summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2017-10-23Release 1.6~alpha11.6_alpha1Julian Andres Klode
2017-10-22Sandbox methods with seccomp-BPF; except cdrom, gpgv, rshJulian Andres Klode
This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else.
2017-09-24Drop curl method and apt-transport-https packageJulian Andres Klode
This automatically removes any old apt-transport-https, as apt now Breaks it unversioned.
2017-09-24Drop obsolute Testsuite: autopkgtest headerJulian Andres Klode
2017-09-24Drop obsolete dh-systemd build-depJulian Andres Klode
2017-09-24Bump Standards-Version to 4.1.0Julian Andres Klode
2017-09-24Release 1.51.5Julian Andres Klode
2017-09-13Release 1.5~rc41.5_rc4Julian Andres Klode
2017-09-11apt-daily: Do not Wants=network-online, and add some more After=Julian Andres Klode
We now wait for being online ourselves, so all we need to wait on is for services we are using to be online first. This avoids severe boot slowdowns by other services having specified an After=network-online.target without a Wants=. Gbp-Dch: Full
2017-09-10Release 1.5~rc31.5_rc3Julian Andres Klode
2017-09-09Release 1.5~rc21.5_rc2Julian Andres Klode
2017-09-09Directly link against libudev on Linux systemsJulian Andres Klode
We previously dlopen()ed it, but it seems painful to do that without any real gain, except for possibly not having libudev in the address space and not having code #ifdefed for Linux. The latter means that we are a bit more likely to break stuff for non-Linux systems now if we play with udev, but at least we don't end up with it silently breaking because of a libudev ABI break. The existing function pointers in the struct were renamed and kept for compat purposes. Fixes Debian/apt#48 Also adjust prepare-release to strip [linux-any] from build-depends for travis.
2017-09-09apt-daily: Pull in network-online.target in service, not timerJulian Andres Klode
There's no real point in pulling it in in the timer already, and it it somewhat saver to do so in the service.
2017-09-09apt-daily: Wait for network before daily updatesJulian Andres Klode
Introduce a new helper, apt-helper wait-online that uses NetworkManager and/or systemd-networkd to wait for them reporting online, with a time out of 30 seconds; and run that helper before running the daily update script. LP: #1699850 Gbp-Dch: Full
2017-09-01Actually install apt_auth.conf manual pageJulian Andres Klode
Seems we forgot to update the packaging when adding the manual page. Once we have translations for it, we need to add them as well... Closes: #873934
2017-08-24Release 1.5~rc11.5_rc1Julian Andres Klode
2017-08-17Release 1.5~beta21.5_beta2Julian Andres Klode
2017-08-17debian: Update symbols for libapt-pkg5.0Julian Andres Klode
The version is probably wrong for most, but oh well, let's just pretend we are introducing them now.
2017-08-17Handle GCC 7 std::string operator ABI breakJulian Andres Klode
We now require gcc 7 on the packaging side, and add an appropriate symbol to our symbols file. Also adjust prepare-release to ignore g++ version requirements when setting up build dependencies on CI. Closes: #871275
2017-07-26remove reference to a-t-debtorrent in descriptionDavid Kalnischkies
debtorrent and its helper apt-transport-debtorrent were removed from Debian in 2013 based on the bugreports #730459 and #731281. As they aren't available, we shouldn't make references to them anymore. a-t-tor is picked as replacement for the example.
2017-07-26Gracefully terminate process when stopping apt-daily-upgradeBalint Reczey
The main process is guessed by systemd. This prevents killing dpkg run by unattended-upgrades in the middle of installing packages and ensures graceful shutdown. The timeout of 900 seconds after which apt-daily-upgrade.service is killed is in sync with unattended-upgrades's timer. LP: #1690980
2017-07-12Fix some more crashes when APT::Periodic options are set to alwaysPaul Wise
Gbp-Dch: ignore
2017-07-12Support seconds, minutes, hours and days for APT::Periodic intervalsPaul Wise
2017-07-12Support zero delay for the various APT::Periodic activitiesPaul Wise
[squashed:] apt.systemd.daily: check_stamp: check for 'always' before numerical values Prevents a crash when the configuration actually uses 'always': apt.systemd.daily: 402: [: Illegal number: always
2017-07-08fix various typos reported by codespell & spellintianDavid Kalnischkies
Reported-By: codespell & spellintian Gbp-Dch: Ignore
2017-07-03Release 1.5~beta11.5_beta1Julian Andres Klode
2017-06-30Upload 1.5~alpha4 to experimental1.5_alpha4Julian Andres Klode
2017-06-30Switch to 'http' as the default https methodJulian Andres Klode
The old curl based method is still available as 'curl', 'curl+http', and 'curl+https'.
