<feed xmlns='http://www.w3.org/2005/Atom'>
<title>apt/test/integration/test-apt-helper, branch main</title>
<subtitle>Debians commandline package manager</subtitle>
<id>https://git.kalnischkies.de/apt/atom?h=main</id>
<link rel='self' href='https://git.kalnischkies.de/apt/atom?h=main'/>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/'/>
<updated>2026-06-10T13:07:30Z</updated>
<entry>
<title>aptwebserver: Refuse client immediately on TLS handshake</title>
<updated>2026-06-10T13:07:30Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2026-02-05T21:18:40Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=49e91b96d9faeca50ab0b212174744938d446132'/>
<id>urn:sha1:49e91b96d9faeca50ab0b212174744938d446132</id>
<content type='text'>
We implement a HTTP-only server here (that is wrapped by stunnel for
HTTPS support), so if a TLS handshake reaches us it is always wrong
and we can just close the connection immediately instead of accepting
it and letting the client run into a timeout as we will never receive
the message(s) we expect.

This happens e.g. with browsers like Firefox that opportunistically
try https first (even if you ask for http and specify a port).
</content>
</entry>
<entry>
<title>Allow AutoDetectProxy to work with more than just http(s)</title>
<updated>2024-11-22T12:40:10Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2022-04-26T20:22:46Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=d9601bce6e1fa61cbb3dc4d66e5492f9885eef8f'/>
<id>urn:sha1:d9601bce6e1fa61cbb3dc4d66e5492f9885eef8f</id>
<content type='text'>
It is a bit unfair for third-party methods wrapping e.g. http to not
have access to such tools, same for our old ftp and e.g. our tor even
if in practice this isn't used much even for http.

At least that is one less FIXME in the code.
</content>
</entry>
<entry>
<title>add apt-helper drop-privs command…</title>
<updated>2018-02-19T14:56:09Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2018-01-25T16:14:49Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=887e331abb6ac0a850e5d53de55f43c9ebdee5a2'/>
<id>urn:sha1:887e331abb6ac0a850e5d53de55f43c9ebdee5a2</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Show permission error if ProxyAutoDetect cmd can't be executed</title>
<updated>2017-06-26T21:31:15Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2017-03-21T08:27:25Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=e250df1a623fd08f8a5afe2d94bd29a35e872725'/>
<id>urn:sha1:e250df1a623fd08f8a5afe2d94bd29a35e872725</id>
<content type='text'>
As the proxy commands are not executed as root, a user can run into
permission errors (s)he isn't expecting – as our switching is an
implementation detail – so the error message in that case should really
be better than a generic "error code 100" sending the user in the wrong
direction as that implies the command was executed, but errored out.

Closes: 857885
</content>
</entry>
<entry>
<title>Add a few more Auto-Detect-Proxy tests</title>
<updated>2017-06-26T21:31:15Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2017-03-19T11:17:06Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=5f930f65438b30a87e0c8a47150dd0dbf414750e'/>
<id>urn:sha1:5f930f65438b30a87e0c8a47150dd0dbf414750e</id>
<content type='text'>
Gbp-Dch: Ignore
</content>
</entry>
<entry>
<title>rename Checksum-FileSize to Filesize in hashsum mismatch</title>
<updated>2016-11-09T22:32:02Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-11-09T22:32:02Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=28ee7f19b865c32ce1b03cc0afa26983a0208693'/>
<id>urn:sha1:28ee7f19b865c32ce1b03cc0afa26983a0208693</id>
<content type='text'>
Some people do not recognize the field value with such an arcane name
and/or expect it to refer to something different (e.g. #839257).
We can't just rename it internally as its an avoidance strategy as such
fieldname existed previously with less clear semantics, but we can spare
the general public from this implementation detail.
</content>
</entry>
<entry>
<title>add [weak] tag to hash errors to indicate insufficiency</title>
<updated>2016-06-22T12:05:01Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-06-18T13:15:27Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=d30036922c6963846db4ab633b13fb87c1b5b462'/>
<id>urn:sha1:d30036922c6963846db4ab633b13fb87c1b5b462</id>
<content type='text'>
For "Hash Sum mismatch" that info doesn't make a whole lot of
difference, but for the new insufficient info message an indicator that
while this hashes are there and even match, they aren't enough from a
security standpoint.
</content>
</entry>
<entry>
<title>implement and document DIRECT for auto-detect-proxy</title>
<updated>2016-06-20T11:49:31Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-06-20T11:49:31Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=9515ed7bcdb32c7985ca83d309beda7155d02136'/>
<id>urn:sha1:9515ed7bcdb32c7985ca83d309beda7155d02136</id>
<content type='text'>
There is a subtile difference between an empty setting and "DIRECT" in
the configuration as the later overrides the generic settings while the
earlier does not. Also, non-zero exitcodes should really be reported as
an error rather than silently discarded.
</content>
</entry>
<entry>
<title>do not error if auto-detect-proxy cmd has no output</title>
<updated>2016-06-20T11:22:22Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-06-20T09:23:09Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=cad1877559f3e1703c3fea4d081978e1b4bb4a0e'/>
<id>urn:sha1:cad1877559f3e1703c3fea4d081978e1b4bb4a0e</id>
<content type='text'>
Regression introduced in 8f858d560e3b7b475c623c4e242d1edce246025a.

Commands are probably better of always having output through as the
fall through to the generic proxy settings is likely not intended. As
documenting and implementing this more consistently is kind of a
regression through, it is split off into the next commit.

Closes: 827713
</content>
</entry>
<entry>
<title>show more details for "Hash Sum mismatch" errors</title>
<updated>2016-04-25T13:35:52Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-03-12T19:29:04Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=0340069cc4709a18ba117090763d9f263de999a9'/>
<id>urn:sha1:0340069cc4709a18ba117090763d9f263de999a9</id>
<content type='text'>
Users tend to report these errors with just this error message… not very
actionable and hard to figure out if this is a temporary or 'permanent'
mirror-sync issue or even the occasional apt bug.

Showing the involved hashsums and modification times should help in
triaging these kind of bugs – and eventually we will have less of them
via by-hash.

The subheaders aren't marked for translation for now as they are
technical glibberish and probably easier to deal with if not translated.
After all, our iconic "Hash Sum mismatch" is translated at least.

These additions were proposed in #817240 by Peter Palfrader.
</content>
</entry>
</feed>
