summaryrefslogtreecommitdiff
path: root/test
AgeCommit message (Collapse)Author
2020-05-04apt list: Fix behavior of regex vs fnmatch vs wildcardsJulian Andres Klode
Previously (and still in cacheset), patterns where only allowed to start with ? or ~, which ignores the fact that a pattern might just as well start with a negation, such a !~nfoo. Also, we ignored the --regex flag if it looked like this, which was somewhat bad. Let's change this all: * If --regex is given, arguments are always interpreted as regex * If it is a valid package wildcard (name or * characters), then it will be interpreted as a wildcard - this set of characters is free from meaningful overlap with patterns. * Otherwise, the argument is interpreted as a pattern. For a future version, we need to adapt parsing for cacheset and list to use a common parser, to avoid differences in their interpretation. Likely, this code will go into the pattern parser, such that it generates a pattern given a valid fnmatch argument for example.
2020-05-04Reinstate * wildcardsJulian Andres Klode
Reinstate * wildcards as they are safe to use, but do not allow any other special characters such as ? or []. Notably, ? would overlap with patterns, and [] might overlap with future pattern extensions (alternative bracketing style), it's also hard to explain. Closes: #953531 LP: #1872200
2020-04-27Protect a package while resolving in MarkInstallDavid Kalnischkies
Strange things happen if while resolving the dependencies of a package said dependencies want to remove the package. The allow-scores test e.g. removed the preferred alternative in favor of the last one now that they were exclusive. In our or-group for Recommends we would "just" not statisfy the Recommends and for Depends we engage the ProblemResolver…
2020-04-27Prefer upgrading installed orgroup membersDavid Kalnischkies
In normal upgrade scenarios this is no problem as the orgroup member will be marked for upgrade already, but on a not fully upgraded system (or while you operate on a different target release) we would go with our usual "first come first serve" approach which might lead us to install another provider who comes earlier – bad if the providers conflict.
2020-04-27Propagate Protected flag to single-option dependenciesDavid Kalnischkies
If a package is protected and has a dependency satisfied only by a single package (or conflicts with a package) this package must be part of the solution and so we can help later actions not exploring dead ends by propagating the protected flag to these "pseudo-protected" packages. An (obscure) bug this can help prevent (to some extend) is shown in test-apt-never-markauto-sections by not causing irreversible autobit transfers. As a sideeffect it seems also to help our crude ShowBroken to display slightly more helpful messages involving the packages which are actually in conflict.
2020-04-27Discard candidate if its dependencies can't be satisfiedDavid Kalnischkies
We do pretty much the same in IsInstallOk, but here we have already set the state, so we have to unroll the state as well to sort-of replicate the state we were in before this MarkInstall failed.
2020-04-27Explore or-groups for Recommends further than firstDavid Kalnischkies
MarkInstall only looks at the first alternative in an or-group which has a fighting chance of being satisfiable (= the package itself satisfies the dependency, if it is installable itself is not considered). This is "hidden" for Depends by the problem resolver who will try another member of the or-group later, but Recommends are not a problem for it, so for them the alternatives are never further explored. Exploring the or-group in MarkInstall seems like the better choice for both types as that frees the problem resolver to deal with the hard things like package conflicts.
2020-04-26Discard impossible candidate versions also for non-installedDavid Kalnischkies
We reseted the candidate for installed packages back to the version which is installed if one of the (critical) dependencies of it is not statisfiable, but we can do the same for non-installed packages by discarding the candidate which beside slightly helping the resolver also improves error messages generated by apt as a sideeffect.
2020-04-06test/integration/apt.pem: Regenerate with SHA2 hashesJulian Andres Klode
Recent GnuTLS 3.6.11 -> 3.6.13 update in Ubuntu broke our test certificate, it's signed with SHA1. Regenerate with SHA2. openssl req -newkey rsa:2048 -x509 -sha256 -days 36500 -nodes -out apt.crt -keyout apt.key -subj "/CN=localhost/O=APT Testcases GmbH/ST=Some-State/C=DE" cat apt.key apt.crt > test/integration/apt.pem
2020-03-21Parse last line in deb file correctly by adding a newlineDavid Kalnischkies
While merging apt-pkg and apt-inst libraries the codepath of handling deb files in apt-pkg was adapted to use the 'old' code from apt-inst instead of fork&exec of dpkg-deb -I. The information we get this way forms the main part of the package stanza, but we add a few semi-optional fields to the stanza to make it look and work more like a stanza we got from a repository. Just be careful with the area where these two parts touch as if, hypothetically, we would stip all newlines around the parts, but forget to add a newline between them later, the two lines around the merge would stick a bit too close together forming one which could result in fun parsing errors if this merged line was previously e.g. a well-formed Depends line and has now extra fluff attached. This codepath has a history with too many newlines (#802553) though, so how likely is it really that it will some day lack one you may ask. References: 6089a4b17c61ef30b2efc00e270b0907f51f352a
2020-03-10Don't crash pattern matching sections if pkg has no sectionDavid Kalnischkies
Packages from third-party sources do not always follow the established patterns of more properly maintained archives. In that case it was a driver package for a scanner&printer device which has only a minimum of info attached, but also minimal non-installed packages do not include sections, so we really shouldn't assume their availability.
