summaryrefslogtreecommitdiff
path: root/apt-pkg/acquire-item.cc
AgeCommit message (Collapse)Author
2014-09-23cleanup, fix test-apt-update-unauth as the behavior of apt changedMichael Vogt
2014-09-23cleanupMichael Vogt
2014-09-23fix one broken testMichael Vogt
2014-09-23Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt
feature/acq-trans Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h methods/copy.cc test/integration/test-hashsum-verification
2014-09-23Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h apt-pkg/cachefilter.h configure.ac debian/changelog
2014-09-21Fix regression for cdrom: sources from latest security updateMichael Vogt
Skip a reverify for cdrom: sources. The reverify step is actually harmful here because the apt-cdrom add code uses the indexcopy.cc which will "normalize" the Packages file from the cdrom when it writes it to the local disk. This leads to changing the "MD5sum" field (notice the lower case "s") on the cdrom Packages file to a "MD5Sum" field on the local file in /var/lib/apt/lists. Which of course alters the hash and makes apt fail to reverify the file.
2014-09-17improve test for commit daff4aMichael Vogt
2014-09-17Fix regression for file:/// uris from CVE-2014-0487Michael Vogt
Do not run ReverifyAfterIMS() for local file URIs as this will causes apt to mess around in the file:/// uri space. This is wrong in itself, but it will also cause a incorrect verification failure when the archive and the lists directory are on different partitions as rename().
2014-09-17fix gcc warningsMichael Vogt
2014-09-17use pkgAcqMetaBase as the transactionManagerMichael Vogt
2014-09-16SECURITY UPDATE for CVE-2014-{0488,0487,0489}Michael Vogt
incorrect invalidating of unauthenticated data (CVE-2014-0488) incorect verification of 304 reply (CVE-2014-0487) incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
2014-09-16remove pkgAcqSubIndexMichael Vogt
2014-09-05Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt
feature/acq-trans
2014-09-05Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc configure.ac debian/changelog doc/apt-verbatim.ent doc/po/apt-doc.pot doc/po/de.po doc/po/es.po doc/po/fr.po doc/po/it.po doc/po/ja.po doc/po/pt.po po/ar.po po/ast.po po/bg.po po/bs.po po/ca.po po/cs.po po/cy.po po/da.po po/de.po po/dz.po po/el.po po/es.po po/eu.po po/fi.po po/fr.po po/gl.po po/hu.po po/it.po po/ja.po po/km.po po/ko.po po/ku.po po/lt.po po/mr.po po/nb.po po/ne.po po/nl.po po/nn.po po/pl.po po/pt.po po/pt_BR.po po/ro.po po/ru.po po/sk.po po/sl.po po/sv.po po/th.po po/tl.po po/tr.po po/uk.po po/vi.po po/zh_CN.po po/zh_TW.po test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
2014-08-25add shared code into pkgAcqMetaSigBase::GenerateAuthWarning()Michael Vogt
2014-08-24all tests passMichael Vogt
2014-08-24make the test-pdiff-usage code work againMichael Vogt
2014-08-24make compressed-indexes test pass againMichael Vogt
2014-08-24cleanupMichael Vogt
2014-08-02really move clearsign check into pkgAcqMetaClearSig::Done()Michael Vogt
2014-08-02add ims check verifyMichael Vogt
2014-08-02move clearsign check into pkgAcqMetaClearSig::Failed()Michael Vogt
2014-08-01make i-m-s work againMichael Vogt
2014-08-01check hashes of compressed files as wellMichael Vogt
2014-08-01mve MetaKey into pkgAcqBaseIndexMichael Vogt
2014-07-31fail early (again) on gpg sig failuresMichael Vogt
2014-07-31ensure InRelease->Release is transactional as wellMichael Vogt
2014-07-31make test_inreleae_to_release_reverts_all workMichael Vogt
2014-07-31Rework TransactionID stuffMichael Vogt
2014-07-22WIP cleanup pkgAcqMetaSigMichael Vogt
2014-07-21Download Release first, then Release.gpgMichael Vogt
The old way of handling this was that pkgAcqMetaIndex was responsible to check/move both Release and Release.gpg in place. This breaks the assumption of the transaction that each pkgAcquire::Item has a single File that its responsible for.
