summaryrefslogtreecommitdiff
path: root/apt-pkg
AgeCommit message (Collapse)Author
2015-11-04rework errors and warnings around insecure repositoriesDavid Kalnischkies
Insecure (aka unsigned) repositories are bad, period. We want to get right of them finally and as a first step we are printing scary warnings. This is already done, this commit just changes the messages to be more consistent and prevents them from being displayed if authenticity is guaranteed some other way (as indicated with trusted=yes). The idea is to first print the pure fact like "repository isn't signed" as a warning (and later as an error), while giving an explaination in a immediately following notice (which is displayed only in quiet level 0: so in interactive use, not in scripts and alike). Closes: 796549
2015-11-04add ConnectionTimedOut to transient failreasons listDavid Kalnischkies
All other reasons from methods/connect.cc were already included. Git-Dch: Ignore
2015-11-04support .deb files in upgrade operations as wellDavid Kalnischkies
The main part is refactoring through to allow hiding the magic needed to support .deb files in deeper layers of libapt so that frontends have less exposure to Debian specific classes like debDebPkgFileIndex.
2015-11-04show progress info while 'downloading' a local .deb fileDavid Kalnischkies
Showing just "Get: [1234 B]" looks very strange, so we now print the filename and as usual the package name, version and architecture.
2015-11-04unbreak the copy-method claiming hashsum mismatch since ~exp9David Kalnischkies
Commit 653ef26c70dc9c0e2cbfdd4e79117876bb63e87d broke the camels back in sofar that everything works in terms of our internal use of copy:/, but external use is completely destroyed. This is kinda the reverse of what happened in "parallel" in the sid branch, where external use was mostly fine, internal and external exploded on the GzipIndexes option. We fix this now by rewriting our internal use by letting copy:/ only do what the name suggests it does: Copy files and not uncompress them on-the-fly. Then we teach copy and the uncompressors how to deal with /dev/null and use it as destination file in case we don't want to store the uncompressed files on disk. Closes: 799158
2015-11-04allow all dpkg selections to be set via apt-mark and libaptDavid Kalnischkies
As we have support for 'hold', we need support for undoing a hold which in effect means that we implemented most other states as well, just that they weren't exposed in the interface directly so far.
2015-11-04provide public interface to hold/unhold packagesDavid Kalnischkies
We had this code lying around in apt-mark for a while now, but other frontends need this (and similar) functionality as well, so its high time that we provide a public interface in libapt for this stuff.
2015-11-04refactor dpkg execution in deb/debsystemDavid Kalnischkies
We have a few places and there will be a few more still where we have to call dpkg to detect/set certain features or settings. Centralizing the calling infrastructure now seems like a good idea before we add another.
2015-11-04add cacheset push_back wrapping for std::back_inserterDavid Kalnischkies
As usual by now, not all containers wrapped by the cacheset containers support all methods, like push_back now, but they fail on use of these unusable methods only. Would be nice to not expose these methods for unsupporting containers at all, but that means either a lot of classes or a lot of std::enable_if magic, which seems like too big work for this small wrapper for now. Git-Dch: Ignore
2015-11-04implement operator* for cacheset iteratorsDavid Kalnischkies
Technically an abi-break as we change a template parameter to std::iterator for this, but this class is empty in all instances and just causes the right typedefs to be set – which were incorrect as detected by std::stable_partition as its implementation uses ::pointer and needs also a operator* implementation. In practice CacheSets have no external users (yet) and the difference is visible only at compile time (which was an error before and now works), not while linking. The changes to apt-mark are functionally identical to the code before, just that we use a std:: algorithm now instead of trying hard on our own.
2015-11-04implement a public pkgSystem::ArchitecturesSupportedDavid Kalnischkies
2015-11-04implement a public pkgSystem::MultiArchSupportedDavid Kalnischkies
Some codepaths need to check if the system (in our case usually dpkg) supports MultiArch or not. We had copy-pasted the check so far into these paths, but having it as a system check is better for reusability.
