Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.1_exp14 2015-09-14T13:22:19Z 2015-09-14T13:22:19Z David Kalnischkies david@kalnischkies.de 2015-09-13T20:16:32Z urn:sha1:fecfbf2e4cbb71d20364306baf6aa7886c5f3ecd Filenames we get could include spaces, but also the tmpdir we work in and the failures we print in return a very generic and unhelpful… Properly supporting spaces is a bit painful as we constructed gpg command before, which is now moved to (multilevel) calls to temporary scripts instead. 2015-09-14T13:22:19Z David Kalnischkies david@kalnischkies.de 2015-09-12T08:35:49Z urn:sha1:7414af7fa88164209eec9c585b8d175c1618ecbc And of course, testing obscure things ends up showing obscure 'bugs' or better shortcomings/inconsitencies, so lets fix them with the tests. Git-Dch: Ignore 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-12T08:15:52Z urn:sha1:7c4f1ca5fe315a8223570b05994d6d7ca7c55c4f A bit unfair that only Bzr had this message. Lets at least print it for git as well with the option of adding more later without string changes. 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-10T16:46:05Z urn:sha1:7f58427b9584686f80cd5eccfdd02c1ace75518a Git-Dch: Ignore 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-07T17:32:31Z urn:sha1:92b2e38dd1334d7f7a30358124c4fad766ca4666 As said in the bugreport, this is hardly a serious problem on a security front, but it was always on the list to have the filename configurable somehow and the stable filename is a problem for parallel executions. Using an environment variable (APT_EDSP_DUMP_FILENAME) for this is more or less the best we can do here as solvers do not get told about our configuration and such. Closes: 795600 2015-09-14T13:22:18Z David Kalnischkies david@kalnischkies.de 2015-09-06T11:32:07Z urn:sha1:3addaba1ff6fe27cc96af5c2d345ee039c2bffec How the Multi-Arch field and pkg:<arch> dependencies interact was discussed at DebConf15 in the "MultiArch BoF". dpkg and apt (among other tools like dose) had a different interpretation in certain scenarios which we resolved by agreeing on dpkg view – and this commit realizes this agreement in code. As was the case so far libapt sticks to the idea of trying to hide MultiArch as much as possible from individual frontends and instead translates it to good old SingleArch. There are certainly situations which can be improved in frontends if they know that MultiArch is upon them, but these are improvements – not necessary changes needed to unbreak a frontend. The implementation idea is simple: If we parse a dependency on foo:amd64 the dependency is formed on a package 'foo:amd64' of arch 'any'. This package is provided by package 'foo' of arch 'amd64', but not by 'foo' of arch 'i386'. Both of those foo packages provide each other through (assuming foo is M-A:foreign) to allow a dependency on 'foo' to be satisfied by either foo of amd64 or i386. Packages can also declare to provide 'foo:amd64' which is translated to providing 'foo:amd64:any' as well. This indirection over provides was chosen as the alternative would be to teach dependency resolvers how to deal with architecture specific dependencies – which violates the design idea of avoiding resolver changes, especially as architecture-specific dependencies are a cornercase with quite a few subtil rules. Handling it all over versioned provides as we already did for M-A in general seems much simpler as it just works for them. This switch to :any has actually a "surprising" benefit as well: Even frontends showing a package name via .Name() [which doesn't show the architecture] will display the "architecture" for dependencies in which it was explicitely requested, while we will not show the 'strange' :any arch in FullName(true) [= pretty-print] either. Before you had to specialcase these and by default you wouldn't get these details shown. The only identifiable disadvantage is that this complicates error reporting and handling. apt-get's ShowBroken has existing problems with virtual packages [it just shows the name without any reason], so that has to be worked on eventually. The other case is that detecting if a package is completely unknown or if it was at least referenced somewhere needs to acount for this "split" – not that it makes a practical difference which error is shown… but its one of the improvements possible. 2015-09-01T17:01:45Z David Kalnischkies david@kalnischkies.de 2015-09-01T16:32:22Z urn:sha1:76abe9a5aad69eb7e67295588c6825cdae0341af Initializing a random number generator with the time since epoch could be good enough, but reaches its limits in test code as the 100 iterations might very well happen in the same second and hence the seed number is always the same… clock() has a way lower resolution so it changes more often and not unimportant: If many users start the update at the same time it isn't to unlikely the SRV record will be ordered in the same second choosing the same for them all, but it seems less likely that the exact same clock() time has passed for them. And if I have to touch this, lets change a few other things as well to make me and/or compilers a bit happier (clang complained about the usage of a GNU extension in the testcase for example). 2015-08-31T09:00:12Z David Kalnischkies david@kalnischkies.de 2015-08-31T09:00:12Z urn:sha1:7c8206bf26b8ef6020b543bbc027305dee8f2308 We had a very similar method previously for our own private usage, but with some generalisation we can move this check into the acquire system proper so that all frontends profit from this compatibility change. As we are disabling a security feature here a warning is issued and frontends are advised to consider reworking their download logic if possible. Note that this is implemented as an all or nothing situation: We can't just (not) drop privileges for a subset of the files in a fetcher, so in case you have to download some files with and some without you need to use two fetchers. 2015-08-29T16:59:40Z David Kalnischkies david@kalnischkies.de 2015-08-29T11:50:22Z urn:sha1:9adb9778d11db138d645e037e092db1fb64b5d4a Some targets like Contents-udeb are special-needs targets. Shipping the configuration snippet for them is okay, but they shouldn't be downloaded by default. Forcing the user to enable targets by uncommenting targets is wrong and this would still not really solve the problem completely as even if you want to download some -udebs it will probably not be for all sources you have enabled, so having the possibility of disabling a target by default, but giving the user the option to enable it on a per-source entry basis is better. 2015-08-28T17:26:44Z David Kalnischkies david@kalnischkies.de 2015-08-28T17:26:44Z urn:sha1:d7a51997c30b2098bb60b3397095ec58ec825303 Some additional files like 'Contents' are very big and should therefore kept compressed on the disk, which apt-file did in the past. It also implemented pdiff patching of these files by un- and recompressing these files on-the-fly, with this commit we can do the same – but we can do this in both pdiff patching styles (client and server merging) and secured by hashes. Hashes are in so far slightly complicated as we can't compare the hashes of the compressed files as we might compress them differently than the server would (different compressor versions, options, …), so we must compare the hashes of the uncompressed content. While this commit has changes in public headers, the classes it changes are marked as hidden, so nobody can use them directly, which means the ABI break is internal only.