summaryrefslogtreecommitdiff
path: root/apt-private/private-download.cc
Commit message (Collapse)AuthorAgeFilesLines
* ensure we got a lock in clean operationDavid Kalnischkies2015-12-231-4/+4
| | | | | | We try to acquired the locks, but we didn't stop if we failed to get it… Closes: 808561
* non-existing directories don't need to be cleanedDavid Kalnischkies2015-12-141-8/+18
| | | | | | | | | | Trying to clean up directories which do not exist seems rather silly if you think about it, so let apt think about it and stop it. Depends a bit on the caller if this is fixing anything for them as they might try to acquire a lock or doing other clever things as apt does. Closes: 807477
* drop privileges in copy:// method as we do for file://David Kalnischkies2015-11-051-0/+2
| | | | | | | | | | | Continueing on the track of dropping privileges in all methods, lets drop it in copy, too, as the reasoning for it is very similar to file and the interaction between the too quiet interesting as copy kinda surfed as a fallback for file not being able to read the file. Both now show a better error message as well as it was previously claiming to have a hashsum mismatch, given that it couldn't read the file. Git-Dch: Ignore
* wrap every unlink call to check for != /dev/nullDavid Kalnischkies2015-11-041-1/+1
| | | | | | | | | | | | | | | | Unlinking /dev/null is bad, we shouldn't do that. Also, we should print at least a warning if we tried to unlink a file but didn't manage to pull it of (ignoring the case were the file is /dev/null or doesn't exist in the first place). This got triggered by a relatively unlikely to cause problem in pkgAcquire::Worker::PrepareFiles which would while temporary uncompressed files (which are set to keep compressed) figure out that to files are the same and prepare for sharing by deleting them. Bad move. That also shows why not printing a warning is a bad idea as this hide the error for in non-root test runs. Git-Dch: Ignore
* hidden support more apt-get/apt-cache commands in aptDavid Kalnischkies2015-11-041-1/+202
| | | | | | | | | | | | | | apt is supposed to be a user-friendly interface, so while these commands are usually poweruser material and therefore do not need to be shown in general introduction manpages/help messages its of no use to not allow users to use them. This includes clean, autoclean, build-dep, source, download, changelog, depends, rdepends and showsrc – it doesn't include more non-interactive commands like dump or xvcg as those are usually used by scripts if at all. Closes: 778234, 780700, 781237
* new quiet level -qq for apt to hide progress outputDavid Kalnischkies2015-11-041-2/+9
| | | | | | | | | -q is for logging and -qqq (old -qq) basically kills every output expect errors, so there should be a way of declaring a middleground in which the output of e.g. 'update' isn't as verbose, but still shows some things. The test framework was actually making use of by accident as it ignored the quiet level in output setup for apt before. Eventually we should figure out some better quiet levels for all tools…
* if file is inaccessible for _apt, disable privilege drop in acquireDavid Kalnischkies2015-08-311-49/+0
| | | | | | | | | | | | | | | We had a very similar method previously for our own private usage, but with some generalisation we can move this check into the acquire system proper so that all frontends profit from this compatibility change. As we are disabling a security feature here a warning is issued and frontends are advised to consider reworking their download logic if possible. Note that this is implemented as an all or nothing situation: We can't just (not) drop privileges for a subset of the files in a fetcher, so in case you have to download some files with and some without you need to use two fetchers.
* Replace --force-yes by various options starting with --allowJulian Andres Klode2015-08-141-2/+4
| | | | This enables more fine grained control over such exceptions.
* show or-groups in not-installed recommends and suggests listsDavid Kalnischkies2015-08-101-5/+8
| | | | | | | | Further abstracting our new ShowList allows to use it for containers of strings as well giving us the option to implement an or-groups display for the recommends and suggests lists which is a nice trick given that it also helps with migrating the last remaining other cases of old ShowList.
* chown finished partial files earlierDavid Kalnischkies2014-10-231-2/+9
| | | | | | | | | | | | | | | | | partial files are chowned by the Item baseclass to let the methods work with them. Now, this baseclass is also responsible for chowning the files back to root instead of having various deeper levels do this. The consequence is that all overloaded Failed() methods now call the Item::Failed base as their first step. The same is done for Done(). The effect is that even in partial files usually don't belong to _apt anymore, helping sneakernets and reducing possibilities of a bad method modifying files not belonging to them. The change is supported by the framework not only supporting being run as root, but with proper permission management, too, so that privilege dropping can be tested with them.
* check for available space, excluding root reserved blocksDavid Kalnischkies2014-10-151-0/+39
| | | | | | | | | | | We are checking the space requirements for ages, but the check uses the free blocks count, which includes the blocks reserved for usage by root. Now that we use an unprivileged user it has no access to these blocks anymore – and more importantly these blocks are a reserve, they shouldn't be used by apt without special encouragement by the user as it would be bad to have dpkg run out of diskspace and maintainerscripts like man-db skip certain actions if not enough space is available freely.
* don't drop privileges if _apt has not enough rightsDavid Kalnischkies2014-10-151-1/+49
| | | | | | | | | | | | | | | | | Privilege dropping breaks download/source/changelog commands as they require the _apt user to have write permissions in the current directory, which is e.g. the case in /tmp, but not in /root, so we disable the privilege dropping if we deal with such a directory based on idea and code by Michael Vogt. The alternative would be to download always to a temp directory and move it then done, but this breaks partial file support. To resolve this, we could move to one of our partial/ directories, but this would require a lock which would block root from using two of these commands in parallel. As both seems unacceptable we instead let the user choose what to do: Either a directory is setupped for _apt, downloading as root is accepted or – which is potentially even better – an unprivileged user is used for the commands.
* Show unauthenticated warning for source packages as wellMichael Vogt2014-06-021-0/+5
| | | | | | | | | This will show the same unauthenticated warning for source packages as for binary packages and will not download a source package if it is unauthenticated. This can be overridden with --allow-unauthenticated Closes: #749795
* cleanup headers and especially #includes everywhereDavid Kalnischkies2014-03-131-4/+2
| | | | | | | | Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
* warning: no previous declaration for foobar() [-Wmissing-declarations]David Kalnischkies2014-03-131-0/+1
| | | | | Git-Dch: Ignore Reported-By: gcc -Wmissing-declarations
* put fetch errors in 'source' on our errorstackDavid Kalnischkies2013-10-031-0/+96
refactor the fetching process so that it looks more like the others we have in the hope that we can reuse code in the future. This is a soft interface change as 'source' previously printed errors directly on stderr, while it will now push it onto our usual error stack.