apt/test/integration, branch 2.4.1

apt/test/integration, branch 2.4.1 Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.4.1 2022-03-07T10:53:27Z gpgv: Fix legacy fallback on unavailable keys 2022-03-07T10:53:27Z Julian Andres Klode jak@debian.org 2022-03-07T10:53:27Z urn:sha1:ee427f308600a4a3a6f67a4a7835e1172605ba06 If a repository is signed with multiple keys, apt 2.4.0 would ignore the fallback result if some keys were still missing, causing signature verification to fail. Rework the logic such that when checking if fallback was "succesful", missing keys are ignored - it only matters if we managed to verify one key now, whether good or bad. Likewise, simplify the logic when to do the fallback: If there was a bad signature in trusted.gpg.d, do NOT fallback at all - this is a minor security issue, as a key in trusted.gpg.d could fail silently with a bad signature, and then a key in trusted.gpg might allow the signature to succeed (as trusted.gpg.d key is then missing). Only fallback if we are missing a good signature, and there are keys we have not yet checked. Warn if the legacy trusted.gpg keyring is used for verification 2022-02-22T17:25:06Z Julian Andres Klode jak@debian.org 2022-01-07T11:43:32Z urn:sha1:56adf743b02b80a9acc9a2e480bfd15acb94f755 With apt-key going away, people need to manage key files, rather than keys, so they need to know if any keys are in the legacy keyring. Allow --solver apt to work on apt satisfy 2022-02-10T17:35:53Z David Kalnischkies david@kalnischkies.de 2022-02-08T14:39:45Z urn:sha1:24d4cf6216ded26e6a6517a46c6f9115275b7136 Our EDSP code is confused by the spaces in the package name, so we adopt a naming scheme similar to build-dep here instead of trying to teach EDSP to somehow encode the spaces as that is probably even more confusing for onlookers than this invalid package name is. Reported-By: Johannes Schauer Marin Rodrigues on IRC Silence ar by warping it in a testsuccess call 2022-02-02T12:18:09Z David Kalnischkies david@kalnischkies.de 2022-01-03T10:54:01Z urn:sha1:d8a13f5dfa0823539b650d2024dc0671fcac1d13 The -q flag isn't quiet – it means quick – so ar happily prints an "ar: creating test.deb" which is harmless, but also pointless and it is the only testcase who produces output. Gbp-Dch: Ignore Enable tests commented out with no longer true fixme 2022-02-02T12:18:09Z David Kalnischkies david@kalnischkies.de 2022-01-03T10:37:46Z urn:sha1:ea2b51f29f9510da87d193fe12ac37d19ed4f51b Pinning and its display was reworked years ago, but the test and especially the comment never got the memo. References: a91aae406112df1d8fe16d00212333a20210f674 Gbp-Dch: Ignore Remove useless use of awk 2022-02-02T12:18:09Z David Kalnischkies david@kalnischkies.de 2022-01-03T10:31:15Z urn:sha1:71ea488ca53c7bde176655623a829c82e32e5a85 I have no idea what I was thinking 12 years ago. Gbp-Dch: Ignore Use moreutils parallel even if GNU parallel is installed 2022-02-02T12:18:09Z David Kalnischkies david@kalnischkies.de 2022-01-03T10:21:12Z urn:sha1:794cd4a23b7cb8c0e195f8264d372203cccec8ca GNU parallel diverts moreutils implementation away. As we us moreutils features just installing parallel breaks the test runner hence. We have this already for another naming scheme, so fixing this is easy enough. Gbp-Dch: Ignore Add a --full mode to apt show 2022-01-21T14:14:00Z Julian Andres Klode jak@debian.org 2022-01-21T14:11:56Z urn:sha1:78981cd5ec19563cf3bca2495c56e31124ae069a This adds back the missing fields that we do not show any other way. test/integration/test-policy-pinning: test listing multiple package in Package: field 2022-01-03T10:51:56Z Johannes Schauer Marin Rodrigues josch@mister-muffin.de 2022-01-03T10:51:56Z urn:sha1:13b3dede65707282819f901c4b37da7e9028420e add pattern to select packages by codename (closes: #1002646) 2021-12-26T21:04:21Z Johannes Schauer Marin Rodrigues josch@mister-muffin.de 2021-12-26T15:29:59Z urn:sha1:ed282548bc4b8f96ac531c9f73b42d968eadea98