Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.5_rc1 2017-08-24T14:56:52Z 2017-08-24T14:56:52Z Julian Andres Klode jak@debian.org 2017-08-24T14:55:15Z urn:sha1:0e4ac8334d02ea256f750ad61689f28ff1ebdf6c As a follow up to the last commit, let's replace APT_CONST with APT_PURE everywhere to clean stuff up. 2017-08-24T14:56:48Z Julian Andres Klode jak@debian.org 2017-08-24T14:50:12Z urn:sha1:03590fb98226bfdf3147eb78effc3fa7987709bb Functions marked with the const attribute may not inspect any global memory. This includes targets of pointers or references passed as arguments. A pure function however is free to inspect memory, but may not have any side effects. The function StringSplit() was marked as const, but took two references to strings. When the second one was passed as a literal as in StringSplit(name, "::") the compiler cleverly figured out that we only inspect the address of "::" (since StringSplit is const) and thus optimized away the "::" content. While patching out individual broken uses of APT_CONST would be possible, this is already the second case, and there might be more, so let's redefine APT_CONST to use the pure attribute, so we don't end up with the same situation again in some time. 2017-08-04T12:33:34Z David Kalnischkies david@kalnischkies.de 2017-08-04T10:51:34Z urn:sha1:e250a8d8d8ef2f8f8c5e2041f7645c49fba7aa36 APT clients always noticed if a method isn't supported and nowadays generate a message of the form: E: The method driver …/foobar could not be found. N: Is the package apt-transport-foobar installed? This only worked if a single source was using such an unavailable method through as we were registering the failed config the first round and the second would try to send requests to the not started method, which wouldn't work and hang instead (+ hiding the error messages as they would be shown only at the end of the execution). Closes: 870675 2017-08-04T11:06:10Z David Kalnischkies david@kalnischkies.de 2017-07-31T20:47:58Z urn:sha1:898d53aca8fb26f3861d0efa4d5bef8adb620a7c Regression-Of: 3317ad864c997f4897756c0a2989c4199e9cda62 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-07T20:21:44Z urn:sha1:881ec045b6660e2fe0c6953720260e380ceeeb99 Opening the file before we drop privileges in the methods allows us to avoid chowning in the acquire main process which can apply to the wrong file (imagine Binary scoped settings) and surprises users as their permission setup is overridden. There are no security benefits as the file is open, so an evil method could as before read the contents of the file, but it isn't worse than before and we avoid permission problems in this setup. 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-07T14:24:21Z urn:sha1:ea408c560ed85bb4ef7cf8f72f8463653501332c We have support for an netrc-like auth.conf file since 0.7.25 (closing 518473), but it was never documented in apt that it even exists and netrc seems to have fallen out of usage as a manpage for it no longer exists making the feature even more arcane. On top of that the code was a bit of a mess (as it is written in c-style) and as a result the matching of machine tokens to URIs also a bit strange by checking for less specific matches (= without path) first. We now do a single pass over the stanzas. In practice early adopters of the undocumented implementation will not really notice the differences and the 'new' behaviour is simpler to document and more usual for an apt user. Closes: #811181 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-15T13:08:35Z urn:sha1:51751106976b1c6afa8f7991790db87b239fcc84 We used to fail on unreadable config/preferences/sources files, but at least for sources we didn't in the past and it seems harsh to refuse to work because of a single file, especially as the error messages are inconsistent and end up being silly (like suggesting to run apt update to fix the problem…). LP: #1701852 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-15T12:12:50Z urn:sha1:3317ad864c997f4897756c0a2989c4199e9cda62 Using different ways of opening files means we have different behaviour and error messages for them, so by the same for all we can have more uniformity for users and apt developers alike. 2017-07-26T17:07:56Z David Kalnischkies david@kalnischkies.de 2017-07-24T11:04:58Z urn:sha1:85f4a655cdc4d16c1b95de6fad7f3cd955265e46 Weak hashes like filesize can be used by methods for basic checks and early refusals even if we can't use them for hard security proposes. Normal apt operations are not affected by this as they fail if no strong hash is available, but if apt is forced to work with weak-only files or e.g. in apt-helper context it can have benefits as weak is better than no hash for the methods. 2017-07-26T17:07:55Z David Kalnischkies david@kalnischkies.de 2017-07-23T23:15:55Z urn:sha1:8df85a4fb91bed6c79a3cb9c2000881cc5b42ea7 The comment says this is intended, but looking at the history reveals that the comment comes from a different era. Nowadays we don't really need it anymore (and even back then it was disputeable) as we haven't used that file for our update in the end and nothing really needs this file after the update. Triggered is this by 188f297a2af4c15cb1d502360d1e478644b5b810 which moves various error conditions forward including this code expecting the file to exist – but it doesn't need to as download could have failed. We could fix that by simple checking if the file exists and only stage it if it does, but instead we don't stage it and instead even rename it out of the way with our conventional FAILED name (if it exists). That restores support for partial mirrors (= in this case mirrors which don't ship pdiff files). Note that apt heals itself even if only such a mirror is used as the update is successful even if that error is shown. Closes: 869425