2015-10-30orderlist: Replace qsort() by thread-safe std::sort()Julian Andres Klode
Gbp-Dch: ignore
2015-10-30algorithms: Replace qsort() by thread-safe std::sort()Julian Andres Klode
Gbp-Dch: ignore
2015-10-30dpkgpm: Convert users of localtime() to localtime_r()Julian Andres Klode
The former is not thread-safe, whereas the latter is. Gbp-Dch: ignore
2015-10-30cacheset: Fix compilation on new GCC in C++98 modeJulian Andres Klode
Since gcc 4.9, the API for erase slightly changed. In commit 3dddcdf2432e78f37c74d8c76c2c519a8d935ab2 the existing checks for __cplusplus where changed to check the gcc version, as the __cplusplus check did nothing, because gcc 4.8 already provided the standard value in there. Fix the code to check for the gcc version in two more places, and change the existing checks to use a convenience macro.
2015-10-30srvrec: Do not expose C++11 tuple use in headerJulian Andres Klode
This makes non-C++11 reverse deps wishing to use it FTBFS.
2015-10-30dpkgpm: Use ptsname_r() instead of ptsname() to be thread-safeJulian Andres Klode
This function only exists on a limited number of platforms, so we add a configure check to make sure it exists. Gbp-Dch: ignore
2015-10-30dpkgpm: Convert ctime() call to ctime_r()Julian Andres Klode
ctime() is not thread-safe, ctime_r() is. Gbp-Dch: ignore
2015-10-30aptconfiguration: Convert strtok() to strtok_r()Julian Andres Klode
strtok() is not thread-safe, whereas strtok_r() is. Gbp-Dch: ignore
2015-10-30GetSrvRecords: Make thread-safeJulian Andres Klode
Gbp-Dch: ignore
2015-10-23deblistparser: Make PrioList constJulian Andres Klode
More safety, less writeable memory.
2015-10-11Revert "Fix select timeout to be 50msec instead of 0.5msec" for acquireJulian Andres Klode
The acquire system actually uses usec pulse intervals, so the previous value was correct (500ms) whereas the new value is now 5s. It's a bit unfortunate that the two systems use different units for pulse intervals, but probably not much we can do about it. This partially reverts commit eaf21c2144fa8dc4be8581dc69cf88cb38e30ce2.
2015-09-30Fix select timeout to be 50msec instead of 0.5msecMichael Vogt
Closes: #799857
2015-09-14fallback to well-known URI if by-hash failsDavid Kalnischkies
We uses a small trick to implement the fallback: We make it so, that by-hash is a special compression algorithm and apt already knows how to deal with fallback between compression algorithms. The drawback with implementing this fallback is that a) we are guessing again and more importantly b) by-hash is only tried for the first compression algorithm we want to acquire, not for all as before – but flipping between by-hash and well-known for each compression algorithm seems to be not really worth it as it seems unlikely that there will actually be mirrors who only mirror a subset of compressioned files, but have by-hash enabled. The user-experience is the usual fallback one: You see "Ign" lines in the apt update output. The fallback is implemented as a transition feature, so a (potentially huge) mirror network doesn't need a flagday. It is not meant as a "someday we might" or "we don't, but some of our mirrors might" option – we want to cut down on the 'Ign' lines front so that they become meaningful – if we wanted to spam everyone with them, we could enable by-hash by default for all repositories… sources.list and config options are better suited for this. Closes: 798919
2015-09-14add by-hash sources.list option and document all of by-hashDavid Kalnischkies
This changes the semantics of the option (which is renamed too) to be a yes/no value with the special additional value "force" as this allows by-hash to be disabled even if the repository indicates it would be supported and is more in line with our other yes/no options like pdiff which disable themselves if no support can be detected. The feature wasn't documented so far and hasn't reached a (un)stable release yet, so changing it without trying too hard to keep compatibility seems okay.
