Age | Commit message (Collapse) | Author |
|
We used to fail on unreadable config/preferences/sources files, but at
least for sources we didn't in the past and it seems harsh to refuse to
work because of a single file, especially as the error messages are
inconsistent and end up being silly (like suggesting to run apt update
to fix the problem…).
LP: #1701852
|
|
Using different ways of opening files means we have different behaviour
and error messages for them, so by the same for all we can have more
uniformity for users and apt developers alike.
|
|
Failing on too much data is good, but we can do better by checking for
exact filesizes as we know with hashsums how large a file should be, so
if we get a file which has a size we do not expect we can drop it
directly, regardless of if the file is larger or smaller than what we
expect which should catch most cases which would end up as hashsum
errors later now a lot sooner.
|
|
We tend to operate on rather large static files, which means we usually
get Content-Length information from the server. If we combine this
information with the filesize we are expecting (factoring in pipelining)
we can avoid reading a bunch of data we are ending up rejecting anyhow
by just closing the connection saving bandwidth and time both for the
server as well as the client.
|
|
Weak hashes like filesize can be used by methods for basic checks and
early refusals even if we can't use them for hard security proposes.
Normal apt operations are not affected by this as they fail if no strong
hash is available, but if apt is forced to work with weak-only files or
e.g. in apt-helper context it can have benefits as weak is better than
no hash for the methods.
|
|
It is highly unlikely to encounter fields which start with HTTP in
practice, but we should really be a bit more restrictive here.
|
|
The comment says this is intended, but looking at the history reveals
that the comment comes from a different era. Nowadays we don't really
need it anymore (and even back then it was disputeable) as we haven't
used that file for our update in the end and nothing really needs this
file after the update.
Triggered is this by 188f297a2af4c15cb1d502360d1e478644b5b810 which
moves various error conditions forward including this code expecting the
file to exist – but it doesn't need to as download could have failed.
We could fix that by simple checking if the file exists and only stage
it if it does, but instead we don't stage it and instead even rename it
out of the way with our conventional FAILED name (if it exists).
That restores support for partial mirrors (= in this case mirrors which
don't ship pdiff files). Note that apt heals itself even if only such a
mirror is used as the update is successful even if that error is shown.
Closes: 869425
|
|
RenameOnError does the rename already, so the check for existence will
always fail making this some completely harmles but also completely
pointless two lines of code we are better of removing.
Gbp-Dch: Ignore
|
|
This file isn't compressed by default, but it might be compressed by a
bugreporter and uncompressing it is extra work apt could do just as well
on the fly as needed just like it does for the dpkg/status file.
|
|
Our test-external-dependency-solver-protocol test sometimes fails on the
immediately 'crashing' solver exit1withoutmsg with the message that it
got SIGPIPE from the solver. That isn't really possible as the solver
produces no output, but on inspection its not this solver getting the
signal but the wrapping provided by the dump-solver as the wrapped
solver instantly exits. Simply ignoring the signal helps in perhaps
extracting the last words of another solver (as this one has none), but
at the very least we get the exit code of the wrapped solver we
interested in as output.
|
|
debtorrent and its helper apt-transport-debtorrent were removed from
Debian in 2013 based on the bugreports #730459 and #731281. As they
aren't available, we shouldn't make references to them anymore. a-t-tor
is picked as replacement for the example.
|
|
The main process is guessed by systemd. This prevents killing dpkg
run by unattended-upgrades in the middle of installing packages
and ensures graceful shutdown.
The timeout of 900 seconds after which apt-daily-upgrade.service
is killed is in sync with unattended-upgrades's timer.
LP: #1690980
|
|
We can't allocate a pointer here, it would not get released - use
an object instead.
Gbp-Dch: ignore
|
|
This makes the code easier to read.
|
|
Minor grammar fix
[jak@d.o: Fixed up po/]
|
|
/org has been obsoleted by /srv for many years on debian.org hosts.
|
|
Gbp-Dch: ignore
|
|
|
|
[squashed:]
apt.systemd.daily: check_stamp: check for 'always' before numerical values
Prevents a crash when the configuration actually uses 'always':
apt.systemd.daily: 402: [: Illegal number: always
|
|
This should make it easier to read includes.
|
|
|
|
This adds a warning so existing working code will still
work (as it includes pkgcache.h first anyway), but it will
know that it's not right to include this file directly.
|
|
This makes it easier to see which headers includes what.
