summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-11don't warn if untransformed distribution matchesDavid Kalnischkies
A suite or codename entry in the Release file is checked against the distribution field in the sources.list entry that lead to the download of that Release file. This distribution entry can contain slashes in the distribution field: deb http://security.debian.org/debian wheezy/updates main However, the Release file may only contain "wheezy" in the Codename field and not "wheezy/updates". So a transformation needs to take place that removes the last / and everything that comes after (e.g. "/updates"). This fails, however, for valid cases like a reprepro snapshot where the given Codename contains slashes but is perfectly fine and doesn't need to be transformed. Since that transformation is essentially just a workaround for special cases like the security repository, it should be checked if the literal Codename without any transformations happened is valid and only if isn't the dist should be checked against the transformated one. This way special cases like security.debian.org are handled and reprepro snapshots work too. The initial patch was taken as insperationto move whole transformation to CheckDist() which makes this method more accepting & easier to use (but according to codesearch.d.n we are the only users anyhow). Thanks: Lukas Anzinger for initial patch Closes: 644610
2016-11-11add hidden config to set packages as Essential/ImportantDavid Kalnischkies
You can pretty much achieve the same with a local dummy package if you want to, but libapt has an inbuilt setting for essential: "apt" which can be overridden with this option as well – it could be helpful in quick tests and what not so adding this alternative shouldn't really hurt much. We aren't going to document them much through as care must be taken in regards to the binary caches as they aren't invalidated by config options alone, so the effects of old settings could still be in them, similar to the other already existing pkgCacheGen option(s). Closes: 767891 Thanks: Anthony Towns for initial patch
2016-11-11http: skip connection cleanup if we close it anyhowDavid Kalnischkies
Suggested in #529794
2016-11-11http: clear content before reporting the failureEdgar Fuß
[Comment from commiter:] I have the feeling that the issue itself is fixed for a while already as nowadays we have testcases involving a webserver closing the connection on error (look for "closeOnError") and no even remotely recent reports about it, but moving the content clearance above the failure report is a valid change and shouldn't hurt. Closes: #465572
2016-11-11add TMP/TEMP/TEMPDIR to the TMPDIR DropPrivileges danceDavid Kalnischkies
apt tools do not really support these other variables, but tools apt calls might, so lets play save and clean those up as needed. Reported-By: Paul Wise (pabs) on IRC
2016-11-10travis: ignore profiling warning in test diffsDavid Kalnischkies
On Travis CI running tests with code coverage enabled sometimes generates lines like: profiling:/path/to/file.gcda:Merge mismatch for function 257 It would be nice if we could resolve this somehow as it garbles the statistics, but until then it is far more annoying that this causes test failures for no good reason. Gbp-Dch: Ignore
2016-11-10support 'apt build-dep .' (aka: without /)David Kalnischkies
Reported-By: Christoph Berg (Myon) on IRC
2016-11-10improve SOCKS error messages for http slightlyDavid Kalnischkies
The 0.0.0.0:0 tor reports is pretty useless by itself, but even if an IP would be reported it is better to show the user the hostname we wanted the proxy to connect to in the same error message. We improve upon it further by looking for this bind address in particular and remap error messages slightly to give users a better chance of figuring out what went wrong. Upstream Tor can't do that as it is technically wrong.
2016-11-09rename Checksum-FileSize to Filesize in hashsum mismatchDavid Kalnischkies
Some people do not recognize the field value with such an arcane name and/or expect it to refer to something different (e.g. #839257). We can't just rename it internally as its an avoidance strategy as such fieldname existed previously with less clear semantics, but we can spare the general public from this implementation detail.
