Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.3_exp1 2016-05-10T18:14:02Z 2016-05-10T18:14:02Z Julian Andres Klode jak@debian.org 2016-05-10T17:15:17Z urn:sha1:35664152e47a1d4d712fd52e0f0a2dc8ed359d32 Failures can happen and APT regardless will do a partial cache update anyway. Because APT ensures that the list directory is in a sane state, it makes sense to also call success hooks if success was only partial - otherwise it loses sync with APT. Most importantly, this causes the appstream cache to be empty, see launchpad bug #1562733. This is somewhat overly optimistic though: As soon as any repository has nonexisting optional files, the missing optional files are also treated as success, which means a single broken repository without an InRelease file still runs Success hooks, even though it really should not. 2016-05-10T17:09:19Z Julian Andres Klode jak@debian.org 2016-05-10T17:09:19Z urn:sha1:c7b7d4da7f8b8edd9c3d6b13f0b935853ad8a039 This prevented some sources.list entries from working, an example of which can be found in the test. 2016-05-10T12:51:30Z David Kalnischkies david@kalnischkies.de 2016-05-10T12:51:30Z urn:sha1:33190fe3d3c200dcd417cd336f9db11f5f4408d5 Versions which are only available in dpkg/status aren't installable and apt doesn't pick them as candidate for this reason – for the same reason such packages shouldn't be sent to an external solver via EDSP. The packages are pinned to -1, but if the solver has strict pinning disabled it could end up picking this version anyhow – which is a request apt can not satisfy. Reported-By: Maximiliano Curia <maxy@debian.org> on IRC 2016-05-08T17:46:34Z David Kalnischkies david@kalnischkies.de 2016-05-08T17:46:34Z urn:sha1:2fac0dd5a7a62b67a869cd4c71c9d09159aaa31d gpg doesn't give use a UID on NODATA, which we were "expecting" (but not using for anything), but just an error number. Instead of collecting these as badsigners which will trigger a "invald signature" error with remarks like "NODATA 1" we instead adapt a message similar to the NODATA error of a clearsigned file (which is actually not reached anymore as we split them up, which fails with a NOSPLIT error, which uses the same general error message). In other words: Not a security relevant change, just a user experience improvement as we now point them to the most likely cause of the problem instead of saying "invalid signature" which would point them in the direction of the archive being broken (for everyone) instead. Closes: 823746 2016-05-08T16:15:28Z David Kalnischkies david@kalnischkies.de 2016-05-08T16:03:48Z urn:sha1:39c724b4848ef8d85c8c425f982dda85f0df1277 A frontend like apt-file is only interested in a specific set of files and selects those easily via "Created-By". If it supports two locations for those files through it would need to select both and a user would need to know that implementation detail for sources.list configuration. The "Identifier" field is hence introduced which by default has the same value as "Created-By", but can be freely configured – especially it can be used to give two indexes the same identifier. 2016-05-08T11:39:32Z David Kalnischkies david@kalnischkies.de 2016-05-08T09:58:36Z urn:sha1:7f2d1eef183dbebaaabe07a296d9a97e9cfd0f4a Sometimes index files are in different locations in a repository as it is currently the case for Contents files which are per-component in Debian, but aren't in Ubuntu. This has historic reasons and is perhaps changed soon, but such cases of transitions can always happen in the future again, so we should prepare: Introduced is a new field declaring that the current item should only be downloaded if the mentioned item wasn't allowing for transitions without a flagday in clients and archives. This isn't implemented 'simpler' with multiple MetaKeys as items (could) change their descriptions and perhaps also other configuration bits with their location. 2016-05-07T14:45:35Z David Kalnischkies david@kalnischkies.de 2016-05-07T14:45:35Z urn:sha1:7c1dca1439b956a085b09c73fdbe5a66af20241b It looks a bit strange on the outside to have multiple "native architecture", but all is considered an implementation detail and e.g. packages of arch:all are in dependency resolution equal to native packages. 2016-05-07T11:45:25Z David Kalnischkies david@kalnischkies.de 2016-05-07T11:45:25Z urn:sha1:03a34b88df3a74dac91c2f3b609d2c44e9462022 Commit 9b8034a9fd40b4d05075fda719e61f6eb4c45678 just deals with InRelease properly and generates broken URIs in case the mirror (or the achieve really) has no InRelease file. [As this was in no released version no need to clutter changelog with a fix notice.] Git-Dch: Ignore 2016-05-04T10:12:33Z David Kalnischkies david@kalnischkies.de 2016-05-04T09:45:35Z urn:sha1:5a23c56d6852a27d45c2ae227b43060f7beac051 Most tests just need a signed repository and don't care if it signed by an InRelease file or a Release.gpg file, so we can save some time by just generating one of them by default. Sounds like not much, but quickly adds up to a few seconds with the amount of tests we have accumulated by now. Git-Dch: Ignore 2016-05-04T10:12:27Z David Kalnischkies david@kalnischkies.de 2016-05-04T09:10:08Z urn:sha1:761a5ad2ec07f097b05c32427bd0ebddfd587987 If the test just signs release files to throw away one of them to test the other, we can just as well save the time and not create it. Git-Dch: Ignore