LinuxVillage
LinuxVillage welcome => Technical discussions => Discussion démarrée par: djohnston le 14 juin 2013 à 20:07:30
-
News Source (http://www.h-online.com/open/news/item/Users-warned-to-remove-Debian-Multimedia-repository-1888493.html)
The Debian project is warning (http://bits.debian.org/2013/06/remove-debian-multimedia.html) users that the unofficial Debian Multimedia repository now has to be considered unsafe. According to the Debian maintainers, the debian-multimedia.org domain is not being used by the maintainers of the unofficial repository any more and is now registered to a party unknown to the Debian project. This means that the repository is no longer safe to use and users should remove it from their sources.list file as soon as possible.
In its announcement, the Debian project is recommending that users check their systems by running
grep debian-multimedia.org /etc/apt/sources.list /etc/apt/sources.list.d/*
which will show debian-multimedia.org in its output if the user has the untrustworthy repository enabled. Meanwhile, Debian developer Steve Kemp has asked (http://blog.steve.org.uk/debian_is_missing_a_tool__want_to_write_it_.html) the community to create a tool for the distribution to easily manipulate entries in the sources.list file as Debian currently does not ship such a tool. At the moment, users have to edit their repository sources with a text editor.
Using unofficial repositories always represents a security risk and this example clearly shows one of the reasons, as the project usually does not have any control over such repositories. Since the new owners of the debian-multimedia.org domain are unlikely to have access to the signing keys for the expired repository, the security risk is somewhat mitigated as long as users do not install unsigned packages. In any case, removing the repository from one's sources file as Debian recommends is the best procedure to follow.
-
Meanwhile, Debian developer Steve Kemp has asked (http://blog.steve.org.uk/debian_is_missing_a_tool__want_to_write_it_.html) the community to create a tool for the distribution to easily manipulate entries in the sources.list file as Debian currently does not ship such a tool. At the moment, users have to edit their repository sources with a text editor.
Why don't they try to see if the software-properties-gtk tool from Ubuntu could be ported to Debian?
(http://i.stack.imgur.com/VLGND.png)
http://packages.ubuntu.com/raring/software-properties-gtk (http://packages.ubuntu.com/raring/software-properties-gtk)
humm… maybe too much python?
-
Why don't they try to see if the software-properties-gtk tool from Ubuntu could be ported to Debian?
I think it's probably the other way around. That is, I believe Ubuntu's was "ported" from Debian.
(http://s19.postimg.org/dbaaq0hsv/softprop1.jpg) (http://postimg.org/image/dbaaq0hsv/)
It's what gives you this "front end" to Synaptic:
(http://s19.postimg.org/m7l2ty8f3/softprop2.jpg) (http://postimg.org/image/m7l2ty8f3/)
He is referring to something like this (http://blog.steve.org.uk/debian_is_missing_a_tool__want_to_write_it_.html):
Seeing this piece in the news, about how Debian-Multimedia.org is now unsafe, I was reminded we don't have a tool to manipulate sources.lists entries.
For example:
$ apt-sources list
..
deb http://ftp.uk.debian.org/debian/ (http://ftp.uk.debian.org/debian/) squeeze main non-free contrib
deb-src http://ftp.uk.debian.org/debian/ (http://ftp.uk.debian.org/debian/) squeeze main
deb http://security.debian.org/ (http://security.debian.org/) squeeze/updates main
deb-src http://security.debian.org/ (http://security.debian.org/) squeeze/updates main
..
How about listing only my repos?
$ apt-sources list steve.org.uk
deb-src http://packages.steve.org.uk/firefox-wrapper/squeeze/ (http://packages.steve.org.uk/firefox-wrapper/squeeze/) ./
deb http://packages.steve.org.uk/firefox-wrapper/squeeze/ (http://packages.steve.org.uk/firefox-wrapper/squeeze/) ./
deb http://packages.steve.org.uk/meta/squeeze/ (http://packages.steve.org.uk/meta/squeeze/) ./
deb-src http://packages.steve.org.uk/meta/squeeze/ (http://packages.steve.org.uk/meta/squeeze/) ./
deb-src http://packages.steve.org.uk/minidlna/squeeze/ (http://packages.steve.org.uk/minidlna/squeeze/) ./
deb http://packages.steve.org.uk/minidlna/squeeze/ (http://packages.steve.org.uk/minidlna/squeeze/) ./
Now add in a command to delete lines matching a given pattern:
# apt-sources delete debian-multimedia.org
Doesn't that seem like a tool that should exist?
I've added this quick hack to this repository which you can submit pull requests against, or use as a base.
TODO: Write the "add" handler. Neaten.
Ever felt jealous that Ubuntu users can add PPAs? Nows your chance to do something like this:
# apt-sources add "deb http://packages.steve.org.uk/lumail/wheezy/ (http://packages.steve.org.uk/lumail/wheezy/) ./"
-
I think it's probably the other way around. That is, I believe Ubuntu's was "ported" from Debian.
