summaryrefslogtreecommitdiff
path: root/apt-private
Commit message (Collapse)AuthorAgeFilesLines
* allow warning generation for non-whitelisted optionsDavid Kalnischkies2016-12-311-3/+4
| | | | | | | | | | | | | | | The idea is simple: Each¹ Find*( call starts with a call check if the given option (with the requested type) exists in the whitelist. The whitelist is specified via our configure-index file so that we have a better chance at keeping it current. the whitelist is loaded via a special (undocumented for now) configuration stanza and if none is loaded the empty whitelist will make it so that no warnings are shown. Much needs to be done still, but that is as good a time as any to take a snapshot of the current state and release it into the wild given that it found some bugs already and has no practical effect on users. ¹ not all in this iteration, but many
* use FindB instead of FindI for Debug::pkgAutoRemoveDavid Kalnischkies2016-12-311-1/+1
| | | | | | | | Again no practical difference, but for consistency a boolean option should really be accessed via a boolean method rather than an int especially if you happen to try setting the option to "true" … Gbp-Dch: Ignore
* expand -f to --fix-broken in error messagesDavid Kalnischkies2016-12-312-5/+4
| | | | | | | | | | | | | | | | | | | | Users end up believing that this is a --force mode as -f is common for that, but apt doesn't have such a mode and --fix-broken is really not about forcing something but actually trying to fix the breakage which tends to be the result of a user forcing something on its system via low-level forced dpkg calls. Example: The "common" pattern of "dpkg -i ./foo.deb; apt install -f" is nowadays far better dealt with via "apt install ./foo.deb". And while at it the two places handing out this suggestion are changed to use the same strings to avoid needless translation work in the future and the suggestion uses 'apt' instead of 'apt-get' as this will be run interactively by a user, so its a good opportunity to showcase what we can do and will allow us to be more helpful to the user. Closes: #709092 Thanks: Kristian Glass for initial patch!
* allow default build-essentials to be overriddenDavid Kalnischkies2016-12-311-7/+3
| | | | | | | | | The config list APT::Build-Essential gets a similar treatment to other lists now by having the value of the option itself be an override for the list allowing to disable build-essentials entirely as well as adding/overriding as usual by now in other lists. Reported-By: Johannes 'josch' Schauer on IRC
* add --indep-only for build-dep commandDavid Kalnischkies2016-12-312-1/+7
| | | | | | | | The implementation is quite different compared to --arch-only due to ABI reasons but functionality wise they are similar and usually both available for symmetry at least. Closes: #845775
* default to --no-check for dpkg-source callDavid Kalnischkies2016-12-161-1/+1
| | | | | | | | | | | | | | | In bug #757534 the opposite direction was initially requested, but what we did end up with was having a possibility to configure the options passed to dpkg. The reasoning given their and in #724744 is specific why apt doesn't need the checks to be performed by dpkg. In fact, what these two reports show is that if those checks are run people end up being confused about the requirement of them being run, so given the best case those checks can do is do nothing (visibly) while the worst cases are warnings and errors which are neither we are from a security point better of with disabling them – as (as mentioned in the bugreports) false positives for issues are really really bad in a security context. Closes: 724744
* remove needless fork() in apt-get sourceDavid Kalnischkies2016-12-161-66/+62
| | | | | | | | We are calling system() in this code paths, so all we do here is having a single child performing the action while the parent waits for it to finish… with the added strangeness of not having our usual error message collection and giving up after first failure even if told to act on multiple packages.
* let {dsc,tar,diff}-only implicitly enable download-onlyDavid Kalnischkies2016-12-161-7/+3
| | | | | | That was the case already for tar-only and diff-only, but in a more confusing way and without a message while dsc "worked" before resulting in a dpkg-source error shortly after as tar/diff files aren't available…
* add support for Build-Depends/Conflicts-ArchJohannes Schauer2016-11-091-1/+3
| | | | | | | | | | | | | | These new enum values might cause "interesting" behaviour in tools not expecting them – like an old apt would think a Build-Conflicts-Arch is some sort of Build-Depends – but that can't reasonably be avoided and effects only packages using B-D/C-A so if there is any breakage the tools can easily be adapted. The APT_PKG_RELEASE number is increased so that libapt users can detect the availability of these new enum fields via: #if APT_PKG_ABI > 500 || (APT_PKG_ABI == 500 && APT_PKG_RELEASE >= 1) Closes: #837395
* don't install new deps of candidates for kept back pkgsDavid Kalnischkies2016-11-021-5/+21
| | | | | | | | | | | | | | | | | | | | In effect this is an extension of the 6 years old commit a8dfff90aa740889eb99d00fde5d70908d9fd88a which uses the autoremover to remove packages again from the solution which are no longer needed to be there. Commonly these are dependencies of packages we end up not installed due to problem resolver decisions. Slightly less common is the situation we deal with here: a package which we wanted to upgrade sporting a new dependency, but ended up holding back. The problem is that all versions of an installed reverse dependencies can bring back a "garbage" package – we need to do this as there is nothing inherently wrong in having garbage packages installed or upgrade them, which itself would have garbage dependencies, so just blindly killing all new garbage packages would prevent the upgrade (and actually generate errors). What we should be doing is looking only at the version we will have on the system, disregarding all old/new reverse dependencies. Reported-By: Stuart Prescott (themill) on IRC
