Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.3.0 2021-02-04T10:00:00Z 2021-02-04T10:00:00Z David Kalnischkies david@kalnischkies.de 2020-06-28T18:52:09Z urn:sha1:96dc40b19623621a9cc2c5541fb3adbbceb553b1 varg API is a nightmare as the symbols seems different on ever other arch, but more importantly SendMessage does a few checks on the content of the message and it is all outputted via C++ iostreams and not mixed in FILE* which is handy for overriding the streams. 2020-12-18T18:31:19Z David Kalnischkies david@kalnischkies.de 2020-07-09T14:38:49Z urn:sha1:e6c55283d235aa9404395d30f2db891f36995c49 We do not deal a lot with URIs which need encoding, but then we do it is a pain that we store it decoded in the acquire system as it means we have to decode and reencode URIs eventually which is potentially giving us slightly different URIs. We see that in our own testing framework while setting up redirects as the config options are effectively double-encoded and decoded to pass them around successfully as otherwise %2f and / in an URI are treated the same. This commit adds the infrastructure for methods to opt into getting URIs send in encoded form (and returning them to us in encoded form, too) so that we eventually do not have to touch the URIs which is how it should be. This means though that we have to deal with methods who do not support this yet (aka: all at the moment) for which we decode and encode while communicating with them. 2020-02-26T19:34:54Z Julian Andres Klode julian.klode@canonical.com 2019-08-13T17:15:19Z urn:sha1:db678df196ccd8f9f6fb336706cf5701d1e53aa6 2019-06-12T13:02:55Z Julian Andres Klode julian.klode@canonical.com 2019-05-11T15:17:20Z urn:sha1:daa1352ed3d2bb4bc6aa0f0e7f22be3f0908942d 2018-01-03T18:42:45Z David Kalnischkies david@kalnischkies.de 2017-10-27T22:01:27Z urn:sha1:04ab37fecaf286f724bef2e0969d2b67ab5ac1b1 Allowing a method to request work from other methods is a powerful capability which could be misused or exploited, so to slightly limited the surface let method opt-in into this capability on startup. 2018-01-03T17:55:41Z David Kalnischkies david@kalnischkies.de 2017-08-09T21:26:19Z urn:sha1:02567e3084d2faec92e8bf248e89fda6452e634b The format isn't too hard to get right, but it gets funny with multiline fields (which we don't really have yet) and its just easier to deal with it once and for all which can be reused for more messages later. 2017-10-22T16:52:16Z Julian Andres Klode jak@debian.org 2017-10-21T13:44:43Z urn:sha1:1a76517470ebc2dd3f96e39ebe6f3706d6dd78da This avoids running the Proxy-Auto-Detect script inside the untrusted (well, less trusted for now) sandbox. This will allow us to restrict the http method from fork()ing or exec()ing via seccomp. 2015-08-10T15:25:25Z David Kalnischkies david@kalnischkies.de 2015-06-17T07:29:00Z urn:sha1:6c55f07a5fa3612a5d59c61a17da5fe640eadc8b Doing this disables the implicit copy assignment operator (among others) which would cause hovac if used on the classes as it would just copy the pointer, not the data the d-pointer points to. For most of the classes we don't need a copy assignment operator anyway and in many classes it was broken before as many contain a pointer of some sort. Only for our Cacheset Container interfaces we define an explicit copy assignment operator which could later be implemented to copy the data from one d-pointer to the other if we need it. Git-Dch: Ignore 2015-06-16T14:22:46Z David Kalnischkies david@kalnischkies.de 2015-06-16T14:22:46Z urn:sha1:c8a4ce6cbed57ae108dc955d4a850f9b129a0693 To have a chance to keep the ABI for a while we need all three to team up. One of them missing and we might loose, so ensuring that they are available is a very tedious but needed task once in a while. Git-Dch: Ignore 2015-06-09T10:57:36Z David Kalnischkies david@kalnischkies.de 2015-06-06T17:16:45Z urn:sha1:3679515479136179e0d95325a6559fcc6d0af7f8 rred is responsible for unpacking and reading the patch files in one go, but we currently only have hashes for the uncompressed patch files, so the handler read the entire patch file before dispatching it to the worker which would read it again – both with an implicit uncompress. Worse, while the workers operate in parallel the handler is the central orchestration unit, so having it busy with work means the workers do (potentially) nothing. This means rred is working with 'untrusted' data, which is bad. Yet, having the unpack in the handler meant that the untrusted uncompress was done as root which isn't better either. Now, we have it at least contained in a binary which we can harden a bit better. In the long run, we want hashes for the compressed patch files through to be safe.