summaryrefslogtreecommitdiff
path: root/apt-pkg
AgeCommit message (Collapse)Author
2014-11-08guard const-ification API changesDavid Kalnischkies
Git-Dch: Ignore
2014-11-08guard ABI changes for SourcePkg/Ver in pkgCacheDavid Kalnischkies
Git-Dch: Ignore
2014-11-08mark internal interfaces as hiddenDavid Kalnischkies
We have a bunch of classes which are of no use for the outside world, but were still exported and so needed to preserve ABI/API. Marking them as hidden to not export them any longer is a big API break in theory, but in practice nobody is using them – as if they would its a bug.
2014-11-08better non-virtual metaIndex.LocalFileName() implementationDavid Kalnischkies
We can't add a new virtual method without breaking the ABI, but we can freely add new methods, so for older ABIs we just implement this method with a dynamic_cast, so that clients can be more ignorant about the API here and especially don't need to pull a very dirty trick by assuming internal knowledge (like apt-get did here).
2014-11-08use a abi version check similar to the gcc checkDavid Kalnischkies
Git-Dch: Ignore
2014-11-08replace ignore-deprecated #pragma dance with _PragmaDavid Kalnischkies
For compatibility we use/provide and fill quiet some deprecated methods and fields, which subsequently earns us a warning for using them. These warnings therefore have to be disabled for these codeparts and that is what this change does now in a slightly more elegant way. Git-Dch: Ignore
2014-11-08(error) va_list 'args' was opened but not closed by va_end()David Kalnischkies
The manpage of va_start and co additionally says: On some systems, va_end contains a closing '}' matching a '{' in va_start, so that both macros must occur in the same function, and in a way that allows this. So instead of return/breaking instantly, we save the return, make a proper turndown with va_end in all cases and only end after that. Reported-By: cppcheck Git-Dch: Ignore
2014-11-08reenable patchsize limit option for pdiffsDavid Kalnischkies
One word: "doh!" Commit f6d4ab9ad8a2cfe52737ab620dd252cf8ceec43d disabled the check to prevent apt from downloading bigger patches than the index it tries to patch. Happens rarly of course, but still. Detected by scan-build complaining about a dead assignment. To make up for the mistake a test is included as well.
2014-11-06Merge remote-tracking branch 'mvo/feature/no-more-acquire-guessing' into ↵Michael Vogt
debian/experimental
2014-11-06Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt
feature/no-more-acquire-guessing Conflicts: apt-pkg/acquire-item.cc
2014-11-05Bump ABI to 4.15Michael Vogt
2014-11-05prepare ABI for feature/socketpairMichael Vogt
2014-11-05Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: debian/changelog
2014-11-05apt-pkg/deb/debindexfile.{cc,h}: kill GetIndexes()Michael Vogt
2014-11-04apt-pkg/acquire-item.h: make friend declaration compatible with older gccMichael Vogt
2014-11-04Call "Dequeue()" for items in AbortTransaction() to fix raceMichael Vogt
The pkgAcquire::Run() code works uses a while(ToFetch > 0) loop over the items queued for fetching. This means that we need to Deqeueue the item if we call AbortTransaction() to avoid a hang.
2014-10-29Only support Translation-* that are listed in the {In,}Release fileMichael Vogt
Handle Translation-* files exactly like Packages files (with the expection that it is ok if a download of them fails). Remove all "guessing" on apts side. This will elimimnate a bunch of errors releated to captive portals and similar. Its also more correct and removes another potential attack vector.
2014-10-26move permission changing from -item to -workerDavid Kalnischkies
The worker is the part closest to the methods, which will call the item methods according to what it gets back from the methods, it is therefore a better place to change permissions as it is very central and can do it now at the point the item is assigned to a method rather than then it is queued for download (and as before while dequeued via Done/Failure). Git-Dch: Ignore
2014-10-26rewrite ReadMessages()David Kalnischkies
Central methods of our infrastructure like this one responsible for communication with our methods shouldn't be more complicated then they have to and not claim to have (albeit unlikely) bugs. While I am not sure about having improved the first part, the bug is now gone and a few explicit tests check that it stays that way, so nobody will notice the difference (hopefully) – expect that this should a very tiny bit faster as well as we don't manually proceed through the string. Git-Dch: Ignore
2014-10-24promote filesize to a hashstringDavid Kalnischkies
It is a very simple hashstring, which is why it isn't contributing to the usability of a list of them, but it is also trivial to check and calculate, so it doesn't hurt checking it either as it can combined even with the simplest other hashes greatly complicate attacks on them as you suddenly need a same-size hash collision, which is usually a lot harder to achieve.
