Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.2.0 2020-02-26T19:34:54Z 2020-02-26T19:34:54Z Julian Andres Klode julian.klode@canonical.com 2019-08-13T17:15:19Z urn:sha1:db678df196ccd8f9f6fb336706cf5701d1e53aa6 2020-02-26T13:10:47Z Julian Andres Klode julian.klode@canonical.com 2020-02-26T13:04:51Z urn:sha1:da18eb10188a22fc1698a9b8466272f2826447db 2020-02-26T12:55:38Z Julian Andres Klode julian.klode@canonical.com 2020-02-26T12:55:38Z urn:sha1:e4e9af454db78c287ca062ac7d75bdd63bd7f744 2019-06-12T13:02:55Z Julian Andres Klode julian.klode@canonical.com 2019-05-11T15:17:20Z urn:sha1:daa1352ed3d2bb4bc6aa0f0e7f22be3f0908942d 2019-02-26T15:31:20Z Julian Andres Klode julian.klode@canonical.com 2019-02-26T12:51:15Z urn:sha1:0dfacb3d014db4c9f337ce2be1a6997dbdc5bde1 2019-01-22T11:24:22Z David Kalnischkies david@kalnischkies.de 2018-09-11T23:44:18Z urn:sha1:7bf533967fb385b9625a1ee4dd7c6542a84b489c Telling the acquire system which keys caused the gpgv method to succeed allows us for now just a casual check if the gpgv method really executed catching bugs like CVE-2018-0501, but we will make use of the information for better features in the following commits. 2018-11-25T16:38:31Z David Kalnischkies david@kalnischkies.de 2018-11-25T16:38:31Z urn:sha1:f313e09d167cc7a83846ac9d4d5d72ba10cc2638 No user visible change expect for some years old changelog entries, so we don't really need to add a new one for this… Reported-By: codespell Gbp-Dch: Ignore 2018-05-11T16:28:29Z David Kalnischkies david@kalnischkies.de 2018-01-15T11:04:45Z urn:sha1:ed0e9eadeb3003f4f150da3c463b28cfa5e54b6f Individual items shouldn't concern themselves with these alternative locations, we can deal with this more efficiently within the infrastructure created for other alternative URIs now avoiding the need to implement this in each item. 2018-05-11T16:28:19Z David Kalnischkies david@kalnischkies.de 2018-01-13T23:07:20Z urn:sha1:2d6c6c8809c7b4c1a009df48387ba15066fda7e2 If we got a file but it produced a hash error, mismatched size or similar we shouldn't fallback to alternative URIs as they likely result in the same error. If we can we should instead use another mirror. We used to be a lot stricter by stopping all trys for this file if we got a non-404 (or a hash-based) failure, but that is too hard as we really want to try other mirrors (if we have them) in the hope that they have the expected and correct files. 2018-01-03T17:55:41Z David Kalnischkies david@kalnischkies.de 2017-08-12T14:21:13Z urn:sha1:ef9677831f62a1554a888ebc7b162517d7881116 If a method needs a file to operate like e.g. mirror needs to get a list of mirrors before it can redirect the the actual requests to them. That could easily be solved by moving the logic into libapt directly, but by allowing a method to request other methods to do something we can keep this logic contained in the method and allow e.g. also methods which perform binary patching or similar things. Previously they would need to implement their own acquire system inside the existing one which in all likelyhood will not support the same features and methods nor operate with similar security compared to what we have already running 'above' the requesting method. That said, to avoid methods producing conflicts with "proper" files we are downloading a new directory is introduced to keep the auxiliary files in. [The message magic number 351 is a tribute to the german Grundgesetz article 35 paragraph 1 which defines that all authorities of the state(s) help each other on request.]