summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-07-26allow the auth.conf to be root:root ownedDavid Kalnischkies
Opening the file before we drop privileges in the methods allows us to avoid chowning in the acquire main process which can apply to the wrong file (imagine Binary scoped settings) and surprises users as their permission setup is overridden. There are no security benefits as the file is open, so an evil method could as before read the contents of the file, but it isn't worse than before and we avoid permission problems in this setup.
2017-07-26lookup login info for proxies in auth.confDavid Kalnischkies
On HTTP Connect we since recently look into the auth.conf file for login information, so we should really look for all proxies into the file as the argument is the same as for sources entries and it is easier to document (especially as the manpage already mentions it as supported).
2017-07-26reimplement and document auth.confDavid Kalnischkies
We have support for an netrc-like auth.conf file since 0.7.25 (closing 518473), but it was never documented in apt that it even exists and netrc seems to have fallen out of usage as a manpage for it no longer exists making the feature even more arcane. On top of that the code was a bit of a mess (as it is written in c-style) and as a result the matching of machine tokens to URIs also a bit strange by checking for less specific matches (= without path) first. We now do a single pass over the stanzas. In practice early adopters of the undocumented implementation will not really notice the differences and the 'new' behaviour is simpler to document and more usual for an apt user. Closes: #811181
2017-07-26show warnings instead of errors if files are unreadableDavid Kalnischkies
We used to fail on unreadable config/preferences/sources files, but at least for sources we didn't in the past and it seems harsh to refuse to work because of a single file, especially as the error messages are inconsistent and end up being silly (like suggesting to run apt update to fix the problem…). LP: #1701852
2017-07-26use FileFd to parse all apt configuration filesDavid Kalnischkies
Using different ways of opening files means we have different behaviour and error messages for them, so by the same for all we can have more uniformity for users and apt developers alike.
2017-07-26fail early in http if server answer is too small as wellDavid Kalnischkies
Failing on too much data is good, but we can do better by checking for exact filesizes as we know with hashsums how large a file should be, so if we get a file which has a size we do not expect we can drop it directly, regardless of if the file is larger or smaller than what we expect which should catch most cases which would end up as hashsum errors later now a lot sooner.
2017-07-26fail earlier if server answers with too much dataDavid Kalnischkies
We tend to operate on rather large static files, which means we usually get Content-Length information from the server. If we combine this information with the filesize we are expecting (factoring in pipelining) we can avoid reading a bunch of data we are ending up rejecting anyhow by just closing the connection saving bandwidth and time both for the server as well as the client.
2017-07-26send weak-only hashes to methodsDavid Kalnischkies
Weak hashes like filesize can be used by methods for basic checks and early refusals even if we can't use them for hard security proposes. Normal apt operations are not affected by this as they fail if no strong hash is available, but if apt is forced to work with weak-only files or e.g. in apt-helper context it can have benefits as weak is better than no hash for the methods.
2017-07-26don't try to parse all fields starting with HTTP as status-lineDavid Kalnischkies
It is highly unlikely to encounter fields which start with HTTP in practice, but we should really be a bit more restrictive here.
2017-07-26don't move failed pdiff indexes out of partialDavid Kalnischkies
The comment says this is intended, but looking at the history reveals that the comment comes from a different era. Nowadays we don't really need it anymore (and even back then it was disputeable) as we haven't used that file for our update in the end and nothing really needs this file after the update. Triggered is this by 188f297a2af4c15cb1d502360d1e478644b5b810 which moves various error conditions forward including this code expecting the file to exist – but it doesn't need to as download could have failed. We could fix that by simple checking if the file exists and only stage it if it does, but instead we don't stage it and instead even rename it out of the way with our conventional FAILED name (if it exists). That restores support for partial mirrors (= in this case mirrors which don't ship pdiff files). Note that apt heals itself even if only such a mirror is used as the update is successful even if that error is shown. Closes: 869425
2017-07-26don't try to rename failed pdiff patches twiceDavid Kalnischkies
RenameOnError does the rename already, so the check for existence will always fail making this some completely harmles but also completely pointless two lines of code we are better of removing. Gbp-Dch: Ignore
2017-07-26support compressed extended_states file for bug triageDavid Kalnischkies
This file isn't compressed by default, but it might be compressed by a bugreporter and uncompressing it is extra work apt could do just as well on the fly as needed just like it does for the dpkg/status file.
