Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.7.2 2023-05-02T14:46:14Z 2023-05-02T14:46:14Z Julian Andres Klode julian.klode@canonical.com 2023-05-02T14:46:14Z urn:sha1:9da15d149f97e0f26cf5b7e32405512a5e63523c 2023-05-02T13:23:14Z Julian Andres Klode julian.klode@canonical.com 2023-02-22T13:14:52Z urn:sha1:a19f606aad717fe5c9c69237c3af53feb547115e Provide snapshot support for offical Debian and Ubuntu archives. There are two ways to enable snapshots for sources: 1. Add Snapshot: yes to your sources file ([snapshot=yes]). This will allow you to specify a snapshot to use when updating or installing using the --snapshot,-S option. 2. Add Snapshot: ID to your sources files to request a specific snapshot for this source. Snapshots are discovered using Label and Origin fields in the Release file of the main source, hence you need to have updated the source at least once before you can use snapshots. The Release file may also declare a snapshots server to use, similar to Changelogs, it can contain a Snapshots field with the values: 1. `Snapshots: https://example.com/@SNAPSHOTID@` where `@SNAPSHOTID@` is a placeholder that is replaced with the requested snapshot id 2. `Snapshots: no` to disable snapshot support for this source. Requesting snapshots for this source will result in a failure to load the source. The implementation adds a SHADOWED option to deb source entries, and marks the main entry as SHADOWED when a snapshot has been requested, which will cause it to be updated, but not included in the generated cache. The concern here was that we need to keep generating the shadowed entries because the cleanup in `apt update` deletes any files not queued for download, so we gotta keep downloading the main source. This design is not entirely optimal, but avoids the pitfalls of having to reimplement list cleanup. Gaps: - Ubuntu Pro repositories and PPAs are not yet supported. 2023-05-02T13:16:54Z Julian Andres Klode julian.klode@canonical.com 2023-04-11T14:37:51Z urn:sha1:3625351722e67903dc34993fe318e50863bd2d31 This runs update before opening the cache and sources.list for installing/upgrading. 2023-02-08T16:09:26Z Julian Andres Klode julian.klode@canonical.com 2023-02-08T16:07:41Z urn:sha1:028b4d08f09e14c1e6f5e071f329668870bc5e56 2023-01-25T11:57:16Z MichaIng micha@dietpi.com 2023-01-25T11:57:16Z urn:sha1:0924dd3dc165499ec8903783c99a85479a660ee7 since --no-allow-insecure-repositories is the default. Signed-off-by: MichaIng <micha@dietpi.com> 2022-10-31T11:12:04Z Julian Andres Klode julian.klode@canonical.com 2022-10-31T11:11:47Z urn:sha1:bd0abd856f1e3e505572f434efafa38254de2f3b 2022-10-28T18:36:16Z quazgar quazgar@posteo.de 2022-10-28T18:36:16Z urn:sha1:bbde59e804ee6d5bb5547071c0c59fd6cfb02d99 2022-09-28T15:34:34Z Julian Andres Klode julian.klode@canonical.com 2022-09-28T15:17:46Z urn:sha1:dccfe14ffb9713fbf320691c0f6cd679f2acf4fc 2022-08-06T12:43:46Z Povilas Kanapickas povilas@radix.lt 2022-08-06T12:43:46Z urn:sha1:5e4d241e273e32cfc72c80526e8951a767efaaeb The documentation currently does not specify whether `apt-get download` verifies the authenticity of downloaded packages or not. The underlying code does verify the authenticity of packages as usual and would fail if the package signature is invalid. Therefore it makes sense to make this guarantee explicit in the documentation, because without it security-conscious users will likely want to recheck the signatures or checksums manually which is not necessary in this case and just wastes time. 2021-01-08T21:18:01Z Julian Andres Klode julian.klode@canonical.com 2021-01-08T20:58:58Z urn:sha1:3f9e5bedf1c9b15db8960d2daa32f703c3cc2346