summaryrefslogtreecommitdiff
path: root/apt-pkg
Commit message (Collapse)AuthorAgeFilesLines
...
* Do not overflow ver/desc<->file relation countersDavid Kalnischkies2025-01-301-0/+5
| | | | | | | | | | | | | | | | The counters aren't used for anything really except for the 'stats' command that is off in its display and calculation due to 16bit not being enough for counting all the relations we have. Semi-broken more than a decade ago as I accidentally aligned it with the other file relation counters which count far less frequent ones through, so 'unsigned long' should have been changed to the id type rather than the smaller fileid type. Of course, this commit only prepares the fix as this would be an ABI break, so with the current ABI we are still overflowing. Regression-of: 4ad8619bb1f0bf777d17c568bb7a6cf7f30aac34
* solver3: Credit MiniSATJulian Andres Klode2025-01-301-0/+11
| | | | Gbp-Dch: ignore
* solver3: Use a propagation queueJulian Andres Klode2025-01-302-8/+29
| | | | | | | | | | | | | | | | | | | Instead of directly propagating in a recursive fashion, queue propagations in a queue and work on them in a loop per the miniSAT paper. We call Propagate() only at the end of the FromDepCache() function and then in the Solve loop. Delaying the initial propagation means that we get a stronger reasoning: Assume you have x->a->b->c, y->c and you install x,y: - Previously we traversed: x, y, x->a, a->b, b->c, (y->c) - but now we traverse: x, y, x->a, y->c, a->b, (b->c) Notably c now has the implication y->c instead of x->a->b->c. Inside the solver we need to call Propagate in a loop: Propagating facts can fail and we then backtrack. If backtracking is succesful, we have gained a new fact to propagate.
* solver3: Replace Install() with Enqueue(), and PropagateInstall()Julian Andres Klode2025-01-302-44/+36
| | | | | | Do not enqueue common dependencies if a version is selected already, this avoids test suites changing now in behavior as the ordering is different.
* solver3: Remove NewUnsatRecommends groupJulian Andres Klode2025-01-302-3/+0
| | | | | | This is more or less unused; but it particularly has the bad problem of forcing new unsat recommends to be solved *before* dependencies. Which is awkward.
* solver3: Soft unit propagation for optional itemsJulian Andres Klode2025-01-301-2/+7
| | | | | If both items are optional, unit items should be processed first.
* apt: Introduce the modernize-sources commandJulian Andres Klode2025-01-281-0/+4
| | | | | | | | | | | | | | | | | | | | | | This handles rewriting .list entries to .sources ones; the only options handled are - signed-by => Signed-By - trusted => Trusted The options to specify architectures, check-valid-until, etc. are not supported as they are not exposed in the code. We probably should refactor the parser at some point so we can actually read the parsed entry rather than the abstract objects we create from it. This can be improved further: - Keyrings from /etc/apt/trusted.gpg.d should be moved to /etc/apt/keyrings. - automatic detection by trying to verify using each keyring in trusted.gpg.d until we find the right one and then using that for Signed-By rather than leave some sources empty.
* metaindex: Support loading without filenameJulian Andres Klode2025-01-282-0/+14
|
* sqv, gpgv: Do not fail if Dir::Etc::Trusted is set and trusted.gpg.d is missingJulian Andres Klode2025-01-221-2/+10
| | | | | | | | | | This should remain a warning case for now. So push the errors to a stack and see if we can find any file. Explictly warn again if Dir::Etc::trusted is set, as it is like _super_ deprecated. Reported-By: Cyril Brulebois <kibi@debian.org> in Bug#1032131
* Unset Dir::Etc::trustedJulian Andres Klode2025-01-211-1/+0
| | | | | | | | | | | The trusted.gpg file has been deprecated since February 2022 and can no longer be managed easily without apt-key, so we should not be falling back to it by default. We do not remove the actual code to fall back to it, such that code that passes Dir::Etc::trusted explicitly continues to work for the time being (with the warnings in update), as the overhead is now rather trivial.
