summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2018-02-19Check that Date of Release file is not in the futureJulian Andres Klode
By restricting the Date field to be in the past, an attacker cannot just create a repository from the future that would be accepted as a valid update for a repository. This check can be disabled by Acquire::Check-Date set to false. This will also disable Check-Valid-Until and any future date related checking, if any - the option means: "my computers date cannot be trusted." Modify the tests to allow repositories to be up to 10 hours in the future, so we can keep using hours there to simulate time changes.
2018-01-18Release 1.6~alpha71.6_alpha7Julian Andres Klode
2018-01-18Point people to salsa.d.o instead of anonscm.d.o for gitJulian Andres Klode
2018-01-18Drop obsolete Suggests on python-aptJulian Andres Klode
This has not been used for a while. It was added for apt-mark in 7b4159cf2a4b7de10622c7e4e29247067358a3ab, but apt-mark has been rewritten in C++ quite some time ago. Closes: #887607
2018-01-10apt-compat.cron.daily: Correctly handle undetermined power statusJulian Andres Klode
If on_ac_power exits with 255 the script would fail at this point because set -e was set, but it should continue, as 255 means the power status could not be determined. LP: #1742378
2018-01-03Release 1.6~alpha61.6_alpha6Julian Andres Klode
2018-01-03add apt-transport-mirror manpageDavid Kalnischkies
The mirror method is undocumented since 0.7.24, now with the reimplementation it is high time to get something written about it.
2018-01-03document https options in new apt-transport-https manpageDavid Kalnischkies
Same reasoning as with the previous commit for http with the added benefit of moving the hard to discover and untranslated example config into a manpage which could be translated.
2018-01-03document http options in new apt-transport-http manpageDavid Kalnischkies
We had documentation for the http transport in our "catch-all" apt.conf manpage, but it seems benefitial to document transports in their own manpage instead of pushing them all into one.
2018-01-02apt.daily: fix several "shellcheck" annotationsChristian Göttsche
Various corrections, mostly quoting, which shouldn't be a problem for us as we tend to act in "sane" environments, but just to be sure. [commit message written by committer] References: Debian bugreport #849636
2018-01-02apt.daily: remove unused dbus signal for apt updateDavid Kalnischkies
The signal was introduced with the introduction of the script itself, but seems to have never got any user as all references to it I can find are references to other code appearing in the cronjob. It is also the wrong place nowadays as the cronjob is just one place an update can be triggered by, so if notifications about an update being run are desired it is better to use a hook which will be called by all update calls (script, cron, user, …). Removing this code solves also the problem of improving the check to avoid running into problems with security systems like SELinux. References: 0c1326826fd23ce859db8e923c37b7199c6da2c8 Closes: 849636
2017-12-13update libapt-pkg symbols fileDavid Kalnischkies
Beside adding the relatively new Item::Proxy method we are also slightly preparing for gcc-8.
2017-11-19Run wrap-and-sortJulian Andres Klode
Clean up the control file a bit.
2017-11-16Add Breaks: aptitude (<< 0.8.10) for gzip method removalJulian Andres Klode
aptitude used to use gzip:// for changelog URLs, but is now fixed to use store.
2017-11-12Release 1.6~alpha51.6_alpha5Julian Andres Klode
2017-11-05[amend] Use a versioned breaks for a-t-https in apt1.6_alpha4Julian Andres Klode
We need to use a versioned breaks again, otherwise the transitional package would not be installable. Gbp-Dch: ignore
2017-11-05Release 1.6~alpha4Julian Andres Klode
2017-11-05Add ${misc:Depends} to apt-transport-https dependsJulian Andres Klode
Makes lintian happy, but is basically useless Gbp-Dch: ignore
2017-11-05Re-introduce a transitional apt-transport-httpsJulian Andres Klode
This fixes issues with debootstrap. The package will disappear after the release of buster.
2017-10-29debian: Bump Standards-Version to 4.1.1Julian Andres Klode
No further changes required.
2017-10-29debian: Set Rules-Requires-Root: noJulian Andres Klode
We don't need fakeroot for building!
2017-10-28Release 1.6~alpha31.6_alpha3Julian Andres Klode
2017-10-26debian/tests/control: Add dpkg so we get triggered by itJulian Andres Klode
We do want to get our autopkgtests triggered by dpkg uploads in Ubuntu, but this does not happen because we don't have an explicit dependency on it. Add one.
