Age | Commit message (Collapse) | Author |
|
Git-Dch: Ignore
|
|
Git-Dch: Ignore
|
|
For compatibility we use/provide and fill quiet some deprecated methods
and fields, which subsequently earns us a warning for using them. These
warnings therefore have to be disabled for these codeparts and that is
what this change does now in a slightly more elegant way.
Git-Dch: Ignore
|
|
Checking the return value of this (and many other calls) in this
testcase is a good idea, so we do it now.
Reported-By: cppcheck
Git-Dch: Ignore
|
|
"did you intend to multiply instead?" is what cppcheck helpful says and
it is absolutely right. Doesn't make a whole lot of a difference though
as we are talking about 'char' in this testcase, but just to be sure.
Reported-By: cppcheck
Git-Dch: Ignore
|
|
'pos_is_okay'
It does not have any desired sideeffect, so we just mark it as const to
properly advertise this fact to developer, compiler and linter alike.
Reported-By: cppcheck
Git-Dch: Ignore
|
|
The manpage of va_start and co additionally says:
On some systems, va_end contains a closing '}' matching a '{' in
va_start, so that both macros must occur in the same function, and in a
way that allows this.
So instead of return/breaking instantly, we save the return, make a
proper turndown with va_end in all cases and only end after that.
Reported-By: cppcheck
Git-Dch: Ignore
|
|
The testcases have far worse problems if these ever end up being NULL
and/or are not given a value by the method called, but clang is right to
warn about it, just that we don't want to fix it in testcases…
Git-Dch: Ignore
|
|
One word: "doh!" Commit f6d4ab9ad8a2cfe52737ab620dd252cf8ceec43d
disabled the check to prevent apt from downloading bigger patches
than the index it tries to patch. Happens rarly of course, but still.
Detected by scan-build complaining about a dead assignment.
To make up for the mistake a test is included as well.
|
|
|
|
Git-dch: ignore
|
|
Git-Dch: ignore
|
|
debian/experimental
|
|
feature/no-more-acquire-guessing
Conflicts:
apt-pkg/acquire-item.cc
|
|
|
|
|
|
Conflicts:
debian/changelog
|
|
|
|
Translation-* is guessed
|
|
suffix" instead of -s for compatibility with older systems
|
|
|
|
The pkgAcquire::Run() code works uses a while(ToFetch > 0) loop
over the items queued for fetching. This means that we need to
Deqeueue the item if we call AbortTransaction() to avoid a hang.
|
|
Handle Translation-* files exactly like Packages files (with the
expection that it is ok if a download of them fails). Remove all
"guessing" on apts side. This will elimimnate a bunch of errors
releated to captive portals and similar. Its also more correct
and removes another potential attack vector.
|
|
The worker is the part closest to the methods, which will call the item
methods according to what it gets back from the methods, it is therefore
a better place to change permissions as it is very central and can do it
now at the point the item is assigned to a method rather than then it is
queued for download (and as before while dequeued via Done/Failure).
Git-Dch: Ignore
|
|
Git-Dch: Ignore
|
|
Central methods of our infrastructure like this one responsible for
communication with our methods shouldn't be more complicated then they
have to and not claim to have (albeit unlikely) bugs.
While I am not sure about having improved the first part, the bug is now
gone and a few explicit tests check that it stays that way, so nobody
will notice the difference (hopefully) – expect that this should a very
tiny bit faster as well as we don't manually proceed through the string.
Git-Dch: Ignore
|
|
It is a very simple hashstring, which is why it isn't contributing to
the usability of a list of them, but it is also trivial to check and
calculate, so it doesn't hurt checking it either as it can combined even
with the simplest other hashes greatly complicate attacks on them as you
suddenly need a same-size hash collision, which is usually a lot harder
to achieve.
|
|
Git-Dch: ignore
|
|
Instead of hardcoding Dpkg::MaxArgBytes find out about it using
the sysconf(_SC_ARG_MAX) call.
|
|
It is sometimes handy to have an installed package also in the archive,
but this was until now harder than it should as you had to duplicate the
lines, which is especially dangerous while writing the tests as it
easily happens that these two lines divert and so the same-but-different
version detection kicks in.
Git-Dch: Ignore
|
|
We can use either and some tests exercise this, but the default should
be what we want to use and that is a split out long description file
which is properly mentioned in the Release file.
Git-Dch: Ignore
|
|
Git-Dch: Ignore
|
|
partial files are chowned by the Item baseclass to let the methods work
with them. Now, this baseclass is also responsible for chowning the
files back to root instead of having various deeper levels do this.
The consequence is that all overloaded Failed() methods now call the
Item::Failed base as their first step. The same is done for Done().
The effect is that even in partial files usually don't belong to
_apt anymore, helping sneakernets and reducing possibilities of a bad
method modifying files not belonging to them.
The change is supported by the framework not only supporting being run
as root, but with proper permission management, too, so that privilege
dropping can be tested with them.
|
|
Git-Dch: ignore
|
|
Git-Dch: Ignore
|
|
Ensure in SetupAPTPartialDirectory() that the /etc/apt/auth.conf file
can be read by the priv sep apt methods.
|
|
If the methods drop privileges we need to ensure that
/etc/apt/apt.conf is still readable by the _apt user.
|
|
Private temporary directories as created by e.g. libpam-tmpdir are nice,
but they are also very effective in preventing our priviledge dropping
to work as TMPDIR will be set to a directory only root has access to, so
working with it as _apt will fail. We circumvent this by extending our
check for a usable TMPDIR setting by checking access rights.
Closes: 765951
|
|
Adds a new testwarning which tests for zero exit and the presents of a
warning in the output, failing if either is not the case or if an error
is found, too. This allows us to change testsuccess to accept only
totally successful executions (= without warnings) which should help
finding regressions.
Git-Dch: Ignore
|
|
These functions check the exit code of the command, but for apt commands
we can go further and require an error message for non-zero exits and
none for zero exits.
Git-Dch: Ignore
|
|
Git-Dch: Ignore
|
|
Git-Dch: Ignore
|
|
Adds some infrastructure to run tests automatically for certain
commands. The first command being 'apt-get update' (and 'apt update')
which check for correct permission and owner of the files in lists/.
Git-Dch: Ignore
|
|
If we get an IMS hit for an InRelease file we use the file we already
have and pass it into reverification, but this changes the permissions
and on abort of the transaction they weren't switched back.
This is now done, additionally, every file in partial which hasn't
failed gets permission and owner changed for root access as well, as it
is very well possible that the next invocation will (re)use these files.
|
|
Transactions are run and completed from multiple places, so it happens
for unsigned repos that the Release file was commited even if it was
previously aborted (due to --no-allow-insecure-repositories). The reason
is simply that the "failure" of getting an InRelease/Release.gpg is
currently ignored, so that the acquire process believes that nothing bad
happened and commits the transaction even though the same transaction
was previously aborted.
|
|
Refactors a bit to ensure the same message is used in all three cases as
well.
Git-Dch: Ignore
|
|
The conversion to accept only relevant options for commands has
forgotten another one, so adding it again even through the usecase might
very well be equally good served by --print-uris.
Closes: 742578
|
|
|
|
|
|
We do not support compressed indexes for cdrom sources as we rewrite
some of them, so supporting it correctly could be hard. What we do
instead in the meantime is probably disabling it for cdrom sources.
|