summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib
Commit message (Collapse)AuthorAgeFilesLines
* copy ReadWrite-error to the bottom to make clang happyDavid Kalnischkies2015-09-141-1/+4
| | | | | | | | clang detects that fd isn't set in the ReadWrite case – just that this is supposed to be catched earlier in this method already, but it doesn't hurt to make it explicit here as well and clang is happy, too. Git-Dch: Ignore
* implement CopyFile without using FileFd::Size()David Kalnischkies2015-09-141-13/+7
| | | | | | | | Pipes and such have no good Size value, but we still want to copy from it maybe and we don't really need size as we can just as well read as long as we get data out of a file to copy it. Git-Dch: Ignore
* avoid triggering the c++11 erase api change on travisDavid Kalnischkies2015-09-021-2/+2
| | | | Git-Dch: Ignore
* use clock() as source for SRV randomnessDavid Kalnischkies2015-09-012-24/+18
| | | | | | | | | | | | | | | Initializing a random number generator with the time since epoch could be good enough, but reaches its limits in test code as the 100 iterations might very well happen in the same second and hence the seed number is always the same… clock() has a way lower resolution so it changes more often and not unimportant: If many users start the update at the same time it isn't to unlikely the SRV record will be ordered in the same second choosing the same for them all, but it seems less likely that the exact same clock() time has passed for them. And if I have to touch this, lets change a few other things as well to make me and/or compilers a bit happier (clang complained about the usage of a GNU extension in the testcase for example).
* use unusable-for-security hashes for integrity checksDavid Kalnischkies2015-09-011-0/+1
| | | | | | | We want to declare some hashes as not enough for security, so that a user will need --allow-unauthenticated or similar to get data secured only by those hashes, but we can still us these hashes for integrity checks if we got them.
* Consider md5sum no longer a usable hashMichael Vogt2015-09-012-4/+12
| | | | | The md5sum hash is broken since some time and we should no longer consider it a usable hash. Also update the tests to reflect this.
* improve CheckDropPrivsMustBeDisabled furtherDavid Kalnischkies2015-09-011-4/+6
| | | | | | | Various smaller improvements so that the check deals better with already downloaded files, relative paths and other things. Git-Dch: Ignore
* ignore for _apt inaccessible TMPDIR in pkgAcqChangelogDavid Kalnischkies2015-08-312-3/+29
| | | | | | | | | | | | Using libpam-tmpdir caused us to create our download tmp directory in root's private tmp before changing to _apt, which wouldn't have access to it. By extending our GetTempDir method with an optional wrapper changing the effective user, we can test if a given user can access the directory and ignore TMPDIR if not instead of ignoring TMPDIR completely. Closes: 797270
* Always close compressed files in FileFdJulian Andres Klode2015-08-271-6/+7
| | | | | | | We dup() the file descriptor when opening compressed files, so we always need to close the dup()ed one. Furthermore, not unsetting the d-pointer causes issues when running OpenDescriptor() multiple times on the same file descriptor.
* Add basic (non weight adjusted) shuffling for SrvRecords selectionMichael Vogt2015-08-202-3/+61
| | | | | Also add "Debug::Acquire::SrvRecs" debug option and the option "Acquire::EnableSrvRecods" to allow disabling this lookup.
* apt-pkg/contrib/srvrec.cc: res_query() should not generate a _error->Warning()Michael Vogt2015-08-181-0/+2
|
* cleanupMichael Vogt2015-08-182-6/+6
|
* Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt2015-08-1819-100/+197
|\ | | | | | | feature/srv-records
| * Also add 'in combination with the other options.' to another errorJulian Andres Klode2015-08-141-1/+1
| | | | | | | | Gbp-Dch: ignore
| * Say "in combination with the other options" if an option is not understoodJulian Andres Klode2015-08-141-3/+3
| | | | | | | | Closes: #762758
| * Use setresuid() and setresgid() where availableJulian Andres Klode2015-08-131-3/+13
| |
| * Deprecate SPtrArray<T> and convert everyone to unique_ptr<T[]>Julian Andres Klode2015-08-132-4/+5
| | | | | | | | More standardization
| * Mark SPtr as deprecated, and convert users to std::unique_ptrJulian Andres Klode2015-08-131-1/+1
| | | | | | | | Switch to std::unique_ptr, as this is safer than SPtr.
