Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.1.4 2020-02-16T11:46:09Z 2020-02-16T11:46:09Z Julian Andres Klode julian.klode@canonical.com 2020-02-16T10:45:05Z urn:sha1:9cc0e2cab7c83ede99e21c70f248d884b8930983 This experiment did not turn out sensibly, as some servers do not accept credentials when none are expected and fail, so you cannot mirror such a repository. This reverts commit c2b9b0489538fed4770515bd8853a960b13a2618. 2020-01-15T21:07:25Z Julian Andres Klode julian.klode@canonical.com 2019-12-04T12:58:38Z urn:sha1:a9916c3faa2b8c6fa288599efec65868d050b0ef Commit 93f33052de84e9aeaf19c92291d043dad2665bbd restricted auth.conf entries to only apply to https by default, but this was silent - there was no information why http sources with auth.conf entries suddenly started failing. Add such information, and extend test case to cover it. 2019-12-02T13:27:38Z Julian Andres Klode julian.klode@canonical.com 2019-12-02T10:46:49Z urn:sha1:93f33052de84e9aeaf19c92291d043dad2665bbd This avoids downgrade attacks where an attacker could inject Location: http://private.example/ and then (having access to raw data to private.example, for example, by opening a port there, or sniffing network traffic) read the credentials for the private repository. Closes: #945911 2019-02-26T15:31:20Z Julian Andres Klode julian.klode@canonical.com 2019-02-26T12:15:38Z urn:sha1:36adf6dd0504d7b280e93f5206d93ee5f7f13e84 2019-02-01T16:52:03Z Julian Andres Klode julian.klode@canonical.com 2019-02-01T13:43:52Z urn:sha1:c2b9b0489538fed4770515bd8853a960b13a2618 This new field allows a repository to declare that access to packages requires authorization. The current implementation will set the pin to -32768 if no authorization has been provided in the auth.conf(.d) files. This implementation is suboptimal in two aspects: (1) A repository should behave more like NotSource repositories (2) We only have the host name for the repository, we cannot use paths yet. - We can fix those after an ABI break. The code also adds a check to acquire-item.cc to not use the specified repository as a download source, mimicking NotSource. 2018-05-07T11:41:31Z Guillem Jover guillem@debian.org 2018-05-06T20:32:41Z urn:sha1:164f1b78d1849a0f33df7352875f86e28f5de06a Prompted-by: Jakub Wilk <jwilk@debian.org> 2017-12-13T22:53:02Z David Kalnischkies david@kalnischkies.de 2017-12-13T11:17:25Z urn:sha1:bb3a0325bf6b5c6c7cd076ba8a44d9d3eba0902b Reported-By: gcc -Wsign-promo 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-07T14:24:21Z urn:sha1:ea408c560ed85bb4ef7cf8f72f8463653501332c We have support for an netrc-like auth.conf file since 0.7.25 (closing 518473), but it was never documented in apt that it even exists and netrc seems to have fallen out of usage as a manpage for it no longer exists making the feature even more arcane. On top of that the code was a bit of a mess (as it is written in c-style) and as a result the matching of machine tokens to URIs also a bit strange by checking for less specific matches (= without path) first. We now do a single pass over the stanzas. In practice early adopters of the undocumented implementation will not really notice the differences and the 'new' behaviour is simpler to document and more usual for an apt user. Closes: #811181 2017-07-12T11:57:51Z Julian Andres Klode jak@debian.org 2017-07-12T11:40:41Z urn:sha1:87274d0f22e1dfd99b2e5200e2fe75c1b804eac3 This makes it easier to see which headers includes what. The changes were done by running git grep -l '#\s*include' \ | grep -E '.(cc|h)$' \ | xargs sed -i -E 's/(^\s*)#(\s*)include/\1#\2 include/' To modify all include lines by adding a space, and then running ./git-clang-format.sh. 2015-11-21T17:04:29Z Justin B Rye justin.byam.rye@gmail.com 2015-11-21T16:50:06Z urn:sha1:d04e44ac8177fc5b70ae0189bb5e437c2502f910 Reference mail: https://lists.debian.org/debian-l10n-english/2015/11/msg00006.html