Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.7.0 2018-09-18T14:07:24Z 2018-09-18T14:07:24Z Julian Andres Klode julian.klode@canonical.com 2018-08-31T14:07:07Z urn:sha1:df696650b7a8c58bbd92e0e1619e956f21010a96 It is perfectly valid behavior for a server to respond with Connection: close eventually, even when pipelining. Turning off pipelining due to that is wrong. For example, some Ubuntu mirrors close the connection after 101 requests. If I have more packages to install, only the first 101 would benefit from pipelining. This commit introduces a new check to only turn of pipelining for future connections if the pipeline for this connection did not have 3 successful fetches before, that should work quite well to detect broken server/proxy combinations like in bug 832113. 2018-05-24T12:31:31Z Julian Andres Klode julian.klode@canonical.com 2018-05-24T12:31:31Z urn:sha1:329a4a6159f1972ff5ec7bc2db26430f26dc61f3 120s is an insanely high default time out, lower it to 30s to make things a bit nicer. 2018-05-11T12:51:50Z David Kalnischkies david@kalnischkies.de 2018-05-11T12:51:50Z urn:sha1:b0283a5aeee428c9f2567b81ae78c9da68f6f4af This shouldn't make a practical difference for most people, but for edge cases it avoids DNS lookups and additionally prevents us from perfoming unneeded SRV requests, too. 2017-12-13T22:56:29Z David Kalnischkies david@kalnischkies.de 2017-10-25T22:57:26Z urn:sha1:47c0bdc310c8cd62374ca6e6bb456dd183bdfc07 The Fail method for acquire methods has a boolean parameter indicating the transient-nature of a reported error. The problem with this is that Fail is called very late at a point where it is no longer easily identifiable if an error is indeed transient or not, so some calls were and some weren't and the acquire system would later mostly ignore the transient flag and guess by using the FailReason instead. Introducing a tri-state enum we can pass the information about fatal or transient errors through the callstack to generate the correct fails. 2017-12-13T22:56:29Z David Kalnischkies david@kalnischkies.de 2017-10-25T19:40:56Z urn:sha1:2f6aed72f656494d668918aa8ce4052d7c81e993 If retries are enabled only transient errors are retried, which are very few errors. At least for some HTTP codes it could be beneficial to retry them through so adding them seems like a good idea if only to be more consistent in what we report. 2017-12-13T22:53:41Z David Kalnischkies david@kalnischkies.de 2017-12-13T20:39:16Z urn:sha1:1adcf56bec7d2127d83aa423916639740fe8e586 The casts are useless, but the reports show some where we can actually improve the code by replacing them with better alternatives like converting whatever int type into a string instead of casting to a specific one which might in the future be too small. Reported-By: gcc -Wuseless-cast 2017-10-22T18:27:23Z Julian Andres Klode jak@debian.org 2017-10-22T18:26:55Z urn:sha1:9130b5f9304b7f58273a826ff9acf04e10c6f98e This was a left over from the autodetect move. Gbp-Dch: ignore 2017-10-22T16:52:16Z Julian Andres Klode jak@debian.org 2017-10-21T13:44:43Z urn:sha1:1a76517470ebc2dd3f96e39ebe6f3706d6dd78da This avoids running the Proxy-Auto-Detect script inside the untrusted (well, less trusted for now) sandbox. This will allow us to restrict the http method from fork()ing or exec()ing via seccomp. 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-07T20:21:44Z urn:sha1:881ec045b6660e2fe0c6953720260e380ceeeb99 Opening the file before we drop privileges in the methods allows us to avoid chowning in the acquire main process which can apply to the wrong file (imagine Binary scoped settings) and surprises users as their permission setup is overridden. There are no security benefits as the file is open, so an evil method could as before read the contents of the file, but it isn't worse than before and we avoid permission problems in this setup. 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-07T19:59:01Z urn:sha1:6291fa81da6ed4c32d0dde33fa559cd155faff11 On HTTP Connect we since recently look into the auth.conf file for login information, so we should really look for all proxies into the file as the argument is the same as for sources entries and it is easier to document (especially as the manpage already mentions it as supported).