From 2e3c9d6452e69dcb5c83732fbda27b747bc997f4 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 6 Jun 2011 21:29:16 +0200 Subject: * apt-pkg/indexcopy.cc: - Verify that the first line of an InRelease file is a PGP header for a signed message. Otherwise a man-in-the-middle can prefix a valid InRelease file with his own data! (CVE-2011-1829) --- apt-pkg/indexcopy.cc | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'apt-pkg') diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc index 064fb007c..31c577705 100644 --- a/apt-pkg/indexcopy.cc +++ b/apt-pkg/indexcopy.cc @@ -664,6 +664,21 @@ bool SigVerify::CopyAndVerify(string CDROM,string Name,vector &SigList, bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG, int const &statusfd, int fd[2]) { + if (File == FileGPG) + { + #define SIGMSG "-----BEGIN PGP SIGNED MESSAGE-----\n" + char buffer[sizeof(SIGMSG)]; + FILE* gpg = fopen(File.c_str(), "r"); + if (gpg == NULL) + return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str()); + char const * const test = fgets(buffer, sizeof(buffer), gpg); + fclose(gpg); + if (test == NULL || strcmp(buffer, SIGMSG) != 0) + return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str()); + #undef SIGMSG + } + + string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv"); // FIXME: remove support for deprecated APT::GPGV setting string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted")); @@ -688,7 +703,11 @@ bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG, Args.reserve(30); if (keyrings.empty() == true) - return false; + { + // TRANSLATOR: %s is the trusted keyring parts directory + return _error->Error(_("No keyring installed in %s."), + _config->FindDir("Dir::Etc::TrustedParts").c_str()); + } Args.push_back(gpgvpath.c_str()); Args.push_back("--ignore-time-conflict"); -- cgit v1.2.3 From 5b7d1ee67575e311871fb73be421ea7fd2f6fd73 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 29 Jun 2011 22:38:59 +0200 Subject: * apt-pkg/policy.cc: - do not segfault in pinning if a package with this name doesn't exist. Thanks to Ferdinand Thommes for the report! --- apt-pkg/policy.cc | 3 +++ 1 file changed, 3 insertions(+) (limited to 'apt-pkg') diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc index 2cc2e5e39..291d83c67 100644 --- a/apt-pkg/policy.cc +++ b/apt-pkg/policy.cc @@ -231,6 +231,9 @@ void pkgPolicy::CreatePin(pkgVersionMatch::MatchType Type,string Name, // Get a spot to put the pin pkgCache::GrpIterator Grp = Cache->FindGrp(Name); + if (Grp.end() == true) + return; + for (pkgCache::PkgIterator Pkg = Grp.PackageList(); Pkg.end() != true; Pkg = Grp.NextPkg(Pkg)) { -- cgit v1.2.3 From 1925ea3d0cd6579a4034acb7308e532d025319c7 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 29 Jun 2011 23:16:00 +0200 Subject: Defaults is a vector of Pin not of PkgPin --- apt-pkg/policy.