summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2014-10-07use _apt:root only for partial directoriesDavid Kalnischkies
Using a different user for calling methods is intended to protect us from methods running amok (via remotely exploited bugs) by limiting what can be done by them. By using root:root for the final directories and just have the files in partial writeable by the methods we enhance this in sofar as a method can't modify already verified data in its parent directory anymore. As a side effect, this also clears most of the problems you could have if the final directories are shared without user-sharing or if these directories disappear as they are now again root owned and only the partial directories contain _apt owned files (usually none if apt isn't running) and the directory itself is autocreated with the right permissions.
2014-09-29Add missing "adduser" dependency (for the new _apt user)Michael Vogt
Closes: #763004 Thanks: Russ Allbery
2014-09-27add gnupg and gnupg2 as test-dependencyDavid Kalnischkies
apt can work with both, so it has an or-dependency on them, but the tests want to play with both of them. Git-Dch: Ignore
2014-09-27remove empty keyrings in trusted.gpg.d on upgradeDavid Kalnischkies
Adding and deleting many repositories could cause (empty) keyring files to pill up in older apt-key versions, which in the end might cause gnupg to run into its internal limit of at most 40 keyrings
2014-09-27add and use 'apt-key verify' which prefers gpgv over gpgDavid Kalnischkies
gnupg/gnupg2 can do verify just fine of course, so we don't need to use gpgv here, but it is what we always used in the past, so there might be scripts expecting a certain output and more importantly the output of apt-cdrom contains messages from gpg and even with all the settings we activate to prevent it, it still shows (in some versions) a quiet scary: "gpg: WARNING: Using untrusted key!" message. Keeping the use of gpgv is the simplest way to prevent it. We are increasing also the "Breaks: apt" version from libapt as it requires a newer apt-key than might be installed in partial upgrades.
2014-09-27support gnupg2 as drop-in replacement for gnupgDavid Kalnischkies
If both are available APT will still prefer gpg over gpg2 as it is a bit more lightweight, but it shouldn't be a problem to use one or the other (at least at the moment, who knows what will happen in the future).
2014-09-27rename postrm to apt.postrmDavid Kalnischkies
It helps in identifying its affiliation. Also removes the old postinst which was hidden by apt.postinst for a long time now and would just install a sources.list in edgecases which is probably not a good idea (e.g. on my system /etc/apt/sources.list does not exist). It is better done by the installer of the distro. Git-Dch: Ignore
2014-09-25Use /var/empty as the homedir for _aptMichael Vogt
Thanks to Axel Beckert
2014-09-24releasing package apt version 1.1~exp3Michael Vogt
2014-09-24Use _apt as our unprivileged user nameJulian Andres Klode
Some people want to standardize on it, and BSDs do it too, so let's do the same. Reported-by: Paul Wise <pabs@debian.org>
2014-09-24Drop Privileges to "Debian-apt" in most acquire methodsMichael Vogt
Add a new "Debian-apt" user that owns the /var/lib/apt/lists and /var/cache/apt/archive directories. The methods http, https, ftp, gpgv, gzip switch to this user when they start. Thanks to Julian and "ioerror" and tors "switch_id()" code.