2017-10-26Release 1.6~alpha21.6_alpha2Julian Andres Klode
2017-10-23Release 1.6~alpha11.6_alpha1Julian Andres Klode
2017-10-22Sandbox methods with seccomp-BPF; except cdrom, gpgv, rshJulian Andres Klode
This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else.
2017-09-24Drop curl method and apt-transport-https packageJulian Andres Klode
This automatically removes any old apt-transport-https, as apt now Breaks it unversioned.
2017-09-24Drop obsolute Testsuite: autopkgtest headerJulian Andres Klode
2017-09-24Drop obsolete dh-systemd build-depJulian Andres Klode
2017-09-24Bump Standards-Version to 4.1.0Julian Andres Klode
2017-09-24Release 1.51.5Julian Andres Klode
2017-09-13Release 1.5~rc41.5_rc4Julian Andres Klode
2017-09-11apt-daily: Do not Wants=network-online, and add some more After=Julian Andres Klode
We now wait for being online ourselves, so all we need to wait on is for services we are using to be online first. This avoids severe boot slowdowns by other services having specified an After=network-online.target without a Wants=. Gbp-Dch: Full
2017-09-10Release 1.5~rc31.5_rc3Julian Andres Klode
2017-09-09Release 1.5~rc21.5_rc2Julian Andres Klode
2017-09-09Directly link against libudev on Linux systemsJulian Andres Klode
We previously dlopen()ed it, but it seems painful to do that without any real gain, except for possibly not having libudev in the address space and not having code #ifdefed for Linux. The latter means that we are a bit more likely to break stuff for non-Linux systems now if we play with udev, but at least we don't end up with it silently breaking because of a libudev ABI break. The existing function pointers in the struct were renamed and kept for compat purposes. Fixes Debian/apt#48 Also adjust prepare-release to strip [linux-any] from build-depends for travis.
2017-09-09apt-daily: Pull in network-online.target in service, not timerJulian Andres Klode
There's no real point in pulling it in in the timer already, and it it somewhat saver to do so in the service.
2017-09-09apt-daily: Wait for network before daily updatesJulian Andres Klode
Introduce a new helper, apt-helper wait-online that uses NetworkManager and/or systemd-networkd to wait for them reporting online, with a time out of 30 seconds; and run that helper before running the daily update script. LP: #1699850 Gbp-Dch: Full
2017-09-01Actually install apt_auth.conf manual pageJulian Andres Klode
Seems we forgot to update the packaging when adding the manual page. Once we have translations for it, we need to add them as well... Closes: #873934
2017-08-24Release 1.5~rc11.5_rc1Julian Andres Klode
2017-08-17Release 1.5~beta21.5_beta2Julian Andres Klode
2017-08-17debian: Update symbols for libapt-pkg5.0Julian Andres Klode
The version is probably wrong for most, but oh well, let's just pretend we are introducing them now.
2017-08-17Handle GCC 7 std::string operator ABI breakJulian Andres Klode
We now require gcc 7 on the packaging side, and add an appropriate symbol to our symbols file. Also adjust prepare-release to ignore g++ version requirements when setting up build dependencies on CI. Closes: #871275
2017-07-26remove reference to a-t-debtorrent in descriptionDavid Kalnischkies
debtorrent and its helper apt-transport-debtorrent were removed from Debian in 2013 based on the bugreports #730459 and #731281. As they aren't available, we shouldn't make references to them anymore. a-t-tor is picked as replacement for the example.
2017-07-26Gracefully terminate process when stopping apt-daily-upgradeBalint Reczey
The main process is guessed by systemd. This prevents killing dpkg run by unattended-upgrades in the middle of installing packages and ensures graceful shutdown. The timeout of 900 seconds after which apt-daily-upgrade.service is killed is in sync with unattended-upgrades's timer. LP: #1690980
2017-07-12Fix some more crashes when APT::Periodic options are set to alwaysPaul Wise
Gbp-Dch: ignore
2017-07-12Support seconds, minutes, hours and days for APT::Periodic intervalsPaul Wise
2017-07-12Support zero delay for the various APT::Periodic activitiesPaul Wise
[squashed:] apt.systemd.daily: check_stamp: check for 'always' before numerical values Prevents a crash when the configuration actually uses 'always': apt.systemd.daily: 402: [: Illegal number: always
2017-07-08fix various typos reported by codespell & spellintianDavid Kalnischkies
Reported-By: codespell & spellintian Gbp-Dch: Ignore
2017-07-03Release 1.5~beta11.5_beta1Julian Andres Klode