summaryrefslogtreecommitdiff
path: root/apt-pkg
Commit message (Collapse)AuthorAgeFilesLines
* Fix select timeout to be 50msec instead of 0.5msecMichael Vogt2015-09-302-2/+2
| | | | Closes: #799857
* fallback to well-known URI if by-hash failsDavid Kalnischkies2015-09-141-36/+50
| | | | | | | | | | | | | | | | | | | | | | | | | We uses a small trick to implement the fallback: We make it so, that by-hash is a special compression algorithm and apt already knows how to deal with fallback between compression algorithms. The drawback with implementing this fallback is that a) we are guessing again and more importantly b) by-hash is only tried for the first compression algorithm we want to acquire, not for all as before – but flipping between by-hash and well-known for each compression algorithm seems to be not really worth it as it seems unlikely that there will actually be mirrors who only mirror a subset of compressioned files, but have by-hash enabled. The user-experience is the usual fallback one: You see "Ign" lines in the apt update output. The fallback is implemented as a transition feature, so a (potentially huge) mirror network doesn't need a flagday. It is not meant as a "someday we might" or "we don't, but some of our mirrors might" option – we want to cut down on the 'Ign' lines front so that they become meaningful – if we wanted to spam everyone with them, we could enable by-hash by default for all repositories… sources.list and config options are better suited for this. Closes: 798919
* add by-hash sources.list option and document all of by-hashDavid Kalnischkies2015-09-146-12/+27
| | | | | | | | | | | | This changes the semantics of the option (which is renamed too) to be a yes/no value with the special additional value "force" as this allows by-hash to be disabled even if the repository indicates it would be supported and is more in line with our other yes/no options like pdiff which disable themselves if no support can be detected. The feature wasn't documented so far and hasn't reached a (un)stable release yet, so changing it without trying too hard to keep compatibility seems okay.
* do not ignore differently versioned self-providesDavid Kalnischkies2015-09-141-1/+2
| | | | Reported-By: Konomi on IRC
* srv test: do 100 pulls twice and compare listDavid Kalnischkies2015-09-141-0/+4
| | | | | | | The previous implementation was still a bit unstable in terms of failing at times. Lets try if we have more luck with this one. Git-Dch: Ignore
* fix alloc-dealloc-mismatch (operator new [] vs operator delete)David Kalnischkies2015-09-141-4/+4
| | | | | Reported-By: gcc -fsanitize=address -fno-sanitize=vptr Git-Dch: Ignore
* fix two memory leaks reported by gccDavid Kalnischkies2015-09-141-6/+9
| | | | | Reported-By: gcc -fsanitize=address -fno-sanitize=vptr Git-Dch: Ignore
* use std-algorithms instead of manual loops to avoid overflow warningDavid Kalnischkies2015-09-142-21/+26
| | | | | | Reported-By: gcc Understandable: no Git-Dch: Ignore
* do not report deprecate warnings for the None declarationDavid Kalnischkies2015-09-141-0/+2
| | | | | | | | This is defined for compatibility, warning about it is intended, but only in places where it is actually used, rather than at the place we declare it for compatability… Git-Dch: Ignore
* fix 'Dead assignment' by dropping unneeded booleanDavid Kalnischkies2015-09-141-3/+1
| | | | | Reported-By: scan-build Git-Dch: Ignore
* avoid using global PendingError to avoid failing too often too soonDavid Kalnischkies2015-09-1416-86/+101
| | | | | | | | | | | | | | | | | | | Our error reporting is historically grown into some kind of mess. A while ago I implemented stacking for the global error which is used in this commit now to wrap calls to functions which do not report (all) errors via return, so that only failures in those calls cause a failure to propergate down the chain rather than failing if anything (potentially totally unrelated) has failed at some point in the past. This way we can avoid stopping the entire acquire process just because a single source produced an error for example. It also means that after the acquire process the cache is generated – even if the acquire process had failures – as we still have the old good data around we can and should generate a cache for (again). There are probably more instances of this hiding, but all these looked like the easiest to work with and fix with reasonable (aka net-positive) effects.