The changes were done by running
git grep -l '#\s*include' \
| grep -E '.(cc|h)$' \
| xargs sed -i -E 's/(^\s*)#(\s*)include/\1#\2 include/'
To modify all include lines by adding a space, and then running
./git-clang-format.sh.
|
|
|
|
Including cacheiterators.h before pkgcache.h fails because
pkgcache.h depends on cacheiterators.h.
|
|
Commit d7c92411dc1f4c6be098d1425f9c1c075e0c2154 parses the Components
section of (In)Release and attempts to detect the distribution's
supported components. While doing so, it handles component names with
slashes in a special manner, assuming that the actual component is only
the part after the final slash. This is done to handle
security.debian.org, which usually appears in sources.list as follows:
deb http://s.d.o/debian-security stretch/updates main contrib non-free
while the actual release file has:
Codename: stretch
Components: updates/main updates/contrib updates/non-free
While this special handing on APTs part indeed works for
debian-security, it emits spurious warnings on repositories that
actually use slashes in the component names *and* appear so in
sources.list.
We fix this by adding both component versions (whole and final part) to
the SupportedComponents array.
Closes: #868127
|
|
Reported-By: codespell & spellintian
Gbp-Dch: Ignore
|
|
Closes: 858877
|
|
Progress only shows if we have an idea of how much files we will
acquire, but if a transaction fails before we have got an idea we ended
up never showing progress even through we know that a failed transaction
will not download additional files.
|
|
|
|
|
|
|
|
That's just ridiculous these days.
Gbp-Dch: ignore
|
|
Gbp-Dch: Ignore
|
|
It is kinda unlikely that apt will ever encounter a certificate for an
IP and a user actually using it, but the API documentation for
gnutls_server_name_set explicitly says that "IPv4 or IPv6 addresses are
not permitted to be set by this function.", so we should follow it.
[jak@d.o: Slightly rebased]
|
|
This makes more sense. If the handshake failed midway, we still
should run the gnutls bye stuff. The thinking here is to only
set the fd after the session setup, as we do not modify it
before, so if it fails in session setup, you retain a usable
file descriptor.
Gbp-Dch: ignore
|
|
This probably makes more sense if Verify-Peer is set to off.
|
|
This should make it easier to figure out what was
going on.
|
|
- Use a tmpfs for /tmp - not really a benefit here,
except for travis as it's writing less now.
- Use the fastly CDN - about twice as fast as ftp.de,
and seems more stable than cloudfront
- Run apt-get clean to keep container smaller - should
not be needed really, but let's just do it.
Gbp-Dch: ignore
|
|
This caused spurious test failures.
|
|
APT considered any response with a Content-Length to have a
body, even if the value of the header was 0. A 0 length body
however, is equal to no body.
|
|
We can actually just pass null as a hostname, so let's just
do that when Verify-Host is set to false.
|
|
|
|
Gbp-Dch: ignore
|
|
This makes no sense. We need both entries in the cache, as
we check FORCE_CURL in the test suite.
Gbp-Dch: ignore
|
|
Silently ignoring the options might be a security issue,
so produce an error instead.
|
|
If gnutls_session_bye() exited with an error, we never closed
the underlying file descriptor, causing the method to think the
connection was still open. This caused problems especially in
test-partial-file-support where we checked that a "complete"
file and an incomplete file work. The first GET returns a 416
with Connection: close, and the next GET request then accidentally
reads the body of the 416 as the header for its own request.
|
|
The old curl based method is still available as 'curl',
'curl+http', and 'curl+https'.
|
|
This runs parallel builds on docker, based on debian:testing
docker images, with ccache enabled and parallel running of the
test suite (ccache supports coverage builds these days, and
parallel testing just needs unbuffer to handle the stty stuff)
This is a huge step up from building on a mix of trusty, wily,
and xenial. Most importantly, coverage now correctly detects
partial covered lines instead of just reporting almost all of
them as fully covered.
We use ftp.de.debian.org as deb.debian.org backed by Amazon
503s too often.
Gbp-Dch: ignore
|
|
This makes it possible to write sensible auto detect scripts.
|