summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-11-06Merge remote-tracking branch 'mvo/feature/no-more-acquire-guessing' into ↵Michael Vogt
debian/experimental
2014-11-06Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt
feature/no-more-acquire-guessing Conflicts: apt-pkg/acquire-item.cc
2014-11-05Bump ABI to 4.15Michael Vogt
2014-11-05prepare ABI for feature/socketpairMichael Vogt
2014-11-05Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: debian/changelog
2014-11-05apt-pkg/deb/debindexfile.{cc,h}: kill GetIndexes()Michael Vogt
2014-11-05test/integration/test-bug-624218-Translation-file-handling: clarify when ↵Michael Vogt
Translation-* is guessed
2014-11-04test/integration/test-apt-update-filesize-mismatch: use "basename file ↵Michael Vogt
suffix" instead of -s for compatibility with older systems
2014-11-04apt-pkg/acquire-item.h: make friend declaration compatible with older gccMichael Vogt
2014-11-04Call "Dequeue()" for items in AbortTransaction() to fix raceMichael Vogt
The pkgAcquire::Run() code works uses a while(ToFetch > 0) loop over the items queued for fetching. This means that we need to Deqeueue the item if we call AbortTransaction() to avoid a hang.
2014-10-29Only support Translation-* that are listed in the {In,}Release fileMichael Vogt
Handle Translation-* files exactly like Packages files (with the expection that it is ok if a download of them fails). Remove all "guessing" on apts side. This will elimimnate a bunch of errors releated to captive portals and similar. Its also more correct and removes another potential attack vector.
2014-10-26move permission changing from -item to -workerDavid Kalnischkies
The worker is the part closest to the methods, which will call the item methods according to what it gets back from the methods, it is therefore a better place to change permissions as it is very central and can do it now at the point the item is assigned to a method rather than then it is queued for download (and as before while dequeued via Done/Failure). Git-Dch: Ignore
2014-10-26tests: enhance output of grep and test failsDavid Kalnischkies
Git-Dch: Ignore
2014-10-26rewrite ReadMessages()David Kalnischkies
Central methods of our infrastructure like this one responsible for communication with our methods shouldn't be more complicated then they have to and not claim to have (albeit unlikely) bugs. While I am not sure about having improved the first part, the bug is now gone and a few explicit tests check that it stays that way, so nobody will notice the difference (hopefully) – expect that this should a very tiny bit faster as well as we don't manually proceed through the string. Git-Dch: Ignore
2014-10-24promote filesize to a hashstringDavid Kalnischkies
It is a very simple hashstring, which is why it isn't contributing to the usability of a list of them, but it is also trivial to check and calculate, so it doesn't hurt checking it either as it can combined even with the simplest other hashes greatly complicate attacks on them as you suddenly need a same-size hash collision, which is usually a lot harder to achieve.
2014-10-23Fix incorrect comparison between signed/unsignedMichael Vogt
Git-Dch: ignore
2014-10-23Use sysconf(_SC_ARG_MAX) to find the size of Dpkg::MaxArgBytesMichael Vogt
Instead of hardcoding Dpkg::MaxArgBytes find out about it using the sysconf(_SC_ARG_MAX) call.
2014-10-23tests: support 'installed' release in insertpackageDavid Kalnischkies
It is sometimes handy to have an installed package also in the archive, but this was until now harder than it should as you had to duplicate the lines, which is especially dangerous while writing the tests as it easily happens that these two lines divert and so the same-but-different version detection kicks in. Git-Dch: Ignore
2014-10-23switch tests to Translation-en usageDavid Kalnischkies
We can use either and some tests exercise this, but the default should be what we want to use and that is a split out long description file which is properly mentioned in the Release file. Git-Dch: Ignore
2014-10-23add test for Basic Authentication schemeDavid Kalnischkies
Git-Dch: Ignore
2014-10-23chown finished partial files earlierDavid Kalnischkies
partial files are chowned by the Item baseclass to let the methods work with them. Now, this baseclass is also responsible for chowning the files back to root instead of having various deeper levels do this. The consequence is that all overloaded Failed() methods now call the Item::Failed base as their first step. The same is done for Done(). The effect is that even in partial files usually don't belong to _apt anymore, helping sneakernets and reducing possibilities of a bad method modifying files not belonging to them. The change is supported by the framework not only supporting being run as root, but with proper permission management, too, so that privilege dropping can be tested with them.
2014-10-22doc/examples/configure-index: make "Dpkg::Max{Arg,ArgBytes} match realityMichael Vogt
Git-Dch: ignore
2014-10-22check that auth.conf exists before chowning itDavid Kalnischkies
Git-Dch: Ignore
2014-10-21Ensure /etc/apt/auth.conf has _apt:root ownerMichael Vogt
Ensure in SetupAPTPartialDirectory() that the /etc/apt/auth.conf file can be read by the priv sep apt methods.
2014-10-21debian/apt.postinst: chown _apt:root /etc/apt/auth.confMichael Vogt
If the methods drop privileges we need to ensure that /etc/apt/apt.conf is still readable by the _apt user.
