* merged changes from the conference

Patches applied:

 * apt@arch.ubuntu.com/apt--experimental--0.6--base-0
   tag of apt@arch.ubuntu.com/apt--MAIN--0--patch-1190

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-1
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-2
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-3
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-4
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-5
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-6
   Creation of branch v0_6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-7
   Merge working copy of v0.6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-8
   0.6.0 is headed for experimental, not unstable

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-9
   Date

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-10
   Update LIB_APT_PKG_MAJOR

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-11
   - Fix a heap corruption bug in pkgSrcRecords::pkgSrcRec...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-12
   Resynch

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-13
   * Merge apt 0.5.17

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-14
   * Rearrange Release file authentication code to be more...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-15
   * Convert distribution "../project/experimental" to "ex...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-16
   Merge 1.11

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-17
   Merge 1.7

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-18
   Merge 1.10

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-19
   * Make a number of Release file errors into warnings; f...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-20
   * Add space between package names when multiple unauthe...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-21
   * Provide apt-key with a secret keyring and a trustdb, ...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-22
   * Fix typo in apt-key(8) (standard input is '-', not '/')

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-23
   0.6.2

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-24
   Resynch

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-25
   * Fix MetaIndexURI for flat ("foo/") sources

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-26
   0.6.3

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-27
   * Use the top-level Release file in LoadReleaseInfo, ra...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-28
   0.6.4

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-29
   Clarify

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-30
   * Move the authentication check into a separate functio...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-31
   * Fix display of unauthenticated packages when they are...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-32
   * Move the authentication check into a separate functio...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-33
   * Restore the ugly hack I removed from indexRecords::Lo...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-34
   0.6.6

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-35
   * Forgot to revert part of the changes to tagfile in 0....

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-36
   * Add a config option and corresponding command line option

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-37
   0.6.8

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-38
   hopefully avoid more segfaults

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-39
   XXX

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-40
   * Another tagfile workaround

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-41
   * Use "Codename" (woody, sarge, etc.) to supply the val...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-42
   * Support IMS requests of Release.gpg and Release

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-43
   * Have pkgAcquireIndex calculate an MD5 sum if one is n...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-44
   * Merge 0.5.18

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-45
   apt (0.6.13) experimental; urgency=low

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-46
   0.6.13

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-47
   Merge 0.5.20

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-48
   The source list works a bit differently in 0.6; fix the...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-49
   * s/Debug::Acquire::gpg/&v/

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-50
   * Honor the [vendor] syntax in sources.list again (thou...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-51
   * Don't ship vendors.list(5) since it isn't used yet

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-52
   * Revert change from 0.6.10; it was right in the first ...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-53
   * Fix some cases where the .gpg file could be left in p...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-54
   Print a warning if gnupg is not installed

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-55
   * Handle more IMS stuff correctly

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-56
   0.6.17

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-57
   * Merge 0.5.21

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-58
   * Add new Debian Archive Automatic Signing Key to the d...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-59
   0.6.18

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-60
   * Merge 0.5.22

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-61
   * Convert apt-key(8) to docbook XML

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-62
   Merge 0.5.23

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-63
   Remove bogus partial 0.5.22 changelog entry

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-64
   Make the auth warning a bit less redundant

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-65
   * Merge 0.5.24

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-66
   * Make the unauthenticated packages prompt more intuiti...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-67
   Merge 0.5.25

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-68
   * Remove obsolete pkgIterator::TargetVer() (Closes: #230159)

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-69
   * Reverse test in CheckAuth to match new prompt (Closes...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-70
   Update version

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-71
   Fix backwards sense of CheckAuth prompt

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-72
   0.6.24

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-73
   Close bug

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-74
   * Fix handling of two-part sources for sources.list deb...

 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-75
   0.6.25

 * apt@packages.debian.org/apt--authentication--0--base-0
   tag of apt@arch.ubuntu.com/apt--experimental--0.6--patch-75

 * apt@packages.debian.org/apt--authentication--0--patch-1
   Michael Vogt's merge of apt--experimental--0 onto apt--main--0

 * apt@packages.debian.org/apt--authentication--0--patch-2
   Merge from apt--main--0

 * apt@packages.debian.org/apt--authentication--0--patch-3
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-4
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-5
   Update version number in configure.in

 * apt@packages.debian.org/apt--authentication--0--patch-6
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-7
   Merge from main

 * apt@packages.debian.org/apt--authentication--0--patch-8
   Merge from mvo's branch

 * apt@packages.debian.org/apt--authentication--0--patch-9
   Merge from mvo's tree

 * apt@packages.debian.org/apt--authentication--0--patch-10
   Merge from mvo

 * apt@packages.debian.org/apt--authentication--0--patch-11
   Fix permissions AGAIN

 * apt@packages.debian.org/apt--bzip2-debs--0--base-0
   tag of apt@packages.debian.org/apt--main--0--patch-30

 * apt@packages.debian.org/apt--bzip2-debs--0--patch-1
   Create baz branch

 * apt@packages.debian.org/apt--bzip2-debs--0--patch-2
   Implement data.tar.bz2 support

 * apt@packages.debian.org/apt--main--0--patch-30
   Fix changelog

 * apt@packages.debian.org/apt--main--0--patch-31
   Fix permissions again

 * apt@packages.debian.org/apt--main--0--patch-32
   Fix permissions again

 * apt@packages.debian.org/apt--main--0--patch-33
   Use baz instead of tla

 * apt@packages.debian.org/apt--main--0--patch-34
   Merge bzip2-debs branch

 * apt@packages.debian.org/apt--main--0--patch-35
   Fix changelog

 * apt@packages.debian.org/apt--main--0--patch-36
   untagged-source precious

 * apt@packages.debian.org/apt--main--0--patch-37
   Add .arch-inventory files

 * apt@packages.debian.org/apt--main--0--patch-38
   Fix permissions again

 * apt@packages.debian.org/apt--main--0--patch-39
   Merge apt--authentication--0

 * apt@packages.debian.org/apt--main--0--patch-40
   Merge misc-abi-changes

 * apt@packages.debian.org/apt--main--0--patch-41
   Merge from mvo

 * apt@packages.debian.org/apt--misc-abi-changes--0--base-0
   tag of apt@packages.debian.org/apt--main--0--patch-16

 * apt@packages.debian.org/apt--misc-abi-changes--0--patch-1
   Fix apt-get -s remove to not display the candidate version

 * apt@packages.debian.org/apt--misc-abi-changes--0--patch-2
   Merge from main

 * apt@packages.debian.org/apt--misc-abi-changes--0--patch-3
   Use pid_t throughout to hold process IDs

 * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--base-0
   tag of michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12

 * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--patch-1
   * star-merged matt's changes (bz2 support for data-members in debs)

 * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--patch-2
   * ignore errors when a Packages.bz2/Sources.bz2 can't be found and try with Packages.gz/Sources.gz again

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--base-0
   tag of apt@packages.debian.org/apt--main--0--patch-34

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-1
   * merged matt's tree (with all those apt-authentication changes)

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-2
   don't display a error if a bzip2 package can not be downloaded, just ignore (Ign) it

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-3
   * "chmod 755 cmdline/apt-key", changed version to 0.6.27ubuntu1

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-4
   * fix for a stupid merge error (from 0.5->0.6)

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-5
   * unstable should really be hoary

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-6
   * stronger dependencies for libapt-pkg-dev (depends on the source version of apt and apt-watch now)

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-7
   * distro really should be hoary, not unstable :/

 * michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-8
   * documented the "--allow-unauthenticated" switch

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-1
   tag of apt@packages.debian.org/apt--authentication--0--base-0

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-2
   merged "tla apply-delta -A foo@ apt@arch.ubuntu.com/apt--MAIN--0--patch-1190 apt@arch.ubuntu.com/apt--MAIN--0--patch-1343" and cleaned up conflicts

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-3
   * missing bits from the merge added

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-4
   * star-merged with apt@packages.debian.org/apt--main--0

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-5
   * tree-synced to the apt--authentication tree

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-6
   * use the ubuntu-key in this version

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-7
   * imported the patches from mdz

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-8
   * apt-get update --print-uris works now as before (fallback to 0.5.x behaviour)

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-9
   * fix for the "if any source unauthenticated, all other sources are unauthenticated too" problem

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-10
   * reworked the "--print-uris" patch. it no longer uses: "APT::Get::Print-URIs" in the library

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-11
   * version of the library set to 3.6

 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12
   * changelog finallized, will upload to people.ubuntulinux.org/~mvo/apt-authentication

 * michael.vogt@canonical.com--2004/apt--main-authentication--0--base-0
   tag of apt@packages.debian.org/apt--main--0--patch-22

 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-1
   * star-merge from apt--experimental--0.6

 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-2
   * compile failure fix for methods/http.cc, po-file fixes

apt-inst/contrib/arfile.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: arfile.cc,v 1.7 2004/01/07 20:39:37 mdz Exp $
+// $Id: arfile.cc,v 1.6.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    AR File - Handle an 'AR' archive

apt-inst/contrib/extracttar.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: extracttar.cc,v 1.9 2004/01/07 20:39:37 mdz Exp $
+// $Id: extracttar.cc,v 1.8.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    Extract a Tar - Tar Extractor
@@ -58,8 +58,8 @@ struct ExtractTar::TarHeader
 // ExtractTar::ExtractTar - Constructor					/*{{{*/
 // ---------------------------------------------------------------------
 /* */
-ExtractTar::ExtractTar(FileFd &Fd,unsigned long Max) : File(Fd), 
-                         MaxInSize(Max)
+ExtractTar::ExtractTar(FileFd &Fd,unsigned long Max,string DecompressionProgram) : File(Fd), 
+                         MaxInSize(Max), DecompressProg(DecompressionProgram)
 
 {
    GZPid = -1;
@@ -93,7 +93,8 @@ bool ExtractTar::Done(bool Force)
    
    // Make sure we clean it up!
    kill(GZPid,SIGINT);
-   if (ExecWait(GZPid,_config->Find("dir::bin::gzip","/bin/gzip").c_str(),
+   string confvar = string("dir::bin::") + DecompressProg;
+   if (ExecWait(GZPid,_config->Find(confvar.c_str(),DecompressProg.c_str()).c_str(),
 		Force) == false)
    {
       GZPid = -1;
@@ -134,10 +135,11 @@ bool ExtractTar::StartGzip()
       SetCloseExec(STDERR_FILENO,false);
       
       const char *Args[3];
-      Args[0] = _config->Find("dir::bin::gzip","/bin/gzip").c_str();
+      string confvar = string("dir::bin::") + DecompressProg;
+      Args[0] = _config->Find(confvar.c_str(),DecompressProg.c_str()).c_str();
       Args[1] = "-d";
       Args[2] = 0;
-      execv(Args[0],(char **)Args);
+      execvp(Args[0],(char **)Args);
       cerr << _("Failed to exec gzip ") << Args[0] << endl;
       _exit(100);
    }

apt-inst/contrib/extracttar.h

@@ -38,6 +38,7 @@ class ExtractTar
    int GZPid;
    FileFd InFd;
    bool Eof;
+   string DecompressProg;
    
    // Fork and reap gzip
    bool StartGzip();
@@ -47,7 +48,7 @@ class ExtractTar
 
    bool Go(pkgDirStream &Stream);
    
-   ExtractTar(FileFd &Fd,unsigned long Max);
+   ExtractTar(FileFd &Fd,unsigned long Max,string DecompressionProgram);
    virtual ~ExtractTar();
 };
 

apt-inst/deb/debfile.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: debfile.cc,v 1.4 2004/01/07 20:39:37 mdz Exp $
+// $Id: debfile.cc,v 1.3.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    Debian Archive File (.deb)
@@ -37,12 +37,21 @@ debDebFile::debDebFile(FileFd &File) : File(File), AR(File)
 {
    if (_error->PendingError() == true)
       return;
-   
-   // Check the members for validity
-   if (CheckMember("debian-binary") == false ||
-       CheckMember("control.tar.gz") == false ||
-       CheckMember("data.tar.gz") == false)
+
+   if (!CheckMember("debian-binary")) {
+      _error->Error(_("This is not a valid DEB archive, missing '%s' member"), "debian-binary");
+      return;
+   }
+
+   if (!CheckMember("control.tar.gz")) {
+      _error->Error(_("This is not a valid DEB archive, missing '%s' member"), "control.tar.gz");
       return;
+   }
+
+   if (!CheckMember("data.tar.gz") && !CheckMember("data.tar.bz2")) {
+      _error->Error(_("This is not a valid DEB archive, it has no '%s' or '%s' member"), "data.tar.gz", "data.tar.bz2");
+      return;
+   }
 }
 									/*}}}*/
 // DebFile::CheckMember - Check if a named member is in the archive	/*{{{*/
@@ -52,7 +61,7 @@ debDebFile::debDebFile(FileFd &File) : File(File), AR(File)
 bool debDebFile::CheckMember(const char *Name)
 {
    if (AR.FindMember(Name) == 0)
-      return _error->Error(_("This is not a valid DEB archive, missing '%s' member"),Name);
+      return false;
    return true;
 }
 									/*}}}*/
@@ -69,7 +78,6 @@ const ARArchive::Member *debDebFile::GotoMember(const char *Name)
    const ARArchive::Member *Member = AR.FindMember(Name);
    if (Member == 0)
    {
-      _error->Error(_("Internal Error, could not locate member %s"),Name);
       return 0;
    }
    if (File.Seek(Member->Start) == false)
@@ -91,7 +99,7 @@ bool debDebFile::ExtractControl(pkgDataBase &DB)
       
    // Prepare Tar
    ControlExtract Extract;
-   ExtractTar Tar(File,Member->Size);
+   ExtractTar Tar(File,Member->Size,"gzip");
    if (_error->PendingError() == true)
       return false;
    
@@ -121,13 +129,18 @@ bool debDebFile::ExtractArchive(pkgDirStream &Stream)
 {
    // Get the archive member and positition the file 
    const ARArchive::Member *Member = AR.FindMember("data.tar.gz");
+   const char *Compressor = "gzip";
+   if (Member == 0) {
+      Member = AR.FindMember("data.tar.bz2");
+      Compressor = "bzip2";
+   }
    if (Member == 0)
       return _error->Error(_("Internal Error, could not locate member"));   
    if (File.Seek(Member->Start) == false)
       return false;
       
    // Prepare Tar
-   ExtractTar Tar(File,Member->Size);
+   ExtractTar Tar(File,Member->Size,Compressor);
    if (_error->PendingError() == true)
       return false;
    return Tar.Go(Stream);
@@ -230,7 +243,7 @@ bool debDebFile::MemControlExtract::Read(debDebFile &Deb)
       return false;
 
    // Extract it.
-   ExtractTar Tar(Deb.GetFile(),Member->Size);
+   ExtractTar Tar(Deb.GetFile(),Member->Size,"gzip");
    if (Tar.Go(*this) == false)
       return false;
 

apt-inst/deb/dpkgdb.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: dpkgdb.cc,v 1.8 2004/01/07 20:39:37 mdz Exp $
+// $Id: dpkgdb.cc,v 1.7.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    DPKGv1 Database Implemenation
@@ -61,7 +61,7 @@ static bool EraseDir(const char *Dir)
       return _error->Errno("rmdir",_("Failed to remove %s"),Dir);
    
    // Purge it using rm
-   int Pid = ExecFork();
+   pid_t Pid = ExecFork();
 
    // Spawn the subprocess
    if (Pid == 0)

apt-inst/dirstream.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: dirstream.cc,v 1.4 2004/01/07 20:39:37 mdz Exp $
+// $Id: dirstream.cc,v 1.3.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    Directory Stream 

apt-inst/extract.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: extract.cc,v 1.7 2004/01/07 20:39:37 mdz Exp $
+// $Id: extract.cc,v 1.6.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    Archive Extraction Directory Stream

apt-inst/filelist.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: filelist.cc,v 1.5 2004/01/07 20:39:37 mdz Exp $
+// $Id: filelist.cc,v 1.4.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    File Listing - Manages a Cache of File -> Package names.

apt-inst/makefile

@@ -12,7 +12,7 @@ include ../buildlib/defaults.mak
 # The library name
 LIBRARY=apt-inst
 LIBEXT=$(GLIBC_VER)$(LIBSTDCPP_VER)
-MAJOR=1.0
+MAJOR=1.1
 MINOR=0
 SLIBS=$(PTHREADLIB) -lapt-pkg
 APT_DOMAIN:=libapt-inst$(MAJOR)

apt-pkg/acquire-item.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: acquire-item.cc,v 1.46 2003/02/02 22:19:17 jgg Exp $
+// $Id: acquire-item.cc,v 1.46.2.9 2004/01/16 18:51:11 mdz Exp $
 /* ######################################################################
 
    Acquire Item - Item to acquire
@@ -19,9 +19,11 @@
 #include <apt-pkg/acquire-item.h>
 #include <apt-pkg/configuration.h>
 #include <apt-pkg/sourcelist.h>
+#include <apt-pkg/vendorlist.h>
 #include <apt-pkg/error.h>
 #include <apt-pkg/strutl.h>
 #include <apt-pkg/fileutl.h>
+#include <apt-pkg/md5.h>
 
 #include <apti18n.h>
     
@@ -32,7 +34,7 @@
 #include <stdio.h>
 									/*}}}*/
 
-using std::string;
+using namespace std;
 
 // Acquire::Item::Item - Constructor					/*{{{*/
 // ---------------------------------------------------------------------
@@ -134,8 +136,9 @@ void pkgAcquire::Item::Rename(string From,string To)
 /* The package file is added to the queue and a second class is 
    instantiated to fetch the revision file */   
 pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner,
-			 string URI,string URIDesc,string ShortDesc) :
-                      Item(Owner), RealURI(URI)
+			 string URI,string URIDesc,string ShortDesc,
+			 string ExpectedMD5, string comprExt) :
+   Item(Owner), RealURI(URI), ExpectedMD5(ExpectedMD5)
 {
    Decompression = false;
    Erase = false;
@@ -143,11 +146,17 @@ pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner,
    DestFile = _config->FindDir("Dir::State::lists") + "partial/";
    DestFile += URItoFileName(URI);
 
-   // Create the item
-   if(FileExists("/usr/bin/bzip2"))
-      Desc.URI = URI + ".bz2"; 
-   else
-      Desc.URI = URI + ".gz"; 
+   if(comprExt.empty()) 
+   {
+      // autoselect 
+      if(FileExists("/usr/bin/bzip2"))
+	 Desc.URI = URI + ".bz2"; 
+      else
+	 Desc.URI = URI + ".gz"; 
+   } else {
+      Desc.URI = URI + comprExt; 
+   }
+
    Desc.Description = URIDesc;
    Desc.Owner = this;
    Desc.ShortDesc = ShortDesc;
@@ -176,7 +185,13 @@ void pkgAcqIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
    // no .bz2 found, retry with .gz
    if(Desc.URI.substr(Desc.URI.size()-3,Desc.URI.size()-1) == "bz2") {
       Desc.URI = Desc.URI.substr(0,Desc.URI.size()-3) + "gz"; 
-      QueueURI(Desc);
+
+      // retry with a gzip one 
+      new pkgAcqIndex(Owner, RealURI, Desc.Description,Desc.ShortDesc, 
+		      ExpectedMD5, string(".gz"));
+      Status = StatDone;
+      Complete = false;
+      Dequeue();
       return;
    }
 
@@ -199,6 +214,28 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string MD5,
 
    if (Decompression == true)
    {
+      if (_config->FindB("Debug::pkgAcquire::Auth", false))
+      {
+         std::cerr << std::endl << RealURI << ": Computed MD5: " << MD5;
+         std::cerr << "  Expected MD5: " << ExpectedMD5 << std::endl;
+      }
+
+      if (MD5.empty())
+      {
+         MD5Summation sum;
+         FileFd Fd(DestFile, FileFd::ReadOnly);
+         sum.AddFD(Fd.Fd(), Fd.Size());
+         Fd.Close();
+         MD5 = (string)sum.Result();
+      }
+
+      if (!ExpectedMD5.empty() && MD5 != ExpectedMD5)
+      {
+         Status = StatAuthError;
+         ErrorText = _("MD5Sum mismatch");
+         Rename(DestFile,DestFile + ".FAILED");
+         return;
+      }
       // Done, move it into position
       string FinalFile = _config->FindDir("Dir::State::lists");
       FinalFile += URItoFileName(RealURI);
@@ -226,7 +263,7 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string MD5,
       // The files timestamp matches
       if (StringToBool(LookupTag(Message,"Alt-IMS-Hit"),false) == true)
 	 return;
-      
+
       Decompression = true;
       Local = true;
       DestFile += ".decomp";
@@ -269,31 +306,45 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string MD5,
    QueueURI(Desc);
    Mode = decompProg;
 }
-									/*}}}*/
 
-// AcqIndexRel::pkgAcqIndexRel - Constructor				/*{{{*/
-// ---------------------------------------------------------------------
-/* The Release file is added to the queue */
-pkgAcqIndexRel::pkgAcqIndexRel(pkgAcquire *Owner,
-			    string URI,string URIDesc,string ShortDesc) :
-                      Item(Owner), RealURI(URI)
+pkgAcqMetaSig::pkgAcqMetaSig(pkgAcquire *Owner,
+			     string URI,string URIDesc,string ShortDesc,
+			     string MetaIndexURI, string MetaIndexURIDesc,
+			     string MetaIndexShortDesc,
+			     const vector<IndexTarget*>* IndexTargets,
+			     indexRecords* MetaIndexParser) :
+   Item(Owner), RealURI(URI), MetaIndexURI(MetaIndexURI),
+   MetaIndexURIDesc(MetaIndexURIDesc), MetaIndexShortDesc(MetaIndexShortDesc)
 {
+   this->MetaIndexParser = MetaIndexParser;
+   this->IndexTargets = IndexTargets;
    DestFile = _config->FindDir("Dir::State::lists") + "partial/";
    DestFile += URItoFileName(URI);
-   
+
    // Create the item
-   Desc.URI = URI;
    Desc.Description = URIDesc;
-   Desc.ShortDesc = ShortDesc;
    Desc.Owner = this;
+   Desc.ShortDesc = ShortDesc;
+   Desc.URI = URI;
+   
+      
+   string Final = _config->FindDir("Dir::State::lists");
+   Final += URItoFileName(RealURI);
+   struct stat Buf;
+   if (stat(Final.c_str(),&Buf) == 0)
+   {
+      // File was already in place.  It needs to be re-verified
+      // because Release might have changed, so Move it into partial
+      Rename(Final,DestFile);
+   }
 
    QueueURI(Desc);
 }
 									/*}}}*/
-// AcqIndexRel::Custom600Headers - Insert custom request headers	/*{{{*/
+// pkgAcqMetaSig::Custom600Headers - Insert custom request headers	/*{{{*/
 // ---------------------------------------------------------------------
 /* The only header we use is the last-modified header. */
-string pkgAcqIndexRel::Custom600Headers()
+string pkgAcqMetaSig::Custom600Headers()
 {
    string Final = _config->FindDir("Dir::State::lists");
    Final += URItoFileName(RealURI);
@@ -304,14 +355,9 @@ string pkgAcqIndexRel::Custom600Headers()
    
    return "\nIndex-File: true\nLast-Modified: " + TimeRFC1123(Buf.st_mtime);
 }
-									/*}}}*/
-// AcqIndexRel::Done - Item downloaded OK				/*{{{*/
-// ---------------------------------------------------------------------
-/* The release file was not placed into the download directory then
-   a copy URI is generated and it is copied there otherwise the file
-   in the partial directory is moved into .. and the URI is finished. */
-void pkgAcqIndexRel::Done(string Message,unsigned long Size,string MD5,
-			  pkgAcquire::MethodConfig *Cfg)
+
+void pkgAcqMetaSig::Done(string Message,unsigned long Size,string MD5,
+			 pkgAcquire::MethodConfig *Cfg)
 {
    Item::Done(Message,Size,MD5,Cfg);
 
@@ -323,34 +369,34 @@ void pkgAcqIndexRel::Done(string Message,unsigned long Size,string MD5,
       return;
    }
 