2014-10-23Fix incorrect comparison between signed/unsignedMichael Vogt
Git-Dch: ignore
2014-10-23Use sysconf(_SC_ARG_MAX) to find the size of Dpkg::MaxArgBytesMichael Vogt
Instead of hardcoding Dpkg::MaxArgBytes find out about it using the sysconf(_SC_ARG_MAX) call.
2014-10-23chown finished partial files earlierDavid Kalnischkies
partial files are chowned by the Item baseclass to let the methods work with them. Now, this baseclass is also responsible for chowning the files back to root instead of having various deeper levels do this. The consequence is that all overloaded Failed() methods now call the Item::Failed base as their first step. The same is done for Done(). The effect is that even in partial files usually don't belong to _apt anymore, helping sneakernets and reducing possibilities of a bad method modifying files not belonging to them. The change is supported by the framework not only supporting being run as root, but with proper permission management, too, so that privilege dropping can be tested with them.
2014-10-22check that auth.conf exists before chowning itDavid Kalnischkies
Git-Dch: Ignore
2014-10-21Ensure /etc/apt/auth.conf has _apt:root ownerMichael Vogt
Ensure in SetupAPTPartialDirectory() that the /etc/apt/auth.conf file can be read by the priv sep apt methods.
2014-10-20test if TMPDIR is accessible before usingDavid Kalnischkies
Private temporary directories as created by e.g. libpam-tmpdir are nice, but they are also very effective in preventing our priviledge dropping to work as TMPDIR will be set to a directory only root has access to, so working with it as _apt will fail. We circumvent this by extending our check for a usable TMPDIR setting by checking access rights. Closes: 765951
2014-10-20check for failure message in testsuccess/failureDavid Kalnischkies
These functions check the exit code of the command, but for apt commands we can go further and require an error message for non-zero exits and none for zero exits. Git-Dch: Ignore
2014-10-20use c++ style instead of the last two c-arraysDavid Kalnischkies
Git-Dch: Ignore
2014-10-20aborted reverify restores file owner and permissionDavid Kalnischkies
If we get an IMS hit for an InRelease file we use the file we already have and pass it into reverification, but this changes the permissions and on abort of the transaction they weren't switched back. This is now done, additionally, every file in partial which hasn't failed gets permission and owner changed for root access as well, as it is very well possible that the next invocation will (re)use these files.
2014-10-20run acquire transactions only onceDavid Kalnischkies
Transactions are run and completed from multiple places, so it happens for unsigned repos that the Release file was commited even if it was previously aborted (due to --no-allow-insecure-repositories). The reason is simply that the "failure" of getting an InRelease/Release.gpg is currently ignored, so that the acquire process believes that nothing bad happened and commits the transaction even though the same transaction was previously aborted.
2014-10-20mark --allow-insecure-repositories message as translateableDavid Kalnischkies
Refactors a bit to ensure the same message is used in all three cases as well. Git-Dch: Ignore
2014-10-15ignore Acquire::GzipIndexes for cdrom sourcesDavid Kalnischkies
We do not support compressed indexes for cdrom sources as we rewrite some of them, so supporting it correctly could be hard. What we do instead in the meantime is probably disabling it for cdrom sources.
2014-10-15Merge branch 'debian/sid' into debian/experimentalDavid Kalnischkies
The acquire code changed completely, so this is more an import of the testcase and a new fix than the merge of an existent fix. Conflicts: apt-pkg/acquire-item.cc
2014-10-15don't cleanup cdrom files in apt-get updateDavid Kalnischkies
Regression from merging 801745284905e7962aa77a9f37a6b4e7fcdc19d0 and b0f4b486e6850c5f98520ccf19da71d0ed748ae4. While fine by itself, merged the part fixing the filename is skipped if a cdrom source is encountered, so that our list-cleanup removes what seems to be orphaned files. Closes: 765458
2014-10-15set PR_SET_NO_NEW_PRIVS even if sandbox is disabledDavid Kalnischkies
Similar to 8f45798d532223adc378a4ad9ecfc64b3be26e4f, there is no harm to set this, even if we don't drop privileges. Git-Dch: Ignore
2014-10-14Merge branch 'debian/sid' into debian/experimentalMichael Vogt
2014-10-13Change default of Acquire::AllowInsecureRepositories to "true"Michael Vogt
This change is made for backward compatiblity and should be reverted once jessie is out.
