| Age | Commit message (Collapse) | Author |
|---|
|
apt(8): Disable regular expressions and fnmatch
See merge request apt-team/apt!95
|
|
This is the first step. Next step will be to add warnings to
apt-get and then remove support there as well.
|
|
Commit 93f33052de84e9aeaf19c92291d043dad2665bbd restricted auth.conf
entries to only apply to https by default, but this was silent - there
was no information why http sources with auth.conf entries suddenly
started failing. Add such information, and extend test case to cover
it.
|
|
Remove it everywhere, except where it is still needed.
|
|
|
|
This makes use of the a function GetHashString() that returns
the specific hash string. We also need to implement another overload
of Add() for signed chars with sizes, so the existing users do not
require reinterpret_cast everywhere.
|
|
Move APT_BUFFER_SIZE to macros.h and re-use it in hashes,
this also might speed up stuff, the motivation for using
64 KiB buffers in fileutl.cc was precisely that after all.
|
|
Switch the code of the Hashes class to use libgcrypt, which allows
us to use hardware-accelerated implementations of SHA1 and friends.
|
|
Avoid extra out-of-cache hash table deduplication for package names
See merge request apt-team/apt!92
|
|
Startup() was checking for bad items and failing them, but
we did not actually call Start() in the log, so the log might
not be setup correctly.
This caused a crash in python-apt when items were being
failed on queue startup, as it released the GIL when Start()
is being called and re-acquires it when running callbacks.
|
|
We were de-duplicating package name strings in StoreString, but also
deduplicating most of them by them being in groups, so we had extra
hash table lookups that could be avoided in NewGroup().
To continue deduplicating names across binary packages and source
packages, insert groups for source packages as well. This is also
a good first step in allowing efficient lookup of packages by source
package - we can extend Group later by a list of SourceVersion objects,
or alternatively, simply add a by-source chain into pkgCache::Version.
This change improves performance by about 10% (913 to 814 ms), while
having no significant overhead on the cache size:
--- before
+++ after
@@ -1,7 +1,7 @@
-Total package names: 109536 (2.191 k)
-Total package structures: 118689 (4.748 k)
+Total package names: 119642 (2.393 k)
+Total package structures: 118687 (4.747 k)
Normal packages: 83309
- Pure virtual packages: 3365
+ Pure virtual packages: 3363
Single virtual packages: 17811
Mixed virtual packages: 1973
Missing: 12231
@@ -10,21 +10,21 @@ Total distinct descriptions: 149291 (3.583 k)
Total dependencies: 484135/156650 (12,2 M)
Total ver/file relations: 57421 (1.378 k)
Total Desc/File relations: 18219 (437 k)
-Total Provides mappings: 29963 (719 k)
+Total Provides mappings: 29959 (719 k)
Total globbed strings: 226993 (5.332 k)
Total slack space: 26,8 k
-Total space accounted for: 38,1 M
+Total space accounted for: 38,3 M
Total buckets in PkgHashTable: 50503
- Unused: 5727
- Used: 44776
- Utilization: 88.6601%
- Average entries: 2.65073
+ Unused: 5728
+ Used: 44775
+ Utilization: 88.6581%
+ Average entries: 2.65074
Longest: 60
Shortest: 1
Total buckets in GrpHashTable: 50503
- Unused: 5727
- Used: 44776
- Utilization: 88.6601%
- Average entries: 2.44631
- Longest: 10
+ Unused: 4649
+ Used: 45854
+ Utilization: 90.7946%
+ Average entries: 2.60919
+ Longest: 11
Shortest: 1
|
|
This ensures that we do not leak simple words like that.
|
|
We don't use them, APT_CONST is APT_PURE now, and MAX/MIN/etc
are available as proper templates in the C++ standard library.
|
|
|
|
Replace the macro with an anonymous struct that provides an
inline operator->() returning the _error pointer.
This change is ABI compatible, and the inline macro is not
exported. We should consider if we want to avoid the function
call and directly export the thread_local variable instead,
when we do break ABI.
Closes: #948338
|
|
Pu/patterns phase2
See merge request apt-team/apt!85
|
|
This avoids downgrade attacks where an attacker could inject
Location: http://private.example/
and then (having access to raw data to private.example, for example,
by opening a port there, or sniffing network traffic) read the credentials
for the private repository.
Closes: #945911
|
|
While passing the combi Release and Release.gpg to the gpgv method for
verification the filename of Release is placed where usually Release.gpg
is assumed in the rest of the code. The "usual" cases like passing
verification and failing verification ending in an error are taking care
of this, but the code path dealing with a failed verification, but
ignoring said failure (e.g. due to trusted=yes) was not which results in
the wrong file being removed later on (in case the index happens to be
unmodified since the last update call) leading us into the abyss of
strange failures (fixed in the previous commit) were nothing should have
changed.