-   Complete = true;
-   
-   // The files timestamp matches
-   if (StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
-      return;
-   
-   // We have to copy it into place
    if (FileName != DestFile)
    {
+      // We have to copy it into place
       Local = true;
       Desc.URI = "copy:" + FileName;
       QueueURI(Desc);
       return;
    }
-   
-   // Done, move it into position
-   string FinalFile = _config->FindDir("Dir::State::lists");
-   FinalFile += URItoFileName(RealURI);
-   Rename(DestFile,FinalFile);
-   
-   chmod(FinalFile.c_str(),0644);
+
+   Complete = true;
+
+   // queue a pkgAcqMetaIndex to be verified against the sig we just retrieved
+   new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc,
+		       DestFile, IndexTargets, MetaIndexParser);
+
 }
 									/*}}}*/
-// AcqIndexRel::Failed - Silence failure messages for missing rel files	/*{{{*/
-// ---------------------------------------------------------------------
-/* */
-void pkgAcqIndexRel::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
+void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
 {
+   // Delete any existing sigfile, so that this source isn't
+   // mistakenly trusted
+   string Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
+   unlink(Final.c_str());
+
+   // queue a pkgAcqMetaIndex with no sigfile
+   new pkgAcqMetaIndex(Owner, MetaIndexURI, MetaIndexURIDesc, MetaIndexShortDesc,
+		       "", IndexTargets, MetaIndexParser);
+
    if (Cnf->LocalOnly == true || 
        StringToBool(LookupTag(Message,"Transient-Failure"),false) == false)
    {      
@@ -363,6 +409,284 @@ void pkgAcqIndexRel::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
    
    Item::Failed(Message,Cnf);
 }
+
+pkgAcqMetaIndex::pkgAcqMetaIndex(pkgAcquire *Owner,
+				 string URI,string URIDesc,string ShortDesc,
+				 string SigFile,
+				 const vector<struct IndexTarget*>* IndexTargets,
+				 indexRecords* MetaIndexParser) :
+  Item(Owner), RealURI(URI), SigFile(SigFile)
+{
+   this->AuthPass = false;
+   this->MetaIndexParser = MetaIndexParser;
+   this->IndexTargets = IndexTargets;
+   DestFile = _config->FindDir("Dir::State::lists") + "partial/";
+   DestFile += URItoFileName(URI);
+
+   // Create the item
+   Desc.Description = URIDesc;
+   Desc.Owner = this;
+   Desc.ShortDesc = ShortDesc;
+   Desc.URI = URI;
+
+   QueueURI(Desc);
+}
+
+									/*}}}*/
+// pkgAcqMetaIndex::Custom600Headers - Insert custom request headers	/*{{{*/
+// ---------------------------------------------------------------------
+/* The only header we use is the last-modified header. */
+string pkgAcqMetaIndex::Custom600Headers()
+{
+   string Final = _config->FindDir("Dir::State::lists");
+   Final += URItoFileName(RealURI);
+   
+   struct stat Buf;
+   if (stat(Final.c_str(),&Buf) != 0)
+      return "\nIndex-File: true";
+   
+   return "\nIndex-File: true\nLast-Modified: " + TimeRFC1123(Buf.st_mtime);
+}
+
+void pkgAcqMetaIndex::Done(string Message,unsigned long Size,string MD5,
+			   pkgAcquire::MethodConfig *Cfg)
+{
+   Item::Done(Message,Size,MD5,Cfg);
+
+   // MetaIndexes are done in two passes: one to download the
+   // metaindex with an appropriate method, and a second to verify it
+   // with the gpgv method
+
+   if (AuthPass == true)
+   {
+      AuthDone(Message);
+   }
+   else
+   {
+      RetrievalDone(Message);
+      if (!Complete)
+         // Still more retrieving to do
+         return;
+
+      if (SigFile == "")
+      {
+         // There was no signature file, so we are finished.  Download
+         // the indexes without verification.
+         QueueIndexes(false);
+      }
+      else
+      {
+         // There was a signature file, so pass it to gpgv for
+         // verification
+
+         if (_config->FindB("Debug::pkgAcquire::Auth", false))
+            std::cerr << "Metaindex acquired, queueing gpg verification ("
+                      << SigFile << "," << DestFile << ")\n";
+         AuthPass = true;
+         Desc.URI = "gpgv:" + SigFile;
+         QueueURI(Desc);
+         Mode = "gpgv";
+      }
+   }
+}
+
+void pkgAcqMetaIndex::RetrievalDone(string Message)
+{
+   // We have just finished downloading a Release file (it is not
+   // verified yet)
+
+   string FileName = LookupTag(Message,"Filename");
+   if (FileName.empty() == true)
+   {
+      Status = StatError;
+      ErrorText = "Method gave a blank filename";
+      return;
+   }
+
+   if (FileName != DestFile)
+   {
+      Local = true;
+      Desc.URI = "copy:" + FileName;
+      QueueURI(Desc);
+      return;
+   }
+
+   Complete = true;
+
+   string FinalFile = _config->FindDir("Dir::State::lists");
+   FinalFile += URItoFileName(RealURI);
+
+   // The files timestamp matches
+   if (StringToBool(LookupTag(Message,"IMS-Hit"),false) == false)
+   {
+      // Move it into position
+      Rename(DestFile,FinalFile);
+   }
+   DestFile = FinalFile;
+}
+
+void pkgAcqMetaIndex::AuthDone(string Message)
+{
+   // At this point, the gpgv method has succeeded, so there is a
+   // valid signature from a key in the trusted keyring.  We
+   // perform additional verification of its contents, and use them
+   // to verify the indexes we are about to download
+
+   if (!MetaIndexParser->Load(DestFile))
+   {
+      Status = StatAuthError;
+      ErrorText = MetaIndexParser->ErrorText;
+      return;
+   }
+
+   if (!VerifyVendor())
+   {
+      return;
+   }
+
+   if (_config->FindB("Debug::pkgAcquire::Auth", false))
+      std::cerr << "Signature verification succeeded: "
+                << DestFile << std::endl;
+
+   // Download further indexes with verification
+   QueueIndexes(true);
+
+   // Done, move signature file into position
+
+   string VerifiedSigFile = _config->FindDir("Dir::State::lists") +
+      URItoFileName(RealURI) + ".gpg";
+   Rename(SigFile,VerifiedSigFile);
+   chmod(VerifiedSigFile.c_str(),0644);
+}
+
+void pkgAcqMetaIndex::QueueIndexes(bool verify)
+{
+   for (vector <struct IndexTarget*>::const_iterator Target = IndexTargets->begin();
+        Target != IndexTargets->end();
+        Target++)
+   {
+      string ExpectedIndexMD5;
+      if (verify)
+      {
+         const indexRecords::checkSum *Record = MetaIndexParser->Lookup((*Target)->MetaKey);
+         if (!Record)
+         {
+            Status = StatAuthError;
+            ErrorText = "Unable to find expected entry  "
+               + (*Target)->MetaKey + " in Meta-index file (malformed Release file?)";
+            return;
+         }
+         ExpectedIndexMD5 = Record->MD5Hash;
+         if (_config->FindB("Debug::pkgAcquire::Auth", false))
+         {
+            std::cerr << "Queueing: " << (*Target)->URI << std::endl;
+            std::cerr << "Expected MD5: " << ExpectedIndexMD5 << std::endl;
+         }
+         if (ExpectedIndexMD5.empty())
+         {
+            Status = StatAuthError;
+            ErrorText = "Unable to find MD5 sum for "
+               + (*Target)->MetaKey + " in Meta-index file";
+            return;
+         }
+      }
+      
+      // Queue Packages file
+      new pkgAcqIndex(Owner, (*Target)->URI, (*Target)->Description,
+                      (*Target)->ShortDesc, ExpectedIndexMD5);
+   }
+}
+
+bool pkgAcqMetaIndex::VerifyVendor()
+{
+//    // Maybe this should be made available from above so we don't have
+//    // to read and parse it every time?
+//    pkgVendorList List;
+//    List.ReadMainList();
+
+//    const Vendor* Vndr = NULL;
+//    for (std::vector<string>::const_iterator I = GPGVOutput.begin(); I != GPGVOutput.end(); I++)
+//    {
+//       string::size_type pos = (*I).find("VALIDSIG ");
+//       if (_config->FindB("Debug::Vendor", false))
+//          std::cerr << "Looking for VALIDSIG in \"" << (*I) << "\": pos " << pos 
+//                    << std::endl;
+//       if (pos != std::string::npos)
+//       {
+//          string Fingerprint = (*I).substr(pos+sizeof("VALIDSIG"));
+//          if (_config->FindB("Debug::Vendor", false))
+//             std::cerr << "Looking for \"" << Fingerprint << "\" in vendor..." <<
+//                std::endl;
+//          Vndr = List.FindVendor(Fingerprint) != "";
+//          if (Vndr != NULL);
+//          break;
+//       }
+//    }
+
+   string Transformed = MetaIndexParser->GetExpectedDist();
+
+   if (Transformed == "../project/experimental")
+   {
+      Transformed = "experimental";
+   }
+
+   string::size_type pos = Transformed.rfind('/');
+   if (pos != string::npos)
+   {
+      Transformed = Transformed.substr(0, pos);
+   }
+
+   if (Transformed == ".")
+   {
+      Transformed = "";
+   }
+
+   if (_config->FindB("Debug::pkgAcquire::Auth", false)) 
+   {
+      std::cerr << "Got Codename: " << MetaIndexParser->GetDist() << std::endl;
+      std::cerr << "Expecting Dist: " << MetaIndexParser->GetExpectedDist() << std::endl;
+      std::cerr << "Transformed Dist: " << Transformed << std::endl;
+   }
+
+   if (MetaIndexParser->CheckDist(Transformed) == false)
+   {
+      // This might become fatal one day
+//       Status = StatAuthError;
+//       ErrorText = "Conflicting distribution; expected "
+//          + MetaIndexParser->GetExpectedDist() + " but got "
+//          + MetaIndexParser->GetDist();
+//       return false;
+      if (!Transformed.empty())
+      {
+         _error->Warning("Conflicting distribution: %s (expected %s but got %s)",
+                         Desc.Description.c_str(),
+                         Transformed.c_str(),
+                         MetaIndexParser->GetDist().c_str());
+      }
+   }
+
+   return true;
+}
+       								/*}}}*/
+// pkgAcqMetaIndex::Failed - no Release file present or no signature
+//      file present	                                        /*{{{*/
+// ---------------------------------------------------------------------
+/* */
+void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
+{
+   if (AuthPass == true)
+   {
+      // gpgv method failed
+      _error->Warning("GPG error: %s: %s",
+                      Desc.Description.c_str(),
+                      LookupTag(Message,"Message").c_str());
+   }
+
+   // No Release file was present, or verification failed, so fall
+   // back to queueing Packages files without verification
+   QueueIndexes(false);
+}
+
 									/*}}}*/
 
 // AcqArchive::AcqArchive - Constructor					/*{{{*/
@@ -373,7 +697,8 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *Owner,pkgSourceList *Sources,
 			     pkgRecords *Recs,pkgCache::VerIterator const &Version,
 			     string &StoreFilename) :
                Item(Owner), Version(Version), Sources(Sources), Recs(Recs), 
-               StoreFilename(StoreFilename), Vf(Version.FileList())
+               StoreFilename(StoreFilename), Vf(Version.FileList()), 
+	       Trusted(false)
 {
    Retries = _config->FindI("Acquire::Retries",0);
 
@@ -411,7 +736,25 @@ pkgAcqArchive::pkgAcqArchive(pkgAcquire *Owner,pkgSourceList *Sources,
      	              QuoteString(Version.Arch(),"_:.") + 
 	              "." + flExtension(Parse.FileName());
    }
-      
+
+   // check if we have one trusted source for the package. if so, switch
+   // to "TrustedOnly" mode
+   for (pkgCache::VerFileIterator i = Version.FileList(); i.end() == false; i++)
+   {
+      pkgIndexFile *Index;
+      if (Sources->FindIndex(i.File(),Index) == false)
+         continue;
+      if (_config->FindB("Debug::pkgAcquire::Auth", false))
+      {
+         std::cerr << "Checking index: " << Index->Describe()
+                   << "(Trusted=" << Index->IsTrusted() << ")\n";
+      }
+      if (Index->IsTrusted()) {
+         Trusted = true;
+	 break;
+      }
+   }
+
    // Select a source
    if (QueueNext() == false && _error->PendingError() == false)
       _error->Error(_("I wasn't able to locate file for the %s package. "
@@ -437,6 +780,11 @@ bool pkgAcqArchive::QueueNext()
       if (Sources->FindIndex(Vf.File(),Index) == false)
 	    continue;
       
+      // only try to get a trusted package from another source if that source
+      // is also trusted
+      if(Trusted && !Index->IsTrusted()) 
+	 continue;
+
       // Grab the text package record
       pkgRecords::Parser &Parse = Recs->Lookup(Vf);
       if (_error->PendingError() == true)
@@ -449,6 +797,11 @@ bool pkgAcqArchive::QueueNext()
 			      "field for package %s."),
 			      Version.ParentPkg().Name());
 
+      Desc.URI = Index->ArchiveURI(PkgFile);
+      Desc.Description = Index->ArchiveInfo(Version);
+      Desc.Owner = this;
+      Desc.ShortDesc = Version.ParentPkg().Name();
+
       // See if we already have the file. (Legacy filenames)
       FileSize = Version->Size;
       string FinalFile = _config->FindDir("Dir::Cache::Archives") + flNotDir(PkgFile);
@@ -609,6 +962,14 @@ void pkgAcqArchive::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
    }
 }
 									/*}}}*/
+// AcqArchive::IsTrusted - Determine whether this archive comes from a
+// trusted source							/*{{{*/
+// ---------------------------------------------------------------------
+bool pkgAcqArchive::IsTrusted()
+{
+   return Trusted;
+}
+
 // AcqArchive::Finished - Fetching has finished, tidy up		/*{{{*/
 // ---------------------------------------------------------------------
 /* */

apt-pkg/acquire-item.h

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: acquire-item.h,v 1.26 2003/02/02 03:13:13 doogie Exp $
+// $Id: acquire-item.h,v 1.26.2.3 2004/01/02 18:51:00 mdz Exp $
 /* ######################################################################
 
    Acquire Item - Item to acquire
@@ -22,7 +22,10 @@
 
 #include <apt-pkg/acquire.h>
 #include <apt-pkg/indexfile.h>
+#include <apt-pkg/vendor.h>
+#include <apt-pkg/sourcelist.h>
 #include <apt-pkg/pkgrecords.h>
+#include <apt-pkg/indexrecords.h>
 
 #ifdef __GNUG__
 #pragma interface "apt-pkg/acquire-item.h"
@@ -45,7 +48,7 @@ class pkgAcquire::Item
    public:
 
    // State of the item
-   enum {StatIdle, StatFetching, StatDone, StatError} Status;
+   enum {StatIdle, StatFetching, StatDone, StatError, StatAuthError} Status;
    string ErrorText;
    unsigned long FileSize;
    unsigned long PartialSize;   
@@ -67,11 +70,13 @@ class pkgAcquire::Item
    virtual void Start(string Message,unsigned long Size);
    virtual string Custom600Headers() {return string();};
    virtual string DescURI() = 0;
+   virtual string ShortDesc() {return DescURI();}
    virtual void Finished() {};
    
    // Inquire functions
    virtual string MD5Sum() {return string();};
    pkgAcquire *GetOwner() {return Owner;};
+   virtual bool IsTrusted() {return false;};
    
    Item(pkgAcquire *Owner);
    virtual ~Item();
@@ -86,6 +91,7 @@ class pkgAcqIndex : public pkgAcquire::Item
    bool Erase;
    pkgAcquire::ItemDesc Desc;
    string RealURI;
+   string ExpectedMD5;
    
    public:
    
@@ -97,28 +103,73 @@ class pkgAcqIndex : public pkgAcquire::Item
    virtual string DescURI() {return RealURI + ".gz";};
 
    pkgAcqIndex(pkgAcquire *Owner,string URI,string URIDesc,
-	       string ShortDesct);
+	       string ShortDesct, string ExpectedMD5, string compressExt="");
 };
 
-// Item class for index files
-class pkgAcqIndexRel : public pkgAcquire::Item
+struct IndexTarget
+{
+   string URI;
+   string Description;
+   string ShortDesc;
+   string MetaKey;
+};
+
+// Item class for index signatures
+class pkgAcqMetaSig : public pkgAcquire::Item
 {
    protected:
    
    pkgAcquire::ItemDesc Desc;
-   string RealURI;
-   
+   string RealURI,MetaIndexURI,MetaIndexURIDesc,MetaIndexShortDesc;
+   indexRecords* MetaIndexParser;
+   const vector<struct IndexTarget*>* IndexTargets;
+
    public:
    
    // Specialized action members
    virtual void Failed(string Message,pkgAcquire::MethodConfig *Cnf);
    virtual void Done(string Message,unsigned long Size,string Md5Hash,
-		     pkgAcquire::MethodConfig *Cnf);   
+		     pkgAcquire::MethodConfig *Cnf);
    virtual string Custom600Headers();
-   virtual string DescURI() {return RealURI;};
+   virtual string DescURI() {return RealURI; };
+
+   pkgAcqMetaSig(pkgAcquire *Owner,string URI,string URIDesc, string ShortDesc,
+		 string MetaIndexURI, string MetaIndexURIDesc, string MetaIndexShortDesc,
+		 const vector<struct IndexTarget*>* IndexTargets,
+		 indexRecords* MetaIndexParser);
+};
+
+// Item class for index signatures
+class pkgAcqMetaIndex : public pkgAcquire::Item
+{
+   protected:
+   
+   pkgAcquire::ItemDesc Desc;
+   string RealURI; // FIXME: is this redundant w/ Desc.URI?
+   string SigFile;
+   const vector<struct IndexTarget*>* IndexTargets;
+   indexRecords* MetaIndexParser;
+   bool AuthPass;
+
+   bool VerifyVendor();
+   void RetrievalDone(string Message);
+   void AuthDone(string Message);
+   void QueueIndexes(bool verify);
+   
+   public:
    
-   pkgAcqIndexRel(pkgAcquire *Owner,string URI,string URIDesc,
-	       string ShortDesct);
+   // Specialized action members
+   virtual void Failed(string Message,pkgAcquire::MethodConfig *Cnf);
+   virtual void Done(string Message,unsigned long Size,string Md5Hash,
+		     pkgAcquire::MethodConfig *Cnf);
+   virtual string Custom600Headers();
+   virtual string DescURI() {return RealURI; };
+
+   pkgAcqMetaIndex(pkgAcquire *Owner,
+		   string URI,string URIDesc, string ShortDesc,
+		   string SigFile,
+		   const vector<struct IndexTarget*>* IndexTargets,
+		   indexRecords* MetaIndexParser);
 };
 
 // Item class for archive files
@@ -135,6 +186,7 @@ class pkgAcqArchive : public pkgAcquire::Item
    string &StoreFilename;
    pkgCache::VerFileIterator Vf;
    unsigned int Retries;
+   bool Trusted; 
 
    // Queue the next available file for download.
    bool QueueNext();
@@ -147,7 +199,9 @@ class pkgAcqArchive : public pkgAcquire::Item
 		     pkgAcquire::MethodConfig *Cnf);
    virtual string MD5Sum() {return MD5;};
    virtual string DescURI() {return Desc.URI;};
+   virtual string ShortDesc() {return Desc.ShortDesc;};
    virtual void Finished();
+   virtual bool IsTrusted();
    
    pkgAcqArchive(pkgAcquire *Owner,pkgSourceList *Sources,
 		 pkgRecords *Recs,pkgCache::VerIterator const &Version,

apt-pkg/acquire-method.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: acquire-method.cc,v 1.27 2001/05/22 04:27:11 jgg Exp $
+// $Id: acquire-method.cc,v 1.27.2.1 2003/12/24 23:09:17 mdz Exp $
 /* ######################################################################
 
    Acquire Method
@@ -29,6 +29,7 @@
 #include <stdarg.h>
 #include <stdio.h>
 #include <unistd.h>
+#include <sys/signal.h>
 									/*}}}*/
 
 using namespace std;
@@ -181,6 +182,11 @@ void pkgAcqMethod::URIDone(FetchResult &Res, FetchResult *Alt)
       End += snprintf(End,sizeof(S)-50 - (End - S),"MD5-Hash: %s\n",Res.MD5Sum.c_str());
    if (Res.SHA1Sum.empty() == false)
       End += snprintf(End,sizeof(S)-50 - (End - S),"SHA1-Hash: %s\n",Res.SHA1Sum.c_str());
+   if (Res.GPGVOutput.size() > 0)
+      End += snprintf(End,sizeof(S)-50 - (End - S),"GPGVOutput:\n");     
+   for (vector<string>::iterator I = Res.GPGVOutput.begin();
+      I != Res.GPGVOutput.end(); I++)
+      End += snprintf(End,sizeof(S)-50 - (End - S), " %s\n", (*I).c_str());
 
    if (Res.ResumePoint != 0)
       End += snprintf(End,sizeof(S)-50 - (End - S),"Resume-Point: %lu\n",

apt-pkg/acquire-method.h

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: acquire-method.h,v 1.15 2001/03/13 06:51:46 jgg Exp $
+// $Id: acquire-method.h,v 1.15.2.1 2003/12/24 23:09:17 mdz Exp $
 /* ######################################################################
 
    Acquire Method - Method helper class + functions
@@ -39,6 +39,7 @@ class pkgAcqMethod
    {
       string MD5Sum;
       string SHA1Sum;
+      vector<string> GPGVOutput;
       time_t LastModified;
       bool IMSHit;
       string Filename;

apt-pkg/acquire.cc

@@ -481,7 +481,7 @@ double pkgAcquire::PartialPresent()
 	 Total += (*I)->PartialSize;
    return Total;
 }
-									/*}}}*/
+
 // Acquire::UriBegin - Start iterator for the uri list			/*{{{*/
 // ---------------------------------------------------------------------
 /* */

apt-pkg/acquire.h

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: acquire.h,v 1.29 2001/05/22 04:17:18 jgg Exp $
+// $Id: acquire.h,v 1.29.2.1 2003/12/24 23:09:17 mdz Exp $
 /* ######################################################################
 
    Acquire - File Acquiration
@@ -121,7 +121,7 @@ class pkgAcquire
    double TotalNeeded();
    double FetchNeeded();
    double PartialPresent();
-   
+
    pkgAcquire(pkgAcquireStatus *Log = 0);
    virtual ~pkgAcquire();
 };

apt-pkg/algorithms.cc

@@ -50,26 +50,29 @@ pkgSimulate::pkgSimulate(pkgDepCache *Cache) : pkgPackageManager(Cache),
 									/*}}}*/
 // Simulate::Describe - Describe a package				/*{{{*/
 // ---------------------------------------------------------------------
-/* Parameter Now == true gives both current and available varsion,
-   Parameter Now == false gives only the available package version */
-void pkgSimulate::Describe(PkgIterator Pkg,ostream &out,bool Now)
+/* Parameter Current == true displays the current package version,
+   Parameter Candidate == true displays the candidate package version */
+void pkgSimulate::Describe(PkgIterator Pkg,ostream &out,bool Current,bool Candidate)
 {
    VerIterator Ver(Sim);
  
    out << Pkg.Name();
 
-   if (Now == true)
+   if (Current == true)
    {
       Ver = Pkg.CurrentVer();
       if (Ver.end() == false)
          out << " [" << Ver.VerStr() << ']';
    }
 
-   Ver = Sim[Pkg].CandidateVerIter(Sim);
-   if (Ver.end() == true)
-      return;
+   if (Candidate == true)
+   {
+      Ver = Sim[Pkg].CandidateVerIter(Sim);
+      if (Ver.end() == true)
+         return;
    
-   out << " (" << Ver.VerStr() << ' ' << Ver.RelStr() << ')';
+      out << " (" << Ver.VerStr() << ' ' << Ver.RelStr() << ')';
+   }
 }
 									/*}}}*/
 // Simulate::Install - Simulate unpacking of a package			/*{{{*/
@@ -82,7 +85,7 @@ bool pkgSimulate::Install(PkgIterator iPkg,string /*File*/)
    Flags[Pkg->ID] = 1;
    
    cout << "Inst ";
-   Describe(Pkg,cout,true);
+   Describe(Pkg,cout,true,true);
    Sim.MarkInstall(Pkg,false);
    
