summaryrefslogtreecommitdiff
path: root/apt-private
AgeCommit message (Collapse)Author
2016-06-22forbid insecure repositories by default expect in apt-getDavid Kalnischkies
With this commit all APT-based clients default to refusing to work with unsigned or otherwise insufficently secured repositories. In terms of apt and apt-get this changes nothing, but it effects all tools using libapt like aptitude, synaptic or packagekit. The exception remains apt-get for stretch for now as this might break too many scripts/usecases too quickly. The documentation is updated and extended to reflect how to opt out or in on this behaviour change. Closes: 808367
2016-06-08edsp: drop privileges before executing solversDavid Kalnischkies
Most (if not all) solvers should be able to run perfectly fine without root privileges as they get the entire state they are supposed to work on via stdin and do not perform any action directly, but just pass suggestions on via stdout. The new default is to run them all as _apt hence, but each solver can configure another user if it chooses/must. The security benefits are minimal at best, but it helps preventing silly mistakes (see 35f3ed061f10a25a3fb28bc988fddbb976344c4d) and that is always good. Note that our 'apt' and 'dump' solver already dropped privileges if they had them.
2016-06-08move 'dump' solver from apt-utils to apt packageDavid Kalnischkies
2016-06-08edsp: optionally store a compressed copy of the last scenarioDavid Kalnischkies
For bugreports and co it could be handy to have the scenario and all the settings used in it around later for inspection for EDSP like protocols. EDSP might not be the most interesting as the user can still interrupt the process before the solution is applied and users tend to have an opinion on the "rightness" of a solution, so it is disabled by default.
2016-06-02ignore std::locale exeception on non-existent "" localeDavid Kalnischkies
In 8b79c94af7f7cf2e5e5342294bc6e5a908cacabf changing to usage of C++ way of setting the locale causes us to be terminated in case of usage of an ungenerated locale as LC_ALL (or similar) – but we don't want to fail here, we just want to carry on as before with setlocale which we call in that case just for good measure.
2016-05-29try to detect sudo spawned root-shell in prefixingDavid Kalnischkies
It is a try as the we need to inspect SUDO_COMMAND which could be anything – apt, apt-get, in /usr/bin, in a $DPKG_ROOT "chroot", build from source, aliases, … The best we can do is look if the SHELL variable is equal to the SUDO_COMMAND which would mean a shell was invoked. That isn't fail-safe if different shells are involved as sub-shells have the tendency of not overriding the SHELL so a bash started from within zsh can happily pretend to be still zsh, so we could have a look at /etc/shells for a list, but oh well, we have to stop somewhere I guess. This sudo-prefixing feature is a gimmick after all. Closes: 825742
2016-05-28look into the right textdomain for apt-utils againDavid Kalnischkies
Broken in e7e10e47476606e3b2274cf66b1e8ea74b236757 by looking always into "apt" while we ship some tools in "apt-utils"…
2016-05-28use std::locale::global instead of setlocaleDavid Kalnischkies
We use a wild mixture of C and C++ ways of generating output, so having a consistent world-view in both styles sounds like a good idea and should help in preventing regressions.
2016-05-27prevent C++ locale number formatting in text APIsDavid Kalnischkies
Setting the C++ locale via std::locale::global(std::locale("")); which would otherwise default to the default C locale (aka: unaffected by setlocale) effects the formatting of numeric types in IO streams, which for output for humans is perfectly sensible, but breaks our many text interfaces used and parsed by us and others without expecting the numbers to be formatted. Closes: #825396
2016-05-20don't try to get acquire lock in simulation modeDavid Kalnischkies
The code moving in eb1f04dda07c2b69549ad9fd793cca0e91841b3e moved the acquire stuff above the simulation exit, so before getting locks (and creating/chmod directories) we should be checking if we should actually really do it… [ignore as bugfix of an unreleased commit] Git-Dch: Ignore
2016-05-20fail instead of segfault on unreadable config filesDavid Kalnischkies
The report mentions "apt list --upgradable", but there are others which have inconsistent behavior ranging from segfaulting to doing something with the partial (and hence incomplete) data. We had a recent report about sources.list (#818628), this one mentions prefences, the obvious next step is conf files… so the testcase is adapted to check for all three in file and directory versions and run a bunch of commands each time which should all have more or less the same behavior in such a case (aka error out). Closes: 824503
2016-05-16show final solution in --no-download --fix-missing modeDavid Kalnischkies
This commit moves the creation of the fetcher and with it the calculation of the filenames before the code generation the various lists detailing the solution. This means that simulation comes even so slightly closer to a real run as it will require and parse the package indexes for filenames and queuing of URIs, so that a simulation "using" an unavailable download method actually fails now. The real benefit of this change is through that the rather special but nontheless handy --no-download --fix-missing mode now actually shows what the solution is it will apply to the system rather than the solution it would if it could download all not-downloaded packages.
