summaryrefslogtreecommitdiff
path: root/apt-pkg
Commit message (Collapse)AuthorAgeFilesLines
* don't hang if multiple sources use unavailable methodDavid Kalnischkies2017-08-041-3/+6
| | | | | | | | | | | | | | | APT clients always noticed if a method isn't supported and nowadays generate a message of the form: E: The method driver …/foobar could not be found. N: Is the package apt-transport-foobar installed? This only worked if a single source was using such an unavailable method through as we were registering the failed config the first round and the second would try to send requests to the not started method, which wouldn't work and hang instead (+ hiding the error messages as they would be shown only at the end of the execution). Closes: 870675
* don't keep configuration files open needlesslyDavid Kalnischkies2017-08-041-1/+1
| | | | Regression-Of: 3317ad864c997f4897756c0a2989c4199e9cda62
* allow the auth.conf to be root:root ownedDavid Kalnischkies2017-07-261-15/+0
| | | | | | | | | | | Opening the file before we drop privileges in the methods allows us to avoid chowning in the acquire main process which can apply to the wrong file (imagine Binary scoped settings) and surprises users as their permission setup is overridden. There are no security benefits as the file is open, so an evil method could as before read the contents of the file, but it isn't worse than before and we avoid permission problems in this setup.
* reimplement and document auth.confDavid Kalnischkies2017-07-262-187/+116
| | | | | | | | | | | | | | | | | | We have support for an netrc-like auth.conf file since 0.7.25 (closing 518473), but it was never documented in apt that it even exists and netrc seems to have fallen out of usage as a manpage for it no longer exists making the feature even more arcane. On top of that the code was a bit of a mess (as it is written in c-style) and as a result the matching of machine tokens to URIs also a bit strange by checking for less specific matches (= without path) first. We now do a single pass over the stanzas. In practice early adopters of the undocumented implementation will not really notice the differences and the 'new' behaviour is simpler to document and more usual for an apt user. Closes: #811181
* show warnings instead of errors if files are unreadableDavid Kalnischkies2017-07-267-49/+44
| | | | | | | | | | We used to fail on unreadable config/preferences/sources files, but at least for sources we didn't in the past and it seems harsh to refuse to work because of a single file, especially as the error messages are inconsistent and end up being silly (like suggesting to run apt update to fix the problem…). LP: #1701852
* use FileFd to parse all apt configuration filesDavid Kalnischkies2017-07-265-28/+69
| | | | | | Using different ways of opening files means we have different behaviour and error messages for them, so by the same for all we can have more uniformity for users and apt developers alike.
* send weak-only hashes to methodsDavid Kalnischkies2017-07-261-15/+8
| | | | | | | | | | Weak hashes like filesize can be used by methods for basic checks and early refusals even if we can't use them for hard security proposes. Normal apt operations are not affected by this as they fail if no strong hash is available, but if apt is forced to work with weak-only files or e.g. in apt-helper context it can have benefits as weak is better than no hash for the methods.
* don't move failed pdiff indexes out of partialDavid Kalnischkies2017-07-261-4/+1
| | | | | | | | | | | | | | | | | | | | | The comment says this is intended, but looking at the history reveals that the comment comes from a different era. Nowadays we don't really need it anymore (and even back then it was disputeable) as we haven't used that file for our update in the end and nothing really needs this file after the update. Triggered is this by 188f297a2af4c15cb1d502360d1e478644b5b810 which moves various error conditions forward including this code expecting the file to exist – but it doesn't need to as download could have failed. We could fix that by simple checking if the file exists and only stage it if it does, but instead we don't stage it and instead even rename it out of the way with our conventional FAILED name (if it exists). That restores support for partial mirrors (= in this case mirrors which don't ship pdiff files). Note that apt heals itself even if only such a mirror is used as the update is successful even if that error is shown. Closes: 869425
* don't try to rename failed pdiff patches twiceDavid Kalnischkies2017-07-261-2/+0
| | | | | | | | RenameOnError does the rename already, so the check for existence will always fail making this some completely harmles but also completely pointless two lines of code we are better of removing. Gbp-Dch: Ignore
* support compressed extended_states file for bug triageDavid Kalnischkies2017-07-261-4/+4
| | | | | | This file isn't compressed by default, but it might be compressed by a bugreporter and uncompressing it is extra work apt could do just as well on the fly as needed just like it does for the dpkg/status file.
