<feed xmlns='http://www.w3.org/2005/Atom'>
<title>apt/test/integration/test-apt-update-ims, branch main</title>
<subtitle>Debians commandline package manager</subtitle>
<id>https://git.kalnischkies.de/apt/atom?h=main</id>
<link rel='self' href='https://git.kalnischkies.de/apt/atom?h=main'/>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/'/>
<updated>2024-12-22T22:51:22Z</updated>
<entry>
<title>methods: Add new sqv method</title>
<updated>2024-12-22T22:51:22Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>jak@debian.org</email>
</author>
<published>2024-12-07T15:44:18Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=da9a05e0b0b2150dbb67090e8b0c3922e46bd5cf'/>
<id>urn:sha1:da9a05e0b0b2150dbb67090e8b0c3922e46bd5cf</id>
<content type='text'>
The new sqv method uses sequoia's sqv tool to verify files. The
tool's interface is quite simple: It returns 0 on success, and
prints one line per good signer with the fingerprint.

sqv has a configurable crypto policy. We have defined apt-specific
override mechanisms for sequoia's standard policy, allowing both
users, distributions, and apt package to provide overrides for
Sequoia's default policy in meaningful ways.

The sqv method will be built and be the standard method for
verifying OpenPGP signatures provided that `sqv` is in the
PATH during building. It is not built if there was no sqv
at build time, so you need a rebuild to enable sqv later
on.

On the flip side, the gpgv method is always built, but it
does need to be always built: If APT::Key::GPGVCommand is
set, we need to fallback to it - this is important to
support existing users of that interface such as
mmdebstrap. Also we want to fall back to it when /usr/bin/sqv
disappears - for example in our CI :D

A couple of concessions have been made for test suite purposes:

- Failure to split a clearsigned file only shows the summary,
  as the gpgv method also only showed it, and no details why
  it failed.
- We write "Got GOODSIG &lt;fingerprint&gt;" in debug mode to mimic
  the gpgv code to keep the test suite happy.

- In various places in the test suite we assert minimal output
  from sqv, but sqv's human output is not intended to be stable.
  This will incur additional work when it breaks. However we do
  not _parse_ the output, so actual operation of apt is unaffected.

A couple of things are suboptimal here:

- We are still doing clearsigned splitting ourselves. sqv only
  has support for detached signatures right now, whereas sqopv
  has support for clearsigned files as well (but sqopv does not
  provide any reasons for why signature verification fails or
  means to set a policy).

- Deprecation of algorithms happens on a timebomb basis in
  sequoia. We have no means to give users warnings ahead of
  time if their configuration is outdated.

We have implemented various bits that probably should be going away:

- Fallback to trusted.gpg
  This is just annoying...
- Support for fingerprints in Signed-By (no subkey matching though)
  The extra work here is arguably less compared to gpgv.
- Check the keyring for correctness.
  With Signed-By everywhere, we should just error out rather than
  skip broken keyrings.

Moo
</content>
</entry>
<entry>
<title>don't change owner/perms/times through file:// symlinks</title>
<updated>2016-07-06T00:25:51Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-07-05T18:04:27Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=3465138575e1fd0d5892d9b6be1ae232eb873460'/>
<id>urn:sha1:3465138575e1fd0d5892d9b6be1ae232eb873460</id>
<content type='text'>
If we have files in partial/ from a previous invocation or similar such
those could be symlinks created by file:// sources. The code is
expecting only real files through and happily changes owner,
modification times and permission on the file the symlink points to
which tend to be files we have no business in touching in this way.
Permissions of symlinks shouldn't be changed, changing owner is usually
pointless to, but just to be sure we pick the easy way out and use
lchown, check for symlinks before chmod/utimes.

Reported-By: Mattia Rizzolo on IRC
</content>
</entry>
<entry>
<title>accept only the expected UTC timezones in date parsing</title>
<updated>2016-05-28T09:42:20Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-05-28T09:03:35Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=9febc2b238e1e322dce1f94ecbed46d595893b52'/>
<id>urn:sha1:9febc2b238e1e322dce1f94ecbed46d595893b52</id>
<content type='text'>
HTTP/1.1 hardcodes GMT (RFC 7231 §7.1.1.1) and what is good enough for the
internet must be good enough for us™ as we reuse the implementation
internally to parse (most) dates we encounter in various places like the
Release files with their Date and Valid-Until header fields.

Implementing a fully timezone aware parser just feels too hard for no
effective benefit as it would take 5+ years (= until LTS's are out of
fashion) until a repository could use non-UTC dates and expect it to
work. Not counting non-apt implementations which might or might not
only want to encounter UTC here as well.

As a bonus, this eliminates the use of an instance of setlocale in
libapt.