| * Annotate more methods with APT_OVERRIDEJulian Andres Klode2015-08-111-1/+1
| | | | | | | | | | | | Gbp-Dch: ignore Reported-By: g++ -Wsuggest-override Thanks: g++ -Wsuggest-override
| * ExecFork: Use /proc/self/fd to determine which files to closeJulian Andres Klode2015-08-111-5/+19
| | | | | | | | | | | | | | | | | | | | This significantly reduces the number of files that have to be closed and seems to be faster, despite the additional reads. On systems where /proc/self/fd is not available, we fallback to the old code that closes all file descriptors >= 3. Closes: #764204
| * change to libapt-pkg abi 5.0 with versioned symbolsDavid Kalnischkies2015-08-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | We changed an aweful lot of stuff, so 5.0 is properly better than 4.X as a semantic version and as we are at it lets add some trivial symbol versioning as well: We just mark all exported symbols with the same version for now. This isn't really the proper thing to do as if we add symbols in later versions (with the same abi) they will get the same symbols version, but our .symbols file will protect us from the problems arising from this as it will ensure that a package acutally depends on a version of the abi high enough to include the symbol.
| * elimate duplicated code in pkgIndexFile subclassesDavid Kalnischkies2015-08-102-10/+10
| | | | | | | | | | | | | | | | Trade deduplication of code for a bunch of new virtuals, so it is actually visible how the different indexes behave cleaning up the interface at large in the process. Git-Dch: Ignore
| * remove the compatibility markers for 4.13 abiDavid Kalnischkies2015-08-101-6/+0
| | | | | | | | | | | | | | | | We aren't and we will not be really compatible again with the previous stable abi, so lets drop these markers (which never made it into a released version) for good as they have outlived their intend already. Git-Dch: Ignore
| * add c++11 override marker to overridden methodsDavid Kalnischkies2015-08-104-6/+7
| | | | | | | | | | | | | | | | | | C++11 adds the 'override' specifier to mark that a method is overriding a base class method and error out if not. We hide it in the APT_OVERRIDE macro to ensure that we keep compiling in pre-c++11 standards. Reported-By: clang-modernize -add-override -override-macros Git-Dch: Ignore
| * implement reverse_iterators for cachesetsDavid Kalnischkies2015-08-101-0/+6
| | | | | | | | | | | | | | | | By further abstracting the iterator templates we can wrap the reverse iterators of the wrapped containers and share code in a way that iterator creating is now more template intensive, but shorter in code. Git-Dch: Ignore
| * implement Signed-By option for sources.listDavid Kalnischkies2015-08-102-2/+20
| | | | | | | | | | | | | | | | | | | | Limits which key(s) can be used to sign a repository. Not immensely useful from a security perspective all by itself, but if the user has additional measures in place to confine a repository (like pinning) an attacker who gets the key for such a repository is limited to its potential and can't use the key to sign its attacks for an other (maybe less limited) repository… (yes, this is as weak as it sounds, but having the capability might come in handy for implementing other stuff later).
