From 3f732aa6ad0a81b6a6942a61fd5ed26a26590e8e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 28 Apr 2015 23:42:03 +0200 Subject: a pin of 1000 always means downgrade allowed The documentation says this, but the code only agreed while evaluating specific packages, but not generics. These needed a pin above 1000 to have the same effect. The code causing this makes references to a 'second pesduo status file', but nowhere is explained what this might stand for and/or what it was, so we do the only reasonable thing: Remove all references and do as documented. --- apt-pkg/policy.cc | 32 +++----- .../test-bug-543966-downgrade-below-1000-pin | 84 +++++++++++--------- test/integration/test-policy-pinning | 92 ++++++++++------------ 3 files changed, 96 insertions(+), 112 deletions(-) diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc index 3cfc32829..9a1d2977e 100644 --- a/apt-pkg/policy.cc +++ b/apt-pkg/policy.cc @@ -4,22 +4,12 @@ /* ###################################################################### Package Version Policy implementation - + This is just a really simple wrapper around pkgVersionMatch with some added goodies to manage the list of things.. - - Priority Table: - - 1000 -> inf = Downgradeable priorities - 1000 = The 'no downgrade' pseduo-status file - 100 -> 1000 = Standard priorities - 990 = Config file override package files - 989 = Start for preference auto-priorities - 500 = Default package files - 100 = The status file and ButAutomaticUpgrades sources - 0 -> 100 = NotAutomatic sources like experimental - -inf -> 0 = Never selected - + + See man apt_preferences for what value means what. + ##################################################################### */ /*}}}*/ // Include Files /*{{{*/ @@ -56,7 +46,7 @@ using namespace std; file matches the V0 policy engine. */ pkgPolicy::pkgPolicy(pkgCache *Owner) : Pins(0), PFPriority(0), Cache(Owner) { - if (Owner == 0 || &(Owner->Head()) == 0) + if (Owner == 0) return; PFPriority = new signed short[Owner->Head().PackageFileCount]; Pins = new Pin[Owner->Head().PackageCount]; @@ -125,7 +115,7 @@ bool pkgPolicy::InitDefaults() else PFPriority[F->ID] = Cur; - if (PFPriority[F->ID] > 1000) + if (PFPriority[F->ID] >= 1000) StatusOverride = true; Fixed[F->ID] = true; @@ -166,9 +156,7 @@ pkgCache::VerIterator pkgPolicy::GetCandidateVer(pkgCache::PkgIterator const &Pk effectively excludes everything <= 0 which are the non-automatic priorities.. The status file is given a prio of 100 which will exclude not-automatic sources, except in a single shot not-installed mode. - The second pseduo-status file is at prio 1000, above which will permit - the user to force-downgrade things. - + The user pin is subject to the same priority rules as default selections. Thus there are two ways to create a pin - a pin that tracks the default when the default is taken away, and a permanent @@ -218,9 +206,9 @@ pkgCache::VerIterator pkgPolicy::GetCandidateVer(pkgCache::PkgIterator const &Pk Pref = Ver; PrefSeen = true; } - /* Elevate our current selection (or the status file itself) - to the Pseudo-status priority. */ - Max = 1000; + /* Elevate our current selection (or the status file itself) so that only + a downgrade can override it from now on */ + Max = 999; // Fast path optimize. if (StatusOverride == false) diff --git a/test/integration/test-bug-543966-downgrade-below-1000-pin b/test/integration/test-bug-543966-downgrade-below-1000-pin index d37539b9f..485df999c 100755 --- a/test/integration/test-bug-543966-downgrade-below-1000-pin +++ b/test/integration/test-bug-543966-downgrade-below-1000-pin @@ -24,58 +24,66 @@ testsuccessequal "base-files: 5.0.0 0 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=0 -echo 'Package: base-files +writepin() { + echo "Package: $1 Pin: release a=unstable -Pin-Priority: 99' > rootdir/etc/apt/preferences +Pin-Priority: $2" > rootdir/etc/apt/preferences +} -testsuccessequal "base-files: + + +testpinning() { + local PKGPIN='' + local PKGPINPRIO='0' + local REPPINPRIO='' + if [ "$1" != '*' ]; then + PKGPINPRIO='' + REPPINPRIO=' 500' + PKGPIN='Package pin: 5.0.0 + ' + fi + writepin "$1" '99' + testsuccessequal "base-files: Installed: 5.0.0-1 Candidate: 5.0.0-1 - Package pin: 5.0.0 - Version table: - *** 5.0.0-1 99 + ${PKGPIN}Version table: + *** 5.0.0-1 ${PKGPINPRIO:-99} 100 $STATUS - 5.0.0 99 - 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=99 + 5.0.0 ${PKGPINPRIO:-99} + ${REPPINPRIO:- 99} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=99 -echo 'Package: base-files -Pin: release a=unstable -Pin-Priority: 100' > rootdir/etc/apt/preferences - -testsuccessequal "base-files: + writepin "$1" '100' + testsuccessequal "base-files: Installed: 5.0.0-1 Candidate: 5.0.0-1 - Package pin: 5.0.0 - Version table: - *** 5.0.0-1 100 + ${PKGPIN}Version table: + *** 5.0.0-1 ${PKGPINPRIO:-100} 100 $STATUS - 5.0.0 100 - 