summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Upload 1.5~alpha3 to experimental1.5_alpha3Julian Andres Klode2017-06-3015-16/+23
|
* Don't read CaInfo if not specified (missing else)Julian Andres Klode2017-06-301-0/+1
| | | | | | | This fixes a regression from ~alpha2. Closes: #866559 Gbp-Dch: Full
* Upload 1.5~alpha2 to experimental1.5_alpha2Julian Andres Klode2017-06-2915-16/+35
|
* Build-Depend on debhelper (>= 10) to shut up lintianJulian Andres Klode2017-06-291-1/+1
|
* Bump Standards-Version (and wrap-and-sort a bit)Julian Andres Klode2017-06-291-3/+3
|
* http: Only use system CA store if CaInfo is not setJulian Andres Klode2017-06-291-7/+10
| | | | | It turns out that curl only sets the system trust store if the CaInfo option is not set, so let's do the same here.
* Demote gnupg to SuggestsJulian Andres Klode2017-06-291-1/+2
| | | | | stretch was the migration release for gpg->gpgv basically, so let's demote it now.
* Have apt Recommend ca-certificatesJulian Andres Klode2017-06-291-1/+1
| | | | | The http method needs ca-certificates for TLS support, so enable it.
* Improve error message if system CA store is emptyJulian Andres Klode2017-06-291-1/+4
| | | | | | Tell the user to install ca-certificates. Closes: #866377
* fix a "critical" typo in old changelog entryRobert Luberda2017-06-291-1/+1
| | | | | | | | | This typo exposes a bug in apt-listchanges that prevents commands like `apt-listchanges --show-all apt_*.deb' from showing the changelog. The bug will be fixed in next upload of apt-listchanges, but I think it would be nice have the typo fixed as well. Closes: 866358
* use port from SRV record instead of initial portDavid Kalnischkies2017-06-291-1/+5
| | | | | | | | | | | An SRV record includes a portnumber to use with the host given, but apt was ignoring the portnumber and instead used either the port given by the user for the initial host or the default port for the service. In practice the service usually runs on another host on the default port, so it tends to work as intended and even if not and apt can't get a connection there it will gracefully fallback to contacting the initial host with the right port, so its a user invisible bug most of the time.
* support tor+https being handled by httpDavid Kalnischkies2017-06-282-4/+18
| | | | | | The apt-transport-tor package operates via simple symlinks which can result in 'http' being called as 'tor+https', so it must pick up the right configuration pieces and trigger https support also in plus names.
* Upload 1.5~alpha1 to experimental1.5_alpha1Julian Andres Klode2017-06-2860-847/+3385
|
* Strip 0: epochs from the version hashJulian Andres Klode2017-06-282-0/+49
| | | | | | | This should fix some issues with dpkg normalizing such values. Suprisingly enough apt treats the Version: field the same, even with epoch vs without, but not when searching, and does not strip the 0: from the output.
* Merge branch 'feature/releaseinfochange'David Kalnischkies2017-06-2817-58/+416
|\
| * ask for releaseinfo change interactively in aptDavid Kalnischkies2017-06-286-13/+42
| | | | | | | | | | | | | | If we have a user sitting around we can let 'apt' ask the user for a confirmation rather than print errors at the end and require the user to figure out which commandline flags are needed to confirm the changes non-interactively.
| * allow frontends to override releaseinfo change behaviourDavid Kalnischkies2017-06-283-30/+105
| | | | | | | | | | | | | | | | Having messages being printed on the error stack and confirm them by commandline flags is an okayish first step, but some frontends will probably want to have a more interactive feeling here with a proper question the user can just press yes/no for as for some frontends a commandline flag makes no sense…
| * show a Release-Notes URI if infos were changedDavid Kalnischkies2017-06-285-2/+22
| | | | | | | | | | | | | | | | This gives the repository owner a chance to explain why this change was needed – e.g. explaining the organisational changes or simply detailing the changes in the new release made. Note that this URI is also shown if the change is accepted, so it also draws attention to release notes of minor updates (if users watch apt output closely).
| * error in update on Release information changesDavid Kalnischkies2017-06-2811-43/+277
|/ | | | | | | | | | | The value of Origin, Label, Codename and co can be used in user configuration from apts own pinning to unattended upgrades. A repository changing this values can therefore have serious effects on the behaviour of apt and other tools using these values. In a first step we will generate error messages for these changes now explaining the need for explicit confirmation and provide config options and commandline flags to accept them.
