Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.3_exp2 2016-06-08T15:27:19Z 2016-06-08T15:27:19Z David Kalnischkies david@kalnischkies.de 2016-06-08T11:44:29Z urn:sha1:007d8b488787f4c33ced5937f22f99f1b759088a Most (if not all) solvers should be able to run perfectly fine without root privileges as they get the entire state they are supposed to work on via stdin and do not perform any action directly, but just pass suggestions on via stdout. The new default is to run them all as _apt hence, but each solver can configure another user if it chooses/must. The security benefits are minimal at best, but it helps preventing silly mistakes (see 35f3ed061f10a25a3fb28bc988fddbb976344c4d) and that is always good. Note that our 'apt' and 'dump' solver already dropped privileges if they had them. 2016-06-08T11:07:21Z David Kalnischkies david@kalnischkies.de 2016-06-07T15:01:33Z urn:sha1:385d9f2f23057bc5808b5e013e77ba16d1c94da4 For bugreports and co it could be handy to have the scenario and all the settings used in it around later for inspection for EDSP like protocols. EDSP might not be the most interesting as the user can still interrupt the process before the solution is applied and users tend to have an opinion on the "rightness" of a solution, so it is disabled by default. 2016-06-04T17:53:54Z David Kalnischkies david@kalnischkies.de 2016-06-04T17:53:54Z urn:sha1:71608330b9b2bd95a0481ca53cd58b584fd61e42 EDSP had a WriteSolution method to write out the entire solution based on the inspection of a given pkgDepCache, but that is rather inflexible both for EDSP itself and for other EDSP like-protocols. It seems better to use a smaller scope in printing just a single stanza based on a given version as there is more reuse potential. 2016-06-02T11:35:28Z David Kalnischkies david@kalnischkies.de 2016-06-02T09:12:39Z urn:sha1:0cfec3ab589c6309bf284438d2148c7742cdaf10 First seen on hurd, but easily reproducible on all systems by removing the 'execution' bit from the current working directory and watching some tests (mostly the no-output expecting tests) fail due to find printing: "find: Failed to restore initial working directory: …" Samuel Thibault says in the bugreport: | To do its work, find first records the $PWD, then goes to | /etc/apt/trusted.gpg.d/ to find the files, and then goes back to $PWD. | | On Linux, getting $PWD from the 700 directory happens to work by luck | (POSIX says that getcwd can return [EACCES]: Search permission was denied | for the current directory, or read or search permission was denied for a | directory above the current directory in the file hierarchy). And going | back to $PWD fails, and thus find returns 1, but at least it emitted its | output. | | On Hurd, getting $PWD from the 700 directory fails, and find thus aborts | immediately, without emitting any output, and thus no keyring is found. | | So, to summarize, the issue is that since apt-get update runs find as a | non-root user, running it from a 700 directory breaks find. Solved as suggested by changing to '/' before running find, with some paranoia extra care taking to ensure the paths we give to find are really absolute paths first (they really should, but TMPDIR=. or a similar Dir::Etc::trustedparts setting could exist somewhere in the wild). The commit takes also the opportunity to make these lines slightly less error ignoring and the two find calls using (mostly) the same parameters. Thanks: Samuel Thibault for 'finding' the culprit! Closes: 826043 2016-05-28T16:12:02Z David Kalnischkies david@kalnischkies.de 2016-05-28T11:53:09Z urn:sha1:570ec96dbf4f720d8eff694f8c4429e0b0a033b4 Broken in e7e10e47476606e3b2274cf66b1e8ea74b236757 by looking always into "apt" while we ship some tools in "apt-utils"… 2016-05-27T17:14:38Z David Kalnischkies david@kalnischkies.de 2016-05-27T16:10:39Z urn:sha1:b58e2c7c56b1416a343e81f9f80cb1f02c128e25 Setting the C++ locale via std::locale::global(std::locale("")); which would otherwise default to the default C locale (aka: unaffected by setlocale) effects the formatting of numeric types in IO streams, which for output for humans is perfectly sensible, but breaks our many text interfaces used and parsed by us and others without expecting the numbers to be formatted. Closes: #825396 2016-05-20T12:18:36Z David Kalnischkies david@kalnischkies.de 2016-05-06T14:46:51Z urn:sha1:6dcae298f972eb20223838f0e1dc376c44bc9cc3 Its more space and runtime efficient to use a boolean set instead of a CacheSet-based implementation. Git-Dch: Ignore 2016-05-20T12:18:36Z David Kalnischkies david@kalnischkies.de 2016-05-06T12:21:02Z urn:sha1:43c71fad3a51d841132ba15a7a5930e1ee4126ed This allows to differentiate properly between 'apt-get upgrade', 'apt upgrade' and 'apt full-upgrade'. 2016-05-20T12:18:36Z David Kalnischkies david@kalnischkies.de 2016-04-27T15:36:07Z urn:sha1:af859f09084b4f6163501f216ba8cc2356fb3f93 2016-05-20T12:18:36Z David Kalnischkies david@kalnischkies.de 2016-04-26T10:26:12Z urn:sha1:ef00bd7af5b2bc0625df58482eacb4c2873c3647 I doubt there is any non-src:apt usage of these interfaces.