Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.6_beta1 2018-02-19T15:06:06Z 2018-02-19T15:06:06Z Julian Andres Klode jak@debian.org 2018-02-19T15:06:06Z urn:sha1:928ecff984be22632c27a69e072741e74491292c Check that Date of Release file is not in the future See merge request apt-team/apt!3 2018-02-19T15:05:01Z Julian Andres Klode julian.klode@canonical.com 2018-01-29T15:15:41Z urn:sha1:9e5899cac1a6367e3769af52a724821880e538f6 By restricting the Date field to be in the past, an attacker cannot just create a repository from the future that would be accepted as a valid update for a repository. This check can be disabled by Acquire::Check-Date set to false. This will also disable Check-Valid-Until and any future date related checking, if any - the option means: "my computers date cannot be trusted." Modify the tests to allow repositories to be up to 10 hours in the future, so we can keep using hours there to simulate time changes. 2018-02-19T14:56:09Z David Kalnischkies david@kalnischkies.de 2018-02-02T18:14:09Z urn:sha1:b3e7a16265e7c6c3b6892b9ec8a787d692ced6e6 The interesting takeaway here is perhaps that 'chmod +w' is effected by the umask – obvious in hindsight of course. The usual setup helps with hiding that applying that recursively on all directories (and files) isn't correct. Ensuring files will not be stored with the wrong permissions even if in strange umask contexts is trivial in comparison. Fixing the test also highlighted that it wasn't bulletproof as apt will automatically fix the permissions of the directories it works with, so for this test we actually need to introduce a shortcut in the code. Reported-By: Ubuntu autopkgtest CI 2018-02-19T10:33:43Z Julian Andres Klode julian.klode@canonical.com 2018-02-19T10:33:43Z urn:sha1:ceb2cea0b4ddddf44bbf4bbe5ce495ade375b0cf This was broken by a refactoring in 1adcf56bec7d2127d83aa423916639740fe8e586 which iterated over getCompressorExtensions() instead of the compressors and using their extension field. getCompressorExtensions() does not contain the empty extension for uncompressed files, though, and hence this was broken. LP: #1746807 2018-01-19T20:55:39Z David Kalnischkies david@kalnischkies.de 2018-01-19T01:20:40Z urn:sha1:38d444af2632219ab399dabadaaefaa4dcdd6ebf apt 1.6~alpha6 introduced aux requests to revamp the implementation of a-t-mirror. This already included the potential of running as non-root, but the detection wasn't complete resulting in errors or could produce spurious warnings along the way if the directory didn't exist yet. References: ef9677831f62a1554a888ebc7b162517d7881116 Closes: 887624 2018-01-17T10:52:38Z Julian Andres Klode julian.klode@canonical.com 2018-01-16T15:53:46Z urn:sha1:698f9e3f9877be2aa181d6e40d3dc5c41ea318b7 Allow specifying an alternative path to the InRelease file, so you can have multiple versions of a repository, for example. Enabling this option disables fallback to Release and Release.gpg, so setting it to InRelease can be used to ensure that only that will be tried. We add two test cases: One for checking that it works, and another for checking that the fallback does not happen. Closes: #886745 2018-01-05T00:18:40Z David Kalnischkies david@kalnischkies.de 2018-01-04T21:57:21Z urn:sha1:df2d614900476920671779f27fcc4143d3c1b5b7 The summary line sounds a bit much: what we end up doing is just adding two more guards before using results which should always be valid™. That these values aren't valid is likely a bug in itself somewhere, but that is no reason for crashing. 2018-01-03T23:15:37Z David Kalnischkies david@kalnischkies.de 2018-01-03T22:55:33Z urn:sha1:4ba38b9f2611c04a0e23b84a365253e65cad2969 The appended "partial" should not be translated, but some translations got this wrong and now that there is also "auxfiles" we can just fix that problem by hiding these untranslatables from the translators. Gbp-Dch: Ignore 2018-01-03T18:42:45Z David Kalnischkies david@kalnischkies.de 2017-10-27T22:01:27Z urn:sha1:04ab37fecaf286f724bef2e0969d2b67ab5ac1b1 Allowing a method to request work from other methods is a powerful capability which could be misused or exploited, so to slightly limited the surface let method opt-in into this capability on startup. 2018-01-03T17:55:41Z David Kalnischkies david@kalnischkies.de 2017-10-27T16:39:36Z urn:sha1:57fa854e4cdb060e87ca265abd5a83364f9fa681 Embedding an entire acquire stack and HTTP logic in the mirror method made it rather heavy weight and fragile. This reimplement goes the other way by doing only the bare minimum in the method itself and instead redirect the actual download of files to their proper methods. The reimplementation drops the (in the real world) unused query-string feature as it isn't really implementable in the new architecture.