Age | Commit message (Collapse) | Author |
|
--allow-unauthenticated switches the download to a pre-0.6 system in
which a package can come from any source, rather than that trusted
packages can only come from trusted sources.
To allow this the flag used to set all packages as untrusted, which is a
bit much, so we check now if the package can be acquired via an
untrusted source and only if this is the case set it as untrusted.
As APT nowadays supports setting sources as trusted via a flag in the
sources.list this mode shouldn't be used that much anymore though.
[Note that this is not the patch from the BTS]
Closes: 617690
|
|
The parser goes a bit to far by stripping :any from dependencies in a
single architecture environment. the flag "Multi-Arch: allowed" doesn't
care any architecture restrictions in that case (as in single arch
everything is native), but it still limits the possible versions
statisfying the dependency so stripping :any over-simplifies in upgrade
situations from "Multi-Arch: none" to "Multi-Arch: allowed".
Closes: 723586
|
|
The Eof check was added (by me of course) in
0aae6d14390193e25ab6d0fd49295bd7b131954f
as part of a fix up ~a month ago (at DebConf).
The idea was not that bad, but doesn't make that much sense either
as this bit is set by the FileFd based on Actual as well, so this is
basically doing the same check again – with the difference that the
HitEof bit can still linger from a previous Read we did at the end of
the file, but have seek'd away from it now.
Combined with the length of entries, entry order and other not that
easily controllable conditions you can be 'lucky' enough to hit this
problem in a way which even visible (truncating of other fields might
not be visible easily, like 'Tags' and others).
Closes: 723705
Thanks: Cyril Brulebois
|
|
Git-Dch: Ignore
|
|
|
|
|
|
The testcode happily mixes FILE* operations and direct access to fds
which is even a bit suprising that it works on linux and worked so
long for non-linux ports, so we switch to usage of FileFd instead
which provides us with simple fd-only operations. Its overkill for this
test as its a bare file and we ask for the descriptor all the time, but
it shouldn't hurt to implicitly test it a bit this way.
Closes: 721723
Thanks: Aaron M. Ucko
|
|
Compressing files in 4 different styles eats test-time for no practical
gain if we don't test them explicitly, so default to just building 'gz'
compressed files as it is the simplest compression algorithm supported
Git-Dch: Ignore
|
|
Looks like the travis service runs on Ubuntu in a version which has dpkg
with an earlier interface implementation, so lets try if we can't make
the framework work with this dpkg version as well.
Git-Dch: Ignore
|
|
Add test for bug 507998
|
|
|
|
This adds ::InfoFD option alongside the ::Version one to request sending
the information to the specified FD, by default it is STDIN as it was
the case before.
The environment variable APT_HOOK_INFO_FD contains the FD the data is on as
a confirmation that the APT version used understood the request.
Allowing the hook to choose the FD is needed/helpful e.g. for shellscripts
which have a hard time accessing FDs above 9 (as >= 10 are usually used
internally by them)
Closes: #671728
|
|
In bugreport deb:719629 Paul Wise mentions both to enable some malloc
checks and as more testing can't hurt we enable both for all testcases.
Git-Dch: Ignore
|
|
Avoids having to different places from which test binaries are called
Git-Dch: Ignore
|
|
If we are called by make everything is build already and
so this is just a noise nop we can just skip.
(Noisy as it complains about being unable to communicate with
the other makes to coordinate with the jobserver)
Git-Dch: Ignore
|
|
- add Glob() to fileutl.{cc,h}
Conflicts:
apt-pkg/contrib/fileutl.h
debian/changelog
|
|
- support Configuration.Clear() for a clear of the entire
configuration
Conflicts:
debian/changelog
|
|
Having fragement files means there is a good chance that there is one
key per keyring, so deal with that as well as with setups in which
keyrings are linked into trusted.gpg.d as we can't just modify those
files (they might be in /usr for example).
|
|
Git-Dch: Ignore
|
|
Might come in handy for more than just a simple testcase.
|
|
First redirect output to a file, then redirect other outputs to this
output, not the other way around as this will not work.
Git-Dch: Ignore
|
|
The constructors of our (clear)sign-acquire-items move a pre-existent
file for error-recovery away, which gets restored or discarded later as
the acquire progresses, but --print-uris never really starts the
acquire process, so the files aren't restored (as they should).
To fix this both get a destructor which checks for signs of acquire
doing anything and if it hasn't the file is restored.
Note that these virtual destructors theoretically break the API, but
only with classes extending the sign-acquire-items and nobody does this,
as it would be insane for library users to fiddle with Acquire
internals – and these classes are internals.
Closes: 719263
|
|
For many commands the output isn't stable (like then dpkg is called) but
the exitcode is, so this helper enhances the common && msgpass ||
msgfail by generating automatically a msgtest and showing the output of
the command in case of failure instead of discarding it unconditionally,
the later being chronic-like behaviour
Git-Dch: Ignore
|
|
Signing files with expired keys is not as easy as it sounds, so the
framework jumps a few loops to do it, but it might come in handy to have
an expired key around for later tests even if it is not that different
from having no key in regards to APT behaviour.
