Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.3_pre1 2016-06-29T10:17:41Z 2016-06-29T10:17:41Z David Kalnischkies david@kalnischkies.de 2016-06-29T07:16:53Z urn:sha1:8e99b22c31eb47d0422e9a69e83dc99bb315ded8 Julian noticed on IRC that I fall victim to a lovely false friend by calling referring to a 'planer' all the time even through these are machines to e.g. remove splinters from woodwork ("make stuff plane"). The term I meant is written in german in this way (= with a single n) but in english there are two, aka: 'planner'. As that is unreleased code switching all instances without any transitional provisions. Also the reason why its skipped in changelog. Thanks: Julian Andres Klode Gbp-Dch: Ignore 2016-06-27T09:57:12Z David Kalnischkies david@kalnischkies.de 2016-05-28T13:40:59Z urn:sha1:f74d99c6a78caafdc6e32d8cb135683b7154795c Testing the current implementation can benefit from being able to be feed an EIPP request and produce a fully compliant response. It is also a great test for EIPP in general. 2016-06-27T09:43:09Z David Kalnischkies david@kalnischkies.de 2016-05-14T16:07:12Z urn:sha1:7b197262212f49b3b355b1124edf2ba9adb73411 The very first step in introducing the "external installation planer protocol" (short: EIPP) as part of my GSoC2016 project. The description reads: APT-based tools like apt-get, aptitude, synaptic, … work with the user to figure out how their system should look like after they are done installing/removing packages and their dependencies. The actual installation/removal of packages is done by dpkg with the constrain that dependencies must be fulfilled at any point in time (e.g. to run maintainer scripts). Historically APT has a super micro-management approach to this task which hasn't aged that well over the years mostly ignoring changes in dpkg and growing into an unmaintainable mess hardly anyone can debug and everyone fears to touch – especially as more and more requirements are tacked onto it like handling cycles and triggers, dealing with "important" packages first, package sources on removable media, touch minimal groups to be able to interrupt the process if needed (e.g. unattended-upgrades) which not only sky-rocket complexity but also can be mutually exclusive as you e.g. can't have minimal groups and minimal trigger executions at the same time. 2016-06-23T07:02:54Z David Kalnischkies david@kalnischkies.de 2016-06-23T06:56:22Z urn:sha1:ae2a6be8a2155c136f9535abfbcc750c8c395cd2 Closes: 825216 2016-06-22T12:05:01Z David Kalnischkies david@kalnischkies.de 2016-06-20T18:50:43Z urn:sha1:d03b947b0ce4f87d7d5cc48d4d274ab3bd0b289a Weak had no dedicated option before and Insecure and Downgrade were both global options, which given the effect they all have on security is rather bad. Setting them for individual repositories only isn't great but at least slightly better and also more consistent with other settings for repositories. 2016-06-22T12:05:01Z David Kalnischkies david@kalnischkies.de 2016-06-18T07:59:08Z urn:sha1:60a0cb424e91acebc2bba0f9add220b474e432e6 If apt decides it can't download a file it is relatively pointless to try to tell dpkg-source to unpack it. 2016-06-22T12:05:01Z David Kalnischkies david@kalnischkies.de 2016-03-18T13:46:24Z urn:sha1:952ee63b0af14a534c0aca00c11d1a99be6b22b2 With this commit all APT-based clients default to refusing to work with unsigned or otherwise insufficently secured repositories. In terms of apt and apt-get this changes nothing, but it effects all tools using libapt like aptitude, synaptic or packagekit. The exception remains apt-get for stretch for now as this might break too many scripts/usecases too quickly. The documentation is updated and extended to reflect how to opt out or in on this behaviour change. Closes: 808367 2016-06-08T15:27:19Z David Kalnischkies david@kalnischkies.de 2016-06-08T11:44:29Z urn:sha1:007d8b488787f4c33ced5937f22f99f1b759088a Most (if not all) solvers should be able to run perfectly fine without root privileges as they get the entire state they are supposed to work on via stdin and do not perform any action directly, but just pass suggestions on via stdout. The new default is to run them all as _apt hence, but each solver can configure another user if it chooses/must. The security benefits are minimal at best, but it helps preventing silly mistakes (see 35f3ed061f10a25a3fb28bc988fddbb976344c4d) and that is always good. Note that our 'apt' and 'dump' solver already dropped privileges if they had them. 2016-06-08T11:07:21Z David Kalnischkies david@kalnischkies.de 2016-06-07T18:08:27Z urn:sha1:ab07af708e49c9219940ffd3e20a01c763267e03 2016-06-08T11:07:21Z David Kalnischkies david@kalnischkies.de 2016-06-07T15:01:33Z urn:sha1:385d9f2f23057bc5808b5e013e77ba16d1c94da4 For bugreports and co it could be handy to have the scenario and all the settings used in it around later for inspection for EDSP like protocols. EDSP might not be the most interesting as the user can still interrupt the process before the solution is applied and users tend to have an opinion on the "rightness" of a solution, so it is disabled by default.