Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.2.7 2016-03-15T18:21:34Z 2016-03-15T18:21:34Z Julian Andres Klode jak@debian.org 2016-03-15T18:20:35Z urn:sha1:a99c3a5f51d31f72174c91643e1e04002686452a 2016-03-15T17:55:02Z Michael Vogt mvo@ubuntu.com 2016-03-15T12:13:54Z urn:sha1:0390edd5452b081f8efcf412f96d535a1d959457 The problemresolver will set the candidate version for pkg P back to the current version if it encounters an impossible to satisfy critical dependency on P. However it did not set the State of the package back as well which lead to a situation where P is neither in Keep,Install,Upgrade,Delete state. Note that this can not be tested via the traditional sh based framework. I added a python-apt based test for this. LP: #1550741 [jak@debian.org: Make the test not fail if apt_pkg cannot be imported] 2016-03-15T11:33:21Z Julian Andres Klode jak@debian.org 2016-03-15T11:30:37Z urn:sha1:07ea3af0fe55fdfe976ab847c5c88efd703d1282 We will drop support for those in the future. Also adjust the std::array to be a std::vector, as that's easier to maintain. 2016-03-15T11:33:21Z Julian Andres Klode jak@debian.org 2016-03-15T10:40:10Z urn:sha1:8c9b7725c3d89461e78061aff4bc644cdb237fe7 This can be used by workers to send warnings to the main program. The messages will be passed to _error->Warning() by APT with the URI prepended. We are not going to make that really public now, as the interface might change a bit. 2016-03-15T11:33:21Z Julian Andres Klode jak@debian.org 2016-03-15T09:56:05Z urn:sha1:08fd77e83528fd03795524adf76e359ae2b56e06 We added weak signatures to BadSigners, meaning that a Release file signed by both a weak signature and a strong signature would be rejected; preventing people from migrating from DSA to RSA keys in a sane way. Instead of using BadSigners, treat weak signatures like expired keys: They are no good signatures, and they are worthless. Gbp-Dch: ignore 2016-03-15T01:29:14Z Zhou Mo cdluminate@gmail.com 2016-03-15T01:29:14Z urn:sha1:56b4c93f60ebdb828bb8d0b9ea2db448560208f5 2016-03-14T14:37:05Z Julian Andres Klode jak@debian.org 2016-03-14T14:35:14Z urn:sha1:d91051242d10ada198b4ed59d59ad4aa8f59bcaf This keeps a list of weak digest algorithms. For now, only MD5 is disabled, as SHA1 breaks to many repos. 2016-03-14T13:44:38Z Julian Andres Klode jak@debian.org 2016-03-14T13:44:33Z urn:sha1:0d80586a67622d4d58908fee41c3be8a6813d426 This reverts commit 76a71a1237d22c1990efbc19ce0e02aacf572576. That commit broke the test suite. Gbp-Dch: ignore 2016-03-14T13:23:50Z Julian Andres Klode jak@debian.org 2016-03-14T13:23:50Z urn:sha1:76a71a1237d22c1990efbc19ce0e02aacf572576 ERRSIG is created whenever a key uses an unknown/weak digest algorithm, for example. This allows us to report a more useful error than just "unknown apt-key error.": The following signatures were invalid: ERRSIG 13B00F1FD2C19886 1 2 01 1457609403 5 While still not being the best reportable error message, it's better than unknown apt-key error and hopefully redirects users to complain to their repository owners. 2016-03-14T12:49:25Z Julian Andres Klode jak@debian.org 2016-03-14T12:49:25Z urn:sha1:0cbb7e29c5dad2178896d8eaf41ad616bb0111da This was wrong and caused some issues because apt-key invoked host apt-config with our library. Gbp-Dch: ignore