<feed xmlns='http://www.w3.org/2005/Atom'>
<title>apt/test/integration/test-apt-update-rollback, branch main</title>
<subtitle>Debians commandline package manager</subtitle>
<id>https://git.kalnischkies.de/apt/atom?h=main</id>
<link rel='self' href='https://git.kalnischkies.de/apt/atom?h=main'/>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/'/>
<updated>2025-03-04T10:07:51Z</updated>
<entry>
<title>Replace "GPG error" with "OpenPGP signature verification failed"</title>
<updated>2025-03-04T10:07:51Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>julian.klode@canonical.com</email>
</author>
<published>2025-03-04T10:07:14Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=991eb5025a35155e57005b2e2be38f66ec5dd1a4'/>
<id>urn:sha1:991eb5025a35155e57005b2e2be38f66ec5dd1a4</id>
<content type='text'>
Reported-by: cacin on irc
</content>
</entry>
<entry>
<title>test: Check "${METHODSDIR}/sqv" not "/usr/bin/sqv"</title>
<updated>2025-01-01T21:27:31Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>julian.klode@canonical.com</email>
</author>
<published>2025-01-01T21:20:25Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=12a3dfe6b86ca01ac2d643086b8f30e5b9189290'/>
<id>urn:sha1:12a3dfe6b86ca01ac2d643086b8f30e5b9189290</id>
<content type='text'>
This is the correct check to find out whether we have built
with sqv support.
</content>
</entry>
<entry>
<title>methods: Add new sqv method</title>
<updated>2024-12-22T22:51:22Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>jak@debian.org</email>
</author>
<published>2024-12-07T15:44:18Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=da9a05e0b0b2150dbb67090e8b0c3922e46bd5cf'/>
<id>urn:sha1:da9a05e0b0b2150dbb67090e8b0c3922e46bd5cf</id>
<content type='text'>
The new sqv method uses sequoia's sqv tool to verify files. The
tool's interface is quite simple: It returns 0 on success, and
prints one line per good signer with the fingerprint.

sqv has a configurable crypto policy. We have defined apt-specific
override mechanisms for sequoia's standard policy, allowing both
users, distributions, and apt package to provide overrides for
Sequoia's default policy in meaningful ways.

The sqv method will be built and be the standard method for
verifying OpenPGP signatures provided that `sqv` is in the
PATH during building. It is not built if there was no sqv
at build time, so you need a rebuild to enable sqv later
on.

On the flip side, the gpgv method is always built, but it
does need to be always built: If APT::Key::GPGVCommand is
set, we need to fallback to it - this is important to
support existing users of that interface such as
mmdebstrap. Also we want to fall back to it when /usr/bin/sqv
disappears - for example in our CI :D

A couple of concessions have been made for test suite purposes:

- Failure to split a clearsigned file only shows the summary,
  as the gpgv method also only showed it, and no details why
  it failed.
- We write "Got GOODSIG &lt;fingerprint&gt;" in debug mode to mimic
  the gpgv code to keep the test suite happy.

- In various places in the test suite we assert minimal output
  from sqv, but sqv's human output is not intended to be stable.
  This will incur additional work when it breaks. However we do
  not _parse_ the output, so actual operation of apt is unaffected.

A couple of things are suboptimal here:

- We are still doing clearsigned splitting ourselves. sqv only
  has support for detached signatures right now, whereas sqopv
  has support for clearsigned files as well (but sqopv does not
  provide any reasons for why signature verification fails or
  means to set a policy).

- Deprecation of algorithms happens on a timebomb basis in
  sequoia. We have no means to give users warnings ahead of
  time if their configuration is outdated.

We have implemented various bits that probably should be going away:

- Fallback to trusted.gpg
  This is just annoying...
- Support for fingerprints in Signed-By (no subkey matching though)
  The extra work here is arguably less compared to gpgv.
- Check the keyring for correctness.
  With Signed-By everywhere, we should just error out rather than
  skip broken keyrings.

