Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.3_pre2 2016-07-02T10:01:17Z 2016-07-02T10:01:17Z David Kalnischkies david@kalnischkies.de 2016-07-02T09:28:42Z urn:sha1:0b45b6e5de1ba4224ced67a9952e009d0f4139a0 All apt versions support numeric as well as 3-character timezones just fine and its actually hard to write code which doesn't "accidently" accepts it. So why change? Documenting the Date/Valid-Until fields in the Release file is easy to do in terms of referencing the datetime format used e.g. in the Debian changelogs (policy §4.4). This format specifies only the numeric timezones through, not the nowadays obsolete 3-character ones, so in the interest of least surprise we should use the same format even through it carries a small risk of regression in other clients (which encounter repositories created with apt-ftparchive). In case it is really regressing in practice, the hidden option -o APT::FTPArchive::Release::NumericTimezone=0 can be used to go back to good old UTC as timezone. The EDSP and EIPP protocols use this 'new' format, the text interface used to communicate with the acquire methods does not for compatibility reasons even if none of our methods would be effected and I doubt any other would (in these instances the timezone is 'GMT' as that is what HTTP/1.1 requires). Note that this is only true for apt talking to methods, (libapt-based) methods talking to apt will respond with the 'new' format. It is therefore strongly adviced to support both also in method input. 2016-04-13T19:33:32Z David Kalnischkies david@kalnischkies.de 2016-04-06T14:00:11Z urn:sha1:c1e7b36400db49d3dcb403512e9b009d1b6d05bc Breaking here lets our handler die which a client will fix by reconnecting… but that eats time needlessly and is simple the wrong handling, too. Git-Dch: Ignore 2016-03-14T10:47:19Z David Kalnischkies david@kalnischkies.de 2016-03-13T22:30:05Z urn:sha1:12f40394b3940573c0e63d74722a95148fb1ad39 Iceweasel^WFirefox complains about the missing encoding in its console which can be a bit annoying in interactive sessions, so fixing these issues has no effect on apt itself, but on the testers. Git-Dch: Ignore 2016-01-31T18:06:19Z David Kalnischkies david@kalnischkies.de 2016-01-28T23:52:48Z urn:sha1:aa3e7b3287a20b464237c869483111abc7e9d815 Git-Dch: Ignore 2015-09-15T08:16:09Z David Kalnischkies david@kalnischkies.de 2015-09-14T22:33:12Z urn:sha1:6c0765c096ffb4df14169236c865bbb2b10974ae This allows running tests in parallel. Git-Dch: Ignore 2015-05-22T15:01:03Z Michael Vogt mvo@ubuntu.com 2015-05-22T15:01:03Z urn:sha1:4fc6b7570c3e97b65c118b58cdf6729fa94c9b03 Conflicts: apt-pkg/pkgcache.h debian/changelog methods/https.cc methods/server.cc test/integration/test-apt-download-progress 2015-05-22T14:05:05Z Michael Vogt mvo@ubuntu.com 2015-05-22T14:05:05Z urn:sha1:f4a91278c65b156c1addf27b0b05b029692959e8 Add a regression test that reproduced the hang of apt when a partial file is present. Git-Dch: ignore 2015-05-22T13:28:53Z Michael Vogt mvo@ubuntu.com 2015-05-22T13:28:53Z urn:sha1:ceafe8a6edc815df2923ba892894617829e9d3c2 The apt http code parses Content-Length and Content-Range. For both requests the variable "Size" is used and the semantic for this Size is the total file size. However Content-Length is not the entire file size for partital file requests. For servers that send the Content-Range header first and then the Content-Length header this can lead to globbing of Size so that its less than the real file size. This may lead to a subsequent passing of a negative number into the CircleBuf which leads to a endless loop that writes data. Thanks to Anton Blanchard for the analysis and initial patch. LP: #1445239 2015-05-11T22:30:16Z David Kalnischkies david@kalnischkies.de 2015-05-11T22:30:16Z urn:sha1:dcbb364fc69e1108b3fea3adb12a7ba83d9af467 If we have the expected hashes we can check with them if the file we have in partial we got a 416 for is the expected file. We detected this with same-size before, but not every server sends a good Content-Range header with a 416 response. 2015-04-18T23:13:10Z David Kalnischkies david@kalnischkies.de 2015-04-12T15:08:46Z urn:sha1:ba6b79bd0090077724fa1272ea4d3a31706fcd5a If we get a IMSHit for the Transaction-Manager (= the InRelease file or as its still supported fallback Release + Release.gpg combo) we can assume that every file we would queue based on this manager, but already have locally is current and hence would get an IMSHit, too. We therefore save us and the server the trouble and skip the queuing in this case. Beside speeding up repetative executions of 'apt-get update' this way we also avoid hitting hashsum errors if the indexes are in fact already updated, but the Release file isn't yet as it is the case on well behaving mirrors as Release files is updated last. The implementation is a bit harder than the theory makes it sound as we still have to keep reverifying the Release files (e.g. to detect now expired once to avoid an attacker being able to silently stale us) and have to handle cases in which the Release file hits, but some indexes aren't present (e.g. user added a new foreign architecture).