    // Look for broken conflicts+predepends.
@@ -156,7 +159,7 @@ bool pkgSimulate::Configure(PkgIterator iPkg)
    else
    {
       cout << "Conf "; 
-      Describe(Pkg,cout,false);
+      Describe(Pkg,cout,false,true);
    }
 
    if (Sim.BrokenCount() != 0)
@@ -181,7 +184,7 @@ bool pkgSimulate::Remove(PkgIterator iPkg,bool Purge)
       cout << "Purg ";
    else
       cout << "Remv ";
-   Describe(Pkg,cout,false);
+   Describe(Pkg,cout,true,false);
 
    if (Sim.BrokenCount() != 0)
       ShortBreaks();

apt-pkg/algorithms.h

@@ -67,8 +67,10 @@ class pkgSimulate : public pkgPackageManager
    virtual bool Install(PkgIterator Pkg,string File);
    virtual bool Configure(PkgIterator Pkg);
    virtual bool Remove(PkgIterator Pkg,bool Purge);
+
+private:
    void ShortBreaks();
-   void Describe(PkgIterator iPkg,ostream &out,bool Now);
+   void Describe(PkgIterator iPkg,ostream &out,bool Current,bool Candidate);
    
    public:
 

apt-pkg/cacheiterators.h

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: cacheiterators.h,v 1.18 2003/10/09 23:15:25 mdz Exp $
+// $Id: cacheiterators.h,v 1.18.2.1 2004/05/08 22:44:27 mdz Exp $
 /* ######################################################################
    
    Cache Iterators - Iterators for navigating the cache structure
@@ -78,7 +78,6 @@ class pkgCache::PkgIterator
    inline bool Purge() const {return Pkg->CurrentState == pkgCache::State::Purge ||
 	 (Pkg->CurrentVer == 0 && Pkg->CurrentState == pkgCache::State::NotInstalled);};
    inline VerIterator VersionList() const;
-   inline VerIterator TargetVer() const;
    inline VerIterator CurrentVer() const;
    inline DepIterator RevDependsList() const;
    inline PrvIterator ProvidesList() const;

apt-pkg/contrib/fileutl.cc

@@ -306,7 +306,7 @@ bool WaitFd(int Fd,bool write,unsigned long timeout)
 /* This is used if you want to cleanse the environment for the forked 
    child, it fixes up the important signals and nukes all of the fds,
    otherwise acts like normal fork. */
-int ExecFork()
+pid_t ExecFork()
 {
    // Fork off the process
    pid_t Process = fork();
@@ -340,7 +340,7 @@ int ExecFork()
 /* Waits for the given sub process. If Reap is set then no errors are 
    generated. Otherwise a failed subprocess will generate a proper descriptive
    message */
-bool ExecWait(int Pid,const char *Name,bool Reap)
+bool ExecWait(pid_t Pid,const char *Name,bool Reap)
 {
    if (Pid <= 1)
       return true;

apt-pkg/contrib/fileutl.h

@@ -87,8 +87,8 @@ string SafeGetCWD();
 void SetCloseExec(int Fd,bool Close);
 void SetNonBlock(int Fd,bool Block);
 bool WaitFd(int Fd,bool write = false,unsigned long timeout = 0);
-int ExecFork();
-bool ExecWait(int Pid,const char *Name,bool Reap = false);
+pid_t ExecFork();
+bool ExecWait(pid_t Pid,const char *Name,bool Reap = false);
 
 // File string manipulators
 string flNotDir(string File);

apt-pkg/deb/debindexfile.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: debindexfile.cc,v 1.6 2004/01/04 07:41:30 mdz Exp $
+// $Id: debindexfile.cc,v 1.5.2.3 2004/01/04 19:11:00 mdz Exp $
 /* ######################################################################
 
    Debian Specific sources.list types and the three sorts of Debian
@@ -23,6 +23,7 @@
 #include <apt-pkg/error.h>
 #include <apt-pkg/strutl.h>
 #include <apt-pkg/acquire-item.h>
+#include <apt-pkg/debmetaindex.h>
     
 #include <sys/stat.h>
 									/*}}}*/
@@ -30,8 +31,8 @@
 // SourcesIndex::debSourcesIndex - Constructor				/*{{{*/
 // ---------------------------------------------------------------------
 /* */
-debSourcesIndex::debSourcesIndex(string URI,string Dist,string Section) :
-                                     URI(URI), Dist(Dist), Section(Section)
+debSourcesIndex::debSourcesIndex(string URI,string Dist,string Section,bool Trusted) :
+     pkgIndexFile(Trusted), URI(URI), Dist(Dist), Section(Section)
 {
 }
 									/*}}}*/
@@ -129,16 +130,6 @@ string debSourcesIndex::IndexURI(const char *Type) const
    return Res;
 }
 									/*}}}*/
-// SourcesIndex::GetIndexes - Fetch the index files			/*{{{*/
-// ---------------------------------------------------------------------
-/* */
-bool debSourcesIndex::GetIndexes(pkgAcquire *Owner) const
-{
-   new pkgAcqIndex(Owner,IndexURI("Sources"),Info("Sources"),"Sources");
-   new pkgAcqIndexRel(Owner,IndexURI("Release"),Info("Release"),"Release");
-   return true;
-}
-									/*}}}*/
 // SourcesIndex::Exists - Check if the index is available		/*{{{*/
 // ---------------------------------------------------------------------
 /* */
@@ -162,8 +153,8 @@ unsigned long debSourcesIndex::Size() const
 // PackagesIndex::debPackagesIndex - Contructor				/*{{{*/
 // ---------------------------------------------------------------------
 /* */
-debPackagesIndex::debPackagesIndex(string URI,string Dist,string Section) : 
-                  URI(URI), Dist(Dist), Section(Section)
+debPackagesIndex::debPackagesIndex(string URI,string Dist,string Section,bool Trusted) : 
+                  pkgIndexFile(Trusted), URI(URI), Dist(Dist), Section(Section)
 {
 }
 									/*}}}*/
@@ -246,16 +237,6 @@ string debPackagesIndex::IndexURI(const char *Type) const
    return Res;
 }
 									/*}}}*/
-// PackagesIndex::GetIndexes - Fetch the index files			/*{{{*/
-// ---------------------------------------------------------------------
-/* */
-bool debPackagesIndex::GetIndexes(pkgAcquire *Owner) const
-{
-   new pkgAcqIndex(Owner,IndexURI("Packages"),Info("Packages"),"Packages");
-   new pkgAcqIndexRel(Owner,IndexURI("Release"),Info("Release"),"Release");
-   return true;
-}
-									/*}}}*/
 // PackagesIndex::Exists - Check if the index is available		/*{{{*/
 // ---------------------------------------------------------------------
 /* */
@@ -303,7 +284,7 @@ bool debPackagesIndex::Merge(pkgCacheGenerator &Gen,OpProgress &Prog) const
       return _error->Error("Problem with MergeList %s",PackageFile.c_str());
 
    // Check the release file
-   string ReleaseFile = IndexFile("Release");
+   string ReleaseFile = debReleaseIndex(URI,Dist).MetaIndexFile("Release");
    if (FileExists(ReleaseFile) == true)
    {
       FileFd Rel(ReleaseFile,FileFd::ReadOnly);
@@ -342,7 +323,7 @@ pkgCache::PkgFileIterator debPackagesIndex::FindInCache(pkgCache &Cache) const
 // StatusIndex::debStatusIndex - Constructor				/*{{{*/
 // ---------------------------------------------------------------------
 /* */
-debStatusIndex::debStatusIndex(string File) : File(File)
+debStatusIndex::debStatusIndex(string File) : pkgIndexFile(true), File(File)
 {
 }
 									/*}}}*/
@@ -418,48 +399,6 @@ bool debStatusIndex::Exists() const
 }
 									/*}}}*/
 
-// Source List types for Debian						/*{{{*/
-class debSLTypeDeb : public pkgSourceList::Type
-{
-   public:
-
-   bool CreateItem(vector<pkgIndexFile *> &List,string URI,
-		   string Dist,string Section,
-		   pkgSourceList::Vendor const *Vendor) const
-   {
-      List.push_back(new debPackagesIndex(URI,Dist,Section));
-      return true;
-   };
-
-   debSLTypeDeb()
-   {
-      Name = "deb";
-      Label = "Standard Debian binary tree";
-   }   
-};
-
-class debSLTypeDebSrc : public pkgSourceList::Type
-{
-   public:
-
-   bool CreateItem(vector<pkgIndexFile *> &List,string URI,
-		   string Dist,string Section,
-		   pkgSourceList::Vendor const *Vendor) const 
-   {      
-      List.push_back(new debSourcesIndex(URI,Dist,Section));
-      return true;
-   };  
-   
-   debSLTypeDebSrc()
-   {
-      Name = "deb-src";
-      Label = "Standard Debian source tree";
-   }   
-};
-
-debSLTypeDeb _apt_DebType;
-debSLTypeDebSrc _apt_DebSrcType;
-									/*}}}*/
 // Index File types for Debian						/*{{{*/
 class debIFTypeSrc : public pkgIndexFile::Type
 {

apt-pkg/deb/debindexfile.h

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: debindexfile.h,v 1.3 2001/04/29 05:13:51 jgg Exp $
+// $Id: debindexfile.h,v 1.3.2.1 2003/12/24 23:09:17 mdz Exp $
 /* ######################################################################
 
    Debian Index Files
@@ -48,10 +48,10 @@ class debPackagesIndex : public pkgIndexFile
    string URI;
    string Dist;
    string Section;
-   
+
    string Info(const char *Type) const;
    string IndexFile(const char *Type) const;
-   string IndexURI(const char *Type) const;   
+   string IndexURI(const char *Type) const;
    
    public:
    
@@ -63,7 +63,6 @@ class debPackagesIndex : public pkgIndexFile
    
    // Interface for acquire
    virtual string Describe(bool Short) const;   
-   virtual bool GetIndexes(pkgAcquire *Owner) const;
    
    // Interface for the Cache Generator
    virtual bool Exists() const;
@@ -71,8 +70,8 @@ class debPackagesIndex : public pkgIndexFile
    virtual unsigned long Size() const;
    virtual bool Merge(pkgCacheGenerator &Gen,OpProgress &Prog) const;
    virtual pkgCache::PkgFileIterator FindInCache(pkgCache &Cache) const;
-   
-   debPackagesIndex(string URI,string Dist,string Section);
+
+   debPackagesIndex(string URI,string Dist,string Section,bool Trusted);
 };
 
 class debSourcesIndex : public pkgIndexFile
@@ -83,7 +82,7 @@ class debSourcesIndex : public pkgIndexFile
 
    string Info(const char *Type) const;
    string IndexFile(const char *Type) const;
-   string IndexURI(const char *Type) const;   
+   string IndexURI(const char *Type) const;
    
    public:
 
@@ -96,7 +95,6 @@ class debSourcesIndex : public pkgIndexFile
    
    // Interface for acquire
    virtual string Describe(bool Short) const;   
-   virtual bool GetIndexes(pkgAcquire *Owner) const;
 
    // Interface for the record parsers
    virtual pkgSrcRecords::Parser *CreateSrcParser() const;
@@ -106,7 +104,7 @@ class debSourcesIndex : public pkgIndexFile
    virtual bool HasPackages() const {return false;};
    virtual unsigned long Size() const;
    
-   debSourcesIndex(string URI,string Dist,string Section);
+   debSourcesIndex(string URI,string Dist,string Section,bool Trusted);
 };
 
 #endif

apt-pkg/deb/deblistparser.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: deblistparser.cc,v 1.29 2003/09/22 04:16:26 mdz Exp $
+// $Id: deblistparser.cc,v 1.29.2.5 2004/01/06 01:43:44 mdz Exp $
 /* ######################################################################
    
    Package Cache Generator - Generator for the cache structure.
@@ -566,14 +566,14 @@ bool debListParser::Step()
 bool debListParser::LoadReleaseInfo(pkgCache::PkgFileIterator FileI,
 				    FileFd &File)
 {
-   pkgTagFile Tags(&File);
+   pkgTagFile Tags(&File, File.Size() + 256); // XXX
    pkgTagSection Section;
    if (Tags.Step(Section) == false)
       return false;
 
    const char *Start;
    const char *Stop;
-   if (Section.Find("Archive",Start,Stop) == true)
+   if (Section.Find("Suite",Start,Stop) == true)
       FileI->Archive = WriteUniqString(Start,Stop - Start);
    if (Section.Find("Component",Start,Stop) == true)
       FileI->Component = WriteUniqString(Start,Stop - Start);

apt-pkg/deb/debmetaindex.cc

@@ -0,0 +1,269 @@
+// ijones, walters
+
+#ifdef __GNUG__
+#pragma implementation "apt-pkg/debmetaindex.h"
+#endif
+
+#include <apt-pkg/debmetaindex.h>
+#include <apt-pkg/debindexfile.h>
+#include <apt-pkg/strutl.h>
+#include <apt-pkg/acquire-item.h>
+#include <apt-pkg/configuration.h>
+#include <apt-pkg/error.h>
+
+using namespace std;
+
+string debReleaseIndex::Info(const char *Type, const string Section) const
+{
+   string Info = ::URI::SiteOnly(URI) + ' ';
+   if (Dist[Dist.size() - 1] == '/')
+   {
+      if (Dist != "/")
+         Info += Dist;
+   }
+   else
+      Info += Dist + '/' + Section;   
+   Info += " ";
+   Info += Type;
+   return Info;
+}
+
+string debReleaseIndex::MetaIndexInfo(const char *Type) const
+{
+   string Info = ::URI::SiteOnly(URI) + ' ';
+   if (Dist[Dist.size() - 1] == '/')
+   {
+      if (Dist != "/")
+	 Info += Dist;
+   }
+   else
+      Info += Dist;
+   Info += " ";
+   Info += Type;
+   return Info;
+}
+
+string debReleaseIndex::MetaIndexFile(const char *Type) const
+{
+   return _config->FindDir("Dir::State::lists") +
+      URItoFileName(MetaIndexURI(Type));
+}
+
+string debReleaseIndex::MetaIndexURI(const char *Type) const
+{
+   string Res;
+
+   if (Dist == "/")
+      Res = URI;
+   else if (Dist[Dist.size()-1] == '/')
+      Res = URI + Dist;
+   else
+      Res = URI + "dists/" + Dist + "/";
+   
+   Res += Type;
+   return Res;
+}
+
+string debReleaseIndex::IndexURISuffix(const char *Type, const string Section) const
+{
+   string Res ="";
+   if (Dist[Dist.size() - 1] != '/')
+      Res += Section + "/binary-" + _config->Find("APT::Architecture") + '/';
+   return Res + Type;
+}
+   
+
+string debReleaseIndex::IndexURI(const char *Type, const string Section) const
+{
+   if (Dist[Dist.size() - 1] == '/')
+   {
+      string Res;
+      if (Dist != "/")
+         Res = URI + Dist;
+      else 
+         Res = URI;
+      return Res + Type;
+   }
+   else
+      return URI + "dists/" + Dist + '/' + IndexURISuffix(Type, Section);
+ }
+
+string debReleaseIndex::SourceIndexURISuffix(const char *Type, const string Section) const
+{
+   string Res ="";
+   if (Dist[Dist.size() - 1] != '/')
+      Res += Section + "/source/";
+   return Res + Type;
+}
+
+string debReleaseIndex::SourceIndexURI(const char *Type, const string Section) const
+{
+   string Res;
+   if (Dist[Dist.size() - 1] == '/')
+   {
+      if (Dist != "/")
+         Res = URI + Dist;
+      else 
+         Res = URI;
+      return Res + Type;
+   }
+   else
+      return URI + "dists/" + Dist + "/" + SourceIndexURISuffix(Type, Section);
+}
+
+debReleaseIndex::debReleaseIndex(string URI,string Dist)
+{
+   this->URI = URI;
+   this->Dist = Dist;
+   this->Indexes = NULL;
+   this->Type = "deb";
+}
+
+vector <struct IndexTarget *>* debReleaseIndex::ComputeIndexTargets() const
+{
+   vector <struct IndexTarget *>* IndexTargets = new vector <IndexTarget *>;
+   for (vector <const debSectionEntry *>::const_iterator I = SectionEntries.begin();
+	I != SectionEntries.end();
+	I++)
+   {
+      IndexTarget * Target = new IndexTarget();
+      Target->ShortDesc = (*I)->IsSrc ? "Sources" : "Packages";
+      Target->MetaKey
+	= (*I)->IsSrc ? SourceIndexURISuffix(Target->ShortDesc.c_str(), (*I)->Section)
+	              : IndexURISuffix(Target->ShortDesc.c_str(), (*I)->Section);
+      Target->URI 
+	= (*I)->IsSrc ? SourceIndexURI(Target->ShortDesc.c_str(), (*I)->Section)
+	              : IndexURI(Target->ShortDesc.c_str(), (*I)->Section);
+      
+      Target->Description = Info (Target->ShortDesc.c_str(), (*I)->Section);
+      IndexTargets->push_back (Target);
+   }
+   return IndexTargets;
+}
+									/*}}}*/
+bool debReleaseIndex::GetIndexes(pkgAcquire *Owner, bool GetAll) const
+{
+   // special case for --print-uris
+   if (GetAll) {
+      vector <struct IndexTarget *> *targets = ComputeIndexTargets();
+      for (vector <struct IndexTarget*>::const_iterator Target = targets->begin(); Target != targets->end(); Target++) {
+	 new pkgAcqIndex(Owner, (*Target)->URI, (*Target)->Description,
+			 (*Target)->ShortDesc, "");
+      }
+   }
+   new pkgAcqMetaSig(Owner, MetaIndexURI("Release.gpg"),
+		     MetaIndexInfo("Release.gpg"), "Release.gpg",
+		     MetaIndexURI("Release"), MetaIndexInfo("Release"), "Release",
+		     ComputeIndexTargets(),
+		     new indexRecords (Dist));
+
+   return true;
+}
+
+bool debReleaseIndex::IsTrusted() const
+{
+   string VerifiedSigFile = _config->FindDir("Dir::State::lists") +
+      URItoFileName(MetaIndexURI("Release")) + ".gpg";
+   
+   if (FileExists(VerifiedSigFile))
+      return true;
+   return false;
+}
+
+vector <pkgIndexFile *> *debReleaseIndex::GetIndexFiles()
+{
+   if (Indexes != NULL)
+      return Indexes;
+
+   Indexes = new vector <pkgIndexFile*>;
+   for (vector<const debSectionEntry *>::const_iterator I = SectionEntries.begin(); 
+	I != SectionEntries.end(); I++)
+      if ((*I)->IsSrc)
+         Indexes->push_back(new debSourcesIndex (URI, Dist, (*I)->Section, IsTrusted()));
+      else 
+         Indexes->push_back(new debPackagesIndex (URI, Dist, (*I)->Section, IsTrusted()));
+   return Indexes;
+}
+
+void debReleaseIndex::PushSectionEntry(const debSectionEntry *Entry)
+{
+   SectionEntries.push_back(Entry);
+}
+
+debReleaseIndex::debSectionEntry::debSectionEntry (string Section, bool IsSrc): Section(Section)
+{
+   this->IsSrc = IsSrc;
+}
+
+class debSLTypeDebian : public pkgSourceList::Type
+{
+   protected:
+
+   bool CreateItemInternal(vector<metaIndex *> &List,string URI,
+			   string Dist,string Section,
+			   bool IsSrc) const
+   {
+      for (vector<metaIndex *>::const_iterator I = List.begin(); 
+	   I != List.end(); I++)
+      {
+	 // This check insures that there will be only one Release file
+	 // queued for all the Packages files and Sources files it
+	 // corresponds to.
+	 if ((*I)->GetType() == "deb")
+	 {
+	    debReleaseIndex *Deb = (debReleaseIndex *) (*I);
+	    // This check insures that there will be only one Release file
+	    // queued for all the Packages files and Sources files it
+	    // corresponds to.
+	    if (Deb->GetURI() == URI && Deb->GetDist() == Dist)
+	    {
+	       Deb->PushSectionEntry(new debReleaseIndex::debSectionEntry(Section, IsSrc));
+	       return true;
+	    }
+	 }
+      }
+      // No currently created Release file indexes this entry, so we create a new one.
+      // XXX determine whether this release is trusted or not
+      debReleaseIndex *Deb = new debReleaseIndex(URI,Dist);
+      Deb->PushSectionEntry (new debReleaseIndex::debSectionEntry(Section, IsSrc));
+      List.push_back(Deb);
+      return true;
+   }
+};
+
+class debSLTypeDeb : public debSLTypeDebian
+{
+   public:
+
+   bool CreateItem(vector<metaIndex *> &List,string URI,
+		   string Dist,string Section) const
+   {
+      return CreateItemInternal(List, URI, Dist, Section, false);
+   }
+
+   debSLTypeDeb()
+   {
+      Name = "deb";
+      Label = "Standard Debian binary tree";
+   }   
+};
+
+class debSLTypeDebSrc : public debSLTypeDebian
+{
+   public:
+
+   bool CreateItem(vector<metaIndex *> &List,string URI,
+		   string Dist,string Section) const 
+   {
+      return CreateItemInternal(List, URI, Dist, Section, true);
+   }
+   
+   debSLTypeDebSrc()
+   {
+      Name = "deb-src";
+      Label = "Standard Debian source tree";
+   }   
+};
+
+debSLTypeDeb _apt_DebType;
+debSLTypeDebSrc _apt_DebSrcType;

apt-pkg/deb/debmetaindex.h

@@ -0,0 +1,48 @@
+// ijones, walters
+#ifndef PKGLIB_DEBMETAINDEX_H
+#define PKGLIB_DEBMETAINDEX_H
+
+#ifdef __GNUG__
+#pragma interface "apt-pkg/debmetaindex.h"
+#endif
+
+#include <apt-pkg/metaindex.h>
+#include <apt-pkg/sourcelist.h>
+
+class debReleaseIndex : public metaIndex {
+   public:
+
+   class debSectionEntry
+   {
+      public:
+      debSectionEntry (string Section, bool IsSrc);
+      bool IsSrc;
+      string Section;
+   };
+
+   private:
+   vector <const debSectionEntry *> SectionEntries;
+
+   public:
+
+   debReleaseIndex(string URI, string Dist);
+
+   virtual string ArchiveURI(string File) const {return URI + File;};
+   virtual bool GetIndexes(pkgAcquire *Owner, bool GetAll=false) const;
+   vector <struct IndexTarget *>* ComputeIndexTargets() const;
+   string Info(const char *Type, const string Section) const;
+   string MetaIndexInfo(const char *Type) const;
+   string MetaIndexFile(const char *Types) const;
+   string MetaIndexURI(const char *Type) const;
+   string IndexURI(const char *Type, const string Section) const;
+   string IndexURISuffix(const char *Type, const string Section) const;
+   string SourceIndexURI(const char *Type, const string Section) const;
+   string SourceIndexURISuffix(const char *Type, const string Section) const;
+   virtual vector <pkgIndexFile *> *GetIndexFiles();
+
+   virtual bool IsTrusted() const;
+
+   void PushSectionEntry(const debSectionEntry *Entry);
+};
+
+#endif

apt-pkg/indexfile.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: indexfile.cc,v 1.2 2001/02/20 07:03:17 jgg Exp $
+// $Id: indexfile.cc,v 1.2.2.1 2003/12/24 23:09:17 mdz Exp $
 /* ######################################################################
 
    Index File - Abstraction for an index of archive/souce file.
@@ -42,14 +42,6 @@ pkgIndexFile::Type *pkgIndexFile::Type::GetType(const char *Type)
 }
 									/*}}}*/
     
-// IndexFile::GetIndexes - Stub						/*{{{*/
-// ---------------------------------------------------------------------
-/* */
-bool pkgIndexFile::GetIndexes(pkgAcquire *Owner) const
-{
-   return _error->Error("Internal Error, this index file is not downloadable");
-}
-									/*}}}*/
 // IndexFile::ArchiveInfo - Stub					/*{{{*/
 // ---------------------------------------------------------------------
 /* */

apt-pkg/indexfile.h

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: indexfile.h,v 1.6 2002/07/08 03:13:30 jgg Exp $
+// $Id: indexfile.h,v 1.6.2.1 2003/12/24 23:09:17 mdz Exp $
 /* ######################################################################
 
    Index File - Abstraction for an index of archive/source file.
@@ -37,6 +37,9 @@ class pkgCacheGenerator;
 class OpProgress;
 class pkgIndexFile
 {
+   protected:
+   bool Trusted;
+     
    public:
 
    class Type
@@ -64,7 +67,6 @@ class pkgIndexFile
 
    // Interface for acquire
    virtual string ArchiveURI(string /*File*/) const {return string();};
-   virtual bool GetIndexes(pkgAcquire *Owner) const;
 
