Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=master 2021-02-23T18:10:29Z 2021-02-23T18:10:29Z Julian Andres Klode julian.klode@canonical.com 2021-02-23T17:23:30Z urn:sha1:f8ff3afcd42d8b2e6506bc6f44a894149bf87442 dpkg will be changed in 1.20.8 to not require --force-remove for deconfiguration anymore, but we want to decouple our changes from the dpkg ones, so let's always pass --force-remove-protected when installing packages such that we can deconfigure protected packages. Closes: #983014 2021-02-02T18:56:46Z David Kalnischkies david@kalnischkies.de 2020-12-02T14:51:09Z urn:sha1:f2c087449286812823d06d1b560fa947e438fa0d Explicitly opening a tar member is a bit harder than it needs to be as you have to remove the compressor extension so that it can be guessed here gain potentially choosing the wrong member. Doesn't really matter for deb packages of course as the member count is pretty low and strongly defined, but testing is easier this way. It also finally fixes an incorrectly formatted error message. 2021-01-27T15:17:01Z Julian Andres Klode jak@debian.org 2021-01-27T15:17:01Z urn:sha1:ce2fbbbcd5d81b4cfd60d2a277cbd9ee63d2c1e7 Include all translations when building the cache See merge request apt-team/apt!156 2021-01-27T11:48:58Z Julian Andres Klode julian.klode@canonical.com 2021-01-27T11:31:05Z urn:sha1:ccd952cc8793bc6b866f92912ef0bb51c42eb540 We do download all translations we ever downloaded, but we don't add all of those to the cache, meaning that if we run update with LANG=C, it might still download your de_DE translation, but it won't insert it into the cache, causing your de_DE user to not get translated messages. LP: #1907850 2021-01-22T15:41:12Z Youfu Zhang zhangyoufu@gmail.com 2021-01-22T09:41:22Z urn:sha1:acbe227d50178657d98a609221b1caa5b128d7bb The read-only /dev/null was duplicated to stdout and stderr, causing writes to those descriptors to fail: [pid 260] openat(AT_FDCWD, "/dev/null", O_RDONLY) = 7 [pid 260] dup2(7, 0) = 0 [pid 260] close(5) = 0 [pid 260] dup2(6, 1) = 1 [pid 260] dup2(7, 2) = 2 [pid 260] write(2, "Chrooting into ", 15) = -1 EBADF (Bad file descriptor) [pid 260] chroot("/chroot/") = 0 2021-01-08T13:48:47Z Julian Andres Klode julian.klode@canonical.com 2020-08-10T18:16:11Z urn:sha1:c5bc86d45e003905ef411146e66b414d26fb1ff8 This adds support for Phased-Update-Percentage by pinning upgrades that are not to be installed down to 1. The output of policy has been changed to add the level of phasing, and documentation has been improved to document how phased updates work. The patch detects if it is running in a chroot, and if so, always includes phased updates, restoring classic apt behavior to avoid behavioral changes on buildd chroots. Various options are added to control this all: * APT::Get::{Always,Never}-Include-Phased-Updates and their legacy update-manager equivalents to always or never include phased updates * APT::Machine-ID can be set to a UUID string to have all machines in a fleet phase the same * Dir::Etc::Machine-ID is weird in that it's default is sort of like ../machine-id, but not really, as ../machine-id would look up $PWD/../machine-id and not relative to Dir::Etc; but it allows you to override the path to machine-id (as opposed to the value) * Dir::Bin::ischroot is the path to the ischroot(1) binary which is used to detect whether we are running in a chroot. 2021-01-04T09:46:48Z Julian Andres Klode julian.klode@canonical.com 2020-12-17T12:24:56Z urn:sha1:04085f46dea9a95dd86123ac00187a63cc4ba2c0 Our kernel autoremoval helper script protects the currently booted kernel, but it only runs whenever we install or remove a kernel, causing it to protect the kernel that was booted at that point in time, which is not necessarily the same kernel as the one that is running right now. Reimplement the logic in C++ such that we can calculate it at run-time: Provide a function to produce a regular expression that matches all kernels that need protecting, and by changing the default root set function in the DepCache to make use of that expression. Note that the code groups the kernels by versions as before, and then marks all kernel packages with the same version. This optimized version inserts a virtual package $kernel into the cache when building it to avoid having to iterate over all packages in the cache to find the installed ones, significantly improving performance at a minor cost when building the cache. LP: #1615381 2020-12-18T18:31:19Z David Kalnischkies david@kalnischkies.de 2020-07-09T14:38:49Z urn:sha1:e6c55283d235aa9404395d30f2db891f36995c49 We do not deal a lot with URIs which need encoding, but then we do it is a pain that we store it decoded in the acquire system as it means we have to decode and reencode URIs eventually which is potentially giving us slightly different URIs. We see that in our own testing framework while setting up redirects as the config options are effectively double-encoded and decoded to pass them around successfully as otherwise %2f and / in an URI are treated the same. This commit adds the infrastructure for methods to opt into getting URIs send in encoded form (and returning them to us in encoded form, too) so that we eventually do not have to touch the URIs which is how it should be. This means though that we have to deal with methods who do not support this yet (aka: all at the moment) for which we decode and encode while communicating with them. 2020-12-09T16:30:43Z Julian Andres Klode julian.klode@canonical.com 2020-12-05T19:17:56Z urn:sha1:0444f9dd52c2bc7bec315f6f1ecad76a30713fa0 Like the code in arfile.cc, MemControlExtract also has buffer overflows, in code allocating memory for parsing control files. Specify an upper limit of 64 MiB for control files to both protect against the Size overflowing (we allocate Size + 2 bytes), and protect a bit against control files consisting only of zeroes. 2020-06-29T15:32:17Z Julian Andres Klode julian.klode@canonical.com 2020-06-29T15:31:06Z urn:sha1:ddd8fc3d28cd8e668868158049ced7fa3c8c71b8 This will be mapped to Important for the time being.