summaryrefslogtreecommitdiff
path: root/apt-private
Commit message (Collapse)AuthorAgeFilesLines
* Get rid of the old buildsystemJulian Andres Klode2016-08-101-21/+0
| | | | Bye, bye, old friend.
* apt-private: Do not include apti18n.h in headersJulian Andres Klode2016-08-102-4/+0
| | | | This causes build failures when turning translations off.
* CMake: Add basic CMake build systemJulian Andres Klode2016-08-061-0/+23
| | | | | | | | | | | Introduce an initial CMake buildsystem. This build system can build a fully working apt system without translation or documentation. The FindBerkelyDB module is from kdelibs, with some small adjustements to also look in db5 directories. Initial work on this CMake build system started in 2009, and was resumed in August 2016.
* apt-private: #ifdef HAVE_STRUCT_STATFS_F_TYPE, not #ifJulian Andres Klode2016-08-041-1/+1
| | | | | | | | | While autotools defines all macros to 1 explicitly, CMake only defines them without a value. In such a case, #if fails with an error and #ifdef works. In preparation for a possible switch to CMake and to clean up the code (rest uses #ifdef), use #ifdef here
* prevent C++ locale number formatting in text APIs (try 2)David Kalnischkies2016-07-301-2/+2
| | | | | | | Followup of b58e2c7c56b1416a343e81f9f80cb1f02c128e25. Still a regression of sorts of 8b79c94af7f7cf2e5e5342294bc6e5a908cacabf. Closes: 832044
* create non-existent files in edit-sources with 644 instead of 640David Kalnischkies2016-07-221-1/+15
| | | | | | | | | | If the sources file we want to edit doesn't exist yet GetLock will create it with 640, which for a generic lockfile might be okay, but as this is a sources file more relaxed permissions are in order – and actually required as it wont be readable for unprivileged users causing warnings/errors in apt calls. Reported-By: J. Theede (musca) on IRC
* report warnings&errors consistently in edit-sourcesDavid Kalnischkies2016-07-223-26/+42
| | | | | | | After editing the sources it is a good idea to (re)built the caches as they will be out-of-date and doing so helps in reporting higherlevel errors like duplicates sources.list entries, too, instead of just general parsing errors as before.
* support "install ./foo.changes"David Kalnischkies2016-07-224-13/+13
| | | | | | | | | | | | We support installing ./foo.deb (and ./foo.dsc for source) for a while now, but it can be a bit clunky to work with those directly if you e.g. build packages locally in a 'central' build-area. The changes files also include hashsums and can be signed, so this can also be considered an enhancement in terms of security as a user "just" has to verify the signature on the changes file then rather than checking all deb files individually in these manual installation procedures.
* eipp: let apt make a plan, not make stuff planeDavid Kalnischkies2016-06-293-7/+7
| | | | | | | | | | | | | | Julian noticed on IRC that I fall victim to a lovely false friend by calling referring to a 'planer' all the time even through these are machines to e.g. remove splinters from woodwork ("make stuff plane"). The term I meant is written in german in this way (= with a single n) but in english there are two, aka: 'planner'. As that is unreleased code switching all instances without any transitional provisions. Also the reason why its skipped in changelog. Thanks: Julian Andres Klode Gbp-Dch: Ignore
* eipp: provide the internal planer as an external oneDavid Kalnischkies2016-06-273-1/+11
| | | | | | Testing the current implementation can benefit from being able to be feed an EIPP request and produce a fully compliant response. It is also a great test for EIPP in general.
* eipp: implement version 0.1 of the protocolDavid Kalnischkies2016-06-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | | The very first step in introducing the "external installation planer protocol" (short: EIPP) as part of my GSoC2016 project. The description reads: APT-based tools like apt-get, aptitude, synaptic, … work with the user to figure out how their system should look like after they are done installing/removing packages and their dependencies. The actual installation/removal of packages is done by dpkg with the constrain that dependencies must be fulfilled at any point in time (e.g. to run maintainer scripts). Historically APT has a super micro-management approach to this task which hasn't aged that well over the years mostly ignoring changes in dpkg and growing into an unmaintainable mess hardly anyone can debug and everyone fears to touch – especially as more and more requirements are tacked onto it like handling cycles and triggers, dealing with "important" packages first, package sources on removable media, touch minimal groups to be able to interrupt the process if needed (e.g. unattended-upgrades) which not only sky-rocket complexity but also can be mutually exclusive as you e.g. can't have minimal groups and minimal trigger executions at the same time.
* show right binary name in simulation noticeDavid Kalnischkies2016-06-231-4/+6
| | | | Closes: 825216
* add insecure (and weak) allow-options for sources.listDavid Kalnischkies2016-06-221-0/+1
| | | | | | | | Weak had no dedicated option before and Insecure and Downgrade were both global options, which given the effect they all have on security is rather bad. Setting them for individual repositories only isn't great but at least slightly better and also more consistent with other settings for repositories.
