summaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2018-09-11Support multiple keyrings in sources.list Signed-ByDavid Kalnischkies
A user can specify multiple fingerprints for a while now, so its seems counter-intuitive to support only one keyring, especially if this isn't really checked or enforced and while unlikely mixtures of both should work properly, too, instead of a kinda random behaviour.
2018-08-20Release 1.7.0~alpha31.7.0_alpha3Julian Andres Klode
2018-07-09Release 1.7.0~alpha21.7.0_alpha2Julian Andres Klode
2018-06-25Release 1.7.0~alpha11.7.0_alpha1Julian Andres Klode
2018-06-02Dutch manpage translation updateFrans Spiesschaert
Closes: #900602
2018-05-24Lower default timeout from 120s to 30sJulian Andres Klode
120s is an insanely high default time out, lower it to 30s to make things a bit nicer.
2018-05-11use 127.0.0.1 instead of localhost as default Tor proxyDavid Kalnischkies
This shouldn't make a practical difference for most people, but for edge cases it avoids DNS lookups and additionally prevents us from perfoming unneeded SRV requests, too.
2018-05-10po: Drop boilerplate in initial commentsDavid Kalnischkies
The boilerplate stems from automatic processing of these files as most (with the exception of po/nl.po) are one-off (partial) translations from years past. Gbp-Dch: Ignore
2018-05-07Remove obsolete RCS keywordsGuillem Jover
Prompted-by: Jakub Wilk <jwilk@debian.org>
2018-05-05move special READMEs into doc/ and format as mdDavid Kalnischkies
The formatting is very basic and more should probably be done, but we at least get the files out of the root directory which in case of the various READMEs was confusing salsa which one display as (central) README.
2018-05-05Fix various typos reported by spellcheckersDavid Kalnischkies
Reported-By: codespell & spellintian Gbp-Dch: Ignore
2018-04-18Release 1.7.0~alpha0 to experimental1.7.0_alpha0Julian Andres Klode
2018-04-15mention mirror method in sources.listDavid Kalnischkies
Closes: 679580
2018-04-15Release 1.6~rc11.6_rc1Julian Andres Klode
2018-04-15French man pages translationjean-pierre giraud
[jak: Fix invalid empty line] Closes: #895117
2018-04-15Revert "mention mirror method in sources.list"Julian Andres Klode
This reverts commit 57a00c50b14a49ed91816e3f4467e0f2e57ee772.
2018-04-15Merge branch 'pu/zstd' into 'master'Julian Andres Klode
pu/zstd See merge request apt-team/apt!8
2018-04-07document Acquire::AllowReleaseInfoChange without extra sDavid Kalnischkies
Reported-By: Mattia Rizzolo on IRC
2018-04-07mention mirror method in sources.listDavid Kalnischkies
Closes: 679580
2018-04-07fix communication typo in https manpageDavid Kalnischkies
Reported-By: lintian spelling-error-in-manpage
2018-03-15Use https for Ubuntu changelogsJulian Andres Klode
We just enabled https on changelogs.ubuntu.com, let's use it.
2018-03-12apt-pkg: Add support for zstdJulian Andres Klode
zstd is a compression algorithm developed by facebook. At level 19, it is about 6% worse in size than xz -6, but decompression is multiple times faster, saving about 40% install time, especially with eatmydata on cloud instances.
2018-02-26Release 1.6~beta11.6_beta1Julian Andres Klode
2018-02-19Merge branch 'pu/not-valid-before' into 'master'Julian Andres Klode
Check that Date of Release file is not in the future See merge request apt-team/apt!3
2018-02-19Check that Date of Release file is not in the futureJulian Andres Klode
By restricting the Date field to be in the past, an attacker cannot just create a repository from the future that would be accepted as a valid update for a repository. This check can be disabled by Acquire::Check-Date set to false. This will also disable Check-Valid-Until and any future date related checking, if any - the option means: "my computers date cannot be trusted." Modify the tests to allow repositories to be up to 10 hours in the future, so we can keep using hours there to simulate time changes.
2018-02-19German manpage translation updateChris Leick
2018-02-19ensure correct file permissions for auxfilesDavid Kalnischkies
The interesting takeaway here is perhaps that 'chmod +w' is effected by the umask – obvious in hindsight of course. The usual setup helps with hiding that applying that recursively on all directories (and files) isn't correct. Ensuring files will not be stored with the wrong permissions even if in strange umask contexts is trivial in comparison. Fixing the test also highlighted that it wasn't bulletproof as apt will automatically fix the permissions of the directories it works with, so for this test we actually need to introduce a shortcut in the code. Reported-By: Ubuntu autopkgtest CI
2018-02-19add apt-helper drop-privs command…David Kalnischkies
2018-01-18Release 1.6~alpha71.6_alpha7Julian Andres Klode
2018-01-18review and fix the three new apt-transport- manpagesJustin B Rye
References: https://lists.debian.org/debian-l10n-english/2018/01/msg00002.html
2018-01-17Introduce inrelease-path option for sources.listJulian Andres Klode
Allow specifying an alternative path to the InRelease file, so you can have multiple versions of a repository, for example. Enabling this option disables fallback to Release and Release.gpg, so setting it to InRelease can be used to ensure that only that will be tried. We add two test cases: One for checking that it works, and another for checking that the fallback does not happen. Closes: #886745
2018-01-04simplify translating "lists directory missing" msgDavid Kalnischkies
The appended "partial" should not be translated, but some translations got this wrong and now that there is also "auxfiles" we can just fix that problem by hiding these untranslatables from the translators. Gbp-Dch: Ignore
2018-01-03Release 1.6~alpha61.6_alpha6Julian Andres Klode
2018-01-03add apt-transport-mirror manpageDavid Kalnischkies
The mirror method is undocumented since 0.7.24, now with the reimplementation it is high time to get something written about it.
