| Age | Commit message (Collapse) | Author |
|---|
|
|
|
This is a first step to a type safe cache, adding typing
information everywhere. Next, we'll replace map_pointer<T>
implementation with a type safe one.
|
|
apt-pkg/srcrecords.cc: 'source' means 'deb-src' in error message
See merge request apt-team/apt!101
|
|
|
|
|
|
ABI BREAK: Implement pinning by source package
See merge request apt-team/apt!96
|
|
Remove all code scheduled to be removed after 5.90, and fix
files to include files they previously got from hashes.h
including more headers.
|
|
|
|
This experiment did not turn out sensibly, as some servers do not
accept credentials when none are expected and fail, so you cannot
mirror such a repository.
This reverts commit c2b9b0489538fed4770515bd8853a960b13a2618.
|
|
These allow overriding priorities, however, pins set by SetPriority
for package files will be overriden by calls to InitDefaults().
|
|
The filename "sources.list" suggests that all contained lines are meant
to describe some package source, so users might not immediately
understand that this refers to 'deb-src' type lines. Please see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919285
for an example of the resulting confusion.
|
|
While moving to a more stable clock in 79b61ae I typoed the microsecond
calculation part and copied it all over the place… Julian fixed the
first two instances in 089e6271 and Trent reported the apt-ftparchive
instances leaving one instance in progress (invisible for user though).
A bit ironic that in an attempt to stop "confusing (and amusing) users"
I managed to hide a typo for close to two years doing just that…
Sadly we can't really test this as while "apt-ftparchive generate /dev/null"
is a great interactive test, it is hard to teach our test framework that
the output is "reasonably below an hour" (usually 0s, but on busy test
systems it is perhaps longer…).
Thanks: Trent W. Buck for initial patch
Closes: #950776
References: 79b61ae7673eb6213493e2cb202f0d70c390932d,
089e627153781ae7c320a5a0724c6c70d684b689
|
|
|
|
we have to stop parsing on space so that things like ~ramd64 | ~rall
work correctly.
aptitude does not stop parsing on ?, but we'll do as it gets very
confusing otherwise if you write stuff like ~ramd64?name(foo), and
it resolves to ?and(?architecture(amd64?name), (foo))...
|
|
|
|
|
|
|
|
|
|
This changes the syntax from approximately
expr = unary
unary = '!'? primary
primary = pattern | short-pattern | word | quoted-word
pattern = '?' name [ '(' expr [',' expr]* ')' ]
short-pattern = ~ name | ~name expr
to:
primary = pattern | short-pattern
argument = word | quoted-word | expr
pattern = '?' name [ '(' argument [',' argument]* ')' ]
short-pattern = ~ name | ~name argument
|
|
|
|
Also make pattern detector in cacheset and private's list accept
such patterns. We probably should just try to parse and see if it
is a (start of a) pattern.
|
|
This will make it easier to extend those views, given that
we do not need to hardcode their length.
|
|
By having a node constructor, we can construct a node inline
for error reporting needs, simplifying the code a bit.
|
|
This allows comparing against sentence.size()
|
|
This allows us to define constexpr string view literals.
|
|
NewGroup created a GrpIterator and then called WriteStringInMap()
which might remap the cache, causing the iterator to go invalid.
Avoid this simply by creating the iterator later on.
|
|
Given that we have a maximum of 12 pools, and much more
items to insert, it does not make sense to have two branches
in the hot path.
Move the search for an empty pool into the unlikely case
that no matching pool has been created yet - a condition
that is guaranteed to only happens up to 12 times.
|
|
This implements the src: syntax inside policy, allowing you to
pin by source package. This by default only pins the native
architecuture, use src:pkg:any to pin for all architectures
in your cache.
Closes: #166032
|
|
This adds a simple way to lookup binaries by a source package,
but this adds all binaries into one list, even with different
source versions. Be careful.
|
|
This ensures that caches build with one version can't be
opened with another, which makes sense. It's a temporary
approach until we can replace major:minor fields with
a version string.
For example, this would have prevented 1.9.7 from using
broken caches from 1.9.6.
|
|
APT 1.9.6 introduced empty groups by making use of groups to
deduplicate package names. This is not normally a problem, but
here we assumed that every group has at least one package.
This caused a problem because automake was providing automake-1.16
while having the source package automake-1.16. So we found the
automake-1.16 group, iterated over its empty package list, trying
to store the provides (which hence never happened).