Closes: 819697
</content>
</entry>
<entry>
<title>tests: disable generation of Release.gpg by default</title>
<updated>2016-05-04T10:12:33Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-05-04T09:45:35Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=5a23c56d6852a27d45c2ae227b43060f7beac051'/>
<id>urn:sha1:5a23c56d6852a27d45c2ae227b43060f7beac051</id>
<content type='text'>
Most tests just need a signed repository and don't care if it signed by
an InRelease file or a Release.gpg file, so we can save some time by
just generating one of them by default.

Sounds like not much, but quickly adds up to a few seconds with the
amount of tests we have accumulated by now.

Git-Dch: Ignore
</content>
</entry>
<entry>
<title>gpgv: cleanup statusfd parsing a bit</title>
<updated>2016-05-01T08:50:24Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-04-29T08:08:13Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=5419a6ce20967902102358a07632ae3688788d62'/>
<id>urn:sha1:5419a6ce20967902102358a07632ae3688788d62</id>
<content type='text'>
We parse the messages we receive into two big categories: Most of the
messages have a keyid as well as a userid and as they are errors we want
to show the userids as well. The other category is also errors, but have
no userid (like NO_PUBKEY). Explicitly expressing this in code should
make it a bit easier to look at and it also help in dropping additional
fields or just the newline at the end consistently.

Git-Dch: Ignore
</content>
</entry>
<entry>
<title>don't show NO_PUBKEY warning if repo is signed by another key</title>
<updated>2016-05-01T08:50:24Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-04-28T22:31:49Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=fb7b11ebb852fa255053ecab605bc9cfe9de0603'/>
<id>urn:sha1:fb7b11ebb852fa255053ecab605bc9cfe9de0603</id>
<content type='text'>
Daniel Kahn Gillmor highlights in the bugreport that security isn't
improving by having the user import additional keys – especially as
importing keys securely is hard.

The bugreport was initially about dropping the warning to a notice, but
in given the previously mentioned observation and the fact that we
weren't printing a warning (or a notice) for expired or revoked keys
providing a signature we drop it completely as the code to display a
message if this was the only key is in another path – and is considered
critical.

Closes: 618445
</content>
</entry>
<entry>
<title>keep compressed indexes in a low-cost format</title>
<updated>2016-01-08T14:40:01Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-01-07T19:32:09Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=0179cfa83cf0042235eda41db7f35c420781c63e'/>
<id>urn:sha1:0179cfa83cf0042235eda41db7f35c420781c63e</id>
<content type='text'>
Downloading and storing are two different operations were different
compression types can be preferred. For downloading we provide the
choice via Acquire::CompressionTypes::Order as there is a choice to
be made between download size and speed – and limited by whats available
in the repository.

Storage on the other hand has all compressions currently supported by
apt available and to reduce runtime of tools accessing these files the
compression type should be a low-cost format in terms of decompression.

apt traditionally stores its indexes uncompressed on disk, but has
options to keep them compressed. Now that apt downloads additional files
we also deal with files which simply can't be stored uncompressed as
they are just too big (like Contents for apt-file). Traditionally they
are downloaded in a low-cost format (gz) as repositories do not provide
other formats, but there might be even lower-cost formats and for
download we could introduce higher-cost in the repositories.

Downloading an entire index potentially requires recompression to
another format, so an update takes potentially longer – but big files
are usually updated via pdiffs which has to de- and re-compress anyhow
and does it on the fly anyhow, so there is no extra time needed and in
general it seems to be benefitial to invest the time in update to save
time later on file access.
</content>
</entry>
<entry>
<title>tests: support spaces in path and TMPDIR</title>
<updated>2015-12-19T22:04:34Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2015-12-15T16:20:26Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=3abb6a6a1e485b3bc899b64b0a1b7dc2db25a9c2'/>
<id>urn:sha1:3abb6a6a1e485b3bc899b64b0a1b7dc2db25a9c2</id>
<content type='text'>
This doesn't allow all tests to run cleanly, but it at least allows to
write tests which could run successfully in such environments.

Git-Dch: Ignore
</content>
</entry>
<entry>
<title>review of new/changed translatable program strings</title>
<updated>2015-11-21T17:04:29Z</updated>
<author>
<name>Justin B Rye</name>
<email>justin.byam.rye@gmail.com</email>
</author>
<published>2015-11-21T16:50:06Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=d04e44ac8177fc5b70ae0189bb5e437c2502f910'/>
<id>urn:sha1:d04e44ac8177fc5b70ae0189bb5e437c2502f910</id>
<content type='text'>
Reference mail:
https://lists.debian.org/debian-l10n-english/2015/11/msg00006.html
</content>
</entry>
<entry>
<title>tests: use quiet level 0 by default in tests</title>
<updated>2015-11-19T16:13:56Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2015-11-19T15:00:33Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=87d6947d51717e8b0e975d913986161598a7259a'/>
<id>urn:sha1:87d6947d51717e8b0e975d913986161598a7259a</id>
<content type='text'>
Git-Dch: Ignore
</content>
</entry>
</feed>