* Fix memory leak in C++-thread-local _error implementationJulian Andres Klode2017-07-201-2/+2
| | | | | | | We can't allocate a pointer here, it would not get released - use an object instead. Gbp-Dch: ignore
* Use C++11 threading support instead of pthreadJulian Andres Klode2017-07-201-25/+3
| | | | This makes the code easier to read.
* Merge pull request Debian/apt#44 from willismonroe/patch-1Julian Andres Klode2017-07-171-1/+1
|\ | | | | | | | | | | Minor grammar fix [jak@d.o: Fixed up po/]
| * Minor grammar fixM. Willis Monroe2017-06-221-1/+1
| | | | | | Modified the wording of an error message when a repository no longer has a release file.
* | cacheiterators: Warn about direct include and don't include pkgcache.hJulian Andres Klode2017-07-122-2/+5
| | | | | | | | | | | | This adds a warning so existing working code will still work (as it includes pkgcache.h first anyway), but it will know that it's not right to include this file directly.
* | Reformat and sort all includes with clang-formatJulian Andres Klode2017-07-12107-519/+514
| | | | | | | | | | | | | | | | | | | | | | | | | | This makes it easier to see which headers includes what. The changes were done by running git grep -l '#\s*include' \ | grep -E '.(cc|h)$' \ | xargs sed -i -E 's/(^\s*)#(\s*)include/\1#\2 include/' To modify all include lines by adding a space, and then running ./git-clang-format.sh.
* | Drop cacheiterators.h includeJulian Andres Klode2017-07-1240-40/+0
| | | | | | | | | | Including cacheiterators.h before pkgcache.h fails because pkgcache.h depends on cacheiterators.h.
* | Handle supported components with slashes in sources.listApollon Oikonomopoulos2017-07-121-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit d7c92411dc1f4c6be098d1425f9c1c075e0c2154 parses the Components section of (In)Release and attempts to detect the distribution's supported components. While doing so, it handles component names with slashes in a special manner, assuming that the actual component is only the part after the final slash. This is done to handle security.debian.org, which usually appears in sources.list as follows: deb http://s.d.o/debian-security stretch/updates main contrib non-free while the actual release file has: Codename: stretch Components: updates/main updates/contrib updates/non-free While this special handing on APTs part indeed works for debian-security, it emits spurious warnings on repositories that actually use slashes in the component names *and* appear so in sources.list. We fix this by adding both component versions (whole and final part) to the SupportedComponents array. Closes: #868127
* | fix various typos reported by codespell & spellintianDavid Kalnischkies2017-07-082-2/+2
| | | | | | | | | | Reported-By: codespell & spellintian Gbp-Dch: Ignore
* | don't expect more downloads from failed transactionsDavid Kalnischkies2017-07-071-0/+2
| | | | | | | | | | | | | | Progress only shows if we have an idea of how much files we will acquire, but if a transaction fails before we have got an idea we ended up never showing progress even through we know that a failed transaction will not download additional files.
* | Allow http(s) and socks5h for http and https in proxy auto detectJulian Andres Klode2017-06-301-1/+16
| | | | | | | | This makes it possible to write sensible auto detect scripts.
* | Strip 0: epochs from the version hashJulian Andres Klode2017-06-281-0/+5
| | | | | | | | | | | | | | This should fix some issues with dpkg normalizing such values. Suprisingly enough apt treats the Version: field the same, even with epoch vs without, but not when searching, and does not strip the 0: from the output.