| * fix memory leaks reported by -fsanitizeDavid Kalnischkies2015-08-102-0/+4
| | | | | | | | | | | | | | | | Various small leaks here and there. Nothing particularily big, but still good to fix. Found by the sanitizers while running our testcases. Reported-By: gcc -fsanitize Git-Dch: Ignore
| * some CXXFLAGS housekeepingDavid Kalnischkies2015-08-101-0/+8
| | | | | | | | | | | | More warnings are always better. Git-Dch: Ignore
| * make all d-pointer * const pointersDavid Kalnischkies2015-08-104-34/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Doing this disables the implicit copy assignment operator (among others) which would cause hovac if used on the classes as it would just copy the pointer, not the data the d-pointer points to. For most of the classes we don't need a copy assignment operator anyway and in many classes it was broken before as many contain a pointer of some sort. Only for our Cacheset Container interfaces we define an explicit copy assignment operator which could later be implemented to copy the data from one d-pointer to the other if we need it. Git-Dch: Ignore
| * apply various style suggestions by cppcheckDavid Kalnischkies2015-08-103-4/+4
| | | | | | | | | | | | | | Some of them modify the ABI, but given that we prepare a big one already, these few hardly count for much. Git-Dch: Ignore
| * show URI.Path in all acquire item descriptionsDavid Kalnischkies2015-06-112-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | It is a rather strange sight that index items use SiteOnly which strips the Path, while e.g. deb files are downloaded with NoUserPassword which does not. Important to note here is that for the file transport Path is pretty important as there is no Host which would be displayed by Site, which always resulted in "interesting" unspecific errors for "file:". Adding a 'middle' ground between the two which does show the Path but potentially modifies it (it strips a pending / at the end if existing) solves this "file:" issue, syncs the output and in the end helps to identify which file is meant exactly in progress output and co as a single site can have multiple repositories in different paths.
| * configureable acquire targets to download additional filesDavid Kalnischkies2015-06-092-11/+4
| | | | | | | | | | | | | | | | First pass at making the acquire system capable of downloading files based on configuration rather than hardcoded entries. It is now possible to instruct 'deb' and 'deb-src' sources.list lines to download more than just Packages/Translation-* and Sources files. Details on how to do that can be found in the included documentation file.
| * support hashes for compressed pdiff filesDavid Kalnischkies2015-06-092-3/+15
| | | | | | | | | | | | | | | | At the moment we only have hashes for the uncompressed pdiff files, but via the new '$HASH-Download' field in the .diff/Index hashes can be provided for the .gz compressed pdiff file, which apt will pick up now and use to verify the download. Now, we "just" need a buy in from the creators of repositories…
| * rework hashsum verification in the acquire systemDavid Kalnischkies2015-06-092-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Having every item having its own code to verify the file(s) it handles is an errorprune process and easy to break, especially if items move through various stages (download, uncompress, patching, …). With a giant rework we centralize (most of) the verification to have a better enforcement rate and (hopefully) less chance for bugs, but it breaks the ABI bigtime in exchange – and as we break it anyway, it is broken even harder. It shouldn't effect most frontends as they don't deal with the acquire system at all or implement their own items, but some do and will need to be patched (might be an opportunity to use apt on-board material). The theory is simple: Items implement methods to decide if hashes need to be checked (in this stage) and to return the expected hashes for this item (in this stage). The verification itself is done in worker message passing which has the benefit that a hashsum error is now a proper error for the acquire system rather than a Done() which is later revised to a Failed().
* | Merge branch 'debian/experimental' into feature/srv-recordsMichael Vogt2015-08-1818-328/+1080
|\| | | | | | | | | | | Conflicts: cmdline/apt-helper.cc cmdline/makefile
| * Merge branch 'debian/sid' into debian/experimentalMichael Vogt2015-05-221-1/+2
| |\ | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: apt-pkg/pkgcache.h debian/changelog methods/https.cc methods/server.cc test/integration/test-apt-download-progress
| | * Merge remote-tracking branch 'upstream/debian/jessie' into debian/sidMichael Vogt2015-05-221-1/+1
| | |\ | | | | | | | | | | | | | | | | Conflicts: apt-pkg/deb/dpkgpm.cc
| | * | Move sysconf(_SC_OPEN_MAX); out of the for() loop to avoid unneeded syscallsMichael Vogt2015-04-281-1/+2
| | | |
| * | | implement VerifyFile as all-hashes checkDavid Kalnischkies2015-05-121-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | It isn't used much compared to what the methodname suggests, but in the remaining uses it can't hurt to check more than strictly necessary by calculating and verifying with all hashes we can compare with rather than "just" the best known hash.
