go-debian
go-debian
is a Debian Toolbelt for Go hackers! This package contains a bunch
of helpful routines to help work with fun bits of Debian data.
debian golang support library
Home Page: https://pault.ag/go/debian
License: Other
Ran into this today, breaking dep:
> dep ensure
The following errors occurred while deducing packages:
* "pault.ag/go/debian/control": unable to deduce repository and source type for "pault.ag/go/debian/control": unable to read metadata: unable to fetch raw metadata: failed HTTP request to URL "http://pault.ag/go/debian/control?go-get=1": Get https://pault.ag/go/debian/control?go-get=1: x509: certificate has expired or is not yet valid
validateParams: could not deduce external imports' project roots
Would be really helpful if you could renew the cert
because lolz
it's currently sucky
to write stuff back out
It isn't documented that one has to use pault.ag/go/debian
and can't use github.com/paultag/go-debian
as alternative. This should be documented in README.md
.
$ go get pault.ag/go/debian/control && echo OK || echo FAIL
OK
$ go get github.com/paultag/go-debian/control && echo OK || echo FAIL
../github.com/paultag/go-debian/control/changes.go:33:2: use of internal package not allowed
FAIL
Alternatively it might be worth to just get rid of the internal package or to make it public.
error on load file : xz: LZMA2 dictionary size exceeds max
in particular, the Ar could be streamed if we're clever
add tests for dsc and changes file validation
Attached is an archive with .deb files, all taken from the Ubuntu or Debian package repository. They all use XZ compression and none of them can currently be opened with the library. They all result in one of the following errors:
xz: file format not recognized
xz: data is truncated or corrupt
file list:
$ tar -xvf linux-image-unsigned-5.15.0-1004-aws_5.15.0-1004.6_amd64.deb
x debian-binary
x control.tar
x data.tar
If a field has a trailing newline, it can be marshaled as a separate paragraph.
I see that in parsing you take special precautions for the case of a line that is a single space/tab followed by a period (https://github.com/paultag/go-debian/blob/master/control/parse.go#L228-L230) to treat that as an empty line. But when you marshal a property that has trailing newlines you don't currently take any special precautions.
Meaning that when I go to marshal an array of objects I can end up with:
ID: 1
Description: Description here
and continues here.
Name: Object1
ID: 2
Description: Single-line desc
Name: Object2
which now gets improperly parsed.
Would you argue that it's the client's responsibility to prune such trailing newlines before serializing? Or would you be open to a PR that alters the serialization behavior to take advantage of that special case mention above and translate trailing newlines to include a leading whitespace and a period so that it gets rendered like so:
ID: 1
Description: Description here
and continues here.
.
Name: Object1
ID: 2
Description: Single-line desc
Name: Object2
I believe that could be parsed properly.
The version module is very strongly based o the now named lib/dpkg/version.c dpkg implementation, down to structure and symbol names. But neither the license nor copyright seem to have been preserved. :(
Looks like some recently merged code prevents this package from building with recent Go:
go test
# => changes.go:33:2: use of internal package not allowed
go version
#=> go version go1.10.3 darwin/amd64
Encountered this when attempting to create a PR for #95
for some reason I can't Unmarshal into a type Foos []Foo
, func (f *Foos) UnmarshalControl
Hi @paultag,
I'm one of the authors of https://github.com/xor-gate/debpkg. We had some discussion in issue xor-gate/debpkg#26 about exposing internals of debian packages. Your package seems to used for only reading debian package and the debpkg package only for writing packages. What do you think to combine forces and create one library for both read/write of debian packages? Currently we use debpkg in production and it is very stable for our usecase (debianize golang applications).
Kind regards,
Jerry Jacobs
Thanks to #13, I've tracked down the source of why I can't parse debian/control
of src:golang
:
Line "# DO NOT EDIT THIS FILE. EDIT debian/control.* instead!\n" is not 'key: val'
It super sucks right now.
At the least, we should likely operate on io.Reader
/ io.Writer
or something.
Also, the code's a disaster.
As a field, if I update either of the fields it depends on, it doesn't update. 😉
If I parse a .changes file with ParseChangesFile, I would assume that changes.Move would know the full path of the changes file and make no assumptions about the current work directory.
Should Move() and Rename() range over AbsFiles() instead of just Files?
The HTTPS certificate for https://pault.ag/go/debian expired on 3/28. This is breaking dep ensure
for us.
I'm trying to use control to unmarshal a Release file, e.g.:
type Release struct {
Origin string
Suite string
Codename string
Architectures []string
Components []string
MD5Sum []control.MD5FileHash
SHA1 []control.SHA1FileHash
SHA256 []control.SHA256FileHash
}
r := &Release{}
err := control.Unmarshal(r, reader)
But I get a panic:
panic: runtime error: index out of range
at:
pault.ag/go/debian/control/filehash.go:133
Which is in:
func (c *FileHash) unmarshalControl(algorithm, data string) error
Firstly, is this the right way to use those FileHash fields?
Secondly, things seem a bit odd with if len(data) < 4
:
vals
?cb136f28a8c971d4299cc68e8fdad93a8ca7daf3 1131 dput-ng_1.9.dsc
Jeff
This is probably a mistake :)
they likely mostly leak files
No members ought to have a trailing slash ever, so always remove it.
Thanks guillem!
Thanks to @stapelberg for fixing the EOF stuff. Never was happy with that. Worth a minor bump!
as requested by @aviau
use reflection to load control vars, and all sorts of pretty neat magic.