2016-11-09show the conflicting distribution warning againDavid Kalnischkies
Sometimes you should really act upon your todos. Especially if you have placed them directly in the code. Closes: 841874
2016-11-09reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivilegesDavid Kalnischkies
We can't cleanup the environment like e.g. sudo would do as you usually want the environment to "leak" into these helpers, but some variables like HOME should really not have still the value of the root user – it could confuse the helpers (USER) and HOME isn't accessible anyhow. Closes: 842877
2016-11-09fix three typos in sources & manpagesChris Leick
2016-11-09add a testcase for support of various build-dependency typesDavid Kalnischkies
See also c5f22e483cc0f31f2938874370ac776e40792069 Gbp-Dch: Ignore
2016-11-09add support for Build-Depends/Conflicts-ArchJohannes Schauer
These new enum values might cause "interesting" behaviour in tools not expecting them – like an old apt would think a Build-Conflicts-Arch is some sort of Build-Depends – but that can't reasonably be avoided and effects only packages using B-D/C-A so if there is any breakage the tools can easily be adapted. The APT_PKG_RELEASE number is increased so that libapt users can detect the availability of these new enum fields via: #if APT_PKG_ABI > 500 || (APT_PKG_ABI == 500 && APT_PKG_RELEASE >= 1) Closes: #837395
2016-11-09fix testcase expecting incorrect remove log from dpkgDavid Kalnischkies
dpkg 1.18.11 includes: * Do not log nor print duplicate dpkg removal action. We print “Removing <package> (<version>)” lines and log remove action twice when purging a package from frontends, because they usually first call --remove and then --purge sequentially. When purging a package which is already in config-files (i.e. it has been removed before), do not print nor log the remove action.
2016-11-09Do not (re)start "apt-daily.system"Michael Vogt
This unit runs unattended-upgrades. If apt itself is part of the upgrade a restart of the unit will kill unattended-upgrades. This will lead to an inconsistent dpkg status. Closes: #841763 Thanks: Alexandre Detiste
2016-11-02keep Release.gpg on untrusted to trusted IMS-HitDavid Kalnischkies
A user relying on the deprecated behaviour of apt-get to accept a source with an unknown pubkey to install a package containing the key expects that the following 'apt-get update' causes the source to be considered as trusted, but in case the source hadn't changed in the meantime this wasn't happening: The source kept being untrusted until the Release file was changed. This only effects sources not using InRelease and only apt-get, the apt binary downright refuses this course of actions, but it is a common way of adding external sources. Closes: 838779
2016-11-02don't install new deps of candidates for kept back pkgsDavid Kalnischkies
In effect this is an extension of the 6 years old commit a8dfff90aa740889eb99d00fde5d70908d9fd88a which uses the autoremover to remove packages again from the solution which are no longer needed to be there. Commonly these are dependencies of packages we end up not installed due to problem resolver decisions. Slightly less common is the situation we deal with here: a package which we wanted to upgrade sporting a new dependency, but ended up holding back. The problem is that all versions of an installed reverse dependencies can bring back a "garbage" package – we need to do this as there is nothing inherently wrong in having garbage packages installed or upgrade them, which itself would have garbage dependencies, so just blindly killing all new garbage packages would prevent the upgrade (and actually generate errors). What we should be doing is looking only at the version we will have on the system, disregarding all old/new reverse dependencies. Reported-By: Stuart Prescott (themill) on IRC
2016-11-02Dutch manpages translation updateFrans Spiesschaert
Closes: #840757
2016-11-02Dutch program translation updateFrans Spiesschaert
Closes: #840552
2016-11-02fix invalid XML in German manpage translationJames Clarke
Gbp-Dch: Ignore
2016-10-29Updated German documentation translationChris Leick
2016-10-04Release 1.3.11.3.1Julian Andres Klode
2016-10-04travis: Move codecov from after_success to after_scriptJulian Andres Klode
We always want to run codecov test, even if there are spurious failures. We should really work around those failures more, though, it is starting to annoy me.
