Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.3_rc1 2016-08-11T00:19:31Z 2016-08-11T00:19:31Z David Kalnischkies david@kalnischkies.de 2016-08-11T00:19:31Z urn:sha1:c21dab6848cbe90736a998cbec8050fdf5110dd7 With cmake using BUILDDIRECTORY at this place is not only as wrong as it was before, but it might not even work always copying the system provided one which might or might not be current and hence fails tests needing it to be current like ./test-apt-move-and-forget-manual-sections We don't want to always use the one from the source directory through either like in autopkgtests. Gbp-Dch: Ignore 2016-08-10T23:36:23Z David Kalnischkies david@kalnischkies.de 2016-08-10T23:36:23Z urn:sha1:0a7370ca91289db3d23d72aeac397edfe3dfb75b 2016-08-10T23:36:18Z David Kalnischkies david@kalnischkies.de 2016-08-10T23:36:18Z urn:sha1:6b3ddbd059c403efeb40d81c29f2cae6e8f5b1bf 2016-08-10T23:34:39Z David Kalnischkies david@kalnischkies.de 2016-08-06T11:53:05Z urn:sha1:8665dceb5cf2a197ae270b08066f05c8a2870223 Doing a direct connect to an .onion address (if you don't happen to use it as a local domain, which you shouldn't) is bound to fail and does leak the information that you do use Tor and which hidden service you wanted to connect to to a DNS server. Worse, if the DNS is poisoned and actually resolves tricking a user into believing the setup would work correctly… This does block also the usage of wrappers like torsocks with apt, but with native support available and advertised in the error message this shouldn't really be an issue. Inspired-by: https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 2016-08-10T21:51:35Z David Kalnischkies david@kalnischkies.de 2016-07-28T07:13:24Z urn:sha1:28557f94578602f9ce0011501a2259bd98ab0688 With b4450f1dd6bca537e60406b2383ab154a3e1485f we dropped what we calculated here later on and now that we don't need it in the meantime either we can just skip the busy work by default and expect dpkg to do the right thing dropping also our little "last explicit configures" removal trick introduced in b4450f1dd6bca537e60406b2383ab154a3e1485f. This enables the last of a bunch of previously experimental options, some of them existing still, but are very special and hence not really worth documenting anymore (especially as it would need to be rewritten now entirely) which is why the documentation is nearly completely dropped. The order of configuration stanzas in the simulation code changes slightly as it isn't concerning itself with finding the 'right' order, but any order is valid anyhow as long as the entire set happens in the same call. 2016-08-10T21:51:34Z David Kalnischkies david@kalnischkies.de 2016-07-25T14:36:53Z urn:sha1:83e5cffc2015aa809acac84737756d292d7bf106 The user has to approve the removal of a crossgraded package as it might be needed to remove it (temporarily) in the process, but in most cases we can happily avoid it and let dpkg unpack over it skipping the remove. This has some effects on progress reporting and how deal with selections through which makes this a tiny bit complicated. 2016-08-10T21:20:15Z David Kalnischkies david@kalnischkies.de 2016-08-01T19:45:29Z urn:sha1:a1f3ac8aba0675321dd46d074af8abcbb10c19fd If the URI had no password the username was ignored 2016-08-10T21:19:44Z David Kalnischkies david@kalnischkies.de 2016-08-06T17:59:57Z urn:sha1:c9c910695185b59aa27b787c1a250497e47b492b To prevent accidents like adding http-sources while using tor+http it can make sense to allow disabling methods. It might even make sense to allow "redirections" and adding "symlinked" methods via configuration. This could e.g. allow using different options for certain sources by adding and configuring a "virtual" new method which picks up the config based on the name it was called with like e.g. http does if called as tor+http. 2016-08-10T21:19:44Z David Kalnischkies david@kalnischkies.de 2016-08-04T06:45:38Z urn:sha1:61db48241f2d46697a291bfedaf398a1ca9a70e3 Socks support is a requested feature in sofar that the internet is actually believing Acquire::socks::Proxy would exist. It doesn't and this commit isn't adding it as that isn't how our configuration works, but it allows Acquire::http::Proxy="socks5h://…". The HTTPS method was changed already to support socks proxies (all versions) via curl. This commit implements only SOCKS5 (RFC1928) with no auth or pass&user auth (RFC1929), but not GSSAPI which is required by the RFC. The 'h' in the protocol name further indicates that DNS resolution is delegated to the socks proxy rather than performed locally. The implementation works and was tested with Tor as socks proxy for which implementing socks5h only can actually be considered a feature. Closes: 744934 2016-08-10T21:19:44Z David Kalnischkies david@kalnischkies.de 2016-07-31T16:05:56Z urn:sha1:30060442025824c491f58887ca7369f3c572fa57 The https method implemented for a long while now a hardcoded fallback to the same options in http, which, while it works, is rather inflexible if we want to allow the methods to use another name to change their behavior slightly, like apt-transport-tor does to https – most of the diff being s#https#tor#g which then fails to do the full circle fallthrough tor -> https -> http for https sources. With this config infrastructure this could be implemented now.