* Remove superseded warning about trusted.gpg fallbackJulian Andres Klode2025-01-211-2/+2
| | | | | | | | | | This warning has been superseded by the missing sources.list notice (which will also become a warning shortly) Adjust the sqv exit to avoid introducing a new spurious "No good signature" that we did not reach before. moo
* Write Pre-Depends with a dash again in EDSPDavid Kalnischkies2025-01-171-1/+1
| | | | | | | | | | | | | | For some reason ~ that I don't know and can't come up with on the spot ~ we output the Pre-Depends field as PreDepends in the translated user-visible output and I accidentally copied that over to the untranslated variant that replaced the embedded copy (with a dash) in the EDSP generator. Code-copies and implementation details littered all over the place are apparently sometimes a good bug-free thing, too… Regression-of: 6828ae2c2f9268c8187f0fa91b3c464ed84a8476 Closes: #1093254
* proxy: Avoids triggering bounds check in std::string_viewJulian Andres Klode2025-01-141-1/+1
| | | | | Check for empty string_view instead of first byte being '\0'; this otherwise breaks when compiling with higher ABI version.
* Merge branch 'check-missing-dpkg-bin' into 'main'Julian Andres Klode2025-01-142-3/+11
|\ | | | | | | | | apt-pkg/deb/debsystem.cc: Fall back to "dpkg" when Dir::Bin::dpkg is not found See merge request apt-team/apt!419
| * apt-pkg/deb/debsystem.cc: Fall back to "dpkg" when Dir::Bin::dpkg is not foundBalint Reczey2024-12-302-3/+11
| | | | | | | | | | | | The custom dpkg binary may be removed by apt and that breaks the end of the operation. This can be observed when using eatmydata as dpkg and removing the symlink to eatmydata when removing the apt-eatmydata package.
* | Remove leftovers from ftp and rsh/ssh methods removalDavid Kalnischkies2025-01-051-1/+1
| | | | | | | | References: fd3684cdbc165ceaa635ed19fcbd231f509b0179
* | Remove leftovers of the apt-key removalDavid Kalnischkies2025-01-052-3/+1
| | | | | | | | References: a00fbbdb28cc31e78882301c2efe7218583ab4cb
* | Drop unused short form APT_IGNORE_DEPRECATEDDavid Kalnischkies2025-01-051-6/+1
| | | | | | | | | | | | Even the long form isn't used much (or currently not at all), but given that the short form is not really working even if it would be used… lets drop it and use the long form if we have to.
* | Drop usage of APT_MUSTCHECKDavid Kalnischkies2025-01-055-14/+14
| | | | | | | | | | nodiscard is a C++17 feature and already used (not just due to my recent changes) in our codebase, so lets drop the last remaining holdouts.
* | Drop usage of APT_UNUSEDDavid Kalnischkies2025-01-052-3/+3
| |
* | Drop APT_DEPRECATED usageDavid Kalnischkies2025-01-055-15/+16
| | | | | | | | | | | | | | | | C++14 includes the standard attribute, so we can use that instead. Note that we drop the deprecation of {Pkg,Dep}Iterator::operator<< as this is ignored (a friends declaration must be a definition to have attributes) very noisily by GCC >= 12 and the methods can be somewhat useful in debugging if you are to lazy to get APT::Pretty{Pkg,Dep}.
* | Drop APT_NORETURN usageDavid Kalnischkies2025-01-054-9/+12
| | | | | | | | | | [[noreturn]] is a C++11 feature and so we can just use it unconditionally.
* | Drop unused FLAG macro and friendsDavid Kalnischkies2025-01-051-6/+4
| | | | | | | | | | They are rather generic names for macros and have no usage in our codebase at all, so lets remove them for good now.
* | Drop the remaining usage of APT_ARRAY_SIZEDavid Kalnischkies2025-01-052-5/+2
| | | | | | | | | | | | That macro is not that useful as it might perhaps once was. Lets prepare dropping it now in favour of more standard ways of working with arrays now.
* | Add pkgCache::{Priority,DepType}_NoL10n to avoid duplicationDavid Kalnischkies2025-01-054-34/+37
| | | | | | | | | | | | We don't have many places, but lets reduce the amount of duplicating these short strings, so that we may find all the places we have to change if that ever happens.