2016-10-04Turkish program translation updateMert Dirik
Closes: #838731
2016-10-04Japanese manpages translation updatevictory
2016-10-04Do not read stderr from proxy autodetection scriptsJulian Andres Klode
This fixes a regression introduced in commit 8f858d560e3b7b475c623c4e242d1edce246025a don't leak FD in AutoProxyDetect command return parsing which accidentally made the proxy autodetection code also read the scripts output on stderr, not only on stdout when it switched the code from popen() to Popen(). Reported-By: Tim Small <tim@seoss.co.uk>
2016-09-20Release 1.31.3Julian Andres Klode
2016-09-18VersionHash: Do not skip too long dependency linesJulian Andres Klode
If the dependency line does not contain spaces in the repository but does in the dpkg status file (because dpkg normalized the dependency list), the dpkg line might be longer than the line in the repository. If it now happens to be longer than 1024 characters, it would be skipped, causing the hashes to be out of date. Note that we have to bump the minor cache version again as this changes the format slightly, and we might get mismatches with an older src cache otherwise. Fixes Debian/apt#23
2016-09-11travis: Add coverage testing using codecov.ioJulian Andres Klode
This allows fully automated code coverage testing, which is basically awesome. To allow the methods and solvers and stuff which run as _apt to write to our build directory, we need to adjust the permissions a bit, but otherwise it's OK. Gbp-Dch: ignore
2016-09-11Coverage: Do not print messages from gcovJulian Andres Klode
We need to ignore messages from gcov. All those messages start with profiling: and are printed using vfprintf(), so the only thing we can do is add a library overriding those functions and linking apt-pkg to it.
2016-09-11CMake: Add coverage build typeJulian Andres Klode
This allows us to easily test coverage
2016-09-11travis: use ninja and ccache for buildingJulian Andres Klode
This cleans up the output a bit, it should also improve performance, but unfortunately, this does not really seem to be the case. Gbp-Dch: ignore
2016-09-07test: Always install dpkg into our tests, regardless of MAJulian Andres Klode
Even if we only configure a single architecture, install dpkg, so dpkg can assert multi arch correctly. This also has the nice side effect of making single architecture and multiple architecture test cases more uniform. This fixes a regression from f878d3a862128bc1385616751ae1d78246b1bd01 ("test: Assert multi-arch in the chroot").
2016-09-07test: framework: Ensure copied status files have trailing linesJulian Andres Klode
If we copied one of the existing status files, we might not have a trailing newline, so let's add one. Gbp-Dch: ignore
2016-09-07edsp: try 2 to read responses even if writing failedDavid Kalnischkies
Commit b60c8a89c281f2bb945d426d2215cbf8f5760738 improved the situation, but due to inconsistency mostly for planners, not for solvers. As the idea of hiding errors if we show another error is a bit scary (as the extern error might be a followup of our intern error, rather than the reason for our intern error as it is at the moment) we don't discard the errors, but if we got an extern error we show them directly removing them from the error list at the end of the run – that list will contain the extern error which hopefully gives us the best of both worlds. The problem itself is the same as before: The externals exiting before apt is done talking to them. Reported-By: Johannes 'josch' Schauer on IRC
2016-09-04abort connection on '.' target replies in SRVDavid Kalnischkies
Commit 3af3ac2f5ec007badeded46a94be2bd06b9917a2 (released in 1.3~pre1) implements proper fallback for SRV, but that works actually too good as the RFC defines that such an SRV record should indicate that the server doesn't provide this service and apt should respect this. The solution is hence to fail again as requested even if that isn't what the user (and perhaps even the server admins) wanted. At least we will print a message now explicitly mentioning SRV to point people in the right direction. Reported-In: https://bugs.kali.org/view.php?id=3525 Reported-By: Raphaël Hertzog
2016-09-03update testing hints in README.mdDavid Kalnischkies
Gbp-Dch: Ignore
2016-09-02Release 1.3~rc41.3_rc4Julian Andres Klode
2016-09-02debian: Pass -O to make to get readable build logsJulian Andres Klode
Normally make just lets every job write its output directly, making the log fairly hard to read with high concurrency.