    // Interface for the record parsers
    virtual pkgSrcRecords::Parser *CreateSrcParser() const {return 0;};
@@ -76,7 +78,10 @@ class pkgIndexFile
    virtual bool Merge(pkgCacheGenerator &/*Gen*/,OpProgress &/*Prog*/) const {return false;};
    virtual bool MergeFileProvides(pkgCacheGenerator &/*Gen*/,OpProgress &/*Prog*/) const {return true;};
    virtual pkgCache::PkgFileIterator FindInCache(pkgCache &Cache) const;
+
+   bool IsTrusted() const { return Trusted; };
    
+   pkgIndexFile(bool Trusted): Trusted(Trusted) {};
    virtual ~pkgIndexFile() {};
 };
 

apt-pkg/indexrecords.cc

@@ -0,0 +1,151 @@
+// -*- mode: cpp; mode: fold -*-
+// Description								/*{{{*/
+// $Id: indexrecords.cc,v 1.1.2.4 2003/12/30 02:11:43 mdz Exp $
+									/*}}}*/
+// Include Files							/*{{{*/
+#ifdef __GNUG__
+#pragma implementation "apt-pkg/indexrecords.h"
+#endif
+#include <apt-pkg/indexrecords.h>
+#include <apt-pkg/tagfile.h>
+#include <apt-pkg/error.h>
+#include <apt-pkg/strutl.h>
+#include <apti18n.h>
+#include <sys/stat.h>
+
+string indexRecords::GetDist() const
+{
+   return this->Dist;
+}
+
+bool indexRecords::CheckDist(const string MaybeDist) const
+{
+   return (this->Dist == MaybeDist
+	   || this->Suite == MaybeDist);
+}
+
+string indexRecords::GetExpectedDist() const
+{
+   return this->ExpectedDist;
+}
+
+const indexRecords::checkSum *indexRecords::Lookup(const string MetaKey)
+{
+   return Entries[MetaKey];
+}
+
+bool indexRecords::Load(const string Filename)
+{
+   FileFd Fd(Filename, FileFd::ReadOnly);
+   pkgTagFile TagFile(&Fd, Fd.Size() + 256); // XXX
+   if (_error->PendingError() == true)
+   {
+      ErrorText = _(("Unable to parse Release file " + Filename).c_str());
+      return false;
+   }
+
+   pkgTagSection Section;
+   if (TagFile.Step(Section) == false)
+   {
+      ErrorText = _(("No sections in Release file " + Filename).c_str());
+      return false;
+   }
+
+   const char *Start, *End;
+   Section.Get (Start, End, 0);
+   Suite = Section.FindS("Suite");
+   Dist = Section.FindS("Codename");
+//    if (Dist.empty())
+//    {
+//       ErrorText = _(("No Codename entry in Release file " + Filename).c_str());
+//       return false;
+//    }
+   if (!Section.Find("MD5Sum", Start, End))
+   {
+      ErrorText = _(("No MD5Sum entry in Release file " + Filename).c_str());
+      return false;
+   }
+   string Name;
+   string MD5Hash;
+   size_t Size;
+   while (Start < End)
+   {
+      if (!parseSumData(Start, End, Name, MD5Hash, Size))
+	 return false;
+      indexRecords::checkSum *Sum = new indexRecords::checkSum;
+      Sum->MetaKeyFilename = Name;
+      Sum->MD5Hash = MD5Hash;
+      Sum->Size = Size;
+      Entries[Name] = Sum;
+   }
+   
+   string Strdate = Section.FindS("Date"); // FIXME: verify this somehow?
+   return true;
+}
+
+bool indexRecords::parseSumData(const char *&Start, const char *End,
+				   string &Name, string &Hash, size_t &Size)
+{
+   Name = "";
+   Hash = "";
+   Size = 0;
+   /* Skip over the first blank */
+   while ((*Start == '\t' || *Start == ' ' || *Start == '\n')
+	  && Start < End)
+      Start++;
+   if (Start >= End)
+      return false;
+
+   /* Move EntryEnd to the end of the first entry (the hash) */
+   const char *EntryEnd = Start;
+   while ((*EntryEnd != '\t' && *EntryEnd != ' ')
+	  && EntryEnd < End)
+      EntryEnd++;
+   if (EntryEnd == End)
+      return false;
+
+   Hash.append(Start, EntryEnd-Start);
+
+   /* Skip over intermediate blanks */
+   Start = EntryEnd;
+   while (*Start == '\t' || *Start == ' ')
+      Start++;
+   if (Start >= End)
+      return false;
+   
+   EntryEnd = Start;
+   /* Find the end of the second entry (the size) */
+   while ((*EntryEnd != '\t' && *EntryEnd != ' ' )
+	  && EntryEnd < End)
+      EntryEnd++;
+   if (EntryEnd == End)
+      return false;
+   
+   Size = strtol (Start, NULL, 10);
+      
+   /* Skip over intermediate blanks */
+   Start = EntryEnd;
+   while (*Start == '\t' || *Start == ' ')
+      Start++;
+   if (Start >= End)
+      return false;
+   
+   EntryEnd = Start;
+   /* Find the end of the third entry (the filename) */
+   while ((*EntryEnd != '\t' && *EntryEnd != ' ' && *EntryEnd != '\n')
+	  && EntryEnd < End)
+      EntryEnd++;
+
+   Name.append(Start, EntryEnd-Start);
+   Start = EntryEnd; //prepare for the next round
+   return true;
+}
+
+indexRecords::indexRecords()
+{
+}
+
+indexRecords::indexRecords(const string ExpectedDist) :
+   ExpectedDist(ExpectedDist)
+{
+}

apt-pkg/indexrecords.h

@@ -0,0 +1,52 @@
+// -*- mode: cpp; mode: fold -*-
+// Description								/*{{{*/
+// $Id: indexrecords.h,v 1.1.2.1 2003/12/24 23:09:17 mdz Exp $
+									/*}}}*/
+#ifndef PKGLIB_INDEXRECORDS_H
+#define PKGLIB_INDEXRECORDS_H
+
+#ifdef __GNUG__
+#pragma interface "apt-pkg/indexrecords.h"
+#endif 
+#include <apt-pkg/pkgcache.h>
+#include <apt-pkg/fileutl.h>
+
+#include <map>
+
+class indexRecords
+{
+   bool parseSumData(const char *&Start, const char *End, string &Name,
+		     string &Hash, size_t &Size);
+   public:
+   struct checkSum;
+   string ErrorText;
+   
+   protected:
+   string Dist;
+   string Suite;
+   string ExpectedDist;
+   std::map<string,checkSum *> Entries;
+
+   public:
+
+   indexRecords();
+   indexRecords(const string ExpectedDist);
+
+   // Lookup function
+   virtual const checkSum *Lookup(const string MetaKey);
+   
+   virtual bool Load(string Filename);
+   string GetDist() const;
+   virtual bool CheckDist(const string MaybeDist) const;
+   string GetExpectedDist() const;
+   virtual ~indexRecords(){};
+};
+
+struct indexRecords::checkSum
+{
+   string MetaKeyFilename;
+   string MD5Hash;
+   size_t Size;      
+};
+
+#endif

apt-pkg/init.h

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: init.h,v 1.9 2001/11/04 17:09:18 tausq Exp $
+// $Id: init.h,v 1.9.2.2 2004/01/02 18:51:00 mdz Exp $
 /* ######################################################################
 
    Init - Initialize the package library
@@ -18,7 +18,7 @@
 
 // See the makefile
 #define APT_PKG_MAJOR 3
-#define APT_PKG_MINOR 3
+#define APT_PKG_MINOR 5
 #define APT_PKG_RELEASE 0
     
 extern const char *pkgVersion;

apt-pkg/makefile

@@ -13,7 +13,7 @@ include ../buildlib/defaults.mak
 # methods/makefile - FIXME
 LIBRARY=apt-pkg
 LIBEXT=$(GLIBC_VER)$(LIBSTDCPP_VER)
-MAJOR=3.3
+MAJOR=3.7
 MINOR=0
 SLIBS=$(PTHREADLIB) $(INTLLIBS)
 APT_DOMAIN:=libapt-pkg$(MAJOR)
@@ -33,21 +33,23 @@ SOURCE+= pkgcache.cc version.cc depcache.cc \
 	 pkgrecords.cc algorithms.cc acquire.cc\
 	 acquire-worker.cc acquire-method.cc init.cc clean.cc \
 	 srcrecords.cc cachefile.cc versionmatch.cc policy.cc \
-	 pkgsystem.cc indexfile.cc pkgcachegen.cc acquire-item.cc
+	 pkgsystem.cc indexfile.cc pkgcachegen.cc acquire-item.cc \
+	 indexrecords.cc vendor.cc vendorlist.cc
 HEADERS+= algorithms.h depcache.h pkgcachegen.h cacheiterators.h \
 	  orderlist.h sourcelist.h packagemanager.h tagfile.h \
 	  init.h pkgcache.h version.h progress.h pkgrecords.h \
 	  acquire.h acquire-worker.h acquire-item.h acquire-method.h \
 	  clean.h srcrecords.h cachefile.h versionmatch.h policy.h \
-	  pkgsystem.h indexfile.h
+	  pkgsystem.h indexfile.h metaindex.h indexrecords.h vendor.h \
+          vendorlist.h
 
 # Source code for the debian specific components
 # In theory the deb headers do not need to be exported..
 SOURCE+= deb/deblistparser.cc deb/debrecords.cc deb/dpkgpm.cc \
          deb/debsrcrecords.cc deb/debversion.cc deb/debsystem.cc \
-	 deb/debindexfile.cc deb/debindexfile.cc
+	 deb/debindexfile.cc deb/debindexfile.cc deb/debmetaindex.cc
 HEADERS+= debversion.h debsrcrecords.h dpkgpm.h debrecords.h \
-	  deblistparser.h debsystem.h debindexfile.h
+	  deblistparser.h debsystem.h debindexfile.h debmetaindex.h
 
 HEADERS := $(addprefix apt-pkg/,$(HEADERS))
 

apt-pkg/metaindex.h

@@ -0,0 +1,48 @@
+#ifndef PKGLIB_METAINDEX_H
+#define PKGLIB_METAINDEX_H
+
+/* #ifdef __GNUG__ */
+/* #pragma interface "apt-pkg/metaindex.h" */
+/* #endif */
+
+#include <string>
+#include <apt-pkg/pkgcache.h>
+#include <apt-pkg/srcrecords.h>
+#include <apt-pkg/pkgrecords.h>
+#include <apt-pkg/indexfile.h>
+#include <apt-pkg/vendor.h>
+    
+using std::string;
+
+class pkgAcquire;
+class pkgCacheGenerator;
+class OpProgress;
+
+class metaIndex
+{
+   protected:
+   vector <pkgIndexFile *> *Indexes;
+   const char *Type;
+   string URI;
+   string Dist;
+   bool Trusted;
+
+   public:
+
+   
+   // Various accessors
+   virtual string GetURI() const {return URI;}
+   virtual string GetDist() const {return Dist;}
+   virtual const char* GetType() const {return Type;}
+
+   // Interface for acquire
+   virtual string ArchiveURI(string /*File*/) const = 0;
+   virtual bool GetIndexes(pkgAcquire *Owner, bool GetAll=false) const = 0;
+   
+   virtual vector<pkgIndexFile *> *GetIndexFiles() = 0; 
+   virtual bool IsTrusted() const = 0;
+
+   virtual ~metaIndex() {};
+};
+
+#endif

apt-pkg/pkgcachegen.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: pkgcachegen.cc,v 1.53 2003/02/02 02:44:20 doogie Exp $
+// $Id: pkgcachegen.cc,v 1.53.2.1 2003/12/24 23:09:17 mdz Exp $
 /* ######################################################################
    
    Package Cache Generator - Generator for the cache structure.
@@ -678,7 +678,18 @@ bool pkgMakeStatusCache(pkgSourceList &List,OpProgress &Progress,
 {
    unsigned long MapSize = _config->FindI("APT::Cache-Limit",12*1024*1024);
    
-   vector<pkgIndexFile *> Files(List.begin(),List.end());
+   vector<pkgIndexFile *> Files;
+   for (vector<metaIndex *>::const_iterator i = List.begin();
+        i != List.end();
+        i++)
+   {
+      vector <pkgIndexFile *> *Indexes = (*i)->GetIndexFiles();
+      for (vector<pkgIndexFile *>::const_iterator j = Indexes->begin();
+	   j != Indexes->end();
+	   j++)
+         Files.push_back (*j);
+   }
+   
    unsigned long EndOfSource = Files.size();
    if (_system->AddStatusFiles(Files) == false)
       return false;

apt-pkg/sourcelist.cc

@@ -15,8 +15,8 @@
 #include <apt-pkg/sourcelist.h>
 #include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
-#include <apt-pkg/configuration.h>
 #include <apt-pkg/strutl.h>
+#include <apt-pkg/configuration.h>
 
 #include <apti18n.h>
 
@@ -74,8 +74,7 @@ bool pkgSourceList::Type::FixupURI(string &URI) const
 // ---------------------------------------------------------------------
 /* This is a generic one that is the 'usual' format for sources.list
    Weird types may override this. */
-bool pkgSourceList::Type::ParseLine(vector<pkgIndexFile *> &List,
-				    Vendor const *Vendor,
+bool pkgSourceList::Type::ParseLine(vector<metaIndex *> &List,
 				    const char *Buffer,
 				    unsigned long CurLine,
 				    string File) const
@@ -98,7 +97,7 @@ bool pkgSourceList::Type::ParseLine(vector<pkgIndexFile *> &List,
       if (ParseQuoteWord(Buffer,Section) == true)
 	 return _error->Error(_("Malformed line %lu in source list %s (Absolute dist)"),CurLine,File.c_str());
       Dist = SubstVar(Dist,"$(ARCH)",_config->Find("APT::Architecture"));
-      return CreateItem(List,URI,Dist,Section,Vendor);
+      return CreateItem(List,URI,Dist,Section);
    }
    
    // Grab the rest of the dists
@@ -107,7 +106,7 @@ bool pkgSourceList::Type::ParseLine(vector<pkgIndexFile *> &List,
    
    do
    {
-      if (CreateItem(List,URI,Dist,Section,Vendor) == false)
+      if (CreateItem(List,URI,Dist,Section) == false)
 	 return false;
    }
    while (ParseQuoteWord(Buffer,Section) == true);
@@ -135,93 +134,15 @@ pkgSourceList::~pkgSourceList()
 {
    for (const_iterator I = SrcList.begin(); I != SrcList.end(); I++)
       delete *I;
-   for (vector<Vendor const *>::const_iterator I = VendorList.begin(); 
-	I != VendorList.end(); I++)
-      delete *I;
 }
 									/*}}}*/
-// SourceList::ReadVendors - Read list of known package vendors		/*{{{*/
-// ---------------------------------------------------------------------
-/* This also scans a directory of vendor files similar to apt.conf.d 
-   which can contain the usual suspects of distribution provided data.
-   The APT config mechanism allows the user to override these in their
-   configuration file. */
-bool pkgSourceList::ReadVendors()
-{
-   Configuration Cnf;
-
-   string CnfFile = _config->FindDir("Dir::Etc::vendorparts");
-   if (FileExists(CnfFile) == true)
-      if (ReadConfigDir(Cnf,CnfFile,true) == false)
-	 return false;
-   CnfFile = _config->FindFile("Dir::Etc::vendorlist");
-   if (FileExists(CnfFile) == true)
-      if (ReadConfigFile(Cnf,CnfFile,true) == false)
-	 return false;
-
-   for (vector<Vendor const *>::const_iterator I = VendorList.begin(); 
-	I != VendorList.end(); I++)
-      delete *I;
-   VendorList.erase(VendorList.begin(),VendorList.end());
-   
-   // Process 'simple-key' type sections
-   const Configuration::Item *Top = Cnf.Tree("simple-key");
-   for (Top = (Top == 0?0:Top->Child); Top != 0; Top = Top->Next)
-   {
-      Configuration Block(Top);
-      Vendor *Vendor;
-      
-      Vendor = new pkgSourceList::Vendor;
-      
-      Vendor->VendorID = Top->Tag;
-      Vendor->FingerPrint = Block.Find("Fingerprint");
-      Vendor->Description = Block.Find("Name");
-      
-      if (Vendor->FingerPrint.empty() == true || 
-	  Vendor->Description.empty() == true)
-      {
-         _error->Error(_("Vendor block %s is invalid"), Vendor->VendorID.c_str());
-	 delete Vendor;
-	 continue;
-      }
-      
-      VendorList.push_back(Vendor);
-   }
-
-   /* XXX Process 'group-key' type sections
-      This is currently faked out so that the vendors file format is
-      parsed but nothing is done with it except check for validity */
-   Top = Cnf.Tree("group-key");
-   for (Top = (Top == 0?0:Top->Child); Top != 0; Top = Top->Next)
-   {
-      Configuration Block(Top);
-      Vendor *Vendor;
-      
-      Vendor = new pkgSourceList::Vendor;
-      
-      Vendor->VendorID = Top->Tag;
-      Vendor->Description = Block.Find("Name");
-
-      if (Vendor->Description.empty() == true)
-      {
-         _error->Error(_("Vendor block %s is invalid"), 
-		       Vendor->VendorID.c_str());
-	 delete Vendor;
-	 continue;
-      }
-      
-      VendorList.push_back(Vendor);
-   }
-   
-   return !_error->PendingError();
-}
 									/*}}}*/
 // SourceList::ReadMainList - Read the main source list from etc	/*{{{*/
 // ---------------------------------------------------------------------
 /* */
 bool pkgSourceList::ReadMainList()
 {
-   return ReadVendors() && Read(_config->FindFile("Dir::Etc::sourcelist"));
+   return Read(_config->FindFile("Dir::Etc::sourcelist"));
 }
 									/*}}}*/
 // SourceList::Read - Parse the sourcelist file				/*{{{*/
@@ -269,8 +190,7 @@ bool pkgSourceList::Read(string File)
       if (Parse == 0)
 	 return _error->Error(_("Type '%s' is not known on line %u in source list %s"),LineType.c_str(),CurLine,File.c_str());
       
-      // Authenticated repository
-      Vendor const *Vndr = 0;
+      // Vendor name specified
       if (C[0] == '[')
       {
 	 string VendorID;
@@ -282,22 +202,24 @@ bool pkgSourceList::Read(string File)
 	     return _error->Error(_("Malformed line %u in source list %s (vendor id)"),CurLine,File.c_str());
 	 VendorID = string(VendorID,1,VendorID.size()-2);
 	 
-	 for (vector<Vendor const *>::const_iterator iter = VendorList.begin();
-	      iter != VendorList.end(); iter++) 
-	 {
-	    if ((*iter)->VendorID == VendorID)
-	    {
-	       Vndr = *iter;
-	       break;
-	    }
-	 }
+// 	 for (vector<const Vendor *>::const_iterator iter = VendorList.begin();
+// 	      iter != VendorList.end(); iter++) 
+// 	 {
+// 	    if ((*iter)->GetVendorID() == VendorID)
+// 	    {
+// 	      if (_config->FindB("Debug::sourceList", false)) 
+// 		std::cerr << "Comparing VendorID \"" << VendorID << "\" with \"" << (*iter)->GetVendorID() << '"' << std::endl;
+// 	       Verifier = *iter;
+// 	       break;
+// 	    }
+// 	 }
 
-	 if (Vndr == 0)
-	    return _error->Error(_("Unknown vendor ID '%s' in line %u of source list %s"),
-				 VendorID.c_str(),CurLine,File.c_str());
+// 	 if (Verifier == 0)
+// 	    return _error->Error(_("Unknown vendor ID '%s' in line %u of source list %s"),
+// 				 VendorID.c_str(),CurLine,File.c_str());
       }
-      
-      if (Parse->ParseLine(SrcList,Vndr,C,CurLine,File) == false)
+
+      if (Parse->ParseLine(SrcList,C,CurLine,File) == false)
 	 return false;
    }
    return true;
@@ -311,23 +233,28 @@ bool pkgSourceList::FindIndex(pkgCache::PkgFileIterator File,
 {
    for (const_iterator I = SrcList.begin(); I != SrcList.end(); I++)
    {
-      if ((*I)->FindInCache(*File.Cache()) == File)
+      vector<pkgIndexFile *> *Indexes = (*I)->GetIndexFiles();
+      for (vector<pkgIndexFile *>::const_iterator J = Indexes->begin();
+	   J != Indexes->end(); J++)
       {
-	 Found = *I;
-	 return true;
+         if ((*J)->FindInCache(*File.Cache()) == File)
+         {
+            Found = (*J);
+            return true;
+         }
       }
    }
-   
+
    return false;
 }
 									/*}}}*/
 // SourceList::GetIndexes - Load the index files into the downloader	/*{{{*/
 // ---------------------------------------------------------------------
 /* */
-bool pkgSourceList::GetIndexes(pkgAcquire *Owner) const
+bool pkgSourceList::GetIndexes(pkgAcquire *Owner, bool GetAll) const
 {
    for (const_iterator I = SrcList.begin(); I != SrcList.end(); I++)
-      if ((*I)->GetIndexes(Owner) == false)
+      if ((*I)->GetIndexes(Owner,GetAll) == false)
 	 return false;
    return true;
 }

apt-pkg/sourcelist.h

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: sourcelist.h,v 1.12 2002/07/01 21:41:11 jgg Exp $
+// $Id: sourcelist.h,v 1.12.2.1 2003/12/24 23:09:17 mdz Exp $
 /* ######################################################################
 
    SourceList - Manage a list of sources
@@ -20,7 +20,7 @@
    
    The vendor machanism is similar, except the vendor types are hard 
    wired. Before loading the source list the vendor list is loaded.
-   This doesn't load key data, just the checks to preform.
+   This doesn't load key data, just the checks to perform.
    
