summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-07-05avoid 416 response teardown binding to null pointerDavid Kalnischkies
methods/http.cc:640:13: runtime error: reference binding to null pointer of type 'struct FileFd' This reference is never used in the cases it has a nullptr, so the practical difference is non-existent, but its a bug still. Reported-By: gcc -fsanitize=undefined
2016-07-05tests: allow setting environment in extra fileDavid Kalnischkies
It can be handy to set apt options for the testcases which shouldn't be accidentally committed like external planner testing or workarounds for local setups. Gbp-Dch: Ignore
2016-07-05Make the test case executableJulian Andres Klode
Gbp-Dch: ignore
2016-07-05indextargets: Check that cache could be built before using itJulian Andres Klode
This caused a crash because the cache was a nullptr. Closes: #829651
2016-07-02use +0000 instead of UTC by default as timezone in outputDavid Kalnischkies
All apt versions support numeric as well as 3-character timezones just fine and its actually hard to write code which doesn't "accidently" accepts it. So why change? Documenting the Date/Valid-Until fields in the Release file is easy to do in terms of referencing the datetime format used e.g. in the Debian changelogs (policy §4.4). This format specifies only the numeric timezones through, not the nowadays obsolete 3-character ones, so in the interest of least surprise we should use the same format even through it carries a small risk of regression in other clients (which encounter repositories created with apt-ftparchive). In case it is really regressing in practice, the hidden option -o APT::FTPArchive::Release::NumericTimezone=0 can be used to go back to good old UTC as timezone. The EDSP and EIPP protocols use this 'new' format, the text interface used to communicate with the acquire methods does not for compatibility reasons even if none of our methods would be effected and I doubt any other would (in these instances the timezone is 'GMT' as that is what HTTP/1.1 requires). Note that this is only true for apt talking to methods, (libapt-based) methods talking to apt will respond with the 'new' format. It is therefore strongly adviced to support both also in method input.
2016-07-02deprecate 'apt-key update' and no-op it in DebianDavid Kalnischkies
Debian isn't using 'update' anymore for years and the command is in direct conflict with our goal of not requiring gnupg anymore, so it is high time to officially declare this command as deprecated.
2016-07-01warn if apt-key is used in scripts/its output parsedDavid Kalnischkies
apt-key needs gnupg for most of its operations, but depending on it isn't very efficient as apt-key is hardly used by users – and scripts shouldn't use it to begin with as it is just a silly wrapper. To draw more attention on the fact that e.g. 'apt-key add' should not be used in favor of "just" dropping a keyring file into the trusted.gpg.d directory this commit implements the display of warnings.
2016-07-01alias apt-key list to fingerDavid Kalnischkies
There is no real point in having two commands which roughly do the same thing, especially if the difference is just in the display of the fingerprint and hence security sensitive information. Closes: 829232
2016-07-01do not treat same-version local debs as downgradeDavid Kalnischkies
As the volatile sources are parsed last they were sorted behind the dpkg/status file and hence are treated as a downgrade, which isn't really what you want to happen as from a user POV its an upgrade.
2016-07-01reinstalling local deb file is no downgradeDavid Kalnischkies
If we have a (e.g. locally built) deb file installed and do try to install it again apt complained about this being a downgrade, but it wasn't as it is the very same version… it was just confused into not merging the versions together which looks like a downgrade then. The same size assumption is usually good, but given that volatile files are parsed last (even after the status file) the base assumption no longer holds, but is easy to adept without actually changing anything in practice.
2016-07-01protect only the latest same-source providers from autoremoveDavid Kalnischkies
Traditionally all providers are protected providing something as apt can't know which of them is actually really providing the functionality for the user ensuring that we don't propose the removal of used stuff, but that is of course also keeping stuff around which could be removed. That can cause the collection of multiple old providers until the provided package is itself no longer needed (e.g. out-of-tree kernel modules). We combat this by marking providers only from the newest source package version so that old providers built by older versions of the same source package can be garbage collected.
