66
66
[--limit-priority=regex] [--dry-run]
67
67
[--proxy=http://user:pass\@url:port/] [--help]
68
68
[--rsync-options=options] [--ignore-small-errors]
69
[--pdiff=mirror|use|none]
69
[--pdiff=use|mirror|none]
72
72
For details, see man page.
156
156
=item --dist=foo[,bar,..] -d foo
158
Specify the distribution (woody, sarge, sid) of Debian to mirror. This
159
switch may be used multiple times, and multiple distributions may be
160
specified at once, separated by commas. Using the links (stable,
161
testing, unstable) does not have the expected results but you may add
162
those links manually. Defaults to mirroring sid.
158
Specify the distribution (sarge, etch, lenny, sid) of Debian to
159
mirror. This switch may be used multiple times, and multiple
160
distributions may be specified at once, separated by commas. Using the
161
links (stable, testing, unstable) does not have the expected results
162
but you may add those links manually. Defaults to mirroring sid.
164
164
=item --section=foo[,bar,..] -s foo
267
267
causes debmirror to ignore missing or broken deb and source files but
268
268
still be pedantic about checking meta files.
270
=item --pdiff=mirror|use|none
270
=item --pdiff=use|mirror|none
272
If the Release file contains entries for pdiff files then it will
273
mirror them and atempt to update the Packages files with them. This is
274
the default 'mirror' behaviour. Specifying --pdiff=use will use the
275
pdiff files to update the index files but will not keep them in the
276
mirror. Specifying --pdiff=none will completly ignore pdiff files.
272
If the Release file contains entries for pdiff files then debmirror
273
will atempt to update the Packages and Sources files with them but
274
will not include them in the mirror. This is the default 'use'
275
behaviour and avoids having time consuming pdiff files for a fast
276
local mirror. Specifying --pdiff=mirror will include the downloaded
277
pdiff files in the mirror while specifying --pdiff=none will completly
322
324
Simply make a mirror in /mirror/debian, using all defaults.
324
debmirror /mirror/debian --ignore=non-US/
325
debmirror /mirror/debian/non-US -h non-us.debian.org -r /debian-non-US \
326
-d sid/non-US -s main,contrib,non-free
328
Make one full mirror, and supplement it with a mirror of non-US, in a
331
326
debmirror -a i386,sparc -s main -h ftp.kernel.org \
332
-d sid -d sarge /home/me/debian/mirror --nosource \
327
-d sid -d etch /home/me/debian/mirror --nosource \
335
330
Make a mirror of i386 and sparc binaries, main only, and include both unstable
339
~/.gnupg/trustedkeys.gpg
346
Debmirror uses gpg to verify Release and Release.gpg using the
347
default keying ~/.gnupg/pubring.gpg. This can be changed by
348
exporting GNUPGHOME resulting in $GNUPGHOME/pubring.gpg being used.
341
Debmirror uses gpgv to verify Release and Release.gpg using the
342
default keying ~/.gnupg/trustedkeys.gpg. This can be changed by
343
exporting GNUPGHOME resulting in $GNUPGHOME/trustedkeys.gpg being
350
346
To add the right key to this keyring you can import it from the
351
347
debian keyring (in case of the debian archive) using:
353
gpg --keyring /usr/share/keyrings/debian-role-keys.gpg --export \
354
"Debian Archive Automatic Signing Key (2005)" | gpg --import
349
gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg --export \
356
352
or download the key from a keyserver:
358
354
gpg --keyserver keyring.debian.org --recv-keys <key ID>
360
<key ID> for debian and 2005 is 4F368D5D and can be found in the
361
gpg error message from debmirror -v output.
