apt/apt-pkg/metaindex.cc, branch 2.9.0

apt/apt-pkg/metaindex.cc, branch 2.9.0 Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.9.0 2023-06-27T17:21:47Z update: Add notice about missing Signed-By in deb822 sources 2023-06-27T17:21:47Z Julian Andres Klode julian.klode@canonical.com 2023-06-27T17:14:43Z urn:sha1:aba813975abb880f8b27d659147f7760c02f99e7 We want to gently steer users towards having Signed-By for each source such that we can retire a shared keyring across sources which improves resilience against configuration issues and incompetent malicious actors. Include our config.h in all C++ files to avoid ODR violations 2022-05-07T08:45:44Z David Kalnischkies david@kalnischkies.de 2022-04-22T15:05:36Z urn:sha1:320245536a7ad21606286d9dcf54acf3bdf096c6 Some of our headers use APT_COMPILING_APT trickery to avoid exposing too broadly details we don't want external clients to know and make use of. The flip-side is that this can lead to different compilation units seeing different definitions if they aren't all using the same config. Fix various compiler warnings 2020-02-26T17:59:31Z Julian Andres Klode julian.klode@canonical.com 2020-02-26T17:26:13Z urn:sha1:d36b06d7eb300ca5cbee22b4fcedaefc80585da1 Make metaIndex::GetNotBefore virtual 2020-02-26T13:32:36Z Julian Andres Klode julian.klode@canonical.com 2020-02-26T13:32:36Z urn:sha1:43b418a68d8e64b4f0220e730ccf7441e2796ea6 metaindex: Add Origin, Label, Version, DefaultPin, ReleaseNotes members 2020-02-26T13:19:10Z Julian Andres Klode julian.klode@canonical.com 2020-02-26T13:19:10Z urn:sha1:d77c1c7db760ae21d703b8b0f129379e54918bf7 These were hidden behind the d-pointer previously. Remove various dynamic_cast uses, use virtual methods instead 2020-02-26T13:16:17Z Julian Andres Klode julian.klode@canonical.com 2020-02-26T13:15:24Z urn:sha1:d31f807a8d3f031d5efc5c3be9b76f9a9ac22d5d Adjust code for missing includes/using std::string 2019-06-12T13:02:55Z Julian Andres Klode julian.klode@canonical.com 2019-06-12T11:47:46Z urn:sha1:82b881caafa0c82b20db3900f8b76cebd8a393a4 Check that Date of Release file is not in the future 2018-02-19T15:05:01Z Julian Andres Klode julian.klode@canonical.com 2018-01-29T15:15:41Z urn:sha1:9e5899cac1a6367e3769af52a724821880e538f6 By restricting the Date field to be in the past, an attacker cannot just create a repository from the future that would be accepted as a valid update for a repository. This check can be disabled by Acquire::Check-Date set to false. This will also disable Check-Valid-Until and any future date related checking, if any - the option means: "my computers date cannot be trusted." Modify the tests to allow repositories to be up to 10 hours in the future, so we can keep using hours there to simulate time changes. Reformat and sort all includes with clang-format 2017-07-12T11:57:51Z Julian Andres Klode jak@debian.org 2017-07-12T11:40:41Z urn:sha1:87274d0f22e1dfd99b2e5200e2fe75c1b804eac3 This makes it easier to see which headers includes what. The changes were done by running git grep -l '#\s*include' \ | grep -E '.(cc|h)$' \ | xargs sed -i -E 's/(^\s*)#(\s*)include/\1#\2 include/' To modify all include lines by adding a space, and then running ./git-clang-format.sh. show a Release-Notes URI if infos were changed 2017-06-28T17:18:47Z David Kalnischkies david@kalnischkies.de 2017-05-28T11:24:33Z urn:sha1:96ebab48c25fcd1ee83729cdba4be8a6343a8766 This gives the repository owner a chance to explain why this change was needed – e.g. explaining the organisational changes or simply detailing the changes in the new release made. Note that this URI is also shown if the change is accepted, so it also draws attention to release notes of minor updates (if users watch apt output closely).