Git-Dch: Ignore
|
|
We start your quest by using the version of a package applying to a
specific pin, but that version could very well be below the current
version, which causes APT to suggest a downgrade even if it is
advertised that it never does this below 1000.
Its of course questionable what use a specific pin on a package has
which has a newer version already installed, but reacting with the
suggestion of a downgrade is really not appropriated (even if its kinda
likely that this is actually the intend the user has – it could just as
well be an outdated pin) and as pinning is complicated enough we should
atleast do what is described in the manpage.
So we look out for the specific pin and if we haven't seen it at the
moment we see the installed version, we ignore the specific pin.
Closes: 543966
|
|
The rational from the buglog:
> The problem here is that the Priority field in one of the Packages files
> is incorrect due to a mishap with reprepro configuration, […] the
> amd64 version is Priority: standard but the arm64 version is Priority:
> optional (and has a stray "optional: interpreters" field).
> […]
> However, Priority is a rather weak property of a package because it's
> typically applied via overrides, and it's easy for maintainers of
> third-party repositories to misconfigure them so that overrides aren't
> applied correctly. It shouldn't be ranked ahead of choosing packages
> from the native architecture. In this case, I have no user-mode
> emulation for arm64 set up, so choosing m4:arm64 simply won't work.
This effectly makes the priority the least interesting data point in
chosing a provider, which is in line with the other checks we have
already order above priority in the past and also has a certain appeal by
the soft irony it provides.
Closes: #718482
|
|
nl_langinfo is used to acquire the YESEXPR of the language used,
but it will return the one from LC_MESSAGES, which might be different
from the language chosen for display of the question (based on LANGUAGE)
so this commit removes the [Y/n] help text from the questions itself and
moves it to the prompt creation in which the usage of LC_MESSAGES is
forced for it, so that the helptext shown actually represents the
characters accepted as input for the question.
There is still room for problems of course starting with an untranslated
"[Y/n]" but a translated YESEXPR or the problem that the question is
asked in a completely different language which might have a conflicting
definition of [Y/n] input or the user simple ignores the helptext and
assumes that an answer matching the question language is accepted, but
the mayority of users will never have this problem to begin with, so we
should be fine (or at least a bit finer than before).
Closes nothing really, but should at least help a bit with bugs like
deb:194614, deb:471102, lp:1205578, and countless others.
|
|
Commit 2b9c9b7f28b18f6ae3e422020e8934872b06c9f3 not only removes
keep-alive, but also changes the request URI send to proxies which are
required to be absolute URIs rather than the usual absolute paths.
Closes: 717891
|
|
On CD-ROMs Translation-* files are only in compressed form included in
the Release file. This used to work while we had no record of
Translation-* files in the Release file at all as APT would have just
guessed the (compressed) filename and accepted it (unchecked), but now
that it checks for the presents of entries and if it finds records it
expects the uncompressed to be verifiable.
This commit relaxes this requirement again to fix the regression.
We are still secure "enough" as we can validate the compressed file we have
downloaded, so we don't loose anything by not requiring a hashsum for
the uncompressed files to double-check them.
Closes: 717665
|
|
Beside the earlier fixed 'apt-cache show', 'showpkg' and 'search' deal
with descriptions. 'showpkg' was fixed by fixing the cache generation
for 'show', but 'search' still segfaulted.
On the upside, it doesn't segfault any longer, on the downside, if a
package has no description at all (aka: not in the Packages file and not
in a Translation-* file) the package can't be found with 'search', even
if we search only by name. That is a shortcoming in the code, but fixing
it means rewriting it completely for dubious gain at best.
So this commit just skips packages without a description and is done.
Closes: 647590
|
|
Given a Packages file like:
[…]
Description: foo bar baz
moo moo moo
Multi-Arch: foreign
Description-md5: 97e204a9f4ad8c681dbd54ec7c505251
[…]
We have to display the Multi-Arch flag field as well as the fields
after the Description-md5, but not this field itself, as we already
have one printed alongside the Description we display.
Closes: 717254
|
|
The code incorrectly skips printing of current version information,
if the package has no current version (for APT, but for dpkg as it is
the case for packages which are removed but not purged) by using an
unintended "else if" rather than an "if".
Closes: 717006
|
|
Multi-Arch: same packages can be co-installed, but need to have the same
version for all installed packages (aka "siblings"). Otherwise the
unsynced versions will fight against each other and the auto-install as
wel as the problem resolver will later have to decide between holding the
packages or to remove one of the siblings (usually a foreign) taking a
bunch of packages (like the entire foreign setup) with them.
The idea here is now to be more pro-active: MarkInstall will fail for
a package if the siblings aren't synced, so we don't allow a situation
in which a resolver has to decide if to hold or to remove-upgrade under
the assumption that the remove-upgrade decision is always wrong and
doesn't deserve to be explored (expect valid out-of-syncs of course).
