summaryrefslogtreecommitdiff
path: root/cmdline
AgeCommit message (Collapse)Author
2017-10-05ignore unsupported key formats in apt-keyDavid Kalnischkies
gpg2 generates keyboxes by default and users end up putting either those or armored files into the trusted.gpg.d directory which apt tools neither expect nor can really work with without fortifying backward compatibility (at least under the ".gpg" extension). A (short) discussion about how to deal with keyboxes happened in https://lists.debian.org/deity/2017/07/msg00083.html As the last message in that thread is this changeset lets go ahead with it and see how it turns out. The idea is here simply that we check the first octal of a gpg file to have one of three accepted values. Testing on my machines has always produced just one of these, but running into those values on invalid files is reasonabily unlikely to not worry too much. Closes: #876508
2017-09-11apt-daily: Do not Wants=network-online, and add some more After=Julian Andres Klode
We now wait for being online ourselves, so all we need to wait on is for services we are using to be online first. This avoids severe boot slowdowns by other services having specified an After=network-online.target without a Wants=. Gbp-Dch: Full
2017-09-10apt-helper: Add connman support to wait-onlineJulian Andres Klode
2017-09-09apt-daily: Wait for network before daily updatesJulian Andres Klode
Introduce a new helper, apt-helper wait-online that uses NetworkManager and/or systemd-networkd to wait for them reporting online, with a time out of 30 seconds; and run that helper before running the daily update script. LP: #1699850 Gbp-Dch: Full
2017-08-24Replace APT_CONST with APT_PURE everywhereJulian Andres Klode
As a follow up to the last commit, let's replace APT_CONST with APT_PURE everywhere to clean stuff up.
2017-07-26ignore SIGPIPE in dump solver if forwardingDavid Kalnischkies
Our test-external-dependency-solver-protocol test sometimes fails on the immediately 'crashing' solver exit1withoutmsg with the message that it got SIGPIPE from the solver. That isn't really possible as the solver produces no output, but on inspection its not this solver getting the signal but the wrapping provided by the dump-solver as the wrapped solver instantly exits. Simply ignoring the signal helps in perhaps extracting the last words of another solver (as this one has none), but at the very least we get the exit code of the wrapped solver we interested in as output.
2017-07-12Reformat and sort all includes with clang-formatJulian Andres Klode
This makes it easier to see which headers includes what. The changes were done by running git grep -l '#\s*include' \ | grep -E '.(cc|h)$' \ | xargs sed -i -E 's/(^\s*)#(\s*)include/\1#\2 include/' To modify all include lines by adding a space, and then running ./git-clang-format.sh.
2017-07-12Drop cacheiterators.h includeJulian Andres Klode
Including cacheiterators.h before pkgcache.h fails because pkgcache.h depends on cacheiterators.h.
2017-06-26avoid explicit types for pkg counts by autoDavid Kalnischkies
Changes nothing on the program front and as the datatypes are sufficently comparable fixes no bug either, but problems later on if we ever change the types of those and prevent us using types which are too large for the values we want to store waste (a tiny bit of) resources. Gbp-Dch: Ignore
2016-12-31apt-key: ignore gpg1 already imported secret key import failureDavid Kalnischkies
On Travis and co the default gpg implementation is gpg1 which for some reason fails if a secret key which was already imported is imported again. We would prefer it to be a NOP like gpg2 handles it so we crudely check the error message. apt-key usually doesn't deal with secret keys – it only learned to do it for manual testing and the integration framework usage, so no public interface is effected. Triggered-By: 4ce2f35248123ff2366c8c365ad6a94945578d66 Gbp-Dch: Ignore
2016-12-21tests: cache the apt-key homedir used for Release signingDavid Kalnischkies
Importing a new secret key into gpg(2) can be increadibly slow which prolongs the test runs significantly – by caching the homedir we gain a significant speedbonus as reimporting already present keys seems like a far less costly operation. Git-Dch: Ignore
2016-11-25add apt-key support for armored GPG key files (*.asc)David Kalnischkies
Having binary files in /etc is kinda annoying – not that the armored files are much better – but it is hard to keep tabs on which format the file has ("simple" or "keybox") and different gnupg versions have different default binary formats which can be confusing for users to work with (beside that it is binary). Adding support for this now will enable us in some distant future to move to armored later on, much like we added trusted.gpg.d years before the world picked it up.
