| Commit message (Collapse) | Author | Age | Files | Lines |
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The counters aren't used for anything really except for the 'stats'
command that is off in its display and calculation due to 16bit not
being enough for counting all the relations we have.
Semi-broken more than a decade ago as I accidentally aligned it with
the other file relation counters which count far less frequent ones
through, so 'unsigned long' should have been changed to the id type
rather than the smaller fileid type.
Of course, this commit only prepares the fix as this would be an ABI
break, so with the current ABI we are still overflowing.
Regression-of: 4ad8619bb1f0bf777d17c568bb7a6cf7f30aac34
|
| |
|
|
| |
Gbp-Dch: ignore
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of directly propagating in a recursive fashion,
queue propagations in a queue and work on them in a loop
per the miniSAT paper.
We call Propagate() only at the end of the FromDepCache()
function and then in the Solve loop. Delaying the initial
propagation means that we get a stronger reasoning:
Assume you have x->a->b->c, y->c and you install x,y:
- Previously we traversed: x, y, x->a, a->b, b->c, (y->c)
- but now we traverse: x, y, x->a, y->c, a->b, (b->c)
Notably c now has the implication y->c instead of x->a->b->c.
Inside the solver we need to call Propagate in a loop:
Propagating facts can fail and we then backtrack. If backtracking
is succesful, we have gained a new fact to propagate.
|
| |
|
|
|
|
| |
Do not enqueue common dependencies if a version is selected already,
this avoids test suites changing now in behavior as the ordering is
different.
|
| |
|
|
|
|
| |
This is more or less unused; but it particularly has the bad
problem of forcing new unsat recommends to be solved *before*
dependencies. Which is awkward.
|
| |
|
|
|
| |
If both items are optional, unit items should be processed
first.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This handles rewriting .list entries to .sources ones; the
only options handled are
- signed-by => Signed-By
- trusted => Trusted
The options to specify architectures, check-valid-until, etc.
are not supported as they are not exposed in the code. We
probably should refactor the parser at some point so we can
actually read the parsed entry rather than the abstract objects
we create from it.
This can be improved further:
- Keyrings from /etc/apt/trusted.gpg.d should be moved to
/etc/apt/keyrings.
- automatic detection by trying to verify using each keyring
in trusted.gpg.d until we find the right one and then using
that for Signed-By rather than leave some sources empty.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This should remain a warning case for now. So push the errors
to a stack and see if we can find any file.
Explictly warn again if Dir::Etc::trusted is set, as it is like
_super_ deprecated.
Reported-By: Cyril Brulebois <kibi@debian.org> in Bug#1032131
|
| |
|
|
|
|
|
|
|
|
|
| |
The trusted.gpg file has been deprecated since February 2022
and can no longer be managed easily without apt-key, so we
should not be falling back to it by default.
We do not remove the actual code to fall back to it, such that
code that passes Dir::Etc::trusted explicitly continues to work
for the time being (with the warnings in update), as the overhead
is now rather trivial.
|
| |
|
|
|
|
|
|
|
|
| |
This warning has been superseded by the missing sources.list
notice (which will also become a warning shortly)
Adjust the sqv exit to avoid introducing a new spurious
"No good signature" that we did not reach before.
moo
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For some reason ~ that I don't know and can't come up with on the spot ~
we output the Pre-Depends field as PreDepends in the translated
user-visible output and I accidentally copied that over to the
untranslated variant that replaced the embedded copy (with a dash)
in the EDSP generator.
