Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.7.4 2023-08-02T10:04:32Z 2023-08-02T10:04:32Z Julian Andres Klode julian.klode@canonical.com 2023-08-01T11:59:09Z urn:sha1:5576e7f76da73f3f5217f90d816cc19b6c0a5a77 If we know both SHA256, and they're different, the packages are. This approach stores the SHA256 only at runtime, avoiding the overhead of storing it on-disk, because when we update repositories we update all of them anyhow. Note that pkgCacheGenerator is hidden, so we can just modify its ABI, hooray. Closes: #931175 LP: #2029268 2023-07-11T13:47:17Z Julian Andres Klode jak@debian.org 2023-07-11T13:47:17Z urn:sha1:7bb2b81090b1a5bd9ebb49a0d9fd5cfd9ddab95f dist-upgrade: Revert phased updates using keeps only See merge request apt-team/apt!299 2023-07-07T12:28:59Z Julian Andres Klode julian.klode@canonical.com 2023-07-07T12:24:52Z urn:sha1:68ef41ea912f4879b0ee43419c13a3a8c9bfcd22 This fixes an issue where phased updates gain new dependencies and cause them to be installed despite themselves not being installed. In the cause of investigation, it turned out that we also need to evaluate the candidate version at those early stage rather than the install version (which is only valid *after* MarkInstall). This does not fully resolve the problem: If an update pulls in a phased update, depends are still being installed. Resolving this while ensuring that phased updates cannot uninstall packages requires us to do a minimization of changes by trying to keep back each new install removal and then seeing if any dependency is being broken by it. This is more complex and will happen later. 2023-07-05T08:57:26Z Julian Andres Klode julian.klode@canonical.com 2023-07-03T09:13:00Z urn:sha1:89dd48bdea93849246fc33b447d6d7ad52bb1c4b In the bug, mutter was kept back due to phasing and the new gnome-shell depended on that, and was therefore kept back as well, however, gnome-shell-common was not broken, and apt decided to continue upgrading it by removing gnome-shell and the ubuntu desktop meta packages. This is potentially a regression of LP#1990586 where we added keep back calls to the start of the dist-upgrade to ensure that we do not mark stuff for upgrade in the first place that depends on phasing updates, however it was generally allowed by the resolver to also do those removals. To fix this, we need to resolve the update normally and then use ResolveByKeepInternal to keep back any changes broken by held back packages. However, doing so breaks test-bug-591882-conkeror because ResolveByKeep keeps back packages for broken Recommends as well, which is not something we generally want to do in a dist-upgrade after we already decided to upgrade it. To circumvent that issue, extend the pkgProblemResolver to allow a package to be policy broken, and mark all packages that already were already going to be policy broken to be allowed to be that, such that we don't try to undo their installs. LP: #2025462 2023-06-27T17:21:47Z Julian Andres Klode julian.klode@canonical.com 2023-06-27T17:14:43Z urn:sha1:aba813975abb880f8b27d659147f7760c02f99e7 We want to gently steer users towards having Signed-By for each source such that we can retire a shared keyring across sources which improves resilience against configuration issues and incompetent malicious actors. 2023-05-24T09:22:44Z Julian Andres Klode julian.klode@canonical.com 2023-05-24T09:07:26Z urn:sha1:4e35e5079f589700b4b5f1fc00787144bc1c58bf 2023-05-24T09:22:44Z Julian Andres Klode julian.klode@canonical.com 2023-05-17T15:18:33Z urn:sha1:48cbc5413fb2a0e490c2282b9df65da96ad7a9f2 This will attempt to fallback to a per-server setting if we could not determine a value from the release file. 2023-05-02T13:56:30Z Julian Andres Klode jak@debian.org 2023-05-02T13:56:30Z urn:sha1:ed818cfe5c53503f8096056f599e639a9308b3da Add --snapshot and --update support See merge request apt-team/apt!291 2023-05-02T13:23:14Z Julian Andres Klode julian.klode@canonical.com 2023-02-22T13:14:52Z urn:sha1:a19f606aad717fe5c9c69237c3af53feb547115e Provide snapshot support for offical Debian and Ubuntu archives. There are two ways to enable snapshots for sources: 1. Add Snapshot: yes to your sources file ([snapshot=yes]). This will allow you to specify a snapshot to use when updating or installing using the --snapshot,-S option. 2. Add Snapshot: ID to your sources files to request a specific snapshot for this source. Snapshots are discovered using Label and Origin fields in the Release file of the main source, hence you need to have updated the source at least once before you can use snapshots. The Release file may also declare a snapshots server to use, similar to Changelogs, it can contain a Snapshots field with the values: 1. `Snapshots: https://example.com/@SNAPSHOTID@` where `@SNAPSHOTID@` is a placeholder that is replaced with the requested snapshot id 2. `Snapshots: no` to disable snapshot support for this source. Requesting snapshots for this source will result in a failure to load the source. The implementation adds a SHADOWED option to deb source entries, and marks the main entry as SHADOWED when a snapshot has been requested, which will cause it to be updated, but not included in the generated cache. The concern here was that we need to keep generating the shadowed entries because the cleanup in `apt update` deletes any files not queued for download, so we gotta keep downloading the main source. This design is not entirely optimal, but avoids the pitfalls of having to reimplement list cleanup. Gaps: - Ubuntu Pro repositories and PPAs are not yet supported. 2023-05-02T13:16:54Z Julian Andres Klode julian.klode@canonical.com 2023-04-11T14:37:51Z urn:sha1:3625351722e67903dc34993fe318e50863bd2d31 This runs update before opening the cache and sources.list for installing/upgrading.