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apt-pkg') diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc index 291d83c67..827c9145c 100644 --- a/apt-pkg/policy.cc +++ b/apt-pkg/policy.cc @@ -210,7 +210,7 @@ void pkgPolicy::CreatePin(pkgVersionMatch::MatchType Type,string Name, { if (Name.empty() == true) { - Pin *P = &*Defaults.insert(Defaults.end(),PkgPin()); + Pin *P = &*Defaults.insert(Defaults.end(),Pin()); P->Type = Type; P->Priority = Priority; P->Data = Data; -- cgit v1.2.3 From e2bba11c9a1858c98954e7c5299d20a6c0966cc7 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 29 Jun 2011 23:26:38 +0200 Subject: - ensure that only the first specific stanza for a package is used - save all stanzas which had no effect in Unmatched --- apt-pkg/policy.cc | 27 ++++++++++++--------------- apt-pkg/policy.h | 1 + 2 files changed, 13 insertions(+), 15 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc index 827c9145c..78f44d635 100644 --- a/apt-pkg/policy.cc +++ b/apt-pkg/policy.cc @@ -229,28 +229,25 @@ void pkgPolicy::CreatePin(pkgVersionMatch::MatchType Type,string Name, return; } - // Get a spot to put the pin + // find the package group this pin applies to pkgCache::GrpIterator Grp = Cache->FindGrp(Name); if (Grp.end() == true) + { + Pin *P = &*Unmatched.insert(Unmatched.end(),PkgPin(Name)); + P->Type = Type; + P->Priority = Priority; + P->Data = Data; return; + } for (pkgCache::PkgIterator Pkg = Grp.PackageList(); Pkg.end() != true; Pkg = Grp.NextPkg(Pkg)) { - Pin *P = 0; - if (Pkg.end() == false) - P = Pins + Pkg->ID; - else - { - // Check the unmatched table - for (vector::iterator I = Unmatched.begin(); - I != Unmatched.end() && P == 0; I++) - if (I->Pkg == Name) - P = &*I; - - if (P == 0) - P = &*Unmatched.insert(Unmatched.end(),PkgPin()); - } + Pin *P = Pins + Pkg->ID; + // the first specific stanza for a package is the ruler, + // all others need to be ignored + if (P->Type != pkgVersionMatch::None) + P = &*Unmatched.insert(Unmatched.end(),PkgPin(Pkg.FullName())); P->Type = Type; P->Priority = Priority; P->Data = Data; diff --git a/apt-pkg/policy.h b/apt-pkg/policy.h index f8b2678de..a5e6c6048 100644 --- a/apt-pkg/policy.h +++ b/apt-pkg/policy.h @@ -55,6 +55,7 @@ class pkgPolicy : public pkgDepCache::Policy struct PkgPin : Pin { string Pkg; + PkgPin(string const &Pkg) : Pin(), Pkg(Pkg) {}; }; Pin *Pins; -- cgit v1.2.3 From 9164e147eb78de6b4f8c8ce4b71e93ad71a44725 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 30 Jun 2011 00:03:26 +0200 Subject: allow package:architecure in Package: --- apt-pkg/policy.cc | 40 ++++++++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 8 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc index 78f44d635..bd213e0ce 100644 --- a/apt-pkg/policy.cc +++ b/apt-pkg/policy.cc @@ -216,7 +216,14 @@ void pkgPolicy::CreatePin(pkgVersionMatch::MatchType Type,string Name, P->Data = Data; return; } - + + size_t found = Name.rfind(':'); + string Arch; + if (found != string::npos) { + Arch = Name.substr(found+1); + Name.erase(found); + } + // Allow pinning by wildcards // TODO: Maybe we should always prefer specific pins over non- // specific ones. @@ -225,23 +232,38 @@ void pkgPolicy::CreatePin(pkgVersionMatch::MatchType Type,string Name, pkgVersionMatch match(Data, Type); for (pkgCache::GrpIterator G = Cache->GrpBegin(); G.end() != true; ++G) if (match.ExpressionMatches(Name, G.Name())) - CreatePin(Type, G.Name(), Data, Priority); + { + if (Arch.empty() == false) + CreatePin(Type, string(G.Name()).append(":").append(Arch), Data, Priority); + else + CreatePin(Type, G.Name(), Data, Priority); + } return; } - // find the package group this pin applies to - pkgCache::GrpIterator Grp = Cache->FindGrp(Name); - if (Grp.end() == true) + // find the package (group) this pin applies to + pkgCache::GrpIterator