* source: if download is skipped, don't try to unpackDavid Kalnischkies2016-06-221-0/+1
| | | | | If apt decides it can't download a file it is relatively pointless to try to tell dpkg-source to unpack it.
* forbid insecure repositories by default expect in apt-getDavid Kalnischkies2016-06-221-8/+17
| | | | | | | | | | | | | | | With this commit all APT-based clients default to refusing to work with unsigned or otherwise insufficently secured repositories. In terms of apt and apt-get this changes nothing, but it effects all tools using libapt like aptitude, synaptic or packagekit. The exception remains apt-get for stretch for now as this might break too many scripts/usecases too quickly. The documentation is updated and extended to reflect how to opt out or in on this behaviour change. Closes: 808367
* edsp: drop privileges before executing solversDavid Kalnischkies2016-06-081-7/+5
| | | | | | | | | | | | | | | Most (if not all) solvers should be able to run perfectly fine without root privileges as they get the entire state they are supposed to work on via stdin and do not perform any action directly, but just pass suggestions on via stdout. The new default is to run them all as _apt hence, but each solver can configure another user if it chooses/must. The security benefits are minimal at best, but it helps preventing silly mistakes (see 35f3ed061f10a25a3fb28bc988fddbb976344c4d) and that is always good. Note that our 'apt' and 'dump' solver already dropped privileges if they had them.
* move 'dump' solver from apt-utils to apt packageDavid Kalnischkies2016-06-081-1/+1
|
* edsp: optionally store a compressed copy of the last scenarioDavid Kalnischkies2016-06-083-6/+16
| | | | | | | | For bugreports and co it could be handy to have the scenario and all the settings used in it around later for inspection for EDSP like protocols. EDSP might not be the most interesting as the user can still interrupt the process before the solution is applied and users tend to have an opinion on the "rightness" of a solution, so it is disabled by default.
* ignore std::locale exeception on non-existent "" localeDavid Kalnischkies2016-06-021-1/+5
| | | | | | | | In 8b79c94af7f7cf2e5e5342294bc6e5a908cacabf changing to usage of C++ way of setting the locale causes us to be terminated in case of usage of an ungenerated locale as LC_ALL (or similar) – but we don't want to fail here, we just want to carry on as before with setlocale which we call in that case just for good measure.
* try to detect sudo spawned root-shell in prefixingDavid Kalnischkies2016-05-291-2/+7
| | | | | | | | | | | | | | | | It is a try as the we need to inspect SUDO_COMMAND which could be anything – apt, apt-get, in /usr/bin, in a $DPKG_ROOT "chroot", build from source, aliases, … The best we can do is look if the SHELL variable is equal to the SUDO_COMMAND which would mean a shell was invoked. That isn't fail-safe if different shells are involved as sub-shells have the tendency of not overriding the SHELL so a bash started from within zsh can happily pretend to be still zsh, so we could have a look at /etc/shells for a list, but oh well, we have to stop somewhere I guess. This sudo-prefixing feature is a gimmick after all. Closes: 825742
* look into the right textdomain for apt-utils againDavid Kalnischkies2016-05-283-3/+26
| | | | | Broken in e7e10e47476606e3b2274cf66b1e8ea74b236757 by looking always into "apt" while we ship some tools in "apt-utils"…
* use std::locale::global instead of setlocaleDavid Kalnischkies2016-05-281-1/+3
| | | | | | We use a wild mixture of C and C++ ways of generating output, so having a consistent world-view in both styles sounds like a good idea and should help in preventing regressions.
* prevent C++ locale number formatting in text APIsDavid Kalnischkies2016-05-273-5/+5
| | | | | | | | | | | Setting the C++ locale via std::locale::global(std::locale("")); which would otherwise default to the default C locale (aka: unaffected by setlocale) effects the formatting of numeric types in IO streams, which for output for humans is perfectly sensible, but breaks our many text interfaces used and parsed by us and others without expecting the numbers to be formatted. Closes: #825396
* don't try to get acquire lock in simulation modeDavid Kalnischkies2016-05-201-0/+2
| | | | | | | | | | | The code moving in eb1f04dda07c2b69549ad9fd793cca0e91841b3e moved the acquire stuff above the simulation exit, so before getting locks (and creating/chmod directories) we should be checking if we should actually really do it… [ignore as bugfix of an unreleased commit] Git-Dch: Ignore
* fail instead of segfault on unreadable config filesDavid Kalnischkies2016-05-204-12/+23
| | | | | | | | | | | | | The report mentions "apt list --upgradable", but there are others which have inconsistent behavior ranging from segfaulting to doing something with the partial (and hence incomplete) data. We had a recent report about sources.list (#818628), this one mentions prefences, the obvious next step is conf files… so the testcase is adapted to check for all three in file and directory versions and run a bunch of commands each time which should all have more or less the same behavior in such a case (aka error out). Closes: 824503
* show final solution in --no-download --fix-missing modeDavid Kalnischkies2016-05-161-109/+102
| | | | | | | | | | | | | | This commit moves the creation of the fetcher and with it the calculation of the filenames before the code generation the various lists detailing the solution. This means that simulation comes even so slightly closer to a real run as it will require and parse the package indexes for filenames and queuing of URIs, so that a simulation "using" an unavailable download method actually fails now. The real benefit of this change is through that the rather special but nontheless handy --no-download --fix-missing mode now actually shows what the solution is it will apply to the system rather than the solution it would if it could download all not-downloaded packages.
