summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-10-05ignore unsupported key formats in apt-keyDavid Kalnischkies
gpg2 generates keyboxes by default and users end up putting either those or armored files into the trusted.gpg.d directory which apt tools neither expect nor can really work with without fortifying backward compatibility (at least under the ".gpg" extension). A (short) discussion about how to deal with keyboxes happened in https://lists.debian.org/deity/2017/07/msg00083.html As the last message in that thread is this changeset lets go ahead with it and see how it turns out. The idea is here simply that we check the first octal of a gpg file to have one of three accepted values. Testing on my machines has always produced just one of these, but running into those values on invalid files is reasonabily unlikely to not worry too much. Closes: #876508
2017-10-05send the hashes for alternative file correctlyDavid Kalnischkies
This isn't really used by the acquire system at all at the moment and the only method potentially sending this information is file://, but that used to be working correctly before broken in 2013, so better fix it now and worry about maybe using the data some day later. Regression-Of: b3501edb7091ca3aa6c2d6d96dc667b8161dd2b9
2017-09-26use pkgTagSection::Key in srcRecords parserDavid Kalnischkies
Using hardcoded array-indexes in the build-dependency parsing is efficient, but less discoverable and easier to break. We can avoid this by making it even more efficient (not that it would be noticeable) allowing us to do explicitly named comparisons instead. Gbp-Dch: Ignore
2017-09-26allow empty build-dependency fields in the parserDavid Kalnischkies
APT used to parse only wellformed files produced by repository creation tools which removed empty files as pointless before apt would see them. Now that apt can be told to parse e.g. debian/control files directly, it needs to be a little more accepting through: We had this with comments already, now let it deal with the far more trivial empty fields. Closes: #875363
2017-09-26proper error reporting for v3 onion servicesDavid Kalnischkies
APT connects just fine to any .onion address given, only if the connect fails somehow it will perform checks on the sanity of which in this case is checking the length as they are well defined and as the strings are arbitrary a user typing them easily mistypes which apt should can be slightly more helpful in figuring out by saying the onion hasn't the required length.
2017-09-24Drop curl method and apt-transport-https packageJulian Andres Klode
This automatically removes any old apt-transport-https, as apt now Breaks it unversioned.
2017-09-24Drop obsolute Testsuite: autopkgtest headerJulian Andres Klode
2017-09-24Drop obsolete dh-systemd build-depJulian Andres Klode
2017-09-24Bump Standards-Version to 4.1.0Julian Andres Klode
2017-09-24Release 1.51.5Julian Andres Klode
2017-09-13Fix translator comment location for legacy target warningJulian Andres Klode
In commit Do not warn about duplicate "legacy" targets, we we added an if, that changed the .po files...
2017-09-13Release 1.5~rc41.5_rc4Julian Andres Klode
2017-09-11apt-daily: Do not Wants=network-online, and add some more After=Julian Andres Klode
We now wait for being online ourselves, so all we need to wait on is for services we are using to be online first. This avoids severe boot slowdowns by other services having specified an After=network-online.target without a Wants=. Gbp-Dch: Full
2017-09-10Release 1.5~rc31.5_rc3Julian Andres Klode
2017-09-10clang-format: Set ContinuationIndentWidth: 3Julian Andres Klode
This fixes the indentation of struct members, for example, which were previously indented by 4 spaces. Gbp-Dch: ignore
2017-09-10apt-helper: Add connman support to wait-onlineJulian Andres Klode
2017-09-10CMake: Mark BZip2, LZMA, and LZ4 as requiredJulian Andres Klode
We do not actually test without these libraries, and it likely would not build without them due to them being NOTFOUND and CMake exiting with an error, so let's just mark them as required.
2017-09-10CMake: Properly handle Udev missingJulian Andres Klode
When udev is not available, the variables for libraries and include paths are set to NOTFOUND rather than an empty string and CMake exits with an error. Use a generator expression to only use these variables when UDEV_FOUND is true.