* | Drop usage of macro APT_OVERRIDE for simple overrideDavid Kalnischkies2025-01-0530-713/+713
| | | | | | | | | | | | | | | | | | We were rather inconsistent in using it and as our public headers contain deduction guides (a c++17 feature) it seems silly to try to hide a c++11 feature in a macro, so lets stop this charade and drop the macro and while we are changing all these lines lets apply [[nodiscard]] (another c++17 feature) and other suggestions from clang-tidy and formatting for a little more consistency.
* | Try stomping a little less on global macro namespaceDavid Kalnischkies2025-01-051-3/+3
| |
* | Ensure we can build with APT_PKG_ABI > 601Julian Andres Klode2025-01-052-2/+4
| | | | | | | | | | There were some references to APT::StringView that don't make much sense anymore.
* | Use deb.debian.org instead of ftp.debian.org URLsGuillem Jover2024-12-281-1/+1
| | | | | | | | | | | | | | While the ftp.debian.org URLs are still functional in Debian, they can confuse people as the protocol is mismatched. Using the deb.debian.org frontend should also generally give generally good performance regardless of the client location.
* | Remove non-US leftovers in code and documentationGuillem Jover2024-12-282-3/+1
|/ | | | | This has long been obsoleted, and there have been previous patches cleaning them up, but some left overs remained.
* methods: Add new sqv methodJulian Andres Klode2024-12-223-4/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new sqv method uses sequoia's sqv tool to verify files. The tool's interface is quite simple: It returns 0 on success, and prints one line per good signer with the fingerprint. sqv has a configurable crypto policy. We have defined apt-specific override mechanisms for sequoia's standard policy, allowing both users, distributions, and apt package to provide overrides for Sequoia's default policy in meaningful ways. The sqv method will be built and be the standard method for verifying OpenPGP signatures provided that `sqv` is in the PATH during building. It is not built if there was no sqv at build time, so you need a rebuild to enable sqv later on. On the flip side, the gpgv method is always built, but it does need to be always built: If APT::Key::GPGVCommand is set, we need to fallback to it - this is important to support existing users of that interface such as mmdebstrap. Also we want to fall back to it when /usr/bin/sqv disappears - for example in our CI :D A couple of concessions have been made for test suite purposes: - Failure to split a clearsigned file only shows the summary, as the gpgv method also only showed it, and no details why it failed. - We write "Got GOODSIG <fingerprint>" in debug mode to mimic the gpgv code to keep the test suite happy. - In various places in the test suite we assert minimal output from sqv, but sqv's human output is not intended to be stable. This will incur additional work when it breaks. However we do not _parse_ the output, so actual operation of apt is unaffected. A couple of things are suboptimal here: - We are still doing clearsigned splitting ourselves. sqv only has support for detached signatures right now, whereas sqopv has support for clearsigned files as well (but sqopv does not provide any reasons for why signature verification fails or means to set a policy). - Deprecation of algorithms happens on a timebomb basis in sequoia. We have no means to give users warnings ahead of time if their configuration is outdated. We have implemented various bits that probably should be going away: - Fallback to trusted.gpg This is just annoying... - Support for fingerprints in Signed-By (no subkey matching though) The extra work here is arguably less compared to gpgv. - Check the keyring for correctness. With Signed-By everywhere, we should just error out rather than skip broken keyrings. Moo
* Remove GnuTLS and gcrypt supportJulian Andres Klode2024-12-222-146/+2
| | | | | OpenSSL is mandatory now, it is no longer possible to build without https support either.
* hashes, methods: Add OpenSSL backendsJulian Andres Klode2024-12-222-2/+73
| | | | | | | | | | | | | | | | | | | | Introduce an OpenSSL::Crypto backend for the hashes library and an OpenSSL::SSL backend for the TLS support in our https method. Many thanks to curl for showing the way with how to handle a CRL file. There are some memory leaks here with the TlsFd itself as well as the proxy support; and we should reorganize the code to generate the ssl object as late as possible. A peculiar aspect of OpenSSL is that SSL_has_pending() returns 1 even if SSL_read() will fail to read anything and return the equivalent of EAGAIN. We work around this here by also peeking ahead 1 byte. I was running a very high RTT connection from Germany to Australia for testing, and with the peeking it's using negligible amounts of CPU; before that, it was busy looping at 100%. Bad OpenSSL!
