summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-07-03don't set ip addresses as server names for SNIDavid Kalnischkies
It is kinda unlikely that apt will ever encounter a certificate for an IP and a user actually using it, but the API documentation for gnutls_server_name_set explicitly says that "IPv4 or IPv6 addresses are not permitted to be set by this function.", so we should follow it. [jak@d.o: Slightly rebased]
2017-07-03Swap file descriptors before the handshakeJulian Andres Klode
This makes more sense. If the handshake failed midway, we still should run the gnutls bye stuff. The thinking here is to only set the fd after the session setup, as we do not modify it before, so if it fails in session setup, you retain a usable file descriptor. Gbp-Dch: ignore
2017-07-03Do not error out, only warn if ca certificates are not availableJulian Andres Klode
This probably makes more sense if Verify-Peer is set to off.
2017-07-03tls: Add more details to error messages, and detect more errorsJulian Andres Klode
This should make it easier to figure out what was going on.
2017-07-02travis/docker: Various improvementsJulian Andres Klode
- Use a tmpfs for /tmp - not really a benefit here, except for travis as it's writing less now. - Use the fastly CDN - about twice as fast as ftp.de, and seems more stable than cloudfront - Run apt-get clean to keep container smaller - should not be needed really, but let's just do it. Gbp-Dch: ignore
2017-07-01Ignore download order in test-apt-update-failure-propagationJulian Andres Klode
This caused spurious test failures.
2017-07-01http: A response with Content-Length: 0 has no contentJulian Andres Klode
APT considered any response with a Content-Length to have a body, even if the value of the header was 0. A 0 length body however, is equal to no body.
2017-07-01Make Verify-Host and Verify-Peer independent againJulian Andres Klode
We can actually just pass null as a hostname, so let's just do that when Verify-Host is set to false.
2017-06-30Upload 1.5~alpha4 to experimental1.5_alpha4Julian Andres Klode
2017-06-30shippable: Run tests in parallelJulian Andres Klode
Gbp-Dch: ignore
2017-06-30CMake: Do not allow FORCE_CURL=ON with WITH_CURL=OFFJulian Andres Klode
This makes no sense. We need both entries in the cache, as we check FORCE_CURL in the test suite. Gbp-Dch: ignore
2017-06-30TLS support: Error out on unsupported curl optionsJulian Andres Klode
Silently ignoring the options might be a security issue, so produce an error instead.
2017-06-30Improve closing the TLS connectionJulian Andres Klode
If gnutls_session_bye() exited with an error, we never closed the underlying file descriptor, causing the method to think the connection was still open. This caused problems especially in test-partial-file-support where we checked that a "complete" file and an incomplete file work. The first GET returns a 416 with Connection: close, and the next GET request then accidentally reads the body of the 416 as the header for its own request.
2017-06-30Switch to 'http' as the default https methodJulian Andres Klode
The old curl based method is still available as 'curl', 'curl+http', and 'curl+https'.
2017-06-30travis: Switch to DockerJulian Andres Klode
This runs parallel builds on docker, based on debian:testing docker images, with ccache enabled and parallel running of the test suite (ccache supports coverage builds these days, and parallel testing just needs unbuffer to handle the stty stuff) This is a huge step up from building on a mix of trusty, wily, and xenial. Most importantly, coverage now correctly detects partial covered lines instead of just reporting almost all of them as fully covered. We use ftp.de.debian.org as deb.debian.org backed by Amazon 503s too often. Gbp-Dch: ignore
2017-06-30Allow http(s) and socks5h for http and https in proxy auto detectJulian Andres Klode
This makes it possible to write sensible auto detect scripts.
2017-06-30http: Add support for https:// proxiesJulian Andres Klode
HTTPS proxies just require unwrapping the TLS layer at the proxy connection, that's easy, and of course sending proxy-specific headers that are sent on "http" proxies.
2017-06-30http: Add support for CONNECT proxying to HTTPS locationsJulian Andres Klode
Proxying HTTPS traffic requires the proxy providing the CONNECT method. This implements the client side of it, although it is a bit hacky. HTTP connect is a normal HTTP CONNECT request, followed by a normal HTTP response, just that the body of the response is the TCP stream of the target host. We use a special wrapper in case there are data bytes in the header packets - in that case, the bytes are stored in a buffer and the buffer will be drained first, afterwards the connection continues directly with the TCP stream (with one more vcall). Also: Do not send full URI to https destinations when proxying, as we are directly interfacing with the destination data stream.
2017-06-30Allow running the TLS stack on any lower connectionJulian Andres Klode
This is especially needed if we use an HTTPS proxy to CONNECT to an HTTPS URI, as we run TLS-inside-TLS then.
2017-06-30Reset failure reason when connection was successfulJulian Andres Klode
When APT was trying multiple addresses, any later error somewhere else would be reported with ConnectionRefused or ConnectionTimedOut as the FailReason because that was set by early connect attempts. This causes APT to handle the failures differently, leading to some weirdly breaking test cases (like the changed one). Add debugging to the previously failing test case so we can find out when something goes wrong there again.
2017-06-30Upload 1.5~alpha3 to experimental1.5_alpha3Julian Andres Klode
2017-06-30Don't read CaInfo if not specified (missing else)Julian Andres Klode
This fixes a regression from ~alpha2. Closes: #866559 Gbp-Dch: Full
2017-06-29Upload 1.5~alpha2 to experimental1.5_alpha2Julian Andres Klode
2017-06-29Build-Depend on debhelper (>= 10) to shut up lintianJulian Andres Klode
2017-06-29Bump Standards-Version (and wrap-and-sort a bit)Julian Andres Klode
2017-06-29http: Only use system CA store if CaInfo is not setJulian Andres Klode
It turns out that curl only sets the system trust store if the CaInfo option is not set, so let's do the same here.