* show globalerrors before asking for confirmationDavid Kalnischkies2016-05-165-23/+36
| | | | | | | | | | | | | | Errors cause a kind of automatic no already, but warnings and notices are only displayed at the end of the apt execution even through they could effect the choice of saying yes/no to questions: E.g. if a configuration (file) was ignored you wanted to have an effect or if an external solver you used generated warnings suggesting that the solution might be valid, but bogus non-the-less and similar things. Note that this only moves those messages up to the question if the answer is interactive – not if e.g. -y is used or no question is asked at all so this has an effect only on interactive usage of apt(-get), not script who might be parsing apt output.
* Speed up GetLocalitySortedVersionSet.Adrian Wielgosik2016-05-091-9/+20
|
* factor out Pkg/DepIterator prettyprinters into own headerDavid Kalnischkies2016-04-281-3/+3
| | | | | | | | | The old prettyprinters have only access to the struct they pretty print, which isn't enough usually as we want to know for a package also a bit of state information like which version is the candidate. We therefore need to pull the DepCache into context and hence use a temporary struct which is printed instead of the iterator itself.
* private-show: Get rid of old policy support codeJulian Andres Klode2016-04-251-35/+2
| | | | | This does not make much sense anymore, now that we dropped the old candidate ver algorithm.
* format multiline errors properly in acquire progressDavid Kalnischkies2016-04-251-5/+21
| | | | | | | | | | | Together with the GlobalError change this allows us to add errors spanning multiple lines, just that we control GlobalError while the acquire progress is dealt with potentially by individual clients which might or might not need to be adapted. This isn't critical through as it either just works as expected anyhow or is a minor styling thing (after all, all this commit does it add two spaces to indent the lines a bit…).
* drop empty line from fetch errorDavid Kalnischkies2016-04-251-1/+1
| | | | | | | | This is a duplicate of sorts of 0efb29eb36184bbe6de7b1013d1898796d94b171 which is the a lot more frequent case of this error – and also a duplicate of this error message, just without the \n at the end. Git-Dch: Ignore
* support APT::Get::Build-Dep-Automatic again in build-depDavid Kalnischkies2016-03-061-0/+23
| | | | | | | | | | | In a249b3e6fd798935a02b769149c9791a6fa6ef16 I dropped with the manual first resolver step also the support for installing build-deps as automatic in such a way that it behaved like this option was enabled by default. Restoring support for it means that we go back to mark build- dependencies as manually installed again by default and provide this option to keep them as automatically installed.
* use local changelog from /usr/share/doc if possibleDavid Kalnischkies2016-02-111-0/+2
| | | | | | | | | | | If pkgAcqChangelog is told to acquire the changelog for a version it will check first if this version is installed on the disk and if so will use the local changelog in /usr/share/doc (possibily/likely gz compressed) instead of downloading the file from the web. An option is provided to disable this, which is enabled by default for the Ubuntu vendor as they truncate the local changelogs – and for apts --print-uris action.
* get dpkg lock in build-dep if cache was invalid againDavid Kalnischkies2016-02-101-6/+5
| | | | | | | | | | | | | | | | Regression introduced in a249b3e6fd798935a02b769149c9791a6fa6ef16, which in the case of an invalid cache would build the first part unlocked and later pick up the (still unlocked) cache for further processing, so the system got never locked and apt would end up complaining about being unable to release the lock at shutdown. The far more common case of having a valid cache worked as expected and hence covered up the problem – especially as tests who would have noticed it are simulations only, which do not lock. Closes: 814139 Reported-By: Balint Reczey <balint@balintreczey.hu> Reported-By: Helmut Grohne <helmut@subdivi.de> on IRC
* avoid building dependency tree in 'source' commandDavid Kalnischkies2016-02-031-4/+1
| | | | | | We don't need the dependencies for obvious reasons and we don't need the candidate version either, so building a pkgDepCache is wasted effort, which we can stop doing now that build-dep cleared the path.