    ##################################################################### */
 									/*}}}*/
@@ -30,7 +30,7 @@
 #include <string>
 #include <vector>
 #include <apt-pkg/pkgcache.h>
-#include <apt-pkg/indexfile.h>
+#include <apt-pkg/metaindex.h>
 
 using std::string;
 using std::vector;
@@ -44,18 +44,6 @@ class pkgSourceList
 {
    public:
    
-   // An available vendor
-   struct Vendor
-   {
-      string VendorID;
-      string FingerPrint;
-      string Description;
-
-      /* Lets revisit these..
-      bool MatchFingerPrint(string FingerPrint);
-      string FingerPrintDescr();*/
-   };
-   
    // List of supported source list types
    class Type
    {
@@ -70,30 +58,25 @@ class pkgSourceList
       const char *Label;
 
       bool FixupURI(string &URI) const;
-      virtual bool ParseLine(vector<pkgIndexFile *> &List,
-			     Vendor const *Vendor,
+      virtual bool ParseLine(vector<metaIndex *> &List,
 			     const char *Buffer,
 			     unsigned long CurLine,string File) const;
-      virtual bool CreateItem(vector<pkgIndexFile *> &List,string URI,
-			      string Dist,string Section,
-			      Vendor const *Vendor) const = 0;
-
+      virtual bool CreateItem(vector<metaIndex *> &List,string URI,
+			      string Dist,string Section) const = 0;
       Type();
       virtual ~Type() {};
    };
    
-   typedef vector<pkgIndexFile *>::const_iterator const_iterator;
+   typedef vector<metaIndex *>::const_iterator const_iterator;
    
    protected:
 
-   vector<pkgIndexFile *> SrcList;
-   vector<Vendor const *> VendorList;
+   vector<metaIndex *> SrcList;
    
    public:
 
    bool ReadMainList();
    bool Read(string File);
-   bool ReadVendors();
    
    // List accessors
    inline const_iterator begin() const {return SrcList.begin();};
@@ -103,7 +86,7 @@ class pkgSourceList
 
    bool FindIndex(pkgCache::PkgFileIterator File,
 		  pkgIndexFile *&Found) const;
-   bool GetIndexes(pkgAcquire *Owner) const;
+   bool GetIndexes(pkgAcquire *Owner, bool GetAll=false) const;
    
    pkgSourceList();
    pkgSourceList(string File);

apt-pkg/srcrecords.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: srcrecords.cc,v 1.7 2002/11/09 20:38:02 doogie Exp $
+// $Id: srcrecords.cc,v 1.7.2.2 2003/12/26 16:27:34 mdz Exp $
 /* ######################################################################
    
    Source Package Records - Allows access to source package records
@@ -28,23 +28,22 @@
 /* Open all the source index files */
 pkgSrcRecords::pkgSrcRecords(pkgSourceList &List) : Files(0), Current(0)
 {
-   Files = new Parser *[List.end() - List.begin() + 1];
-   memset(Files,0,sizeof(*Files)*(List.end() - List.begin() + 1));
-   
-   unsigned int Count = 0;
-   pkgSourceList::const_iterator I = List.begin();
-   for (; I != List.end(); I++)
+   for (pkgSourceList::const_iterator I = List.begin(); I != List.end(); I++)
    {
-      Files[Count] = (*I)->CreateSrcParser();
-      if (_error->PendingError() == true)
-	 return;
-      if (Files[Count] != 0)
-	 Count++;
+      vector<pkgIndexFile *> *Indexes = (*I)->GetIndexFiles();
+      for (vector<pkgIndexFile *>::const_iterator J = Indexes->begin();
+	   J != Indexes->end(); J++)
+      {
+         Parser* P = (*J)->CreateSrcParser();
+	 if (_error->PendingError() == true)
+            return;
+         if (P != 0)
+            Files.push_back(P);
+      }
    }
-   Files[Count] = 0;
    
    // Doesn't work without any source index files
-   if (Count == 0)
+   if (Files.size() == 0)
    {
       _error->Error(_("You must put some 'source' URIs"
 		    " in your sources.list"));
@@ -59,13 +58,9 @@ pkgSrcRecords::pkgSrcRecords(pkgSourceList &List) : Files(0), Current(0)
 /* */
 pkgSrcRecords::~pkgSrcRecords()
 {
-   if (Files == 0)
-      return;
-
    // Blow away all the parser objects
-   for (unsigned int Count = 0; Files[Count] != 0; Count++)
-      delete Files[Count];
-   delete [] Files;
+   for(vector<Parser*>::iterator I = Files.begin(); I != Files.end(); ++I)
+      delete *I;
 }
 									/*}}}*/
 // SrcRecords::Restart - Restart the search				/*{{{*/
@@ -73,8 +68,9 @@ pkgSrcRecords::~pkgSrcRecords()
 /* Return all of the parsers to their starting position */
 bool pkgSrcRecords::Restart()
 {
-   Current = Files;
-   for (Parser **I = Files; *I != 0; I++)
+   Current = Files.begin();
+   for (vector<Parser*>::iterator I = Files.begin();
+        I != Files.end(); I++)
       (*I)->Restart();
    
    return true;
@@ -87,7 +83,7 @@ bool pkgSrcRecords::Restart()
    function to be called multiple times to get successive entries */
 pkgSrcRecords::Parser *pkgSrcRecords::Find(const char *Package,bool SrcOnly)
 {
-   if (*Current == 0)
+   if (Current == Files.end())
       return 0;
    
    while (true)
@@ -98,7 +94,7 @@ pkgSrcRecords::Parser *pkgSrcRecords::Find(const char *Package,bool SrcOnly)
 	 if (_error->PendingError() == true)
 	    return 0;
 	 Current++;
-	 if (*Current == 0)
+	 if (Current == Files.end())
 	    return 0;
       }
       

apt-pkg/srcrecords.h

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: srcrecords.h,v 1.8 2001/11/04 17:09:18 tausq Exp $
+// $Id: srcrecords.h,v 1.8.2.1 2003/12/26 16:27:34 mdz Exp $
 /* ######################################################################
    
    Source Package Records - Allows access to source package records
@@ -84,8 +84,8 @@ class pkgSrcRecords
    private:
    
    // The list of files and the current parser pointer
-   Parser **Files;
-   Parser **Current;
+   vector<Parser*> Files;
+   vector<Parser *>::iterator Current;
    
    public:
 

apt-pkg/tagfile.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: tagfile.cc,v 1.37 2003/05/19 17:13:57 doogie Exp $
+// $Id: tagfile.cc,v 1.37.2.2 2003/12/31 16:02:30 mdz Exp $
 /* ######################################################################
 
    Fast scanner for RFC-822 type header information
@@ -31,7 +31,9 @@ using std::string;
 // TagFile::pkgTagFile - Constructor					/*{{{*/
 // ---------------------------------------------------------------------
 /* */
-pkgTagFile::pkgTagFile(FileFd *pFd,unsigned long Size) : Fd(*pFd), Size(Size)
+pkgTagFile::pkgTagFile(FileFd *pFd,unsigned long Size) :
+     Fd(*pFd),
+     Size(Size)
 {
    if (Fd.IsOpen() == false)
    {

apt-pkg/vendor.cc

@@ -0,0 +1,39 @@
+#ifdef __GNUG__
+#pragma implementation "apt-pkg/vendor.h"
+#endif
+
+#include <iostream>
+#include <apt-pkg/error.h>
+#include <apt-pkg/vendor.h>
+#include <apt-pkg/configuration.h>
+
+Vendor::Vendor(std::string VendorID,
+               std::string Origin,
+	       std::vector<struct Vendor::Fingerprint *> *FingerprintList)
+{
+   this->VendorID = VendorID;
+   this->Origin = Origin;
+   for (std::vector<struct Vendor::Fingerprint *>::iterator I = FingerprintList->begin();
+	I != FingerprintList->end(); I++)
+   {
+      if (_config->FindB("Debug::Vendor", false))
+         std::cerr << "Vendor \"" << VendorID << "\": Mapping \""
+		   << (*I)->Print << "\" to \"" << (*I)->Description << '"' << std::endl;
+      Fingerprints[(*I)->Print] = (*I)->Description;
+   }
+   delete FingerprintList;
+}
+
+const string Vendor::LookupFingerprint(string Print) const
+{
+   std::map<string,string>::const_iterator Elt = Fingerprints.find(Print);
+   if (Elt == Fingerprints.end())
+      return "";
+   else
+      return (*Elt).second;
+}
+
+bool Vendor::CheckDist(string Dist)
+{
+   return true;
+}

apt-pkg/vendor.h

@@ -0,0 +1,37 @@
+#ifndef PKGLIB_VENDOR_H
+#define PKGLIB_VENDOR_H
+#include <string>
+#include <vector>
+#include <map>
+
+#ifdef __GNUG__
+#pragma interface "apt-pkg/vendor.h"
+#endif
+
+using std::string;
+
+// A class representing a particular software provider. 
+class Vendor
+{
+   public:
+   struct Fingerprint
+   {
+      string Print;
+      string Description;
+   };
+
+   protected:
+   string VendorID;
+   string Origin;
+   std::map<string, string> Fingerprints;
+
+   public:
+   Vendor(string VendorID, string Origin,
+          std::vector<struct Fingerprint *> *FingerprintList);
+   virtual const string& GetVendorID() const { return VendorID; };
+   virtual const string LookupFingerprint(string Print) const;
+   virtual bool CheckDist(string Dist);
+   virtual ~Vendor(){};
+};
+
+#endif

apt-pkg/vendorlist.cc

@@ -0,0 +1,144 @@
+#include <apt-pkg/vendorlist.h>
+#include <apt-pkg/fileutl.h>
+#include <apt-pkg/error.h>
+#include <apti18n.h>
+
+pkgVendorList::~pkgVendorList()
+{
+   for (vector<const Vendor *>::const_iterator I = VendorList.begin(); 
+        I != VendorList.end(); I++)
+      delete *I;
+}
+
+// pkgVendorList::ReadMainList - Read list of known package vendors		/*{{{*/
+// ---------------------------------------------------------------------
+/* This also scans a directory of vendor files similar to apt.conf.d 
+   which can contain the usual suspects of distribution provided data.
+   The APT config mechanism allows the user to override these in their
+   configuration file. */
+bool pkgVendorList::ReadMainList()
+{
+   Configuration Cnf;
+
+   string CnfFile = _config->FindDir("Dir::Etc::vendorparts");
+   if (FileExists(CnfFile) == true)
+      if (ReadConfigDir(Cnf,CnfFile,true) == false)
+	 return false;
+   CnfFile = _config->FindFile("Dir::Etc::vendorlist");
+   if (FileExists(CnfFile) == true)
+      if (ReadConfigFile(Cnf,CnfFile,true) == false)
+	 return false;
+
+   return CreateList(Cnf);
+}
+
+bool pkgVendorList::Read(string File)
+{
+   Configuration Cnf;
+   if (ReadConfigFile(Cnf,File,true) == false)
+      return false;
+
+   return CreateList(Cnf);
+}
+
+bool pkgVendorList::CreateList(Configuration& Cnf)
+{
+   for (vector<const Vendor *>::const_iterator I = VendorList.begin(); 
+	I != VendorList.end(); I++)
+      delete *I;
+   VendorList.erase(VendorList.begin(),VendorList.end());
+
+   const Configuration::Item *Top = Cnf.Tree("Vendor");
+   for (Top = (Top == 0?0:Top->Child); Top != 0; Top = Top->Next)
+   {
+      Configuration Block(Top);
+      string VendorID = Top->Tag;
+      vector <struct Vendor::Fingerprint *> *Fingerprints = new vector<Vendor::Fingerprint *>;
+      struct Vendor::Fingerprint *Fingerprint = new struct Vendor::Fingerprint;
+      string Origin = Block.Find("Origin");
+
+      Fingerprint->Print = Block.Find("Fingerprint");
+      Fingerprint->Description = Block.Find("Name");
+      Fingerprints->push_back(Fingerprint);
+
+      if (Fingerprint->Print.empty() || Fingerprint->Description.empty())
+      {
+         _error->Error(_("Vendor block %s contains no fingerprint"), VendorID.c_str());
+         delete Fingerprints;
+         continue;
+      }
+      if (_config->FindB("Debug::sourceList", false)) 
+         std::cerr << "Adding vendor with ID: " << VendorID
+		   << " Fingerprint: " << Fingerprint->Print << std::endl;
+
+      VendorList.push_back(new Vendor(VendorID, Origin, Fingerprints));
+   }
+
+   /* Process 'group-key' type sections */
+   Top = Cnf.Tree("group-key");
+   for (Top = (Top == 0?0:Top->Child); Top != 0; Top = Top->Next)
+   {
+//       Configuration Block(Top);
+//       vector<Vendor::Fingerprint *> Fingerprints;
+//       string VendorID = Top->Tag;
+
+//       while (Block->Next)
+//       {
+// 	 struct Vendor::Fingerprint Fingerprint = new struct Vendor::Fingerprint;
+// 	 Fingerprint->Print = Block.Find("Fingerprint");
+// 	 Fingerprint->Description = Block.Find("Name");
+// 	 if (Fingerprint->print.empty() || Fingerprint->Description.empty())
+// 	 {
+// 	    _error->Error(_("Vendor block %s is invalid"), 
+// 			  Vendor->VendorID.c_str());
+// 	    delete Fingerprint;
+// 	    break;
+// 	 }
+// 	 Block = Block->Next->Next;
+//       }
+//       if (_error->PendingError())
+//       {
+// 	 for (vector <struct Vendor::Fingerprint *>::iterator I = Fingerprints.begin();
+// 	      I != Fingerprints.end(); I++)
+// 	    delete *I;
+// 	 delete Fingerprints;
+// 	 continue;
+//       }
+
+//       VendorList.push_back(new Vendor(VendorID, Fingerprints));
+   }
+   
+   return !_error->PendingError();
+}
+
+const Vendor* pkgVendorList::LookupFingerprint(string Fingerprint)
+{
+   for (const_iterator I = begin(); I != end(); ++I)
+   {
+      if ((*I)->LookupFingerprint(Fingerprint) != "")
+         return *I;
+   }
+
+   return NULL;
+}
+
+const Vendor* pkgVendorList::FindVendor(const std::vector<string> GPGVOutput)
+{
+   for (std::vector<string>::const_iterator I = GPGVOutput.begin(); I != GPGVOutput.end(); I++)
+   {
+      string::size_type pos = (*I).find("VALIDSIG ");
+      if (_config->FindB("Debug::Vendor", false))
+         std::cerr << "Looking for VALIDSIG in \"" << (*I) << "\": pos " << pos << std::endl;
+      if (pos != std::string::npos)
+      {
+         string Fingerprint = (*I).substr(pos+sizeof("VALIDSIG"));
+         if (_config->FindB("Debug::Vendor", false))
+            std::cerr << "Looking for \"" << Fingerprint << "\" in vendor..." << std::endl;
+         const Vendor* vendor = this->LookupFingerprint(Fingerprint);
+         if (vendor != NULL)
+            return vendor;
+      }
+   }
+
+   return NULL;
+}

apt-pkg/vendorlist.h

@@ -0,0 +1,52 @@
+// -*- mode: cpp; mode: fold -*-
+// Description								/*{{{*/
+// $Id: vendorlist.h,v 1.1.2.1 2003/12/24 23:09:17 mdz Exp $
+/* ######################################################################
+
+   VendorList - Manage a list of vendors
+   
+   The Vendor List class provides access to a list of vendors and
+   attributes associated with them, read from a configuration file.
+   
+   ##################################################################### */
+									/*}}}*/
+#ifndef PKGLIB_VENDORLIST_H
+#define PKGLIB_VENDORLIST_H
+
+#include <string>
+#include <vector>
+#include <apt-pkg/vendor.h>
+#include <apt-pkg/configuration.h>
+
+using std::string;
+using std::vector;
+
+#ifdef __GNUG__
+#pragma interface "apt-pkg/vendorlist.h"
+#endif
+
+class pkgVendorList
+{
+   protected:
+   vector<Vendor const *> VendorList;
+
+   bool CreateList(Configuration& Cnf);
+   const Vendor* LookupFingerprint(string Fingerprint);
+
+   public:
+   typedef vector<Vendor const *>::const_iterator const_iterator;
+   bool ReadMainList();
+   bool Read(string File);
+
+   // List accessors
+   inline const_iterator begin() const {return VendorList.begin();};
+   inline const_iterator end() const {return VendorList.end();};
+   inline unsigned int size() const {return VendorList.size();};
+   inline bool empty() const {return VendorList.empty();};
+
+   const Vendor* FindVendor(const vector<string> GPGVOutput);
+
+   ~pkgVendorList();
+};
+
+#endif

buildlib/environment.mak.in

@@ -5,7 +5,7 @@ PACKAGE = @PACKAGE@
 
 # C++ compiler options
 CC = @CC@
-CPPFLAGS+= @CPPFLAGS@ @DEFS@ -D_REENTRANT
+CPPFLAGS+= @CPPFLAGS@ @DEFS@ -D_REENTRANT -Wall
 CXX = @CXX@
 CXXFLAGS+= @CXXFLAGS@
 NUM_PROCS = @NUM_PROCS@
@@ -34,6 +34,9 @@ DOCBOOK2MAN := @DOCBOOK2MAN@
 # XML for the man pages
 XMLTO := @XMLTO@
 
+# XML for the man pages
+XMLTO := @XMLTO@
+
 # Gettext settings
 GMSGFMT = @GMSGFMT@
 XGETTEXT = @XGETTEXT@

cmdline/apt-cache.cc

@@ -1599,11 +1599,16 @@ bool Madison(CommandLine &CmdL)
                // Locate the associated index files so we can derive a description
                for (pkgSourceList::const_iterator S = SrcList->begin(); S != SrcList->end(); S++)
                {
-                  if ((*S)->FindInCache(*(VF.File().Cache())) == VF.File())
-                  {
-                     cout << setw(10) << Pkg.Name() << " | " << setw(10) << V.VerStr() << " | "
-                          << (*S)->Describe(true) << endl;
-                  }
+                    vector<pkgIndexFile *> *Indexes = (*S)->GetIndexFiles();
+                    for (vector<pkgIndexFile *>::const_iterator IF = Indexes->begin();
+                         IF != Indexes->end(); IF++)
+                    {
+                         if ((*IF)->FindInCache(*(VF.File().Cache())) == VF.File())
+                         {
+                                   cout << setw(10) << Pkg.Name() << " | " << setw(10) << V.VerStr() << " | "
+                                        << (*IF)->Describe(true) << endl;
+                         }
+                    }
                }
             }
          }

cmdline/apt-extracttemplates.cc

@@ -99,7 +99,7 @@ bool DebFile::Go()
 	
 	if (File.Seek(Member->Start) == false)
 		return false;
-	ExtractTar Tar(File, Member->Size);
+	ExtractTar Tar(File, Member->Size,"gzip");
 	return Tar.Go(*this);
 }
 									/*}}}*/

cmdline/apt-get.cc

@@ -111,7 +111,7 @@ class CacheFile : public pkgCacheFile
 // YnPrompt - Yes No Prompt.						/*{{{*/
 // ---------------------------------------------------------------------
 /* Returns true on a Yes.*/
-bool YnPrompt()
+bool YnPrompt(bool Default=true)
 {
    if (_config->FindB("APT::Get::Assume-Yes",false) == true)
    {
@@ -126,7 +126,7 @@ bool YnPrompt()
       return false;
 
    if (strlen(response) == 0)
-      return true;
+      return Default;
 
    regex_t Pattern;
    int Res;
@@ -544,6 +544,7 @@ bool ShowEssential(ostream &out,CacheFile &Cache)
    return ShowList(out,_("WARNING: The following essential packages will be removed\n"
 			 "This should NOT be done unless you know exactly what you are doing!"),List,VersionsList);
 }
+
 									/*}}}*/
 // Stats - Show some statistics						/*{{{*/
 // ---------------------------------------------------------------------
@@ -666,6 +667,49 @@ bool CacheFile::CheckDeps(bool AllowBroken)
       
    return true;
 }
+
+static bool CheckAuth(pkgAcquire& Fetcher)
+{
+   string UntrustedList;
+   for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
+   {
+      if (!(*I)->IsTrusted())
+      {
+         UntrustedList += string((*I)->ShortDesc()) + " ";
+      }
+   }
+
+   if (UntrustedList == "")
+   {
+      return true;
+   }
+        
+   ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
+
+   if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
+   {
+      c2out << "Authentication warning overridden.\n";
+      return true;
+   }
+
+   if (_config->FindI("quiet",0) < 2
+       && _config->FindB("APT::Get::Assume-Yes",false) == false)
+   {
+      c2out << _("Install these packages without verification? [y/N] ") << flush;
+      if (!YnPrompt(false))
+         return _error->Error(_("Some packages could not be authenticated"));
+
+      return true;
+   }
+   else if (_config->FindB("APT::Get::Force-Yes",false) == true)
+   {
+      return true;
+   }
+
+   return _error->Error(_("There are problems and -y was used without --force-yes"));
+}
+
+
 									/*}}}*/
 
 // InstallPackages - Actually download and install the packages		/*{{{*/
@@ -701,7 +745,7 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask = true,
         Essential = !ShowEssential(c1out,Cache);
    Fail |= Essential;
    Stats(c1out,Cache);
-   
+
    // Sanity check
    if (Cache->BrokenCount() != 0)
    {
@@ -860,6 +904,9 @@ bool InstallPackages(CacheFile &Cache,bool ShwKept,bool Ask = true,
       return true;
    }
 
+   if (!CheckAuth(Fetcher))
+      return false;
+
    /* Unlock the dpkg lock if we are not going to be doing an install
       after. */
    if (_config->FindB("APT::Get::Download-Only",false) == true)
@@ -1252,19 +1299,25 @@ bool DoUpdate(CommandLine &CmdL)
    AcqTextStatus Stat(ScreenWidth,_config->FindI("quiet",0));
    pkgAcquire Fetcher(&Stat);
 
-   // Populate it with the source selection
-   if (List.GetIndexes(&Fetcher) == false)
-	 return false;
    
    // Just print out the uris an exit if the --print-uris flag was used
    if (_config->FindB("APT::Get::Print-URIs") == true)
    {
+      // Populate it with the source selection and get all Indexes 
+      // (GetAll=true)
+      if (List.GetIndexes(&Fetcher,true) == false)
+	 return false;
+
       pkgAcquire::UriIterator I = Fetcher.UriBegin();
       for (; I != Fetcher.UriEnd(); I++)
 	 cout << '\'' << I->URI << "' " << flNotDir(I->Owner->DestFile) << ' ' << 
 	       I->Owner->FileSize << ' ' << I->Owner->MD5Sum() << endl;
       return true;
    }
+
+   // Populate it with the source selection
+   if (List.GetIndexes(&Fetcher) == false)
+	 return false;
    
    // Run it
    if (Fetcher.Run() == pkgAcquire::Failed)
@@ -2412,6 +2465,7 @@ int main(int argc,const char *argv[])
       {0,"remove","APT::Get::Remove",0},
       {0,"only-source","APT::Get::Only-Source",0},
       {0,"arch-only","APT::Get::Arch-Only",0},
+      {0,"allow-unauthenticated","APT::Get::AllowUnauthenticated",0},
       {'c',"config-file",0,CommandLine::ConfigFile},
       {'o',"option",0,CommandLine::ArbItem},
       {0,0,0,0}};

cmdline/apt-key

@@ -0,0 +1,60 @@
+#!/bin/sh
+
+set -e
+
+usage() {
+    echo "Usage: apt-key [command] [arguments]"
+    echo
+    echo "Manage apt's list of trusted keys"
+    echo
+    echo "  apt-key add <file>          - add the key contained in <file> ('-' for stdin)"
+    echo "  apt-key del <keyid>         - remove the key <keyid>"
+    echo "  apt-key list                - list keys"
+    echo
+}
+
+command="$1"
+if [ -z "$command" ]; then
+    usage
+    exit 1
+fi
+shift
+
+if [ "$command" != "help" ] && ! which gpg >/dev/null 2>&1; then
+    echo >&2 "Warning: gnupg does not seem to be installed."
+    echo >&2 "Warning: apt-key requires gnupg for most operations."
+    echo >&2
+fi
+
+# We don't use a secret keyring, of course, but gpg panics and
+# implodes if there isn't one available
+
+GPG="gpg --no-options --no-default-keyring --keyring /etc/apt/trusted.gpg --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg"
+
+case "$command" in
+    add)
+        $GPG --quiet --batch --import "$1"
+        echo "OK"
+        ;;
+    del|rm|remove)
+        $GPG --quiet --batch --delete-key --yes "$1"
+        echo "OK"
+        ;;
+    list)
+        $GPG --batch --list-keys
+        ;;
+    finger*)
+        $GPG --batch --fingerprint
+        ;;
+    adv*)
+        echo "Executing: $GPG $*"
+        $GPG $*
+        ;;
+    help)
+        usage
+        ;;
+    *)
+        usage
+        exit 1
+        ;;
+esac

cmdline/indexcopy.cc

@@ -83,7 +83,7 @@ bool IndexCopy::CopyPackages(string CDROM,string Name,vector<string> &List)
 	 fclose(tmp);
 	 
 	 // Fork gzip
-	 int Process = fork();
+	 pid_t Process = fork();
 	 if (Process < 0)
 	    return _error->Errno("fork","Couldn't fork gzip");
 	 

cmdline/makefile

@@ -46,3 +46,9 @@ SLIBS = -lapt-pkg -lapt-inst
 LIB_MAKES = apt-pkg/makefile
 SOURCE = apt-extracttemplates.cc 
 include $(PROGRAM_H)
+
+# The apt-key program
+SOURCE=apt-key
+TO=$(BIN)
+TARGET=program
+include $(COPY_H)

configure.in

@@ -18,7 +18,7 @@ AC_CONFIG_AUX_DIR(buildlib)
 AC_CONFIG_HEADER(include/config.h:buildlib/config.h.in include/apti18n.h:buildlib/apti18n.h.in)
 
 dnl -- SET THIS TO THE RELEASE VERSION --
-AC_DEFINE_UNQUOTED(VERSION,"0.5.32")
+AC_DEFINE_UNQUOTED(VERSION,"0.6.27ubuntu3")
 PACKAGE="apt"
 AC_DEFINE_UNQUOTED(PACKAGE,"$PACKAGE")
 AC_SUBST(PACKAGE)
@@ -181,6 +181,9 @@ AC_PATH_PROG(DOCBOOK2MAN,docbook2man)
 dnl Check for the XML tools needed to build man pages
 AC_PATH_PROG(XMLTO,xmlto)
 