2015-09-14do not ignore differently versioned self-providesDavid Kalnischkies
Reported-By: Konomi on IRC
2015-09-14srv test: do 100 pulls twice and compare listDavid Kalnischkies
The previous implementation was still a bit unstable in terms of failing at times. Lets try if we have more luck with this one. Git-Dch: Ignore
2015-09-14fix alloc-dealloc-mismatch (operator new [] vs operator delete)David Kalnischkies
Reported-By: gcc -fsanitize=address -fno-sanitize=vptr Git-Dch: Ignore
2015-09-14fix two memory leaks reported by gccDavid Kalnischkies
Reported-By: gcc -fsanitize=address -fno-sanitize=vptr Git-Dch: Ignore
2015-09-14use std-algorithms instead of manual loops to avoid overflow warningDavid Kalnischkies
Reported-By: gcc Understandable: no Git-Dch: Ignore
2015-09-14do not report deprecate warnings for the None declarationDavid Kalnischkies
This is defined for compatibility, warning about it is intended, but only in places where it is actually used, rather than at the place we declare it for compatability… Git-Dch: Ignore
2015-09-14fix 'Dead assignment' by dropping unneeded booleanDavid Kalnischkies
Reported-By: scan-build Git-Dch: Ignore
2015-09-14avoid using global PendingError to avoid failing too often too soonDavid Kalnischkies
Our error reporting is historically grown into some kind of mess. A while ago I implemented stacking for the global error which is used in this commit now to wrap calls to functions which do not report (all) errors via return, so that only failures in those calls cause a failure to propergate down the chain rather than failing if anything (potentially totally unrelated) has failed at some point in the past. This way we can avoid stopping the entire acquire process just because a single source produced an error for example. It also means that after the acquire process the cache is generated – even if the acquire process had failures – as we still have the old good data around we can and should generate a cache for (again). There are probably more instances of this hiding, but all these looked like the easiest to work with and fix with reasonable (aka net-positive) effects.
2015-09-14use a less generic special trigger filename for stdinDavid Kalnischkies
Git-Dch: Ignore
2015-09-14do not discard new manual-bits while applying EDSP solutionsDavid Kalnischkies
In private-install.cc we call MarkInstall with FromUser=true, which sets the bit accordingly, but while applying the EDSP solution we call mark install on all packages with FromUser=false, so MarkInstall believes this install is an automatic one and sets it to auto – so that a new package which is explicitely installed via an external solver is marked as auto and is hence also up for garbage collection in a following call. Ideally MarkInstall wouldn't reset it, but the detection is hard to do without regressing in other cases – and ideally ideally MarkInstall wouldn't deal with the autobit at all – so we work around this on the calling side for now.
2015-09-14implement autobit and pinning in EDSP solver 'apt'David Kalnischkies
The parser creates a preferences as well as an extended states file based on the EDSP scenario file, which isn't the most efficient way of dealing with this as thes text files have to be parsed again by another layer of the code, but it needs the least changes and works good enough for now. The 'apt' solver is in the end just a test solver like dump.
2015-09-14remove incorrect optimization branchesDavid Kalnischkies
These assumptions were once true, but they aren't anymore, so what is supposed to be a speed up is effectively a slowdown [not that it would be noticible]. Usage of SingleArchFindPkg was nuked in a stable update already as the included assumption was actually harmful btw, which is why we should get right of other 'non-harmful' but still untrue assumptions while we can. Git-Dch: Ignore
2015-09-14copy ReadWrite-error to the bottom to make clang happyDavid Kalnischkies
clang detects that fd isn't set in the ReadWrite case – just that this is supposed to be catched earlier in this method already, but it doesn't hurt to make it explicit here as well and clang is happy, too. Git-Dch: Ignore
2015-09-14implement CopyFile without using FileFd::Size()David Kalnischkies
Pipes and such have no good Size value, but we still want to copy from it maybe and we don't really need size as we can just as well read as long as we get data out of a file to copy it. Git-Dch: Ignore
2015-09-14add Source-Version field for EDSPDavid Kalnischkies
The syntax of "Source" is different in EDSP compared to the the field of the same name in 'the rest' of Debian, so documented this accordingly and send the version as a new field.