2016-06-30more explicit MarkRequired algorithm code (part 2)David Kalnischkies
As the previous commit, this shouldn't change behavior at all, but beside being more explicit and perhaps faster its also considerably shorter (granted, mostly by if0-block elimination). Gbp-Dch: Ignore
2016-06-30more explicit MarkRequired algorithm codeDavid Kalnischkies
Piling everything in a single if statement always made my head wobble, but it hasn't even a benefit as the most common case of a package which isn't installed passes all of the old if and lands in the non-existent else-part of the inner if. So beside a subjective cleanup of what goes on this implementation should also be a bit faster. No change in behavior should be present. Gbp-Dch: Ignore
2016-06-30tests: deduplicate package creation framework codeDavid Kalnischkies
Gbp-Dch: Ignore
2016-06-29write auto-bits before calling dpkg & again after if neededDavid Kalnischkies
Writing first means that even in the event of a power-failure the autobit is saved for future processing instead of "forgotten" so that the package is treated as manually installed. In some cases we have to re-run the writing after dpkg is done through as dpkg can let packages disappear and in such cases apt will move autobits around (or in that case non-autobits) which we need to store.
2016-06-29if reading of autobit state failed, let write failDavid Kalnischkies
If we can't read the old file we can't just move forward as that would discard potentially discard old data (especially other fields). We let it fail only after we are done writing the new file so a user has the chance to look into and merge the new data (which is otherwise discarded).
2016-06-29don't do atomic overrides with failed filesDavid Kalnischkies
We deploy atomic renames for some files, but these renames also happen if something about the file failed which isn't really the point of the exercise… Closes: 828908
2016-06-29Revert "travis: use gcc-5 instead of gcc(-4.8)"David Kalnischkies
This reverts commit 2b8221d66a8284042fc53c7bbb14bb9750e9137f. Avoiding the use of GCC >= 5 stuff lets use go back to 4.8 simplifying the travis setup again as well as reducing the backport requirements in general. This is possible because the std::get_time use requiring GCC >= 5 in 9febc2b238e1e322dce1f94ecbed46d595893b52 was replaced by handrolling it in 1d742e01470bba27715a8191c50adde4b39c2f19, so the remaining uses are just small conviniences we can do without. Gbp-Dch: Ignore
2016-06-29if conf unset, don't read / as conf/pref/sources dirDavid Kalnischkies
Usually these config options are set to sensible values, but if init isn't run or the user interferes with configuration clearing or similar the options could indeed carry an empty value, which will result in FindDir returning a '/'. That feels kinda wrong, but as a public interface there isn't much we can do about it and instead make it so that we get the special file /dev/null back we know how to deal with in such cases.
2016-06-29eipp: let apt make a plan, not make stuff planeDavid Kalnischkies
Julian noticed on IRC that I fall victim to a lovely false friend by calling referring to a 'planer' all the time even through these are machines to e.g. remove splinters from woodwork ("make stuff plane"). The term I meant is written in german in this way (= with a single n) but in english there are two, aka: 'planner'. As that is unreleased code switching all instances without any transitional provisions. Also the reason why its skipped in changelog. Thanks: Julian Andres Klode Gbp-Dch: Ignore
2016-06-28cache: Bump minor version to 6Julian Andres Klode
Needed for the previous change
2016-06-28Fix buffer overflow in debListParser::VersionHash()Julian Andres Klode
If a package file is formatted in a way that that no space follows a deprecated "<", we would reformat it to "<=" and increase the length of the output by 1, which can break. Under normal circumstances with "<=" this should not be an issue. Closes: #828812
2016-06-27eipp: enable xz-compressed scenario loggingDavid Kalnischkies
In 385d9f2f23057bc5808b5e013e77ba16d1c94da4 I implemented the storage of scenario files based on enabling this by default for EIPP, but I implemented it first optionally for EDSP to have it independent. The reasons mentioned in the earlier commit (debugging and bugreports) obviously apply here, especially as EIPP solutions aren't user approved, nearly impossible to verify before starting the execution and at the time of error the scenario has changed already, so that reproducing the issue becomes hard(er).