Grp; + pkgCache::PkgIterator Pkg; + if (Arch.empty() == false) + Pkg = Cache->FindPkg(Name, Arch); + else { + Grp = Cache->FindGrp(Name); + if (Grp.end() == false) + Pkg = Grp.PackageList(); + } + + if (Pkg.end() == true) { - Pin *P = &*Unmatched.insert(Unmatched.end(),PkgPin(Name)); + PkgPin *P = &*Unmatched.insert(Unmatched.end(),PkgPin(Name)); + if (Arch.empty() == false) + P->Pkg.append(":").append(Arch); P->Type = Type; P->Priority = Priority; P->Data = Data; return; } - for (pkgCache::PkgIterator Pkg = Grp.PackageList(); - Pkg.end() != true; Pkg = Grp.NextPkg(Pkg)) + for (; Pkg.end() != true; Pkg = Grp.NextPkg(Pkg)) { Pin *P = Pins + Pkg->ID; // the first specific stanza for a package is the ruler, @@ -251,6 +273,8 @@ void pkgPolicy::CreatePin(pkgVersionMatch::MatchType Type,string Name, P->Type = Type; P->Priority = Priority; P->Data = Data; + if (Grp.end() == true) + break; } } /*}}}*/ -- cgit v1.2.3 From 41b4dee4acaadda869840f7a94c58fd5b7d42017 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Thu, 30 Jun 2011 14:05:03 +0200 Subject: * apt-pkg/pkgcachegen.cc: - fallback to memory if file is not writeable even if access() told us the opposite before (e.g. in fakeroot 1.16) (Closes: #630591) --- apt-pkg/pkgcachegen.cc | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/pkgcachegen.cc b/apt-pkg/pkgcachegen.cc index 9820fde81..8f9737e26 100644 --- a/apt-pkg/pkgcachegen.cc +++ b/apt-pkg/pkgcachegen.cc @@ -1169,16 +1169,32 @@ bool pkgCacheGenerator::MakeStatusCache(pkgSourceList &List,OpProgress *Progress SPtr Map; if (Writeable == true && CacheFile.empty() == false) { + _error->PushToStack(); unlink(CacheFile.c_str()); CacheF = new FileFd(CacheFile,FileFd::WriteAtomic); fchmod(CacheF->Fd(),0644); Map = CreateDynamicMMap(CacheF, MMap::Public); if (_error->PendingError() == true) - return false; - if (Debug == true) + { + delete CacheF.UnGuard(); + delete Map.UnGuard(); + if (Debug == true) + std::clog << "Open filebased MMap FAILED" << std::endl; + Writeable = false; + if (AllowMem == false) + { + _error->MergeWithStack(); + return false; + } + _error->RevertToStack(); + } + else if (Debug == true) + { + _error->MergeWithStack(); std::clog << "Open filebased MMap" << std::endl; + } } - else + if (Writeable == false || CacheFile.empty() == true) { // Just build it in memory.. Map = CreateDynamicMMap(NULL); -- cgit v1.2.3 From 457bea86ba07fc0cfcb08bcf9f81f5858975f916 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 1 Jul 2011 14:10:28 +0100 Subject: apt-pkg/acquire-item.cc: improve error message for valid-until --- apt-pkg/acquire-item.cc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index c3817f6ee..215615bdd 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1473,8 +1473,10 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message) /*{{{*/ // TRANSLATOR: The first %s is the URL of the bad Release file, the second is // the time since then the file is invalid - formated in the same way as in // the download progress display (e.g. 7d 3h 42min 1s) - return _error->Error(_("Release file expired, ignoring %s (invalid since %s)"), - RealURI.c_str(), TimeToStr(invalid_since).c_str()); + return _error->Error( + _("Release file for %s is expired (invalid since %s). " + "Updates for this repository will not be applied."), + RealURI.c_str(), TimeToStr(invalid_since).c_str()); } if (_config->FindB("Debug::pkgAcquire::Auth", false)) -- cgit v1.2.3 From 78485ab210b815c21ce55cb0cecb834ba5158e18 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 6 Jul 2011 13:41:18 +0200 Subject: * apt-pkg/init.cc: - use CndSet in pkgInitConfig (Closes: #629617) --- apt-pkg/contrib/configuration.cc | 15 +++++++- apt-pkg/contrib/configuration.h | 3 +- apt-pkg/init.cc | 76 +++++++++++++++++++++------------------- 3 files changed, 56 insertions(+), 38 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/contrib/configuration.cc b/apt-pkg/contrib/configuration.cc index cc7093fe2..0664e3704 100644 --- a/apt-pkg/contrib/configuration.cc +++ b/apt-pkg/contrib/configuration.cc @@ -318,6 +318,19 @@ void Configuration::CndSet(const char *Name,const string &Value) Itm->Value = Value; } /*}}}*/ +// Configuration::Set - Set an integer value /*{{{*/ +// --------------------------------------------------------------------- +/* */ +void Configuration::CndSet(const char *Name,int const Value) +{ + Item *Itm = Lookup(Name,true); + if (Itm == 0 || Itm->Value.empty() == false) + return; + char S[300]; + snprintf(S,sizeof(S),"%i",Value); + Itm->Value = S; +} + /*}}}*/ // Configuration::Set - Set a value /*{{{*/ // --------------------------------------------------------------------- /* */ @@ -332,7 +345,7 @@ void Configuration::Set(const char *Name,const string &Value) // Configuration::Set - Set an integer value /*{{{*/ // --------------------------------------------------------------------- /* */ -void Configuration::Set(const char *Name,int const &Value) +void Configuration::Set(const char *Name,int const Value) { Item *Itm = Lookup(Name,true); if (Itm == 0) diff --git a/apt-pkg/contrib/configuration.h b/apt-pkg/contrib/configuration.h index 71e5a0e47..3568ce815 100644 --- a/apt-pkg/contrib/configuration.h +++ b/apt-pkg/contrib/configuration.h @@ -82,8 +82,9 @@ class Configuration inline void Set(const string &Name,const string &Value) {Set(Name.c_str(),Value);}; void CndSet(const char *Name,const string &Value); + void CndSet(const char *Name,const int Value); void Set(const char *Name,const string &Value); - void Set(const char *Name,const int &Value); + void Set(const char *Name,const int Value); inline bool Exists(const string &Name) const {return Exists(Name.c_str());}; bool Exists(const char *Name) const; diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc index 31b2d9ccd..38a0814e5 100644 --- a/apt-pkg/init.cc +++ b/apt-pkg/init.cc @@ -33,60 +33,64 @@ const char *pkgLibVersion = Stringfy(APT_PKG_MAJOR) "." bool pkgInitConfig(Configuration &Cnf) { // General APT things - Cnf.Set("APT::Architecture", COMMON_ARCH); - Cnf.Set("APT::Build-Essential::", "build-essential"); - Cnf.Set("APT::Install-Recommends", true); - Cnf.Set("APT::Install-Suggests", false); - Cnf.Set("Dir","/"); + Cnf.CndSet("APT::Architecture", COMMON_ARCH); + if (Cnf.Exists("APT::Build-Essential") == false) + Cnf.Set("APT::Build-Essential::", "build-essential"); + Cnf.CndSet("APT::Install-Recommends", true); + Cnf.CndSet("APT::Install-Suggests", false); + Cnf.CndSet("Dir","/"); // State - Cnf.Set("Dir::State","var/lib/apt/"); + Cnf.CndSet("Dir::State","var/lib/apt/"); /* Just in case something goes horribly wrong, we can fall back to the old /var/state paths.. */ struct stat St; if (stat("/var/lib/apt/.",&St) != 