<feed xmlns='http://www.w3.org/2005/Atom'>
<title>apt/test/integration/test-apt-get-update-unauth-warning, branch main</title>
<subtitle>Debians commandline package manager</subtitle>
<id>https://git.kalnischkies.de/apt/atom?h=main</id>
<link rel='self' href='https://git.kalnischkies.de/apt/atom?h=main'/>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/'/>
<updated>2024-11-22T12:40:10Z</updated>
<entry>
<title>Look at non by-hash paths in copy and file methods</title>
<updated>2024-11-22T12:40:10Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2022-05-09T09:42:48Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=7adf8c1fa8d519b8b57292763eb7703e7d3cc580'/>
<id>urn:sha1:7adf8c1fa8d519b8b57292763eb7703e7d3cc580</id>
<content type='text'>
Ideally copy and file mirrors would support by-hash as well, but its
harder to setup and maintain especially if you want to cache an online
mirror who has by-hash enabled.

We can avoid unneeded roundtrips (in the best case) and entire cache
misses (in the usual worst case) by "just" telling methods that the URI
we passed it has the requested file perhaps also in other paths.

This is done in pseudo-relative paths as we would otherwise need to
teach redirection code to rewrite those URIs as well. A method like http
can easily ignore this value and await explicit instructions to look at
that file, but inspecting the path in local sources via file or copy is
(comparatively) free, so we just do it immediately. If that ends up
being the wrong version of the file as by-hash would have protected us
from we are in this feature branch now falling back to other mirrors
which are like the ones online and in support of by-hash.
</content>
</entry>
<entry>
<title>Support uncompressed indexes from partial file:/ mirrors</title>
<updated>2024-11-22T12:21:24Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2022-04-23T20:46:33Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=39304fb440f62b3a9f4dd85871b7049fb5b8eb8f'/>
<id>urn:sha1:39304fb440f62b3a9f4dd85871b7049fb5b8eb8f</id>
<content type='text'>
If a file:/ mirror does not contain the requested compressed file, but
the uncompressed variant of that file the method will sent us a fitting
Done message with data only about the Alt-Filename, but the central hash
verification code in the acquire system does not expect that looking for
the non-existent compressed file to compare its hashes with the expected
result – which fails (if we are verifying at least).

That file:/ as well as the item code deals with this suggests that this
feature was broken by 448c38bdcd72b52f11ec5f326f822cf57653f81c, but I
couldn't (easily) compile that to verify, so this is only a guess.

Supporting this allows using index files from /var/lib/apt/lists –
which are likely uncompressed or can at least made so easily – to
construct a file:/ mirror.
</content>
</entry>
<entry>
<title>Read and work with canonical file-URIs from sources.lists</title>
<updated>2021-09-13T14:08:52Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2021-09-12T14:08:52Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=2b0369a5d1673d9e40f2af4db7677b040a26ee58'/>
<id>urn:sha1:2b0369a5d1673d9e40f2af4db7677b040a26ee58</id>
<content type='text'>
We allow file (and other file-based methods) URIs to either be given
as file:///path or as file:/path, but in various places of the acquire
system we perform string comparisons on URIs which do not handle this
expecting the canonical representation produced by our URI code.

That used to be hidden by us quoting and dequoting the URIs in the
system, but as we don't do this anymore we have to be a bit more careful
on input.

Ideally we would do less of these comparisons, but for now lets be
content with inserting a canonicalisation early on to prevent hangs in
the acquire system.
</content>
</entry>
<entry>
<title>allow a method to request auxiliary files</title>
<updated>2018-01-03T17:55:41Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2017-08-12T14:21:13Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=ef9677831f62a1554a888ebc7b162517d7881116'/>
<id>urn:sha1:ef9677831f62a1554a888ebc7b162517d7881116</id>
<content type='text'>
If a method needs a file to operate like e.g. mirror needs to get a list
of mirrors before it can redirect the the actual requests to them. That
could easily be solved by moving the logic into libapt directly, but by
allowing a method to request other methods to do something we can keep
this logic contained in the method and allow e.g. also methods which
perform binary patching or similar things.

