Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.7.0_alpha0 2018-02-19T15:05:01Z 2018-02-19T15:05:01Z Julian Andres Klode julian.klode@canonical.com 2018-01-29T15:15:41Z urn:sha1:9e5899cac1a6367e3769af52a724821880e538f6 By restricting the Date field to be in the past, an attacker cannot just create a repository from the future that would be accepted as a valid update for a repository. This check can be disabled by Acquire::Check-Date set to false. This will also disable Check-Valid-Until and any future date related checking, if any - the option means: "my computers date cannot be trusted." Modify the tests to allow repositories to be up to 10 hours in the future, so we can keep using hours there to simulate time changes. 2018-01-17T10:52:38Z Julian Andres Klode julian.klode@canonical.com 2018-01-16T15:53:46Z urn:sha1:698f9e3f9877be2aa181d6e40d3dc5c41ea318b7 Allow specifying an alternative path to the InRelease file, so you can have multiple versions of a repository, for example. Enabling this option disables fallback to Release and Release.gpg, so setting it to InRelease can be used to ensure that only that will be tried. We add two test cases: One for checking that it works, and another for checking that the fallback does not happen. Closes: #886745 2018-01-05T00:18:40Z David Kalnischkies david@kalnischkies.de 2018-01-04T21:57:21Z urn:sha1:df2d614900476920671779f27fcc4143d3c1b5b7 The summary line sounds a bit much: what we end up doing is just adding two more guards before using results which should always be valid™. That these values aren't valid is likely a bug in itself somewhere, but that is no reason for crashing. 2017-12-13T22:56:29Z David Kalnischkies david@kalnischkies.de 2017-10-27T16:38:47Z urn:sha1:9f572c0a6d13cc983a4f8880a3dee3a8e46604bb We have quite a bit of metadata available for the files we acquire, but the methods weren't told about it and got just the URI. That is indeed fine for most, but to avoid methods trying to parse the metadata out of the provided URIs (and fail horribly in edgecases) we can just as well be nice and tell them stuff directly. 2017-12-13T22:53:34Z David Kalnischkies david@kalnischkies.de 2017-12-13T12:26:38Z urn:sha1:957381a0d26ec11a172ebfc64f892d1b31f0c193 gcc was warning about ignored type qualifiers for all of them due to the last 'const', so dropping that and converting to static_cast in the process removes the here harmless warning to avoid hidden real issues in them later on. Reported-By: gcc Gbp-Dch: Ignore 2017-12-13T22:53:26Z David Kalnischkies david@kalnischkies.de 2017-12-13T11:51:26Z urn:sha1:5d5ca1aac76448cdfd16972090d246c44671dce6 gcc has problems understanding this construct and additionally thinks it would produce multiple lines and stuff, so to keep using it isn't really worth it for the few instances we have: We can just write the long form there which works better. Reported-By: gcc Gbp-Dch: Ignore 2017-12-13T22:53:10Z David Kalnischkies david@kalnischkies.de 2017-12-13T11:20:10Z urn:sha1:594ee572949bee6abb36d956af1b9c8a7d100803 Mostly harmless as it just means that apt thinks that the dpkg commandline it is building is slightly longer than it actually is and we have various ways of avoiding generating very long lines nowadays, but calculating the right value can't hurt. Reported-By: gcc -Wmultistatement-macros 2017-09-26T20:23:05Z David Kalnischkies david@kalnischkies.de 2017-09-26T20:23:05Z urn:sha1:d006da196dd4289ab3667817d218e6c6ac7bdb6b Using hardcoded array-indexes in the build-dependency parsing is efficient, but less discoverable and easier to break. We can avoid this by making it even more efficient (not that it would be noticeable) allowing us to do explicitly named comparisons instead. Gbp-Dch: Ignore 2017-09-26T17:45:12Z David Kalnischkies david@kalnischkies.de 2017-09-26T17:45:12Z urn:sha1:7ea3c67f96e3bc82f86afe72d6c61308c92de515 APT used to parse only wellformed files produced by repository creation tools which removed empty files as pointless before apt would see them. Now that apt can be told to parse e.g. debian/control files directly, it needs to be a little more accepting through: We had this with comments already, now let it deal with the far more trivial empty fields. Closes: #875363 2017-09-13T17:16:06Z Julian Andres Klode jak@debian.org 2017-09-13T17:16:06Z urn:sha1:e9db5ba7c7631d51359967afb1d563da7637be11 In commit Do not warn about duplicate "legacy" targets, we we added an if, that changed the .po files...