0 && stat("/var/state/apt/.",&St) == 0) - Cnf.Set("Dir::State","var/state/apt/"); + Cnf.CndSet("Dir::State","var/state/apt/"); - Cnf.Set("Dir::State::lists","lists/"); - Cnf.Set("Dir::State::cdroms","cdroms.list"); - Cnf.Set("Dir::State::mirrors","mirrors/"); + Cnf.CndSet("Dir::State::lists","lists/"); + Cnf.CndSet("Dir::State::cdroms","cdroms.list"); + Cnf.CndSet("Dir::State::mirrors","mirrors/"); // Cache - Cnf.Set("Dir::Cache","var/cache/apt/"); - Cnf.Set("Dir::Cache::archives","archives/"); - Cnf.Set("Dir::Cache::srcpkgcache","srcpkgcache.bin"); - Cnf.Set("Dir::Cache::pkgcache","pkgcache.bin"); + Cnf.CndSet("Dir::Cache","var/cache/apt/"); + Cnf.CndSet("Dir::Cache::archives","archives/"); + Cnf.CndSet("Dir::Cache::srcpkgcache","srcpkgcache.bin"); + Cnf.CndSet("Dir::Cache::pkgcache","pkgcache.bin"); // Configuration - Cnf.Set("Dir::Etc","etc/apt/"); - Cnf.Set("Dir::Etc::sourcelist","sources.list"); - Cnf.Set("Dir::Etc::sourceparts","sources.list.d"); - Cnf.Set("Dir::Etc::vendorlist","vendors.list"); - Cnf.Set("Dir::Etc::vendorparts","vendors.list.d"); - Cnf.Set("Dir::Etc::main","apt.conf"); - Cnf.Set("Dir::Etc::netrc", "auth.conf"); - Cnf.Set("Dir::Etc::parts","apt.conf.d"); - Cnf.Set("Dir::Etc::preferences","preferences"); - Cnf.Set("Dir::Etc::preferencesparts","preferences.d"); - Cnf.Set("Dir::Etc::trusted", "trusted.gpg"); - Cnf.Set("Dir::Etc::trustedparts","trusted.gpg.d"); - Cnf.Set("Dir::Bin::methods","/usr/lib/apt/methods"); - Cnf.Set("Dir::Media::MountPath","/media/apt"); + Cnf.CndSet("Dir::Etc","etc/apt/"); + Cnf.CndSet("Dir::Etc::sourcelist","sources.list"); + Cnf.CndSet("Dir::Etc::sourceparts","sources.list.d"); + Cnf.CndSet("Dir::Etc::vendorlist","vendors.list"); + Cnf.CndSet("Dir::Etc::vendorparts","vendors.list.d"); + Cnf.CndSet("Dir::Etc::main","apt.conf"); + Cnf.CndSet("Dir::Etc::netrc", "auth.conf"); + Cnf.CndSet("Dir::Etc::parts","apt.conf.d"); + Cnf.CndSet("Dir::Etc::preferences","preferences"); + Cnf.CndSet("Dir::Etc::preferencesparts","preferences.d"); + Cnf.CndSet("Dir::Etc::trusted", "trusted.gpg"); + Cnf.CndSet("Dir::Etc::trustedparts","trusted.gpg.d"); + Cnf.CndSet("Dir::Bin::methods","/usr/lib/apt/methods"); + Cnf.CndSet("Dir::Media::MountPath","/media/apt"); // State - Cnf.Set("Dir::Log","var/log/apt"); - Cnf.Set("Dir::Log::Terminal","term.log"); - Cnf.Set("Dir::Log::History","history.log"); + Cnf.CndSet("Dir::Log","var/log/apt"); + Cnf.CndSet("Dir::Log::Terminal","term.log"); + Cnf.CndSet("Dir::Log::History","history.log"); - Cnf.Set("Dir::Ignore-Files-Silently::", "~$"); - Cnf.Set("Dir::Ignore-Files-Silently::", "\\.disabled$"); - Cnf.Set("Dir::Ignore-Files-Silently::", "\\.bak$"); - Cnf.Set("Dir::Ignore-Files-Silently::", "\\.dpkg-[a-z]+$"); + if (Cnf.Exists("Dir::Ignore-Files-Silently") == false) + { + Cnf.Set("Dir::Ignore-Files-Silently::", "~$"); + Cnf.Set("Dir::Ignore-Files-Silently::", "\\.disabled$"); + Cnf.Set("Dir::Ignore-Files-Silently::", "\\.bak$"); + Cnf.Set("Dir::Ignore-Files-Silently::", "\\.dpkg-[a-z]+$"); + } // Default cdrom mount point - Cnf.Set("Acquire::cdrom::mount", "/media/cdrom/"); + Cnf.CndSet("Acquire::cdrom::mount", "/media/cdrom/"); bool Res = true; -- cgit v1.2.3 From 15fb00074cb5757e4cdcd790fcf75f0134ae0fe4 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 13 Jul 2011 13:47:25 +0200 Subject: apt-pkg/aptconfiguration.h: fix copy/paste error in getCompressionTypes() description --- apt-pkg/aptconfiguration.