* use pkgCache::VS instead of pkgDepCache::VS()David Kalnischkies2016-02-031-5/+5
| | | | | | | | | | | | | | The later just calls the earlier, but the later needs the fullblown dependency cache to be initialized, which is a very costly operation and isn't done anymore that early in the run as we would need to throw away and rebuild it again after we got all the information about source pkgs. As we end up with a nullptr for the pkgDepCache, we use a slightly longer calling convention to make sure that we use the pkgCache directly, avoiding nullptr induced segfaults and costly operations. Git-Dch: Ignore Reported-By: Balint Reczey <balint@balintreczey.hu>
* Try avoiding loading long package descriptionAdrian Wielgosik2016-02-021-1/+2
| | | | | | | | | | | It's a fairly expensive call and it's called on every package, even though it's usually only used when we're interested in a small number of packages. Long description is currently only shown by this function when using `apt search X --full`. On my PC, this patch speeds up `apt list` by roughly 20% and `apt list --installed` by 1-2%.
* get sources for packages in multiple releases againDavid Kalnischkies2016-01-261-16/+14
| | | | | | | | | In 321213f0dcdcdaab04e01663e7a047b261400c9c Andreas Cadhalpun corrected the incorrect overriding of earlier better-fitting results with later (semi-)matches – but that broke the case in which packages are in multiple releases in the same version (and the user has both releases configured). Closes: 812497
* reimplement build-dep via apts normal resolverDavid Kalnischkies2016-01-253-393/+156
| | | | | | | | | | | | | | | | | | | | | | | | build-dep was implemented by parsing the build-dependencies of a package and figuring out which packages to install/remove based on this. That means that for the first level of dependencies build-dep was implementing its very own resolver with all the benefits (aka: bugs) this gives us for not using the existing resolver for all levels. Making this work involves generating a dummy binary package with fitting Depends and Conflicts and as we can't create them out of thin air the cache generation needs to be involved so we end up writing a Packages file which we want to parse – after we have parsed the other Packages files already. With .dsc/.deb files we could add them before we started parsing anything. With a bit of care we can avoid generating too much data we have to throw away again (as many parts assume that e.g. the count of packages doesn't change midair), so that on a speed front there shouldn't be much of a difference, but output can be slightly confusing as if we have a completely valid cache on disk the "Reading package lists... Done" is printed two times – but apt is pretty quick about it in that case. Closes: #137560, #444930, #489911, #583914, #728317, #812173
* delay build-dep variable initialisation until neededDavid Kalnischkies2016-01-141-18/+20
| | | | Git-Dch: Ignore
* mark not-declared helper function for showsrc as staticDavid Kalnischkies2016-01-141-2/+2
| | | | Git-Dch: Ignore
* Do not show multiple identical apt-cache showsrc entriesMichael Vogt2016-01-141-3/+18
| | | | Closes: #734922
* AUTHORS: Update: I am active, bubulle is notJulian Andres Klode2016-01-121-1/+2
| | | | Gbp-Dch: ignore
* Sort the list of sources to be built and linkedMattia Rizzolo2016-01-111-2/+2
| | | | | | | | | Fix reproducibility issue due to readdir() order by sorting the list of sources to be built and linked. [jak@debian.org: Added summary and fixed typo] Closes: #810509
* search: Handle packages without descriptionJulian Andres Klode2016-01-111-2/+5
| | | | | | | | | | | | | If a package has no description, we would crash in search. While this should not happen, there seem to be some weird cases where it does. A safer way might be to make the whole parser thing safe against this, so pkgRecords::Lookup(Desc.FileList()) works and returns a parser where all values are empty. This would also fix all other instances of this bug, if there are any. Closes: #810622
* apt-helper: cat-file: Add -C/--compress optionJulian Andres Klode2016-01-071-1/+5
| | | | | | This allows passing compressing the output. The compressor must be a compressor name, extension, or an extension without the leading dot.
* Add new APT::Keep-Downloaded-Packages optionMichael Vogt2016-01-022-0/+13
| | | | | | | | | | This option controls if downloaded packages should be kept after a successful install or if they should be deleted. The default for "apt-get" is that they are kept (just like before). However the default for "apt" is that they get deleted. Closes: #160743
* fail installing build-deps if parsing them failedDavid Kalnischkies2016-01-021-1/+1
| | | | Git-Dch: Ignore
* ensure we got a lock in clean operationDavid Kalnischkies2015-12-231-4/+4
| | | | | | We try to acquired the locks, but we didn't stop if we failed to get it… Closes: 808561