* fail instead of warn on insecure repositories in apt-getDavid Kalnischkies2017-06-286-19/+23
| | | | | | | | | The exception was made to give (script) users a one-release grace period to adapt their setup to deal with apt enforcing signing of repositories. As we are now at the start of a new release cycle its as good a time as any to lift it now. Removes-Exception: 952ee63b0af14a534c0aca00c11d1a99be6b22b2
* Merge branch 'feature/http-https'Julian Andres Klode2017-06-2819-272/+601
|\
| * Introduce Acquire::AllowTLS to turn off TLS supportJulian Andres Klode2017-06-283-0/+14
| | | | | | | | | | | | As requested by Henrique de Moraes Holschuh, here comes an option to disable TLS support. If the option is set to false, the internal TLS layer is disabled.
| * Fix test suite and enable non-curl testing on travis, shippableJulian Andres Klode2017-06-283-1/+8
| | | | | | | | Gbp-Dch: ignore
| * Fix https->http redirect issuesDavid Kalnischkies2017-06-282-8/+4
| | | | | | | | Gbp-Dch: ignore
| * methods: http: Drain pending data before selectingJulian Andres Klode2017-06-283-1/+20
| | | | | | | | | | | | | | | | GnuTLS can already have data pending in its buffers, we need to to drain that first otherwise select() might block indefinitely. Gbp-Dch: ignore
| * Allow building without curlJulian Andres Klode2017-06-283-7/+30
| | | | | | | | | | This makes testing easier and prepares us for the transition.
| * methods: Add HTTPS support to http method, using GnuTLSJulian Andres Klode2017-06-287-182/+385
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The http method will eventually replace the curl-based https method, but for now, this is an opt-in experiment that can be enabled by setting Dir::Bin::Methods::https to "http". Known issues: - We do not support HTTPS proxies yet - We do not support proxying HTTPS connections yet (CONNECT) - IssuerCert and SslForceVersion are unsupported Gbp-Dch: Full
| * methods: connect: Switch from int fds to new MethodFdJulian Andres Klode2017-06-286-72/+126
| | | | | | | | | | | | | | | | Use std::unique_ptr<MethodFd> everywhere we used an integer-based file descriptor before. This allows us to implement stuff like TLS support easily. Gbp-Dch: ignore
| * methods: connect: Change PkgAcqMethod to aptMethodJulian Andres Klode2017-06-284-12/+14
| | | | | | | | | | | | | | This will allow us to access ConfigFind() and stuff which makes it possible for us to implement TLS support. Gbp-Dch: ignore
| * Add clang-format definitionsJulian Andres Klode2017-06-282-0/+11
| | | | | | | | | | | | Also add git-clang-format helper to help with }}} Gbp-Dch: ignore
* | Skip test-apt-download-progressJulian Andres Klode2017-06-281-0/+0
|/ | | | | The test keeps failing continously on Ubuntu, so let's fix it for now.
* travis: ignore profiling warning in progress linesDavid Kalnischkies2017-06-271-2/+2
| | | | | | | | | | On Travis CI running tests with code coverage enabled sometimes generates profiling lines, which we filter out for a while now, but that misses lines generated showing progress still causing test failures, so more sed logic is added in the hopes to ignore them. Extends: 58608941e6b58a46109b7cd875716b3d8054c4bf Gbp-Dch: Ignore
* fix some unlikely memory leaks in error casesDavid Kalnischkies2017-06-264-42/+24
| | | | | | | | The error cases are just as unlikely as the memory leaks to ever cause real problems, but lets play it safe for correctness. Reported-By: scan-build & clang Gbp-Dch: Ignore
* deal with 3xx httpcodes as required by HTTP/1.1 specDavid Kalnischkies2017-06-263-14/+15
| | | | | | | | | | | | | | An unknown code should be handled the same as the x00 code of this group, but for redirections we used to treat 300 (and a few others) as an error while unknown codes were considered redirections. Instead we check now explicitly for the redirection codes we support for redirecting (and add the 308 defined in RFC 7538) to avoid future problems if new 3xx codes are added expecting certain behaviours. Potentially strange would have been e.g. "305 Use Proxy" sending a Location for the proxy to use – which wouldn't have worked and resulted in an error anyhow, but probably confused users in the process.
* fail InRelease on non-404 HTTP errorcodesDavid Kalnischkies2017-06-262-1/+14
| | | | | | | | | | | | | | There are very many HTTP errorcodes which indicate that the repository isn't available at the moment or the connection has some kind of problem. Given that we do not require Release files the result was that these errors were ignored and the user presented with a message like "Repository is no longer signed" which sends the user in the wrong direction. Instead of trying to figure out which http errorcodes indicate a global problem we accept only 404 for ignoring and consider all the rest as hard errors now causing us to stop instantly after the InRelease file and print the errorcode (with short description from server) received.