(http://s19.postimg.org/dbaaq0hsv/softprop1.jpg) (http://postimg.org/image/dbaaq0hsv/)
It's what gives you this "front end" to Synaptic:
(http://s19.postimg.org/m7l2ty8f3/softprop2.jpg) (http://postimg.org/image/m7l2ty8f3/)
He is referring to something like this (http://blog.steve.org.uk/debian_is_missing_a_tool__want_to_write_it_.html):
Hi, yes it gives this frontend but not only : it is also used independantly from Synaptic in the update manager, and even if Ubuntu was ported from Debian it has a few tools/items which are not available in Debian. Else than being a heavy tool, with the list of depends it needs, I don't quite see why Debian could not use it.
When the sources are modified, when new repos are added or removed from it, or deactivated, keys changes, then the apt files are re written accordingly : the source.list and any other file (the file related to gpg key when you change a authentication key).
-
Hi, yes it gives this frontend but not only : it is also used independantly from Synaptic in the update manager, and even if Ubuntu was ported from Debian it has a few tools/items which are not available in Debian. Else than being a heavy tool, with the list of depends it needs, I don't quite see why Debian could not use it.
I'm not sure what you are trying to say. I believe you are still referring to software-properties-gtk.
Why don't they try to see if the software-properties-gtk tool from Ubuntu could be ported to Debian?
If that's the case, let's look at the differences between Ubuntu's version and Debian's version. Here is Ubuntu's version, (taken from Bodhi):
darrel@Bodhi:~$ software-properties-gtk --help
Usage: software-properties-gtk [options]
Options:
-h, --help show this help message and exit
-d, --debug Print some debug information to the command line
-m, --massive-debug Print a lot of debug information to the command line
-n, --no-update No update on repository change (useful if called from
an external program).
-t TOPLEVEL, --toplevel=TOPLEVEL
Set x-window-id of the toplevel parent for the dialog
(useful for embedding)
-e ENABLE_COMPONENT, --enable-component=ENABLE_COMPONENT
Enable the specified component of the distro's
repositories
--open-tab=OPEN_TAB Open specific tab number on startup
--enable-ppa=ENABLE_PPA
Enable PPA with the given name
-k KEYSERVER, --keyserver=KEYSERVER
URL of keyserver. Default:
hkp://keyserver.ubuntu.com:80/
--data-dir=DATA_DIR Use data files (UI) from the given directory
darrel@Bodhi:~$
Here's Debian's version, taken from DebWeb:
darrel@DebWeb: 11 items 220Kb -> software-properties-gtk --help
Usage: software-properties-gtk [options]
Options:
-h, --help show this help message and exit
-d, --debug Print some debug information to the command line
-m, --massive-debug Print a lot of debug information to the command line
-n, --no-update No update on repository change (useful if called from
an external program).
-t TOPLEVEL, --toplevel=TOPLEVEL
Set x-window-id of the toplevel parent for the dialog
(useful for embedding)
-e ENABLE_COMPONENT, --enable-component=ENABLE_COMPONENT
Enable the specified component of the distro's
repositories
--open-tab=OPEN_TAB Open specific tab number on startup
--enable-ppa=ENABLE_PPA
Enable PPA with the given name
-k KEYSERVER, --keyserver=KEYSERVER
URL of keyserver. Default:
hkp://keyserver.ubuntu.com:80/
--data-dir=DATA_DIR Use data files (UI) from the given directory
Sat Jun 15 11:49:01 AM CDT 2013
~
darrel@DebWeb: 11 items 216Kb ->
I can't see any difference. Can you? Except for the python version, the dependencies are the same.
Ubuntu's:
darrel@Bodhi:~$ apt-cache depends software-properties-gtk
software-properties-gtk
Depends: python2.7
Depends: python
Depends: python
Depends: python-software-properties
Depends: python-gi
Depends: gir1.2-gtk-3.0
Depends: python-aptdaemon.gtk3widgets
Depends: software-properties-common
darrel@Bodhi:~$
Debian's:
darrel@DebWeb: 11 items 220Kb -> apt-cache depends software-properties-gtk
software-properties-gtk
|Depends: python2.7
Depends: python2.6
Depends: python
Depends: python
Depends: python-software-properties
Depends: python-gi
Depends: gir1.2-gtk-3.0
Depends: python-aptdaemon.gtk3widgets
Depends: software-properties-common
Sat Jun 15 12:05:24 PM CDT 2013
~
darrel@DebWeb: 11 items 216Kb ->
-
Then I don't quite see why they would need any additional gui program to edit the sources.list file?
-
What Steve Kemp is asking for is a command line tool to manipulate apt sources, or repo lists, or PPA lists, without having to resort to using a text editor to manually edit the sources. He proposes calling the command line tool apt-sources.
-
Ok, then they will certainly sort it out. Many comments bring ideas for a solution to be used.