Code-copies and implementation details littered all over the place are
apparently sometimes a good bug-free thing, too…
Regression-of: 6828ae2c2f9268c8187f0fa91b3c464ed84a8476
Closes: #1093254
|
| |
|
|
|
| |
Check for empty string_view instead of first byte being '\0';
this otherwise breaks when compiling with higher ABI version.
|
| |\
| |
| |
| |
| | |
apt-pkg/deb/debsystem.cc: Fall back to "dpkg" when Dir::Bin::dpkg is not found
See merge request apt-team/apt!419
|
| | |
| |
| |
| |
| |
| | |
The custom dpkg binary may be removed by apt and that breaks the end of
the operation. This can be observed when using eatmydata as dpkg and
removing the symlink to eatmydata when removing the apt-eatmydata package.
|
| | |
| |
| |
| | |
References: fd3684cdbc165ceaa635ed19fcbd231f509b0179
|
| | |
| |
| |
| | |
References: a00fbbdb28cc31e78882301c2efe7218583ab4cb
|
| | |
| |
| |
| |
| |
| | |
Even the long form isn't used much (or currently not at all), but given
that the short form is not really working even if it would be used…
lets drop it and use the long form if we have to.
|
| | |
| |
| |
| |
| | |
nodiscard is a C++17 feature and already used (not just due to my recent
changes) in our codebase, so lets drop the last remaining holdouts.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
C++14 includes the standard attribute, so we can use that instead.
Note that we drop the deprecation of {Pkg,Dep}Iterator::operator<< as
this is ignored (a friends declaration must be a definition to have
attributes) very noisily by GCC >= 12 and the methods can be somewhat
useful in debugging if you are to lazy to get APT::Pretty{Pkg,Dep}.
|
| | |
| |
| |
| |
| | |
[[noreturn]] is a C++11 feature and so we can just use it
unconditionally.
|
| | |
| |
| |
| |
| | |
They are rather generic names for macros and have no usage in our
codebase at all, so lets remove them for good now.
|
| | |
| |
| |
| |
| |
| | |
That macro is not that useful as it might perhaps once was. Lets prepare
dropping it now in favour of more standard ways of working with arrays
now.
|
| | |
| |
| |
| |
| |
| | |
We don't have many places, but lets reduce the amount of duplicating
these short strings, so that we may find all the places we have to
change if that ever happens.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We were rather inconsistent in using it and as our public headers
contain deduction guides (a c++17 feature) it seems silly to try to hide
a c++11 feature in a macro, so lets stop this charade and drop the
macro and while we are changing all these lines lets apply [[nodiscard]]
(another c++17 feature) and other suggestions from clang-tidy and
formatting for a little more consistency.
|
| | | |
|
| | |
| |
| |
| |
| | |
There were some references to APT::StringView that don't make much
sense anymore.
|
| | |
| |
| |
| |
| |
| |
| | |
While the ftp.debian.org URLs are still functional in Debian, they
can confuse people as the protocol is mismatched. Using the
deb.debian.org frontend should also generally give generally good
performance regardless of the client location.
|
| |/
|
|
|
| |
This has long been obsoleted, and there have been previous patches
cleaning them up, but some left overs remained.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new sqv method uses sequoia's sqv tool to verify files. The
tool's interface is quite simple: It returns 0 on success, and
prints one line per good signer with the fingerprint.
sqv has a configurable crypto policy. We have defined apt-specific
override mechanisms for sequoia's standard policy, allowing both
users, distributions, and apt package to provide overrides for
Sequoia's default policy in meaningful ways.
The sqv method will be built and be the standard method for
verifying OpenPGP signatures provided that `sqv` is in the
PATH during building. It is not built if there was no sqv
at build time, so you need a rebuild to enable sqv later
on.
On the flip side, the gpgv method is always built, but it
does need to be always built: If APT::Key::GPGVCommand is
set, we need to fallback to it - this is important to
support existing users of that interface such as
mmdebstrap. Also we want to fall back to it when /usr/bin/sqv
disappears - for example in our CI :D
A couple of concessions have been made for test suite purposes:
- Failure to split a clearsigned file only shows the summary,
as the gpgv method also only showed it, and no details why
it failed.
- We write "Got GOODSIG <fingerprint>" in debug mode to mimic
the gpgv code to keep the test suite happy.
- In various places in the test suite we assert minimal output
from sqv, but sqv's human output is not intended to be stable.
This will incur additional work when it breaks. However we do
not _parse_ the output, so actual operation of apt is unaffected.