2014-09-23Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h apt-pkg/cachefilter.h configure.ac debian/changelog
2014-09-17releasing package apt version 1.0.9.11.0.9.1Michael Vogt
2014-09-16prepare 1.0.9.1Michael Vogt
2014-09-16merge previous uploadMichael Vogt
2014-09-09prepare 1.0.81.0.8Michael Vogt
2014-09-09debian/gbp.conf: use export-dirMichael Vogt
2014-09-05Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc configure.ac debian/changelog doc/apt-verbatim.ent doc/po/apt-doc.pot doc/po/de.po doc/po/es.po doc/po/fr.po doc/po/it.po doc/po/ja.po doc/po/pt.po po/ar.po po/ast.po po/bg.po po/bs.po po/ca.po po/cs.po po/cy.po po/da.po po/de.po po/dz.po po/el.po po/es.po po/eu.po po/fi.po po/fr.po po/gl.po po/hu.po po/it.po po/ja.po po/km.po po/ko.po po/ku.po po/lt.po po/mr.po po/nb.po po/ne.po po/nl.po po/nn.po po/pl.po po/pt.po po/pt_BR.po po/ro.po po/ru.po po/sk.po po/sl.po po/sv.po po/th.po po/tl.po po/tr.po po/uk.po po/vi.po po/zh_CN.po po/zh_TW.po test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
2014-09-03Run autopkgtest tests with "env -i" to avoid pollution from the host envMichael Vogt
Closes: #759655
2014-08-27prepare 1.0.7Michael Vogt
2014-07-17Use @builddeps@ in the debian/tests/control fileMichael Vogt
2014-07-10restore breaks against libapt-inst1.5 (<< 0.9.9)Michael Vogt
2014-07-10prepare release 1.1~exp2Michael Vogt
2014-07-10Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: configure.ac debian/changelog doc/apt-verbatim.ent doc/po/apt-doc.pot doc/po/fr.po po/ar.po po/ast.po po/bg.po po/bs.po po/ca.po po/cs.po po/cy.po po/de.po po/dz.po po/el.po po/es.po po/eu.po po/fi.po po/fr.po po/gl.po po/hu.po po/it.po po/ja.po po/km.po po/ko.po po/ku.po po/lt.po po/nb.po po/ne.po po/nl.po po/nn.po po/pl.po po/pt.po po/pt_BR.po po/ro.po po/ru.po po/sk.po po/sl.po po/sv.po po/th.po po/tl.po po/tr.po po/uk.po po/zh_CN.po po/zh_TW.po
2014-07-10releasing package apt version 1.0.61.0.6Michael Vogt
2014-07-10prepare 1.0.6Michael Vogt
2014-07-08Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/deb/deblistparser.cc doc/po/apt-doc.pot doc/po/de.po doc/po/es.po doc/po/fr.po doc/po/it.po doc/po/ja.po doc/po/pl.po doc/po/pt.po doc/po/pt_BR.po po/da.po po/mr.po po/vi.po
2014-07-08build: Convert from DebianDoc SGML to DocBook XMLGuillem Jover
2014-07-08increase libapt-inst to version 1.6Michael Vogt
2014-07-08Fix ar and tar code to be LFS-safeGuillem Jover
This is an ABI break. Closes: #742882
2014-07-08Add new Base256ToNum long long overload functionGuillem Jover
2014-06-19releasing package apt version 1.1~exp11.1.exp1Michael Vogt
2014-06-19set gdb.conf branch to experimentalMichael Vogt
2014-06-19prepare releaseMichael Vogt
2014-06-18Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: debian/changelog
2014-06-18releasing package apt version 1.0.51.0.5Michael Vogt
2014-06-18Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: debian/changelog
2014-06-11fix test-apt-ftparchive-cachedb-lp1274466 and apt-internal-solver testsMichael Vogt
2014-06-11fix autopkgtest testsMichael Vogt
2014-06-10release 1.0.4Michael Vogt
2014-06-10use pkgSrcRecords::Step() instead of Next()Michael Vogt
2014-06-10prepare 1.0.4 uploadMichael Vogt
2014-05-30update symbols filesDavid Kalnischkies
Git-Dch: ignore
2014-05-07Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/cachefilter.h apt-pkg/contrib/fileutl.cc apt-pkg/contrib/netrc.h apt-pkg/deb/debsrcrecords.cc apt-pkg/init.h apt-pkg/pkgcache.cc debian/apt.install.in debian/changelog
2014-05-05prepare release 1.0.31.0.3Michael Vogt
2014-05-05Revert "add bash completion for the "apt" command"Michael Vogt
This reverts commit 697c9314c8ba24f3e393b5de11a3fad7adae4bfc. Conflicts: debian/rules
2014-04-28debian/apt-doc.docs: remove README.MultiArchMichael Vogt
2014-04-26allow vendors to install configuration filesDavid Kalnischkies
Vendors like ubuntu need to change some options, so giving them a way to do this less painfully avoids reducing differences.
2014-04-25provide support for debian/apt.conf.$(lsb_release -i -s) vendor specific ↵Michael Vogt
config files
2014-04-25add bash completion for the "apt" commandMichael Vogt