2020-02-26Parse records including empty tag names correctlyDavid Kalnischkies
No sensible file should include these, but even insensible files do not gain unfair advantages with it as this parser does not deal with security critical files before they haven't passed other checks like signatures or hashsums. The problem is that the parser accepts and parses empty tag names correctly, but does not store the data parsed which will effect later passes over the data resulting e.g. in the following tag containing the name and value of the previous (empty) tag, its own tagname and its own value or a crash due to an attempt to access invalid memory depending on who passes over the data and what is done with it. This commit fixes both, the incidient of the crash reported by Anatoly Trosinenko who reproduced it via apt-sortpkgs: | $ cat /tmp/Packages-null | 0: | PACKAGE:0 | | : | PACKAGE: | | PACKAGE:: | $ apt-sortpkgs /tmp/Packages-null and the deeper parsing issue shown by the included testcase. Reported-By: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> References: 8710a36a01c0cb1648926792c2ad05185535558e
2020-02-18Remove code tagged APT_PKG_590, add some missing includesJulian Andres Klode
Remove all code scheduled to be removed after 5.90, and fix files to include files they previously got from hashes.h including more headers.
2020-02-16Revert "Add a Packages-Require-Authorization Release file field"Julian Andres Klode
This experiment did not turn out sensibly, as some servers do not accept credentials when none are expected and fail, so you cannot mirror such a repository. This reverts commit c2b9b0489538fed4770515bd8853a960b13a2618.
2020-02-03patterns: test for empty terms, reject themJulian Andres Klode
2020-02-03Correctly stop parsing short form arguments on space, also on ?Julian Andres Klode
we have to stop parsing on space so that things like ~ramd64 | ~rall work correctly. aptitude does not stop parsing on ?, but we'll do as it gets very confusing otherwise if you write stuff like ~ramd64?name(foo), and it resolves to ?and(?architecture(amd64?name), (foo))...
2020-02-03patterns: Implement parsing of (...) groupsJulian Andres Klode
2020-02-03Implement | as orJulian Andres Klode
2020-02-03patterns: Parse sequence of patterns as ?andJulian Andres Klode
2020-02-03patterns: Allow bare words only in argumentsJulian Andres Klode
This changes the syntax from approximately expr = unary unary = '!'? primary primary = pattern | short-pattern | word | quoted-word pattern = '?' name [ '(' expr [',' expr]* ')' ] short-pattern = ~ name | ~name expr to: primary = pattern | short-pattern argument = word | quoted-word | expr pattern = '?' name [ '(' argument [',' argument]* ')' ] short-pattern = ~ name | ~name argument
2020-02-03patterns: Implement unary !Julian Andres Klode
2020-02-03Implement short patterns (patterns starting with ~)Julian Andres Klode
Also make pattern detector in cacheset and private's list accept such patterns. We probably should just try to parse and see if it is a (start of a) pattern.
2020-01-30Widen regular expressions for versioned kernel packagesJulian Andres Klode
Since we append a concrete kernel version to each pattern, and then anchor the pattern, let's just pick any package starting with a kernel name (linux-, kfreebsd-, gnumach-), and not worry about linux-headers, linux-tools, etc specifically, as they'll be caught by the generic pattern. LP: #1607845
2020-01-16NewProvidesAllArch: Check if group is empty before using itJulian Andres Klode
APT 1.9.6 introduced empty groups by making use of groups to deduplicate package names. This is not normally a problem, but here we assumed that every group has at least one package. This caused a problem because automake was providing automake-1.16 while having the source package automake-1.16. So we found the automake-1.16 group, iterated over its empty package list, trying to store the provides (which hence never happened). LP: #1859952
2020-01-15Merge branch 'pu/apt-regex-cli' into 'master'Julian Andres Klode
apt(8): Disable regular expressions and fnmatch See merge request apt-team/apt!95
2020-01-15apt(8): Disable regular expressions and fnmatchJulian Andres Klode
This is the first step. Next step will be to add warnings to apt-get and then remove support there as well.
2020-01-15netrc: Add warning when ignoring entries for unencrypted protocolsJulian Andres Klode
Commit 93f33052de84e9aeaf19c92291d043dad2665bbd restricted auth.conf entries to only apply to https by default, but this was silent - there was no information why http sources with auth.conf entries suddenly started failing. Add such information, and extend test case to cover it.