Previously they would need to implement their own acquire system inside
the existing one which in all likelyhood will not support the same
features and methods nor operate with similar security compared to what
we have already running 'above' the requesting method. That said, to
avoid methods producing conflicts with "proper" files we are downloading
a new directory is introduced to keep the auxiliary files in.

[The message magic number 351 is a tribute to the german Grundgesetz
article 35 paragraph 1 which defines that all authorities of the
state(s) help each other on request.]
</content>
</entry>
<entry>
<title>fail instead of warn on insecure repositories in apt-get</title>
<updated>2017-06-28T17:17:57Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2017-06-28T10:57:51Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=cbaf353ead58aa9eefe51542b6ad91e69b6289ce'/>
<id>urn:sha1:cbaf353ead58aa9eefe51542b6ad91e69b6289ce</id>
<content type='text'>
The exception was made to give (script) users a one-release grace period
to adapt their setup to deal with apt enforcing signing of repositories.
As we are now at the start of a new release cycle its as good a time as
any to lift it now.

Removes-Exception: 952ee63b0af14a534c0aca00c11d1a99be6b22b2
</content>
</entry>
<entry>
<title>tests: support spaces in path and TMPDIR</title>
<updated>2015-12-19T22:04:34Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2015-12-15T16:20:26Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=3abb6a6a1e485b3bc899b64b0a1b7dc2db25a9c2'/>
<id>urn:sha1:3abb6a6a1e485b3bc899b64b0a1b7dc2db25a9c2</id>
<content type='text'>
This doesn't allow all tests to run cleanly, but it at least allows to
write tests which could run successfully in such environments.

Git-Dch: Ignore
</content>
</entry>
<entry>
<title>slightly rephrase notice shown for insecure repositories</title>
<updated>2015-11-25T14:20:10Z</updated>
<author>
<name>Justin B Rye</name>
<email>justin.byam.rye@gmail.com</email>
</author>
<published>2015-11-22T09:14:12Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=839603418384565a53d9aca7b23dbd7742e3ea77'/>
<id>urn:sha1:839603418384565a53d9aca7b23dbd7742e3ea77</id>
<content type='text'>
Git-Dch: Ignore
</content>
</entry>
<entry>
<title>review of new/changed translatable program strings</title>
<updated>2015-11-21T17:04:29Z</updated>
<author>
<name>Justin B Rye</name>
<email>justin.byam.rye@gmail.com</email>
</author>
<published>2015-11-21T16:50:06Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=d04e44ac8177fc5b70ae0189bb5e437c2502f910'/>
<id>urn:sha1:d04e44ac8177fc5b70ae0189bb5e437c2502f910</id>
<content type='text'>
Reference mail:
https://lists.debian.org/debian-l10n-english/2015/11/msg00006.html
</content>
</entry>
<entry>
<title>tests: use quiet level 0 by default in tests</title>
<updated>2015-11-19T16:13:56Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2015-11-19T15:00:33Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=87d6947d51717e8b0e975d913986161598a7259a'/>
<id>urn:sha1:87d6947d51717e8b0e975d913986161598a7259a</id>
<content type='text'>
Git-Dch: Ignore
</content>
</entry>
<entry>
<title>"support" unsigned Release files without hashes again</title>
<updated>2015-11-05T11:21:33Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2015-11-05T00:51:44Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=f01f5d911d6a9731893865bb1ec617c5038add3e'/>
<id>urn:sha1:f01f5d911d6a9731893865bb1ec617c5038add3e</id>
<content type='text'>
This 'ignores' the component Release files you can find in Debian
alongside the binary-* directories, which isn't exactly a common
usecase, but it worked before, so lets support it again as this isn't
worse than a valid Release file which is unsigned.

Git-Dch: Ignore
</content>
</entry>
</feed>