2017-07-26ignore SIGPIPE in dump solver if forwardingDavid Kalnischkies
Our test-external-dependency-solver-protocol test sometimes fails on the immediately 'crashing' solver exit1withoutmsg with the message that it got SIGPIPE from the solver. That isn't really possible as the solver produces no output, but on inspection its not this solver getting the signal but the wrapping provided by the dump-solver as the wrapped solver instantly exits. Simply ignoring the signal helps in perhaps extracting the last words of another solver (as this one has none), but at the very least we get the exit code of the wrapped solver we interested in as output.
2017-07-26remove reference to a-t-debtorrent in descriptionDavid Kalnischkies
debtorrent and its helper apt-transport-debtorrent were removed from Debian in 2013 based on the bugreports #730459 and #731281. As they aren't available, we shouldn't make references to them anymore. a-t-tor is picked as replacement for the example.
2017-07-26Gracefully terminate process when stopping apt-daily-upgradeBalint Reczey
The main process is guessed by systemd. This prevents killing dpkg run by unattended-upgrades in the middle of installing packages and ensures graceful shutdown. The timeout of 900 seconds after which apt-daily-upgrade.service is killed is in sync with unattended-upgrades's timer. LP: #1690980
2017-07-20Fix memory leak in C++-thread-local _error implementationJulian Andres Klode
We can't allocate a pointer here, it would not get released - use an object instead. Gbp-Dch: ignore
2017-07-20Use C++11 threading support instead of pthreadJulian Andres Klode
This makes the code easier to read.
2017-07-17Merge pull request Debian/apt#44 from willismonroe/patch-1Julian Andres Klode
Minor grammar fix [jak@d.o: Fixed up po/]
2017-07-12Switch from /org to /srv in example apt-ftparchive configurationPaul Wise
/org has been obsoleted by /srv for many years on debian.org hosts.
2017-07-12Fix some more crashes when APT::Periodic options are set to alwaysPaul Wise
Gbp-Dch: ignore
2017-07-12Support seconds, minutes, hours and days for APT::Periodic intervalsPaul Wise
2017-07-12Support zero delay for the various APT::Periodic activitiesPaul Wise
[squashed:] apt.systemd.daily: check_stamp: check for 'always' before numerical values Prevents a crash when the configuration actually uses 'always': apt.systemd.daily: 402: [: Illegal number: always
2017-07-12Merge branch 'misc/include-cleanup'Julian Andres Klode
This should make it easier to read includes.
2017-07-12Update gitignore with new filesJulian Andres Klode
2017-07-12cacheiterators: Warn about direct include and don't include pkgcache.hJulian Andres Klode
This adds a warning so existing working code will still work (as it includes pkgcache.h first anyway), but it will know that it's not right to include this file directly.
2017-07-12Reformat and sort all includes with clang-formatJulian Andres Klode
This makes it easier to see which headers includes what. The changes were done by running git grep -l '#\s*include' \ | grep -E '.(cc|h)$' \ | xargs sed -i -E 's/(^\s*)#(\s*)include/\1#\2 include/' To modify all include lines by adding a space, and then running ./git-clang-format.sh.
2017-07-12methods/aptmethod.h: Add missing fileutl.h includeJulian Andres Klode
2017-07-12Drop cacheiterators.h includeJulian Andres Klode
Including cacheiterators.h before pkgcache.h fails because pkgcache.h depends on cacheiterators.h.