2020-01-14Deprecate the Summation classes and mark them for removalJulian Andres Klode
2020-01-07gtests: Fix netrc parser test regression from https-only changesJulian Andres Klode
We missed that because the CI never ran GTests, because it did not find the GTest library and failed silently (until the previous commit).
2020-01-07Add support for GTest 1.9, do not fail silently if its missingJulian Andres Klode
Require passing -DWITH_TESTS=OFF to CMakeList to disable unit tests, rather than ignoring them if GTest cannot be found; which just happened on CI...
2019-12-06satisfy: Fix segmentation fault when called with empty argumentJulian Andres Klode
apt satisfy "" caused a segmentation fault because we were iterating over the characters, checking if the next character was the end of the string; when it could also be the current character. Instead, check whether the next character is before the end of the string, rather than identical to the end.
2019-12-02Merge branch 'pu/patterns-phase2' into 'master'Julian Andres Klode
Pu/patterns phase2 See merge request apt-team/apt!85
2019-12-02netrc: Restrict auth.conf entries to https by defaultJulian Andres Klode
This avoids downgrade attacks where an attacker could inject Location: http://private.example/ and then (having access to raw data to private.example, for example, by opening a port there, or sniffing network traffic) read the credentials for the private repository. Closes: #945911
2019-11-27Remove failed trusted signature instead of index on IMS hitDavid Kalnischkies
While passing the combi Release and Release.gpg to the gpgv method for verification the filename of Release is placed where usually Release.gpg is assumed in the rest of the code. The "usual" cases like passing verification and failing verification ending in an error are taking care of this, but the code path dealing with a failed verification, but ignoring said failure (e.g. due to trusted=yes) was not which results in the wrong file being removed later on (in case the index happens to be unmodified since the last update call) leading us into the abyss of strange failures (fixed in the previous commit) were nothing should have changed. This is not a security issue in this form as the repository needs to fail verification & the user forcing apt to ignore the failure and carry on anyhow. It does show however how complicated the code and its various interconnected paths can become. Reported-By: Val "pinkieval" Lorentz on IRC
2019-11-27Use correct filename on IMS-hit reverify for indicesDavid Kalnischkies
If we have no old Release file, but old indices we can't compare hashsums with the new Release file and hence must request the indices again and have to react to IMS hits if they didn't change. We used to symlink the old index file to the partial directory, but that usually meant that we linked an uncompressed file to a compressed file, which not all uncompressors can deal with transparently resulting in strange failures. We could do without the symlink, but that would require changes in the codepaths dealing with failure as they would rename the file to FAILED.
2019-11-26Fix skip-bug-601016-description-translation testDavid Kalnischkies
Skipped tests do not age very well as changes to the infrastructure go by unnoticied. In this case we are fetching Translation files now differently meaning only if mentioned in Release file, which broke this test. As it makes use of LC_ALL and utf8 locales it can't really be reenabled, but it might be able to serve as an example for others and hence at least deserves being fixed. Gbp-Dch: Ignore
2019-11-26patterns: Add ?sectionJulian Andres Klode
2019-11-26patterns: Add ?all-versionsJulian Andres Klode
2019-11-26patterns: Implement ?narrow(...), as ?any-version(?and(...))Julian Andres Klode
This is pure syntactic sugar - ?narrow does not exist in the abstract syntax.
2019-11-26patterns: Add ?any-versionJulian Andres Klode
2019-11-25patterns: Add ?originJulian Andres Klode
2019-11-25patterns: Add ?archiveJulian Andres Klode
2019-11-25patterns: Add ?source-name and ?source-versionJulian Andres Klode
2019-11-25patterns: Add ?versionJulian Andres Klode
2019-11-25Search in all available description translationsАлексей Шилин
When multiple translations of package descriptions are available, perform search in all of them. It allows using search patterns in any of the configured languages. Previously, only the first available translation was searched. As the result, patterns in e.g. English never matched packages which had their descriptions translated into local language. Closes: #490000
2019-09-27Parse 'show' arguments for the 'info' alias as wellJulian Andres Klode
We recently made info an alias for show, but we did not change the command-line parser to work around it. LP: #1843812
2019-09-19Fix use of GTest to adjust for GTest 1.9Julian Andres Klode
GTest 1.9 uses a variable defined in the parent directory, thus failing to configure. Configure the project in the parent directory instead.
2019-09-19Pass --abort-after=1 to dpkg when using --force-dependsJulian Andres Klode
Using --force-depends causes dpkg to continue removing packages a package depends upon even if that package fails to be removed, because dpkg turns off all sanity checks. So we gotta tell dpkg to stop immediately if there's an error removing stuff. Closes: #935910 LP: #1844634
2019-08-15Add ?virtual patternJulian Andres Klode
This matches any package that does not have versions.
2019-08-15Add the ?exact-name patternJulian Andres Klode
The ?exact-name pattern matches the name exactly, there is no substring matching going on, or any regular expression or fnmatch magic.