools more
intelligent, so that they can understand a .deb that any
standard-compliant ar program created.

> > Apt refusing to deal with ar files that have the Debian components in
> > the proper order, but which were generated by the only ar program that
> > Debian provides is *perverse*.
> 
> This is true.  But debsigs is still buggy.

Debian has long claimed that our packages are just "ar files".  This
implies that you can use ar(1) to create them, but you can't (well, you
can, but they won't work).

I suggest we not abandon this claim.

-- 
G. Branden Robinson                |       The key to being a Southern
Debian GNU/Linux                   |       Baptist: It ain't a sin if you
branden@debian.org                 |       don't get caught.
http://people.debian.org/~branden/ |       -- Anthony Davidson
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Adam Heath <doogie@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #107 received at 161593-quiet@bugs.debian.org (full text, mbox):

From: Adam Heath <doogie@debian.org>
To: Branden Robinson <branden@debian.org>
Cc: <debian-dpkg@lists.debian.org>, <161593-quiet@bugs.debian.org>
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Mon, 23 Sep 2002 11:32:24 -0500 (CDT)
On Mon, 23 Sep 2002, Branden Robinson wrote:

> On Sun, Sep 22, 2002 at 07:20:35PM -0500, Adam Heath wrote:
> > On Sun, 22 Sep 2002, Branden Robinson wrote:
> > > One of the selling points of the Debian package format is that it can be
> > > manipulated with "standard tools".
> >
> > manipulated != created
>
> Creation is a subset of manipulation.  Other "manipulations" include
> extraction, appending members, replacement of members, and listing the
> contents.

You can create debs with standard tools.  That scenario is not going away.

However, official creators must follow the standard(which, until just
recently, wasn't well known).

Being able to create debs with standard tools is really only to be used by
humans doing something quick and dirty, not for real programs doing real work
on behalf of the project.

> > debsigs is an official creator.  Therefor, it *must* not put / on the end of
> > the member names.
>
> Fine; I suggest that we either hack ar in our binutils to support
> options that enable it to create .deb-correct ar files, or that we ship
> a tool in debianutils ("dar"?) that is capable of doing so.

We never defined which ar that was.  Creating deb compatiable ar files can be
done in shell(following the spec I have laid out, which doesn't support long
names.  Even then, the bsd-format long name support should be easy to do in
shell as well).

> We must do either of the above, abandon our claim that Debian package
> files have anything to do with the ar format, or make our tools more
> intelligent, so that they can understand a .deb that any
> standard-compliant ar program created.

ar created debs work fine.  But debsigs is an official program, so must follow
the official spec.

> > > Apt refusing to deal with ar files that have the Debian components in
> > > the proper order, but which were generated by the only ar program that
> > > Debian provides is *perverse*.
> >
> > This is true.  But debsigs is still buggy.
>
> Debian has long claimed that our packages are just "ar files".  This
> implies that you can use ar(1) to create them, but you can't (well, you
> can, but they won't work).

You can create debs with ar(1), and dpkg-deb will handle them just fine.  The
fact that apt-ftparchive does not is a bug in apt-ftparchive.  However, just
because you *can* do this, doesn't make it right.

Also, ar(1) can be used to extract/list dpkg-deb created debs.  dpkg-deb does
*not* add the '/' to the end of the names, and ar(1) handles this fine.

> I suggest we not abandon this claim.

We aren't.





Information forwarded to apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Joey Hess <joeyh@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #112 received at 161593-quiet@bugs.debian.org (full text, mbox):

From: Joey Hess <joeyh@debian.org>
To: debian-dpkg@lists.debian.org, 161593-quiet@bugs.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Mon, 23 Sep 2002 12:33:53 -0400
[Message part 1 (text/plain, inline)]
Branden Robinson wrote:
> Fine; I suggest that we either hack ar in our binutils to support
> options that enable it to create .deb-correct ar files, or that we ship
> a tool in debianutils ("dar"?) that is capable of doing so.

Or we could add some commands to dpkg-deb to support adding/removing
members. Something like:

dpkg-deb -A|--add archive [control-file-name ..]
dpkg-deb -R|--remove archive [control-file-name ..]

This might let us avoid yet another implementaton of dpkg ar. Two are
probably enough..