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=100 + 5.0.0 ${PKGPINPRIO:-100} + ${REPPINPRIO:- 100} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=100 -echo 'Package: base-files -Pin: release a=unstable -Pin-Priority: 999' > rootdir/etc/apt/preferences - -testsuccessequal "base-files: + writepin "$1" '999' + testsuccessequal "base-files: Installed: 5.0.0-1 Candidate: 5.0.0-1 - Package pin: 5.0.0 - Version table: - *** 5.0.0-1 999 + ${PKGPIN}Version table: + *** 5.0.0-1 ${PKGPINPRIO:-999} 100 $STATUS - 5.0.0 999 - 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=999 - -echo 'Package: base-files -Pin: release a=unstable -Pin-Priority: 1000' > rootdir/etc/apt/preferences + 5.0.0 ${PKGPINPRIO:-999} + ${REPPINPRIO:- 999} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=999 -testsuccessequal "base-files: + writepin "$1" '1000' + testsuccessequal "base-files: Installed: 5.0.0-1 Candidate: 5.0.0 - Package pin: 5.0.0 - Version table: - *** 5.0.0-1 1000 + ${PKGPIN}Version table: + *** 5.0.0-1 ${PKGPINPRIO:-1000} 100 $STATUS - 5.0.0 1000 - 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=1000 + 5.0.0 ${PKGPINPRIO:-1000} + ${REPPINPRIO:-1000} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=1000 +} + +msgmsg 'Tests with generic-form pin' +testpinning '*' +msgmsg 'Tests with specific-form pin' +testpinning 'base-files' diff --git a/test/integration/test-policy-pinning b/test/integration/test-policy-pinning index 15bf300ac..2675b51bc 100755 --- a/test/integration/test-policy-pinning +++ b/test/integration/test-policy-pinning @@ -25,70 +25,58 @@ testequalpolicy() { Pinned packages:" aptcache policy $* } -aptgetupdate() { - # just to be sure that no old files are used - rm -rf rootdir/var/lib/apt - if aptget update --allow-insecure-repositories -qq 2>&1 | grep '^E: '; then - msgwarn 'apt-get update failed with an error' - fi -} +testglobalpolicy() { + aptgetupdate -### not signed archive + testequalpolicy 100 500 + testequalpolicy 990 500 -t now -aptgetupdate + sed -i aptarchive/Release -e 1i"NotAutomatic: yes" + aptgetupdate -testequalpolicy 100 500 -testequalpolicy 990 500 -t now + testequalpolicy 100 1 -o Test=NotAutomatic + testequalpolicy 990 1 -o Test=NotAutomatic -t now -sed -i aptarchive/Release -e 1i"NotAutomatic: yes" -aptgetupdate + sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes" + aptgetupdate -testequalpolicy 100 1 -o Test=NotAutomatic -testequalpolicy 990 1 -o Test=NotAutomatic -t now + testequalpolicy 100 100 -o Test=ButAutomaticUpgrades + testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now -sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes" -aptgetupdate + sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d' + aptgetupdate -testequalpolicy 100 100 -o Test=ButAutomaticUpgrades -testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now + testequalpolicy 100 500 -o Test=Automatic + testequalpolicy 990 500 -o Test=Automatic -t now -sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d' -aptgetupdate - -testequalpolicy 100 500 -o Test=Automatic -testequalpolicy 990 500 -o Test=Automatic -t now - -sed -i aptarchive/Release -e '/NotAutomatic: / d' -e '/ButAutomaticUpgrades: / d' - -### signed but no key in trusted - -signreleasefiles 'Marvin Paranoid' -aptgetupdate -testequalpolicy 100 500 -testequalpolicy 990 500 -t now - -sed -i aptarchive/Release -e 1i"NotAutomatic: yes" -signreleasefiles 'Marvin Paranoid' -aptgetupdate - -testequalpolicy 100 1 -o Test=NotAutomatic -testequalpolicy 990 1 -o Test=NotAutomatic -t now - -sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes" -signreleasefiles 'Marvin Paranoid' -aptgetupdate + sed -i aptarchive/Release -e '/NotAutomatic: / d' -e '/ButAutomaticUpgrades: / d' +} -testequalpolicy 100 100 -o Test=ButAutomaticUpgrades -testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now +msgmsg 'Test with not signed archive' +aptgetupdate() { + rm -rf rootdir/var/lib/apt + testwarning aptget update --allow-insecure-repositories +} +testglobalpolicy -sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d' -signreleasefiles 'Marvin Paranoid' -aptgetupdate +msgmsg 'Test with signed but no key in trusted' +aptgetupdate() { + rm -rf rootdir/var/lib/apt + signreleasefiles 'Marvin Paranoid' + testwarning aptget update --allow-insecure-repositories +} +testglobalpolicy -testequalpolicy 100 500 -o Test=Automatic -testequalpolicy 990 500 -o Test=Automatic -t now +# much the same tests will be executed below in more detail again for this one +msgmsg 'Test with signed and valid key' +aptgetupdate() { + rm -rf rootdir/var/lib/apt + signreleasefiles 'Joe Sixpack' + testsuccess aptget update +} +testglobalpolicy -### signed and valid key +msgmsg 'Test with specific packages' buildsimplenativepackage "coolstuff" "all" "1.0" "stable" buildsimplenativepackage "coolstuff" "all" "2.0~bpo1" "backports" -- cgit v1.2.3