* use a less generic special trigger filename for stdinDavid Kalnischkies2015-09-143-5/+9
| | | | Git-Dch: Ignore
* do not discard new manual-bits while applying EDSP solutionsDavid Kalnischkies2015-09-141-1/+5
| | | | | | | | | | | | | | In private-install.cc we call MarkInstall with FromUser=true, which sets the bit accordingly, but while applying the EDSP solution we call mark install on all packages with FromUser=false, so MarkInstall believes this install is an automatic one and sets it to auto – so that a new package which is explicitely installed via an external solver is marked as auto and is hence also up for garbage collection in a following call. Ideally MarkInstall wouldn't reset it, but the detection is hard to do without regressing in other cases – and ideally ideally MarkInstall wouldn't deal with the autobit at all – so we work around this on the calling side for now.
* implement autobit and pinning in EDSP solver 'apt'David Kalnischkies2015-09-145-9/+96
| | | | | | | | The parser creates a preferences as well as an extended states file based on the EDSP scenario file, which isn't the most efficient way of dealing with this as thes text files have to be parsed again by another layer of the code, but it needs the least changes and works good enough for now. The 'apt' solver is in the end just a test solver like dump.
* remove incorrect optimization branchesDavid Kalnischkies2015-09-142-36/+6
| | | | | | | | | | | | These assumptions were once true, but they aren't anymore, so what is supposed to be a speed up is effectively a slowdown [not that it would be noticible]. Usage of SingleArchFindPkg was nuked in a stable update already as the included assumption was actually harmful btw, which is why we should get right of other 'non-harmful' but still untrue assumptions while we can. Git-Dch: Ignore
* copy ReadWrite-error to the bottom to make clang happyDavid Kalnischkies2015-09-141-1/+4
| | | | | | | | clang detects that fd isn't set in the ReadWrite case – just that this is supposed to be catched earlier in this method already, but it doesn't hurt to make it explicit here as well and clang is happy, too. Git-Dch: Ignore
* implement CopyFile without using FileFd::Size()David Kalnischkies2015-09-141-13/+7
| | | | | | | | Pipes and such have no good Size value, but we still want to copy from it maybe and we don't really need size as we can just as well read as long as we get data out of a file to copy it. Git-Dch: Ignore
* add Source-Version field for EDSPDavid Kalnischkies2015-09-141-0/+1
| | | | | | The syntax of "Source" is different in EDSP compared to the the field of the same name in 'the rest' of Debian, so documented this accordingly and send the version as a new field.
* implement dpkgs vision of interpreting pkg:<arch> dependenciesDavid Kalnischkies2015-09-145-20/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | How the Multi-Arch field and pkg:<arch> dependencies interact was discussed at DebConf15 in the "MultiArch BoF". dpkg and apt (among other tools like dose) had a different interpretation in certain scenarios which we resolved by agreeing on dpkg view – and this commit realizes this agreement in code. As was the case so far libapt sticks to the idea of trying to hide MultiArch as much as possible from individual frontends and instead translates it to good old SingleArch. There are certainly situations which can be improved in frontends if they know that MultiArch is upon them, but these are improvements – not necessary changes needed to unbreak a frontend. The implementation idea is simple: If we parse a dependency on foo:amd64 the dependency is formed on a package 'foo:amd64' of arch 'any'. This package is provided by package 'foo' of arch 'amd64', but not by 'foo' of arch 'i386'. Both of those foo packages provide each other through (assuming foo is M-A:foreign) to allow a dependency on 'foo' to be satisfied by either foo of amd64 or i386. Packages can also declare to provide 'foo:amd64' which is translated to providing 'foo:amd64:any' as well. This indirection over provides was chosen as the alternative would be to teach dependency resolvers how to deal with architecture specific dependencies – which violates the design idea of avoiding resolver changes, especially as architecture-specific dependencies are a cornercase with quite a few subtil rules. Handling it all over versioned provides as we already did for M-A in general seems much simpler as it just works for them. This switch to :any has actually a "surprising" benefit as well: Even frontends showing a package name via .Name() [which doesn't show the architecture] will display the "architecture" for dependencies in which it was explicitely requested, while we will not show the 'strange' :any arch in FullName(true) [= pretty-print] either. Before you had to specialcase these and by default you wouldn't get these details shown. The only identifiable disadvantage is that this complicates error reporting and handling. apt-get's ShowBroken has existing problems with virtual packages [it just shows the name without any reason], so that has to be worked on eventually. The other case is that detecting if a package is completely unknown or if it was at least referenced somewhere needs to acount for this "split" – not that it makes a practical difference which error is shown… but its one of the improvements possible.
