Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.3_exp3 2016-06-22T12:05:01Z 2016-06-22T12:05:01Z David Kalnischkies david@kalnischkies.de 2016-06-20T18:50:43Z urn:sha1:d03b947b0ce4f87d7d5cc48d4d274ab3bd0b289a Weak had no dedicated option before and Insecure and Downgrade were both global options, which given the effect they all have on security is rather bad. Setting them for individual repositories only isn't great but at least slightly better and also more consistent with other settings for repositories. 2016-06-22T12:05:01Z David Kalnischkies david@kalnischkies.de 2016-06-18T14:27:04Z urn:sha1:5da51e0e2da3f055306562d38103b06a23d81719 Filesize is a silly hash all by itself, but in combination with others it can be a strong opponent, so ensuring that it is in the list of hashes and hence checked by the normal course of action the acquire process takes is a good thing. 2016-06-22T12:05:01Z David Kalnischkies david@kalnischkies.de 2016-03-17T15:36:14Z urn:sha1:ab94dcece2465f824bea80fc9158bf9a028b2e87 APT can be forced to deal with repositories which have no security features whatsoever, so just giving up on repositories which "just" fail our current criteria of good security features is the wrong incentive. Of course, repositories are better of fixing their setup to provide the minimum of security features, but sometimes this isn't possible: Historic repositories for example which do not change (anymore). That also fixes problem with repositories which are marked as trusted, but are providing only weak security features which would fail the parsing of the Release file. Closes: 827364 2016-06-17T16:09:15Z David Kalnischkies david@kalnischkies.de 2016-06-17T11:27:34Z urn:sha1:b90faf2486b977aef0183e38a7f9c535a8a61a34 Merging by URI means that having sources lines with different URI methods results in 'strange' warning and error messages, which aren't very friendly from a user point of view as not encoding the method in the filename is effectivly an implementation detail. Merging by filename removes these messages and makes everything "work" even if it isn't working the way it is configured as the indexes aren't acquired over the method given, but over the first method for this release file (which argueably is an implementation detail stemming from the filename encoding, too). So either direction isn't perfectly "right", but personally I prefer "magic" over strange error messages (and doing a full-circle detection of this with its own messages which would need to be translated feels like way too much effort for dubious gain). Closes: 826944 2016-06-14T12:32:14Z David Kalnischkies david@kalnischkies.de 2016-06-14T12:32:14Z urn:sha1:90f2a7a0f66cfc259883490a5fcf40f7d0696cfe We usually use absolute paths to specific the location of dpkg, apt-key and the like, but there is nothing wrong with using just the command name and instead let exec(3) make the lookup in PATH. We had a wild mixture before, so opting for the more accepting option out of the two seems about right especially as it makes no difference in the default case as apt uses absolute paths. 2016-06-10T08:49:41Z David Kalnischkies david@kalnischkies.de 2016-06-09T21:18:10Z urn:sha1:7977ed047f967b3e4b4091181acce3eaf7bd8176 Not a big deal to leak fds in debugging mode, but for completeness. Git-Dch: Ignore 2016-06-09T10:23:59Z David Kalnischkies david@kalnischkies.de 2016-06-09T10:23:59Z urn:sha1:554bc997e4f619c72f883fd68cc896df96de58e5 The comment says it should have been removed with Lenny+1 which is a small while ago already, so it seems like a good time now… And as this is a cleanup commit it also gets right of spurious whitespace at the end of lines, adds missing fold markers and similar busy work. Git-Dch: Ignore 2016-06-08T20:40:53Z David Kalnischkies david@kalnischkies.de 2016-06-08T20:40:53Z urn:sha1:c92ece1a7309d762bcf424f4ab0f1427d520d207 We had an old FIXME saying that it is probably pointless to do this if we limit by length of the commandline already and I completely agree. The splitting is bad enough if it must be done, so we should only do it if we have to (as in absolute length of commandline) and, but that is just a remark, it is unlikely that we ever have/had a call triggering this as the default value was ~32000 items… 2016-06-08T15:31:45Z David Kalnischkies david@kalnischkies.de 2016-06-08T15:31:45Z urn:sha1:b4450f1dd6bca537e60406b2383ab154a3e1485f We end our operation by calling "dpkg --configure -a", so instead of running a (big) configure run with all packages mentioned explicitly before this, we simply skip them and let them be handled by this call implicitly. There isn't really an observeable gain to be had here from a speed point, but it helps in avoiding an (uncommon) problem of having a too long commandline passed to dpkg, which we would split up (probably incorrectly). 2016-05-27T17:14:38Z David Kalnischkies david@kalnischkies.de 2016-05-27T16:10:39Z urn:sha1:b58e2c7c56b1416a343e81f9f80cb1f02c128e25 Setting the C++ locale via std::locale::global(std::locale("")); which would otherwise default to the default C locale (aka: unaffected by setlocale) effects the formatting of numeric types in IO streams, which for output for humans is perfectly sensible, but breaks our many text interfaces used and parsed by us and others without expecting the numbers to be formatted. Closes: #825396