356
The <key ID> can be found in the gpgv error message in debmirror:
357
gpgv: Signature made Tue Jan 23 09:07:53 2007 CET using DSA key ID 2D230C5F
461
457
# This parameter is so important that it is the only required parameter.
462
458
my $mirrordir=shift or usage("mirrordir not specified");
460
# Check for patch binary if needed
461
if (!($pdiff_mode eq "none")) {
462
if (system("patch --version 2>/dev/null >/dev/null")) {
463
say("Patch binary missing, falling back to --pdiff=none");
464
push (@errlog,"Patch binary missing, falling back to --pdiff=none\n");
465
$pdiff_mode = "none";
467
if (system("ed --version 2>/dev/null >/dev/null")) {
468
say("Ed binary missing, falling back to --pdiff=none");
469
push (@errlog,"Ed binary missing, falling back to --pdiff=none\n");
470
$pdiff_mode = "none";
464
474
# Post-process arrays. Allow commas to seperate values the user entered.
465
475
# If the user entered nothing, provide defaults.
466
476
@dists=split(/,/,join(',',@dists));
608
618
$files{$tempdir."/"."dists/$dist/Release.gpg"}=1;
610
620
if (!$ignore_release_gpg) {
611
if (system("gpg --version >/dev/null 2>/dev/null")) {
612
say("gpg failed: --ignore-release-gpg or gpg binary missing?");
613
push (@errlog,"gpg failed: --ignore-release-gpg or gpg binary missing?\n");
621
if (system("gpgv --version >/dev/null 2>/dev/null")) {
622
say("gpgv failed: --ignore-release-gpg or gpgv binary missing?");
623
push (@errlog,"gpgv failed: --ignore-release-gpg or gpgv binary missing?\n");
616
626
# Verify Release signature
617
my $GPG="gpg --no-tty -q";
619
$GPG = $GPG." >/dev/null 2>/dev/null";
621
if (!-f "$tempdir/dists/$dist/Release.gpg" || !-f "$tempdir/dists/$dist/Release" || system("$GPG --verify $tempdir/dists/$dist/Release.gpg $tempdir/dists/$dist/Release")) {
623
say("Release signature does not verify.");
624
push (@errlog,"Release signature does not verify.\n");
626
system("gpg --no-tty -q --verify $tempdir/dists/$dist/Release.gpg $tempdir/dists/$dist/Release");
627
say("Release signature does not verify.");
628
push (@errlog,"Release signature does not verify.\n");
627
if (-f "$tempdir/dists/$dist/Release.gpg" || -f "$tempdir/dists/$dist/Release") {
628
my $gpgv_res="failed";
629
open GPGV, "gpgv 2>/dev/null --status-fd 1 $tempdir/dists/$dist/Release.gpg $tempdir/dists/$dist/Release|";
631
$gpgv_res="valid" if /^\[GNUPG:\] VALIDSIG/;
634
if ($gpgv_res eq "failed" || $debug) {
635
system("gpgv --status-fd 1 $tempdir/dists/$dist/Release.gpg $tempdir/dists/$dist/Release");
637
if ($verbose && !$debug) {
638
system("gpgv --status-fd 1 $tempdir/dists/$dist/Release.gpg $tempdir/dists/$dist/Release >/dev/null");
640
if ($gpgv_res eq "failed") {
641
say("Release signature does not verify.");
642
push (@errlog,"Release signature does not verify.\n");
646
say("Release signature does not verify, file missing.");
647
push (@errlog,"Release signature does not verify.\n");
1468
1487
local (*INDEX, *LIST);
1469
1488
my (%history_sha1, %history_size, %pdiff_sha1, %pdiff_size);
1470
1489
my ($current_sha1, $current_size, $sha1, $size, $file, $digest, $ret);
1490
my $t = $num_errors;
1472
1492
# Parse DiffIndex file
1473
1493
open(INDEX, "$tempdir/$subdir/$list.diff/Index") or die "$tempdir/$subdir/$list.diff/Index: $!";
1503
1523
say("$subdir/$list.diff/$file.gz needs fetch");
1504
1524
remote_get("$subdir/$list.diff/$file.gz");
1505
1525
#FIXME: before download
1506
$bytes_to_get += -s "$tempdir/$subdir/$list.diff/$file.gz";
1526
if (-f "$tempdir/$subdir/$list.diff/$file.gz") {
1527
$bytes_to_get += -s "$tempdir/$subdir/$list.diff/$file.gz";
1507
1529
if (!check_pdiff("$tempdir/$subdir/$list.diff/$file", $pdiff_size{$file}, $pdiff_sha1{$file})) {
1508
1530
say("$subdir/$list.diff/$file.gz failed sha1sum check, removing");
1509
1531
push (@errlog,"$subdir/$list.diff/$file.gz failed sha1sum check, removing\n");