apt/apt-pkg/contrib, branch 1.1.exp13

apt/apt-pkg/contrib, branch 1.1.exp13 Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.1.exp13 2015-09-14T13:22:18Z srv test: do 100 pulls twice and compare list 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-11T23:23:01Z urn:sha1:9bfb1136abfd58e48545304507dedceb2fe87a36 The previous implementation was still a bit unstable in terms of failing at times. Lets try if we have more luck with this one. Git-Dch: Ignore avoid using global PendingError to avoid failing too often too soon 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-10T17:00:51Z urn:sha1:95278287f4e1eeaf5d96749d6fc9bfc53fb400d0 Our error reporting is historically grown into some kind of mess. A while ago I implemented stacking for the global error which is used in this commit now to wrap calls to functions which do not report (all) errors via return, so that only failures in those calls cause a failure to propergate down the chain rather than failing if anything (potentially totally unrelated) has failed at some point in the past. This way we can avoid stopping the entire acquire process just because a single source produced an error for example. It also means that after the acquire process the cache is generated – even if the acquire process had failures – as we still have the old good data around we can and should generate a cache for (again). There are probably more instances of this hiding, but all these looked like the easiest to work with and fix with reasonable (aka net-positive) effects. copy ReadWrite-error to the bottom to make clang happy 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-07T19:14:55Z urn:sha1:8f5b67ae1488f5addc70b337aea7aa1ced168550 clang detects that fd isn't set in the ReadWrite case – just that this is supposed to be catched earlier in this method already, but it doesn't hurt to make it explicit here as well and clang is happy, too. Git-Dch: Ignore implement CopyFile without using FileFd::Size() 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-07T17:10:21Z urn:sha1:e977b8b9234ac5db32f2f0ad7e183139b988340d Pipes and such have no good Size value, but we still want to copy from it maybe and we don't really need size as we can just as well read as long as we get data out of a file to copy it. Git-Dch: Ignore avoid triggering the c++11 erase api change on travis 2015-09-02T10:35:22Z David Kalnischkies david@kalnischkies.de 2015-09-02T10:35:22Z urn:sha1:c7609dd7a418428ffbca4c81a7950c4f53c92450 Git-Dch: Ignore use clock() as source for SRV randomness 2015-09-01T17:01:45Z David Kalnischkies david@kalnischkies.de 2015-09-01T16:32:22Z urn:sha1:76abe9a5aad69eb7e67295588c6825cdae0341af Initializing a random number generator with the time since epoch could be good enough, but reaches its limits in test code as the 100 iterations might very well happen in the same second and hence the seed number is always the same… clock() has a way lower resolution so it changes more often and not unimportant: If many users start the update at the same time it isn't to unlikely the SRV record will be ordered in the same second choosing the same for them all, but it seems less likely that the exact same clock() time has passed for them. And if I have to touch this, lets change a few other things as well to make me and/or compilers a bit happier (clang complained about the usage of a GNU extension in the testcase for example). use unusable-for-security hashes for integrity checks 2015-09-01T12:19:44Z David Kalnischkies david@kalnischkies.de 2015-09-01T11:58:00Z urn:sha1:63d609985eb7eefa5f2332bfe4fab96f017760a1 We want to declare some hashes as not enough for security, so that a user will need --allow-unauthenticated or similar to get data secured only by those hashes, but we can still us these hashes for integrity checks if we got them. Consider md5sum no longer a usable hash 2015-09-01T09:29:49Z Michael Vogt mvo@ubuntu.com 2015-09-01T09:13:48Z urn:sha1:55ae7a516126f9f064d8353bf962256b7307590a The md5sum hash is broken since some time and we should no longer consider it a usable hash. Also update the tests to reflect this. improve CheckDropPrivsMustBeDisabled further 2015-09-01T00:49:53Z David Kalnischkies david@kalnischkies.de 2015-09-01T00:29:27Z urn:sha1:226c0f64d46019d675840b16bd44ff985b45ad0f Various smaller improvements so that the check deals better with already downloaded files, relative paths and other things. Git-Dch: Ignore ignore for _apt inaccessible TMPDIR in pkgAcqChangelog 2015-08-31T00:31:10Z David Kalnischkies david@kalnischkies.de 2015-08-31T00:31:10Z urn:sha1:dd6da7d2392e2ad35c444ebc2d7bc2308380530c Using libpam-tmpdir caused us to create our download tmp directory in root's private tmp before changing to _apt, which wouldn't have access to it. By extending our GetTempDir method with an optional wrapper changing the effective user, we can test if a given user can access the directory and ignore TMPDIR if not instead of ignoring TMPDIR completely. Closes: 797270