Age | Commit message (Collapse) | Author |
|
|
|
This reduces the number of syscalls to about 140 from about
350 or so, significantly reducing security risks.
Also change prepare-release to ignore the architecture lists
in the build dependencies when generating the build-depends
package for travis.
We might want to clean up things a bit more and/or move it
somewhere else.
|
|
This automatically removes any old apt-transport-https, as
apt now Breaks it unversioned.
|
|
|
|
|
|
|
|
|
|
|
|
We now wait for being online ourselves, so all we need to wait
on is for services we are using to be online first. This avoids
severe boot slowdowns by other services having specified an
After=network-online.target without a Wants=.
Gbp-Dch: Full
|
|
|
|
|
|
We previously dlopen()ed it, but it seems painful to do that
without any real gain, except for possibly not having libudev
in the address space and not having code #ifdefed for Linux.
The latter means that we are a bit more likely to break stuff
for non-Linux systems now if we play with udev, but at least
we don't end up with it silently breaking because of a libudev
ABI break.
The existing function pointers in the struct were renamed and
kept for compat purposes.
Fixes Debian/apt#48
Also adjust prepare-release to strip [linux-any] from build-depends
for travis.
|
|
There's no real point in pulling it in in the timer already,
and it it somewhat saver to do so in the service.
|
|
Introduce a new helper, apt-helper wait-online that uses
NetworkManager and/or systemd-networkd to wait for them
reporting online, with a time out of 30 seconds; and run
that helper before running the daily update script.
LP: #1699850
Gbp-Dch: Full
|
|
Seems we forgot to update the packaging when adding the manual
page. Once we have translations for it, we need to add them
as well...
Closes: #873934
|
|
|
|
|
|
The version is probably wrong for most, but oh well,
let's just pretend we are introducing them now.
|
|
We now require gcc 7 on the packaging side, and add an appropriate
symbol to our symbols file.
Also adjust prepare-release to ignore g++ version requirements
when setting up build dependencies on CI.
Closes: #871275
|
|
debtorrent and its helper apt-transport-debtorrent were removed from
Debian in 2013 based on the bugreports #730459 and #731281. As they
aren't available, we shouldn't make references to them anymore. a-t-tor
is picked as replacement for the example.
|
|
The main process is guessed by systemd. This prevents killing dpkg
run by unattended-upgrades in the middle of installing packages
and ensures graceful shutdown.
The timeout of 900 seconds after which apt-daily-upgrade.service
is killed is in sync with unattended-upgrades's timer.
LP: #1690980
|
|
Gbp-Dch: ignore
|
|
|
|
[squashed:]
apt.systemd.daily: check_stamp: check for 'always' before numerical values
Prevents a crash when the configuration actually uses 'always':
apt.systemd.daily: 402: [: Illegal number: always
|
|
Reported-By: codespell & spellintian
Gbp-Dch: Ignore
|
|
|
|
|
|
The old curl based method is still available as 'curl',
'curl+http', and 'curl+https'.
|
|
|
|
|
|
|
|
|
|
stretch was the migration release for gpg->gpgv basically,
so let's demote it now.
|
|
The http method needs ca-certificates for TLS
support, so enable it.
|
|
This typo exposes a bug in apt-listchanges that prevents commands like
`apt-listchanges --show-all apt_*.deb' from showing the changelog.
The bug will be fixed in next upload of apt-listchanges, but I think
it would be nice have the typo fixed as well.
Closes: 866358
|
|
|
|
The exception was made to give (script) users a one-release grace period
to adapt their setup to deal with apt enforcing signing of repositories.
As we are now at the start of a new release cycle its as good a time as
any to lift it now.
Removes-Exception: 952ee63b0af14a534c0aca00c11d1a99be6b22b2
|
|
The http method will eventually replace the curl-based
https method, but for now, this is an opt-in experiment
that can be enabled by setting Dir::Bin::Methods::https
to "http".
Known issues:
- We do not support HTTPS proxies yet
- We do not support proxying HTTPS connections yet (CONNECT)
- IssuerCert and SslForceVersion are unsupported
Gbp-Dch: Full
|
|
|
|
Using dry-run as in the previous commit is not really correct, as
it logs dpkg debugging output too. So, let's assume unattended-upgrade
gets a --download-only option and use that if it is available.
This lets us add the downloading part to unattended-upgrades later
on, without requiring versioned dependencies between the two.
Closes: #863859
|
|
We want to download stuff:
--dry-run Simulation, download but do not install
not debug:
-d, --debug print debug messages
Confusion everywhere!
Closes: #863859
|
|
|
|
|
|
Gbp-Dch: ignore
|
|
Error:
pkgs that look like they should be upgraded:
Error in function stop
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 240,
in stop
apt_pkg.size_to_str(self.current_cps))).rstrip("\n"))
File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 51,
in _write
self._file.write("\r")
AttributeError: 'NoneType' object has no attribute 'write'
fetch.run() result: 0
Caused by:
LOCKFD=3
unattended_upgrades $LOCKFD>&-
Unfortunately this code does not work, it is equivalent to
unattended_upgrades 3 >&-
I.e. it left fd 3 open, but closed stdout!
Closes: #862567
|
|
|
|
dh_systemd_start inserted postinst commands in all packages,
rather than just the package containing the timers.
This also gets rid of postinst scripts for all other
packages, yay.
Closes: #862001
|
|
|
|
The timer doing downloading runs throughout the day, whereas
automatic upgrade and clean actions only happen in the morning.
The upgrade service and timer have After= ordering requirements
on their non-upgrade counterparts to ensure that upgrading at
boot takes place after downloading.
LP: #1686470
|
|
Use a lock file to make sure only one instance of the
script is running at the same time.
|