2016-06-27eipp: rename stanza 'Install' to 'Unpack'David Kalnischkies
Freeing 'Install' for future use as an interface for "dpkg --install", which is currently not used by any existent planer, so the implementation of it itself will be delayed until then.
2016-06-27eipp: add Allow-Temporary-Remove-of-EssentialsDavid Kalnischkies
A rather special need option, but the internal planer supports this and we have a testcase for it & sometimes it is hit (as a bug through). The option itself mostly serves as a reminder for implementors that they should be careful with removes and especially temporary removes if they perform any.
2016-06-27eipp: include global errors in reported errorDavid Kalnischkies
Git-Dch: Ignore
2016-06-27eipp: implement Immediate-Configuration flagDavid Kalnischkies
APT has 3 modes: no immediate configuration, all packages are configured immediately and its default mode of configuring essentials and pseudo-essentials immediately only. While this seems like a job of different planers at first, it might be handy to have it as an option, too, in case a planer (like apts internal one) supports different modes where the introduction of individual planers would be counter intuitive.
2016-06-27eipp: properly handle arch-specific providesDavid Kalnischkies
The generation of the EIPP request was a bit to strict not generation what would actually be needed to be part of the scenario.
2016-06-27eipp: make no difference between remove & purgeDavid Kalnischkies
For the order there is no inherent difference between delete or purge, so we don't tell the planer about this and instead decide in apt if a package should be purged or not which also allows us to not tell the planer about rc-only purges as we can trivially do this on our on as there is no need to plan such purges.
2016-06-27eipp: provide the internal planer as an external oneDavid Kalnischkies
Testing the current implementation can benefit from being able to be feed an EIPP request and produce a fully compliant response. It is also a great test for EIPP in general.
2016-06-27eipp: output at most two versions per packageDavid Kalnischkies
We can trim generation time and size of the EIPP scenario considerable if we we avoid telling the planers about "uninteresting" packages. This is one of the simpler but already very effective reductions: Do not tell planers about versions which are neither installed nor are to be installed as they have no effect on the plan we don't need to tell the planer about them. EDSP solvers need to know about all versions for better choice and error messages, but planers really don't. Git-Dch: Ignore
2016-06-27eipp: implement version 0.1 of the protocolDavid Kalnischkies
The very first step in introducing the "external installation planer protocol" (short: EIPP) as part of my GSoC2016 project. The description reads: APT-based tools like apt-get, aptitude, synaptic, … work with the user to figure out how their system should look like after they are done installing/removing packages and their dependencies. The actual installation/removal of packages is done by dpkg with the constrain that dependencies must be fulfilled at any point in time (e.g. to run maintainer scripts). Historically APT has a super micro-management approach to this task which hasn't aged that well over the years mostly ignoring changes in dpkg and growing into an unmaintainable mess hardly anyone can debug and everyone fears to touch – especially as more and more requirements are tacked onto it like handling cycles and triggers, dealing with "important" packages first, package sources on removable media, touch minimal groups to be able to interrupt the process if needed (e.g. unattended-upgrades) which not only sky-rocket complexity but also can be mutually exclusive as you e.g. can't have minimal groups and minimal trigger executions at the same time.
2016-06-27add myself to UploadersDavid Kalnischkies
2016-06-27close server if parsing of header field failedDavid Kalnischkies
Seen in #828011 if we fail to parse a header field like Last-Modified we end up interpreting the data as response header for coming requests in case we don't rotate to a new server in DNS rotation.
2016-06-27tests: add epoch-packages to try clean with epochsDavid Kalnischkies
Git-Dch: Ignore
2016-06-27imbue .diff/Index parsing with C.UTF-8 as wellDavid Kalnischkies
In 3bdff17c894d0c3d0f813d358fc45d7a263f3552 we did it for the datetime parsing, but we use the same style in the parsing for pdiff (where the size of the file is in the middle of the three fields) so imbueing here as well is a good idea.