* | allow frontends to override releaseinfo change behaviourDavid Kalnischkies2017-06-283-30/+105
| | | | | | | | | | | | | | | | Having messages being printed on the error stack and confirm them by commandline flags is an okayish first step, but some frontends will probably want to have a more interactive feeling here with a proper question the user can just press yes/no for as for some frontends a commandline flag makes no sense…
* | show a Release-Notes URI if infos were changedDavid Kalnischkies2017-06-284-0/+17
| | | | | | | | | | | | | | | | This gives the repository owner a chance to explain why this change was needed – e.g. explaining the organisational changes or simply detailing the changes in the new release made. Note that this URI is also shown if the change is accepted, so it also draws attention to release notes of minor updates (if users watch apt output closely).
* | error in update on Release information changesDavid Kalnischkies2017-06-284-9/+115
| | | | | | | | | | | | | | | | | | | | | | The value of Origin, Label, Codename and co can be used in user configuration from apts own pinning to unattended upgrades. A repository changing this values can therefore have serious effects on the behaviour of apt and other tools using these values. In a first step we will generate error messages for these changes now explaining the need for explicit confirmation and provide config options and commandline flags to accept them.
* | fix some unlikely memory leaks in error casesDavid Kalnischkies2017-06-264-42/+24
| | | | | | | | | | | | | | | | The error cases are just as unlikely as the memory leaks to ever cause real problems, but lets play it safe for correctness. Reported-By: scan-build & clang Gbp-Dch: Ignore
* | fail InRelease on non-404 HTTP errorcodesDavid Kalnischkies2017-06-261-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | There are very many HTTP errorcodes which indicate that the repository isn't available at the moment or the connection has some kind of problem. Given that we do not require Release files the result was that these errors were ignored and the user presented with a message like "Repository is no longer signed" which sends the user in the wrong direction. Instead of trying to figure out which http errorcodes indicate a global problem we accept only 404 for ignoring and consider all the rest as hard errors now causing us to stop instantly after the InRelease file and print the errorcode (with short description from server) received.
* | show .diff/Index properly as ignored if we fallbackDavid Kalnischkies2017-06-262-109/+92
| | | | | | | | | | | | | | | | | | | | Moving the code responsible for parsing the Index file from ::Done into the slightly earlier ::VerifyDone allows us to still "fail" the download if we can't make use of the Index for whatever reason, so that the progress log correctly displays "Ign" instead of "Get" for the file. This also makes quiet a few debug messages proper error messages (but those are still hidden by default for Ign lines).
* | warn if an expected file can't be acquiredDavid Kalnischkies2017-06-265-3/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If we couldn't find an entry for a Sources file we would generate an error while for a Packages file we would silently skip it due to assuming it is missing because it is empty. We can do better by checking if the repository declares that it supports a component we want to get the file from and if not say so and hint at the user making a typo. An example were this helps is mozilla.debian.net which dropped the firefox-aurora component (as upstream did) meaning no upgrades until the user notices manually that the repository doesn't provide packages anymore. With this commit warnings are raised hopefully causing the user to investigate what is wrong (sooner).
* | clean archives without changing directoryDavid Kalnischkies2017-06-263-25/+47
| | | | | | | | | | Adopting this change in other frontends will require source changes as well similar to our own changes in apt-private/.