* hashes: Add GnuTLS backend, make it defaultJulian Andres Klode2024-12-212-0/+68
| | | | | | | The GnuTLS backend avoids the need to link in libgcrypt, and gets us another certified library people will be happy with. This should be an intermediate step on the road to OpenSSL.
* hashes: Refactor backend into PrivateHashesJulian Andres Klode2024-12-211-55/+82
| | | | Everything is abstracted away now.
* Remove gnupg and versioned gpgv test dependsJulian Andres Klode2024-12-201-4/+0
|
* gpgv: Extract VerifyDetachedSignatureFile()Julian Andres Klode2024-12-171-73/+90
| | | | | This is a pretty standalone function, extract it for later reuse.
* Fix out-of-bounds read in `apt show :`Julian Andres Klode2024-12-161-0/+3
| | | | | | | | We tried to access str.size() - 1 on a 0-sized string, which does not work, and now that we build with assertions triggers it. Closes: #1090068
* gpgv: Drop references to apt-keyJulian Andres Klode2024-12-071-4/+4
|
* gpgv: Merge all keyrings into a single one againJulian Andres Klode2024-12-041-22/+25
| | | | | | | | | | | | | | | gpgv is quite picky, it takes at most 40 keyrings but it also doesn't even take keyrings with : in the name, generating an ERROR message instead. So instead let's always merge the configured keyrings for the source into a single one. While we are at it, since we are merging now, let's also add some rudimentary error checking to what we write into the merged keyring: If copying into it fails, we should abort. Reported-by: SuShY on IRC
* solver3: Reject all non-candidates outright for strict pinningJulian Andres Klode2024-12-032-27/+18
| | | | | | | | Reimplement strict pinning by rejecting the non-candidates when translating the problem from the depcache to the solver. This is substantially better than restricting the list of alternatives for an or group to only include allowed ones for debugging purposes, albeit a bit slower.
* solver3: Add a missing debug level checkJulian Andres Klode2024-12-031-1/+2
|
* solver3: Fix intransitivity of version comparison on upgradeJulian Andres Klode2024-12-021-11/+17
| | | | | | | | | | | | | | | | | | | | | | | | | We only compared candidate to installed version, but candidate should dominate all versions, otherwise we end up in the fancy problem of elpa-notmuch in upgrade-noble-t64-remove-desktop-2024-03-29.edsp Where we had three versions: not-installable 0.38.3-1ubuntu1 candidate 0.38.2-1.1ubuntu2 installed 0.38.2-1ubuntu2 And received an ordering: installed > non-installable > candidate despite candidate > installed This is only visible with no-strict-pinning right now, as we are otherwise filtering out invalid choices (and hence we only have candidate and installed otherwise).
* Avoid extension check for .gpgJulian Andres Klode2024-11-291-12/+12
| | | | | | | | | | | | We only ever documented .gpg and .asc and have ensured that only such files exist in the keyring, but people can set the Signed-By option to keys with any random extension, as that was not validated before by apt-key. This doesn't change the behavior for trusted.gpg.d: We filter the directory listing and only look at .gpg and .asc files. Closes: #1088656
* Detect working gpgv using gpgv --dump-optionsJulian Andres Klode2024-11-282-43/+65
| | | | | | | | | | | | This gains us support for not using an absolute path, which is nice, and we can now cache the invocation across fork() in the method. Still keep preferring absolute paths, this avoids execvp() having to iterate the path and reduces bug potential with custom gpgv in /usr/local. Fix the last entry in the list of gpgvs to say gpgv1
* fileutl: Use execvp() in Popen() instead of execv()Julian Andres Klode2024-11-281-1/+1
|
* gpgv: Add direct support for --assert-pubkey-algoJulian Andres Klode2024-11-281-0/+23
|
* Directly call gpgv instead of apt-keyJulian Andres Klode2024-11-281-27/+28
|
* gpgv: Verify keyrings and dearmor outside apt-keyJulian Andres Klode2024-11-281-5/+54
|
* strutl: Add Base64DecodeJulian Andres Klode2024-11-282-0/+68
| | | | | | | | Lifted from the dpkg mtree code that mjg59 submitted in https://lists.debian.org/debian-dpkg/2018/05/msg00005.html Which as dpkg is GPL-2.0+ also is GPL-2.0+