| * | | fix macro definition for very old GCC < 3David Kalnischkies2015-05-111-1/+1
| | | | | | | | | | | | | | | | Git-Dch: Ignore
| * | | Merge branch 'debian/jessie' into debian/experimentalDavid Kalnischkies2015-04-191-1/+1
| |\ \ \ | | | |/ | | |/| | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: apt-pkg/acquire-item.cc cmdline/apt-key.in methods/https.cc test/integration/test-apt-key test/integration/test-multiarch-foreign
| | * | demote VectorizeString gcc attribute from const to pureDavid Kalnischkies2015-04-071-1/+1
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | g++-5 generates a slightly broken libapt which doesn't split architecture configurations correctly resulting in e.g. Packages files requested for the bogus architecture 'amd64,i386' instead of for amd64 and i386. The reason is an incorrectly applied attribute marking the function as const, while functions with pointer arguments are not allowed to be declared as such (note that char& is a char* in disguise). Demoting the attribute to pure fixes this issue – better would be dropping the & from char but that is an API change… Neither earlier g++ versions nor clang use this attribute to generate broken code, so we don't need a rebuild of dependencies or anything and g++-5 isn't even included in jessie, but the effect is so strange and apt popular enough to consider avoiding this problem anyhow.
| | * allow options between command and -- on commandlineDavid Kalnischkies2014-11-101-8/+11
| | | | | | | | | | | | | | | | | | | | | This used to work before we implemented a stricter commandline parser and e.g. the dd-schroot-cmd command constructs commandlines like this. Reported-By: Helmut Grohne
| | * add a simple container for HashStringsDavid Kalnischkies2014-11-102-15/+187
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | APT supports more than just one HashString and even allows to enforce the usage of a specific hash. This class is intended to help with storage and passing around of the HashStrings. The cherry-pick here the un-const-ification of HashType() compared to f4c3850ea335545e297504941dc8c7a8f1c83358. The point of this commit is adding infrastructure for the next one. All by itself, it just adds new symbols. Git-Dch: Ignore
| * | ensure lists/ files have correct permissions after apt-cdrom addDavid Kalnischkies2015-04-192-1/+31
| | | | | | | | | | | | | | | | | | | | | | | | Its a bit unpredictable which permissons and owners we will encounter on a CD-ROM (or a USB stick, as apt-cdrom is responsible for those too), so we have to ensure in this codepath as well that everything is nicely setup without waiting for a 'apt-get update' to fix up the (potential) mess.
| * | calculate only expected hashes in methodsDavid Kalnischkies2015-04-192-19/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Methods get told which hashes are expected by the acquire system, which means we can use this list to restrict what we calculate in the methods as any extra we are calculating is wasted effort as we can't compare it with anything anyway. Adding support for a new hash algorithm is therefore 'free' now and if a algorithm is no longer provided in a repository for a file, we automatically stop calculating it. In practice this results in a speed-up in Debian as we don't have SHA512 here (so far), so we practically stop calculating it.
| * | if we can, use gccs __builtin_swap methodsDavid Kalnischkies2015-04-191-0/+9
| | | | | | | | | | | | Git-Dch: Ignore
| * | reimplement the last uses of sprintfDavid Kalnischkies2015-04-102-86/+71
| | | | | | | | | | | | | | | | | | | | | | | | Working with strings c-style is complicated and error-prune, so by converting to c++ style we gain some simplicity and avoid buffer overflows by later extensions. Git-Dch: Ignore
| * | fix some new compiler warnings reported by gcc-5David Kalnischkies2015-03-161-5/+5
| | | | | | | | | | | | Git-Dch: Ignore
| * | streamline display of --help in all toolsDavid Kalnischkies2014-11-092-0/+4
| | | | | | | | | | | | | | | | | | | | | By convention, if I run a tool with --help or --version I expect it to exit successfully with the usage, while if I do call it wrong (like without any parameters) I expect the usage message shown with a non-zero exit.