-- 
see shy jo
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Branden Robinson <branden@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #117 received at 161593-quiet@bugs.debian.org (full text, mbox):

From: Branden Robinson <branden@debian.org>
To: 161593-quiet@bugs.debian.org, APT Development Team <deity@lists.debian.org>, debian-dpkg@lists.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Mon, 23 Sep 2002 11:29:46 -0500
[Message part 1 (text/plain, inline)]
On Sun, Sep 22, 2002 at 10:08:26PM -0700, Randolph Chung wrote:
> > Apt refusing to deal with ar files that have the Debian components in
> > the proper order, but which were generated by the only ar program that
> > Debian provides is *perverse*.
> 
> The patch to handle the / case in apt is a one-liner. I can commit 
> that (again) into apt... but I agree with Jason's point that we need 
> to be careful about this -- GNU ar format is more than just /, so if 
> we are really commiting to support that, there're many more changes 
> that need to happen in dpkg/apt, and I'm not sure that's where we want 
> to go...

We should be liberal in what we accept and conservative in what we
generate.  For years we've said .debs are "just ar files", but we
committed ourselves to a SysV-style ar(1) on the system a long time ago.
Something's got to give.

> it seems to be reasonable that "standard" Debian deb creation tools 
> should create debs in the same format.... debsigs shouldn't be silently
> converting debs to different ar formats....

It only did so because I shared the completely ridiculous assumption
that you could create a Debian package ("which is just an ar file")
using the ar(1) command.

I don't mind changing debsigs to generate a more politically-correct
Debian package file format.  What I mind is the pretense that the
actual behavior of the ar(1) command doesn't matter, and can be safely
ignored; that is, we don't have to actually fess up to the fact that
we've been deceiving people about the practicality of being able to use
"standard tools" to "manipulate Debian packages".

At the very least, Debian should provide a BSD-style ar command that
will operate on .deb files in a politically correct fashion.  I'm open
to suggestions for what it should be called, and (I'm going to regret
this), I'm even prepared to package it.

However, I think a *better* solution is:

1) Make dpkg and apt understand SysV/GNU ar files; *and*
2) Patch ar from GNU binutils to be able to generate BSD-style ar files; and
3) Prominently document the requirements we make of .deb files in deb(5).

-- 
G. Branden Robinson                |          You live and learn.
Debian GNU/Linux                   |          Or you don't live long.
branden@debian.org                 |          -- Robert Heinlein
http://people.debian.org/~branden/ |
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Glenn McGrath <bug1@optushome.com.au>:
Extra info received and filed, but not forwarded. Copy sent to apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #122 received at 161593-quiet@bugs.debian.org (full text, mbox):

From: Glenn McGrath <bug1@optushome.com.au>
To: Branden Robinson <branden@debian.org>
Cc: 161593-quiet@bugs.debian.org, deity@lists.debian.org, debian-dpkg@lists.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Tue, 24 Sep 2002 10:31:09 +1000
On Mon, 23 Sep 2002 11:29:46 -0500
Branden Robinson <branden@debian.org> wrote:

> On Sun, Sep 22, 2002 at 10:08:26PM -0700, Randolph Chung wrote:

> > 
> We should be liberal in what we accept and conservative in what we
> generate.  For years we've said .debs are "just ar files", but we
> committed ourselves to a SysV-style ar(1) on the system a long time ago.
> Something's got to give.
> 
> > it seems to be reasonable that "standard" Debian deb creation tools 
> > should create debs in the same format.... debsigs shouldn't be
> > silently converting debs to different ar formats....
> 
> It only did so because I shared the completely ridiculous assumption
> that you could create a Debian package ("which is just an ar file")
> using the ar(1) command.
> 
> I don't mind changing debsigs to generate a more politically-correct
> Debian package file format.  What I mind is the pretense that the
> actual behavior of the ar(1) command doesn't matter, and can be safely
> ignored; that is, we don't have to actually fess up to the fact that
> we've been deceiving people about the practicality of being able to use
> "standard tools" to "manipulate Debian packages".
> 

As far as i aware there is no standard ar command in that not standards
body accepts any specific implementation of it as being the one true
format that should be used.