2016-06-27Add a apt suggests powermgmt-baseNicolas Le Cam
debian/apt.apt-compat.cron.daily is using on_ac_power utility
2016-06-27Use the ConditionACPower feature of systemd in the apt-daily serviceNicolas Le Cam
.. instead of hardcoding the functionnality in the apt.systemd.daily script. Also make the compatibility cron job provide the same functionnality for systems that do not use systemd. Closes: #827930
2016-06-27methods/ftp: Cope with weird PASV responsesJulian Andres Klode
wu-ftpd sends the response without parens, whereas we expect them. I did not test the patch, but it should work. I added another return true if Pos is still npos after the second find to make sure we don't add npos to the string. Thanks: Lukasz Stelmach for the initial patch Closes: #420940
2016-06-27zh_CN.po: update simplified chinese translationZhou Mo
2016-06-25imbue datetime parsing with C.UTF-8 localeDavid Kalnischkies
Rewritten in 9febc2b238e1e322dce1f94ecbed46d595893b52 for c++ locales usage and rewritten again in 1d742e01470bba27715a8191c50adde4b39c2f19 to avoid a currently present stdlibc++6 bug in the std::get_time implementation. The later implementation uses still stringstreams for parsing, but forgot to explicitly reset the locale to something sane (for parsing english dates that is), so date and especially the parsing of a number is depending on the locale. Turns out, the French (among others) format their numbers with space as thousand separator so for some reason the stdlibc++6 thinks its a good idea to interpret the entire datetime string as a single number instead of realizing that in "25 Jun …" the later parts can't reasonably be part of that number even through there are spaces there… Workaround is hence: LC_NUMERIC=C.UTF-8 Closes: 828011
2016-06-23show right binary name in simulation noticeDavid Kalnischkies
Closes: 825216
2016-06-22Release 1.3~exp31.3_exp3Julian Andres Klode
Quite a huge churn of new strings.
2016-06-22add insecure (and weak) allow-options for sources.listDavid Kalnischkies
Weak had no dedicated option before and Insecure and Downgrade were both global options, which given the effect they all have on security is rather bad. Setting them for individual repositories only isn't great but at least slightly better and also more consistent with other settings for repositories.
2016-06-22ensure filesize of deb is included in the hashes listDavid Kalnischkies
Filesize is a silly hash all by itself, but in combination with others it can be a strong opponent, so ensuring that it is in the list of hashes and hence checked by the normal course of action the acquire process takes is a good thing.
2016-06-22add [weak] tag to hash errors to indicate insufficiencyDavid Kalnischkies
For "Hash Sum mismatch" that info doesn't make a whole lot of difference, but for the new insufficient info message an indicator that while this hashes are there and even match, they aren't enough from a security standpoint.
2016-06-22better error message for insufficient hashsumsDavid Kalnischkies
Downloading and saying "Hash Sum mismatch" isn't very friendly from a user POV, so with this change we try to detect such cases early on and report it, preferably before download even started. Closes: 827758
2016-06-22source: if download is skipped, don't try to unpackDavid Kalnischkies
If apt decides it can't download a file it is relatively pointless to try to tell dpkg-source to unpack it.
2016-06-22forbid insecure repositories by default expect in apt-getDavid Kalnischkies
With this commit all APT-based clients default to refusing to work with unsigned or otherwise insufficently secured repositories. In terms of apt and apt-get this changes nothing, but it effects all tools using libapt like aptitude, synaptic or packagekit. The exception remains apt-get for stretch for now as this might break too many scripts/usecases too quickly. The documentation is updated and extended to reflect how to opt out or in on this behaviour change. Closes: 808367
2016-06-22generalize secure->insecure downgrade protectionDavid Kalnischkies
Handling the extra check (and force requirement) for downgrades in security in our AllowInsecureRepositories checker helps in having this check everywhere instead of just in the most common place and requiring a little extra force in such cases is always good.