* edsp: try 2 to read responses even if writing failedDavid Kalnischkies2016-09-071-0/+4
| | | | | | | | | | | | | | | | Commit b60c8a89c281f2bb945d426d2215cbf8f5760738 improved the situation, but due to inconsistency mostly for planners, not for solvers. As the idea of hiding errors if we show another error is a bit scary (as the extern error might be a followup of our intern error, rather than the reason for our intern error as it is at the moment) we don't discard the errors, but if we got an extern error we show them directly removing them from the error list at the end of the run – that list will contain the extern error which hopefully gives us the best of both worlds. The problem itself is the same as before: The externals exiting before apt is done talking to them. Reported-By: Johannes 'josch' Schauer on IRC
* Merge branch 'portability/freebsd'Julian Andres Klode2016-08-272-0/+8
|\
| * CMake/private-download: Fix statfs includes on FreeBSDJulian Andres Klode2016-08-261-0/+7
| | | | | | | | | | | | | | On FreeBSD, we have to include sys/params.h and sys/mount.h, not sys/vfs.h. Gbp-Dch: ignore
| * Add missing includes and external definitionsJulian Andres Klode2016-08-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several modules use std::array without including the array header. Bad modules. Some modules use STDOUT_FILENO and friends, or close() without including unistd.h, where they are defined. One module also uses WIFEXITED() without including sys/wait.h. Finally, environ is not specified to be defined in unistd.h. We are required to define it ourselves according to POSIX, so let's do that.
* | Accept --autoremove as alias for --auto-removeJulian Andres Klode2016-08-261-0/+1
|/ | | | | I probably missed that when I did the usability work. But better late than never.
* add --with-source option and Packages/Sources supportDavid Kalnischkies2016-08-171-0/+5
| | | | | | | | | | | | | We support "./foobar.deb" as a way to install a deb file directly. Recently .changes files were added. This highlights a problem as you can't add the changes file without also trying to install all of them. Now, it could also be handy to add entire Packages/Sources files to perhaps get a bunch of packages in without installing them all implicitly. This commit introduces --with-source which allows to add *.deb, *.changes, *.dsc, source-dirs, Packages & Sources files (the later can also be compressed) without also installing them.
* Get rid of the old buildsystemJulian Andres Klode2016-08-101-21/+0
| | | | Bye, bye, old friend.
* apt-private: Do not include apti18n.h in headersJulian Andres Klode2016-08-102-4/+0
| | | | This causes build failures when turning translations off.
* CMake: Add basic CMake build systemJulian Andres Klode2016-08-061-0/+23
| | | | | | | | | | | Introduce an initial CMake buildsystem. This build system can build a fully working apt system without translation or documentation. The FindBerkelyDB module is from kdelibs, with some small adjustements to also look in db5 directories. Initial work on this CMake build system started in 2009, and was resumed in August 2016.
* apt-private: #ifdef HAVE_STRUCT_STATFS_F_TYPE, not #ifJulian Andres Klode2016-08-041-1/+1
| | | | | | | | | While autotools defines all macros to 1 explicitly, CMake only defines them without a value. In such a case, #if fails with an error and #ifdef works. In preparation for a possible switch to CMake and to clean up the code (rest uses #ifdef), use #ifdef here
* prevent C++ locale number formatting in text APIs (try 2)David Kalnischkies2016-07-301-2/+2
| | | | | | | Followup of b58e2c7c56b1416a343e81f9f80cb1f02c128e25. Still a regression of sorts of 8b79c94af7f7cf2e5e5342294bc6e5a908cacabf. Closes: 832044
* create non-existent files in edit-sources with 644 instead of 640David Kalnischkies2016-07-221-1/+15
| | | | | | | | | | If the sources file we want to edit doesn't exist yet GetLock will create it with 640, which for a generic lockfile might be okay, but as this is a sources file more relaxed permissions are in order – and actually required as it wont be readable for unprivileged users causing warnings/errors in apt calls. Reported-By: J. Theede (musca) on IRC
* report warnings&errors consistently in edit-sourcesDavid Kalnischkies2016-07-223-26/+42
| | | | | | | After editing the sources it is a good idea to (re)built the caches as they will be out-of-date and doing so helps in reporting higherlevel errors like duplicates sources.list entries, too, instead of just general parsing errors as before.
* support "install ./foo.changes"David Kalnischkies2016-07-224-13/+13
| | | | | | | | | | | | We support installing ./foo.deb (and ./foo.dsc for source) for a while now, but it can be a bit clunky to work with those directly if you e.g. build packages locally in a 'central' build-area. The changes files also include hashsums and can be signed, so this can also be considered an enhancement in terms of security as a user "just" has to verify the signature on the changes file then rather than checking all deb files individually in these manual installation procedures.
