apt/methods, branch 1.5_alpha2 Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.5_alpha2 2017-06-29T14:12:40Z http: Only use system CA store if CaInfo is not set 2017-06-29T14:12:40Z Julian Andres Klode jak@debian.org 2017-06-29T13:30:12Z urn:sha1:58a1a72988e9280343821243217c1fc7d5ddea46 It turns out that curl only sets the system trust store if the CaInfo option is not set, so let's do the same here. Improve error message if system CA store is empty 2017-06-29T10:54:30Z Julian Andres Klode jak@debian.org 2017-06-29T10:47:55Z urn:sha1:5e9c1b36764109ab13232188892730c326fb41e8 Tell the user to install ca-certificates. Closes: #866377 use port from SRV record instead of initial port 2017-06-28T23:23:59Z David Kalnischkies david@kalnischkies.de 2017-06-28T20:56:27Z urn:sha1:9bdc09016f9570389451dd619d7e878bfeaa91df An SRV record includes a portnumber to use with the host given, but apt was ignoring the portnumber and instead used either the port given by the user for the initial host or the default port for the service. In practice the service usually runs on another host on the default port, so it tends to work as intended and even if not and apt can't get a connection there it will gracefully fallback to contacting the initial host with the right port, so its a user invisible bug most of the time. support tor+https being handled by http 2017-06-28T20:26:56Z David Kalnischkies david@kalnischkies.de 2017-06-28T20:20:22Z urn:sha1:579f8f1008eceecd3da9ac53923c6a8d08244cb7 The apt-transport-tor package operates via simple symlinks which can result in 'http' being called as 'tor+https', so it must pick up the right configuration pieces and trigger https support also in plus names. Introduce Acquire::AllowTLS to turn off TLS support 2017-06-28T15:34:51Z Julian Andres Klode jak@debian.org 2017-06-28T15:17:37Z urn:sha1:147ac0fc90d972a11f5e91521ba3d385015b5945 As requested by Henrique de Moraes Holschuh, here comes an option to disable TLS support. If the option is set to false, the internal TLS layer is disabled. Fix https->http redirect issues 2017-06-28T13:52:38Z David Kalnischkies david@kalnischkies.de 2017-06-28T13:52:00Z urn:sha1:29a08d8ab0c4d82f26c2712c456508784040cdbb Gbp-Dch: ignore methods: http: Drain pending data before selecting 2017-06-28T13:52:38Z Julian Andres Klode jak@debian.org 2017-06-28T11:20:54Z urn:sha1:f806530b9ea858ca6bda8fb8f43d988aba02dab3 GnuTLS can already have data pending in its buffers, we need to to drain that first otherwise select() might block indefinitely. Gbp-Dch: ignore Allow building without curl 2017-06-28T13:52:38Z Julian Andres Klode jak@debian.org 2017-06-27T22:12:11Z urn:sha1:0fe2161020d6e331639ed11872a947dd20035890 This makes testing easier and prepares us for the transition. methods: Add HTTPS support to http method, using GnuTLS 2017-06-28T13:52:38Z Julian Andres Klode jak@debian.org 2017-06-28T08:55:57Z urn:sha1:2851ec6cf037d552118b885be0dd7796d74730c6 The http method will eventually replace the curl-based https method, but for now, this is an opt-in experiment that can be enabled by setting Dir::Bin::Methods::https to "http". Known issues: - We do not support HTTPS proxies yet - We do not support proxying HTTPS connections yet (CONNECT) - IssuerCert and SslForceVersion are unsupported Gbp-Dch: Full methods: connect: Switch from int fds to new MethodFd 2017-06-28T13:52:38Z Julian Andres Klode jak@debian.org 2017-06-28T08:55:08Z urn:sha1:5666084ecfe140aaa3f89388de557c2f875b4244 Use std::unique_ptr<MethodFd> everywhere we used an integer-based file descriptor before. This allows us to implement stuff like TLS support easily. Gbp-Dch: ignore