Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.2.2 2016-02-04T17:13:05Z 2016-02-04T17:13:05Z Julian Andres Klode jak@debian.org 2016-02-04T17:13:05Z urn:sha1:eb5113c486955d9cd66126aa59d3a27e52c52e58 2016-02-03T13:56:49Z David Kalnischkies david@kalnischkies.de 2016-02-03T13:56:49Z urn:sha1:d603afd970e4bc84ed7176b988cd72bd9cf339b3 We don't need the dependencies for obvious reasons and we don't need the candidate version either, so building a pkgDepCache is wasted effort, which we can stop doing now that build-dep cleared the path. 2016-02-03T12:50:00Z David Kalnischkies david@kalnischkies.de 2016-02-03T11:58:23Z urn:sha1:cd907113561d5eb75054f981be3bcc22eee8db27 The later just calls the earlier, but the later needs the fullblown dependency cache to be initialized, which is a very costly operation and isn't done anymore that early in the run as we would need to throw away and rebuild it again after we got all the information about source pkgs. As we end up with a nullptr for the pkgDepCache, we use a slightly longer calling convention to make sure that we use the pkgCache directly, avoiding nullptr induced segfaults and costly operations. Git-Dch: Ignore Reported-By: Balint Reczey <balint@balintreczey.hu> 2016-01-31T18:06:19Z David Kalnischkies david@kalnischkies.de 2016-01-28T23:52:48Z urn:sha1:aa3e7b3287a20b464237c869483111abc7e9d815 Git-Dch: Ignore 2016-01-27T15:39:52Z David Kalnischkies david@kalnischkies.de 2016-01-27T14:28:17Z urn:sha1:6fc2e03084c7e027c2b9a63c1fe99ff743aae3b6 The Date field in the Release file is useful to avoid allowing an attacker to 'downgrade' a user to earlier Release files (and hence to older states of the archieve with open security bugs). It is also needed to allow a user to define min/max values for the validation of a Release file (with or without the Release file providing a Valid-Until field). APT wasn't formally requiring this field before through and (agrueable not binding and still incomplete) online documentation declares it optional (until now), so we downgrade the error to a warning for now to give repository creators a bit more time to adapt – the bigger ones should have a Date field for years already, so the effected group should be small in any case. It should be noted that earlier apt versions had this as an error already, but only showed it if a Valid-Until field was present (or the user tried to used the configuration items for min/max valid-until). Closes: 809329 2016-01-26T20:09:47Z David Kalnischkies david@kalnischkies.de 2016-01-26T20:09:47Z urn:sha1:07aca07ae73016aa7823e708dda746eec8346989 In 321213f0dcdcdaab04e01663e7a047b261400c9c Andreas Cadhalpun corrected the incorrect overriding of earlier better-fitting results with later (semi-)matches – but that broke the case in which packages are in multiple releases in the same version (and the user has both releases configured). Closes: 812497 2016-01-26T18:17:11Z David Kalnischkies david@kalnischkies.de 2016-01-26T18:17:11Z urn:sha1:d17f2b1b748c8d297474707cfc9706f673ef0346 In commit a221efc331693f8905da870141756c892911c433 I promoted the source package name and version to the binary cache for faster access by e.g. EDSP, but due to changing the interpretation length to soon we always ignored the version part of the Source field, so that packages ended up having the binary version as source version – which while usually just fine it is wrong for binary rebuilds. Closes: 812492 2016-01-25T18:14:37Z David Kalnischkies david@kalnischkies.de 2016-01-25T18:14:37Z urn:sha1:0479205d5869805da3122e2683d2e5ecd0058815 Git-Dch: Ignore 2016-01-25T17:15:44Z David Kalnischkies david@kalnischkies.de 2016-01-21T22:22:00Z urn:sha1:a249b3e6fd798935a02b769149c9791a6fa6ef16 build-dep was implemented by parsing the build-dependencies of a package and figuring out which packages to install/remove based on this. That means that for the first level of dependencies build-dep was implementing its very own resolver with all the benefits (aka: bugs) this gives us for not using the existing resolver for all levels. Making this work involves generating a dummy binary package with fitting Depends and Conflicts and as we can't create them out of thin air the cache generation needs to be involved so we end up writing a Packages file which we want to parse – after we have parsed the other Packages files already. With .dsc/.deb files we could add them before we started parsing anything. With a bit of care we can avoid generating too much data we have to throw away again (as many parts assume that e.g. the count of packages doesn't change midair), so that on a speed front there shouldn't be much of a difference, but output can be slightly confusing as if we have a completely valid cache on disk the "Reading package lists... Done" is printed two times – but apt is pretty quick about it in that case. Closes: #137560, #444930, #489911, #583914, #728317, #812173 2016-01-25T17:15:44Z David Kalnischkies david@kalnischkies.de 2016-01-19T23:09:36Z urn:sha1:530302ef25d14bd7577f18cf98c2fa868c3c1dd3 To resolve dependencies like "pkg:arch" we create a package with the name "pkg:arch" and the architecture "any". We create these packages only if a dependency needs it as these kind of dependencies aren't that common. This commit ensured that in the even this architecture specific dependency is the only relation this package has we still create the underlying package to have them available in provides resolution.