Moo
</content>
</entry>
<entry>
<title>Avoid dealing with a fake dpkg stanza in the tests</title>
<updated>2022-09-02T14:55:45Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2022-08-31T19:49:33Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=3498fbedafbf30e5c91deeaefa6a60d1e387593a'/>
<id>urn:sha1:3498fbedafbf30e5c91deeaefa6a60d1e387593a</id>
<content type='text'>
We needed a fake dpkg in our status file for dpkg --assert-multi-arch to
work in the past, but recent dpkg versions do not require this anymore,
so we can remove this somewhat surprising hackery in favour of better
hidden hackery we only use if we work with an older dpkg (e.g. on
current Debian stable).
</content>
</entry>
<entry>
<title>rename Checksum-FileSize to Filesize in hashsum mismatch</title>
<updated>2016-11-09T22:32:02Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-11-09T22:32:02Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=28ee7f19b865c32ce1b03cc0afa26983a0208693'/>
<id>urn:sha1:28ee7f19b865c32ce1b03cc0afa26983a0208693</id>
<content type='text'>
Some people do not recognize the field value with such an arcane name
and/or expect it to refer to something different (e.g. #839257).
We can't just rename it internally as its an avoidance strategy as such
fieldname existed previously with less clear semantics, but we can spare
the general public from this implementation detail.
</content>
</entry>
<entry>
<title>test: Always install dpkg into our tests, regardless of MA</title>
<updated>2016-09-07T12:00:38Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>jak@debian.org</email>
</author>
<published>2016-09-07T11:35:40Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=561a3557e7fa6c4ed693c3bb486d189a468a8080'/>
<id>urn:sha1:561a3557e7fa6c4ed693c3bb486d189a468a8080</id>
<content type='text'>
Even if we only configure a single architecture, install dpkg, so
dpkg can assert multi arch correctly. This also has the nice side
effect of making single architecture and multiple architecture
test cases more uniform.

This fixes a regression from f878d3a862128bc1385616751ae1d78246b1bd01
("test: Assert multi-arch in the chroot").
</content>
</entry>
<entry>
<title>add [weak] tag to hash errors to indicate insufficiency</title>
<updated>2016-06-22T12:05:01Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-06-18T13:15:27Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=d30036922c6963846db4ab633b13fb87c1b5b462'/>
<id>urn:sha1:d30036922c6963846db4ab633b13fb87c1b5b462</id>
<content type='text'>
For "Hash Sum mismatch" that info doesn't make a whole lot of
difference, but for the new insufficient info message an indicator that
while this hashes are there and even match, they aren't enough from a
security standpoint.
</content>
</entry>
<entry>
<title>tests: disable generation of Release.gpg by default</title>
<updated>2016-05-04T10:12:33Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-05-04T09:45:35Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=5a23c56d6852a27d45c2ae227b43060f7beac051'/>
<id>urn:sha1:5a23c56d6852a27d45c2ae227b43060f7beac051</id>
<content type='text'>
Most tests just need a signed repository and don't care if it signed by
an InRelease file or a Release.gpg file, so we can save some time by
just generating one of them by default.

Sounds like not much, but quickly adds up to a few seconds with the
amount of tests we have accumulated by now.

Git-Dch: Ignore
</content>
</entry>
<entry>
<title>show more details for "Hash Sum mismatch" errors</title>
<updated>2016-04-25T13:35:52Z</updated>
<author>
<name>David Kalnischkies</name>
<email>david@kalnischkies.de</email>
</author>
<published>2016-03-12T19:29:04Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=0340069cc4709a18ba117090763d9f263de999a9'/>
<id>urn:sha1:0340069cc4709a18ba117090763d9f263de999a9</id>
<content type='text'>
Users tend to report these errors with just this error message… not very
actionable and hard to figure out if this is a temporary or 'permanent'
mirror-sync issue or even the occasional apt bug.

Showing the involved hashsums and modification times should help in
triaging these kind of bugs – and eventually we will have less of them
via by-hash.

The subheaders aren't marked for translation for now as they are
technical glibberish and probably easier to deal with if not translated.
After all, our iconic "Hash Sum mismatch" is translated at least.

These additions were proposed in #817240 by Peter Palfrader.
</content>
</entry>
<entry>
<title>Report non-transient errors as errors, not as warnings</title>
<updated>2016-03-16T16:56:50Z</updated>
<author>
<name>Julian Andres Klode</name>
<email>jak@debian.org</email>
</author>
<published>2016-03-16T15:46:39Z</published>
<link rel='alternate' type='text/html' href='https://git.kalnischkies.de/apt/commit/?id=f695e76199a43b7f4d5816e20d18496b6448b833'/>
<id>urn:sha1:f695e76199a43b7f4d5816e20d18496b6448b833</id>
<content type='text'>
This makes it easier to understand what really is an error
and what not.
</content>
</entry>
</feed>