This is not a security issue in this form as the repository needs to fail
verification & the user forcing apt to ignore the failure and carry on
anyhow. It does show however how complicated the code and its various
interconnected paths can become.
Reported-By: Val "pinkieval" Lorentz on IRC
|
|
If we have no old Release file, but old indices we can't compare
hashsums with the new Release file and hence must request the indices
again and have to react to IMS hits if they didn't change.
We used to symlink the old index file to the partial directory, but that
usually meant that we linked an uncompressed file to a compressed file,
which not all uncompressors can deal with transparently resulting in
strange failures.
We could do without the symlink, but that would require changes in the
codepaths dealing with failure as they would rename the file to FAILED.
|
|
Unused variable, std::algorithms instead of raw for-loops.
There should be no observeable difference in behaviour.
Reported-By: cppcheck
Gbp-Dch: Ignore
|
|
|
|
|
|
This is pure syntactic sugar - ?narrow does not exist in the
abstract syntax.
|
|
|
|
When using locale in which symbols occupy more than 1 byte (for example,
ru_RU.UTF-8), the progress bar width was calculated incorrectly because
std::string::size() returns the number of bytes rather than the number of
actual characters. Use the newly introduced APT::String::DisplayLength()
to calculate the width instead.
|
|
Returns string length, but unlike std::string::size() it honors
multibyte characters. This allows to properly calculate visible
sizes of console messages.
|
|
|
|
|
|
|
|
|
|
|
|
When multiple translations of package descriptions are available,
perform search in all of them. It allows using search patterns in
any of the configured languages.
Previously, only the first available translation was searched. As
the result, patterns in e.g. English never matched packages which
had their descriptions translated into local language.
Closes: #490000
|
|
Using --force-depends causes dpkg to continue removing packages
a package depends upon even if that package fails to be removed,
because dpkg turns off all sanity checks. So we gotta tell dpkg
to stop immediately if there's an error removing stuff.
Closes: #935910
LP: #1844634
|
|
This should probably make those functions thread-safe, which
might be useful for some external users.
|
|
Only disallow ,() and on the start of a word also ~ and ?. Make
sure to include \0 as disallowed.
|
|
|
|
This matches any package that does not have versions.
|
|
The ?exact-name pattern matches the name exactly, there is
no substring matching going on, or any regular expression
or fnmatch magic.
|
|
This matches all packages where at least one of the versions
is marked essential; or well, whenver apt considers a package
essential.
|
|
This matches all packages that have broken dependencies in the
installed version or the version selected for install.
|
|
These two are mutually exclusive states of installed-ness. And
?installed package is fully unpacked and configured; a ?config-files
package only has config files left.
|
|
These match packages that have no version in a repository, or
where an upgrade is available. Notably,
?and(?obsolete,?upgradable) == ?false
because an upgradable package is by definition not obsolete.
|
|
These patterns allow you to identify automatically installed
packages, as well as automatically installed packages that are
no longer reachable from the manually installed ones.
|
|
This implements the basic logic patterns:
?and ?false ?not ?or ?true
and the basic package patterns:
?architecture ?name ?x-name-fnmatch
|
|
This adds a transformation from parse tree into a CacheFilter and
connects it with cachesets and the apt list command.
|
|
Introduce a parser for patterns that generates a parse tree. The
language understood by the parser is:
pattern = '?'TERM
| '?'TERM '(' pattern (',' pattern)* ','? ')'
| WORD
| QUOTED-WORD
TERM = [0-9a-zA-Z-]
WORD = [0-9a-ZA-Z-.*^$\[\]_\\]
QUOTED_WORD = "..." # you know what I mean
This language is context free, which is a massive simplification
from aptitude's language, where ?foo(bar) could have two different
meanings depending on whether ?foo takes an argument or not.
|
|
In commit 79b1a8298, QueueName() was changed, amongst other things,
to exit early when the queue mode was single access, as single
access does not need any fancy queue name. The exit became too
early though, as Config was not initialized anymore, but the
caller was relying on it.
Fix QueueName() to always initialize Config and in Enqueue()
initialize Config with a nullptr, so if this regresses it's
guaranteed to fail harder. Also add a test case - this is
very simple, but the first and only test case for access
queue mode.
Regression-Of: 79b1a82983e737e74359bc306d9edb357c5bdd46
LP: #1839714
|
|
Improve locking messaging - pid and name, "do not remove lock file"
See merge request apt-team/apt!68
|
|
Also in old changelogs, but nothing really user visible
like error messages or alike so barely noteworthy.
Reported-By: codespell
Gbp-Dch: Ignore
|
|
Reported-By: cppcheck
|