2017-06-29Demote gnupg to SuggestsJulian Andres Klode
stretch was the migration release for gpg->gpgv basically, so let's demote it now.
2017-06-29Have apt Recommend ca-certificatesJulian Andres Klode
The http method needs ca-certificates for TLS support, so enable it.
2017-06-29Improve error message if system CA store is emptyJulian Andres Klode
Tell the user to install ca-certificates. Closes: #866377
2017-06-29fix a "critical" typo in old changelog entryRobert Luberda
This typo exposes a bug in apt-listchanges that prevents commands like `apt-listchanges --show-all apt_*.deb' from showing the changelog. The bug will be fixed in next upload of apt-listchanges, but I think it would be nice have the typo fixed as well. Closes: 866358
2017-06-29use port from SRV record instead of initial portDavid Kalnischkies
An SRV record includes a portnumber to use with the host given, but apt was ignoring the portnumber and instead used either the port given by the user for the initial host or the default port for the service. In practice the service usually runs on another host on the default port, so it tends to work as intended and even if not and apt can't get a connection there it will gracefully fallback to contacting the initial host with the right port, so its a user invisible bug most of the time.
2017-06-28support tor+https being handled by httpDavid Kalnischkies
The apt-transport-tor package operates via simple symlinks which can result in 'http' being called as 'tor+https', so it must pick up the right configuration pieces and trigger https support also in plus names.
2017-06-28Upload 1.5~alpha1 to experimental1.5_alpha1Julian Andres Klode
2017-06-28Strip 0: epochs from the version hashJulian Andres Klode
This should fix some issues with dpkg normalizing such values. Suprisingly enough apt treats the Version: field the same, even with epoch vs without, but not when searching, and does not strip the 0: from the output.
2017-06-28Merge branch 'feature/releaseinfochange'David Kalnischkies
2017-06-28ask for releaseinfo change interactively in aptDavid Kalnischkies
If we have a user sitting around we can let 'apt' ask the user for a confirmation rather than print errors at the end and require the user to figure out which commandline flags are needed to confirm the changes non-interactively.
2017-06-28allow frontends to override releaseinfo change behaviourDavid Kalnischkies
Having messages being printed on the error stack and confirm them by commandline flags is an okayish first step, but some frontends will probably want to have a more interactive feeling here with a proper question the user can just press yes/no for as for some frontends a commandline flag makes no sense…
2017-06-28show a Release-Notes URI if infos were changedDavid Kalnischkies
This gives the repository owner a chance to explain why this change was needed – e.g. explaining the organisational changes or simply detailing the changes in the new release made. Note that this URI is also shown if the change is accepted, so it also draws attention to release notes of minor updates (if users watch apt output closely).
2017-06-28error in update on Release information changesDavid Kalnischkies
The value of Origin, Label, Codename and co can be used in user configuration from apts own pinning to unattended upgrades. A repository changing this values can therefore have serious effects on the behaviour of apt and other tools using these values. In a first step we will generate error messages for these changes now explaining the need for explicit confirmation and provide config options and commandline flags to accept them.
2017-06-28fail instead of warn on insecure repositories in apt-getDavid Kalnischkies
The exception was made to give (script) users a one-release grace period to adapt their setup to deal with apt enforcing signing of repositories. As we are now at the start of a new release cycle its as good a time as any to lift it now. Removes-Exception: 952ee63b0af14a534c0aca00c11d1a99be6b22b2
2017-06-28Merge branch 'feature/http-https'Julian Andres Klode
2017-06-28Skip test-apt-download-progressJulian Andres Klode
The test keeps failing continously on Ubuntu, so let's fix it for now.
2017-06-28Introduce Acquire::AllowTLS to turn off TLS supportJulian Andres Klode
As requested by Henrique de Moraes Holschuh, here comes an option to disable TLS support. If the option is set to false, the internal TLS layer is disabled.
2017-06-28Fix test suite and enable non-curl testing on travis, shippableJulian Andres Klode
Gbp-Dch: ignore
2017-06-28Fix https->http redirect issuesDavid Kalnischkies
Gbp-Dch: ignore
2017-06-28methods: http: Drain pending data before selectingJulian Andres Klode
GnuTLS can already have data pending in its buffers, we need to to drain that first otherwise select() might block indefinitely. Gbp-Dch: ignore
2017-06-28Allow building without curlJulian Andres Klode
This makes testing easier and prepares us for the transition.
2017-06-28methods: Add HTTPS support to http method, using GnuTLSJulian Andres Klode
The http method will eventually replace the curl-based https method, but for now, this is an opt-in experiment that can be enabled by setting Dir::Bin::Methods::https to "http". Known issues: - We do not support HTTPS proxies yet - We do not support proxying HTTPS connections yet (CONNECT) - IssuerCert and SslForceVersion are unsupported Gbp-Dch: Full
2017-06-28methods: connect: Switch from int fds to new MethodFdJulian Andres Klode
Use std::unique_ptr<MethodFd> everywhere we used an integer-based file descriptor before. This allows us to implement stuff like TLS support easily. Gbp-Dch: ignore
2017-06-28methods: connect: Change PkgAcqMethod to aptMethodJulian Andres Klode
This will allow us to access ConfigFind() and stuff which makes it possible for us to implement TLS support. Gbp-Dch: ignore