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apt-pkg') diff --git a/apt-pkg/aptconfiguration.h b/apt-pkg/aptconfiguration.h index 815db6cae..1f0399dd2 100644 --- a/apt-pkg/aptconfiguration.h +++ b/apt-pkg/aptconfiguration.h @@ -36,7 +36,7 @@ public: /*{{{*/ * \param Cached saves the result so we need to calculated it only once * this parameter should ony be used for testing purposes. * - * \return a vector of (all) Language Codes in the prefered usage order + * \return a vector of the compression types in the prefered usage order */ std::vector static const getCompressionTypes(bool const &Cached = true); -- cgit v1.2.3 From 89c4c588b275d098af33f36eeddea6fd75068342 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 13 Jul 2011 19:02:10 +0200 Subject: fix from David Kalnischkies for the InRelease gpg verification code (LP: #784473) --- apt-pkg/indexcopy.cc | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'apt-pkg') diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc index 064fb007c..31c577705 100644 --- a/apt-pkg/indexcopy.cc +++ b/apt-pkg/indexcopy.cc @@ -664,6 +664,21 @@ bool SigVerify::CopyAndVerify(string CDROM,string Name,vector &SigList, bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG, int const &statusfd, int fd[2]) { + if (File == FileGPG) + { + #define SIGMSG "-----BEGIN PGP SIGNED MESSAGE-----\n" + char buffer[sizeof(SIGMSG)]; + FILE* gpg = fopen(File.c_str(), "r"); + if (gpg == NULL) + return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str()); + char const * const test = fgets(buffer, sizeof(buffer), gpg); + fclose(gpg); + if (test == NULL || strcmp(buffer, SIGMSG) != 0) + return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str()); + #undef SIGMSG + } + + string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv"); // FIXME: remove support for deprecated APT::GPGV setting string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted")); @@ -688,7 +703,11 @@ bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG, Args.reserve(30); if (keyrings.empty() == true) - return false; + { + // TRANSLATOR: %s is the trusted keyring parts directory + return _error->Error(_("No keyring installed in %s."), + _config->FindDir("Dir::Etc::TrustedParts").c_str()); + } Args.push_back(gpgvpath.c_str()); Args.push_back("--ignore-time-conflict"); -- cgit v1.2.3 From 953b348cb02fcdccb597b6988f904bfdb696e92e Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Thu, 14 Jul 2011 11:03:55 +0200 Subject: make ResolveByKeep() more clever and hold back packages that would go into a broken policy state by the upgrade --- apt-pkg/algorithms.cc | 40 ++++++++++++++++++++++++++++++++++------ apt-pkg/algorithms.h | 3 +++ 2 files changed, 37 insertions(+), 6 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/algorithms.cc b/apt-pkg/algorithms.cc index 2dae4258a..7c911b865 100644 --- a/apt-pkg/algorithms.cc +++ b/apt-pkg/algorithms.cc @@ -1176,6 +1176,31 @@ bool pkgProblemResolver::Resolve(bool BrokenFix) return true; } /*}}}*/ + +// ProblemResolver::BreaksInstOrPolicy - Check if the given pkg is broken/*{{{*/ +// --------------------------------------------------------------------- +/* This checks if the given package is broken either by a hard