2017-09-09Release 1.5~rc21.5_rc2Julian Andres Klode
2017-09-09Directly link against libudev on Linux systemsJulian Andres Klode
We previously dlopen()ed it, but it seems painful to do that without any real gain, except for possibly not having libudev in the address space and not having code #ifdefed for Linux. The latter means that we are a bit more likely to break stuff for non-Linux systems now if we play with udev, but at least we don't end up with it silently breaking because of a libudev ABI break. The existing function pointers in the struct were renamed and kept for compat purposes. Fixes Debian/apt#48 Also adjust prepare-release to strip [linux-any] from build-depends for travis.
2017-09-09ftparchive: Do not pass through disabled hashes in SourcesJulian Andres Klode
When writing a Sources files hashes that were already present in the .dsc were always copied through (or modified), even if disabled. Remove them instead when they are disabled, otherwise we end up with hashes for tarballs and stuff but not for dsc files (as the dsc obviously does not hash itself). Also adjust the tests: test-compressed-indexes relied on Files being present in showsrc, and test-apt-update-weak-hashes expected the tarball to be downloaded when an archive only has MD5 and we are requiring SHA256 because that used to work because the tarball was always included. Closes: #872963
2017-09-09cdrom: Don't hardcode "Files" field for copying source filesJulian Andres Klode
This fails if no Files field exists anymore, for example, because the Sources index only contains SHA256 hashes. Instead check all hashes.
2017-09-09Do not warn about duplicate "legacy" targetsJulian Andres Klode
If a source has a legacy Contents file, and two lines mention the same archive but different components, a warning would be issued that is confusing. So, as the field is named Contents-deb-legacy, let's just not print warnings for fields containing "legacy". LP: #1697120 Closes: #839259
2017-09-09apt-daily: Pull in network-online.target in service, not timerJulian Andres Klode
There's no real point in pulling it in in the timer already, and it it somewhat saver to do so in the service.
2017-09-09apt-daily: Wait for network before daily updatesJulian Andres Klode
Introduce a new helper, apt-helper wait-online that uses NetworkManager and/or systemd-networkd to wait for them reporting online, with a time out of 30 seconds; and run that helper before running the daily update script. LP: #1699850 Gbp-Dch: Full
2017-09-09drop unused/unimplemented & hidden LoadReleaseInfoDavid Kalnischkies
The relevant calling code as well as the implementation for the deb system was removed 2 years ago with the refactoring of release information storage (b07aeb1a6e24825e534167a737043441e871de9f). This commit removes the the unused remains of this change with no practical effect on anybody (expect codesize) as the methods were declared as hidden and hence only libapt could have called it. Gbp-Dch: Ignore
2017-09-09don't ask an uninit _system for supported archsDavid Kalnischkies
A libapt user who hasn't initialized _system likely has a reason, so we shouldn't greet back with a segfault usually deep down in the callstack for no reason. If the user had intended to pick up information from the system, _system wouldn't be uninitialized after all. LP: #1613184 SRU: 1.4.y
2017-09-09add test for bug 870675 (hang on unsupported method)David Kalnischkies
Commit e250a8d8d8ef2f8f8c5e2041f7645c49fba7aa36 implemented the fix and should have included already this testcase for it. Gbp-Dch: Ignore
2017-09-09don't write & chmod /dev/null log filesDavid Kalnischkies
APT by default logs terminal (term.log) and actions (history.log), but if either or Dir::Log directly is set to /dev/null it continues to do so, which isn't too bad – just wasted effort – but term.log is chmodded to protect it from the general public (as it may contain otherwise private data the admin entired in the terminal) which shouldn't happen for /dev/null.
2017-09-09test: Workaround gpgv warningJulian Andres Klode
gpgv: WARNING: This key is not suitable for signing in --compliance=gnupg mode
2017-09-04Dutch manpage translation updateFrans Spiesschaert
Closes: #874293
2017-09-04Dutch program translation updateFrans Spiesschaert
Closes: #874285
2017-09-01doc: correct '--allow-releaseinfo-change-*' typosChristos Trochalakis
Closes: #873914
2017-09-01Actually install apt_auth.conf manual pageJulian Andres Klode
Seems we forgot to update the packaging when adding the manual page. Once we have translations for it, we need to add them as well... Closes: #873934
2017-08-24Release 1.5~rc11.5_rc1Julian Andres Klode
2017-08-24Make test-bug-818628-unreadable-source work on !amd64Julian Andres Klode
It was broken because apt.conf.d was not readable, but that's where the architecture is defined...
