apt/apt-pkg, branch 1.6_alpha7Debians commandline package managerhttps://git.kalnischkies.de/apt/atom?h=1.6_alpha72018-01-17T10:52:38ZIntroduce inrelease-path option for sources.list2018-01-17T10:52:38ZJulian Andres Klodejulian.klode@canonical.com2018-01-16T15:53:46Zurn:sha1:698f9e3f9877be2aa181d6e40d3dc5c41ea318b7
Allow specifying an alternative path to the InRelease file, so
you can have multiple versions of a repository, for example.
Enabling this option disables fallback to Release and Release.gpg,
so setting it to InRelease can be used to ensure that only that
will be tried.
We add two test cases: One for checking that it works, and another
for checking that the fallback does not happen.
Closes: #886745
dpkg status parsing: check if name is valid before use2018-01-05T00:18:40ZDavid Kalnischkiesdavid@kalnischkies.de2018-01-04T21:57:21Zurn:sha1:df2d614900476920671779f27fcc4143d3c1b5b7
The summary line sounds a bit much: what we end up doing is just adding
two more guards before using results which should always be valid™.
That these values aren't valid is likely a bug in itself somewhere, but
that is no reason for crashing.
simplify translating "lists directory missing" msg2018-01-03T23:15:37ZDavid Kalnischkiesdavid@kalnischkies.de2018-01-03T22:55:33Zurn:sha1:4ba38b9f2611c04a0e23b84a365253e65cad2969
The appended "partial" should not be translated, but some translations
got this wrong and now that there is also "auxfiles" we can just fix
that problem by hiding these untranslatables from the translators.
Gbp-Dch: Ignore
require methods to request AuxRequest capability at startup2018-01-03T18:42:45ZDavid Kalnischkiesdavid@kalnischkies.de2017-10-27T22:01:27Zurn:sha1:04ab37fecaf286f724bef2e0969d2b67ab5ac1b1
Allowing a method to request work from other methods is a powerful
capability which could be misused or exploited, so to slightly limited
the surface let method opt-in into this capability on startup.
reimplement and simplify mirror:// method2018-01-03T17:55:41ZDavid Kalnischkiesdavid@kalnischkies.de2017-10-27T16:39:36Zurn:sha1:57fa854e4cdb060e87ca265abd5a83364f9fa681
Embedding an entire acquire stack and HTTP logic in the mirror method
made it rather heavy weight and fragile. This reimplement goes the other
way by doing only the bare minimum in the method itself and instead
redirect the actual download of files to their proper methods.
The reimplementation drops the (in the real world) unused query-string
feature as it isn't really implementable in the new architecture.
allow a method to request auxiliary files2018-01-03T17:55:41ZDavid Kalnischkiesdavid@kalnischkies.de2017-08-12T14:21:13Zurn:sha1:ef9677831f62a1554a888ebc7b162517d7881116
If a method needs a file to operate like e.g. mirror needs to get a list
of mirrors before it can redirect the the actual requests to them. That
could easily be solved by moving the logic into libapt directly, but by
allowing a method to request other methods to do something we can keep
this logic contained in the method and allow e.g. also methods which
perform binary patching or similar things.
Previously they would need to implement their own acquire system inside
the existing one which in all likelyhood will not support the same
features and methods nor operate with similar security compared to what
we have already running 'above' the requesting method. That said, to
avoid methods producing conflicts with "proper" files we are downloading
a new directory is introduced to keep the auxiliary files in.
[The message magic number 351 is a tribute to the german Grundgesetz
article 35 paragraph 1 which defines that all authorities of the
state(s) help each other on request.]
refactor message generation for methods2018-01-03T17:55:41ZDavid Kalnischkiesdavid@kalnischkies.de2017-08-09T21:26:19Zurn:sha1:02567e3084d2faec92e8bf248e89fda6452e634b
The format isn't too hard to get right, but it gets funny with multiline
fields (which we don't really have yet) and its just easier to deal with
it once and for all which can be reused for more messages later.
Support cleartext signed InRelease files with CRLF line endings2018-01-02T22:39:30ZDavid Kalnischkiesdavid@kalnischkies.de2018-01-02T14:14:58Zurn:sha1:dcc0759fea4bf65d5477678e287880927d2cc9be
Commit 89c4c588b275 ("fix from David Kalnischkies for the InRelease gpg
verification code (LP: #784473)") amended verification of cleartext
signatures by a check whether the file to be verified actually starts
with "-----BEGIN PGP SIGNATURE-----\n".
However cleartext signed InRelease files have been found in the wild
which use \r\n as line ending for this armor header line, presumably
generated by a Windows PGP client. Such files are incorrectly deemed
unsigned and result in the following (misleading) error:
Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
RFC 4880 specifies in 6.2 Forming ASCII Armor:
That is to say, there is always a line ending preceding the
starting five dashes, and following the ending five dashes. The
header lines, therefore, MUST start at the beginning of a line, and
MUST NOT have text other than whitespace following them on the same
line.
RFC 4880 does not seem to specify whether LF or CRLF is used as line
ending for armor headers, but CR is generally considered whitespace
(e.g. "man perlrecharclass"), hence using CRLF is legal even under
the assumption that LF must be used.
SplitClearSignedFile() is stripping whitespace (including CR) on lineend
already before matching the string, so StartsWithGPGClearTextSignature() is
adapted to use the same ignoring. As the earlier method is responsible
for what apt will end up actually parsing nowadays as signed/unsigned this
change has no implications for security.
Thanks: Lukas Wunner for detailed report & initial patch!
References: 89c4c588b275d098af33f36eeddea6fd75068342
Closes: 884922
do not remap current files if nullptrs in cache generation2017-12-24T09:31:29ZDavid Kalnischkiesdavid@kalnischkies.de2017-12-24T09:31:29Zurn:sha1:5ba048a475cfd728906875327ddceed4614a1c9d
If the cache needs to grow to make room to insert volatile files like
deb files into the cache we were remapping null-pointers making them
non-null-pointers in the process causing trouble later on.
Only the current Releasefile pointer can currently legally be a
nullpointer as volatile files have no release file they belong to, but
for safety the pointer to the current Packages file is equally guarded.
The option APT::Cache-Start can be used to workaround this problem.
Reported-By: Mattia Rizzolo on IRC
remove pointless APT_PURE from void functions2017-12-14T20:55:34ZDavid Kalnischkiesdavid@kalnischkies.de2017-12-14T20:44:40Zurn:sha1:a6c7b262212d56a4ad37e6475f96152296ab1d0c
Earlier gcc versions used to complain that you should add them althrough
there isn't a lot of point to it if you think about it, but now gcc (>= 8)
complains about the attribute being present.
warning: ‘pure’ attribute on function returning ‘void’ [-Wattributes]
Reported-By: gcc -Wattributes
Gbp-Dch: Ignore