Bug#752702: apt: please add a way to to retrieve the location of Packages/Sources files in /var/lib/apt/lists/

To: Johannes Schauer <j.schauer@email.de>
Cc: 752702@bugs.debian.org
Subject: Bug#752702: apt: please add a way to to retrieve the location of Packages/Sources files in /var/lib/apt/lists/
From: David Kalnischkies <david@kalnischkies.de>
Date: Wed, 24 Jun 2015 23:18:12 +0200
Message-id: <[🔎] 20150624211812.GA20619@crossbow>
Reply-to: David Kalnischkies <david@kalnischkies.de>, 752702@bugs.debian.org
In-reply-to: <20140626205838.GA23554@crossbow>
References: <20140625201657.6689.60945.reportbug@hoothoot> <20140626194842.GA22786@crossbow> <20140626203024.3886.24903@hoothoot> <20140626205838.GA23554@crossbow>

On Thu, Jun 26, 2014 at 10:58:38PM +0200, David Kalnischkies wrote:
> On Thu, Jun 26, 2014 at 10:30:24PM +0200, Johannes Schauer wrote:
> > Quoting David Kalnischkies (2014-06-26 21:48:42)
> > > I think it is a bad idea to use our lib-directory directly.
> > 
> > if apt developers agree that it is a bad idea to allow 3rd party software
> > access /var/lib/apt/lists, then please close this bug report.
> 
> Just to be clear: I think it is incorrect to use /var/lib/apt/lists
> directly as you can never be sure what is in there.  If you get the
> filename from the API on the other hand, that is "okay".

So, in the light of acquiring additional files apt itself has no use
for, but other frontends want without implementing all the boring
security sensitive download of it, I had to think about this problem
a bit again.

As I don't want the frontends to control the storage location (that
would just mean having e.g. the big Contents files in three different
places just because frontends can't decide on a common location) I have
to store them in lists/ and expose information about them somehow
– especially also about the Release file they came from as I really
don't want them to parse these… (detached sig, clear sig, different
names, unsigned content in clearsig files, …).

The upside to this is that I can handle Packages, Sources and
Translation-* files in the very same way so they are exposed over the
same API and hence deal with your problem too, even through these files
hardly qualify as "additional".

So, long story short, the solution I would like to propose is:

$ apt-get files "Codename: sid" "Trusted: yes" "Created-By: Packages"
[…]

MetaKey: main/binary-amd64/Packages
ShortDesc: Packages
Description: http://http.debian.net/debian sid/main amd64 Packages
URI: http://http.debian.net/debian/dists/sid/main/binary-amd64/Packages
Filename: /var/lib/apt/lists/http.debian.net_debian_dists_sid_main_binary-amd64_Packages
Optional: no
Codename: sid
Label: Debian
Origin: Debian
Suite: unstable
Trusted: yes
Architecture: amd64
Base-URI: http://http.debian.net/debian/dists/sid/
Component: main
Created-By: Packages
Release: sid
Repo-URI: http://http.debian.net/debian/
Site: http://http.debian.net/debian
Target-Of: deb

[…]

So basically our trusted deb822 format we see everywhere else and most
people who will want to use it probably already have a parser for. Or
add a --format="$(FILENAME)" and you have just the filename(s) of
authenticated Packages files from a Release with the codename 'sid'.
(In both cases the filename given is already checked for existance and
if it is compressed you get the filename of the compressed file of
course)

The C++ interface is pretty much what it used to be with reading
sources.list via pkgSourceList, iterating over metaIndex's this creates
(~ Release files) to ask them which files will be (tried to be)
requested from here: IndexTarget, which is new in this context and
contains most of the data you asked for.

You can also now 'map' a metaIndex to a (new) ReleaseFile struct in the
Cache, which will actually contain codename and co – metaIndex has no
concept of codename, it just knows what was given in the sources.list,
while ReleaseFile actually contains the information parsed from an
{In,}Release file.  (This used to be possible only for debPackagesIndex
as the information belonging to a Release file was stored as if it
belonged to the Packages file – which used to be correct for the old
flat-style repos) Both combined, you should have all the information you
ever wanted…

Sounds complicated, but should amount to only a few lines of code on
your end, just see the 'apt-get file' implementation for an example.
Some more detailed 'user' documentation can be found in
./doc/acquire-additional-files.txt [0].

I would consider this bug done if this code reaches a release (sofar it
is sitting in the debian/experimental branch in git as this is part of
the acquire system rework in general and one giant API break…), but
would be very happy if you and/or anyone else could comment on the
usefulness (or not) of it in the mean time. There are some things
still missing and I am not too sure if I will stick to the very generic
"files" command or invent something else, but that is at least the
general direction… Tech-preview status I would say.

Best regards

David Kalnischkies

[0] https://anonscm.debian.org/cgit/apt/apt.git/tree/doc/acquire-additional-files.txt?h=debian/experimental

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#752702: apt: please add a way to to retrieve the location of Packages/Sources files in /var/lib/apt/lists/
  - From: Johannes Schauer <josch@debian.org>

Prev by Date: python-apt_0.9.3.12_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Next by Date: Bug#752702: apt: please add a way to to retrieve the location of Packages/Sources files in /var/lib/apt/lists/
Previous by thread: python-apt_0.9.3.12_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Next by thread: Bug#752702: apt: please add a way to to retrieve the location of Packages/Sources files in /var/lib/apt/lists/
Index(es):
- Date
- Thread