2016-11-24report apt-key errors via status-fd messagesDavid Kalnischkies
We report warnings from apt-key this way already since 29c590951f812d9e9c4f17706e34f2c3315fb1f6, so reporting errors seems like a good addition. Most of those errors aren't really from apt-key through, but from the code setting up and actually calling it which used to just print to stderr which might or might not intermix them with (other) progress lines in update calls. Having them as proper error messages in the system means that the errors are actually collected later on for the list instead of ending up with our relatively generic but in those cases bogus hint regarding "is gpgv installed?". The effective difference is minimal as the errors apply mostly to systems which have far worse problems than a not as nice looking error message, which makes this pretty hard to test – but at least now the hint that your system is broken can be read in proper order (= there aren't many valid cases in which the permissions of /tmp are messed up…). LP: #1522988
2016-08-27Merge branch 'portability/freebsd'Julian Andres Klode
2016-08-26apt-key: Only use readlink -f for existing componentsJulian Andres Klode
On FreeBSD, readlink -f requires the last component to exist.
2016-08-26Add missing includes and external definitionsJulian Andres Klode
Several modules use std::array without including the array header. Bad modules. Some modules use STDOUT_FILENO and friends, or close() without including unistd.h, where they are defined. One module also uses WIFEXITED() without including sys/wait.h. Finally, environ is not specified to be defined in unistd.h. We are required to define it ourselves according to POSIX, so let's do that.
2016-08-25show apt-key warnings in apt updateDavid Kalnischkies
In 105503b4b470c124bc0c271bd8a50e25ecbe9133 we got a warning implemented for unreadable files which greatly improves the behavior of apt update already as everything will work as long as we don't need the keys included in these files. The behavior if they are needed is still strange through as update will fail claiming missing keys and a manual test (which the user will likely perform as root) will be successful. Passing the new warning generated by apt-key through to apt is a bit strange from an interface point of view, but basically duplicating the warning code in multiple places doesn't feel right either. That means we have no translation for the message through as apt-key has no i18n yet. It also means that if the user has a bunch of sources each of them will generate a warning for each unreadable file which could result in quite a few duplicated warnings, but "too many" is better than none. Closes: 834973
2016-08-25apt-key: warn instead of fail on unreadable keyringsDavid Kalnischkies
apt-key has inconsistent behaviour if it can't read a keyring file: Commands like 'list' skipped silently over such keyrings while 'verify' failed hard resulting in apt to report cconfusing gpg errors (#834973). As a first step we teach apt-key to be more consistent here skipping in all commands over unreadable keyrings, but issuing a warning in the process, which is as usual for apt commands displayed at the end of the run.
2016-08-17allow spaces in fingerprints for 'apt-key del'David Kalnischkies
Fingerprints tend to be displayed in space-separated octet pairs so be nice and allow delete to remove a key based on such a string rather than requiring that the user is deleting all the spaces manually.
2016-08-17add the gpg-classic variant to the gpgv/gnupg or-groupDavid Kalnischkies
We need to support partial upgrades anyhow, so we have to deal with the different versions and your tests try to ensure that we do, so we shouldn't make any explicit higher requirements.
2016-08-10Get rid of the old buildsystemJulian Andres Klode
Bye, bye, old friend.
2016-08-06CMake: Add basic CMake build systemJulian Andres Klode
Introduce an initial CMake buildsystem. This build system can build a fully working apt system without translation or documentation. The FindBerkelyDB module is from kdelibs, with some small adjustements to also look in db5 directories. Initial work on this CMake build system started in 2009, and was resumed in August 2016.
