From f9e64e7bb0c125b54f0699d9e08956a88b467a7f Mon Sep 17 00:00:00 2001
From: David Kalnischkies <kalnischkies@gmail.com>
Date: Mon, 12 Aug 2013 00:19:10 +0200
Subject: use a tmpfile for trustdb.gpg in apt-key
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

for some "interesting" reason gpg decides that it needs to update its
trustdb.gpg file in a --list-keys command even if right before gpg is
asked to --check-trustdb. That wouldn't be as bad if it wouldn't modify
the keyring being listed at that moment as well, which generates not
only warnings which are not a problem for us, but as the keyring
modified can be in /usr it modified files which aren't allowed to be
modified.

The suggested solution in the bugreport is running --check-trustdb
unconditionally in an 'apt-key update' call, but this command will not
be used in the future and this could still potentially bite us in
net-update or adv calls. All of this just to keep a file around, which
we do not need…

The commit therefore switches to the use of a temporary created
trusted.gpg file for everyone and asks gpg to not try to update the
trustdb after its intial creation, which seems to avoid the problem
altogether.

It is using your also faked secring btw as calling the check-trustdb
without a keyring is a lot slower …

Closes: #687611
Thanks: Andreas Beckmann for the initial patch!
---
 debian/apt.postinst | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'debian')

diff --git a/debian/apt.postinst b/debian/apt.postinst
index 9ff1e031c..caa05ccdf 100644
--- a/debian/apt.postinst
+++ b/debian/apt.postinst
@@ -15,10 +15,15 @@ set -e
 
 case "$1" in
     configure)
-	SECRING='/etc/apt/secring.gpg'
-	# test if secring is an empty normal file
-	if test -f $SECRING -a ! -s $SECRING; then
-		rm -f $SECRING
+	if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then
+	    # we are using tmpfiles for both
+	    rm -f /etc/apt/trustdb.gpg
+	    # this removal was done unconditional since 0.8.15.3
+	    SECRING='/etc/apt/secring.gpg'
+	    # test if secring is an empty normal file
+	    if test -f $SECRING -a ! -s $SECRING; then
+	        rm -f $SECRING
+	    fi
 	fi
 	apt-key update
 
-- 
cgit v1.2.3


From ec9272975f454d3911e61e5cc3b29fe90fe2ee54 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <kalnischkies@gmail.com>
Date: Mon, 12 Aug 2013 17:26:54 +0200
Subject: do not call 'apt-key update' in apt.postinst

The debian-archive-keyring package ships trusted.gpg.d fragment files
for a while now and dropped their call to 'apt-key update', so there is
no need for use to call it as the keys will always be available.

This also finally allows a user to remove key(ring)s without APT to
overriding this decision by readding them with this step.

The functionality is kept around in the odd case that an old
debian-archive-keyring package is used which still calls 'apt-key
update' and depends on the import (hence, we also do not enforce a newer
version of the debian-archive-keyring via our dependencies)
---
 debian/apt.postinst | 1 -
 1 file changed, 1 deletion(-)

(limited to 'debian')

diff --git a/debian/apt.postinst b/debian/apt.postinst
index caa05ccdf..70de237d0 100644
--- a/debian/apt.postinst
+++ b/debian/apt.postinst
@@ -25,7 +25,6 @@ case "$1" in
 	        rm -f $SECRING
 	    fi
 	fi
-	apt-key update
 
         # ensure tighter permissons on the logs, see LP: #975199
         if dpkg --compare-versions "$2" lt-nl 0.9.7.7; then
-- 
cgit v1.2.3


From 713a2de01cc1a0b8dcd71a4137f8a099d22783b7 Mon Sep 17 00:00:00 2001
From: Michael Vogt <mvo@debian.org>
Date: Mon, 12 Aug 2013 21:45:59 +0200
Subject: update changelog for upload

---
 debian/changelog | 43 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 2 deletions(-)

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index d1ecbff1f..8e4def2b0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,48 @@
-apt (0.9.9.5) UNRELEASED; urgency=low
+apt (0.9.10) unstable; urgency=low
 
+  The "Hello to Debconf" upload
+  
+  [ Christian Perrier ]
   * Vietnamese translation update. Closes: #718615
   * Japanese translation update. Closes: #719279
 
