<feed xmlns='http://www.w3.org/2005/Atom'>
<title>apt/debian/control, branch main</title>
<subtitle>Debians commandline package manager</subtitle>
<id>https://git.kalnischkies.de/apt/atom?h=main</id>
<link rel='self' href='https://git.kalnischkies.de/apt/atom?h=main'/>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/'/>
<updated>2026-05-01T16:37:50Z</updated>
<entry>
<title>Require sqv for builds on supported archs and !pkg.apt.nosqv</title>
<updated>2026-05-01T16:37:50Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>jak@debian.org</email>
</author>
<published>2026-05-01T16:04:24Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=cf290d14c6f5c3d87e649bfc8c20b82521103e8c'/>
<id>urn:sha1:cf290d14c6f5c3d87e649bfc8c20b82521103e8c</id>
<content type='text'>
This forces dependency solvers to install sqv, avoiding builds with
gpgv instead (which we did intentionally before to hack Ubuntu buildd
setup).
</content>
</entry>
<entry>
<title>sqv: Warn about signatures that will be rejected by policy within a year</title>
<updated>2025-04-25T21:07:07Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>julian.klode@canonical.com</email>
</author>
<published>2025-04-25T18:53:45Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=85c435f23718e168345ea60270b24a57061b54f4'/>
<id>urn:sha1:85c435f23718e168345ea60270b24a57061b54f4</id>
<content type='text'>
This implements a simple check where we first run `sqv` with
`--policy-as-of` 1 year in the future. If the file is validly
signed one year in the future, it is validly signed now.

If the file is not validly signed 1 year in the future, we check
if it is validly signed now, and otherwise print an error message.

The --policy-as-of feature was added in sqv 1.3.0, hence we add a
version requirement to the dependency.
</content>
</entry>
<entry>
<title>Bump ABI to 7.0</title>
<updated>2025-02-14T18:45:12Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>julian.klode@canonical.com</email>
</author>
<published>2025-01-05T18:21:18Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=2713f0fb7d2bd6efe54ccd90c422bd2262ac8b16'/>
<id>urn:sha1:2713f0fb7d2bd6efe54ccd90c422bd2262ac8b16</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Remove leftovers from ftp and rsh/ssh methods removal</title>
<updated>2025-01-05T22:16:09Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2025-01-05T17:16:54Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=213486fc1b9fc0675a35b5c530447b401f9410ff'/>
<id>urn:sha1:213486fc1b9fc0675a35b5c530447b401f9410ff</id>
<content type='text'>
References: fd3684cdbc165ceaa635ed19fcbd231f509b0179
</content>
</entry>
<entry>
<title>Move apt-extractexamples desc line from apt-utils to apt</title>
<updated>2025-01-05T22:16:09Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2025-01-05T13:39:40Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=889cb31fc79be9b06a08a82063eef0102cf30543'/>
<id>urn:sha1:889cb31fc79be9b06a08a82063eef0102cf30543</id>
<content type='text'>
References: f4e0e9daf221e840e122b0ffa97007aa512020a6
Closes: #1091344
</content>
</entry>
<entry>
<title>Remove leftovers of the apt-key removal</title>
<updated>2025-01-05T22:16:09Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2024-12-27T02:16:56Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=25cd3ded69a79c2a7eb3d858e041f1509f5f5ed8'/>
<id>urn:sha1:25cd3ded69a79c2a7eb3d858e041f1509f5f5ed8</id>
<content type='text'>
References: a00fbbdb28cc31e78882301c2efe7218583ab4cb
</content>
</entry>
<entry>
<title>debian: Plug sqv into the package build</title>
<updated>2024-12-22T22:52:05Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>julian.klode@canonical.com</email>
</author>
<published>2024-12-20T11:03:26Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=f5a24acea31248f98db51d7a2fd1d7b2198bb177'/>
<id>urn:sha1:f5a24acea31248f98db51d7a2fd1d7b2198bb177</id>
<content type='text'>
Our goal is for each platform to have one blessed OpenPGP verification
system: Platforms that support sqv get sqv, platforms that don't get
gpgv. To do so we hardcode the architecture list at build time.

At build time we check if /usr/bin/sqv exists, which is the condition
that apt uses to see if it should build with sqv support.

We use a slight hack here to build with sqv on the official Debian
buildds but use gpgv on Ubuntu by abusing the fact that Ubuntu
resolves alternative build dependencies, and gpgv is installed
in the buildd image.
</content>
</entry>
<entry>
<title>hashes, methods: Add OpenSSL backends</title>
<updated>2024-12-22T21:55:39Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>julian.klode@canonical.com</email>
</author>
<published>2024-12-18T18:37:40Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=90270f0959d490d56db891809d83c91b3d4b9bf0'/>
<id>urn:sha1:90270f0959d490d56db891809d83c91b3d4b9bf0</id>
<content type='text'>
Introduce an OpenSSL::Crypto backend for the hashes library
and an OpenSSL::SSL backend for the TLS support in our https
method.

Many thanks to curl for showing the way with how to handle
a CRL file. There are some memory leaks here with the
TlsFd itself as well as the proxy support; and we should
reorganize the code to generate the ssl object as late
as possible.

A peculiar aspect of OpenSSL is that SSL_has_pending() returns
1 even if SSL_read() will fail to read anything and return the
equivalent of EAGAIN. We work around this here by also peeking
ahead 1 byte. I was running a very high RTT connection from
Germany to Australia for testing, and with the peeking it's
using negligible amounts of CPU; before that, it was busy
looping at 100%. Bad OpenSSL!
</content>
</entry>
<entry>
<title>Add an artificial Conflicts: against libnettle8</title>
<updated>2024-03-22T10:10:24Z</updated>
<author>
<name>Steve Langasek</name>
<email>steve.langasek@ubuntu.com</email>
</author>
<published>2024-03-22T10:09:56Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=6ac4e6b22c8e66850155e912f5e649b2cc02303a'/>
<id>urn:sha1:6ac4e6b22c8e66850155e912f5e649b2cc02303a</id>
<content type='text'>
to force upgrades in launchpad buildd chroots

Gbp-Dch: full
</content>
</entry>
<entry>
<title>Do not require versioned dpkg-dev on CI</title>
<updated>2024-02-28T17:32:32Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>julian.klode@canonical.com</email>
</author>
<published>2024-02-28T17:32:32Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=68ddc4a20fe7cbf53e22c7a8bbc35db597b87313'/>
<id>urn:sha1:68ddc4a20fe7cbf53e22c7a8bbc35db597b87313</id>
<content type='text'>
Annotate the Build-Depends with a &lt;!pkg.apt.ci&gt; profile and use
that in prepare-release when doing build-dep.
</content>
</entry>
</feed>