LP: #1859952
|
|
apt(8): Disable regular expressions and fnmatch
See merge request apt-team/apt!95
|
|
This is the first step. Next step will be to add warnings to
apt-get and then remove support there as well.
|
|
Commit 93f33052de84e9aeaf19c92291d043dad2665bbd restricted auth.conf
entries to only apply to https by default, but this was silent - there
was no information why http sources with auth.conf entries suddenly
started failing. Add such information, and extend test case to cover
it.
|
|
Remove it everywhere, except where it is still needed.
|
|
|
|
This makes use of the a function GetHashString() that returns
the specific hash string. We also need to implement another overload
of Add() for signed chars with sizes, so the existing users do not
require reinterpret_cast everywhere.
|
|
Move APT_BUFFER_SIZE to macros.h and re-use it in hashes,
this also might speed up stuff, the motivation for using
64 KiB buffers in fileutl.cc was precisely that after all.
|
|
Switch the code of the Hashes class to use libgcrypt, which allows
us to use hardware-accelerated implementations of SHA1 and friends.
|
|
Avoid extra out-of-cache hash table deduplication for package names
See merge request apt-team/apt!92
|
|
Startup() was checking for bad items and failing them, but
we did not actually call Start() in the log, so the log might
not be setup correctly.
This caused a crash in python-apt when items were being
failed on queue startup, as it released the GIL when Start()
is being called and re-acquires it when running callbacks.
|
|
We were de-duplicating package name strings in StoreString, but also
deduplicating most of them by them being in groups, so we had extra
hash table lookups that could be avoided in NewGroup().
To continue deduplicating names across binary packages and source
packages, insert groups for source packages as well. This is also
a good first step in allowing efficient lookup of packages by source
package - we can extend Group later by a list of SourceVersion objects,
or alternatively, simply add a by-source chain into pkgCache::Version.
This change improves performance by about 10% (913 to 814 ms), while
having no significant overhead on the cache size:
--- before
+++ after
@@ -1,7 +1,7 @@
-Total package names: 109536 (2.191 k)
-Total package structures: 118689 (4.748 k)
+Total package names: 119642 (2.393 k)
+Total package structures: 118687 (4.747 k)
Normal packages: 83309
- Pure virtual packages: 3365
+ Pure virtual packages: 3363
Single virtual packages: 17811
Mixed virtual packages: 1973
Missing: 12231
@@ -10,21 +10,21 @@ Total distinct descriptions: 149291 (3.583 k)
Total dependencies: 484135/156650 (12,2 M)
Total ver/file relations: 57421 (1.378 k)
Total Desc/File relations: 18219 (437 k)
-Total Provides mappings: 29963 (719 k)
+Total Provides mappings: 29959 (719 k)
Total globbed strings: 226993 (5.332 k)
Total slack space: 26,8 k
-Total space accounted for: 38,1 M
+Total space accounted for: 38,3 M
Total buckets in PkgHashTable: 50503
- Unused: 5727
- Used: 44776
- Utilization: 88.6601%
- Average entries: 2.65073
+ Unused: 5728
+ Used: 44775
+ Utilization: 88.6581%
+ Average entries: 2.65074
Longest: 60
Shortest: 1
Total buckets in GrpHashTable: 50503
- Unused: 5727
- Used: 44776
- Utilization: 88.6601%
- Average entries: 2.44631
- Longest: 10
+ Unused: 4649
+ Used: 45854
+ Utilization: 90.7946%
+ Average entries: 2.60919
+ Longest: 11
Shortest: 1
|
|
This ensures that we do not leak simple words like that.
|
|
We don't use them, APT_CONST is APT_PURE now, and MAX/MIN/etc
are available as proper templates in the C++ standard library.
|
|
|
|
Replace the macro with an anonymous struct that provides an
inline operator->() returning the _error pointer.
This change is ABI compatible, and the inline macro is not
exported. We should consider if we want to avoid the function
call and directly export the thread_local variable instead,
when we do break ABI.
Closes: #948338
|
|
Pu/patterns phase2
See merge request apt-team/apt!85
|
|
This avoids downgrade attacks where an attacker could inject
Location: http://private.example/
and then (having access to raw data to private.example, for example,
by opening a port there, or sniffing network traffic) read the credentials
for the private repository.
Closes: #945911
|
|
While passing the combi Release and Release.gpg to the gpgv method for
verification the filename of Release is placed where usually Release.gpg
is assumed in the rest of the code. The "usual" cases like passing
verification and failing verification ending in an error are taking care
of this, but the code path dealing with a failed verification, but
ignoring said failure (e.g. due to trusted=yes) was not which results in
the wrong file being removed later on (in case the index happens to be
unmodified since the last update call) leading us into the abyss of
strange failures (fixed in the previous commit) were nothing should have
changed.
This is not a security issue in this form as the repository needs to fail
verification & the user forcing apt to ignore the failure and carry on
anyhow. It does show however how complicated the code and its various
interconnected paths can become.
Reported-By: Val "pinkieval" Lorentz on IRC
|
|
If we have no old Release file, but old indices we can't compare
hashsums with the new Release file and hence must request the indices
again and have to react to IMS hits if they didn't change.
We used to symlink the old index file to the partial directory, but that
usually meant that we linked an uncompressed file to a compressed file,
which not all uncompressors can deal with transparently resulting in
strange failures.
We could do without the symlink, but that would require changes in the
codepaths dealing with failure as they would rename the file to FAILED.
|