Thats a pretty bold move to take for a library which is used by
different solvers so this check is done in IsInstallOk and can be
overridden if front-ends want to.
|
|
Default is to acquire all architectures from APT::Architectures which
can be changed by arch=, but this isn't very flexible if you want
"mostly" the default as you have to hardcode the architectures then,
so arch-= and arch+= can be used to add/remove architectures from the
default set.
On a machine with 'amd64' and 'i386' configured the lines:
deb [arch+=armel] http://example.org/debian wheezy rocks
deb [arch-=amd64] http://example.org/debian jessie rocks
will result in the download of:
wheezy Packages for 'amd64', 'i386' and 'armel'
jessie Packages for 'i386'
|
|
Adds on top of Version 2 to all displayed version numbers the
architecture as well as the MultiArch flag for consumption by the hooks.
Most of the time the architecture will be the same for both versions
displayed, but packages might change from "all" to "any" (or back)
between versions so we can't display the architecture for packages.
Pseudo-Format for Version 3:
<name> <version> <arch> <m-a-flag> <compare> <version> <arch> <m-a-flag>
Examples:
stuff - - none < 1 amd64 none **CONFIGURE**
libsame 1 i386 same < 2 i386 same **CONFIGURE**
stuff 2 i386 none > 1 i386 none **CONFIGURE**
libsame 2 i386 same > - - none **REMOVE**
toolkit 1 all foreign > - - none **REMOVE**
Closes: #712116
|
|
Forking only after being ready to accept clients avoids running races
with the tests which sometimes failed on the first 'apt-get update'
(or similar) with the previous background-start and hope for the best…
The commit fixes also some oversight output-order changes in regards to
Description-md5 and (I-M-S) race conditions in various tests.
Git-Dch: Ignore
|
|
With the selfgrown splitting we got the problem of not recovering
from networks which just reply with invalid data like those sending
us login pages to authenticate with the network (e.g. hotels) back.
The good thing about the InRelease file is that we know that it must
be clearsigned (a Release file might or might not have a detached sig)
so if we get a file but are unable to split it something is seriously
wrong, so there is not much point in trying further.
The Acquire system already looks out for a NODATA error from gpgv,
so this adds a new error message sent to the acquire system in case
the splitting we do now ourselves failed including this magic word.
Closes: #712486
|
|
Git-Dch: Ignore
|
|
we have a test which required traditionally lighttpd to be executed
as it requires a webserver supporting some kind of URI rewriting.
Now with some lines of code our own webserver can do this and the
testcase can be enabled by default. This test hinted at the bug fixed
in the previous commit, so having more tests which can easily be run
is a good thing.
Git-Dch: Ignore
|
|
Git-Dch: Ignore
|
|
APT needs to acquire data in a secure fashion over an inherently
unsecure way, known as the internet, while communicating with
unreliable partners, known as webservers and proxies.
For your integration tests we so far relied on 'normal' webservers,
but all of them have certain quirks and none is able to provide us
with all quirks which can be observed in the wild and we therefore
have to test with, so this webserver isn't trying to be fast, secure
or feature complete, but to provide all the quirks we need in a
consistent way.
This webserver also makes the APT project self-contained, as it is now
able to generate, serve as well as acquire package indexes. ;)
Git-Dch: Ignore
|
|
do not blindly assume that all packages stanzas have a "Description:"
field in 'apt-cache show' as well as in the cache creation itself.
We instead assume now that if the stanza has a Description, it will not
be the first field as we look out for "\nDescription" to take care of
MD5sum as well as (maybe ignored) translated Descriptions embedded in
the package stanza.
Closes: #712435
|
|
Can't be used as a test as is, but shows how to build multiple
CD-ROMs for tests and can be used to reproduce debbug #711456.
Git-Dch: Ignore
|
|
We do the same in the acquire system which handles the 'normal'
downloads, so do it here as well even though its unlikely anyone
will ever notice (beside testcases of course …)
|
|
The buildsystem tried to build l10n for test applications which never
produced the output it expected causing it to try building it all the
time.
|
|
Git-Dch: Ignore
|
|
For testcases it might sometimes be handy to add trap-actions
before the general cleanup, e.g. if it has set directories read-
only which rm doesn't want to remove even with --force applied
(its fine with files though)
Git-Dch: Ignore
|
|
Patterns can appear in the name as well as in the description,
they don't have to match all in the name/description only.
Closes: 691453
|
|
Splits the big loop over dependencies in SmartConfigure which unpacks and
configures dependencies into two loops and reverse their order, so that all
dependencies which need to be unpacked are handled first and only after that
configures are issued for dependencies.
This is needed as otherwise the unpack of a (new) dependency will be issued
in between a configure call for two (or more) packages which form a loop,
which means the configure calls aren't part of the same dpkg call and
therefore dpkg bails out.
Such tight loops should really be avoided as they are usually wrong – and in
reality the dependencies in libreoffice were greatly simplified thanks to
Rene Engelhard so the problem is gone for the benefit of all.
Closes: 707578
|
|
|