* | ident a CD without changing directoryDavid Kalnischkies2017-06-261-23/+23
| |
* | Avoid chdir in acquire clean with unlinkatDavid Kalnischkies2017-06-263-32/+40
| | | | | | | | | | | | | | | | | | | | | | | | POSIX.1-2008 gives us a range of *at calls to deal with files including the unlinkat so we can remove a file from a directory based on a path to the file relative to the directory. (In our case here the path we have is just the filename) We avoid changing directories in this way which e.g. fails if the directory we started in no longer exists or is otherwise inaccessible. Closes: 860738
* | Show permission error if ProxyAutoDetect cmd can't be executedDavid Kalnischkies2017-06-261-1/+5
| | | | | | | | | | | | | | | | | | | | As the proxy commands are not executed as root, a user can run into permission errors (s)he isn't expecting – as our switching is an implementation detail – so the error message in that case should really be better than a generic "error code 100" sending the user in the wrong direction as that implies the command was executed, but errored out. Closes: 857885
* | avoid explicit types for pkg counts by autoDavid Kalnischkies2017-06-265-36/+38
| | | | | | | | | | | | | | | | | | Changes nothing on the program front and as the datatypes are sufficently comparable fixes no bug either, but problems later on if we ever change the types of those and prevent us using types which are too large for the values we want to store waste (a tiny bit of) resources. Gbp-Dch: Ignore
* | schedule the correct side of the conflict for removalDavid Kalnischkies2017-06-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In complex situations in which we want to unpack a package which has a conflict/breaks on another package which must be removed due this conflict apt can decide to perform this remove earlier than initially planned. Problem: For three years apt wouldn't remove that package, but the package which has the conflict… The situation isn't very common and easily hidden as the package which is removed is unpacked a few actions later – it becomes visible for packages which protect themselves from removal through like systemd as the running init resulting in upgrade failures (#854041). Note that the package isn't purged, so data shouldn't be lost even if a user runs into a "hidden" case of it as long as the package sticks to the policy of removing data only on purge. Reaching this situation artificially is hard, which is why no testcase is included, as the situation is highly state dependent. Testing with "real" systems indicate that slight modifications in the installed packages set can make the bug not trigger. Regression-Of: 0eb4af9d3d0c524c7afdc684238aa263ac287449 Thanks: Michael Biebl for helping find this with countless tests
* | pkgcache: Bump major version to 12Julian Andres Klode2017-06-261-1/+1
|/ | | | | | We need to be able to update 1.4.y in different ways than later apt versions, and thus need to bump the major version so there is no collision in the minor version at some point.
* Fix parsing of or groups in build-deps with ignored packagesJulian Andres Klode2017-05-311-1/+11
| | | | | | | | | | | | | | | | | | | | | | | If the last alternative(s) of an Or group is ignored, because it does not match an architecture list, we would end up keeping the or flag, effectively making the next AND an OR. For example, when parsing (on amd64): debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386] => debhelper (>= 9), libnacl-dev | Which can cause python-apt to crash. Even worse: debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386], foobar => debhelper (>= 9), libnacl-dev [amd64] | foobar By setting the previous alternatives Or flag to the current Or flag if the current alternative is ignored, we solve the issue. LP: #1694697
* Fix and avoid quoting in CommandLine::AsStringDavid Kalnischkies2017-03-191-4/+10
| | | | | | | | | | | | | | | | In the intended usecase where this serves as a hack there is no problem with double/single quotes being present as we write it to a log file only, but nowadays our calling of apt-key produces a temporary config file containing this "setting" as well and suddently quoting is important as the config file syntax is allergic to it. So the fix is to ignore all quoting whatsoever in the input and just quote (with singles) the option values with spaces. That gives us 99% of the time the correct result and the 1% where the quote is an integral element of the option … doesn't exist – or has bigger problems than a log file not containing the quote. Same goes for newlines in values. LP: #1672710
* Fix mistake in CHANGEPATH comment exampleJulian Andres Klode2017-03-131-1/+1