* M-A: allowed pkgs of unconfigured archs do not statisfy :anyDavid Kalnischkies2015-09-141-8/+12
| | | | | | We parse all architectures we encounter recently, which means we also parse packages from architectures which are neither native nor foreign, but still came onto the system somehow (usually via heavy force).
* store ':any' pseudo-packages with 'any' as architectureDavid Kalnischkies2015-09-142-3/+8
| | | | | | | | | | Previously we had python:any:amd64, python:any:i386, … in the cache and the dependencies of an amd64 package would be on python:any:amd64, of an i386 on python:any:i386 and so on. That seems like a relatively pointless endeavor given that they will all be provided by the same packages and therefore also a waste of space. Git-Dch: Ignore
* apt-pkg/tagfile.h: Include stdint.h, fixes rdep build failuresJulian Andres Klode2015-09-111-0/+1
|
* avoid triggering the c++11 erase api change on travisDavid Kalnischkies2015-09-021-2/+2
| | | | Git-Dch: Ignore
* use clock() as source for SRV randomnessDavid Kalnischkies2015-09-012-24/+18
| | | | | | | | | | | | | | | Initializing a random number generator with the time since epoch could be good enough, but reaches its limits in test code as the 100 iterations might very well happen in the same second and hence the seed number is always the same… clock() has a way lower resolution so it changes more often and not unimportant: If many users start the update at the same time it isn't to unlikely the SRV record will be ordered in the same second choosing the same for them all, but it seems less likely that the exact same clock() time has passed for them. And if I have to touch this, lets change a few other things as well to make me and/or compilers a bit happier (clang complained about the usage of a GNU extension in the testcase for example).
* use unusable-for-security hashes for integrity checksDavid Kalnischkies2015-09-012-0/+7
| | | | | | | We want to declare some hashes as not enough for security, so that a user will need --allow-unauthenticated or similar to get data secured only by those hashes, but we can still us these hashes for integrity checks if we got them.
* Consider md5sum no longer a usable hashMichael Vogt2015-09-012-4/+12
| | | | | The md5sum hash is broken since some time and we should no longer consider it a usable hash. Also update the tests to reflect this.
* improve CheckDropPrivsMustBeDisabled furtherDavid Kalnischkies2015-09-012-12/+28
| | | | | | | Various smaller improvements so that the check deals better with already downloaded files, relative paths and other things. Git-Dch: Ignore
* fix some unused parameter/variable warningsDavid Kalnischkies2015-08-311-2/+2
| | | | | Reported-By: gcc Git-Dch: Ignore
* if file is inaccessible for _apt, disable privilege drop in acquireDavid Kalnischkies2015-08-312-0/+53
| | | | | | | | | | | | | | | We had a very similar method previously for our own private usage, but with some generalisation we can move this check into the acquire system proper so that all frontends profit from this compatibility change. As we are disabling a security feature here a warning is issued and frontends are advised to consider reworking their download logic if possible. Note that this is implemented as an all or nothing situation: We can't just (not) drop privileges for a subset of the files in a fetcher, so in case you have to download some files with and some without you need to use two fetchers.
* ignore for _apt inaccessible TMPDIR in pkgAcqChangelogDavid Kalnischkies2015-08-313-5/+31
| | | | | | | | | | | | Using libpam-tmpdir caused us to create our download tmp directory in root's private tmp before changing to _apt, which wouldn't have access to it. By extending our GetTempDir method with an optional wrapper changing the effective user, we can test if a given user can access the directory and ignore TMPDIR if not instead of ignoring TMPDIR completely. Closes: 797270
* detect and deal with indextarget duplicatesDavid Kalnischkies2015-08-305-3/+74
| | | | | | | | | | | | | | | Multiple targets downloading the same file is bad™ as it leads us to all sorts of problems like the acquire system breaking or simply a problem of which settings to use for them. Beside that this is most likely a mistake and silently ignoring it doesn't help the user realizing his mistake… On the other hand, we have 'duplicates' which are 'created' by how we create indextargets, so we have to prevent those from being created to but do not emit a warning for them as this is an implementation detail. And then, there is the absolute and most likely user mistake: Having the same target(s) activated in multiple entries.