- -- Christian Perrier <bubulle@debian.org>  Sat, 03 Aug 2013 16:06:55 +0200
+  [ Michael Vogt ]
+  * work on fixing coverity scan results:
+    - fix some off-by-one errors
+    - fix some resource leaks
+    - fixes in chroot() handling
+    - fix some missing va_end()
+  * make the code -Wall clean again
+  * remove duplicated #include<list>
+  * add .travis.yml
+  * use the 'abi-complicance-checker' package and remove the buildin 
+    copy for the abi checks
+
+  [ David Kalnischkies ]
+  * ensure that FileFd::Size returns 0 in error cases
+  * add missing Turkish (tr) to po/LINGUAS
+  * correct management-typo in description found by lintian
+  * implement debian/rules build-{arch,indep} as required by policy 3.9.4
+  * reenable automatic parallel build of APT
+  * exclude config.{sub,guess} from source package
+  * update the symbol files to reflect current state
+  * unset LANGUAGE for showing [Y/n] answer hints
+  * fix some unitialized data members
+  * specific pins below 1000 cause downgrades (Closes: 543966)
+  * use pkgTagFile to parse "header" of Release files
+  * fix: --print-uris removes authentication (Closes: 719263)
+  * always use our own trustdb.gpg in apt-key
+  * use a tmpfile for trustdb.gpg in apt-key.
+    Thanks to Andreas Beckmann for the initial patch! (Closes: #687611)
+  * do not double-slash paths in apt-key (Closes: 665411)
+  * make the keyring locations in apt-key configurable
+  * let apt-key del work better with softlink and single key keyrings
+  * do not call 'apt-key update' in apt.postinst
+
+  [ Colin Watson ]
+  * prefer native arch over higher priority for providers (Closes: #718482)
+
+ -- Michael Vogt <mvo@debian.org>  Mon, 12 Aug 2013 21:45:07 +0200
 
 apt (0.9.9.4) unstable; urgency=low
 
-- 
cgit v1.2.3


From 0e279e3527ce3dc9de0e01441ad693f415e75d6a Mon Sep 17 00:00:00 2001
From: Michael Vogt <michael.vogt@ubuntu.com>
Date: Tue, 23 Apr 2013 08:15:06 +0200
Subject: merge patch from Daniel Hartwig to  Clarify units of
 Acquire::http::Dl-Limit (closes: #705445) Conflicts: 	debian/changelog

---
 debian/changelog | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index 8e4def2b0..7075cb844 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apt (0.9.11) UNRELEASED; urgency=low
+
+  [ Daniel Hartwig ]
+  * Clarify units of Acquire::http::Dl-Limit (closes: #705445)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 15 Aug 2013 09:27:35 +0200
+
 apt (0.9.10) unstable; urgency=low
 
   The "Hello to Debconf" upload
@@ -38,7 +45,7 @@ apt (0.9.10) unstable; urgency=low
   * make the keyring locations in apt-key configurable
   * let apt-key del work better with softlink and single key keyrings
   * do not call 'apt-key update' in apt.postinst
-
+  
   [ Colin Watson ]
   * prefer native arch over higher priority for providers (Closes: #718482)
 
-- 
cgit v1.2.3


From b9674b755d40b1394c397864d1fcd05ad58a88a2 Mon Sep 17 00:00:00 2001
From: Michael Vogt <michael.vogt@ubuntu.com>
Date: Tue, 23 Apr 2013 08:16:21 +0200
Subject: merge patch from Daniel Hartwig to  Show a error message if
 {,dist-}upgrade is used with additional     arguments (closes: #705510)

---
 debian/changelog | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index 7075cb844..6172cb332 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ apt (0.9.11) UNRELEASED; urgency=low
 
   [ Daniel Hartwig ]
   * Clarify units of Acquire::http::Dl-Limit (closes: #705445)
+  * Show a error message if {,dist-}upgrade is used with additional
+    arguments (closes: #705510)
 
  -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 15 Aug 2013 09:27:35 +0200
 
-- 
cgit v1.2.3


From d8a06f6e478323b2fa8573f6f885c0b16d403642 Mon Sep 17 00:00:00 2001
From: Michael Vogt <egon@debian-devbox>
Date: Wed, 17 Oct 2012 10:29:52 +0200
Subject: * lp:~mvo/apt/config-clear:   - support Configuration.Clear() for a
 clear of the entire     configuration Conflicts: 	debian/changelog

---
 debian/changelog | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index 6172cb332..1c7afd863 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,11 @@ apt (0.9.11) UNRELEASED; urgency=low
   * Show a error message if {,dist-}upgrade is used with additional
     arguments (closes: #705510)
 
+  [ Michael Vogt ]
+  * lp:~mvo/apt/config-clear:
+    - support Configuration.Clear() for a clear of the entire 
+      configuration
+
  -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 15 Aug 2013 09:27:35 +0200
 
 apt (0.9.10) unstable; urgency=low
-- 
cgit v1.2.3


From 488011fa99aee25bedb39ae2cc3115ad1ab000c0 Mon Sep 17 00:00:00 2001
From: Michael Vogt <egon@debian-devbox>
Date: Wed, 17 Oct 2012 10:27:50 +0200
Subject: * lp:~mvo/apt/add-glob-function:   -  add Glob() to fileutl.{cc,h}
 Conflicts: 	apt-pkg/contrib/fileutl.h 	debian/changelog

---
 debian/changelog | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index 1c7afd863..b597d1b20 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,8 @@ apt (0.9.11) UNRELEASED; urgency=low
   * lp:~mvo/apt/config-clear:
     - support Configuration.Clear() for a clear of the entire 
       configuration
+  * lp:~mvo/apt/add-glob-function:
+    -  add Glob() to fileutl.{cc,h}
 
  -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 15 Aug 2013 09:27:35 +0200
 
-- 
cgit v1.2.3