2014-10-13do not load filesize in pkgAcqIndexTrans explicitlyDavid Kalnischkies
The constructor is calling the baseclass pkgAcqIndex which does this already – and also does it correctly for compressed files which would overwise lead to the size of uncompressed files to be expected. Git-Dch: Ignore
2014-10-13fix compile and tests errorDavid Kalnischkies
I am pretty sure I did that before committing broken stuff… Git-Dch: Ignore
2014-10-13Fix backward compatiblity of the new pkgAcquireMethod::DropPrivsOrDie()Michael Vogt
Do not drop privileges in the methods when using a older version of libapt that does not support the chown magic in partial/ yet. To do this DropPrivileges() now will ignore a empty Apt::Sandbox::User. Cleanup all hardcoded _apt along the way.
2014-10-13trusted=yes sources are secure, we just don't know whyDavid Kalnischkies
Do not require a special flag to be present to update trusted=yes sources as this flag in the sources.list is obviously special enough. Note that this is just disabling the error message, the user will still be warned about all the (possible) failures the repository generated, it is just triggering the acceptance of the warnings on a source-by-source level. Similarily, the trusted=no flag doesn't require the user to pass additional flags to update, if the repository looks fine in the view of apt it will update just fine. The unauthenticated warnings will "just" be presented then the data is used. In case you wonder: Both was the behavior in previous versions, too.
2014-10-13do not inline virtual destructors with d-pointersDavid Kalnischkies
Reimplementing an inline method is opening a can of worms we don't want to open if we ever want to us a d-pointer in those classes, so we do the only thing which can save us from hell: move the destructors into the cc sources and we are good. Technically not an ABI break as the methods inline or not do the same (nothing), so a program compiled against the old version still works with the new version (beside that this version is still in experimental, so nothing really has been build against this library anyway). Git-Dch: Ignore
2014-10-13display a warning for unsigned reposDavid Kalnischkies
The same message is used for InRelease if fails in gpgv, but the Release/Release.gpg duo needs to handle the failing download case as well (InRelease just defers to the duo if download fails) and print a message accompaning the insecure error to provide a hint on what is going on.
2014-10-13make --allow-insecure-repositories message an errorDavid Kalnischkies
Not using this option, but using unsigned (and co) repositories will cause these repositories to be ignored and data acquiring from them fails, so this is very well in the realms of an error and helps in making 'apt-get update' fail with a non-zero error code as well.
2014-10-10remove useless pdiff filename outputDavid Kalnischkies
Looks like a leftover from debugging. Absolutely no need for it and destroys progess reporting completely. Closes: 764737
2014-10-08Only rename StatError files in AbortTransaction()Michael Vogt
This fixes a race that we see in travis when two copy operations finish at about the same time but the bad one first. This lead to a rename of the good one and triggers a error when apt tries to verify the good version but can no longer find it.
2014-10-08Update Status field values handlingGuillem Jover
Remove long obsolete (hold, hold-reinstreq, removal-failed) or just wrong (post-inst-failed vs postinst-failed) values, that have been autoconverted by dpkg at run-time to their new equivalents, so there should not be any such instance in any recent system (removal-failed since dpkg 1.1.4 in Apr 1996, hold and hold-reinstreq since dpkg 1.2.0 in May 1996). dpkg even stopped doing the mapping in 1.15.4 and 1.15.8 respectively. At the same time sort the list in the same order as they appear in the dpkg code.
2014-10-08pkgAcqArchive::QueueNext(): change owner/permission of DestFileMichael Vogt
The code was using FinalFile before but we only test the existance of DestFile so we use that instead.
2014-10-08Merge remote-tracking branch 'mvo/feature/expected-size' into ↵Michael Vogt
debian/experimental
2014-10-08Merge remote-tracking branch 'mvo/feature/acq-trans' into debian/experimentalMichael Vogt