+dnl Check for the XML tools needed to build man pages
+AC_PATH_PROG(XMLTO,xmlto)
+
 dnl Check for YODL
 dnl AC_CHECK_PROG(YODL_MAN,yodl2man,"yes","")
 

debian/apt.manpages

@@ -2,6 +2,7 @@ doc/apt-cache.8
 doc/apt-cdrom.8
 doc/apt-config.8
 doc/apt-get.8
+doc/apt-key.8
 doc/apt.8
 doc/apt.conf.5
 doc/apt_preferences.5
@@ -12,7 +13,6 @@ doc/fr/apt-get.fr.8
 doc/fr/apt.conf.fr.5
 doc/fr/apt_preferences.fr.5
 doc/fr/sources.list.fr.5
-doc/fr/vendors.list.fr.5
 doc/es/apt-cache.es.8
 doc/es/apt-cdrom.es.8
 doc/es/apt-config.es.8
@@ -20,7 +20,6 @@ doc/es/apt-get.es.8
 doc/es/apt.conf.es.5
 doc/es/apt_preferences.es.5
 doc/es/sources.list.es.5
-doc/es/vendors.list.es.5
 doc/es/apt.es.8
 doc/pt_BR/apt_preferences.pt_BR.5
 doc/ja/apt-cache.ja.8
@@ -28,5 +27,4 @@ doc/ja/apt-cdrom.ja.8
 doc/ja/apt-get.ja.8
 doc/ja/apt.conf.ja.5
 doc/sources.list.5
-doc/vendors.list.5
 doc/de/apt.de.8

debian/apt.postinst

@@ -0,0 +1,42 @@
+#! /bin/sh
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+    configure)
+
+        if ! test -f /etc/apt/trusted.gpg; then
+                cp /usr/share/apt/ubuntu-archive.gpg /etc/apt/trusted.gpg
+        fi
+
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+

debian/changelog

@@ -1,9 +1,47 @@
-apt (0.5.32) unstable; urgency=low
+apt (0.6.27ubuntu3) hoary; urgency=low
 
-  * Call setlocale in the http methods, so that the messages are properly
+  * added a exact dependency from libapt-pkg-dev to the apt version it was
+    build with
+
+ -- Michael Vogt <mvo@debian.org>  Wed, 15 Dec 2004 09:56:32 +0100
+
+apt (0.6.27ubuntu2) hoary; urgency=low
+
+  * fixed a bug in the rule file that happend during the big 0.5->0.6 merge
+
+ -- Michael Vogt <mvo@debian.org>  Tue, 14 Dec 2004 12:14:25 +0100
+
+apt (0.6.27ubuntu1) hoary; urgency=low
+
+  * chmod 755 /usr/bin/apt-key
+  * don't display a error when a apt-get update don't find a 
+    Packages.bz2/Sources.bz2 file
+
+ -- Michael Vogt <mvo@debian.org>  Mon, 13 Dec 2004 18:40:21 +0100
+
+apt (0.6.27) hoary; urgency=low
+
+  * Merge apt--authentication--0 branch
+    - Implement gpg authentication for package repositories (Closes: #203741)
+    - Also includes Michael Vogt's fixes
+  * Merge apt--misc-abi-changes--0 branch
+    - Use pid_t throughout to hold process IDs (Closes: #226701)
+    - Import patch from Debian bug #195510: (Closes: #195510)
+      - Make Simulate::Describe and Simulate::ShortBreaks private member
+        functions
+      - Add a parameter (Candidate) to Describe to control whether the
+        candidate version is displayed
+      - Pass an appropriate value for Candidate everywhere Describe is called
+
+ -- Matt Zimmerman <mdz@canonical.com>  Mon, 13 Dec 2004 01:03:11 -0800
+
+apt (0.5.32) hoary; urgency=low
+
+  * Call setlocale in the methods, so that the messages are properly
     localised (Closes: #282700)
+  * Implement support for bzip2-compressed debs (data.tar.bz2)
 
- --
+ -- Matt Zimmerman <mdz@canonical.com>  Sat, 11 Dec 2004 09:05:52 -0800
 
 apt (0.5.31) unstable; urgency=low
 

debian/control

@@ -13,7 +13,7 @@ Depends: ${shlibs:Depends}
 Priority: important
 Replaces: libapt-pkg-doc (<< 0.3.7), libapt-pkg-dev (<< 0.3.7)
 Provides: ${libapt-pkg:provides}
-Suggests: aptitude | synaptic | gnome-apt | wajig, dpkg-dev, apt-doc, bzip2
+Suggests: aptitude | synaptic | gnome-apt | wajig, dpkg-dev, apt-doc, bzip2, gnupg
 Section: base
 Description: Advanced front-end for dpkg
  This is Debian's next generation front-end for the dpkg package manager.
@@ -35,7 +35,7 @@ Description: Documentation for APT
 Package: libapt-pkg-dev
 Architecture: any
 Priority: optional
-Depends: apt-utils, ${libapt-pkg:provides}, ${libapt-inst:provides}
+Depends: apt (= ${Source-Version}), apt-utils (= ${Source-Version}), ${libapt-pkg:provides}, ${libapt-inst:provides}
 Section: libdevel
 Description: Development files for APT's libapt-pkg and libapt-inst
  This package contains the header files and libraries for

debian/rules

@@ -108,7 +108,7 @@ build/configure-stamp: configure
 	dh_testdir
 	-mkdir build
 	cp COPYING debian/copyright
-	cd build && ../configure $(confflags)
+	cd build && CXXFLAGS="$(confcxxflags)" ../configure $(confflags)
 	touch $@
 
 build/build-stamp: build/configure-stamp
@@ -189,25 +189,27 @@ apt: build debian/shlibs.local
 	dh_testdir -p$@
 	dh_testroot -p$@
 	dh_clean -p$@ -k
-	dh_installdirs -p$@
+	dh_installdirs -p$@ /usr/share/bug/$@ /usr/share/$@
 #
 # apt install
 #
-	cp $(BLD)/bin/apt-* debian/apt/usr/bin/
+	cp $(BLD)/bin/apt-* debian/$@/usr/bin/
 
 	# Remove the bits that are in apt-utils
-	rm $(addprefix debian/apt/usr/bin/apt-,$(APT_UTILS))
+	rm $(addprefix debian/$@/usr/bin/apt-,$(APT_UTILS))
 
 	# install the shared libs
-	find $(BLD)/bin/ -type f -name "libapt-pkg*.so.*" -exec cp -a "{}" debian/apt/usr/lib/ \;
-	find $(BLD)/bin/ -type l -name "libapt-pkg*.so.*" -exec cp -a "{}" debian/apt/usr/lib/ \;
+	find $(BLD)/bin/ -type f -name "libapt-pkg*.so.*" -exec cp -a "{}" debian/$@/usr/lib/ \;
+	find $(BLD)/bin/ -type l -name "libapt-pkg*.so.*" -exec cp -a "{}" debian/$@/usr/lib/ \;
+
+	cp $(BLD)/bin/methods/* debian/$@/usr/lib/apt/methods/
 
-	cp $(BLD)/bin/methods/* debian/apt/usr/lib/apt/methods/
+	cp $(BLD)/scripts/dselect/* debian/$@/usr/lib/dpkg/methods/apt/
+	cp -r $(BLD)/locale debian/$@/usr/share/
 
-	cp $(BLD)/scripts/dselect/* debian/apt/usr/lib/dpkg/methods/apt/
-	cp -r $(BLD)/locale debian/apt/usr/share/
+	cp debian/bugscript debian/$@/usr/share/bug/apt/script
 
-	cp debian/bugscript debian/apt/usr/share/bug/apt/script
+	cp share/ubuntu-archive.gpg debian/$@/usr/share/$@
 
 #	head -n 500 ChangeLog > debian/ChangeLog
 
@@ -221,7 +223,7 @@ apt: build debian/shlibs.local
 	dh_fixperms -p$@
 	dh_makeshlibs -p$@ -m$(LIBAPTPKG_MAJOR) -V '$(LIBAPTPKG_PROVIDE)'
 	dh_installdeb -p$@
-	dh_shlibdeps -p$@ -l`pwd`/debian/apt/usr/lib -- -Ldebian/shlibs.local.apt
+	dh_shlibdeps -p$@ -l`pwd`/debian/apt/usr/lib:`pwd`/debian/$@/usr/lib -- -Ldebian/shlibs.local.apt
 	dh_gencontrol -p$@ -u -Vlibapt-pkg:provides=$(LIBAPTPKG_PROVIDE)
 	dh_md5sums -p$@
 	dh_builddeb -p$@
@@ -332,6 +334,6 @@ cvs-mkul:
 arch-build:
 	rm -rf debian/arch-build
 	mkdir -p debian/arch-build/apt-$(APT_DEBVER)
-	tla inventory -s | xargs cp -a --parents --target=debian/arch-build/apt-$(APT_DEBVER)
+	baz inventory -s | xargs cp -a --parents --target=debian/arch-build/apt-$(APT_DEBVER)
 	$(MAKE) -C debian/arch-build/apt-$(APT_DEBVER) startup doc
 	(cd debian/arch-build/apt-$(APT_DEBVER); $(DEB_BUILD_PROG))

doc/apt-get.8.xml

@@ -279,8 +279,8 @@
                    <term><option>--assume-yes</option></term>
      <listitem><para>Automatic yes to prompts; assume "yes" as answer to all prompts and run
      non-interactively. If an undesirable situation, such as changing a held
-     package or removing an essential package occurs then <literal>apt-get</literal> 
-     will abort. 
+     package, trying to install a unauthenticated package or removing an essential package 
+     occurs then <literal>apt-get</literal> will abort. 
      Configuration Item: <literal>APT::Get::Assume-Yes</literal>.</para></listitem>
      </varlistentry>
 
@@ -403,7 +403,14 @@
      <listitem><para>Only process architecture-dependent build-dependencies.
      Configuration Item: <literal>APT::Get::Arch-Only</literal>.</para></listitem>
      </varlistentry>
+
+     <varlistentry><term><option>--allow-unauthenticated</option></term>
+     <listitem><para>Ignore if packages can't be authenticated and don't prompt about it.
+     This is usefull for tools like pbuilder.
+     Configuration Item: <literal>APT::Get::AllowUnauthenticated</literal>.</para></listitem>
+     </varlistentry>
      
+
      &apt-commonoptions;
      
    </variablelist>

doc/apt-key.8.xml

@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="utf-8" standalone="no"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+
+<!ENTITY % aptent SYSTEM "apt.ent">
+%aptent;
+
+]>
+
+<refentry>
+ &apt-docinfo;
+ 
+ <refmeta>
+   <refentrytitle>apt-key</refentrytitle>
+   <manvolnum>8</manvolnum>
+ </refmeta>
+ 
+ <!-- Man page title -->
+ <refnamediv>
+    <refname>apt-key</refname>
+    <refpurpose>APT key management utility</refpurpose>
+ </refnamediv>
+
+ <!-- Arguments -->
+ <refsynopsisdiv>
+   <cmdsynopsis>
+      <command>apt-key</command>
+      <arg><replaceable>command</replaceable>/</arg>
+      <arg rep="repeat"><option><replaceable>arguments</replaceable></option></arg>
+   </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1><title>Description</title>
+   <para>
+   <command>apt-key</command> is used to manage the list of keys used
+   by apt to authenticate packages.  Packages which have been
+   authenticated using these keys will be considered trusted.
+   </para>
+</refsect1>
+
+<refsect1><title>Commands</title>
+   <variablelist>
+     <varlistentry><term>add <replaceable>filename</replaceable></term>
+     <listitem>
+     <para>
+
+       Add a new key to the list of trusted keys.  The key is read
+       from <replaceable>filename</replaceable>, or standard input if
+       <replaceable>filename</replaceable> is <literal>-</literal>.
+     </para>
+
+     </listitem>
+     </varlistentry>
+
+     <varlistentry><term>del <replaceable>keyid</replaceable></term>
+     <listitem>
+     <para>
+
+       Remove a key from the list of trusted keys.
+
+     </para>
+
+     </listitem>
+     </varlistentry>
+
+     <varlistentry><term>list</term>
+     <listitem>
+     <para>
+
+       List trusted keys.
+     </para>
+
+     </listitem>
+     </varlistentry>
+   </variablelist>
+</refsect1>
+
+<!--  <refsect1><title>See Also</title> -->
+<!--    <para> -->
+<!--    &apt-conf;, &apt-get;, &sources-list; -->
+<!--  </refsect1> -->
+
+ &manbugs;
+ &manauthor;
+
+</refentry>
+

doc/es/makefile

@@ -7,7 +7,6 @@ include ../../buildlib/defaults.mak
 
 # Man pages
 SOURCE = apt-cache.es.8 apt-get.es.8 apt-cdrom.es.8 apt.conf.es.5 \
-         sources.list.es.5 apt-config.es.8 apt_preferences.es.5 \
-	 vendors.list.es.5
+         sources.list.es.5 apt-config.es.8 apt_preferences.es.5
 INCLUDES = apt.ent.es
 include $(SGML_MANPAGE_H)

doc/fr/makefile

@@ -8,7 +8,6 @@ include ../../buildlib/defaults.mak
 # Man pages
 SOURCE = apt-cache.fr.8 apt-get.fr.8 apt-cdrom.fr.8 apt.conf.fr.5 \
          sources.list.fr.5 apt-config.fr.8 apt-sortpkgs.fr.1 \
-	 apt-ftparchive.fr.1 apt_preferences.fr.5 apt-extracttemplates.fr.1 \
-	 vendors.list.fr.5
+	 apt-ftparchive.fr.1 apt_preferences.fr.5 apt-extracttemplates.fr.1
 INCLUDES = apt.ent.fr
 include $(SGML_MANPAGE_H)

doc/makefile

@@ -13,8 +13,8 @@ include $(DEBIANDOC_H)
 
 # XML man pages
 SOURCE = apt-cache.8 apt-get.8 apt-cdrom.8 apt.conf.5 sources.list.5 \
-         apt-config.8 apt_preferences.5 vendors.list.5 \
-         apt-sortpkgs.1 apt-ftparchive.1 apt-extracttemplates.1
+         apt-config.8 apt_preferences.5  \
+         apt-sortpkgs.1 apt-ftparchive.1 apt-extracttemplates.1 apt-key.8
 INCLUDES = apt.ent	 
 include $(XML_MANPAGE_H)
 

doc/vendors.list.5.xml

@@ -1,115 +0,0 @@
-<?xml version="1.0" encoding="utf-8" standalone="no"?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-
-<!ENTITY % aptent SYSTEM "apt.ent">
-%aptent;
-
-]>
-
-<refentry>
-
- <refentryinfo>
-   &apt-author.jgunthorpe;
-   &apt-author.team;
-   &apt-email;
-   &apt-product;
-   <!-- The last update date -->
-   <date>29 February 2004</date>
- </refentryinfo>
- 
- <refmeta>
-   <refentrytitle>vendors.list</refentrytitle>
-   <manvolnum>5</manvolnum>
- </refmeta>
- 
- <!-- Man page title -->
- <refnamediv>
-    <refname>vendors.list</refname>
-    <refpurpose>Security key configuration for APT</refpurpose>
- </refnamediv>
- 
- <refsect1><title>Description</title>
-
-   <para>The package vendor list contains a list of all vendors
-   from whom you wish to  authenticate  downloaded  packages.
-   For each vendor listed, it must contain the corresponding
-   PGP key fingerprint, so that  APT  can  perform  signature
-   verification  of the release file and subsequent checking
-   of the checksums of each  downloaded  package.
-   To have authentication enabled, you must add the 
-   vendor identification string  (see  below) enclosed in
-   square braces to the sources.list line for all sites that mirror
-   the repository provided by that vendor.</para>
-
-   <para>The format of this file is similar  to  the  one  used  by
-   apt.conf.  It consists of an arbitrary number of blocks of
-   vendors, where each block starts with a string telling the
-   <replaceable>key_type</replaceable> and the
-   <replaceable>vendor_id</replaceable></para>
-
-   <para>Some vendors may have multiple blocks that define different
-   security policies for their distributions. Debian for instance
-   uses a different signing methodology for stable and unstable releases.</para>
-   <para><replaceable>key_type</replaceable> is the type of the check required.
-   Currently, there is only one type available which is 
-   <literal>simple-key</literal>.</para>
-
-   <para><replaceable>vendor_id</replaceable> is the vendor identification
-   string. It is an arbitrary string you must supply to uniquely identifify a
-   vendor that's listed in this file.
-   
-   Example:
-  </para> 
-<informalexample><programlisting>   
-simple-key "joe"
-{
-   Fingerprint "0987AB4378FSD872343298787ACC";
-   Name "Joe Shmoe &lt;joe@shmoe.com&gt;";
-}						    
-</programlisting></informalexample>
- </refsect1>
-
- <refsect1><title>The simple-key type</title>
-
-   <para>This type of verification is used when the vendor has a single
-   secured key that must be used to sign the Release file. The
-   following items should be present</para>
-   
-   <variablelist>
-     <varlistentry><term>Fingerprint</term>
-     <listitem><para>
-     The PGP fingerprint for the key. The fingerprint should be
-     expressed in the standard notion with or without spaces.
-     The <option>--fingerprint</option> option for 
-     <citerefentry><refentrytitle><command>gpg</command></refentrytitle><manvolnum>1</manvolnum></citerefentry>
-     will show the fingerprint for the selected keys(s).
-     </para>
-     </listitem>
-     </varlistentry>
-
-     <varlistentry><term>Name</term>
-     <listitem><para>
-     A string containing a description of the owner of
-     the  key  or vendor.  You may put the vendor name and it's
-     email. The string must be quoted with ".
-     </para>
-     </listitem>
-     </varlistentry>
-     
-   </variablelist>
- </refsect1>
-
- <refsect1><title>Files</title>
-   <para><filename>/etc/apt/vendors.list</filename></para>
- </refsect1>
- 
- <refsect1><title>See Also</title>
-   <para>&sources-list;
-   </para>
- </refsect1>
-
- &manbugs;
- 
-</refentry>
-   

ftparchive/apt-ftparchive.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: apt-ftparchive.cc,v 1.12 2004/01/02 21:48:13 mdz Exp $
+// $Id: apt-ftparchive.cc,v 1.8.2.3 2004/01/02 22:01:48 mdz Exp $
 /* ######################################################################
 
    apt-scanpackages - Efficient work-alike for dpkg-scanpackages

ftparchive/contents.cc

@@ -308,11 +308,18 @@ bool ContentsExtract::Read(debDebFile &Deb)
    
    // Get the archive member and positition the file 
    const ARArchive::Member *Member = Deb.GotoMember("data.tar.gz");
-   if (Member == 0)
+   const char *Compressor = "gzip";
+   if (Member == 0) {
+      Member = Deb.GotoMember("data.tar.bz2");
+      Compressor = "bzip2";
+   }
+   if (Member == 0) {
+      _error->Error(_("Internal Error, could not locate member %s"),"data.tar.gz");
       return false;
+   }
       
    // Extract it.
-   ExtractTar Tar(Deb.GetFile(),Member->Size);
+   ExtractTar Tar(Deb.GetFile(),Member->Size,Compressor);
    if (Tar.Go(*this) == false)
       return false;   
    return true;   

ftparchive/multicompress.cc

@@ -271,7 +271,7 @@ bool MultiCompress::Finalize(unsigned long &OutSize)
 /* This opens the compressor, either in compress mode or decompress 
    mode. FileFd is always the compressor input/output file, 
    OutFd is the created pipe, Input for Compress, Output for Decompress. */
-bool MultiCompress::OpenCompress(const CompType *Prog,int &Pid,int FileFd,
+bool MultiCompress::OpenCompress(const CompType *Prog,pid_t &Pid,int FileFd,
 				 int &OutFd,bool Comp)
 {
    Pid = -1;
@@ -334,7 +334,7 @@ bool MultiCompress::OpenCompress(const CompType *Prog,int &Pid,int FileFd,
 // MultiCompress::OpenOld - Open an old file				/*{{{*/
 // ---------------------------------------------------------------------
 /* This opens one of the original output files, possibly decompressing it. */
-bool MultiCompress::OpenOld(int &Fd,int &Proc)
+bool MultiCompress::OpenOld(int &Fd,pid_t &Proc)
 {
    Files *Best = Outputs;
    for (Files *I = Outputs; I != 0; I = I->Next)
@@ -356,7 +356,7 @@ bool MultiCompress::OpenOld(int &Fd,int &Proc)
 // MultiCompress::CloseOld - Close the old file				/*{{{*/
 // ---------------------------------------------------------------------
 /* */
-bool MultiCompress::CloseOld(int Fd,int Proc)
+bool MultiCompress::CloseOld(int Fd,pid_t Proc)
 {
    close(Fd);
    if (Proc != -1)
@@ -439,7 +439,7 @@ bool MultiCompress::Child(int FD)
    while (Missing == false)
    {
       int CompFd = -1;
-      int Proc = -1;
+      pid_t Proc = -1;
       if (OpenOld(CompFd,Proc) == false)
       {
 	 _error->Discard();

ftparchive/multicompress.h

@@ -55,7 +55,7 @@ class MultiCompress
    mode_t Permissions;
    static const CompType Compressors[];
 
-   bool OpenCompress(const CompType *Prog,int &Pid,int FileFd,
+   bool OpenCompress(const CompType *Prog,pid_t &Pid,int FileFd,
 		     int &OutFd,bool Comp);
    bool Child(int Fd);
    bool Start();
@@ -68,8 +68,8 @@ class MultiCompress
    unsigned long UpdateMTime;
    
    bool Finalize(unsigned long &OutSize);
-   bool OpenOld(int &Fd,int &Proc);
-   bool CloseOld(int Fd,int Proc);
+   bool OpenOld(int &Fd,pid_t &Proc);
+   bool CloseOld(int Fd,pid_t Proc);
    static bool GetStat(string Output,string Compress,struct stat &St);
    
    MultiCompress(string Output,string Compress,mode_t Permissions,

ftparchive/writer.cc

@@ -754,7 +754,7 @@ bool ContentsWriter::ReadFromPkgs(string PkgFile,string PkgCompress)
    
    // Open the package file
    int CompFd = -1;
-   int Proc = -1;
+   pid_t Proc = -1;
    if (Pkgs.OpenOld(CompFd,Proc) == false)
       return false;
    

ftparchive/writer.h

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: writer.h,v 1.7 2003/12/26 22:55:13 mdz Exp $
+// $Id: writer.h,v 1.4.2.2 2003/12/26 22:55:43 mdz Exp $
 /* ######################################################################
 
    Writer 

methods/cdrom.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: cdrom.cc,v 1.21 2004/01/07 20:39:38 mdz Exp $
+// $Id: cdrom.cc,v 1.20.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    CDROM URI method for APT

methods/connect.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: connect.cc,v 1.11 2004/01/07 20:39:38 mdz Exp $
+// $Id: connect.cc,v 1.10.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    Connect - Replacement connect call

methods/copy.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: copy.cc,v 1.8 2004/01/07 20:39:38 mdz Exp $
+// $Id: copy.cc,v 1.7.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    Copy URI - This method takes a uri like a file: uri and copies it

methods/file.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: file.cc,v 1.10 2004/01/07 20:39:38 mdz Exp $
+// $Id: file.cc,v 1.9.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    File URI method for APT

methods/ftp.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: ftp.cc,v 1.32 2004/01/07 20:39:38 mdz Exp $
+// $Id: ftp.cc,v 1.31.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    FTP Aquire Method - This is the FTP aquire method for APT.