2016-05-16show globalerrors before asking for confirmationDavid Kalnischkies
Errors cause a kind of automatic no already, but warnings and notices are only displayed at the end of the apt execution even through they could effect the choice of saying yes/no to questions: E.g. if a configuration (file) was ignored you wanted to have an effect or if an external solver you used generated warnings suggesting that the solution might be valid, but bogus non-the-less and similar things. Note that this only moves those messages up to the question if the answer is interactive – not if e.g. -y is used or no question is asked at all so this has an effect only on interactive usage of apt(-get), not script who might be parsing apt output.
2016-05-09Speed up GetLocalitySortedVersionSet.Adrian Wielgosik
2016-04-28factor out Pkg/DepIterator prettyprinters into own headerDavid Kalnischkies
The old prettyprinters have only access to the struct they pretty print, which isn't enough usually as we want to know for a package also a bit of state information like which version is the candidate. We therefore need to pull the DepCache into context and hence use a temporary struct which is printed instead of the iterator itself.
2016-04-25private-show: Get rid of old policy support codeJulian Andres Klode
This does not make much sense anymore, now that we dropped the old candidate ver algorithm.
2016-04-25format multiline errors properly in acquire progressDavid Kalnischkies
Together with the GlobalError change this allows us to add errors spanning multiple lines, just that we control GlobalError while the acquire progress is dealt with potentially by individual clients which might or might not need to be adapted. This isn't critical through as it either just works as expected anyhow or is a minor styling thing (after all, all this commit does it add two spaces to indent the lines a bit…).
2016-04-25drop empty line from fetch errorDavid Kalnischkies
This is a duplicate of sorts of 0efb29eb36184bbe6de7b1013d1898796d94b171 which is the a lot more frequent case of this error – and also a duplicate of this error message, just without the \n at the end. Git-Dch: Ignore
2016-03-06support APT::Get::Build-Dep-Automatic again in build-depDavid Kalnischkies
In a249b3e6fd798935a02b769149c9791a6fa6ef16 I dropped with the manual first resolver step also the support for installing build-deps as automatic in such a way that it behaved like this option was enabled by default. Restoring support for it means that we go back to mark build- dependencies as manually installed again by default and provide this option to keep them as automatically installed.
2016-02-11use local changelog from /usr/share/doc if possibleDavid Kalnischkies
If pkgAcqChangelog is told to acquire the changelog for a version it will check first if this version is installed on the disk and if so will use the local changelog in /usr/share/doc (possibily/likely gz compressed) instead of downloading the file from the web. An option is provided to disable this, which is enabled by default for the Ubuntu vendor as they truncate the local changelogs – and for apts --print-uris action.
2016-02-10get dpkg lock in build-dep if cache was invalid againDavid Kalnischkies
Regression introduced in a249b3e6fd798935a02b769149c9791a6fa6ef16, which in the case of an invalid cache would build the first part unlocked and later pick up the (still unlocked) cache for further processing, so the system got never locked and apt would end up complaining about being unable to release the lock at shutdown. The far more common case of having a valid cache worked as expected and hence covered up the problem – especially as tests who would have noticed it are simulations only, which do not lock. Closes: 814139 Reported-By: Balint Reczey <balint@balintreczey.hu> Reported-By: Helmut Grohne <helmut@subdivi.de> on IRC
2016-02-03avoid building dependency tree in 'source' commandDavid Kalnischkies
We don't need the dependencies for obvious reasons and we don't need the candidate version either, so building a pkgDepCache is wasted effort, which we can stop doing now that build-dep cleared the path.
