| Commit message (Collapse) | Author | Age | Files | Lines |
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The check option discovers broken format string translations as
well as other issues like broken headers, enable it.
The Japanese translation was discovered to both use the wrong
ordering for %.*s translations with different positions, and
missing the dot, e.g.
%1$*2$s should have been %2$.*1$s
(the number after % matches the string and the number after
.* the size)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new sqv method uses sequoia's sqv tool to verify files. The
tool's interface is quite simple: It returns 0 on success, and
prints one line per good signer with the fingerprint.
sqv has a configurable crypto policy. We have defined apt-specific
override mechanisms for sequoia's standard policy, allowing both
users, distributions, and apt package to provide overrides for
Sequoia's default policy in meaningful ways.
The sqv method will be built and be the standard method for
verifying OpenPGP signatures provided that `sqv` is in the
PATH during building. It is not built if there was no sqv
at build time, so you need a rebuild to enable sqv later
on.
On the flip side, the gpgv method is always built, but it
does need to be always built: If APT::Key::GPGVCommand is
set, we need to fallback to it - this is important to
support existing users of that interface such as
mmdebstrap. Also we want to fall back to it when /usr/bin/sqv
disappears - for example in our CI :D
A couple of concessions have been made for test suite purposes:
- Failure to split a clearsigned file only shows the summary,
as the gpgv method also only showed it, and no details why
it failed.
- We write "Got GOODSIG <fingerprint>" in debug mode to mimic
the gpgv code to keep the test suite happy.
- In various places in the test suite we assert minimal output
from sqv, but sqv's human output is not intended to be stable.
This will incur additional work when it breaks. However we do
not _parse_ the output, so actual operation of apt is unaffected.
A couple of things are suboptimal here:
- We are still doing clearsigned splitting ourselves. sqv only
has support for detached signatures right now, whereas sqopv
has support for clearsigned files as well (but sqopv does not
provide any reasons for why signature verification fails or
means to set a policy).
- Deprecation of algorithms happens on a timebomb basis in
sequoia. We have no means to give users warnings ahead of
time if their configuration is outdated.
We have implemented various bits that probably should be going away:
- Fallback to trusted.gpg
This is just annoying...
- Support for fingerprints in Signed-By (no subkey matching though)
The extra work here is arguably less compared to gpgv.
- Check the keyring for correctness.
With Signed-By everywhere, we should just error out rather than
skip broken keyrings.
Moo
|
| |
|
|
|
| |
OpenSSL is mandatory now, it is no longer possible to build
without https support either.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce an OpenSSL::Crypto backend for the hashes library
and an OpenSSL::SSL backend for the TLS support in our https
method.
Many thanks to curl for showing the way with how to handle
a CRL file. There are some memory leaks here with the
TlsFd itself as well as the proxy support; and we should
reorganize the code to generate the ssl object as late
as possible.
A peculiar aspect of OpenSSL is that SSL_has_pending() returns
1 even if SSL_read() will fail to read anything and return the
equivalent of EAGAIN. We work around this here by also peeking
ahead 1 byte. I was running a very high RTT connection from
Germany to Australia for testing, and with the peeking it's
using negligible amounts of CPU; before that, it was busy
looping at 100%. Bad OpenSSL!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Automatically show the output of `show`, `policy`, `list`,
`search`, `showsrc` in a pager.
The pager setup is inspired by git's pager setup. Notably,
the pager is found using APT_PAGER and PAGER variables.
We wait for the pager to be setup somewhat correctly by
using a notify pipe to figure out whether execvp() was
succesful - then the pipe will read EOF as the other end
got closed by CLOEXEC during exec - or not, then the pipe
will contain an errno.
We set up the correct handlers for signals and exit to close
the fds and wait for the pager. Notably inside the signal
handler we cannot flush our streams, only close them, so
there is some duplication.
We call the InitOutputPager() function from inside the
various Do...() functions rather than setting it up
generally in InitOutput(). Doing so allows us to first
render the progress without a pager, and then setup
the pager for the content only which improves user
experience.
When we setup a pager we also take care to disable
standard input, as we should not be prompting users
while a pager is running (the pager will be reading
from the tty directly). We do this by dup2-ing() a
/dev/null over it; if we just close()d the fd, another
open() might reuse the fd number and problems could
occur.
|
| |
|
|
|
|
|
|
|
|
|
| |
CMake 3.31 is very noisy about our manpage (and to a lesser extend
documentation in general) building as we used "//" and "/../" there.
`cmake --help-policy CMP0177` documents the warning, so we could just
decide on a value and deal with it, but given our usage is not really
needed and rather trivial to change lets not pick a value and instead
use a normalized path so we don't use different code paths in CMake
depending on which CMake version we happen to be build with.
|
| |
|
|
|
|
| |
Ignoring errors might lead to failures later on anyhow, but especially
with triehash it could also lead to broken builds or other crazy stuff,
so lets better be save than sorry.
|
| |
|
|
|
|
|
|
| |
Also allow us to have utf-8 characters in xgettext, but msgcomm still
fails so ugh.