2016-07-31apt-key: ignore any error produced by gpgconf --killDavid Kalnischkies
gpgconf wasn't always equipped with a --kill option as highlighted by our testcases failing on Travis and co as these use a much older version of gpg2. As this is just for cleaning up slightly faster we ignore any error a call might produce and carry on. Use a recent enough gpg2 version if you need the immediate killing… Gbp-Dch: Ignore Reported-By: Travis CI
2016-07-31apt-key: kill gpg-agent explicitly in cleanupDavid Kalnischkies
apt-key has (usually) no secret key material so it doesn't really need the agent at all, but newer gpgs insist on starting it anyhow. The agents die off rather quickly after the underlying home-directory is cleaned up, but that is still not fast enough for tools like sbuild which want to unmount but can't as the agent is still hanging onto a non-existent homedir. Reported-By: Johannes 'josch' Schauer on IRC
2016-07-05use the right key for compressor configuration dumpDavid Kalnischkies
The generated dump output is incorrect in sofar as it uses the name as the key for this compressor, but they don't need to be equal as is the case if you force some of the inbuilt ones to be disabled as our testing framework does it at times. This is hidden from changelog as nobody will actually notice while describing it in a few words make it sound like an important change… Git-Dch: Ignore
2016-07-05indextargets: Check that cache could be built before using itJulian Andres Klode
This caused a crash because the cache was a nullptr. Closes: #829651
2016-07-02use +0000 instead of UTC by default as timezone in outputDavid Kalnischkies
All apt versions support numeric as well as 3-character timezones just fine and its actually hard to write code which doesn't "accidently" accepts it. So why change? Documenting the Date/Valid-Until fields in the Release file is easy to do in terms of referencing the datetime format used e.g. in the Debian changelogs (policy §4.4). This format specifies only the numeric timezones through, not the nowadays obsolete 3-character ones, so in the interest of least surprise we should use the same format even through it carries a small risk of regression in other clients (which encounter repositories created with apt-ftparchive). In case it is really regressing in practice, the hidden option -o APT::FTPArchive::Release::NumericTimezone=0 can be used to go back to good old UTC as timezone. The EDSP and EIPP protocols use this 'new' format, the text interface used to communicate with the acquire methods does not for compatibility reasons even if none of our methods would be effected and I doubt any other would (in these instances the timezone is 'GMT' as that is what HTTP/1.1 requires). Note that this is only true for apt talking to methods, (libapt-based) methods talking to apt will respond with the 'new' format. It is therefore strongly adviced to support both also in method input.
2016-07-02deprecate 'apt-key update' and no-op it in DebianDavid Kalnischkies
Debian isn't using 'update' anymore for years and the command is in direct conflict with our goal of not requiring gnupg anymore, so it is high time to officially declare this command as deprecated.
2016-07-01warn if apt-key is used in scripts/its output parsedDavid Kalnischkies
apt-key needs gnupg for most of its operations, but depending on it isn't very efficient as apt-key is hardly used by users – and scripts shouldn't use it to begin with as it is just a silly wrapper. To draw more attention on the fact that e.g. 'apt-key add' should not be used in favor of "just" dropping a keyring file into the trusted.gpg.d directory this commit implements the display of warnings.
2016-07-01alias apt-key list to fingerDavid Kalnischkies
There is no real point in having two commands which roughly do the same thing, especially if the difference is just in the display of the fingerprint and hence security sensitive information. Closes: 829232
2016-06-29eipp: let apt make a plan, not make stuff planeDavid Kalnischkies
Julian noticed on IRC that I fall victim to a lovely false friend by calling referring to a 'planer' all the time even through these are machines to e.g. remove splinters from woodwork ("make stuff plane"). The term I meant is written in german in this way (= with a single n) but in english there are two, aka: 'planner'. As that is unreleased code switching all instances without any transitional provisions. Also the reason why its skipped in changelog. Thanks: Julian Andres Klode Gbp-Dch: Ignore
2016-06-27eipp: rename stanza 'Install' to 'Unpack'David Kalnischkies
Freeing 'Install' for future use as an interface for "dpkg --install", which is currently not used by any existent planer, so the implementation of it itself will be delayed until then.
2016-06-27eipp: add Allow-Temporary-Remove-of-EssentialsDavid Kalnischkies
A rather special need option, but the internal planer supports this and we have a testcase for it & sometimes it is hit (as a bug through). The option itself mostly serves as a reminder for implementors that they should be careful with removes and especially temporary removes if they perform any.
2016-06-27eipp: include global errors in reported errorDavid Kalnischkies
Git-Dch: Ignore
2016-06-27eipp: implement Immediate-Configuration flagDavid Kalnischkies
APT has 3 modes: no immediate configuration, all packages are configured immediately and its default mode of configuring essentials and pseudo-essentials immediately only. While this seems like a job of different planers at first, it might be handy to have it as an option, too, in case a planer (like apts internal one) supports different modes where the introduction of individual planers would be counter intuitive.
2016-06-27eipp: provide the internal planer as an external oneDavid Kalnischkies
Testing the current implementation can benefit from being able to be feed an EIPP request and produce a fully compliant response. It is also a great test for EIPP in general.
2016-06-20implement and document DIRECT for auto-detect-proxyDavid Kalnischkies
There is a subtile difference between an empty setting and "DIRECT" in the configuration as the later overrides the generic settings while the earlier does not. Also, non-zero exitcodes should really be reported as an error rather than silently discarded.
