summaryrefslogtreecommitdiff
path: root/apt-pkg/indexrecords.cc
Commit message (Collapse)AuthorAgeFilesLines
* explicit overload methods instead of adding parametersDavid Kalnischkies2014-11-081-0/+13
| | | | | | | | Adding a new parameter (with a default) is an ABI break, but you can overload a method, which is "just" an API break for everyone doing references to this method (aka: nobody). Git-Dch: Ignore
* replace ignore-deprecated #pragma dance with _PragmaDavid Kalnischkies2014-11-081-8/+1
| | | | | | | | | For compatibility we use/provide and fill quiet some deprecated methods and fields, which subsequently earns us a warning for using them. These warnings therefore have to be disabled for these codeparts and that is what this change does now in a slightly more elegant way. Git-Dch: Ignore
* promote filesize to a hashstringDavid Kalnischkies2014-10-241-0/+3
| | | | | | | | | It is a very simple hashstring, which is why it isn't contributing to the usability of a list of them, but it is also trivial to check and calculate, so it doesn't hurt checking it either as it can combined even with the simplest other hashes greatly complicate attacks on them as you suddenly need a same-size hash collision, which is usually a lot harder to achieve.
* trusted=yes sources are secure, we just don't know whyDavid Kalnischkies2014-10-131-3/+21
| | | | | | | | | | | | | | | | | Do not require a special flag to be present to update trusted=yes sources as this flag in the sources.list is obviously special enough. Note that this is just disabling the error message, the user will still be warned about all the (possible) failures the repository generated, it is just triggering the acceptance of the warnings on a source-by-source level. Similarily, the trusted=no flag doesn't require the user to pass additional flags to update, if the repository looks fine in the view of apt it will update just fine. The unauthenticated warnings will "just" be presented then the data is used. In case you wonder: Both was the behavior in previous versions, too.
* do not inline virtual destructors with d-pointersDavid Kalnischkies2014-10-131-0/+2
| | | | | | | | | | | | | | Reimplementing an inline method is opening a can of worms we don't want to open if we ever want to us a d-pointer in those classes, so we do the only thing which can save us from hell: move the destructors into the cc sources and we are good. Technically not an ABI break as the methods inline or not do the same (nothing), so a program compiled against the old version still works with the new version (beside that this version is still in experimental, so nothing really has been build against this library anyway). Git-Dch: Ignore
* apt-pkg/indexrecords.cc: ensure that indexRecords::checkSum::Hash is initializedMichael Vogt2014-06-181-0/+8
|
* Add APT::Acquire::$(host)::By-Hash=1 knob, add Acquire-By-Hash to Release fileMichael Vogt2014-05-221-1/+8
| | | | | | | The by-hash can be configured on a per-hostname basis and a Release file can indicate that it has by-hash support via a new flag. The location of the hash now matches the AptByHash spec
* Implement simple by-hash for apt updateMichael Vogt2014-05-221-9/+13
| | | | | | | | | | | | This implements a apt update schema that get the indexfiles by the hash instead of the name. The rational is that updates to the archive servers/mirrors are not atomic so the client may have the previous version of the Release file when the server updates to a new Release file and new Packages/Sources/Translations indexes. By keeping the files around by their hash we can still get the previous indexfile without a hashsum mismatch. Enable with APT::Acquire::By-Hash=1
* use HashStringList in the acquire systemDavid Kalnischkies2014-05-091-1/+1
| | | | | | | | | | | | | It is not very extensible to have the supported Hashes hardcoded everywhere and especially if it is part of virtual method names. It is also possible that a method does not support the 'best' hash (yet), so we might end up not being able to verify a file even though we have a common subset of supported hashes. And those are just two of the cases in which it is handy to have a more dynamic selection. The downside is that this is a MAJOR API break, but the HashStringList has a string constructor for compatibility, so with a bit of luck the few frontends playing with the acquire system directly are okay.