2014-10-20test if TMPDIR is accessible before usingDavid Kalnischkies
Private temporary directories as created by e.g. libpam-tmpdir are nice, but they are also very effective in preventing our priviledge dropping to work as TMPDIR will be set to a directory only root has access to, so working with it as _apt will fail. We circumvent this by extending our check for a usable TMPDIR setting by checking access rights. Closes: 765951
2014-10-20testcases: do not allow warnings in testsuccessDavid Kalnischkies
Adds a new testwarning which tests for zero exit and the presents of a warning in the output, failing if either is not the case or if an error is found, too. This allows us to change testsuccess to accept only totally successful executions (= without warnings) which should help finding regressions. Git-Dch: Ignore
2014-10-20check for failure message in testsuccess/failureDavid Kalnischkies
These functions check the exit code of the command, but for apt commands we can go further and require an error message for non-zero exits and none for zero exits. Git-Dch: Ignore
2014-10-20use c++ style instead of the last two c-arraysDavid Kalnischkies
Git-Dch: Ignore
2014-10-20check lists/ content in tests doing rollbackDavid Kalnischkies
Git-Dch: Ignore
2014-10-20autorun permission tests for all apt-get update callsDavid Kalnischkies
Adds some infrastructure to run tests automatically for certain commands. The first command being 'apt-get update' (and 'apt update') which check for correct permission and owner of the files in lists/. Git-Dch: Ignore
2014-10-20aborted reverify restores file owner and permissionDavid Kalnischkies
If we get an IMS hit for an InRelease file we use the file we already have and pass it into reverification, but this changes the permissions and on abort of the transaction they weren't switched back. This is now done, additionally, every file in partial which hasn't failed gets permission and owner changed for root access as well, as it is very well possible that the next invocation will (re)use these files.
2014-10-20run acquire transactions only onceDavid Kalnischkies
Transactions are run and completed from multiple places, so it happens for unsigned repos that the Release file was commited even if it was previously aborted (due to --no-allow-insecure-repositories). The reason is simply that the "failure" of getting an InRelease/Release.gpg is currently ignored, so that the acquire process believes that nothing bad happened and commits the transaction even though the same transaction was previously aborted.
2014-10-20mark --allow-insecure-repositories message as translateableDavid Kalnischkies
Refactors a bit to ensure the same message is used in all three cases as well. Git-Dch: Ignore
2014-10-20reenable support for -s (and co) in apt-get sourceDavid Kalnischkies
The conversion to accept only relevant options for commands has forgotten another one, so adding it again even through the usecase might very well be equally good served by --print-uris. Closes: 742578
2014-10-15releasing package apt version 1.1~exp71.1.exp7Michael Vogt
2014-10-15releasing package apt version 1.0.9.31.0.9.3Michael Vogt
2014-10-15ignore Acquire::GzipIndexes for cdrom sourcesDavid Kalnischkies
We do not support compressed indexes for cdrom sources as we rewrite some of them, so supporting it correctly could be hard. What we do instead in the meantime is probably disabling it for cdrom sources.
2014-10-15Merge branch 'debian/sid' into debian/experimentalDavid Kalnischkies
The acquire code changed completely, so this is more an import of the testcase and a new fix than the merge of an existent fix. Conflicts: apt-pkg/acquire-item.cc
2014-10-15don't cleanup cdrom files in apt-get updateDavid Kalnischkies
Regression from merging 801745284905e7962aa77a9f37a6b4e7fcdc19d0 and b0f4b486e6850c5f98520ccf19da71d0ed748ae4. While fine by itself, merged the part fixing the filename is skipped if a cdrom source is encountered, so that our list-cleanup removes what seems to be orphaned files. Closes: 765458
2014-10-15releasing package apt version 1.1~exp61.1.exp6Michael Vogt
2014-10-15check for available space, excluding root reserved blocksDavid Kalnischkies
We are checking the space requirements for ages, but the check uses the free blocks count, which includes the blocks reserved for usage by root. Now that we use an unprivileged user it has no access to these blocks anymore – and more importantly these blocks are a reserve, they shouldn't be used by apt without special encouragement by the user as it would be bad to have dpkg run out of diskspace and maintainerscripts like man-db skip certain actions if not enough space is available freely.
2014-10-15set PR_SET_NO_NEW_PRIVS even if sandbox is disabledDavid Kalnischkies
Similar to 8f45798d532223adc378a4ad9ecfc64b3be26e4f, there is no harm to set this, even if we don't drop privileges. Git-Dch: Ignore
2014-10-15testcases runable as rootDavid Kalnischkies
Running the testcases is usually not a good idea, but it can be handy to check if the privilege dropping works. Git-Dch: Ignore
2014-10-15don't drop privileges if _apt has not enough rightsDavid Kalnischkies
Privilege dropping breaks download/source/changelog commands as they require the _apt user to have write permissions in the current directory, which is e.g. the case in /tmp, but not in /root, so we disable the privilege dropping if we deal with such a directory based on idea and code by Michael Vogt. The alternative would be to download always to a temp directory and move it then done, but this breaks partial file support. To resolve this, we could move to one of our partial/ directories, but this would require a lock which would block root from using two of these commands in parallel. As both seems unacceptable we instead let the user choose what to do: Either a directory is setupped for _apt, downloading as root is accepted or – which is potentially even better – an unprivileged user is used for the commands.
2014-10-14Add new configallowinsecurerepositories to the test frameworkMichael Vogt
Add a new configallowinsecurerepositories that controls the value of Acquire::AllowInsecureRepositories for the tests. Set it to "false" for most of the testsuite and only enable it where its really needed. We want to switch the default for this post-jessie.
2014-10-14Merge branch 'debian/sid' into debian/experimentalMichael Vogt
2014-10-13releasing package apt version 1.1~exp51.1.exp5Michael Vogt
2014-10-13Change default of Acquire::AllowInsecureRepositories to "true"Michael Vogt
This change is made for backward compatiblity and should be reverted once jessie is out.
2014-10-13update symbols fileDavid Kalnischkies
Git-Dch: Ignore