Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.9.2 2024-04-19T18:54:54Z 2024-04-19T18:54:54Z Julian Andres Klode julian.klode@canonical.com 2024-01-23T18:01:34Z urn:sha1:858a551b50ea3871748d9196896e54b361c3d545 2024-04-19T18:11:22Z Julian Andres Klode julian.klode@canonical.com 2024-01-23T17:37:42Z urn:sha1:3cd6eacd1ab42e414f0d899a3f74fc60140f0e8a We never used the debug level before, so we can do that. This allows us to have the new audit level. We did call DumpErrors() with DEBUG in two debug code paths, so don't touch those. debug 2024-02-20T12:49:04Z Julian Andres Klode julian.klode@canonical.com 2024-02-20T12:43:08Z urn:sha1:40a75722c43ae24cb9a99d6730a3b25b65819c49 This was automated with sed and git-clang-format, and then I had to fix up the top of policy.cc by hand as git-clang-format accidentally indented it by two spaces. 2024-01-03T16:59:11Z David Kalnischkies david@kalnischkies.de 2024-01-03T16:25:35Z urn:sha1:afcdbcf895284efd76903b2b3ba5cc849059ce50 Nowadays we only download the index file if we have a non-current file on disk which we want to patch. If that is the case, any index file for patches we could have stored is by definition outdated, so storing those files just takes up disk space. At least, that is the case if we have a Release file – if we don't this commit introduces a needless redownload for such repositories but such repositories are an error by default and if they can't be bothered to provide a Release file its very unlikely they actually ship diffs, so adding detection code for this seems pointless at best. 2023-03-04T12:07:00Z David Kalnischkies david@kalnischkies.de 2023-03-04T10:55:34Z urn:sha1:937221fde2a5ca989a0b80728cd3ba3639f9f20e A source marked with trusted=yes can still fail verification of the Release file, mostly for Date related issues, like being too new or too old, which have other options to force them in. The update code was not using the Release file (which was a InRelease file but failed verification – which was overridden by trusted=yes) as intended, but it marked it for storage, so that this "bad" Release file would end up being moved into lists/, which is bad as the indexes it refers to aren't updated while the next update run assumes that the indexes are in the state the Release file claims them to be in. Fixed simply by making the storage conditional on the usage as intended, which also resolves a second issue: The verification can also detect that a Release file we got is older than what we already have to avoid down- grade attacks. The more likely explanation is a slightly outdated mirror in a rotation/CDN through, so this gets the silent treatment to avoid scaring users by handling it as if we had got the same Release file we already have stored locally, removing the freshly received older file in the process alongside setting some variables. Those variables were already modified in the trusted=yes case though resulting in the stored Release file being removed instead. Not modifying the variables too early resolves this problem as well. Both seem to exist since at least 2015 as traces are visible in 448c38bdcd already, which shuffled lots of code around including the bad ones, but as we are in trusted=yes land, security is of no concern here, this "just" leads to failed pinning, hashsum mismatches and other strange problems in follow-up calls depending on how out of sync the Release file (if its still present) is with the rest of the trusted data. Reported-By: Dima Kogan <dkogan@debian.org> on IRC Tested-By: Dima Kogan <dkogan@debian.org> 2023-03-03T16:51:05Z David Kalnischkies david@kalnischkies.de 2023-01-28T21:17:44Z urn:sha1:acbfdf0533602a05de066aa86d1f756b5fe0f4a3 We only check the start of these lines to avoid hard coding the exact command and we pick 150 as maximum line length as the longest package name on my system is apparently 75 characters long. We could choose longer or shorter without much issue as over-length just means we mishandle the rest of the line as a new line and it should be really unlikely that a) lines are that long in this file and b) that such long lines contain one of our trigger sequences – but even if, all we do is start a download of an online file. Could be worse. This auto-detection can be avoided by setting Acquire::Changelogs::AlwaysOnline (or Origin specific sub options) to "true" if you always want the changelog from an online source. The reverse – setting it to "false" in the hope it would not get the changelog from an online source – was not and is still not possible. Closes: #1024457 2022-12-13T06:48:30Z Egon Willighagen egon.willighagen@gmail.com 2022-12-13T06:48:30Z urn:sha1:d9ffa93a8ef9d8e8c39d1dcbd6b41315858799c7 2022-04-01T12:16:19Z David Kalnischkies david@kalnischkies.de 2022-03-28T16:05:44Z urn:sha1:0b156cd1711a5e27643b941f5a321a62e5a9b628 FindS has a APT::StringView based API nowadays, so we can avoid these explicit calls also allowing us to avoid the std::string in input or output entirely or at least move it a few branches down. 2021-11-27T10:22:38Z Ville Skyttä ville.skytta@iki.fi 2021-11-03T22:08:07Z urn:sha1:01eed4234440d82fc52c8186cf4268517bcd28bc 2021-10-18T13:49:10Z Julian Andres Klode julian.klode@canonical.com 2021-06-09T11:09:38Z urn:sha1:c8e5008794f07afa1e9c139249c682eb5745fc25 This currently has no effect, as there are no quotable characters inside it, but it will allow us to send embedded keys through to the method.