Age | Commit message (Collapse) | Author |
|
At the moment we only have hashes for the uncompressed pdiff files, but
via the new '$HASH-Download' field in the .diff/Index hashes can be
provided for the .gz compressed pdiff file, which apt will pick up now
and use to verify the download. Now, we "just" need a buy in from the
creators of repositories…
|
|
Having every item having its own code to verify the file(s) it handles
is an errorprune process and easy to break, especially if items move
through various stages (download, uncompress, patching, …). With a giant
rework we centralize (most of) the verification to have a better
enforcement rate and (hopefully) less chance for bugs, but it breaks the
ABI bigtime in exchange – and as we break it anyway, it is broken even
harder.
It shouldn't effect most frontends as they don't deal with the acquire
system at all or implement their own items, but some do and will need to
be patched (might be an opportunity to use apt on-board material).
The theory is simple: Items implement methods to decide if hashes need to
be checked (in this stage) and to return the expected hashes for this
item (in this stage). The verification itself is done in worker message
passing which has the benefit that a hashsum error is now a proper error
for the acquire system rather than a Done() which is later revised to a
Failed().
|
|
Methods get told which hashes are expected by the acquire system, which
means we can use this list to restrict what we calculate in the methods
as any extra we are calculating is wasted effort as we can't compare it
with anything anyway.
Adding support for a new hash algorithm is therefore 'free' now and if a
algorithm is no longer provided in a repository for a file, we
automatically stop calculating it.
In practice this results in a speed-up in Debian as we don't have SHA512
here (so far), so we practically stop calculating it.
|
|
Git-Dch: Ignore
|
|
For compatibility we use/provide and fill quiet some deprecated methods
and fields, which subsequently earns us a warning for using them. These
warnings therefore have to be disabled for these codeparts and that is
what this change does now in a slightly more elegant way.
Git-Dch: Ignore
|
|
It is a very simple hashstring, which is why it isn't contributing to
the usability of a list of them, but it is also trivial to check and
calculate, so it doesn't hurt checking it either as it can combined even
with the simplest other hashes greatly complicate attacks on them as you
suddenly need a same-size hash collision, which is usually a lot harder
to achieve.
|
|
It is not very extensible to have the supported Hashes hardcoded
everywhere and especially if it is part of virtual method names.
It is also possible that a method does not support the 'best' hash
(yet), so we might end up not being able to verify a file even though we
have a common subset of supported hashes. And those are just two of the
cases in which it is handy to have a more dynamic selection.
The downside is that this is a MAJOR API break, but the HashStringList
has a string constructor for compatibility, so with a bit of luck the
few frontends playing with the acquire system directly are okay.
|
|
APT supports more than just one HashString and even allows to enforce
the usage of a specific hash. This class is intended to help with
storage and passing around of the HashStrings.
Git-Dch: Ignore
|
|
|
|
Git-Dch: Ignore
Reported-By: gcc -Wsuggest-attribute={pure,const,noreturn}
|
|
Beside being a bit cleaner it hopefully also resolves oddball problems
I have with high levels of parallel jobs.
Git-Dch: Ignore
Reported-By: iwyu (include-what-you-use)
|
|
Git-Dch: Ignore
Reported-By: gcc -Wcast-qual
|
|
|
|
on the FileFd instead
|
|
The breakage is just to big for now, so guard the change with
#ifndef APT_8_CLEANER_HEADERS and be nice to library users
|
|
|
|
size are pretty unlikely for now, but we need it for deb
packages which could become bigger than 4GB now (LP: #815895)
|
|
|
|
sha2_internal.{cc,h}
|
|
|
|
- fix anohter missing cstring include
|
|
- rename "hash" into ExpectedHash in pkgAcqFile, pkgAcqIndex
- add missing HashSum() call to class pkgAcqIndex
- use the data provided by acquire-method (and send via the
{SHA256,SHA1,MD5Sum}-Hash tag when comparing the hash, this
avoids calculating the hash twice (just like old libapt)
* apt-pkg/acquire-method.cc:
- send MD5Sum-Hash tag to libapt to be consistant with
HashString::SupportedHashes()
* apt-pkg/acquire-worker.cc:
- check with "Owner->HashSum().HashType()" what hash the frontend
is expecting and pass it to pkgAcquireItem::Done() in the new
HashString format
- add some debugging output
* apt-pkg/contrib/hashes.cc:
- fix off-by-one error when constructing a HashString from a single
input string
* apt-pkg/contrib/hashes.h:
- add "HashType()" method
* apt-pkg/init.h, apt-pkg/makefile, methods/makefile:
- break ABI
|
|
and fallback
|
|
|
|
|
|
|
|
Patches applied:
* apt@packages.debian.org/apt--misc-abi-changes--0--patch-4
Merge from mainline
* apt@packages.debian.org/apt--misc-abi-changes--0--patch-5
Merge from mainline
* apt@packages.debian.org/apt--misc-abi-changes--0--patch-6
Collapse both pkgAcquire::Run() methods into one, with a default value
* michael.vogt@ubuntu.com--2005/apt--fixes--0--base-0
tag of apt@packages.debian.org/apt--main--0--patch-79
* michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-1
* merged obvious fixes into the tree to make it easy for matt to merge
* michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-2
* more merges from otavio that looks good/uncritical
* michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-3
* merged Matts misc-abi-changes tree
* michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-4
* finalized the changelog for a ubuntu build
* otavio@debian.org--2005/apt--fixes--0--base-0
tag of apt@packages.debian.org/apt--main--0--patch-71
* otavio@debian.org--2005/apt--fixes--0--patch-1
Fix comments about the need of xmlto
* otavio@debian.org--2005/apt--fixes--0--patch-2
Fix a compile warning
* otavio@debian.org--2005/apt--fixes--0--patch-3
Sync with apt--main--0--patch-76
* otavio@debian.org--2005/apt--fixes--0--patch-4
Sync with apt--main--0--patch-78
* otavio@debian.org--2005/apt--fixes--0--patch-5
Add fixes that was wrongly included on DDTP changes.
* otavio@debian.org--2005/apt--fixes--0--patch-8
Add information about the other fixes include on this branch now.
* otavio@debian.org--2005/apt--fixes--0--patch-9
Merge last changes from apt--main--0.
* otavio@debian.org--2005/apt--fixes--0--patch-10
Fix warnings about min/max change in gcc-4.0
* otavio@debian.org--2005/apt--fixes--0--patch-11
Fix remaning warnings while compiling gcc-4.0
* otavio@debian.org--2005/apt--fixes--0--patch-12
Add changelog entry about the fixes for warnings while compiling using GCC 4.0 compiler.
|
|
Author: jgg
Date: 2001-03-11 05:30:20 GMT
BSD testing fixes
|
|
Author: jgg
Date: 2001-03-06 07:15:29 GMT
More SHA-1 prep
|