* implement $(NATIVE_ARCHITECTURE) substvar for indextargetsDavid Kalnischkies2015-08-301-0/+5
|
* try xz instead of bz2 first for compressed filesDavid Kalnischkies2015-08-291-9/+9
| | | | | | | | | | | | | | | | | | xz has pretty much won "the compressor war" and e.g. the Debian archive doesn't even distribute bz2 anymore in favor of 'xz' and 'gz', so by changing the default order we have a more realistic --print-uris behavior as it will always show the first compressor. In practice this effects repositories without a Release file (very bad, we don't want to support them anymore anyhow) as xz will be tried before bz2 now [which is probably not available, but so might be bz2…] AND repositories which provide both, bz2 and xz (which isn't too common) in sofar as apt will now download xz instead of bz2. Users with special needs can stick with bz2 as first compressor tried with Acquire::CompressionTypes::Order:: "bz2"; (see man apt.conf) – but users with special needs usually prefer "gz" anyhow, so the realworld change is expected to be very low.
* implement indextargets option 'DefaultEnabled'David Kalnischkies2015-08-293-5/+13
| | | | | | | | | | | Some targets like Contents-udeb are special-needs targets. Shipping the configuration snippet for them is okay, but they shouldn't be downloaded by default. Forcing the user to enable targets by uncommenting targets is wrong and this would still not really solve the problem completely as even if you want to download some -udebs it will probably not be for all sources you have enabled, so having the possibility of disabling a target by default, but giving the user the option to enable it on a per-source entry basis is better.
* use c++11 algorithms to avoid strange compiler warningsDavid Kalnischkies2015-08-294-85/+61
| | | | | | | | | | | | | Nobody knows what makes the 'unable to optimize loop' warning to appear in the sourceslist minus-options parsing, especially if we use a foreach loop, but we can replace it with some nice c++11 algorithm+lambda usage, which also helps in making even clearer what happens here. And as this would be a lonely change, lets do it for a few more loops as well where I might or might not have seen the warning at some point in time, too. Git-Dch: Ignore
* implement PDiff patching for compressed filesDavid Kalnischkies2015-08-285-95/+188
| | | | | | | | | | | | | | | | | | Some additional files like 'Contents' are very big and should therefore kept compressed on the disk, which apt-file did in the past. It also implemented pdiff patching of these files by un- and recompressing these files on-the-fly, with this commit we can do the same – but we can do this in both pdiff patching styles (client and server merging) and secured by hashes. Hashes are in so far slightly complicated as we can't compare the hashes of the compressed files as we might compress them differently than the server would (different compressor versions, options, …), so we must compare the hashes of the uncompressed content. While this commit has changes in public headers, the classes it changes are marked as hidden, so nobody can use them directly, which means the ABI break is internal only.
* sources.list and indextargets option for pdiffsDavid Kalnischkies2015-08-276-5/+29
| | | | | | | Disabling pdiffs can be useful occasionally, like if you have a fast local mirror where the download doesn't matter, but still want to use it for non-local mirrors. Also, some users might prefer it to only use it for very big indextargets like Contents.
* Do not parse Status fields from remote sourcesJulian Andres Klode2015-08-274-1/+26
| | | | | | | | | | | This could allow an attacker to mark a package as installed in a remote package index, as long as the package was not listed in the dpkg status file. This way, an attacker could force the installation of a package during a dist-upgrade, by providing two packages in an index, an older marked as installed, and a newer - apt would "upgrade" to the newer version.