* load the size from the metaindex into the fetcher to have even more accurate ↵Michael Vogt2014-04-161-1/+1
| | | | progress information
* follow method attribute suggestions by gccDavid Kalnischkies2014-03-131-7/+7
| | | | | Git-Dch: Ignore Reported-By: gcc -Wsuggest-attribute={pure,const,noreturn}
* cleanup headers and especially #includes everywhereDavid Kalnischkies2014-03-131-1/+6
| | | | | | | | Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
* warning: useless cast to type A [-Wuseless-cast]David Kalnischkies2014-03-131-2/+2
| | | | | Git-Dch: Ignore Reported-By: gcc -Wuseless-cast
* * enable release based selection for deb-src (closes: 731102)Michael Vogt2013-12-051-0/+5
|
* init the pkgTagFile with the size of the Release fileDavid Kalnischkies2013-08-151-1/+1
| | | | | | | Release files are basically one big Section, so we might safe some Resize circles by starting with the filesize. Git-Dch: Ignore
* stop skipping "-----" sections in Release filesDavid Kalnischkies2013-08-081-11/+6
| | | | | | | | | The file we read will always be a Release file as the clearsign is stripped earlier in this method, so this check is just wasting CPU Its also removing the risk that this could ever be part of a valid section, even if I can't imagine how that should be valid. Git-Dch: Ignore
* merged lp:~mvo/apt/fix-inrelease5Michael Vogt2013-04-021-1/+5
|\
| * * apt-pkg/deb/debindexfile.cc,David Kalnischkies2013-03-181-1/+5
| | | | | | | | | | | | | | | | | | | | | | apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files We can't write a "clean" file to disk as not all acquire methods copy Release files before checking them (e.g. cdrom), so this reverts recombining, but uses the method we use for dsc files also in the two places we deal with Release files
* | * apt-pkg/indexrecords.cc:Michael Vogt2013-01-241-2/+3
|/ | | - support '\r' in the Release file
* * apt-pkg/indexrecords.cc:David Kalnischkies2012-02-181-1/+4
| | | - do not create empty Entries as a sideeffect of Lookup()
* use forward declaration in headers if possible instead of includesDavid Kalnischkies2011-09-191-0/+3
|
* do not pollute namespace in the headers with using (Closes: #500198)David Kalnischkies2011-09-191-1/+4
|
* merge with debian/sidDavid Kalnischkies2011-09-131-5/+16
|\
| * - add an Acquire::Min-ValidTime option (Closes: #640122)David Kalnischkies2011-09-051-4/+15
| | | | | | | | | | * doc/apt.conf.5.xml: - reword Acquire::Max-ValidTime documentation to make clear that it doesn't provide the new Min-ValidTime functionality
| * * apt-pkg/indexrecords.cc:David Kalnischkies2011-09-051-2/+2
| | | | | | | | - fix Acquire::Max-ValidTime option by interpreting it really as seconds as specified in the manpage and not as days
* | Support large files in the complete toolset. Indexes of thisDavid Kalnischkies2011-09-131-3/+3
| | | | | | | | size are pretty unlikely for now, but we need it for deb packages which could become bigger than 4GB now (LP: #815895)
* | reorder includes: add <config.h> if needed and include it at firstDavid Kalnischkies2011-09-131-1/+3
|/
* - try downloading clearsigned InRelease before trying Release.gpgDavid Kalnischkies2011-01-201-7/+10
| | | | * apt-pkg/deb/deblistparser.cc: - rewrite LoadReleaseInfo to cope with clearsigned Releasefiles
* - backport forgotten Valid-Until patch from the obsolete experimentalDavid Kalnischkies2010-06-091-3/+42
|\ | | | | | | | | | | | | | | | | | | | | | | | | branch to prevent replay attacks better, thanks to Thomas Viehmann for the initial patch! (Closes: #499897) * doc/apt.conf.5.xml: - document the new Valid-Until related options * apt-pkg/contrib/strutl.cc: - split StrToTime() into HTTP1.1 and FTP date parser methods and use strptime() instead of some self-made scanf mangling - use the portable timegm shown in his manpage instead of a strange looking code copycat from wget * ftparchive/writer.cc: - add ValidTime option to generate a Valid-Until header in Release file
| * rename the options, document them and reorder the changelog a bitDavid Kalnischkies2010-06-091-2/+2
| |
| * use the Valid-Until header from the Release file but if the userDavid Kalnischkies2010-06-081-14/+19
| | | | | | | | | | provides a setting in the configuration prefer the date which is earlier.