methods/gpgv.cc

@@ -0,0 +1,261 @@
+#include <apt-pkg/error.h>
+#include <apt-pkg/acquire-method.h>
+#include <apt-pkg/strutl.h>
+
+#include <sys/stat.h>
+#include <unistd.h>
+#include <utime.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/wait.h>
+#include <iostream>
+
+#define GNUPGPREFIX "[GNUPG:]"
+#define GNUPGBADSIG "[GNUPG:] BADSIG"
+#define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
+#define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
+
+class GPGVMethod : public pkgAcqMethod
+{
+   private:
+   const char *VerifyGetSigners(const char *file, const char *outfile,
+				vector<string> &GoodSigners, vector<string> &BadSigners,
+				vector<string> &NoPubKeySigners);
+   
+   protected:
+   virtual bool Fetch(FetchItem *Itm);
+   
+   public:
+   
+   GPGVMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig) {};
+};
+
+const char *GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
+					 vector<string> &GoodSigners,
+					 vector<string> &BadSigners,
+					 vector<string> &NoPubKeySigners)
+{
+   if (_config->FindB("Debug::Acquire::gpgv", false))
+   {
+      std::cerr << "inside VerifyGetSigners" << std::endl;
+   }
+   pid_t pid;
+   int fd[2];
+   FILE *pipein;
+   int status;
+   struct stat buff;
+   string gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
+   string pubringpath = _config->Find("Apt::GPGV::TrustedKeyring", "/etc/apt/trusted.gpg");
+   if (_config->FindB("Debug::Acquire::gpgv", false))
+   {
+      std::cerr << "gpgv path: " << gpgvpath << std::endl;
+      std::cerr << "Keyring path: " << pubringpath << std::endl;
+   }
+
+   if (stat(pubringpath.c_str(), &buff) != 0)
+      return (string("Couldn't access keyring: ") + strerror(errno)).c_str();
+
+   if (pipe(fd) < 0)
+   {
+      return "Couldn't create pipe";
+   }
+
+   pid = fork();
+   if (pid < 0)
+   {
+      return (string("Couldn't spawn new process") + strerror(errno)).c_str();
+   }
+   else if (pid == 0)
+   {
+      if (_config->FindB("Debug::Acquire::gpgv", false))
+      {
+         std::cerr << "Preparing to exec: " << gpgvpath
+		   << " --status-fd 3 --keyring " << pubringpath
+		   << " " << file << " " << outfile << std::endl;
+      }
+      int nullfd = open("/dev/null", O_RDONLY);
+      close(fd[0]);
+      // Redirect output to /dev/null; we read from the status fd
+      dup2(nullfd, STDOUT_FILENO); 
+      dup2(nullfd, STDERR_FILENO); 
+      // Redirect the pipe to the status fd (3)
+      dup2(fd[1], 3);
+
+      putenv("LANG=");
+      putenv("LC_ALL=");
+      putenv("LC_MESSAGES=");
+      execlp(gpgvpath.c_str(), gpgvpath.c_str(), "--status-fd", "3", "--keyring", 
+	     pubringpath.c_str(), file, outfile, NULL);
+             
+      exit(111);
+   }
+   close(fd[1]);
+
+   pipein = fdopen(fd[0], "r"); 
+   
+   // Loop over the output of gpgv, and check the signatures.
+   size_t buffersize = 64;
+   char *buffer = (char *) malloc(buffersize);
+   size_t bufferoff = 0;
+   while (1)
+   {
+      int c;
+
+      // Read a line.  Sigh.
+      while ((c = getc(pipein)) != EOF && c != '\n')
+      {
+         if (bufferoff == buffersize)
+            buffer = (char *) realloc(buffer, buffersize *= 2);
+         *(buffer+bufferoff) = c;
+         bufferoff++;
+      }
+      if (bufferoff == 0 && c == EOF)
+         break;
+      *(buffer+bufferoff) = '\0';
+      bufferoff = 0;
+      if (_config->FindB("Debug::Acquire::gpgv", false))
+         std::cerr << "Read: " << buffer << std::endl;
+
+      // Push the data into three separate vectors, which
+      // we later concatenate.  They're kept separate so
+      // if we improve the apt method communication stuff later
+      // it will be better.
+      if (strncmp(buffer, GNUPGBADSIG, sizeof(GNUPGBADSIG)-1) == 0)
+      {
+         if (_config->FindB("Debug::Acquire::gpgv", false))
+            std::cerr << "Got BADSIG! " << std::endl;
+         BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
+      }
+      
+      if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0)
+      {
+         if (_config->FindB("Debug::Acquire::gpgv", false))
+            std::cerr << "Got NO_PUBKEY " << std::endl;
+         NoPubKeySigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
+      }
+
+      if (strncmp(buffer, GNUPGVALIDSIG, sizeof(GNUPGVALIDSIG)-1) == 0)
+      {
+         char *sig = buffer + sizeof(GNUPGPREFIX);
+         char *p = sig + sizeof("VALIDSIG");
+         while (*p && isxdigit(*p)) 
+            p++;
+         *p = 0;
+         if (_config->FindB("Debug::Acquire::gpgv", false))
+            std::cerr << "Got VALIDSIG, key ID:" << sig << std::endl;
+         GoodSigners.push_back(string(sig));
+      }
+   }
+   fclose(pipein);
+
+   waitpid(pid, &status, 0);
+   if (_config->FindB("Debug::Acquire::gpgv", false))
+   {
+      std::cerr <<"gpgv exited\n";
+   }
+   
+   if (WEXITSTATUS(status) == 0)
+   {
+      if (GoodSigners.empty())
+         return "Internal error: Good signature, but could not determine key fingerprint?!";
+      return NULL;
+   }
+   else if (WEXITSTATUS(status) == 1)
+   {
+      return "At least one invalid signature was encountered.";
+   }
+   else if (WEXITSTATUS(status) == 111)
+   {
+      return (string("Could not execute ") + gpgvpath +
+	      string(" to verify signature (is gnupg installed?)")).c_str();
+   }
+   else
+   {
+      return "Unknown error executing gpgv";
+   }
+}
+
+bool GPGVMethod::Fetch(FetchItem *Itm)
+{
+   URI Get = Itm->Uri;
+   string Path = Get.Host + Get.Path; // To account for relative paths
+   string keyID;
+   vector<string> GoodSigners;
+   vector<string> BadSigners;
+   vector<string> NoPubKeySigners;
+   
+   FetchResult Res;
+   Res.Filename = Itm->DestFile;
+   URIStart(Res);
+
+   // Run gpgv on file, extract contents and get the key ID of the signer
+   const char *msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(),
+				      GoodSigners, BadSigners, NoPubKeySigners);
+   if (GoodSigners.empty() || !BadSigners.empty() || !NoPubKeySigners.empty())
+   {
+      string errmsg;
+      // In this case, something bad probably happened, so we just go
+      // with what the other method gave us for an error message.
+      if (BadSigners.empty() && NoPubKeySigners.empty())
+         errmsg = msg;
+      else
+      {
+         if (!BadSigners.empty())
+         {
+            errmsg += "The following signatures were invalid:\n";
+            for (vector<string>::iterator I = BadSigners.begin();
+		 I != BadSigners.end(); I++)
+               errmsg += (*I + "\n");
+         }
+         if (!NoPubKeySigners.empty())
+         {
+             errmsg += "The following signatures couldn't be verified because the public key is not available:\n";
+            for (vector<string>::iterator I = NoPubKeySigners.begin();
+		 I != NoPubKeySigners.end(); I++)
+               errmsg += (*I + "\n");
+         }
+      }
+      return _error->Error(errmsg.c_str());
+   }
+      
+   // Transfer the modification times
+   struct stat Buf;
+   if (stat(Path.c_str(),&Buf) != 0)
+      return _error->Errno("stat","Failed to stat %s", Path.c_str());
+
+   struct utimbuf TimeBuf;
+   TimeBuf.actime = Buf.st_atime;
+   TimeBuf.modtime = Buf.st_mtime;
+   if (utime(Itm->DestFile.c_str(),&TimeBuf) != 0)
+      return _error->Errno("utime","Failed to set modification time");
+
+   if (stat(Itm->DestFile.c_str(),&Buf) != 0)
+      return _error->Errno("stat","Failed to stat");
+   
+   // Return a Done response
+   Res.LastModified = Buf.st_mtime;
+   Res.Size = Buf.st_size;
+   // Just pass the raw output up, because passing it as a real data
+   // structure is too difficult with the method stuff.  We keep it
+   // as three separate vectors for future extensibility.
+   Res.GPGVOutput = GoodSigners;
+   Res.GPGVOutput.insert(Res.GPGVOutput.end(),BadSigners.begin(),BadSigners.end());
+   Res.GPGVOutput.insert(Res.GPGVOutput.end(),NoPubKeySigners.begin(),NoPubKeySigners.end());
+   URIDone(Res);
+
+   if (_config->FindB("Debug::Acquire::gpgv", false))
+   {
+      std::cerr <<"gpgv suceeded\n";
+   }
+
+   return true;
+}
+
+
+int main()
+{
+   GPGVMethod Mth;
+
+   return Mth.Run();
+}

methods/gzip.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: gzip.cc,v 1.18 2004/01/07 20:39:38 mdz Exp $
+// $Id: gzip.cc,v 1.17.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    GZip method - Take a file URI in and decompress it into the target 
@@ -57,7 +57,7 @@ bool GzipMethod::Fetch(FetchItem *Itm)
       return _error->Errno("pipe",_("Couldn't open pipe for %s"),Prog);
 
    // Fork gzip
-   int Process = ExecFork();
+   pid_t Process = ExecFork();
    if (Process == 0)
    {
       close(GzOut[0]);

methods/makefile

@@ -7,7 +7,7 @@ include ../buildlib/defaults.mak
 BIN := $(BIN)/methods
 
 # FIXME..
-LIB_APT_PKG_MAJOR = 3.3
+LIB_APT_PKG_MAJOR = 3.5
 APT_DOMAIN := libapt-pkg$(LIB_APT_PKG_MAJOR)
 
 # The file method
@@ -31,6 +31,13 @@ LIB_MAKES = apt-pkg/makefile
 SOURCE = gzip.cc
 include $(PROGRAM_H)
 
+# The gpgv method
+PROGRAM=gpgv
+SLIBS = -lapt-pkg
+LIB_MAKES = apt-pkg/makefile
+SOURCE = gpgv.cc
+include $(PROGRAM_H)
+
 # The cdrom method
 PROGRAM=cdrom
 SLIBS = -lapt-pkg 

methods/rsh.cc

@@ -1,6 +1,6 @@
 // -*- mode: cpp; mode: fold -*-
 // Description								/*{{{*/
-// $Id: rsh.cc,v 1.7 2004/01/07 20:39:38 mdz Exp $
+// $Id: rsh.cc,v 1.6.2.1 2004/01/16 18:58:50 mdz Exp $
 /* ######################################################################
 
    RSH method - Transfer files via rsh compatible program

methods/rsh.h

@@ -29,7 +29,7 @@ class RSHConn
 
    public:
 
-   int Process;
+   pid_t Process;
 
    // Raw connection IO
    bool WriteMsg(string &Text,bool Sync,const char *Fmt,...);

po/apt-all.pot

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2004-07-29 09:38-0700\n"
+"POT-Creation-Date: 2004-12-20 10:20+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -146,14 +146,14 @@ msgstr ""
 msgid "       %4i %s\n"
 msgstr ""
 
-#: cmdline/apt-cache.cc:1646 cmdline/apt-cdrom.cc:731 cmdline/apt-config.cc:70
+#: cmdline/apt-cache.cc:1651 cmdline/apt-cdrom.cc:731 cmdline/apt-config.cc:70
 #: cmdline/apt-extracttemplates.cc:225 ftparchive/apt-ftparchive.cc:545
-#: cmdline/apt-get.cc:2260 cmdline/apt-sortpkgs.cc:144
+#: cmdline/apt-get.cc:2313 cmdline/apt-sortpkgs.cc:144
 #, c-format
 msgid "%s %s for %s %s compiled on %s %s\n"
 msgstr ""
 
-#: cmdline/apt-cache.cc:1653
+#: cmdline/apt-cache.cc:1658
 msgid ""
 "Usage: apt-cache [options] command\n"
 "       apt-cache [options] add file1 [file2 ...]\n"
@@ -231,7 +231,7 @@ msgid ""
 "  -o=? Set an arbitary configuration option, eg -o dir::cache=/tmp\n"
 msgstr ""
 
-#: cmdline/apt-extracttemplates.cc:267 apt-pkg/pkgcachegen.cc:699
+#: cmdline/apt-extracttemplates.cc:267 apt-pkg/pkgcachegen.cc:710
 #, c-format
 msgid "Unable to write to %s"
 msgstr ""
@@ -424,7 +424,12 @@ msgstr ""
 msgid "  %s maintainer is %s not %s\n"
 msgstr ""
 
-#: ftparchive/contents.cc:346 ftparchive/contents.cc:377
+#: ftparchive/contents.cc:317
+#, c-format
+msgid "Internal Error, could not locate member %s"
+msgstr ""
+
+#: ftparchive/contents.cc:353 ftparchive/contents.cc:384
 msgid "realloc - Failed to allocate memory"
 msgstr ""
 
@@ -518,7 +523,7 @@ msgstr ""
 msgid "Y"
 msgstr ""
 
-#: cmdline/apt-get.cc:140 cmdline/apt-get.cc:1422
+#: cmdline/apt-get.cc:140 cmdline/apt-get.cc:1475
 #, c-format
 msgid "Regex compilation error - %s"
 msgstr ""
@@ -592,110 +597,122 @@ msgid ""
 "This should NOT be done unless you know exactly what you are doing!"
 msgstr ""
 
-#: cmdline/apt-get.cc:574
+#: cmdline/apt-get.cc:575
 #, c-format
 msgid "%lu upgraded, %lu newly installed, "
 msgstr ""
 
-#: cmdline/apt-get.cc:578
+#: cmdline/apt-get.cc:579
 #, c-format
 msgid "%lu reinstalled, "
 msgstr ""
 
-#: cmdline/apt-get.cc:580
+#: cmdline/apt-get.cc:581
 #, c-format
 msgid "%lu downgraded, "
 msgstr ""
 
-#: cmdline/apt-get.cc:582
+#: cmdline/apt-get.cc:583
 #, c-format
 msgid "%lu to remove and %lu not upgraded.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:586
+#: cmdline/apt-get.cc:587
 #, c-format
 msgid "%lu not fully installed or removed.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:646
+#: cmdline/apt-get.cc:647
 msgid "Correcting dependencies..."
 msgstr ""
 
-#: cmdline/apt-get.cc:649
+#: cmdline/apt-get.cc:650
 msgid " failed."
 msgstr ""
 
-#: cmdline/apt-get.cc:652
+#: cmdline/apt-get.cc:653
 msgid "Unable to correct dependencies"
 msgstr ""
 
-#: cmdline/apt-get.cc:655
+#: cmdline/apt-get.cc:656
 msgid "Unable to minimize the upgrade set"
 msgstr ""
 
-#: cmdline/apt-get.cc:657
+#: cmdline/apt-get.cc:658
 msgid " Done"
 msgstr ""
 
-#: cmdline/apt-get.cc:661
+#: cmdline/apt-get.cc:662
 msgid "You might want to run `apt-get -f install' to correct these."
 msgstr ""
 
-#: cmdline/apt-get.cc:664
+#: cmdline/apt-get.cc:665
 msgid "Unmet dependencies. Try using -f."
 msgstr ""
 
-#: cmdline/apt-get.cc:718
+#: cmdline/apt-get.cc:687
+msgid "WARNING: The following packages cannot be authenticated!"
+msgstr ""
+
+#: cmdline/apt-get.cc:698
+msgid "Install these packages without verification? [y/N] "
+msgstr ""
+
+#: cmdline/apt-get.cc:700
+msgid "Some packages could not be authenticated"
+msgstr ""
+
+#: cmdline/apt-get.cc:709 cmdline/apt-get.cc:855
+msgid "There are problems and -y was used without --force-yes"
+msgstr ""
+
+#: cmdline/apt-get.cc:762
 msgid "Packages need to be removed but Remove is disabled."
 msgstr ""
 
-#: cmdline/apt-get.cc:744 cmdline/apt-get.cc:1716 cmdline/apt-get.cc:1749
+#: cmdline/apt-get.cc:788 cmdline/apt-get.cc:1769 cmdline/apt-get.cc:1802
 msgid "Unable to lock the download directory"
 msgstr ""
 
-#: cmdline/apt-get.cc:754 cmdline/apt-get.cc:1797 cmdline/apt-get.cc:2008
+#: cmdline/apt-get.cc:798 cmdline/apt-get.cc:1850 cmdline/apt-get.cc:2061
 #: apt-pkg/cachefile.cc:67
 msgid "The list of sources could not be read."
 msgstr ""
 
-#: cmdline/apt-get.cc:774
+#: cmdline/apt-get.cc:818
 #, c-format
 msgid "Need to get %sB/%sB of archives.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:777
+#: cmdline/apt-get.cc:821
 #, c-format
 msgid "Need to get %sB of archives.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:782
+#: cmdline/apt-get.cc:826
 #, c-format
 msgid "After unpacking %sB of additional disk space will be used.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:785
+#: cmdline/apt-get.cc:829
 #, c-format
 msgid "After unpacking %sB disk space will be freed.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:802
+#: cmdline/apt-get.cc:846
 #, c-format
 msgid "You don't have enough free space in %s."
 msgstr ""
 
-#: cmdline/apt-get.cc:811
-msgid "There are problems and -y was used without --force-yes"
-msgstr ""
-
-#: cmdline/apt-get.cc:817 cmdline/apt-get.cc:837
+#: cmdline/apt-get.cc:861 cmdline/apt-get.cc:881
 msgid "Trivial Only specified but this is not a trivial operation."
 msgstr ""
 
-#: cmdline/apt-get.cc:819
+#: cmdline/apt-get.cc:863
 msgid "Yes, do as I say!"
 msgstr ""
 
-#: cmdline/apt-get.cc:821
+#: cmdline/apt-get.cc:865
 #, c-format
 msgid ""
 "You are about to do something potentially harmful\n"
@@ -703,74 +720,74 @@ msgid ""
 " ?] "
 msgstr ""
 
-#: cmdline/apt-get.cc:827 cmdline/apt-get.cc:846
+#: cmdline/apt-get.cc:871 cmdline/apt-get.cc:890
 msgid "Abort."
 msgstr ""
 
-#: cmdline/apt-get.cc:842
+#: cmdline/apt-get.cc:886
 msgid "Do you want to continue? [Y/n] "
 msgstr ""
 
-#: cmdline/apt-get.cc:911 cmdline/apt-get.cc:1281 cmdline/apt-get.cc:1906
+#: cmdline/apt-get.cc:958 cmdline/apt-get.cc:1334 cmdline/apt-get.cc:1959
 #, c-format
 msgid "Failed to fetch %s  %s\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:929
+#: cmdline/apt-get.cc:976
 msgid "Some files failed to download"
 msgstr ""
 
-#: cmdline/apt-get.cc:930 cmdline/apt-get.cc:1915
+#: cmdline/apt-get.cc:977 cmdline/apt-get.cc:1968
 msgid "Download complete and in download only mode"
 msgstr ""
 
-#: cmdline/apt-get.cc:936
+#: cmdline/apt-get.cc:983
 msgid ""
 "Unable to fetch some archives, maybe run apt-get update or try with --fix-"
 "missing?"
 msgstr ""
 
-#: cmdline/apt-get.cc:940
+#: cmdline/apt-get.cc:987
 msgid "--fix-missing and media swapping is not currently supported"
 msgstr ""
 
-#: cmdline/apt-get.cc:945
+#: cmdline/apt-get.cc:992
 msgid "Unable to correct missing packages."
 msgstr ""
 
-#: cmdline/apt-get.cc:946
+#: cmdline/apt-get.cc:993
 msgid "Aborting Install."
 msgstr ""
 
-#: cmdline/apt-get.cc:979
+#: cmdline/apt-get.cc:1026
 #, c-format
 msgid "Note, selecting %s instead of %s\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:989
+#: cmdline/apt-get.cc:1036
 #, c-format
 msgid "Skipping %s, it is already installed and upgrade is not set.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1007
+#: cmdline/apt-get.cc:1054
 #, c-format
 msgid "Package %s is not installed, so not removed\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1018
+#: cmdline/apt-get.cc:1065
 #, c-format
 msgid "Package %s is a virtual package provided by:\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1030
+#: cmdline/apt-get.cc:1077
 msgid " [Installed]"
 msgstr ""
 
-#: cmdline/apt-get.cc:1035
+#: cmdline/apt-get.cc:1082
 msgid "You should explicitly select one to install."
 msgstr ""
 
-#: cmdline/apt-get.cc:1040
+#: cmdline/apt-get.cc:1087
 #, c-format
 msgid ""
 "Package %s is not available, but is referred to by another package.\n"
@@ -778,79 +795,79 @@ msgid ""
 "is only available from another source\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1059
+#: cmdline/apt-get.cc:1106
 msgid "However the following packages replace it:"
 msgstr ""
 
-#: cmdline/apt-get.cc:1062
+#: cmdline/apt-get.cc:1109
 #, c-format
 msgid "Package %s has no installation candidate"
 msgstr ""
 
-#: cmdline/apt-get.cc:1082
+#: cmdline/apt-get.cc:1129
 #, c-format
 msgid "Reinstallation of %s is not possible, it cannot be downloaded.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1090
+#: cmdline/apt-get.cc:1137
 #, c-format
 msgid "%s is already the newest version.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1117
+#: cmdline/apt-get.cc:1164
 #, c-format
 msgid "Release '%s' for '%s' was not found"
 msgstr ""
 
-#: cmdline/apt-get.cc:1119
+#: cmdline/apt-get.cc:1166
 #, c-format
 msgid "Version '%s' for '%s' was not found"
 msgstr ""
 
-#: cmdline/apt-get.cc:1125
+#: cmdline/apt-get.cc:1172
 #, c-format
 msgid "Selected version %s (%s) for %s\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1235
+#: cmdline/apt-get.cc:1282
 msgid "The update command takes no arguments"
 msgstr ""
 
-#: cmdline/apt-get.cc:1248
+#: cmdline/apt-get.cc:1295
 msgid "Unable to lock the list directory"
 msgstr ""
 
-#: cmdline/apt-get.cc:1300
+#: cmdline/apt-get.cc:1353
 msgid ""
 "Some index files failed to download, they have been ignored, or old ones "
 "used instead."
 msgstr ""
 
-#: cmdline/apt-get.cc:1319
+#: cmdline/apt-get.cc:1372
 msgid "Internal Error, AllUpgrade broke stuff"
 msgstr ""
 
-#: cmdline/apt-get.cc:1409 cmdline/apt-get.cc:1445
+#: cmdline/apt-get.cc:1462 cmdline/apt-get.cc:1498
 #, c-format
 msgid "Couldn't find package %s"
 msgstr ""
 
-#: cmdline/apt-get.cc:1432
+#: cmdline/apt-get.cc:1485
 #, c-format
 msgid "Note, selecting %s for regex '%s'\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1462
+#: cmdline/apt-get.cc:1515
 msgid "You might want to run `apt-get -f install' to correct these:"
 msgstr ""
 
-#: cmdline/apt-get.cc:1465
+#: cmdline/apt-get.cc:1518
 msgid ""
 "Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a "
 "solution)."
 msgstr ""
 
-#: cmdline/apt-get.cc:1477
+#: cmdline/apt-get.cc:1530
 msgid ""
 "Some packages could not be installed. This may mean that you have\n"
 "requested an impossible situation or if you are using the unstable\n"
@@ -858,149 +875,149 @@ msgid ""
 "or been moved out of Incoming."
 msgstr ""
 
-#: cmdline/apt-get.cc:1485
+#: cmdline/apt-get.cc:1538
 msgid ""
 "Since you only requested a single operation it is extremely likely that\n"
 "the package is simply not installable and a bug report against\n"
 "that package should be filed."
 msgstr ""
 
-#: cmdline/apt-get.cc:1490
+#: cmdline/apt-get.cc:1543
 msgid "The following information may help to resolve the situation:"
 msgstr ""
 
-#: cmdline/apt-get.cc:1493
+#: cmdline/apt-get.cc:1546
 msgid "Broken packages"
 msgstr ""
 
-#: cmdline/apt-get.cc:1519
+#: cmdline/apt-get.cc:1572
 msgid "The following extra packages will be installed:"
 msgstr ""
 
-#: cmdline/apt-get.cc:1590
+#: cmdline/apt-get.cc:1643
 msgid "Suggested packages:"
 msgstr ""
 
-#: cmdline/apt-get.cc:1591
+#: cmdline/apt-get.cc:1644
 msgid "Recommended packages:"
 msgstr ""
 
-#: cmdline/apt-get.cc:1611
+#: cmdline/apt-get.cc:1664
 msgid "Calculating Upgrade... "
 msgstr ""
 
-#: cmdline/apt-get.cc:1614 methods/ftp.cc:702 methods/connect.cc:99
+#: cmdline/apt-get.cc:1667 methods/ftp.cc:702 methods/connect.cc:99
 msgid "Failed"
 msgstr ""
 
-#: cmdline/apt-get.cc:1619
+#: cmdline/apt-get.cc:1672
 msgid "Done"
 msgstr ""
 
-#: cmdline/apt-get.cc:1792
+#: cmdline/apt-get.cc:1845
 msgid "Must specify at least one package to fetch source for"
 msgstr ""
 
-#: cmdline/apt-get.cc:1819 cmdline/apt-get.cc:2026
+#: cmdline/apt-get.cc:1872 cmdline/apt-get.cc:2079
 #, c-format
 msgid "Unable to find a source package for %s"
 msgstr ""
 
-#: cmdline/apt-get.cc:1866
+#: cmdline/apt-get.cc:1919
 #, c-format
 msgid "You don't have enough free space in %s"
 msgstr ""
 