The Paragraph#Set
function is on the paragraph value not a pointer. Therefore, the assignment to Order
may not be visible outside that function.
p.Order = append(p.Order, key)
It is possible (if Order
has capacity) that the append
call updates the underlying array. If append
allocates a new array, the change will not be visible.
Simplest example showing the problem:
package main
import (
"fmt"
"pault.ag/go/debian/control"
)
func main() {
par := control.Paragraph{Order: nil, Values: map[string]string{}}
par.Set("key", "value")
fmt.Printf("par: %#v\n", par)
}
Output:
par: control.Paragraph{Values:map[string]string{"key":"value"}, Order:[]string(nil)}
Workaround: Build the internals of Paragraph
by hand and do not rely on Set
.
somehow be able to pull substvars out
Packages built on modern debians are not installable on old debians, due to used compression (data.tar.xz). I need to forbid such packages to get to repositories for old systems. It would be nice to pass filename of control and data tar to caller (e.g. by extending 'deb' struct).
not just ignore them
read clearsigned things
even in an interface name (It's Unmarshallable
)
Hey! It looks pault.ag is down. This is breaking dep ensure
for us. Thanks.
…this is because it treats any as a wildcard, matching anything (even arch:all).
Correct me if I’m wrong, but I think arch:all should not be matched by any. After all, that’s the critical distinction between the two, right?
Do you want me to send a PR to fix this or do you want to fix it yourself? :)
Can support for SHA512 be added?
The Docker repository's Release files contain SHA512 hashes.
https://apt.dockerproject.org/repo/dists/ubuntu-xenial/Release
Source: fluxbox (1.3.6~rc1-1)
is valid. We should find some way to store that
https://wiki.debian.org/RepositoryFormat#A.22Release.22_files:
The "Release" files, "Packages" and "Sources" indicies, and files called "Index" that are used for translations and differences are control files, as defined in Policy, Chapter 5. In addition to the rules for control files, field names shall be generated using the case defined in this document, that is, code creating repositories shall be case-sensitive, but code reading repositories should not be case-sensitive.
I guess this aplies also to .changes files.
It will be neat to have option to either ignore case or require proper case (i.e., "raise error" when decoding key that matches key from struct only case-insensitively).
At present, archive members can only be read in order: continuing to the next one consumes all data from the existing LimitedReader.
This makes it somewhat more difficult than it would otherwise be to check debsig-style signatures (for which an io.MultiReader(controlReader, dataReader)
would otherwise be the perfect thing to pass to openpgp.CheckDetachedSignature
) without (necessarily and unambiguously) copying everything into RAM.
At the expense of requiring a seekable file handle on the underlying file, one could switch from a LimitedReader interface to a SectionReader, to make reads still possible after ar.Next()
has been called.
See blakesmith/ar#11 for a concrete idea of what's being proposed. (I'd be happy to provide a concrete implementation here as well should it be welcome; implemented above on top of blakesmith/ar
before discovering that go-debian existed).
since it's a hell of a lot cleaner
I hate the FooFile
convention we've grown. Ideas? cc @tianon
Parsing -----BEGIN PGP
as a control file results in a crash
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x5626de]
goroutine 1 [running]:
pault.ag/go/debian/control.(*ParagraphReader).decodeClearsig(0xc000010710, 0x0, 0xc0000cf000, 0xf)
/home/paultag/.goenvs/fuzz/src/pault.ag/go/debian/control/parse.go:294 +0x3ae
pault.ag/go/debian/control.NewParagraphReader(0x5d6a20, 0xc000062240, 0x0, 0x7f036c650000, 0x0, 0x5d6b20)
/home/paultag/.goenvs/fuzz/src/pault.ag/go/debian/control/parse.go:137 +0x153
pault.ag/go/debian/control.NewDecoder(0x5d6a20, 0xc000062240, 0x0, 0x57d720, 0x10000c000010601, 0x6f22a8)
/home/paultag/.goenvs/fuzz/src/pault.ag/go/debian/control/decode.go:90 +0x75
pault.ag/go/debian/control.Unmarshal(0x5979c0, 0xc0000947f0, 0x5d6a20, 0xc000062240, 0x0, 0xc0000106f0)
/home/paultag/.goenvs/fuzz/src/pault.ag/go/debian/control/decode.go:71 +0x5a
pault.ag/go/debian/control.ParseControl(0xc000062240, 0x5b3778, 0x6, 0x4320cf, 0xc000000300, 0x200000003)
/home/paultag/.goenvs/fuzz/src/pault.ag/go/debian/control/control.go:147 +0x126
_/home/paultag/dev/local/debian-fuzz.Fuzz(0x7f03681fc000, 0xf, 0x200000, 0x3)
/home/paultag/dev/local/debian-fuzz/debian.go:13 +0xef
go-fuzz-dep.Main(0xc0000a1f80, 0x1, 0x1)
/tmp/go-fuzz-build890815257/goroot/src/go-fuzz-dep/main.go:36 +0x1b6
main.main()
/tmp/go-fuzz-build890815257/gopath/src/_/home/paultag/dev/local/debian-fuzz/go.fuzz.main/main.go:15 +0x52
``
go-debian shouldn't grow that stuff; need to patch all things using the API
The HTTPS certificate for https://pault.ag/go/debian expired on 1/23. This is breaking dep ensure for us.
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.