| * enhance the Valid-Until code a bit by using the correct RFC1123StrToTimeDavid Kalnischkies2010-06-081-12/+12
| | | | | | | | method and allow for better translations of the error messages
| * * apt-pkg/indexrecords.cc:David Kalnischkies2010-06-081-2/+36
| | | | | | | | | | - backport forgotten Valid-Until patch from the obsolete experimental branch to prevent replay attacks better, thanks to Thomas Viehmann for the initial patch! (Closes: #499897)
* | * apt-pkg/indexrecords.{cc,h}:David Kalnischkies2010-05-291-0/+5
|/ | | | | - add a constant Exists check for MetaKeys * apt-pkg/acquire-item.cc: - do not try PDiff if it is not listed in the Meta file
* The 'not dead yet' releaseMichael Vogt2009-07-211-7/+7
|\ | | | | | | | | | | | | | | | | | | | | * add hook for MarkInstall and MarkDelete (closes: #470035) * add the various foldmarkers in apt-pkg & cmdline (no code change) * versions with a pin of -1 shouldn't be a candidate (Closes: #355237) * prefer mmap as memory allocator in MMap instead of a static char array which can (at least in theory) grow dynamic * eliminate (hopefully all) segfaults in pkgcachegen.cc and mmap.cc which can arise if cache doesn't fit into the mmap (Closes: #535218) * display warnings instead of errors if the parts dirs doesn't exist * honor the dpkg hold state in new Marker hooks (closes: #64141)
| * add the various foldmarkers in apt-pkg & cmdline (no code change)David Kalnischkies2009-06-301-7/+7
| |
* | * apt-pkg/indexrecords.cc:Michael Vogt2008-12-081-3/+3
|/ | | | | - fix some i18n issues * apt-pkg/contrib/strutl.h: - add new strprintf() function to make i18n strings easier
* * implement sha256/sha1/md5 checking with proper backward compatibilityMichael Vogt2007-07-261-21/+27
| | | | and fallback
* * remove all the remaining #pragma implementationMichael Vogt2007-06-081-3/+0
|
* Move CD-ROM handling backend into libapt-pkgMatt Zimmerman2005-02-041-0/+11
| | | | | | | | | | | | | | | | | | | | - apt-cdrom.cc seperated into frontend (cmdline/apt-cdrom.cc and library apt-pkg/cdrom.{cc,h}) (Ubuntu #5668) Patches applied: * michael.vogt@ubuntu.com--2005/apt--auth-cdrom--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-51 * michael.vogt@ubuntu.com--2005/apt--auth-cdrom--0--patch-1 * added support for signed cdroms * michael.vogt@ubuntu.com--2005/apt--auth-cdrom--0--patch-2 * merged with apt--main, seperated cmdline/apt-cdrom.cc into a library (apt-pkg/cdrom.{cc,h}) * michael.vogt@ubuntu.com--2005/apt--auth-cdrom--0--patch-3 * cleaned up the cmdline/apt-cdrom.cc code
* Merge apt--authentication--0Matt Zimmerman2004-12-131-0/+151
Patches applied: * apt@arch.ubuntu.com/apt--experimental--0.6--base-0 tag of apt@arch.ubuntu.com/apt--MAIN--0--patch-1190 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-1 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-2 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-3 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-4 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-5 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-6 Creation of branch v0_6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-7 Merge working copy of v0.6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-8 0.6.0 is headed for experimental, not unstable * apt@arch.ubuntu.com/apt--experimental--0.6--patch-9 Date * apt@arch.ubuntu.com/apt--experimental--0.6--patch-10 Update LIB_APT_PKG_MAJOR * apt@arch.ubuntu.com/apt--experimental--0.6--patch-11 - Fix a heap corruption bug in pkgSrcRecords::pkgSrcRec... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-12 Resynch * apt@arch.ubuntu.com/apt--experimental--0.6--patch-13 * Merge apt 0.5.17 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-14 * Rearrange Release file authentication code to be more... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-15 * Convert distribution "../project/experimental" to "ex... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-16 Merge 1.11 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-17 Merge 1.7 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-18 Merge 1.10 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-19 * Make a number of Release file errors into warnings; f... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-20 * Add space between package names when multiple unauthe... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-21 * Provide apt-key with a secret keyring and a trustdb, ... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-22 * Fix typo in apt-key(8) (standard input is '-', not '/') * apt@arch.ubuntu.com/apt--experimental--0.6--patch-23 0.6.2 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-24 Resynch * apt@arch.ubuntu.com/apt--experimental--0.6--patch-25 * Fix MetaIndexURI for flat ("foo/") sources * apt@arch.ubuntu.com/apt--experimental--0.6--patch-26 0.6.3 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-27 * Use the top-level Release file in LoadReleaseInfo, ra... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-28 0.6.4 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-29 Clarify * apt@arch.ubuntu.com/apt--experimental--0.6--patch-30 * Move the authentication check into a separate functio... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-31 * Fix display of unauthenticated packages when they are... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-32 * Move the authentication check into a separate functio... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-33 * Restore the ugly hack I removed from indexRecords::Lo... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-34 0.6.6 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-35 * Forgot to revert part of the changes to tagfile in 0.... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-36 * Add a config option and corresponding command line option * apt@arch.ubuntu.com/apt--experimental--0.6--patch-37 0.6.8 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-38 hopefully avoid more segfaults * apt@arch.ubuntu.com/apt--experimental--0.6--patch-39 XXX * apt@arch.ubuntu.com/apt--experimental--0.6--patch-40 * Another tagfile workaround * apt@arch.ubuntu.com/apt--experimental--0.6--patch-41 * Use "Codename" (woody, sarge, etc.) to supply the val... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-42 * Support IMS requests of Release.gpg and Release * apt@arch.ubuntu.com/apt--experimental--0.6--patch-43 * Have pkgAcquireIndex calculate an MD5 sum if one is n... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-44 * Merge 0.5.18 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-45 apt (0.6.13) experimental; urgency=low * apt@arch.ubuntu.com/apt--experimental--0.6--patch-46 0.6.13 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-47 Merge 0.5.20 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-48 The source list works a bit differently in 0.6; fix the... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-49 * s/Debug::Acquire::gpg/&v/ * apt@arch.ubuntu.com/apt--experimental--0.6--patch-50 * Honor the [vendor] syntax in sources.list again (thou... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-51 * Don't ship vendors.list(5) since it isn't used yet * apt@arch.ubuntu.com/apt--experimental--0.6--patch-52 * Revert change from 0.6.10; it was right in the first ... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-53 * Fix some cases where the .gpg file could be left in p... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-54 Print a warning if gnupg is not installed * apt@arch.ubuntu.com/apt--experimental--0.6--patch-55 * Handle more IMS stuff correctly * apt@arch.ubuntu.com/apt--experimental--0.6--patch-56 0.6.17 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-57 * Merge 0.5.21 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-58 * Add new Debian Archive Automatic Signing Key to the d... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-59 0.6.18 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-60 * Merge 0.5.22 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-61 * Convert apt-key(8) to docbook XML * apt@arch.ubuntu.com/apt--experimental--0.6--patch-62 Merge 0.5.23 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-63 Remove bogus partial 0.5.22 changelog entry * apt@arch.ubuntu.com/apt--experimental--0.6--patch-64 Make the auth warning a bit less redundant * apt@arch.ubuntu.com/apt--experimental--0.6--patch-65 * Merge 0.5.24 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-66 * Make the unauthenticated packages prompt more intuiti... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-67 Merge 0.5.25 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-68 * Remove obsolete pkgIterator::TargetVer() (Closes: #230159) * apt@arch.ubuntu.com/apt--experimental--0.6--patch-69 * Reverse test in CheckAuth to match new prompt (Closes... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-70 Update version * apt@arch.ubuntu.com/apt--experimental--0.6--patch-71 Fix backwards sense of CheckAuth prompt * apt@arch.ubuntu.com/apt--experimental--0.6--patch-72 0.6.24 * apt@arch.ubuntu.com/apt--experimental--0.6--patch-73 Close bug * apt@arch.ubuntu.com/apt--experimental--0.6--patch-74 * Fix handling of two-part sources for sources.list deb... * apt@arch.ubuntu.com/apt--experimental--0.6--patch-75 0.6.25 * apt@packages.debian.org/apt--authentication--0--base-0 tag of apt@arch.ubuntu.com/apt--experimental--0.6--patch-75 * apt@packages.debian.org/apt--authentication--0--patch-1 Michael Vogt's merge of apt--experimental--0 onto apt--main--0 * apt@packages.debian.org/apt--authentication--0--patch-2 Merge from apt--main--0 * apt@packages.debian.org/apt--authentication--0--patch-3 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-4 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-5 Update version number in configure.in * apt@packages.debian.org/apt--authentication--0--patch-6 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-7 Merge from main * apt@packages.debian.org/apt--authentication--0--patch-8 Merge from mvo's branch * apt@packages.debian.org/apt--authentication--0--patch-9 Merge from mvo's tree * apt@packages.debian.org/apt--authentication--0--patch-10 Merge from mvo * apt@packages.debian.org/apt--authentication--0--patch-11 Fix permissions AGAIN * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--base-0 tag of michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12 * michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--patch-1 * star-merged matt's changes (bz2 support for data-members in debs) * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-1 tag of apt@packages.debian.org/apt--authentication--0--base-0 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-2 merged "tla apply-delta -A foo@ apt@arch.ubuntu.com/apt--MAIN--0--patch-1190 apt@arch.ubuntu.com/apt--MAIN--0--patch-1343" and cleaned up conflicts * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-3 * missing bits from the merge added * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-4 * star-merged with apt@packages.debian.org/apt--main--0 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-5 * tree-synced to the apt--authentication tree * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-6 * use the ubuntu-key in this version * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-7 * imported the patches from mdz * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-8 * apt-get update --print-uris works now as before (fallback to 0.5.x behaviour) * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-9 * fix for the "if any source unauthenticated, all other sources are unauthenticated too" problem * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-10 * reworked the "--print-uris" patch. it no longer uses: "APT::Get::Print-URIs" in the library * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-11 * version of the library set to 3.6 * michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12 * changelog finallized, will upload to people.ubuntulinux.org/~mvo/apt-authentication * michael.vogt@canonical.com--2004/apt--main-authentication--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-22 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-1 * star-merge from apt--experimental--0.6 * michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-2 * compile failure fix for methods/http.cc, po-file fixes