This avoids translations messing up the formatting a bit more, at
least, and makes apt build again
|
| |
|
|
|
|
|
|
|
| |
Once in a generation, it may be necessary to bootstrap apt in an
environment where gnutls is not yet available. This makes gnutls
support in apt optional.
You may also want a configure flag to force gnutls to be required from
outside the buildsystem (e.g. debian/rules).
|
| |
|
|
|
|
|
|
|
|
| |
As of bookworm, merged-usr is mandatory, and people got caught
in the crosshairs of the dpkg fsys-unmessusr debacle and inadvertently
reverted back to an unmerged configuration and continue to remain
on an unsupported system unknowingly.
Help them by erroring out when they are installing packages on /,
they are not in a chroot, and a usrmerge package is available.
|
| |
|
|
|
|
|
|
|
| |
Changes in the entities do not lead to a rebuild of the manpages
otherwise. We also try to have each lingua have its own (translated)
entities as dependencies rather than all as the old code order
would have suggested.
Gbp-Dch: Ignore
|
| |
|
|
|
|
|
|
| |
We don't ship the code this define was effecting since 2020,
so defining this constant is pointless.
References: e8016805b87bead8eb3dff0d0559c5d9590b721b
Gbp-Dch: Ignore
|
| |
|
|
|
| |
References: 1460eebf2abe913df964e031eff081a57f043697
Gbp-Dch: Ignore
|
| |
|
|
|
|
| |
XXH3 is faster than both our CRC32c implementation as well
as DJB hash for hash table hashing, so meh, let's switch to
it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
| CMake Warning (dev) at /usr/share/cmake-3.18/Modules/FindPackageHandleStandardArgs.cmake:273 (message):
| The package name passed to `find_package_handle_standard_args` (Berkeley)
| does not match the name of the calling package (BerkeleyDB). This can lead
| to problems in calling code that expects `find_package` result variables
| (e.g., `_FOUND`) to follow a certain pattern.
| Call Stack (most recent call first):
| CMake/FindBerkeleyDB.cmake:57 (find_package_handle_standard_args)
| CMakeLists.txt:83 (find_package)
| This warning is for project developers. Use -Wno-dev to suppress it.
And indeed, we checked for BERKLEY_DB_FOUND which was not defined so our
HAVE_BDB was not set – just that it is never used, so it wasn't noticed.
|
| | |
|
| |
|
|
| |
Sorry!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replacing the macros with stub inline functions allows for more
versatile usage, e.g. fixing this compile error:
In file included from /usr/include/x86_64-linux-gnu/c++/9/bits/c++locale.h:41,
from /usr/include/c++/9/bits/localefwd.h:40,
from /usr/include/c++/9/ios:41,
from /usr/include/c++/9/ostream:38,
from /usr/include/c++/9/iostream:39,
from include/apt-pkg/configuration.h:30,
from ../apt-pkg/contrib/netrc.cc:16:
/usr/include/c++/9/clocale:54:11: error: ‘::setlocale’ has not been declared
54 | using ::setlocale;
Gbp-Dch: Ignore
|
| |
|
|
|
|
|
|
|
| |
As the builtins were used in the feature test also in the default branch
clang fails to compile the test helpfully complaining that you need to
compile with sse4.2 to use that while on gcc it is optimized out as
unused code and produces only a warning for that… removing the code from
the default branch fixes this problem, but we adapt the code some more to
avoid compilers optimizing it out in the future just in case.
|
| |
|
|
| |
References: https://github.com/mquinson/po4a/commit/329f472a378d42c7a33e8110e5091be61480a0fc
|
| |
|
|
|
|
| |
Upstream says it had no effect before, so it seems safe to adapt.
References: https://github.com/mquinson/po4a/commit/ac1e97305b6073ed87fa8cf0a2e32f9b1255d0f1
|
| |
|
|
|
| |
Switch the code of the Hashes class to use libgcrypt, which allows
us to use hardware-accelerated implementations of SHA1 and friends.
|
| |
|
|
| |
This ensures that we do not leak simple words like that.
|
| | |
|
| |
|
|
|
|
|
| |
As long as we are running dpkg, keep an inhibitor that
blocks us from shutting down.
LP: #1820886
|
| |
|
|
| |
Mistakingly used #define instead of #cmakedefine
|
| |
|
|
|
| |
This fixes the build on kfreebsd-amd64, and due to the detection
of sse4.2, should also enable the sse4.2 on i386.
|
| |
|
|
| |
Prompted-by: Jakub Wilk <jwilk@debian.org>
|
| |
|
|
|
|
|
| |
zstd is a compression algorithm developed by facebook. At level 19,
it is about 6% worse in size than xz -6, but decompression is multiple
times faster, saving about 40% install time, especially with eatmydata
on cloud instances.
|
| |
|
|
|
|
|
| |
We accidentally did not translate the entity file, but should
have. This makes apt.ent translatable again. This generates the
target multiple times, but surprisingly, that works just fine, so
let's just keep it that way, as it's clean code otherwise.
|
| |
|
|
|
|
|
|
|
|
| |
This fixes a regression introduced in
commit 43b9eb5bac15666fdc0346aca7031fab0fa5e064
CMake: methods: Cleanup link libraries, use OBJECT libraries
Gbp-Dch: ignore
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use OBJECT libraries for http and connect stuff, and move the
seccomp link expression into a global link_libraries() call.
