apt/test, branch 2.6.0

Merge branch 'pu/never-sections-matching' into 'main'

2023-03-06T09:23:20Z

Fix permissions && change section matching in config files to be more gitignore style rightmost match See merge request apt-team/apt!286

Do not store trusted=yes Release file unconditionally

2023-03-04T12:07:00Z

A source marked with trusted=yes can still fail verification of the Release file, mostly for Date related issues, like being too new or too old, which have other options to force them in. The update code was not using the Release file (which was a InRelease file but failed verification – which was overridden by trusted=yes) as intended, but it marked it for storage, so that this "bad" Release file would end up being moved into lists/, which is bad as the indexes it refers to aren't updated while the next update run assumes that the indexes are in the state the Release file claims them to be in. Fixed simply by making the storage conditional on the usage as intended, which also resolves a second issue: The verification can also detect that a Release file we got is older than what we already have to avoid down- grade attacks. The more likely explanation is a slightly outdated mirror in a rotation/CDN through, so this gets the silent treatment to avoid scaring users by handling it as if we had got the same Release file we already have stored locally, removing the freshly received older file in the process alongside setting some variables. Those variables were already modified in the trusted=yes case though resulting in the stored Release file being removed instead. Not modifying the variables too early resolves this problem as well. Both seem to exist since at least 2015 as traces are visible in 448c38bdcd already, which shuffled lots of code around including the bad ones, but as we are in trusted=yes land, security is of no concern here, this "just" leads to failed pinning, hashsum mismatches and other strange problems in follow-up calls depending on how out of sync the Release file (if its still present) is with the rest of the trusted data. Reported-By: Dima Kogan on IRC Tested-By: Dima Kogan

Disable retries to speed up failure-propagation test

2023-03-04T10:52:29Z

Gbp-Dch: Ignore

Detect trimmed changelogs and pick online instead

2023-03-03T16:51:05Z

We only check the start of these lines to avoid hard coding the exact command and we pick 150 as maximum line length as the longest package name on my system is apparently 75 characters long. We could choose longer or shorter without much issue as over-length just means we mishandle the rest of the line as a new line and it should be really unlikely that a) lines are that long in this file and b) that such long lines contain one of our trigger sequences – but even if, all we do is start a download of an online file. Could be worse. This auto-detection can be avoided by setting Acquire::Changelogs::AlwaysOnline (or Origin specific sub options) to "true" if you always want the changelog from an online source. The reverse – setting it to "false" in the hope it would not get the changelog from an online source – was not and is still not possible. Closes: #1024457

test-apt-get-update-sourceslist-warning: Fix permissions

2023-02-27T13:01:52Z

This test did not work with umask 0002

Suggest using non-free-firmware in update for Debian

2023-02-04T16:56:41Z

In an ideal world everyone would read release notes, but if the last sources.list change is any indication a lot of people wont. This is even more a problem in so far as apt isn't producing errors for invalid repositories, but instead carries on as normal even through it will not be able to install upgrades for the moved packages. This commit implements two scenarios and prints a notice in those cases pointing to the release notes: a) User has 'non-free' but not 'non-free-firmware' b) User has a firmware package which isn't available from anywhere Both only happen if we are talking about a repository which identifies itself as one of Debian and is for a release codenamed bookworm (or sid). Note that as (usually) apt/oldstable is used to upgrade to the new stable release these suggestions only show for users after they have upgraded to bookworm on apt command line usage after that.

Have values in Section config trees refer to them in all components

2023-01-29T23:55:05Z

Hard coding each and every component is not only boring but given that everyone is free to add or use more we end up in situations in which apt behaves differently for the same binary package just because metadata said it is in different components (e.g. non-free vs. non-free-firmware). It is also probably not what the casual user would expect. So we instead treat a value without a component as if it applies for all of them. The previous behaviour can be restored by prefixing the value with "/" as in the component is not defined. In an ideal world we would probably use "*/foo" for the new default instead of changing the behaviour for "foo", but it seems rather unlikely that the old behaviour is actually desired. All existing values were duplicated for all (previously) known components in Debian and Ubuntu.

make ?installed pattern match installed version only when narrowed

2023-01-13T11:27:55Z

This is the correct behavior, but it was overlooked when aptitude patterns where ported. I remember wondering about this, but I checked the aptitude code and saw a check that CurrentVer != 0 or something and then apparently did not notice another implementation for version matching.

Merge branch 'pu/clean-apt-key-tmp' into 'main'

2022-10-31T10:43:17Z

Actually delete temporary apt-key.*.asc helper files See merge request apt-team/apt!266

Actually delete temporary apt-key.*.asc helper files

2022-10-31T10:18:13Z

During development there was an if (0) there for debugging purposes that unfortunately stayed in and caused files to accumulate. LP: #1995247