2015-09-14implement dpkgs vision of interpreting pkg:<arch> dependenciesDavid Kalnischkies
How the Multi-Arch field and pkg:<arch> dependencies interact was discussed at DebConf15 in the "MultiArch BoF". dpkg and apt (among other tools like dose) had a different interpretation in certain scenarios which we resolved by agreeing on dpkg view – and this commit realizes this agreement in code. As was the case so far libapt sticks to the idea of trying to hide MultiArch as much as possible from individual frontends and instead translates it to good old SingleArch. There are certainly situations which can be improved in frontends if they know that MultiArch is upon them, but these are improvements – not necessary changes needed to unbreak a frontend. The implementation idea is simple: If we parse a dependency on foo:amd64 the dependency is formed on a package 'foo:amd64' of arch 'any'. This package is provided by package 'foo' of arch 'amd64', but not by 'foo' of arch 'i386'. Both of those foo packages provide each other through (assuming foo is M-A:foreign) to allow a dependency on 'foo' to be satisfied by either foo of amd64 or i386. Packages can also declare to provide 'foo:amd64' which is translated to providing 'foo:amd64:any' as well. This indirection over provides was chosen as the alternative would be to teach dependency resolvers how to deal with architecture specific dependencies – which violates the design idea of avoiding resolver changes, especially as architecture-specific dependencies are a cornercase with quite a few subtil rules. Handling it all over versioned provides as we already did for M-A in general seems much simpler as it just works for them. This switch to :any has actually a "surprising" benefit as well: Even frontends showing a package name via .Name() [which doesn't show the architecture] will display the "architecture" for dependencies in which it was explicitely requested, while we will not show the 'strange' :any arch in FullName(true) [= pretty-print] either. Before you had to specialcase these and by default you wouldn't get these details shown. The only identifiable disadvantage is that this complicates error reporting and handling. apt-get's ShowBroken has existing problems with virtual packages [it just shows the name without any reason], so that has to be worked on eventually. The other case is that detecting if a package is completely unknown or if it was at least referenced somewhere needs to acount for this "split" – not that it makes a practical difference which error is shown… but its one of the improvements possible.
2015-09-14M-A: allowed pkgs of unconfigured archs do not statisfy :anyDavid Kalnischkies
We parse all architectures we encounter recently, which means we also parse packages from architectures which are neither native nor foreign, but still came onto the system somehow (usually via heavy force).
2015-09-14store ':any' pseudo-packages with 'any' as architectureDavid Kalnischkies
Previously we had python:any:amd64, python:any:i386, … in the cache and the dependencies of an amd64 package would be on python:any:amd64, of an i386 on python:any:i386 and so on. That seems like a relatively pointless endeavor given that they will all be provided by the same packages and therefore also a waste of space. Git-Dch: Ignore
2015-09-11apt-pkg/tagfile.h: Include stdint.h, fixes rdep build failuresJulian Andres Klode
2015-09-02avoid triggering the c++11 erase api change on travisDavid Kalnischkies
Git-Dch: Ignore
2015-09-01use clock() as source for SRV randomnessDavid Kalnischkies
Initializing a random number generator with the time since epoch could be good enough, but reaches its limits in test code as the 100 iterations might very well happen in the same second and hence the seed number is always the same… clock() has a way lower resolution so it changes more often and not unimportant: If many users start the update at the same time it isn't to unlikely the SRV record will be ordered in the same second choosing the same for them all, but it seems less likely that the exact same clock() time has passed for them. And if I have to touch this, lets change a few other things as well to make me and/or compilers a bit happier (clang complained about the usage of a GNU extension in the testcase for example).
2015-09-01use unusable-for-security hashes for integrity checksDavid Kalnischkies
We want to declare some hashes as not enough for security, so that a user will need --allow-unauthenticated or similar to get data secured only by those hashes, but we can still us these hashes for integrity checks if we got them.
2015-09-01Consider md5sum no longer a usable hashMichael Vogt
The md5sum hash is broken since some time and we should no longer consider it a usable hash. Also update the tests to reflect this.
2015-09-01improve CheckDropPrivsMustBeDisabled furtherDavid Kalnischkies
Various smaller improvements so that the check deals better with already downloaded files, relative paths and other things. Git-Dch: Ignore