2016-06-14apt-key: don't search PATH if command is a path alreadyDavid Kalnischkies
2016-06-08edsp: drop privileges before executing solversDavid Kalnischkies
Most (if not all) solvers should be able to run perfectly fine without root privileges as they get the entire state they are supposed to work on via stdin and do not perform any action directly, but just pass suggestions on via stdout. The new default is to run them all as _apt hence, but each solver can configure another user if it chooses/must. The security benefits are minimal at best, but it helps preventing silly mistakes (see 35f3ed061f10a25a3fb28bc988fddbb976344c4d) and that is always good. Note that our 'apt' and 'dump' solver already dropped privileges if they had them.
2016-06-08edsp: optionally store a compressed copy of the last scenarioDavid Kalnischkies
For bugreports and co it could be handy to have the scenario and all the settings used in it around later for inspection for EDSP like protocols. EDSP might not be the most interesting as the user can still interrupt the process before the solution is applied and users tend to have an opinion on the "rightness" of a solution, so it is disabled by default.
2016-06-04edsp: use a stanza based interface for solution writingDavid Kalnischkies
EDSP had a WriteSolution method to write out the entire solution based on the inspection of a given pkgDepCache, but that is rather inflexible both for EDSP itself and for other EDSP like-protocols. It seems better to use a smaller scope in printing just a single stanza based on a given version as there is more reuse potential.
2016-06-02apt-key: change to / before find to satisfy its CWD needsDavid Kalnischkies
First seen on hurd, but easily reproducible on all systems by removing the 'execution' bit from the current working directory and watching some tests (mostly the no-output expecting tests) fail due to find printing: "find: Failed to restore initial working directory: …" Samuel Thibault says in the bugreport: | To do its work, find first records the $PWD, then goes to | /etc/apt/trusted.gpg.d/ to find the files, and then goes back to $PWD. | | On Linux, getting $PWD from the 700 directory happens to work by luck | (POSIX says that getcwd can return [EACCES]: Search permission was denied | for the current directory, or read or search permission was denied for a | directory above the current directory in the file hierarchy). And going | back to $PWD fails, and thus find returns 1, but at least it emitted its | output. | | On Hurd, getting $PWD from the 700 directory fails, and find thus aborts | immediately, without emitting any output, and thus no keyring is found. | | So, to summarize, the issue is that since apt-get update runs find as a | non-root user, running it from a 700 directory breaks find. Solved as suggested by changing to '/' before running find, with some paranoia extra care taking to ensure the paths we give to find are really absolute paths first (they really should, but TMPDIR=. or a similar Dir::Etc::trustedparts setting could exist somewhere in the wild). The commit takes also the opportunity to make these lines slightly less error ignoring and the two find calls using (mostly) the same parameters. Thanks: Samuel Thibault for 'finding' the culprit! Closes: 826043
2016-05-28look into the right textdomain for apt-utils againDavid Kalnischkies
Broken in e7e10e47476606e3b2274cf66b1e8ea74b236757 by looking always into "apt" while we ship some tools in "apt-utils"…
2016-05-27prevent C++ locale number formatting in text APIsDavid Kalnischkies
Setting the C++ locale via std::locale::global(std::locale("")); which would otherwise default to the default C locale (aka: unaffected by setlocale) effects the formatting of numeric types in IO streams, which for output for humans is perfectly sensible, but breaks our many text interfaces used and parsed by us and others without expecting the numbers to be formatted. Closes: #825396
2016-05-20edsp: use a limited scenario based on bool-arrayDavid Kalnischkies
Its more space and runtime efficient to use a boolean set instead of a CacheSet-based implementation. Git-Dch: Ignore
2016-05-20edsp: add Forbid-{New-Install,Remove} and Upgrade-AllDavid Kalnischkies
This allows to differentiate properly between 'apt-get upgrade', 'apt upgrade' and 'apt full-upgrade'.
2016-05-20edsp: dump: support dumping into compressed fileDavid Kalnischkies
2016-05-20convert EDSP to be based on FileFd instead of FILE*David Kalnischkies
I doubt there is any non-src:apt usage of these interfaces.
2016-05-20fail instead of segfault on unreadable config filesDavid Kalnischkies
The report mentions "apt list --upgradable", but there are others which have inconsistent behavior ranging from segfaulting to doing something with the partial (and hence incomplete) data. We had a recent report about sources.list (#818628), this one mentions prefences, the obvious next step is conf files… so the testcase is adapted to check for all three in file and directory versions and run a bunch of commands each time which should all have more or less the same behavior in such a case (aka error out). Closes: 824503
2016-05-01apt-key: add \n to dpkg-query --show --showformatCarsten Hey
Guarding against 'broken' greps not dealing with non-text inputs "just in case" by making the input text with a proper newline. [commit message by David Kalnischkies] Reported-On: IRC Git-Dch: Ignore