Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.6_alpha5 2017-10-28T09:35:39Z 2017-10-28T09:35:39Z Julian Andres Klode jak@debian.org 2017-10-28T08:59:55Z urn:sha1:a6375472a41af7f1521369d0c22a858d7051ab18 Installed-Size for linux-image-4.13.0-1-amd64-dbg and friends are larger than 4 GB, but read as a signed integer - that's fine so far, as the value is in KB, but it's multiplied with 1024 which overflows. So let's read it as unsigned long long instead. While we're at it, also use unsigned long long for Size, in case that is bigger than 2 GB. 2017-10-20T21:40:53Z Julian Andres Klode jak@debian.org 2017-10-20T21:37:36Z urn:sha1:404dececf913d3c09368a73ca00aa8172dbf6865 tagfile-order.c: Add missing fields from dpkg 1.19 For binary packages, this is Build-Essential; for source packages, it is Description. test-bug-718329-...: Ignore control.tar.*, changes in dpkg 1.19 test-apt-extracttemplates: Fix for dpkg 1.19 2017-10-05T15:30:25Z David Kalnischkies david@kalnischkies.de 2017-10-05T12:49:27Z urn:sha1:50920fca5eff021f810d5de0cc9d2fa4d6068c50 A va_copy call needs to be closed in all branches with va_end, so these functions would need to be reworked slightly, but we don't actually need to copy the va_list as we don't work on it, we just push it forward, so dropping the copy and everyone is happy. Reported-By: cppcheck Gbp-Dch: Ignore 2017-10-05T15:30:25Z David Kalnischkies david@kalnischkies.de 2017-08-01T13:22:09Z urn:sha1:012932793ba0ea9398a9acd80593bed8e77cfbfc gpg2 generates keyboxes by default and users end up putting either those or armored files into the trusted.gpg.d directory which apt tools neither expect nor can really work with without fortifying backward compatibility (at least under the ".gpg" extension). A (short) discussion about how to deal with keyboxes happened in https://lists.debian.org/deity/2017/07/msg00083.html As the last message in that thread is this changeset lets go ahead with it and see how it turns out. The idea is here simply that we check the first octal of a gpg file to have one of three accepted values. Testing on my machines has always produced just one of these, but running into those values on invalid files is reasonabily unlikely to not worry too much. Closes: #876508 2017-09-26T17:45:12Z David Kalnischkies david@kalnischkies.de 2017-09-26T17:45:12Z urn:sha1:7ea3c67f96e3bc82f86afe72d6c61308c92de515 APT used to parse only wellformed files produced by repository creation tools which removed empty files as pointless before apt would see them. Now that apt can be told to parse e.g. debian/control files directly, it needs to be a little more accepting through: We had this with comments already, now let it deal with the far more trivial empty fields. Closes: #875363 2017-09-26T17:32:15Z David Kalnischkies david@kalnischkies.de 2017-09-26T17:27:30Z urn:sha1:f3e34838d95132e5f318e85525326decbfb19e36 APT connects just fine to any .onion address given, only if the connect fails somehow it will perform checks on the sanity of which in this case is checking the length as they are well defined and as the strings are arbitrary a user typing them easily mistypes which apt should can be slightly more helpful in figuring out by saying the onion hasn't the required length. 2017-09-24T18:36:41Z Julian Andres Klode jak@debian.org 2017-09-24T18:33:49Z urn:sha1:5e770a07c8fd649340e83725f6d07b94c361e87c This automatically removes any old apt-transport-https, as apt now Breaks it unversioned. 2017-09-09T18:12:15Z Julian Andres Klode jak@debian.org 2017-09-03T12:38:58Z urn:sha1:8d23827be3043daf7fed1b86da1d41578889eaeb When writing a Sources files hashes that were already present in the .dsc were always copied through (or modified), even if disabled. Remove them instead when they are disabled, otherwise we end up with hashes for tarballs and stuff but not for dsc files (as the dsc obviously does not hash itself). Also adjust the tests: test-compressed-indexes relied on Files being present in showsrc, and test-apt-update-weak-hashes expected the tarball to be downloaded when an archive only has MD5 and we are requiring SHA256 because that used to work because the tarball was always included. Closes: #872963 2017-09-09T15:19:48Z David Kalnischkies david@kalnischkies.de 2017-08-28T11:22:58Z urn:sha1:8130f39cf085efcf34bee9e9ce89802b29bb9318 Commit e250a8d8d8ef2f8f8c5e2041f7645c49fba7aa36 implemented the fix and should have included already this testcase for it. Gbp-Dch: Ignore 2017-09-09T12:00:48Z Julian Andres Klode jak@debian.org 2017-09-09T12:00:11Z urn:sha1:4d4459a5548e82224aac778833625358c0801681 gpgv: WARNING: This key is not suitable for signing in --compliance=gnupg mode