2017-07-12Handle supported components with slashes in sources.listApollon Oikonomopoulos
Commit d7c92411dc1f4c6be098d1425f9c1c075e0c2154 parses the Components section of (In)Release and attempts to detect the distribution's supported components. While doing so, it handles component names with slashes in a special manner, assuming that the actual component is only the part after the final slash. This is done to handle security.debian.org, which usually appears in sources.list as follows: deb http://s.d.o/debian-security stretch/updates main contrib non-free while the actual release file has: Codename: stretch Components: updates/main updates/contrib updates/non-free While this special handing on APTs part indeed works for debian-security, it emits spurious warnings on repositories that actually use slashes in the component names *and* appear so in sources.list. We fix this by adding both component versions (whole and final part) to the SupportedComponents array. Closes: #868127
2017-07-08fix various typos reported by codespell & spellintianDavid Kalnischkies
Reported-By: codespell & spellintian Gbp-Dch: Ignore
2017-07-08Italian manpage translation updateBeatrice Torracca
Closes: 858877
2017-07-07don't expect more downloads from failed transactionsDavid Kalnischkies
Progress only shows if we have an idea of how much files we will acquire, but if a transaction fails before we have got an idea we ended up never showing progress even through we know that a failed transaction will not download additional files.
2017-07-04zh_CN.po: update Simplified Chinese programs translationZhou Mo
2017-07-03Release 1.5~beta11.5_beta1Julian Andres Klode
2017-07-03Russian translation updateАлексей Шилин
2017-07-03Stop bragging about old speeds in http.cc commentsJulian Andres Klode
That's just ridiculous these days. Gbp-Dch: ignore
2017-07-03formatter: support running from subdirectoriesDavid Kalnischkies
Gbp-Dch: Ignore
2017-07-03don't set ip addresses as server names for SNIDavid Kalnischkies
It is kinda unlikely that apt will ever encounter a certificate for an IP and a user actually using it, but the API documentation for gnutls_server_name_set explicitly says that "IPv4 or IPv6 addresses are not permitted to be set by this function.", so we should follow it. [jak@d.o: Slightly rebased]
2017-07-03Swap file descriptors before the handshakeJulian Andres Klode
This makes more sense. If the handshake failed midway, we still should run the gnutls bye stuff. The thinking here is to only set the fd after the session setup, as we do not modify it before, so if it fails in session setup, you retain a usable file descriptor. Gbp-Dch: ignore
2017-07-03Do not error out, only warn if ca certificates are not availableJulian Andres Klode
This probably makes more sense if Verify-Peer is set to off.
2017-07-03tls: Add more details to error messages, and detect more errorsJulian Andres Klode
This should make it easier to figure out what was going on.
2017-07-02travis/docker: Various improvementsJulian Andres Klode
- Use a tmpfs for /tmp - not really a benefit here, except for travis as it's writing less now. - Use the fastly CDN - about twice as fast as ftp.de, and seems more stable than cloudfront - Run apt-get clean to keep container smaller - should not be needed really, but let's just do it. Gbp-Dch: ignore
2017-07-01Ignore download order in test-apt-update-failure-propagationJulian Andres Klode
This caused spurious test failures.
2017-07-01http: A response with Content-Length: 0 has no contentJulian Andres Klode
APT considered any response with a Content-Length to have a body, even if the value of the header was 0. A 0 length body however, is equal to no body.
2017-07-01Make Verify-Host and Verify-Peer independent againJulian Andres Klode
We can actually just pass null as a hostname, so let's just do that when Verify-Host is set to false.
2017-06-30Upload 1.5~alpha4 to experimental1.5_alpha4Julian Andres Klode
2017-06-30shippable: Run tests in parallelJulian Andres Klode
Gbp-Dch: ignore
2017-06-30CMake: Do not allow FORCE_CURL=ON with WITH_CURL=OFFJulian Andres Klode
This makes no sense. We need both entries in the cache, as we check FORCE_CURL in the test suite. Gbp-Dch: ignore
2017-06-30TLS support: Error out on unsupported curl optionsJulian Andres Klode
Silently ignoring the options might be a security issue, so produce an error instead.
2017-06-30Improve closing the TLS connectionJulian Andres Klode
If gnutls_session_bye() exited with an error, we never closed the underlying file descriptor, causing the method to think the connection was still open. This caused problems especially in test-partial-file-support where we checked that a "complete" file and an incomplete file work. The first GET returns a 416 with Connection: close, and the next GET request then accidentally reads the body of the 416 as the header for its own request.