Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.7.2 2023-07-12T15:26:50Z 2023-07-12T15:26:50Z Julian Andres Klode julian.klode@canonical.com 2023-07-12T15:26:50Z urn:sha1:2a8830218bef1fa5fb01a387bddf7d76087eea58 2023-07-12T15:07:49Z Julian Andres Klode jak@debian.org 2023-07-12T15:07:49Z urn:sha1:67192e897a42b555f2e3f527eda8240f94b9e6f5 Fix snapshot crashes See merge request apt-team/apt!301 2023-07-12T14:49:19Z Julian Andres Klode julian.klode@canonical.com 2023-06-27T15:11:06Z urn:sha1:5dcb36e7af4bd65211ac4937e5e7feac8c85683c We did not handle multiple components properly, add a contrib component to the test case. 2023-07-11T13:49:18Z Julian Andres Klode jak@debian.org 2023-07-11T13:49:18Z urn:sha1:f26a15a3f9b020dcd5c5203bd73133c8d647c99c Do not fail on systems running in FIPSmode. See merge request apt-team/apt!295 2023-07-11T13:47:17Z Julian Andres Klode jak@debian.org 2023-07-11T13:47:17Z urn:sha1:7bb2b81090b1a5bd9ebb49a0d9fd5cfd9ddab95f dist-upgrade: Revert phased updates using keeps only See merge request apt-team/apt!299 2023-07-11T13:47:13Z Julian Andres Klode jak@debian.org 2023-07-11T13:47:13Z urn:sha1:50efb65f339e715e04af114bca44c9b8c53ad3ad update: Add notice about missing Signed-By in deb822 sources See merge request apt-team/apt!298 2023-07-07T12:28:59Z Julian Andres Klode julian.klode@canonical.com 2023-07-07T12:24:52Z urn:sha1:68ef41ea912f4879b0ee43419c13a3a8c9bfcd22 This fixes an issue where phased updates gain new dependencies and cause them to be installed despite themselves not being installed. In the cause of investigation, it turned out that we also need to evaluate the candidate version at those early stage rather than the install version (which is only valid *after* MarkInstall). This does not fully resolve the problem: If an update pulls in a phased update, depends are still being installed. Resolving this while ensuring that phased updates cannot uninstall packages requires us to do a minimization of changes by trying to keep back each new install removal and then seeing if any dependency is being broken by it. This is more complex and will happen later. 2023-07-05T08:57:26Z Julian Andres Klode julian.klode@canonical.com 2023-07-03T09:13:00Z urn:sha1:89dd48bdea93849246fc33b447d6d7ad52bb1c4b In the bug, mutter was kept back due to phasing and the new gnome-shell depended on that, and was therefore kept back as well, however, gnome-shell-common was not broken, and apt decided to continue upgrading it by removing gnome-shell and the ubuntu desktop meta packages. This is potentially a regression of LP#1990586 where we added keep back calls to the start of the dist-upgrade to ensure that we do not mark stuff for upgrade in the first place that depends on phasing updates, however it was generally allowed by the resolver to also do those removals. To fix this, we need to resolve the update normally and then use ResolveByKeepInternal to keep back any changes broken by held back packages. However, doing so breaks test-bug-591882-conkeror because ResolveByKeep keeps back packages for broken Recommends as well, which is not something we generally want to do in a dist-upgrade after we already decided to upgrade it. To circumvent that issue, extend the pkgProblemResolver to allow a package to be policy broken, and mark all packages that already were already going to be policy broken to be allowed to be that, such that we don't try to undo their installs. LP: #2025462 2023-06-28T07:52:38Z Julian Andres Klode julian.klode@canonical.com 2023-06-28T07:51:34Z urn:sha1:9ef79abd2f7942c4c5d789fd29b83f493626e440 2023-06-27T17:21:47Z Julian Andres Klode julian.klode@canonical.com 2023-06-27T17:14:43Z urn:sha1:aba813975abb880f8b27d659147f7760c02f99e7 We want to gently steer users towards having Signed-By for each source such that we can retire a shared keyring across sources which improves resilience against configuration issues and incompetent malicious actors.