Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.1.3 2015-11-29T13:32:29Z 2015-11-29T13:32:29Z David Kalnischkies david@kalnischkies.de 2015-11-29T13:27:25Z urn:sha1:3dd64b9c53b63ed82e59971614ec1dc242621d9b Regression of 14341a7ee1ca3dbcdcdbe10ad19b947ce23d972d. Reported-By: Julian Andres Klode <jak@debian.org> 2015-11-29T13:05:38Z David Kalnischkies david@kalnischkies.de 2015-11-29T13:05:38Z urn:sha1:3d284148090b6349c216407bb2766bd8f6a962f0 Git-Dch: Ignore 2015-11-29T12:36:28Z Andreas Cadhalpun andreas.cadhalpun@googlemail.com 2015-11-29T12:36:28Z urn:sha1:321213f0dcdcdaab04e01663e7a047b261400c9c The relevant testcases are in test/integration/test-apt-get-source. There is a test for #731853 that is supposed to "ensure that apt will pick the higher version number" of 0.0.1 (stable) and 0.1 (stable). However, this works by pure chance, as simply reversing the order of the two insertsource lines makes the test fail. So #731853 isn't really fixed, yet. Actually, that's related to the problem I reported, as the underlying issue for both is the same: In the FindSrc function apt chooses a new 'best hit', if either * there is a target release and it matches the release of the package, * or the version of the package is higher than the last best hit. Consider having 1.0 (stable), 2.0 (unstable) and 1.5 (unstable), in this order. Looking for the version in stable, apt first selects 1.0, because the release matches the target release, but then subsequently selects 2.0, because the version is higher. Looking for the version in unstable, apt first selects 2.0, because the release matches the target release, but then subsequently selects 1.5, because the release also matches the target release. The correct way would be to choose a new 'best hit', if either * there is a target release and it matches the release of the package, * or there is no target release and the version is higher than the last best hit. Closes: 746412 Mail-Reference: <565A604B.7090104@googlemail.com> Mail-Archive: https://lists.debian.org/debian-devel/2015/11/msg00470.html 2015-11-28T12:30:29Z David Kalnischkies david@kalnischkies.de 2015-11-28T12:17:57Z urn:sha1:ebca2f254ca96ad7ad855dca6e76c9d1c792c4a0 Dropping privileges is an involved process for code and system alike so ideally we want to verify that all the work wasn't in vain. Stuff designed to sidestep the usual privilege checks like fakeroot (and its many alternatives) have their problem with this through, partly through missing wrapping (#806521), partly as e.g. regaining root from an unprivileged user is in their design. This commit therefore disables most of these checks by default so that apt runs fine again in a fakeroot environment. Closes: 806475 2015-11-28T12:27:06Z David Kalnischkies david@kalnischkies.de 2015-11-28T00:27:49Z urn:sha1:eab57e0807c08fe8d3a5dcf02809c830f99fd972 debci seems to have a cleaner environment now and even if not we could never guess nogroup, so figure it out properly via 'id'. Git-Dch: Ignore 2015-11-27T21:22:21Z David Kalnischkies david@kalnischkies.de 2015-11-27T21:22:21Z urn:sha1:0300f0077af832e87beb290f26b13404cab81fd3 Seems like a simpler workaround than forcing a lower optimization level just for this for all of apt. See also: https://bugs.launchpad.net/ubuntu/+source/gcc-5/+bug/1473674 2015-11-25T14:20:10Z Justin B Rye justin.byam.rye@gmail.com 2015-11-22T09:14:12Z urn:sha1:839603418384565a53d9aca7b23dbd7742e3ea77 Git-Dch: Ignore 2015-11-21T17:15:22Z David Kalnischkies david@kalnischkies.de 2015-11-21T17:15:22Z urn:sha1:90139c7075afb283428d561b81037039bc7ba149 We do not show the architecture as a dedicated field as this is rather technical information, but as packagename it makes sense to show the architecture as other part of apt will refer to it in this way. 2015-11-21T17:04:29Z Justin B Rye justin.byam.rye@gmail.com 2015-11-21T16:50:06Z urn:sha1:d04e44ac8177fc5b70ae0189bb5e437c2502f910 Reference mail: https://lists.debian.org/debian-l10n-english/2015/11/msg00006.html 2015-11-21T12:47:19Z David Kalnischkies david@kalnischkies.de 2015-11-21T12:47:19Z urn:sha1:abd6af5a1ce2c20a5742c5c3182dfadce10367ca In 8d041b4f we made apt figure out based on the last Release file it has if it should request a file or not given that the hashes changed or not. So if we have a last Release file and do a request, do not sent a Last-Modified header as we expect a change so much that a non-change would indeed be an error. The Last-Modified header is therefore at best ignored by the server, so sending it is just wasted effort. In the worst case as time is a fragile thing the server decides against sending us an update with the idea that we already have the latest content, which we know for a fact that we haven't. Given that we sent less information to the server our request is on its own also less identifiable as coming from a returning or new user. The disadvantage is that if we end up getting an old index file after getting a new Release file from another mirror the old mirror will not be able to tell us 'Hit', but instead sends us the complete file we discard, but both lets us end up with the same error class in the end, so the difference isn't big in practice.