2014-07-21add pkgAcquire::TransactionHasError()Michael Vogt
2014-07-18WIP transaction based updateMichael Vogt
2014-07-17apt-pkg/acquire-item.cc: make pkgAcqDiffIndex more uniformMichael Vogt
2014-07-08Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/deb/deblistparser.cc doc/po/apt-doc.pot doc/po/de.po doc/po/es.po doc/po/fr.po doc/po/it.po doc/po/ja.po doc/po/pl.po doc/po/pt.po doc/po/pt_BR.po po/da.po po/mr.po po/vi.po
2014-07-03Try not to parse invalid translation files (LP: #756317)Michael Vogt
2014-06-18Merge remote-tracking branch 'mvo/feature/update-by-hash' into ↵Michael Vogt
debian/experimental
2014-05-29Fix more warnings from clangMichael Vogt
Reported-By: clang++ -Werror Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h apt-pkg/deb/debmetaindex.h
2014-05-22move ByHash into its own functionMichael Vogt
2014-05-22Add APT::Acquire::$(host)::By-Hash=1 knob, add Acquire-By-Hash to Release fileMichael Vogt
The by-hash can be configured on a per-hostname basis and a Release file can indicate that it has by-hash support via a new flag. The location of the hash now matches the AptByHash spec
2014-05-22add TODOMichael Vogt
2014-05-22Implement simple by-hash for apt updateMichael Vogt
This implements a apt update schema that get the indexfiles by the hash instead of the name. The rational is that updates to the archive servers/mirrors are not atomic so the client may have the previous version of the Release file when the server updates to a new Release file and new Packages/Sources/Translations indexes. By keeping the files around by their hash we can still get the previous indexfile without a hashsum mismatch. Enable with APT::Acquire::By-Hash=1
2014-05-14Merge remote-tracking branch 'donkult/debian/experimental' into ↵Michael Vogt
debian/experimental Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h
2014-05-14Add new pkgAcqBaseIndex as base class for ↵Michael Vogt
pkgAcq{DiffIndex,IndexMerge,pkgAcqBaseIndex, pkgAcqIndex}
2014-05-14Pass struct IndexTarget/indexRecords to pkgAcqIndex{,Merge}DiffsMichael Vogt
If one of the pkgAcqIndex{,Merge}Diffs fails, they will run pkgAcqIndex() which needs the IndexTarget/indexRecords data. So we pass it along.
2014-05-09promote ExpectedHashes to a pkgAcquire::Item memberDavid Kalnischkies
Beside being another big API break with hopefully zero fallout in reality it avoids having the same member and helper code in each and every subclass.
2014-05-09use HashStringList in the acquire systemDavid Kalnischkies
It is not very extensible to have the supported Hashes hardcoded everywhere and especially if it is part of virtual method names. It is also possible that a method does not support the 'best' hash (yet), so we might end up not being able to verify a file even though we have a common subset of supported hashes. And those are just two of the cases in which it is handy to have a more dynamic selection. The downside is that this is a MAJOR API break, but the HashStringList has a string constructor for compatibility, so with a bit of luck the few frontends playing with the acquire system directly are okay.
2014-05-08Merge remote-tracking branch 'mvo/bugfix/update-progress-reporting' into ↵Michael Vogt
debian/experimental
2014-05-08Merge remote-tracking branch 'upstream/debian/sid' into ↵Michael Vogt
bugfix/update-progress-reporting
2014-05-07Merge remote-tracking branch 'mvo/bugfix/update-progress-reporting' into ↵Michael Vogt
debian/experimental