Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.3_rc2 2016-06-08T15:27:19Z 2016-06-08T15:27:19Z David Kalnischkies david@kalnischkies.de 2016-06-08T11:44:29Z urn:sha1:007d8b488787f4c33ced5937f22f99f1b759088a Most (if not all) solvers should be able to run perfectly fine without root privileges as they get the entire state they are supposed to work on via stdin and do not perform any action directly, but just pass suggestions on via stdout. The new default is to run them all as _apt hence, but each solver can configure another user if it chooses/must. The security benefits are minimal at best, but it helps preventing silly mistakes (see 35f3ed061f10a25a3fb28bc988fddbb976344c4d) and that is always good. Note that our 'apt' and 'dump' solver already dropped privileges if they had them. 2016-06-08T11:07:21Z David Kalnischkies david@kalnischkies.de 2016-06-07T15:01:33Z urn:sha1:385d9f2f23057bc5808b5e013e77ba16d1c94da4 For bugreports and co it could be handy to have the scenario and all the settings used in it around later for inspection for EDSP like protocols. EDSP might not be the most interesting as the user can still interrupt the process before the solution is applied and users tend to have an opinion on the "rightness" of a solution, so it is disabled by default. 2016-05-20T12:18:36Z David Kalnischkies david@kalnischkies.de 2016-04-27T15:36:07Z urn:sha1:af859f09084b4f6163501f216ba8cc2356fb3f93 2016-05-20T12:18:36Z David Kalnischkies david@kalnischkies.de 2016-04-26T10:26:12Z urn:sha1:ef00bd7af5b2bc0625df58482eacb4c2873c3647 I doubt there is any non-src:apt usage of these interfaces. 2015-11-04T17:42:28Z David Kalnischkies david@kalnischkies.de 2015-11-02T17:49:52Z urn:sha1:ce1f3a2c616b86da657c1c796efa5f4d18c30c39 Unlinking /dev/null is bad, we shouldn't do that. Also, we should print at least a warning if we tried to unlink a file but didn't manage to pull it of (ignoring the case were the file is /dev/null or doesn't exist in the first place). This got triggered by a relatively unlikely to cause problem in pkgAcquire::Worker::PrepareFiles which would while temporary uncompressed files (which are set to keep compressed) figure out that to files are the same and prepare for sharing by deleting them. Bad move. That also shows why not printing a warning is a bad idea as this hide the error for in non-root test runs. Git-Dch: Ignore 2015-09-14T13:22:19Z David Kalnischkies david@kalnischkies.de 2015-09-12T08:35:49Z urn:sha1:7414af7fa88164209eec9c585b8d175c1618ecbc And of course, testing obscure things ends up showing obscure 'bugs' or better shortcomings/inconsitencies, so lets fix them with the tests. Git-Dch: Ignore 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-07T17:32:31Z urn:sha1:92b2e38dd1334d7f7a30358124c4fad766ca4666 As said in the bugreport, this is hardly a serious problem on a security front, but it was always on the list to have the filename configurable somehow and the stable filename is a problem for parallel executions. Using an environment variable (APT_EDSP_DUMP_FILENAME) for this is more or less the best we can do here as solvers do not get told about our configuration and such. Closes: 795600 2015-03-16T17:02:08Z Jérémy Bobbio lunar@debian.org 2015-03-10T09:09:44Z urn:sha1:249aec3b7397662a678ea0014f94392085477b09 As part of the “reproducible builds” effort [1], we have noticed that apt could not be built reproducibly. One issue is that it uses the __DATE__ and __TIME__ macros of the C preprocessor to display the time of build in the online help. We believe this information not to be really useful to users as they can always look at the package data and metadata to figure it out. The attached patch simply removes this information. All non-documentation packages can then be built reproducibly with our current experimental framework. [David: changed the string slightly to be untranslateable as well] Closes: 774342 2014-10-07T11:30:27Z Michael Vogt mvo@ubuntu.com 2014-10-07T11:30:27Z urn:sha1:373fa2b4b2caae977c41b2c10ea27e41308a05c3 Git-Dch: ignore 2014-06-11T13:31:38Z Michael Vogt mvo@debian.org 2014-06-11T13:31:38Z urn:sha1:fc1a78d8e9b958f3d65fe1c03494d785314f9816