Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.2.7 2016-03-15T17:55:02Z 2016-03-15T17:55:02Z Michael Vogt mvo@ubuntu.com 2016-03-15T12:13:54Z urn:sha1:0390edd5452b081f8efcf412f96d535a1d959457 The problemresolver will set the candidate version for pkg P back to the current version if it encounters an impossible to satisfy critical dependency on P. However it did not set the State of the package back as well which lead to a situation where P is neither in Keep,Install,Upgrade,Delete state. Note that this can not be tested via the traditional sh based framework. I added a python-apt based test for this. LP: #1550741 [jak@debian.org: Make the test not fail if apt_pkg cannot be imported] 2016-03-14T12:49:25Z Julian Andres Klode jak@debian.org 2016-03-14T12:49:25Z urn:sha1:0cbb7e29c5dad2178896d8eaf41ad616bb0111da This was wrong and caused some issues because apt-key invoked host apt-config with our library. Gbp-Dch: ignore 2016-03-14T12:46:33Z Julian Andres Klode jak@debian.org 2016-03-14T12:24:17Z urn:sha1:493a813e8a743cfe763bf5eb18073ef9f51dabc2 This makes the test suite safe if we ever need to reject SHA1 signatures in an update. 2016-03-13T12:01:14Z Julian Andres Klode jak@debian.org 2016-03-13T11:21:09Z urn:sha1:51c04562559d0924aa52cc8c9b69901bc8a5c945 SHA1 is not reasonably secure anymore, so we should not consider it usable anymore. The test suite is adjusted to account for this. 2016-03-06T08:39:30Z David Kalnischkies david@kalnischkies.de 2016-02-16T15:02:46Z urn:sha1:a66e1837812cefc1f08788f8696724d4931e8022 This way we hopefully notice (new) warnings in this little helper. Git-Dch: Ignore 2016-02-04T17:13:05Z Julian Andres Klode jak@debian.org 2016-02-04T17:13:05Z urn:sha1:eb5113c486955d9cd66126aa59d3a27e52c52e58 2016-01-27T15:39:52Z David Kalnischkies david@kalnischkies.de 2016-01-27T14:28:17Z urn:sha1:6fc2e03084c7e027c2b9a63c1fe99ff743aae3b6 The Date field in the Release file is useful to avoid allowing an attacker to 'downgrade' a user to earlier Release files (and hence to older states of the archieve with open security bugs). It is also needed to allow a user to define min/max values for the validation of a Release file (with or without the Release file providing a Valid-Until field). APT wasn't formally requiring this field before through and (agrueable not binding and still incomplete) online documentation declares it optional (until now), so we downgrade the error to a warning for now to give repository creators a bit more time to adapt – the bigger ones should have a Date field for years already, so the effected group should be small in any case. It should be noted that earlier apt versions had this as an error already, but only showed it if a Valid-Until field was present (or the user tried to used the configuration items for min/max valid-until). Closes: 809329 2016-01-26T20:09:47Z David Kalnischkies david@kalnischkies.de 2016-01-26T20:09:47Z urn:sha1:07aca07ae73016aa7823e708dda746eec8346989 In 321213f0dcdcdaab04e01663e7a047b261400c9c Andreas Cadhalpun corrected the incorrect overriding of earlier better-fitting results with later (semi-)matches – but that broke the case in which packages are in multiple releases in the same version (and the user has both releases configured). Closes: 812497 2016-01-08T14:40:01Z David Kalnischkies david@kalnischkies.de 2016-01-08T12:08:19Z urn:sha1:896f0ae857b693782658145e16e21a3054dd5280 Some (older) versions of bash seem to be allergic to a method named "aptautotest_grep_^apt" (note the caret). Unlikely that we are going to write autotests for such commands so we could just skip those, but lets instead just use "normal" characters in the names and strip the rest as we already did with the (arguable more common) '-'. 2016-01-08T14:40:01Z David Kalnischkies david@kalnischkies.de 2016-01-07T23:35:39Z urn:sha1:abec2980ef1ff051be14c26097a76b6429b3b7bc This way it works more similar to the compressor binaries, which we can relief in this way from their job in the test framework avoiding the need of adding e.g. liblz4-tool to the test dependencies.