2017-06-30Upload 1.5~alpha3 to experimental1.5_alpha3Julian Andres Klode
2017-06-29Upload 1.5~alpha2 to experimental1.5_alpha2Julian Andres Klode
2017-06-29Build-Depend on debhelper (>= 10) to shut up lintianJulian Andres Klode
2017-06-29Bump Standards-Version (and wrap-and-sort a bit)Julian Andres Klode
2017-06-29Demote gnupg to SuggestsJulian Andres Klode
stretch was the migration release for gpg->gpgv basically, so let's demote it now.
2017-06-29Have apt Recommend ca-certificatesJulian Andres Klode
The http method needs ca-certificates for TLS support, so enable it.
2017-06-29fix a "critical" typo in old changelog entryRobert Luberda
This typo exposes a bug in apt-listchanges that prevents commands like `apt-listchanges --show-all apt_*.deb' from showing the changelog. The bug will be fixed in next upload of apt-listchanges, but I think it would be nice have the typo fixed as well. Closes: 866358
2017-06-28Upload 1.5~alpha1 to experimental1.5_alpha1Julian Andres Klode
2017-06-28fail instead of warn on insecure repositories in apt-getDavid Kalnischkies
The exception was made to give (script) users a one-release grace period to adapt their setup to deal with apt enforcing signing of repositories. As we are now at the start of a new release cycle its as good a time as any to lift it now. Removes-Exception: 952ee63b0af14a534c0aca00c11d1a99be6b22b2
2017-06-28methods: Add HTTPS support to http method, using GnuTLSJulian Andres Klode
The http method will eventually replace the curl-based https method, but for now, this is an opt-in experiment that can be enabled by setting Dir::Bin::Methods::https to "http". Known issues: - We do not support HTTPS proxies yet - We do not support proxying HTTPS connections yet (CONNECT) - IssuerCert and SslForceVersion are unsupported Gbp-Dch: Full
2017-06-01Release 1.4.61.4.6Julian Andres Klode
2017-06-01apt.systemd.daily: Use unattend-ugrade --download-only if availableJulian Andres Klode
Using dry-run as in the previous commit is not really correct, as it logs dpkg debugging output too. So, let's assume unattended-upgrade gets a --download-only option and use that if it is available. This lets us add the downloading part to unattended-upgrades later on, without requiring versioned dependencies between the two. Closes: #863859
2017-06-01apt.systemd.daily: Pass --dry-run to unattended-upgrade, not -dJulian Andres Klode
We want to download stuff: --dry-run Simulation, download but do not install not debug: -d, --debug print debug messages Confusion everywhere! Closes: #863859
2017-05-31Release 1.4.51.4.5Julian Andres Klode
2017-05-16Release 1.4.41.4.4Julian Andres Klode
2017-05-16apt.systemd.daily: Drop the LOCKFD variableJulian Andres Klode
Gbp-Dch: ignore
2017-05-16apt.systemd.daily: fix error from locking codeAlan Jenkins
Error: pkgs that look like they should be upgraded: Error in function stop Traceback (most recent call last): File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 240, in stop apt_pkg.size_to_str(self.current_cps))).rstrip("\n")) File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 51, in _write self._file.write("\r") AttributeError: 'NoneType' object has no attribute 'write' fetch.run() result: 0 Caused by: LOCKFD=3 unattended_upgrades $LOCKFD>&- Unfortunately this code does not work, it is equivalent to unattended_upgrades 3 >&- I.e. it left fd 3 open, but closed stdout! Closes: #862567
2017-05-11Release 1.4.31.4.3Julian Andres Klode
2017-05-07Do not try to (re)start timers outside 'apt' packageJulian Andres Klode
dh_systemd_start inserted postinst commands in all packages, rather than just the package containing the timers. This also gets rid of postinst scripts for all other packages, yay. Closes: #862001
2017-05-04Release 1.4.21.4.2Julian Andres Klode
2017-05-04Split apt-daily timer into twoJulian Andres Klode
The timer doing downloading runs throughout the day, whereas automatic upgrade and clean actions only happen in the morning. The upgrade service and timer have After= ordering requirements on their non-upgrade counterparts to ensure that upgrading at boot takes place after downloading. LP: #1686470
2017-05-04apt.systemd.daily: Add lockingJulian Andres Klode
Use a lock file to make sure only one instance of the script is running at the same time.