-#: cmdline/apt-get.cc:1871
+#: cmdline/apt-get.cc:1924
 #, c-format
 msgid "Need to get %sB/%sB of source archives.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1874
+#: cmdline/apt-get.cc:1927
 #, c-format
 msgid "Need to get %sB of source archives.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1880
+#: cmdline/apt-get.cc:1933
 #, c-format
 msgid "Fetch Source %s\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1911
+#: cmdline/apt-get.cc:1964
 msgid "Failed to fetch some archives."
 msgstr ""
 
-#: cmdline/apt-get.cc:1939
+#: cmdline/apt-get.cc:1992
 #, c-format
 msgid "Skipping unpack of already unpacked source in %s\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1951
+#: cmdline/apt-get.cc:2004
 #, c-format
 msgid "Unpack command '%s' failed.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1968
+#: cmdline/apt-get.cc:2021
 #, c-format
 msgid "Build command '%s' failed.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:1987
+#: cmdline/apt-get.cc:2040
 msgid "Child process failed"
 msgstr ""
 
-#: cmdline/apt-get.cc:2003
+#: cmdline/apt-get.cc:2056
 msgid "Must specify at least one package to check builddeps for"
 msgstr ""
 
-#: cmdline/apt-get.cc:2031
+#: cmdline/apt-get.cc:2084
 #, c-format
 msgid "Unable to get build-dependency information for %s"
 msgstr ""
 
-#: cmdline/apt-get.cc:2051
+#: cmdline/apt-get.cc:2104
 #, c-format
 msgid "%s has no build depends.\n"
 msgstr ""
 
-#: cmdline/apt-get.cc:2103
+#: cmdline/apt-get.cc:2156
 #, c-format
 msgid ""
 "%s dependency for %s cannot be satisfied because the package %s cannot be "
 "found"
 msgstr ""
 
-#: cmdline/apt-get.cc:2155
+#: cmdline/apt-get.cc:2208
 #, c-format
 msgid ""
 "%s dependency for %s cannot be satisfied because no available versions of "
 "package %s can satisfy version requirements"
 msgstr ""
 
-#: cmdline/apt-get.cc:2190
+#: cmdline/apt-get.cc:2243
 #, c-format
 msgid "Failed to satisfy %s dependency for %s: Installed package %s is too new"
 msgstr ""
 
-#: cmdline/apt-get.cc:2215
+#: cmdline/apt-get.cc:2268
 #, c-format
 msgid "Failed to satisfy %s dependency for %s: %s"
 msgstr ""
 
-#: cmdline/apt-get.cc:2229
+#: cmdline/apt-get.cc:2282
 #, c-format
 msgid "Build-dependencies for %s could not be satisfied."
 msgstr ""
 
-#: cmdline/apt-get.cc:2233
+#: cmdline/apt-get.cc:2286
 msgid "Failed to process build dependencies"
 msgstr ""
 
-#: cmdline/apt-get.cc:2265
+#: cmdline/apt-get.cc:2318
 msgid "Supported Modules:"
 msgstr ""
 
-#: cmdline/apt-get.cc:2306
+#: cmdline/apt-get.cc:2359
 msgid ""
 "Usage: apt-get [options] command\n"
 "       apt-get [options] install|remove pkg1 [pkg2 ...]\n"
@@ -1124,23 +1141,23 @@ msgstr ""
 msgid "Merging Available information"
 msgstr ""
 
-#: apt-inst/contrib/extracttar.cc:116
+#: apt-inst/contrib/extracttar.cc:117
 msgid "Failed to create pipes"
 msgstr ""
 
-#: apt-inst/contrib/extracttar.cc:141
+#: apt-inst/contrib/extracttar.cc:143
 msgid "Failed to exec gzip "
 msgstr ""
 
-#: apt-inst/contrib/extracttar.cc:178 apt-inst/contrib/extracttar.cc:204
+#: apt-inst/contrib/extracttar.cc:180 apt-inst/contrib/extracttar.cc:206
 msgid "Corrupted archive"
 msgstr ""
 
-#: apt-inst/contrib/extracttar.cc:193
+#: apt-inst/contrib/extracttar.cc:195
 msgid "Tar Checksum failed, archive corrupted"
 msgstr ""
 
-#: apt-inst/contrib/extracttar.cc:296
+#: apt-inst/contrib/extracttar.cc:298
 #, c-format
 msgid "Unknown TAR header type %u, member %s"
 msgstr ""
@@ -1285,8 +1302,8 @@ msgstr ""
 
 #. Build the status cache
 #: apt-inst/deb/dpkgdb.cc:139 apt-pkg/pkgcachegen.cc:643
-#: apt-pkg/pkgcachegen.cc:701 apt-pkg/pkgcachegen.cc:706
-#: apt-pkg/pkgcachegen.cc:829
+#: apt-pkg/pkgcachegen.cc:712 apt-pkg/pkgcachegen.cc:717
+#: apt-pkg/pkgcachegen.cc:840
 msgid "Reading Package Lists"
 msgstr ""
 
@@ -1363,30 +1380,30 @@ msgstr ""
 msgid "Error parsing MD5. Offset %lu"
 msgstr ""
 
-#: apt-inst/deb/debfile.cc:55
+#: apt-inst/deb/debfile.cc:42 apt-inst/deb/debfile.cc:47
 #, c-format
 msgid "This is not a valid DEB archive, missing '%s' member"
 msgstr ""
 
-#: apt-inst/deb/debfile.cc:72
+#: apt-inst/deb/debfile.cc:52
 #, c-format
-msgid "Internal Error, could not locate member %s"
+msgid "This is not a valid DEB archive, it has no '%s' or '%s' member"
 msgstr ""
 
-#: apt-inst/deb/debfile.cc:104
+#: apt-inst/deb/debfile.cc:112
 #, c-format
 msgid "Couldn't change to %s"
 msgstr ""
 
-#: apt-inst/deb/debfile.cc:125
+#: apt-inst/deb/debfile.cc:138
 msgid "Internal Error, could not locate member"
 msgstr ""
 
-#: apt-inst/deb/debfile.cc:158
+#: apt-inst/deb/debfile.cc:171
 msgid "Failed to locate a valid control file"
 msgstr ""
 
-#: apt-inst/deb/debfile.cc:243
+#: apt-inst/deb/debfile.cc:256
 msgid "Unparsible control file"
 msgstr ""
 
@@ -1478,7 +1495,7 @@ msgstr ""
 msgid "Server closed the connection"
 msgstr ""
 
-#: methods/ftp.cc:338 apt-pkg/contrib/fileutl.cc:452 methods/rsh.cc:190
+#: methods/ftp.cc:338 methods/rsh.cc:190 apt-pkg/contrib/fileutl.cc:452
 msgid "Read error"
 msgstr ""
 
@@ -1567,7 +1584,7 @@ msgstr ""
 msgid "Query"
 msgstr ""
 
-#: methods/ftp.cc:1104
+#: methods/ftp.cc:1106
 msgid "Unable to invoke "
 msgstr ""
 
@@ -1711,6 +1728,14 @@ msgstr ""
 msgid "Internal error"
 msgstr ""
 
+#: methods/rsh.cc:264
+msgid "File Not Found"
+msgstr ""
+
+#: methods/rsh.cc:330
+msgid "Connection closed prematurely"
+msgstr ""
+
 #: apt-pkg/contrib/mmap.cc:82
 msgid "Can't mmap an empty file"
 msgstr ""
@@ -2002,76 +2027,66 @@ msgstr ""
 msgid "Dependency Generation"
 msgstr ""
 
-#: apt-pkg/tagfile.cc:71
+#: apt-pkg/tagfile.cc:73
 #, c-format
 msgid "Unable to parse package file %s (1)"
 msgstr ""
 
-#: apt-pkg/tagfile.cc:158
+#: apt-pkg/tagfile.cc:160
 #, c-format
 msgid "Unable to parse package file %s (2)"
 msgstr ""
 
-#: apt-pkg/sourcelist.cc:88
+#: apt-pkg/sourcelist.cc:87
 #, c-format
 msgid "Malformed line %lu in source list %s (URI)"
 msgstr ""
 
-#: apt-pkg/sourcelist.cc:90
+#: apt-pkg/sourcelist.cc:89
 #, c-format
 msgid "Malformed line %lu in source list %s (dist)"
 msgstr ""
 
-#: apt-pkg/sourcelist.cc:93
+#: apt-pkg/sourcelist.cc:92
 #, c-format
 msgid "Malformed line %lu in source list %s (URI parse)"
 msgstr ""
 
-#: apt-pkg/sourcelist.cc:99
+#: apt-pkg/sourcelist.cc:98
 #, c-format
 msgid "Malformed line %lu in source list %s (Absolute dist)"
 msgstr ""
 
-#: apt-pkg/sourcelist.cc:106
+#: apt-pkg/sourcelist.cc:105
 #, c-format
 msgid "Malformed line %lu in source list %s (dist parse)"
 msgstr ""
 
-#: apt-pkg/sourcelist.cc:183 apt-pkg/sourcelist.cc:207
-#, c-format
-msgid "Vendor block %s is invalid"
-msgstr ""
-
-#: apt-pkg/sourcelist.cc:235
+#: apt-pkg/sourcelist.cc:156
 #, c-format
 msgid "Opening %s"
 msgstr ""
 
-#: apt-pkg/sourcelist.cc:249
+#: apt-pkg/sourcelist.cc:170
 #, c-format
 msgid "Line %u too long in source list %s."
 msgstr ""
 
-#: apt-pkg/sourcelist.cc:266
+#: apt-pkg/sourcelist.cc:187
 #, c-format
 msgid "Malformed line %u in source list %s (type)"
 msgstr ""
 
-#: apt-pkg/sourcelist.cc:270
+#: apt-pkg/sourcelist.cc:191
 #, c-format
 msgid "Type '%s' is not known on line %u in source list %s"
 msgstr ""
 
-#: apt-pkg/sourcelist.cc:279 apt-pkg/sourcelist.cc:282
+#: apt-pkg/sourcelist.cc:199 apt-pkg/sourcelist.cc:202
 #, c-format
 msgid "Malformed line %u in source list %s (vendor id)"
 msgstr ""
 
-#: apt-pkg/sourcelist.cc:296
-#, c-format
-msgid "Unknown vendor ID '%s' in line %u of source list %s"
-msgstr ""
-
 #: apt-pkg/packagemanager.cc:402
 #, c-format
 msgid ""
@@ -2085,19 +2100,19 @@ msgstr ""
 msgid "Index file type '%s' is not supported"
 msgstr ""
 
-#: apt-pkg/algorithms.cc:238
+#: apt-pkg/algorithms.cc:241
 #, c-format
 msgid ""
 "The package %s needs to be reinstalled, but I can't find an archive for it."
 msgstr ""
 
-#: apt-pkg/algorithms.cc:1056
+#: apt-pkg/algorithms.cc:1059
 msgid ""
 "Error, pkgProblemResolver::Resolve generated breaks, this may be caused by "
 "held packages."
 msgstr ""
 
-#: apt-pkg/algorithms.cc:1058
+#: apt-pkg/algorithms.cc:1061
 msgid "Unable to correct problems, you have held broken packages."
 msgstr ""
 
@@ -2135,7 +2150,7 @@ msgstr ""
 msgid "Unable to stat %s."
 msgstr ""
 
-#: apt-pkg/srcrecords.cc:49
+#: apt-pkg/srcrecords.cc:48
 msgid "You must put some 'source' URIs in your sources.list"
 msgstr ""
 
@@ -2235,47 +2250,44 @@ msgstr ""
 msgid "Collecting File Provides"
 msgstr ""
 
-#: apt-pkg/pkgcachegen.cc:774 apt-pkg/pkgcachegen.cc:781
+#: apt-pkg/pkgcachegen.cc:785 apt-pkg/pkgcachegen.cc:792
 msgid "IO Error saving source cache"
 msgstr ""
 
-#: apt-pkg/acquire-item.cc:124
+#: apt-pkg/acquire-item.cc:126
 #, c-format
 msgid "rename failed, %s (%s -> %s)."
 msgstr ""
 
-#: apt-pkg/acquire-item.cc:353
+#: apt-pkg/acquire-item.cc:235 apt-pkg/acquire-item.cc:893
+msgid "MD5Sum mismatch"
+msgstr ""
+
+#: apt-pkg/acquire-item.cc:707
 #, c-format
 msgid ""
 "I wasn't able to locate a file for the %s package. This might mean you need "
 "to manually fix this package. (due to missing arch)"
 msgstr ""
 
-#: apt-pkg/acquire-item.cc:388
+#: apt-pkg/acquire-item.cc:760
 #, c-format
 msgid ""
 "I wasn't able to locate file for the %s package. This might mean you need to "
 "manually fix this package."
 msgstr ""
 
-#: apt-pkg/acquire-item.cc:419
+#: apt-pkg/acquire-item.cc:796
 #, c-format
 msgid ""
 "The package index files are corrupted. No Filename: field for package %s."
 msgstr ""
 
-#: apt-pkg/acquire-item.cc:501
+#: apt-pkg/acquire-item.cc:883
 msgid "Size mismatch"
 msgstr ""
 
-#: apt-pkg/acquire-item.cc:511
-msgid "MD5Sum mismatch"
-msgstr ""
-
-#: methods/rsh.cc:264
-msgid "File Not Found"
-msgstr ""
-
-#: methods/rsh.cc:330
-msgid "Connection closed prematurely"
+#: apt-pkg/vendorlist.cc:66
+#, c-format
+msgid "Vendor block %s contains no fingerprint"
 msgstr ""

po/da.po

@@ -2480,6 +2480,7 @@ msgstr "Forbindelsen lukkedes for hurtigt"
 #~ "opbygningsafhængighederne.\n"
 #~ "Du kan muligvis rette dette ved at køre 'apt-get -f install'."
 
+
 #~ msgid "Sorry, you don't have enough free space in %s to hold all the .debs."
 #~ msgstr ""
 #~ "Beklager, men du har ikke nok ledig plads i %s til at opbevare alle .deb-"

po/el.po

@@ -240,7 +240,7 @@ msgstr ""
 
 #: cmdline/apt-config.cc:41
 msgid "Arguments not in pairs"
-msgstr "Τα ορίσματα δεν είναι σε ζεύγη"
+msgstr ""
 
 #: cmdline/apt-config.cc:76
 msgid ""
@@ -1896,7 +1896,8 @@ msgstr "Σφάλμα στην εγγραφή στο αρχείο"
 
 #: methods/http.cc:832
 msgid "Error reading from server Remote end closed connection"
-msgstr "Σφάλμα στην ανάγνωση από το διακομιστή, το άλλο άκρο έκλεισε τη σύνδεση"
+msgstr ""
+"Σφάλμα στην ανάγνωση από το διακομιστή, το άλλο άκρο έκλεισε τη σύνδεση"
 
 #: methods/http.cc:834
 msgid "Error reading from server"
@@ -2017,7 +2018,8 @@ msgstr "Η επιλογή %s απαιτεί ένα όρισμα."
 #: apt-pkg/contrib/cmndline.cc:201 apt-pkg/contrib/cmndline.cc:207
 #, c-format
 msgid "Option %s: Configuration item specification must have an =<val>."
-msgstr "Επιλογή %s: Οι προδιαγραφές του αντικειμένου ρυθμίσεων απαιτούν =<val>."
+msgstr ""
+"Επιλογή %s: Οι προδιαγραφές του αντικειμένου ρυθμίσεων απαιτούν =<val>."
 
 #: apt-pkg/contrib/cmndline.cc:237
 #, c-format
@@ -2056,7 +2058,8 @@ msgstr "Αδύνατη η εύρεση της κατάστασης του cdrom"
 #: apt-pkg/contrib/fileutl.cc:80
 #, c-format
 msgid "Not using locking for read only lock file %s"
-msgstr "Δε θα χρησιμοποιηθεί κλείδωμα για το ανάγνωσης μόνο αρχείο κλειδώματος %s"
+msgstr ""
+"Δε θα χρησιμοποιηθεί κλείδωμα για το ανάγνωσης μόνο αρχείο κλειδώματος %s"
 
 #: apt-pkg/contrib/fileutl.cc:85
 #, c-format
@@ -2296,7 +2299,8 @@ msgstr "Ο τύπος αρχείου ευρετηρίου '%s' δεν υποστ
 
 #: apt-pkg/algorithms.cc:238
 #, c-format
-msgid "The package %s needs to be reinstalled, but I can't find an archive for it."
+msgid ""
+"The package %s needs to be reinstalled, but I can't find an archive for it."
 msgstr ""
 "Το πακέτο '%s' χρειάζεται να επανεγκατασταθεί, αλλά είναι αδύνατη η εύρεση "
 "κάποιας κατάλληλης αρχείοθήκης."
@@ -2370,7 +2374,8 @@ msgstr "Αδύνατη η κατανόηση του τύπου καθήλωση
 
 #: apt-pkg/policy.cc:299
 msgid "No priority (or zero) specified for pin"
-msgstr "Δεν έχει οριστεί προτεραιότητα (ή έχει οριστεί μηδενική) για την καθήλωση"
+msgstr ""
+"Δεν έχει οριστεί προτεραιότητα (ή έχει οριστεί μηδενική) για την καθήλωση"
 
 #: apt-pkg/pkgcachegen.cc:74
 msgid "Cache has an incompatible versioning system"
@@ -2423,7 +2428,8 @@ msgstr "Εκπληκτικό, υπερβήκατε τον αριθμό των ε
 
 #: apt-pkg/pkgcachegen.cc:213
 msgid "Wow, you exceeded the number of dependencies this APT is capable of."
-msgstr "Εκπληκτικό, υπερβήκατε τον αριθμό των εξαρτήσεων που υποστηρίζει το APT."
+msgstr ""
+"Εκπληκτικό, υπερβήκατε τον αριθμό των εξαρτήσεων που υποστηρίζει το APT."
 
 #: apt-pkg/pkgcachegen.cc:241
 #, c-format
@@ -2498,4 +2504,3 @@ msgstr "Το αρχείο Δε Βρέθηκε"
 #: methods/rsh.cc:330
 msgid "Connection closed prematurely"
 msgstr "Η σύνδεση έκλεισε πρόωρα"
-

po/en_GB.po

@@ -2339,6 +2339,7 @@ msgstr ""
 #~ "dependencies.\n"
 #~ "You might want to run ‘apt-get -f install’ to correct these."
 
+
 #~ msgid "<- '"
 #~ msgstr "<- ‘"
 

po/es.po

@@ -2525,6 +2525,7 @@ msgstr "La conexi
 #~ "las dependencies de construcción. Tal vez quiera ejecutar \n"
 #~ "`apt-get -f install' para corregirlos."
 
+
 #~ msgid ""
 #~ "Usage: apt-cache [options] command\n"
 #~ "       apt-cache [options] add file1 [file1 ...]\n"

po/fr.po

@@ -252,7 +252,7 @@ msgid ""
 "  -c=? Read this configuration file\n"
 "  -o=? Set an arbitary configuration option, eg -o dir::cache=/tmp\n"
 msgstr ""
-"Usage : apt-config [options] commande\n"
+"Usage : apt-config [options] commande\n"
 "\n"
 "apt-config est un outil simple pour lire le fichier de configuration d'APT\n"
 "\n"

po/it.po

@@ -2511,6 +2511,7 @@ msgstr "File Non Trovato"
 msgid "Connection closed prematurely"
 msgstr "Connessione chiusa prematuramente"
 
+
 #~ msgid ""
 #~ "Some broken packages were found while trying to process build-"
 #~ "dependencies.\n"

po/nb.po

@@ -2357,6 +2357,7 @@ msgstr "Forsto ikke spikring av typen %s"
 msgid "No priority (or zero) specified for pin"
 msgstr ""
 
+
 #: apt-pkg/pkgcachegen.cc:74
 msgid "Cache has an incompatible versioning system"
 msgstr "Lageret har et uovernsstemmende versjonssystem"

po/nn.po

@@ -1453,7 +1453,8 @@ msgstr "Klarte ikkje f
 
 #: apt-inst/deb/dpkgdb.cc:123
 msgid "The info and temp directories need to be on the same filesystem"
-msgstr "Infokatalogen og den mellombelse katalogen må vera på det same filsystemet"
+msgstr ""
+"Infokatalogen og den mellombelse katalogen må vera på det same filsystemet"
 
 #. Build the status cache
 #: apt-inst/deb/dpkgdb.cc:139 apt-pkg/pkgcachegen.cc:643
@@ -1585,7 +1586,8 @@ msgstr "Feil CD-plate"
 #: methods/cdrom.cc:163
 #, c-format
 msgid "Unable to unmount the CD-ROM in %s, it may still be in use."
-msgstr "Klarte ikkje montera CD-plata i %s. Det kan henda plata framleis er i bruk."
+msgstr ""
+"Klarte ikkje montera CD-plata i %s. Det kan henda plata framleis er i bruk."
 
 #: methods/cdrom.cc:177 methods/file.cc:77
 msgid "File not found"
@@ -2270,7 +2272,8 @@ msgstr "Indeksfiltypen
 
 #: apt-pkg/algorithms.cc:238
 #, c-format
-msgid "The package %s needs to be reinstalled, but I can't find an archive for it."
+msgid ""
+"The package %s needs to be reinstalled, but I can't find an archive for it."
 msgstr "Pakken %s må installerast på nytt, men arkivet finst ikkje."
 
 #: apt-pkg/algorithms.cc:1056
@@ -2283,7 +2286,8 @@ msgstr ""
 
 #: apt-pkg/algorithms.cc:1058
 msgid "Unable to correct problems, you have held broken packages."
-msgstr "Klarte ikkje retta opp problema. Nokre øydelagde pakkar er haldne tilbake."
+msgstr ""
+"Klarte ikkje retta opp problema. Nokre øydelagde pakkar er haldne tilbake."
 
 #: apt-pkg/acquire.cc:61
 #, c-format
@@ -2329,7 +2333,8 @@ msgstr "Klarte ikkje tolka eller opna pakkelista eller tilstandsfila."
 
 #: apt-pkg/cachefile.cc:77
 msgid "You may want to run apt-get update to correct these problems"
-msgstr "Du vil kanskje prøva å retta på desse problema ved å køyra «apt-get update»."
+msgstr ""
+"Du vil kanskje prøva å retta på desse problema ved å køyra «apt-get update»."
 
 #: apt-pkg/policy.cc:269
 msgid "Invalid record in the preferences file, no Package header"
@@ -2344,6 +2349,7 @@ msgstr "Skj
 msgid "No priority (or zero) specified for pin"
 msgstr "Ingen prioritet (eller null) oppgitt for spiker"
 
+
 #: apt-pkg/pkgcachegen.cc:74
 msgid "Cache has an incompatible versioning system"
 msgstr "Mellomlageret brukar eit inkompatibelt versjonssystem"
@@ -2442,12 +2448,15 @@ msgstr ""
 msgid ""
 "I wasn't able to locate file for the %s package. This might mean you need to "
 "manually fix this package."
-msgstr "Fann ikkje fila for pakken %s. Det kan henda du må fiksa denne pakken sjølv."
+msgstr ""
+"Fann ikkje fila for pakken %s. Det kan henda du må fiksa denne pakken sjølv."
 
 #: apt-pkg/acquire-item.cc:419
 #, c-format
-msgid "The package index files are corrupted. No Filename: field for package %s."
-msgstr "Pakkeindeksfilene er øydelagde. Feltet «Filename:» manglar for pakken %s."
+msgid ""
+"The package index files are corrupted. No Filename: field for package %s."
+msgstr ""
+"Pakkeindeksfilene er øydelagde. Feltet «Filename:» manglar for pakken %s."
 
 #: apt-pkg/acquire-item.cc:501
 msgid "Size mismatch"
@@ -2465,3 +2474,10 @@ msgstr "Fann ikkje fila"
 msgid "Connection closed prematurely"
 msgstr "Sambandet vart uventa stengd"
 
+#~ msgid ""
+#~ "Some broken packages were found while trying to process build-"
+#~ "dependencies.\n"
+#~ "You might want to run `apt-get -f install' to correct these."
+#~ msgstr ""
+#~ "Fann nokre øydelagde pakkar under behandling av byggjekrava.\n"
+#~ "Du vil kanskje prøva å retta på desse ved å køyra «apt-get -f install»."

po/pt_BR.po

@@ -2499,6 +2499,7 @@ msgstr "Arquivo n
 msgid "Connection closed prematurely"
 msgstr "Conexão encerrada prematuramente"
 
+
 #~ msgid ""
 #~ "Some broken packages were found while trying to process build-"
 #~ "dependencies.\n"