Age | Commit message (Collapse) | Author |
|
|
|
|
|
Having it in the header exposes some implementation details, namely
private methods and will cause problems for us if we ever want to change
the actions.
Git-Dch: Ignore
|
|
aptitude has a define for VERSION, so to not generate a FTBFS we just
rename our enum element to a slightly less generic name.
Git-Dch: Ignore
|
|
|
|
The code is creating a secure temporary directory, but then creates
the changelog alongside the tmpdir in the same base directory. This
defeats the secure tmpdir creation, making the filename predictable.
Inject a '/' between the tmpdir and the changelog filename.
|
|
|
|
|
|
apt-key creates trusted.gpg if it needs it with 644 nowadays, but before
it ensured this, it was gpg creating it, which gives it by default 600.
Not a problem as long as our gpgv is run as root, but now that we drop
privileges we have to ensure that we can also read trusted.gpg files
created by earlier apt-key versions.
Closes: 647001
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Because of dpkg-buildflags we already get most of the hardening
features, +all adds -fPIE and ld -z now
Thanks: Simon Ruderich, Markus Waldeck
|
|
|
|
Because of dpkg-buildflags we already get most of the hardening
features, +all adds -fPIE and ld -z now
Thanks: Simon Ruderich, Markus Waldeck
|
|
|
|
The configuration key Acquire::AllowInsecureRepositories controls if
apt allows loading of unsigned repositories at all.
The configuration Acquire::AllowDowngradeToInsecureRepositories
controls if a signed repository can ever become unsigned. This
should really never be needed but we provide it to avoid having
to mess around in /var/lib/apt/lists if there is a use-case for
this (which I can't think of right now).
|
|
pkgAcqIndexDiffs/pkgAcqMergeDiffs
|
|
Closes: 763379
|
|
debian/experimental
|
|
|
|
Git-Dch: Ignore
|
|
The fileformat of a pdiff index stores currently only SHA1 hashes. With
this change, we look for all other hashes we support as well and take
what we get, so that we can work after the release of jessie to get
right of SHA1 if we want to.
Note that the completely patched file is and was checked against the
hashes collected from the Release file, so this transition isn't mission
critical.
|
|
We are the only possible users of private methods, so we are also the
only users who can potentially export them via using them in inline
methods. The point is: We don't need these symbols exported if we don't
do this, so marking them as hidden removes some methods from the API
without breaking anything as nobody could have used them.
Git-Dch: Ignore
|
|
|
|
Git-Dch: Ignore
|
|
|
|
|
|
|
|
This prevents a failure in mktemp -d - it will blindly trust
TMPDIR and not use something else if the dir is not there.
|
|
|
|
|
|
|
|
|
|
feature/acq-trans
Conflicts:
apt-pkg/acquire-item.cc
apt-pkg/acquire-item.h
methods/gpgv.cc
|
|
Closes: #763004
Thanks: Russ Allbery
|
|
Conflicts:
apt-pkg/acquire-item.cc
|
|
Signed-off-by: Trần Ngọc Quân <vnwildman@gmail.com>
|
|
A long-lasting FIXME in the acquire code points out the problem that we
e.g. for decompressors assign c-string representations of c++-strings to
the Mode variable, which e.g. cppcheck points out as very bad.
In practice, nothing major happens as the c++-strings do not run out of
scope until Mode would do, but that is bad style and fragile, so the
obvious proper fix is to use a c++ string for storage to begin with.
The slight complications stems from the fact that progress reporting
code in frontends potentially uses Mode and compares it with NULL, which
can't be done with std::string, so instead of just changing the type we
introduce a new variable and deprecate the old one.
Git-Dch: Ignore
|
|
This used to work before we implemented a stricter commandline parser
and e.g. the dd-schroot-cmd command constructs commandlines like this.
Reported-By: Helmut Grohne
|
|
Not really the intended usecase for apt-get clean, but users expect it
to help them in recovery and it can't really hurt as this directory
should be empty if everything was fine and proper anyway.
Closes: #762889
|
|
apt-get download and changelog as well as apt-helper reuse the acquire
system for their own proposes without requiring the directories the
fetcher wants to create, which is a problem if you run them as non-root
and the directories do not exist as it greets you with:
E: Archives directory /var/cache/apt/archives/partial is missing. -
Acquire (13: Permission denied)
Closes: 762898
|
|
Closes: 763033
|
|
Accessing the package records to acquire this information is pretty
costly, so that information wasn't used so far in many places. The most
noticeable user by far is EDSP at the moment, but there are ideas to
change that which this commit tries to enable.
|
|
'unsigned int'
Git-Dch: Ignore
Reported-By: cppcheck
|
|
also defined in its parent class 'pkgSource'
Git-Dch: Ignore
Reported-By: cppcheck
|
|
Git-Dch: Ignore
Reported-By: cppcheck
|