2016-09-02debian: Move bugscript to old location for overlayfs xdev issueJulian Andres Klode
dpkg on overlayfs cannot rename apt/script to apt, because overlayfs will not let it move apt to a backup name, responding with XDEV instead.
2016-09-02acquire: Use priority queues and a 3 stage pipeline designJulian Andres Klode
Employ a priority queue instead of a normal queue to hold the items; and only add items to the running pipeline if their priority is the same or higher than the priority of items in the queue. The priorities are designed for a 3 stage pipeline system: In stage 1, all Release files and .diff/Index files are fetched. This allows us to determine what files remain to be fetched, and thus ensures a usable progress reporting. In stage 2, all Pdiff patches are fetched, so we can apply them in parallel with fetching other files in stage 3. In stage 3, all other files are fetched (complete index files such as Contents, Packages). Performance improvements, mainly from fetching the pdiff patches before complete files, so they can be applied in parallel: For the 01 Sep 2016 03:35:23 UTC -> 02 Sep 2016 09:25:37 update of Debian unstable and testing with Contents and appstream for amd64 and i386, update time reduced from 37 seconds to 24-28 seconds. Previously, apt would first download new DEP11 icon tarballs and metadata files, causing the CPU to be idle. By fetching the diffs in stage 2, we can now patch our contents and Packages files while we are downloading the DEP11 stuff.
2016-09-02CMake: apt-pkg: Use correct ICONV_INCLUDE_DIRS variableJulian Andres Klode
This accidentally used ICONV_DIRECTORIES, which does not even exist. Weird.
2016-09-02CMake: test/libapt: Use a prebuilt GTest library if availableJulian Andres Klode
If a non-existing source directory is specified, try finding the system gtest library. Debian derived distributions are a bit strange because they only ship the source code and not the library...
2016-09-02gitignore: Add generated docbook stylesheetsJulian Andres Klode
I switched them over to generated files in commit 9fb81c6e54a2fe05c0ad0b877fd32f30358e3877, but forgot to add them to the ignore file. Gbp-Dch: ignore
2016-09-01support long keyid and fingerprint in gpgv's GOODSIGDavid Kalnischkies
In gpgv1 GOODSIG (and the other messages of status-fd) are documented as sending the long keyid. In gpgv2 it is documented to be either long keyid or the fingerprint. At the moment it is still the long keyid, but the documentation hints at the possibility of changing this. We care about this for Signed-By support as we detect this way if the right fingerprint has signed this file (or not). The check itself is done via VALIDSIG which always is a fingerprint, but there must also be a GOODSIG (as expired sigs are valid, too) found to be accepted which wouldn't be found in the fingerprint-case and the signature hence refused.
2016-09-01re-add apt breaks/replaces apt-utils (<< 1.3~exp2~)David Kalnischkies
The recently added (increased actually) Breaks were accidently dropped while our set of mostly old and outdated breaks was cleaned up. Regression-From: 20d2f4a4f164cd9026dad698e471c95d7c28973b Previously-Add-In: ab07af708e49c9219940ffd3e20a01c763267e03 Closes: #836220
2016-09-01tests: silence -Wmissing-declarationsDavid Kalnischkies
Gbp-Dch: Ignore Reported-By: gcc -Wmissing-declarations
2016-09-01try not to call memcpy with length 0 in hash calculationsDavid Kalnischkies
memcpy is marked as nonnull for its input, but ignores the input anyhow if the declared length is zero. Our SHA2 implementations do this as well, it was "just" MD5 and SHA1 missing, so we add the length check here as well as along the callstack as it is really pointless to do all these method calls for "nothing". Reported-By: gcc -fsanitize=undefined
2016-09-01test-apt-cdrom: Fix for gnupg 2.1.15Julian Andres Klode
gpg annoyingly changed its output and broke our test suite again by adding two extra lines about key type and issuer. Really annoying. Those lines also have more than one space after the colon, so let's use \s* there - and also change the other lines to support variable length whitespace in case gpg decides to break things there too.