2016-02-03use pkgCache::VS instead of pkgDepCache::VS()David Kalnischkies
The later just calls the earlier, but the later needs the fullblown dependency cache to be initialized, which is a very costly operation and isn't done anymore that early in the run as we would need to throw away and rebuild it again after we got all the information about source pkgs. As we end up with a nullptr for the pkgDepCache, we use a slightly longer calling convention to make sure that we use the pkgCache directly, avoiding nullptr induced segfaults and costly operations. Git-Dch: Ignore Reported-By: Balint Reczey <balint@balintreczey.hu>
2016-02-02Try avoiding loading long package descriptionAdrian Wielgosik
It's a fairly expensive call and it's called on every package, even though it's usually only used when we're interested in a small number of packages. Long description is currently only shown by this function when using `apt search X --full`. On my PC, this patch speeds up `apt list` by roughly 20% and `apt list --installed` by 1-2%.
2016-01-26get sources for packages in multiple releases againDavid Kalnischkies
In 321213f0dcdcdaab04e01663e7a047b261400c9c Andreas Cadhalpun corrected the incorrect overriding of earlier better-fitting results with later (semi-)matches – but that broke the case in which packages are in multiple releases in the same version (and the user has both releases configured). Closes: 812497
2016-01-25reimplement build-dep via apts normal resolverDavid Kalnischkies
build-dep was implemented by parsing the build-dependencies of a package and figuring out which packages to install/remove based on this. That means that for the first level of dependencies build-dep was implementing its very own resolver with all the benefits (aka: bugs) this gives us for not using the existing resolver for all levels. Making this work involves generating a dummy binary package with fitting Depends and Conflicts and as we can't create them out of thin air the cache generation needs to be involved so we end up writing a Packages file which we want to parse – after we have parsed the other Packages files already. With .dsc/.deb files we could add them before we started parsing anything. With a bit of care we can avoid generating too much data we have to throw away again (as many parts assume that e.g. the count of packages doesn't change midair), so that on a speed front there shouldn't be much of a difference, but output can be slightly confusing as if we have a completely valid cache on disk the "Reading package lists... Done" is printed two times – but apt is pretty quick about it in that case. Closes: #137560, #444930, #489911, #583914, #728317, #812173
2016-01-14delay build-dep variable initialisation until neededDavid Kalnischkies
Git-Dch: Ignore
2016-01-14mark not-declared helper function for showsrc as staticDavid Kalnischkies
Git-Dch: Ignore
2016-01-14Do not show multiple identical apt-cache showsrc entriesMichael Vogt
Closes: #734922
2016-01-12AUTHORS: Update: I am active, bubulle is notJulian Andres Klode
Gbp-Dch: ignore
2016-01-11Sort the list of sources to be built and linkedMattia Rizzolo
Fix reproducibility issue due to readdir() order by sorting the list of sources to be built and linked. [jak@debian.org: Added summary and fixed typo] Closes: #810509
2016-01-11search: Handle packages without descriptionJulian Andres Klode
If a package has no description, we would crash in search. While this should not happen, there seem to be some weird cases where it does. A safer way might be to make the whole parser thing safe against this, so pkgRecords::Lookup(Desc.FileList()) works and returns a parser where all values are empty. This would also fix all other instances of this bug, if there are any. Closes: #810622
2016-01-07apt-helper: cat-file: Add -C/--compress optionJulian Andres Klode
This allows passing compressing the output. The compressor must be a compressor name, extension, or an extension without the leading dot.