dependency + (InstBroken()) or by introducing a new policy breakage e.g. new + unsatisfied recommends for a package that was in "policy-good" state + + Note that this is not perfect as it will ignore further breakage + for already broken policy (recommends) +*/ +bool pkgProblemResolver::InstOrNewPolicyBroken(pkgCache::PkgIterator I) +{ + + // a broken install is always a problem + if (Cache[I].InstBroken() == true) + return true; + + // a newly broken policy (recommends/suggests) is a problem + if (Cache[I].NowPolicyBroken() == false && + Cache[I].InstPolicyBroken() == true) + return true; + + return false; +} + // ProblemResolver::ResolveByKeep - Resolve problems using keep /*{{{*/ // --------------------------------------------------------------------- /* This is the work horse of the soft upgrade routine. It is very gental @@ -1220,9 +1245,12 @@ bool pkgProblemResolver::ResolveByKeep() { pkgCache::PkgIterator I(Cache,*K); - if (Cache[I].InstallVer == 0 || Cache[I].InstBroken() == false) + if (Cache[I].InstallVer == 0) continue; + if (InstOrNewPolicyBroken(I) == false) + continue; + /* Keep the package. If this works then great, otherwise we have to be significantly more agressive and manipulate its dependencies */ if ((Flags[I->ID] & Protected) == 0) @@ -1230,7 +1258,7 @@ bool pkgProblemResolver::ResolveByKeep() if (Debug == true) clog << "Keeping package " << I.FullName(false) << endl; Cache.MarkKeep(I, false, false); - if (Cache[I].InstBroken() == false) + if (InstOrNewPolicyBroken(I) == false) { K = PList - 1; continue; @@ -1280,11 +1308,11 @@ bool pkgProblemResolver::ResolveByKeep() Cache.MarkKeep(Pkg, false, false); } - if (Cache[I].InstBroken() == false) + if (InstOrNewPolicyBroken(I) == false) break; } - if (Cache[I].InstBroken() == false) + if (InstOrNewPolicyBroken(I) == false) break; if (Start == End) @@ -1292,11 +1320,11 @@ bool pkgProblemResolver::ResolveByKeep() Start++; } - if (Cache[I].InstBroken() == false) + if (InstOrNewPolicyBroken(I) == false) break; } - if (Cache[I].InstBroken() == true) + if (InstOrNewPolicyBroken(I) == true) continue; // Restart again. diff --git a/apt-pkg/algorithms.h b/apt-pkg/algorithms.h index ebe31cc10..99501bed1 100644 --- a/apt-pkg/algorithms.h +++ b/apt-pkg/algorithms.h @@ -106,6 +106,9 @@ class pkgProblemResolver /*{{{*/ void MakeScores(); bool DoUpgrade(pkgCache::PkgIterator Pkg); + protected: + bool InstOrNewPolicyBroken(pkgCache::PkgIterator Pkg); + public: inline void Protect(pkgCache::PkgIterator Pkg) {Flags[Pkg->ID] |= Protected; Cache.MarkProtected(Pkg);}; -- cgit v1.2.3 From db4351bee8204c5eb352bb5667d3fbd416685715 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Jul 2011 09:33:36 +0200 Subject: * apt-pkg/depcache.cc: - change default of APT::AutoRemove::SuggestsImportant to true --- apt-pkg/depcache.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apt-pkg') diff --git a/apt-pkg/depcache.cc b/apt-pkg/depcache.cc index e9fa097aa..eb3f4e598 100644 --- a/apt-pkg/depcache.cc +++ b/apt-pkg/depcache.cc @@ -1593,7 +1593,7 @@ bool pkgDepCache::MarkFollowsRecommends() bool pkgDepCache::MarkFollowsSuggests() { - return _config->FindB("APT::AutoRemove::SuggestsImportant", false); + return _config->FindB("APT::AutoRemove::SuggestsImportant", true); } // pkgDepCache::MarkRequired - the main mark algorithm /*{{{*/ -- cgit v1.2.3