Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.1_exp15 2015-10-23T16:06:23Z 2015-10-23T16:06:23Z Julian Andres Klode jak@debian.org 2015-10-23T16:02:30Z urn:sha1:f77ea39c94988ab6adcb2d6bbf5466b0bc65953b More safety, less writeable memory. 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-06T11:32:07Z urn:sha1:3addaba1ff6fe27cc96af5c2d345ee039c2bffec How the Multi-Arch field and pkg:<arch> dependencies interact was discussed at DebConf15 in the "MultiArch BoF". dpkg and apt (among other tools like dose) had a different interpretation in certain scenarios which we resolved by agreeing on dpkg view – and this commit realizes this agreement in code. As was the case so far libapt sticks to the idea of trying to hide MultiArch as much as possible from individual frontends and instead translates it to good old SingleArch. There are certainly situations which can be improved in frontends if they know that MultiArch is upon them, but these are improvements – not necessary changes needed to unbreak a frontend. The implementation idea is simple: If we parse a dependency on foo:amd64 the dependency is formed on a package 'foo:amd64' of arch 'any'. This package is provided by package 'foo' of arch 'amd64', but not by 'foo' of arch 'i386'. Both of those foo packages provide each other through (assuming foo is M-A:foreign) to allow a dependency on 'foo' to be satisfied by either foo of amd64 or i386. Packages can also declare to provide 'foo:amd64' which is translated to providing 'foo:amd64:any' as well. This indirection over provides was chosen as the alternative would be to teach dependency resolvers how to deal with architecture specific dependencies – which violates the design idea of avoiding resolver changes, especially as architecture-specific dependencies are a cornercase with quite a few subtil rules. Handling it all over versioned provides as we already did for M-A in general seems much simpler as it just works for them. This switch to :any has actually a "surprising" benefit as well: Even frontends showing a package name via .Name() [which doesn't show the architecture] will display the "architecture" for dependencies in which it was explicitely requested, while we will not show the 'strange' :any arch in FullName(true) [= pretty-print] either. Before you had to specialcase these and by default you wouldn't get these details shown. The only identifiable disadvantage is that this complicates error reporting and handling. apt-get's ShowBroken has existing problems with virtual packages [it just shows the name without any reason], so that has to be worked on eventually. The other case is that detecting if a package is completely unknown or if it was at least referenced somewhere needs to acount for this "split" – not that it makes a practical difference which error is shown… but its one of the improvements possible. 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-05T11:29:50Z urn:sha1:384f17b40efb7b966001b2f7620b18324b507c55 We parse all architectures we encounter recently, which means we also parse packages from architectures which are neither native nor foreign, but still came onto the system somehow (usually via heavy force). 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-05T10:58:04Z urn:sha1:f6ce7ffce526432a855166074332f97b37ad98db Previously we had python:any:amd64, python:any:i386, … in the cache and the dependencies of an amd64 package would be on python:any:amd64, of an i386 on python:any:i386 and so on. That seems like a relatively pointless endeavor given that they will all be provided by the same packages and therefore also a waste of space. Git-Dch: Ignore 2015-08-31T15:48:54Z David Kalnischkies david@kalnischkies.de 2015-08-31T15:48:54Z urn:sha1:b830f576a81751f4b04bc889fa82aaca0e6fc3ea Reported-By: gcc Git-Dch: Ignore 2015-08-27T12:51:47Z Julian Andres Klode jak@debian.org 2015-08-21T16:00:37Z urn:sha1:1c73b0fc41c23a08994ef1464c529e0aacff16de This could allow an attacker to mark a package as installed in a remote package index, as long as the package was not listed in the dpkg status file. This way, an attacker could force the installation of a package during a dist-upgrade, by providing two packages in an index, an older marked as installed, and a newer - apt would "upgrade" to the newer version. 2015-08-17T10:01:45Z Michael Vogt mvo@debian.org 2015-08-17T10:01:45Z urn:sha1:88a8975f156e452d9f3ebe76822b236e8962ebba 2015-08-10T15:27:59Z David Kalnischkies david@kalnischkies.de 2015-08-10T09:31:28Z urn:sha1:22df31be37d56c07ed029f5a4d5041f21070d2d6 Git-Dch: Ignore 2015-08-10T15:27:59Z David Kalnischkies david@kalnischkies.de 2015-07-20T11:34:25Z urn:sha1:cc480836c739e36dc0c741fa333248c0a8150ec7 We archieve the same without the special handling now, so drop this code. Makes supporting this abdomination a little longer bearable as well. Git-Dch: Ignore 2015-08-10T15:27:59Z David Kalnischkies david@kalnischkies.de 2015-07-20T10:32:46Z urn:sha1:7f8c0eed6983db7b8959f1498fc8bc80c98d719e Now that we can dynamically create dependencies and provides as needed rather than requiring to know with which architectures we will deal before running we can allow the listparser to parse all records rather than skipping records of "unknown" architectures. This can e.g. happen if a user has foreign architecture packages in his status file without dpkg knowing about this architecture (or apt configured in this way). A sideeffect is that now arch:all packages are (correctly) recorded as available from any Packages file, not just from the native one – which has its downsides for the resolver as mixed-arch source packages can appear in different architectures at different times, but that is the problem of the resolver and dealing with it in the parser is at best a hack (and also depends on a helpful repository). Another sideeffect is that his allows :none packages to appear in Packages files again as we don't do any kind of checks now, but given that they aren't really supported (anymore) by anyone we can live with that.