2017-08-24Replace APT_CONST with APT_PURE everywhereJulian Andres Klode
As a follow up to the last commit, let's replace APT_CONST with APT_PURE everywhere to clean stuff up.
2017-08-24Redefine APT_CONST to mean APT_PUREJulian Andres Klode
Functions marked with the const attribute may not inspect any global memory. This includes targets of pointers or references passed as arguments. A pure function however is free to inspect memory, but may not have any side effects. The function StringSplit() was marked as const, but took two references to strings. When the second one was passed as a literal as in StringSplit(name, "::") the compiler cleverly figured out that we only inspect the address of "::" (since StringSplit is const) and thus optimized away the "::" content. While patching out individual broken uses of APT_CONST would be possible, this is already the second case, and there might be more, so let's redefine APT_CONST to use the pure attribute, so we don't end up with the same situation again in some time.
2017-08-17Release 1.5~beta21.5_beta2Julian Andres Klode
2017-08-17doc: Fix validity error in apt_auth.conf.5.xmlJulian Andres Klode
It contained raw text inside a refsect1 Gbp-Dch: ignore
2017-08-17debian: Update symbols for libapt-pkg5.0Julian Andres Klode
The version is probably wrong for most, but oh well, let's just pretend we are introducing them now.
2017-08-17Handle GCC 7 std::string operator ABI breakJulian Andres Klode
We now require gcc 7 on the packaging side, and add an appropriate symbol to our symbols file. Also adjust prepare-release to ignore g++ version requirements when setting up build dependencies on CI. Closes: #871275
2017-08-12Work around float rounding change in gcc 7 on i386Julian Andres Klode
This caused a build failure in the test suite.
2017-08-04don't hang if multiple sources use unavailable methodDavid Kalnischkies
APT clients always noticed if a method isn't supported and nowadays generate a message of the form: E: The method driver …/foobar could not be found. N: Is the package apt-transport-foobar installed? This only worked if a single source was using such an unavailable method through as we were registering the failed config the first round and the second would try to send requests to the not started method, which wouldn't work and hang instead (+ hiding the error messages as they would be shown only at the end of the execution). Closes: 870675
2017-08-04don't keep configuration files open needlesslyDavid Kalnischkies
Regression-Of: 3317ad864c997f4897756c0a2989c4199e9cda62
2017-08-04ftparchive: sort discovered filenames before writing indexesDavid Kalnischkies
If 'apt-ftparchive packages /path/to/files/' (or sources) is used the files to include in the generated index (on stdout) were included in the order in which they were discovered, which isn't a very stable order which could lead to indexes changing without actually changing content causing needless changes in the repository changing hashsums, pdiffs, rsyncs, downloads, …. This does not effect apt-ftparchive calls which already have an order defined via a filelist (like generate) which will still print in the order given by the filelist. Note that a similar effect can be achieved by post-processing index files with apt-sortpkgs. Closes: 869557 Thanks: Chris Lamb for initial patch & Stefan Lippers-Hollmann for testing
2017-07-27Always warn if --force-yes is validly specified, not just if usedJulian Andres Klode
The code only used to warn when it came into a situation where something actually had to be forced. Warn directly after parsing the command-line instead, that's more accurate.
2017-07-27doc: Add '--allow-unauthenticated' to '--force-yes'Dominik
2017-07-26Merge branch 'feature/authconf'David Kalnischkies
2017-07-26suggest using auth.conf for sources with passwordsDavid Kalnischkies
The feature exists for a long while even if we get around to document it properly only now, so we should push for its adoption a bit to avoid the problems its supposed to solve like avoiding usage of non-world readable configuration files as they can cause strange behaviour for the unsuspecting user (like different solutions as root and non-root).