A couple of things are suboptimal here:
- We are still doing clearsigned splitting ourselves. sqv only
has support for detached signatures right now, whereas sqopv
has support for clearsigned files as well (but sqopv does not
provide any reasons for why signature verification fails or
means to set a policy).
- Deprecation of algorithms happens on a timebomb basis in
sequoia. We have no means to give users warnings ahead of
time if their configuration is outdated.
We have implemented various bits that probably should be going away:
- Fallback to trusted.gpg
This is just annoying...
- Support for fingerprints in Signed-By (no subkey matching though)
The extra work here is arguably less compared to gpgv.
- Check the keyring for correctness.
With Signed-By everywhere, we should just error out rather than
skip broken keyrings.
Moo
|
| |
|
|
|
| |
OpenSSL is mandatory now, it is no longer possible to build
without https support either.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce an OpenSSL::Crypto backend for the hashes library
and an OpenSSL::SSL backend for the TLS support in our https
method.
Many thanks to curl for showing the way with how to handle
a CRL file. There are some memory leaks here with the
TlsFd itself as well as the proxy support; and we should
reorganize the code to generate the ssl object as late
as possible.
A peculiar aspect of OpenSSL is that SSL_has_pending() returns
1 even if SSL_read() will fail to read anything and return the
equivalent of EAGAIN. We work around this here by also peeking
ahead 1 byte. I was running a very high RTT connection from
Germany to Australia for testing, and with the peeking it's
using negligible amounts of CPU; before that, it was busy
looping at 100%. Bad OpenSSL!
|
| |
|
|
|
|
|
| |
The GnuTLS backend avoids the need to link in libgcrypt, and
gets us another certified library people will be happy with.
This should be an intermediate step on the road to OpenSSL.
|
| |
|
|
| |
Everything is abstracted away now.
|
| | |
|
| |
|
|
|
| |
This is a pretty standalone function, extract it for later
reuse.
|
| |
|
|
|
|
|
|
| |
We tried to access str.size() - 1 on a 0-sized string, which
does not work, and now that we build with assertions triggers
it.
Closes: #1090068
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gpgv is quite picky, it takes at most 40 keyrings but it also doesn't
even take keyrings with : in the name, generating an ERROR message
instead.
So instead let's always merge the configured keyrings for the source
into a single one.
While we are at it, since we are merging now, let's also add some
rudimentary error checking to what we write into the merged keyring:
If copying into it fails, we should abort.
Reported-by: SuShY on IRC
|
| |
|
|
|
|
|
|
| |
Reimplement strict pinning by rejecting the non-candidates when
translating the problem from the depcache to the solver. This is
substantially better than restricting the list of alternatives for
an or group to only include allowed ones for debugging purposes,
albeit a bit slower.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We only compared candidate to installed version, but candidate
should dominate all versions, otherwise we end up in the fancy
problem of elpa-notmuch in
upgrade-noble-t64-remove-desktop-2024-03-29.edsp
Where we had three versions:
not-installable 0.38.3-1ubuntu1
candidate 0.38.2-1.1ubuntu2
installed 0.38.2-1ubuntu2
And received an ordering:
installed > non-installable > candidate
despite
candidate > installed
This is only visible with no-strict-pinning right now, as we are
otherwise filtering out invalid choices (and hence we only have
candidate and installed otherwise).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We only ever documented .gpg and .asc and have ensured that
only such files exist in the keyring, but people can set the
Signed-By option to keys with any random extension, as that
was not validated before by apt-key.
This doesn't change the behavior for trusted.gpg.d: We filter
the directory listing and only look at .gpg and .asc files.
Closes: #1088656
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This gains us support for not using an absolute path, which
is nice, and we can now cache the invocation across fork() in
the method.
Still keep preferring absolute paths, this avoids execvp() having
to iterate the path and reduces bug potential with custom gpgv in
/usr/local.
Fix the last entry in the list of gpgvs to say gpgv1
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Lifted from the dpkg mtree code that mjg59 submitted in
https://lists.debian.org/debian-dpkg/2018/05/msg00005.html
Which as dpkg is GPL-2.0+ also is GPL-2.0+
|