Do you have a url handy for the SysV ar definition ?

> At the very least, Debian should provide a BSD-style ar command that
> will operate on .deb files in a politically correct fashion.  I'm open
> to suggestions for what it should be called, and (I'm going to regret
> this), I'm even prepared to package it.
> 
> However, I think a *better* solution is:
> 
> 1) Make dpkg and apt understand SysV/GNU ar files; *and*
> 2) Patch ar from GNU binutils to be able to generate BSD-style ar files;
> and 3) Prominently document the requirements we make of .deb files in
> deb(5).
> 

I think patching GNU ar from binutils is playing with fire, and its pretty
hard to follow.

The biggest problem with portability of ar is long filenames, if we
restrict filenames to less then (i think) 15 characters then we should be
ok.


Glenn




Information forwarded to apt@packages.qa.debian.org:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to "Brian M. Carlson" <bmc@crustytoothpaste.ath.cx>:
Extra info received and filed, but not forwarded. Copy sent to apt@packages.qa.debian.org. Full text and rfc822 format available.

Message #127 received at 161593-quiet@bugs.debian.org (full text, mbox):

From: "Brian M. Carlson" <bmc@crustytoothpaste.ath.cx>
To: Branden Robinson <branden@debian.org>
Cc: debian-dpkg@lists.debian.org, 161593-quiet@bugs.debian.org
Subject: Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Fri, 18 Oct 2002 19:15:01 +0000
[Message part 1 (text/plain, inline)]
On Mon, Sep 23, 2002 at 11:08:02AM -0500, Branden Robinson wrote:
> On Sun, Sep 22, 2002 at 07:20:35PM -0500, Adam Heath wrote:
> > On Sun, 22 Sep 2002, Branden Robinson wrote:
[pedantic language arguments]
> > debsigs is an official creator.  Therefor, it *must* not put / on the end of
> > the member names.
> 
> Fine; I suggest that we either hack ar in our binutils to support
> options that enable it to create .deb-correct ar files, or that we ship
> a tool in debianutils ("dar"?) that is capable of doing so.

I am working on such a tool. However, I need a specification of how each
ar works, what its files look like, etc. in order for this to work
properly. A URL would be fabulous. This tool is in C++, so C users can
call it with system(3).

> Debian has long claimed that our packages are just "ar files".  This
> implies that you can use ar(1) to create them, but you can't (well, you
> can, but they won't work).
> 
> I suggest we not abandon this claim.

There ar many different types of ar files; the type that GNU ar chose
was obviously not the same type that Debian chose. I read (I believe on
Slashdot) that the type Debian chose was purposely ancient because it
would be possible to open them up on any system, even those that were
from old times. GNU ar can still extract debian files, in fact it does
it quite well with "ar x foo.deb". It just doesn't create them, which is
our problem.

-- 
Brian M. Carlson <karlsson@hal-pc.org> <http://decoy.wox.org/~bmc> 0x560553E7
Immutability, Three Rules of:
	(1)  If a tarpaulin can flap, it will.
	(2)  If a small boy can get dirty, he will.
	(3)  If a teenager can go out, he will.
[Message part 2 (application/pgp-signature, inline)]

Bug reassigned from package `apt-utils' to `apt'. Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#161593; Package apt. Full text and rfc822 format available.

Acknowledgement sent to Julian Gilbey <jdg@polya.uklinux.net>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>. Full text and rfc822 format available.

Message #136 received at 161593@bugs.debian.org (full text, mbox):

From: Julian Gilbey <jdg@polya.uklinux.net>
To: Branden Robinson <branden@debian.org>, Adam Heath <adam@lapdoog.doogie.org>
Cc: 161680@bugs.debian.org, 161593@bugs.debian.org
Subject: Re: Bug#161680: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Tue, 28 Oct 2003 12:43:02 +0000
What's the current status of these bugs?  Does debsigs now create
valid .debs or not?  I have a request to support debsigs in debsign,
but that is obviously daft if it's then going to create broken debs.