* Merge branch 'feature/extractar-filefd' into debian/experimentalJulian Andres Klode2015-08-271-6/+7
|\
| * Always close compressed files in FileFdJulian Andres Klode2015-08-271-6/+7
| | | | | | | | | | | | | | We dup() the file descriptor when opening compressed files, so we always need to close the dup()ed one. Furthermore, not unsetting the d-pointer causes issues when running OpenDescriptor() multiple times on the same file descriptor.
* | cacheset: Prefer the depcache over the policy againJulian Andres Klode2015-08-271-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | By preferring the policy over the depcache, we ignore any changes we made in the depcache, which makes it impossible for code to change the candidate used here. This basically reverts commit 2fbfb111312257fa5fc29b0c2ed386fb712f960e: prefer the Policy if it is built instead of the DepCache and if DepCache is not available as fallback built the Policy But it also cleans the code up a bit, by removing one level of nesting.
* | allow explicit dis/enable of IndexTargets in sources optionsDavid Kalnischkies2015-08-271-1/+16
| | | | | | | | | | | | | | While Target{,-Add,-Remove} is available for configuring IndexTargets already, allow Targets to be mentioned explicitely as yes/no options as well, so that the Target 'Contents' can be disabled via 'Contents: no' as well as 'Target-Remove: Contents'.
* | not all targets are deb-src targetsDavid Kalnischkies2015-08-271-1/+1
| | | | | | | | | | | | | | Sometimes too much refactoring can have bad effects. Thanks: Niels Thykier for reporting on IRC Git-Dch: Ignore
* | use always priv-dropping for changelog download as rootDavid Kalnischkies2015-08-271-0/+4
| | | | | | | | | | | | | | First of, the temporary directory we download the changelog to needs to be owned by _apt, but that also means that we don't need to check if we could/should drop privs as the download happens to a dedicated tempdir and only after that it is moved to its final location by a privileged user.
* | fix various typos reported by codespellDavid Kalnischkies2015-08-273-3/+3
| | | | | | | | Reported-By: codespell
* | ignore AllowMem parameter in cache generationDavid Kalnischkies2015-08-272-16/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The parameter name suggests that it should forbid the building of the entire cache in memory, but this isn't how it was previously and as AllowMem is false by default it actually prevents previous usecases from working like being root and configuring apt to build no caches at all. This should be fixed at some point to actually work, but that is hard to pull off as it means switching the default and some callers (including apt itself) actually did call it explicitly with false in certain cases for no apparent reason (at least now where it is common to have enough memory to throw at every problem and even if not is a slow apt usally better than an apt erroring out). Closes: 796459
* | correct 'apt update' download summary lineDavid Kalnischkies2015-08-271-5/+6
| | | | | | | | | | | | | | | | Fetched() was reported for mostly nothing, while we should be calling it for files worked with from non-local sources (e.g. http, but not file or xz). Previously this was called from an acquire item, but got moved to the acquire worker instead to avoid having it (re)implemented in all items, but the checks were faulty.
* | just-in-time removal of broken essential packagesDavid Kalnischkies2015-08-272-3/+39
| | | | | | | | | | | | | | | | We deal with Conflicts in SmartUnpack in pretty much the same way, but Breaks weren't handled in SmartConfigure so that the remove was sheduled after the configuration of the package breaking the to-be-removed. Closes: 796070
* | Fix more instances of missing remapping handlingJulian Andres Klode2015-08-271-7/+22
| | | | | | | | | | | | | | | | | | | | | | | | After fixing Bug#796999, we noticed that there were some more instances of iterators which had no associated Dynamic object, causing them to not be updated when the cache was remapped. This happened in two places: In NewPackage() and in NewProvidesAllArch(). Gbp-Dch: ignore
* | pkgcachegen: Account for remapping when parsing depends from NewPackageJulian Andres Klode2015-08-271-2/+6
|/ | | | | | | | | | | | | | | In both the Ver and Dep variables, we need to account for remapping, as otherwise we would still reference the old bug. Reproduction environment: * An i386 system with amd64 foreign architecture * A sources.list with deb http://snapshot.debian.org/archive/debian/20150826T102846Z/ unstable main deb http://snapshot.debian.org/archive/debian/20150826T102846Z/ experimental main Thanks: Jakub Wilk for the bug report and the backtraces Closes: #796999