* show .diff/Index properly as ignored if we fallbackDavid Kalnischkies2017-06-263-111/+94
| | | | | | | | | | Moving the code responsible for parsing the Index file from ::Done into the slightly earlier ::VerifyDone allows us to still "fail" the download if we can't make use of the Index for whatever reason, so that the progress log correctly displays "Ign" instead of "Get" for the file. This also makes quiet a few debug messages proper error messages (but those are still hidden by default for Ign lines).
* warn if an expected file can't be acquiredDavid Kalnischkies2017-06-267-5/+83
| | | | | | | | | | | | | | If we couldn't find an entry for a Sources file we would generate an error while for a Packages file we would silently skip it due to assuming it is missing because it is empty. We can do better by checking if the repository declares that it supports a component we want to get the file from and if not say so and hint at the user making a typo. An example were this helps is mozilla.debian.net which dropped the firefox-aurora component (as upstream did) meaning no upgrades until the user notices manually that the repository doesn't provide packages anymore. With this commit warnings are raised hopefully causing the user to investigate what is wrong (sooner).
* avoid changing directory in mirror methodDavid Kalnischkies2017-06-261-17/+13
|
* clean archives without changing directoryDavid Kalnischkies2017-06-264-28/+50
| | | | | Adopting this change in other frontends will require source changes as well similar to our own changes in apt-private/.
* ident a CD without changing directoryDavid Kalnischkies2017-06-261-23/+23
|
* Avoid chdir in acquire clean with unlinkatDavid Kalnischkies2017-06-263-32/+40
| | | | | | | | | | | | POSIX.1-2008 gives us a range of *at calls to deal with files including the unlinkat so we can remove a file from a directory based on a path to the file relative to the directory. (In our case here the path we have is just the filename) We avoid changing directories in this way which e.g. fails if the directory we started in no longer exists or is otherwise inaccessible. Closes: 860738
* make the create-test-data script great againDavid Kalnischkies2017-06-262-19/+32
| | | | | | | | Changes in the past to the buildsystem and the testing framework broke this little helper script – lets fix those problems to restore functionality. Gbp-Dch: Ignore
* Show permission error if ProxyAutoDetect cmd can't be executedDavid Kalnischkies2017-06-263-1/+12
| | | | | | | | | | As the proxy commands are not executed as root, a user can run into permission errors (s)he isn't expecting – as our switching is an implementation detail – so the error message in that case should really be better than a generic "error code 100" sending the user in the wrong direction as that implies the command was executed, but errored out. Closes: 857885
* Refactor to avoid loop/dangling gcc warningsDavid Kalnischkies2017-06-264-9/+11
| | | | Gbp-Dch: Ignore
* Annotate intended switch fall through in httpsDavid Kalnischkies2017-06-261-0/+1
| | | | | Reported-By: gcc-7 Gbp-Dch: Ignore
* Refactor finding compressor by name to avoid code dupDavid Kalnischkies2017-06-261-46/+33
| | | | Git-Dch: Ignore
* Call update from apt-key test for a strange path testDavid Kalnischkies2017-06-262-1/+17
| | | | | | | | | | We setup a "horrible" environment in the apt-key testcase to check all kinds of things, but we really should be making also at least a simple apt update call, as that in turn will call apt-key which is how apt-key is used in the non-testcase world, so that calling should be able to deal with such environments as well. Gbp-Dch: Ignore
* Add a few more Auto-Detect-Proxy testsDavid Kalnischkies2017-06-262-6/+31
| | | | Gbp-Dch: Ignore
* don't show incorrect 'How odd' errror in no-download modeDavid Kalnischkies2017-06-261-22/+27
| | | | | | | | | | | | Showing messages related to downloading in a mode which can't download is pretty pointless, so instead of trying harder to make it so that these messages do not trigger just skip them entirely. That the message triggered here is an artifact of the implementation in which the download items are finished, while the code expects them to be still pending – even the in a previous run completely downloaded files. Closes: 863635
* avoid explicit types for pkg counts by autoDavid Kalnischkies2017-06-267-49/+59
| | | | | | | | | Changes nothing on the program front and as the datatypes are sufficently comparable fixes no bug either, but problems later on if we ever change the types of those and prevent us using types which are too large for the values we want to store waste (a tiny bit of) resources. Gbp-Dch: Ignore