   Julian

On Mon, Oct 07, 2002 at 11:59:00PM -0500, Adam Heath wrote:
> On Mon, 7 Oct 2002, Branden Robinson wrote:
> 
> > On Fri, Sep 20, 2002 at 03:56:19PM -0500, Adam Heath wrote:
> > > Here is what conclusion Jason and I agreed upon:
> > [...]
> > > For official deb creators:
> > >
> > >   * must create archive in bsd format
> > >   * debian-binary must always be first.
> > >   * The order of the members is: debian-binary, control, data.
> > >   * Optional members follow the required members, and are prefixed with '_'.
> >
> > I continue to await advice on what tool "official deb creators" should
> > use to construct ar files.
> >
> > Is there a Perl module or C library for this purpose.  It's been
> > established quite solidly that we can't use the ar from binutils.
> 
> dpkg will provide such a tool.  However, it'll be a bit before such a tool
> enters the archive.
> k



Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#161593; Package apt. Full text and rfc822 format available.

Acknowledgement sent to Wichert Akkerman <wichert@wiggy.net>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>. Full text and rfc822 format available.

Message #141 received at 161593@bugs.debian.org (full text, mbox):

From: Wichert Akkerman <wichert@wiggy.net>
To: Julian Gilbey <jdg@polya.uklinux.net>, 161593@bugs.debian.org
Cc: Branden Robinson <branden@debian.org>, Adam Heath <adam@lapdoog.doogie.org>, 161680@bugs.debian.org
Subject: Re: Bug#161593: Bug#161680: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs
Date: Tue, 28 Oct 2003 23:48:04 +0100
Previously Julian Gilbey wrote:
> What's the current status of these bugs?  Does debsigs now create
> valid .debs or not?  I have a request to support debsigs in debsign,
> but that is obviously daft if it's then going to create broken debs.

It creates valid debs but ftpmaster refuses them if I remember
correctly.

Wichet.

-- 
Wichert Akkerman <wichert@wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.




Bug reassigned from package `apt' to `apt-utils'. Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 161593 222701. Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Andreas Barth <aba@not.so.argh.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>. Full text and rfc822 format available.

Message #150 received at 161593@bugs.debian.org (full text, mbox):

From: Andreas Barth <aba@not.so.argh.org>
To: 161680@bugs.debian.org
Cc: Wichert Akkerman <wichert@wiggy.net>, Julian Gilbey <jdg@polya.uklinux.net>, 161593@bugs.debian.org, Adam Heath <adam@lapdoog.doogie.org>
Subject: [path] apt-utils doesn't fail any more about signed debs
Date: Sat, 6 Dec 2003 13:59:57 +0100
[Message part 1 (text/plain, inline)]
tags 161680 +patch
thanks

Hi,

attached is a patch to debsigs that creates apt-utils compatible
ar-files. However, this patch has one major drawback: It is ugly, and
it duplicates logic form dpkg-deb to debsigs. So, it should be backed
out once a "debian ar" is available, e.g. as part of dpgk.

I also put an updated version of apt-utils at
deb http://debsign.turmzimmer.net/ ./
deb-src http://debsign.turmzimmer.net/ ./


Cheers,
Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C
[patch-debsigs-for-bts (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Andreas Barth <aba@not.so.argh.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>. Full text and rfc822 format available.

Message #155 received at 161593@bugs.debian.org (full text, mbox):

From: Andreas Barth <aba@not.so.argh.org>
To: 222779@bugs.debian.org
Cc: 161593@bugs.debian.org, debian-devel@lists.debian.org, Goswin Brederlow <brederlo@informatik.uni-tuebingen.de>
Subject: [PROPOSAL] definition of deb binary files
Date: Sun, 7 Dec 2003 20:16:52 +0100
Hi,

I made a proposal of an updated deb format definition. I based that on
the manpage deb (part of dpkg-dev), and on reverse engineering of
dpkg-deb/build.c. I hope I've written the standard in a right and easy
to understandable way. I did (by purpose) not add anything about
signatures etc, but I just wanted to document what we have at current.
Discussion about additions should (IMHO) be kept seperate.

IMHO this definition should become part of the policy; I propose
either an new chapter 12, or an addition to chapter 3 Binary packages,
whatever seems more appropriate. This means that also some parts of
Appendix B could be removed at this occasion.

I'm also Ccing one bug of apt-utils, where I also got some of the
information from, and debian-devel. Please restrict the crossposting
on answers if usefull.


