Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.2.3 2016-02-10T13:17:06Z 2016-02-10T13:17:06Z David Kalnischkies david@kalnischkies.de 2016-02-10T13:17:06Z urn:sha1:9750213c8117312f9d7dc6d283a4005d14621ef6 Otherwise the test run as root fails seeing the W: Can't drop privileges for downloading as file 'foo_1.tar.gz' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied) warning in a command which isn't supposed to warn. One trivial test, two fixups and still counting… Git-Dch: Ignore 2016-02-10T12:50:40Z David Kalnischkies david@kalnischkies.de 2016-02-10T12:50:40Z urn:sha1:7776f6d270030a758aad9b6ce260a62c3aa7b4b5 Travis still uses a dpkg version which defaults to gz and as which compression is picked isn't all to important as long as one is just accept any. Git-Dch: Ignore 2016-02-10T12:31:12Z Julian Andres Klode jak@debian.org 2016-02-10T12:29:19Z urn:sha1:5fafaf27a5f066dc15d96c03ef154fd1d59eb891 This tests the fix for #812994, #813000 Gbp-Dch: ignore 2016-02-10T12:03:00Z David Kalnischkies david@kalnischkies.de 2016-02-10T11:26:49Z urn:sha1:b6f1b480164b454661ddd4fdd3968302c6a3ebf6 Regression introduced in a249b3e6fd798935a02b769149c9791a6fa6ef16, which in the case of an invalid cache would build the first part unlocked and later pick up the (still unlocked) cache for further processing, so the system got never locked and apt would end up complaining about being unable to release the lock at shutdown. The far more common case of having a valid cache worked as expected and hence covered up the problem – especially as tests who would have noticed it are simulations only, which do not lock. Closes: 814139 Reported-By: Balint Reczey <balint@balintreczey.hu> Reported-By: Helmut Grohne <helmut@subdivi.de> on IRC 2016-02-04T17:13:05Z Julian Andres Klode jak@debian.org 2016-02-04T17:13:05Z urn:sha1:eb5113c486955d9cd66126aa59d3a27e52c52e58 2016-02-03T13:56:49Z David Kalnischkies david@kalnischkies.de 2016-02-03T13:56:49Z urn:sha1:d603afd970e4bc84ed7176b988cd72bd9cf339b3 We don't need the dependencies for obvious reasons and we don't need the candidate version either, so building a pkgDepCache is wasted effort, which we can stop doing now that build-dep cleared the path. 2016-02-03T12:50:00Z David Kalnischkies david@kalnischkies.de 2016-02-03T11:58:23Z urn:sha1:cd907113561d5eb75054f981be3bcc22eee8db27 The later just calls the earlier, but the later needs the fullblown dependency cache to be initialized, which is a very costly operation and isn't done anymore that early in the run as we would need to throw away and rebuild it again after we got all the information about source pkgs. As we end up with a nullptr for the pkgDepCache, we use a slightly longer calling convention to make sure that we use the pkgCache directly, avoiding nullptr induced segfaults and costly operations. Git-Dch: Ignore Reported-By: Balint Reczey <balint@balintreczey.hu> 2016-01-31T22:24:59Z David Kalnischkies david@kalnischkies.de 2016-01-31T21:32:45Z urn:sha1:5025879e3fdd705bb0607ff8f51a680749c5972a APT has a different understanding than dpkg (#748936) what matches and what doesn't match an architecture specification as it isn't converting back (and forward) to Debian triplets. That has to eventually be solved some way or the other, but until that happens we change the matching in apt so that porters can continue their work on non-gnu libc-ports even if policy doesn't specify that yet (and dpkg just supporting it "by accident" via triplets). The initial patch was reformatted, fixed in terms of patterns containing "any-any", dealing with expanding an arch without libc to gnu while a pattern expands libc to any, the parsedepends test was fixed (the new if's were inserted one step too early) and another test just for the specifications added. Closes: #812212 Thanks: Bálint Réczey for initial patch 2016-01-31T18:06:19Z David Kalnischkies david@kalnischkies.de 2016-01-28T23:52:48Z urn:sha1:aa3e7b3287a20b464237c869483111abc7e9d815 Git-Dch: Ignore 2016-01-27T15:39:52Z David Kalnischkies david@kalnischkies.de 2016-01-27T14:28:17Z urn:sha1:6fc2e03084c7e027c2b9a63c1fe99ff743aae3b6 The Date field in the Release file is useful to avoid allowing an attacker to 'downgrade' a user to earlier Release files (and hence to older states of the archieve with open security bugs). It is also needed to allow a user to define min/max values for the validation of a Release file (with or without the Release file providing a Valid-Until field). APT wasn't formally requiring this field before through and (agrueable not binding and still incomplete) online documentation declares it optional (until now), so we downgrade the error to a warning for now to give repository creators a bit more time to adapt – the bigger ones should have a Date field for years already, so the effected group should be small in any case. It should be noted that earlier apt versions had this as an error already, but only showed it if a Valid-Until field was present (or the user tried to used the configuration items for min/max valid-until). Closes: 809329