| | | | | | | It says SRCNAME_SRCVER, but the example just gives the SRCVER part. Reported-By: Nishanth Aravamudan (nacc) in #ubuntu-devel
* Ignore \.ucf-[a-z]+$ like we do for \.dpkg-[a-z]+$Julian Andres Klode2017-03-071-0/+1
| | | | | | This gets rid of warnings about .ucf-dist files Reported-By: Axel Beckert (on IRC)
* Don't use -1 fd and AT_SYMLINK_NOFOLLOW for faccessat()Julian Andres Klode2017-02-111-1/+1
| | | | | | | | | | | | | | -1 is not an allowed value for the file descriptor, the only allowed non-file-descriptor value is AT_FDCWD. So use that instead. AT_SYMLINK_NOFOLLOW has a weird semantic: It checks whether we have the specified access on the symbolic link. It also is implemented only by glibc on Linux, so it's inherently non-portable. We should just drop it. Thanks: James Clarke for debugging these issues Reported-by: James Clarke <jrtc27@jrtc27.com>
* Do not package names representing .dsc/.deb/... filesJulian Andres Klode2017-02-101-2/+13
| | | | | | | | | | | | | | | | | | | | | In the case of build-dep and other commands where a file can be passed we must make sure not to normalize the path name as that can have odd side effects, or well, cause the operation to do nothing. Test for build-dep-file is adjusted to perform the vcard check once as "vcard" and once as "VCard", thus testing that this solves the reported bug. We inline the std::transform() and optimize it a bit to not write anything in the common case (package names are defined to be lowercase, the whole transformation is just for names that should not exist...) to counter the performance hit of the added find() call (it's about 0.15% more instructions than with the existing transform, but we save about 0.67% in writes...). Closes: #854794
* add Auto-Built-Package to tagfile-orderDavid Kalnischkies2017-02-091-0/+1
| | | | Added in dpkg commit 6c8203440bf443d3031ee2ab8485b16c1b6da3b6
* algorithms: Fix typo: gental -> gentleJulian Andres Klode2017-01-311-2/+2
| | | | | | Oh dear, nobody (or rather no tool) saw that yet... Gbp-Dch: ignore
* Only merge acquire items with the same meta keyJulian Andres Klode2017-01-281-1/+17
| | | | | | | | | | | | | | | Since the introduction of by-hash, two differently named files might have the same real URL. In our case, the files icons-64x64.tar.gz and icons-128x128.tar.gz of empty tarballs. APT would try to merge them and end with weird errors because it completed the first download and enters the second stage for decompressing and verifying. After that it would queue a new item to copy the original file to the location, but that copy item would be in the wrong stage, causing it to use the hashes for the decompressed item. Closes: #838441
* avoid malloc if option whitelist is disabled (default)David Kalnischkies2017-01-271-3/+8
| | | | | | | Config options are checked in various paths, so making "useless" memory allocations wastes time and can also cause problems like #852757. The unneeded malloc was added in ae73a2944a89e0d2406a2aab4a4c082e1e9da3f9. (We have no explicit malloc here – its std:string doing this internally)
* fix various typos reported by spellintianDavid Kalnischkies2017-01-1932-58/+58
| | | | | | | | Most of them in (old) code comments. The two instances of user visible string changes the po files of the manpages are fixed up as well. Gbp-Dch: Ignore Reported-By: spellintian
* fix various typos reported by codespellDavid Kalnischkies2017-01-193-4/+4
| | | | | | | Nothing in user visible strings. Gbp-Dch: Ignore Reported-By: codespell
* remove 'old' FAILED files in the next acquire callDavid Kalnischkies2017-01-191-0/+6
| | | | | | | | | | | | | | | If apt renames a file to .FAILED it leaves its namespace and is never touched again – expect since 1.1~exp4 in which "apt clean" will remove those files. The usefulness of these files rapidly degrades if you don't keep the update log itself (together with debug output in the best case) through and on 99% of all system they will be kept around forever just to collect dust over time and eat up space. With this commit an update call will remove all FAILED files of previous runs, so that the FAILED files you have on disk are always only the ones related to the last apt run stopping apt from hoarding files. Closes: 846476
* avoid validate/delete/load race in cache generationDavid Kalnischkies2017-01-191-28/+31
| | | | | | | Keeping the Fd of the cache file we have validated around to later load it into the mmap ensures not only that we load the same file (which wouldn't really be a problem in practice), but that this file also still exists and wasn't deleted e.g. by a 'apt clean' call run in parallel.