Cheers,
Andi


DESCRIPTION

The .deb format is the Debian binary package file format. It is understood
by dpkg 0.93.76 and later, and is generated by default by all versions
of dpkg since 1.2.0 and all i386/ELF versions since 1.1.1elf.

The format described here is used since Debian 0.93; details of the old
format are described in deb-old(5).


OVERALL FORMAT

The file is an ar archive in a certain ar version and with a magic number
of !<arch>. Due to the robustness principle, extracting tools should be
able to cope with as many of the different ar versions as possible; if they
don't, its at maximum a wishlist bug. On the other hand, tools providing
.deb-files MUST only provide strictly standard compatible files. Every
other behaviour is a serious bug!

The first member of the archive is name debian-binary and contains a series
of lines, separated by newlines. Currently only one line is present, the
format version number. The 2.0 format is current, and this format is
described in that document. Programs which read .deb-files should be
prepared for the minor number to be increased and new lines to be present,
and should ignore these if this is the case. If the major number has a
value a programm doesn't know, an incompatible change has happend, and
the program should abort with an error.


OVERALL AR FORMAT

The ar-format is (by purpose) one of the most ancient formats. This has the
reason that it should be possible to unpack .deb-files on as many different
computers as possible. Furthermore, it makes it also more easy for our code
to handle it.

Any ar files can be written as AR-FILE := HEADER [MEMBER]*.
The header is the string "!<arch>\n" (not null terminated).

Each member itself consists of the member head, and of the body, and, if
necessary, a padding '\n'. All information in the members head is printable
ascii, and each value is padded with spaces on the right side; at least one
space must be present, so the information must be shorter than the maximum
number of bytes available. The head is composed of the name (16 bytes), the
date in seconds since epoch (1970-1-1 0:00:00 UTC) in decimal notion (12
bytes), the uid and gid of the owner in decimal notion (each 6 bytes;
usually both 0), the file member mode in octal notion, begining with 1 (8
bytes; usually 100644), the size of the member body (the size is measure
without possible padding to the body; 10 bytes) and the two bytes "`\n".
After the member head, the member body follows unquoted; if the member body
has uneven lenght, it is padded with a single '\n'; so any members start on
an even byte boundry.

So, the initial member looks like:
debian-binary   1070194109  0     0     100644  4         `
2.0

Newer ar features (as longer file names, filesnames with spaces, ...) are
a violation of this standard; however, extracting tools should try to
support them as good as possible, but if they do not, that's just at
maximum a wishlist bug.


DEB 2 ARCHIVE MEMBERS

Archives with the major number 2 must have (after the initial member
debian-binary) in this exact order the members control.tar.gz and
data.tar.gz. After this, optional members can follow, but they must have a
'_' as the first character of their name.

control.tar.gz is a gzipped tar archive containing the package control
information, as a series of plain files, of which the file control is
mandatory and contains the core control information. Please see the Debian
Packaging Manual, section 2.2 for details of these files. The control
tarball may optionally contain an entry for `.', the current directory.

data.tar.gz contains the filesystem archive as a gzipped tar archive.


DEB 1 ARCHIVE MEMBERS

See the man-page deb-old(5) for a definition.
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C



Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#161593; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Wichert Akkerman <wichert@wiggy.net>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>. Full text and rfc822 format available.

Message #160 received at 161593@bugs.debian.org (full text, mbox):

From: Wichert Akkerman <wichert@wiggy.net>
To: Andreas Barth <aba@not.so.argh.org>, 222779@bugs.debian.org, 161593@bugs.debian.org, debian-devel@lists.debian.org, Goswin Brederlow <brederlo@informatik.uni-tuebingen.de>
Subject: Re: Bug#161593: [PROPOSAL] definition of deb binary files
Date: Sun, 7 Dec 2003 21:52:56 +0100
Previously Andreas Barth wrote:
> IMHO this definition should become part of the policy; I propose
> either an new chapter 12, or an addition to chapter 3 Binary packages,

It should be part of the dpkg reference manual (partially online at
www.dpkg.org). Patches against the text as you can find in CVS are
welcome.

Wichert.

-- 
Wichert Akkerman <wichert@wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 08:34:14 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.