This also fixes a bug where only the http target pulled in
the gnutls header arguments despite gnutls being used in
connect.cc, and thus by mirror and ftp as well.
Adjust translation support to ignore TARGET_OBJECTS sources
and add the OBJECT libraries to the translated files.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reduces the number of syscalls to about 140 from about
350 or so, significantly reducing security risks.
Also change prepare-release to ignore the architecture lists
in the build dependencies when generating the build-depends
package for travis.
We might want to clean up things a bit more and/or move it
somewhere else.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We previously dlopen()ed it, but it seems painful to do that
without any real gain, except for possibly not having libudev
in the address space and not having code #ifdefed for Linux.
The latter means that we are a bit more likely to break stuff
for non-Linux systems now if we play with udev, but at least
we don't end up with it silently breaking because of a libudev
ABI break.
The existing function pointers in the struct were renamed and
kept for compat purposes.
Fixes Debian/apt#48
Also adjust prepare-release to strip [linux-any] from build-depends
for travis.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have support for an netrc-like auth.conf file since 0.7.25 (closing
518473), but it was never documented in apt that it even exists and
netrc seems to have fallen out of usage as a manpage for it no longer
exists making the feature even more arcane.
On top of that the code was a bit of a mess (as it is written in c-style)
and as a result the matching of machine tokens to URIs also a bit
strange by checking for less specific matches (= without path) first.
We now do a single pass over the stanzas.
In practice early adopters of the undocumented implementation will not
really notice the differences and the 'new' behaviour is simpler to
document and more usual for an apt user.
Closes: #811181
|
| |
|
|
| |
This makes the code easier to read.
|
| |
|
|
|
|
|
|
| |
Most of them in (old) code comments. The two instances of user visible
string changes the po files of the manpages are fixed up as well.
Gbp-Dch: Ignore
Reported-By: spellintian
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our implementation of wildcards was rudimentary. It worked for some
common ones, but it was also broken: For example, armel matched any-armel,
but should match any-arm.
With this commit, we load the correct tables from dpkg. Supported are
both triplets and quadruplet tables (the latter introduced in dpkg 1.18.11).
There are some odd things we have to deal with in the cache filter for
historical and API reasons:
* The character "*" must be accepted as an alternative to any - in fact
it may appear anywhere in the wildcard as we also allow fnmatch() style
wildcard matching on the commandline.
* The code might get passed an arch with a minus at the end, for example
the cmdline "install apt:any-arm-" will first try to check if any-arm-
is a valid architecture. We deal with this by rejecting any wildcard
ending in a minus.
* Triplets are actually implemented by extending them to faux quadruplets
- by prepending a "base" component for the architecture tuple, and "any"
if there is a wildcard component.
Once we have constructed a wildcard, it is transformed into an fnmatch()
expression for historical reasons. In the future, we should really get a
tuple class and implement matching in a better, more explicit way.
This does for now though - it passes all the test cases and accepts all
things it should accept.
Closes: #748936
Thanks: James Clarke <jrtc27@jrtc27.com> for the initial patch
|
| |
|
|
|
|
|
|
|
|
|
|
| |
FreeBSD has two iconv systems: It ships an iconv.h itself,
and symbols for that in the libc. But there's also the port
of GNU libiconv, which unfortunately for us, Doxygen depends
on.
This changes things to prefer a separate libiconv library
over the system one; that is, the port on FreeBSD.
Gbp-Dch: ignore
|
| |
|
|
|
| |
This is needed on BSD where root's default group is wheel, not
root.
|
| |
|
|
|
|
|
| |
This allows other vendors to use different paths, or to build
your own APT in /opt for testing. Note that this uses + 1 in
some places, as the paths we receive are absolute, but we need
to strip of the initial /.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The BSD systems still ship their own db.h with a historical
BSD implementation, which is preferred by CMake, as it searches
its default path first. We thus have to disable the DEFAULT_PATH
for the search, unfortunately. We also need to pass the correct
include directory to the target.
Furthermore, on FreeBSD the library is called db-<VERSION>, so
let's add db-5 to the list of allowed names.
Gbp-Dch: ignore
|
| |
|
|
|
|
| |
This makes things work with /usr/local on FreeBSD.
Gbp-Dch: ignore
|
| |
|
|
| |
Gbp-Dch: ignore
|
| |
|
|
|
| |
Distributions seem to install this stuff all over the place, so
let's add a common list of paths we know about.
|
| |
|
|
|
|
|
|
| |
This module should cover all sorts of large file supports, as long
as they either support the getconf LFS_CFLAGS command; or the
_FILE_OFFSET_BITS=64 or _LARGE_FILES macros.
Closes: #834767
|
| |
|
|
|
|
| |
This fixes some actual bugs for PROJECT and BZIP2_INCLUDE_DIR.
Gbp-Dch: ignore
|
| |
|
|
|
|
| |
This can lead to an inconsistent state otherwise, with the
output being updated and the byproduct not; for example,
when the build was manually interrupted.
|