2018-01-03allow a method to request auxiliary filesDavid Kalnischkies
If a method needs a file to operate like e.g. mirror needs to get a list of mirrors before it can redirect the the actual requests to them. That could easily be solved by moving the logic into libapt directly, but by allowing a method to request other methods to do something we can keep this logic contained in the method and allow e.g. also methods which perform binary patching or similar things. Previously they would need to implement their own acquire system inside the existing one which in all likelyhood will not support the same features and methods nor operate with similar security compared to what we have already running 'above' the requesting method. That said, to avoid methods producing conflicts with "proper" files we are downloading a new directory is introduced to keep the auxiliary files in. [The message magic number 351 is a tribute to the german Grundgesetz article 35 paragraph 1 which defines that all authorities of the state(s) help each other on request.]
2018-01-03document https options in new apt-transport-https manpageDavid Kalnischkies
Same reasoning as with the previous commit for http with the added benefit of moving the hard to discover and untranslated example config into a manpage which could be translated.
2018-01-03document http options in new apt-transport-http manpageDavid Kalnischkies
We had documentation for the http transport in our "catch-all" apt.conf manpage, but it seems benefitial to document transports in their own manpage instead of pushing them all into one.
2018-01-03Add rapid "happy eyeballs" connection fallback (RFC 8305)Julian Andres Klode
Try establishing connections in alternating address families in rapid intervals of 250 ms, adding more connections to the wait list until one succeeds (RFC 8305, happy eyeballs 2). It is important that WaitAndCheckErrors() waits until it has a successful connection, a time out, or all connections failed - otherwise the timing between tries might be wrong, and the final long wait might exit early because one connection failed without trying the others. Timing wise, this only works correctly on Linux, as select() counts down there. But we rely on that in some other places too, so this is not the time to fix that. Timeouts are only reported in the final long wait - the short inner waits are expected to time out more often, and multiple times, we do not want to report them. Closes: #668948 LP: #1308200 Gbp-Dch: paragraph
2017-11-20Translate shared documentation parts againJulian Andres Klode
We accidentally did not translate the entity file, but should have. This makes apt.ent translatable again. This generates the target multiple times, but surprisingly, that works just fine, so let's just keep it that way, as it's clean code otherwise.
2017-11-20allow apt_auth.conf(5) to be translatedDavid Kalnischkies
Adding manpages is really hard it seems. References: ea408c560ed85bb4ef7cf8f72f8463653501332c, ea7581c9aaaaebf844d00935a1cdf8c8fee7f7f3, 90bfc5b057d3f9136ffe34089b6e56d59593797c
2017-11-19allow multivalue fields in deb822 sources to be foldedDavid Kalnischkies
The documentation said "spaces", but there is no real reason to be so strict and only allow spaces to separate values as that only leads to very long lines if e.g. multiple URIs are specified which are again hard to deal with from a user PoV which the deb822 format is supposed to avoid. It also deals with multiple consecutive spaces and strange things like tabs users will surely end up using in the real world. The old behviour on encountering folded lines is the generation of URIs which end up containing all these whitespace characters which tends to mess really bad with output and further processing. Closes: 881875
2017-11-12Release 1.6~alpha51.6_alpha5Julian Andres Klode
2017-11-12Dutch manpage translation updateFrans Spiesschaert
Closes: #881402
2017-11-05Release 1.6~alpha4Julian Andres Klode
2017-10-28Release 1.6~alpha31.6_alpha3Julian Andres Klode
2017-10-26Release 1.6~alpha21.6_alpha2Julian Andres Klode
2017-10-26Print syscall number and arch to stderr when trapped by seccompJulian Andres Klode
This should help debugging crashes. The signal handler is a C++11 lambda, yay! Special care has been taken to only use signal handler -safe functions inside there.
2017-10-23Release 1.6~alpha11.6_alpha1Julian Andres Klode
2017-10-22Sandbox methods with seccomp-BPF; except cdrom, gpgv, rshJulian Andres Klode
This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else.
2017-09-24Release 1.51.5Julian Andres Klode