2016-01-02Add new APT::Keep-Downloaded-Packages optionMichael Vogt
This option controls if downloaded packages should be kept after a successful install or if they should be deleted. The default for "apt-get" is that they are kept (just like before). However the default for "apt" is that they get deleted. Closes: #160743
2016-01-02fail installing build-deps if parsing them failedDavid Kalnischkies
Git-Dch: Ignore
2015-12-23ensure we got a lock in clean operationDavid Kalnischkies
We try to acquired the locks, but we didn't stop if we failed to get it… Closes: 808561
2015-12-14non-existing directories don't need to be cleanedDavid Kalnischkies
Trying to clean up directories which do not exist seems rather silly if you think about it, so let apt think about it and stop it. Depends a bit on the caller if this is fixing anything for them as they might try to acquire a lock or doing other clever things as apt does. Closes: 807477
2015-12-01require explicit paths to dsc/control as we do for deb filesDavid Kalnischkies
Otherwise a user is subject to unexpected content-injection depending on which directory she happens to start apt in. This also cleans up the code requiring less implementation details in build-dep which is always good. Technically, this is an ABI break as we override virtual methods, but that they weren't overridden was a mistake resulting in pure classes, which shouldn't be pure, so they were unusable – and as they are new in 1.1 nobody is using them yet (and hopefully ever as they are borderline implementation details). Closes: 806693
2015-12-01deal with configured build-essential firstDavid Kalnischkies
There is no need to check configured build-essentials for each package, doing it once at the start ought to be enough. Git-Dch: Ignore
2015-12-01split build-dep satisfier loop out of DoBuildDepDavid Kalnischkies
Lets do this non-behaviour change before we modify the source for real as the reflow and moving would otherwise hide all the interesting changes. Git-Dch: Ignore
2015-11-29drop some needlessly public declarations in libapt-privateDavid Kalnischkies
Git-Dch: Ignore
2015-11-29move 'unmet' handling into libapt-privateDavid Kalnischkies
Git-Dch: Ignore
2015-11-29do not override exact targetrelease matches with lesser matchesAndreas Cadhalpun
The relevant testcases are in test/integration/test-apt-get-source. There is a test for #731853 that is supposed to "ensure that apt will pick the higher version number" of 0.0.1 (stable) and 0.1 (stable). However, this works by pure chance, as simply reversing the order of the two insertsource lines makes the test fail. So #731853 isn't really fixed, yet. Actually, that's related to the problem I reported, as the underlying issue for both is the same: In the FindSrc function apt chooses a new 'best hit', if either * there is a target release and it matches the release of the package, * or the version of the package is higher than the last best hit. Consider having 1.0 (stable), 2.0 (unstable) and 1.5 (unstable), in this order. Looking for the version in stable, apt first selects 1.0, because the release matches the target release, but then subsequently selects 2.0, because the version is higher. Looking for the version in unstable, apt first selects 2.0, because the release matches the target release, but then subsequently selects 1.5, because the release also matches the target release. The correct way would be to choose a new 'best hit', if either * there is a target release and it matches the release of the package, * or there is no target release and the version is higher than the last best hit. Closes: 746412 Mail-Reference: <565A604B.7090104@googlemail.com> Mail-Archive: https://lists.debian.org/debian-devel/2015/11/msg00470.html
2015-11-29use function pointers instead of weak symbols for cmdline parsingDavid Kalnischkies
Passing function pointers around while working on this was very icky, but if weak symbols are too much to ask for… Reverts "do not use "-Wl,-Bsymbolic-functions" during the build to avoid breakage" aka a5fc9be36211a290a7abc3ca2a8bf98943bc1f57.
2015-11-28Revert "Revert "appease adequate with some weak symbols for -private""Julian Andres Klode
This reverts commit 7ac9386cb6e272625490fcf3e8183b45e28bbc43.
2015-11-28Revert "appease adequate with some weak symbols for -private"Julian Andres Klode
This reverts commit 28f24d3dad1844af316337d565ba2ebc11c8ce97. This fails on Ubuntu as they build with -Bsymbolic-functions.
2015-11-27appease adequate with some weak symbols for -privateDavid Kalnischkies
Closes: #806422
2015-11-21show potentially arch-qualified fullname in 'apt show'David Kalnischkies
We do not show the architecture as a dedicated field as this is rather technical information, but as packagename it makes sense to show the architecture as other part of apt will refer to it in this way.
2015-11-05apply various suggestions made by cppcheckDavid Kalnischkies
Reported-By: cppcheck Git-Dch: Ignore
2015-11-05drop privileges in copy:// method as we do for file://David Kalnischkies
Continueing on the track of dropping privileges in all methods, lets drop it in copy, too, as the reasoning for it is very similar to file and the interaction between the too quiet interesting as copy kinda surfed as a fallback for file not being able to read the file. Both now show a better error message as well as it was previously claiming to have a hashsum mismatch, given that it couldn't read the file. Git-Dch: Ignore