* eipp: let apt make a plan, not make stuff planeDavid Kalnischkies2016-06-293-7/+7
| | | | | | | | | | | | | | Julian noticed on IRC that I fall victim to a lovely false friend by calling referring to a 'planer' all the time even through these are machines to e.g. remove splinters from woodwork ("make stuff plane"). The term I meant is written in german in this way (= with a single n) but in english there are two, aka: 'planner'. As that is unreleased code switching all instances without any transitional provisions. Also the reason why its skipped in changelog. Thanks: Julian Andres Klode Gbp-Dch: Ignore
* eipp: provide the internal planer as an external oneDavid Kalnischkies2016-06-273-1/+11
| | | | | | Testing the current implementation can benefit from being able to be feed an EIPP request and produce a fully compliant response. It is also a great test for EIPP in general.
* eipp: implement version 0.1 of the protocolDavid Kalnischkies2016-06-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | | The very first step in introducing the "external installation planer protocol" (short: EIPP) as part of my GSoC2016 project. The description reads: APT-based tools like apt-get, aptitude, synaptic, … work with the user to figure out how their system should look like after they are done installing/removing packages and their dependencies. The actual installation/removal of packages is done by dpkg with the constrain that dependencies must be fulfilled at any point in time (e.g. to run maintainer scripts). Historically APT has a super micro-management approach to this task which hasn't aged that well over the years mostly ignoring changes in dpkg and growing into an unmaintainable mess hardly anyone can debug and everyone fears to touch – especially as more and more requirements are tacked onto it like handling cycles and triggers, dealing with "important" packages first, package sources on removable media, touch minimal groups to be able to interrupt the process if needed (e.g. unattended-upgrades) which not only sky-rocket complexity but also can be mutually exclusive as you e.g. can't have minimal groups and minimal trigger executions at the same time.
* show right binary name in simulation noticeDavid Kalnischkies2016-06-231-4/+6
| | | | Closes: 825216
* add insecure (and weak) allow-options for sources.listDavid Kalnischkies2016-06-221-0/+1
| | | | | | | | Weak had no dedicated option before and Insecure and Downgrade were both global options, which given the effect they all have on security is rather bad. Setting them for individual repositories only isn't great but at least slightly better and also more consistent with other settings for repositories.
* source: if download is skipped, don't try to unpackDavid Kalnischkies2016-06-221-0/+1
| | | | | If apt decides it can't download a file it is relatively pointless to try to tell dpkg-source to unpack it.
* forbid insecure repositories by default expect in apt-getDavid Kalnischkies2016-06-221-8/+17
| | | | | | | | | | | | | | | With this commit all APT-based clients default to refusing to work with unsigned or otherwise insufficently secured repositories. In terms of apt and apt-get this changes nothing, but it effects all tools using libapt like aptitude, synaptic or packagekit. The exception remains apt-get for stretch for now as this might break too many scripts/usecases too quickly. The documentation is updated and extended to reflect how to opt out or in on this behaviour change. Closes: 808367
* edsp: drop privileges before executing solversDavid Kalnischkies2016-06-081-7/+5
| | | | | | | | | | | | | | | Most (if not all) solvers should be able to run perfectly fine without root privileges as they get the entire state they are supposed to work on via stdin and do not perform any action directly, but just pass suggestions on via stdout. The new default is to run them all as _apt hence, but each solver can configure another user if it chooses/must. The security benefits are minimal at best, but it helps preventing silly mistakes (see 35f3ed061f10a25a3fb28bc988fddbb976344c4d) and that is always good. Note that our 'apt' and 'dump' solver already dropped privileges if they had them.
* move 'dump' solver from apt-utils to apt packageDavid Kalnischkies2016-06-081-1/+1
|
* edsp: optionally store a compressed copy of the last scenarioDavid Kalnischkies2016-06-083-6/+16
| | | | | | | | For bugreports and co it could be handy to have the scenario and all the settings used in it around later for inspection for EDSP like protocols. EDSP might not be the most interesting as the user can still interrupt the process before the solution is applied and users tend to have an opinion on the "rightness" of a solution, so it is disabled by default.
* ignore std::locale exeception on non-existent "" localeDavid Kalnischkies2016-06-021-1/+5
| | | | | | | | In 8b79c94af7f7cf2e5e5342294bc6e5a908cacabf changing to usage of C++ way of setting the locale causes us to be terminated in case of usage of an ungenerated locale as LC_ALL (or similar) – but we don't want to fail here, we just want to carry on as before with setlocale which we call in that case just for good measure.
* try to detect sudo spawned root-shell in prefixingDavid Kalnischkies2016-05-291-2/+7
| | | | | | | | | | | | | | | | It is a try as the we need to inspect SUDO_COMMAND which could be anything – apt, apt-get, in /usr/bin, in a $DPKG_ROOT "chroot", build from source, aliases, … The best we can do is look if the SHELL variable is equal to the SUDO_COMMAND which would mean a shell was invoked. That isn't fail-safe if different shells are involved as sub-shells have the tendency of not overriding the SHELL so a bash started from within zsh can happily pretend to be still zsh, so we could have a look at /etc/shells for a list, but oh well, we have to stop somewhere I guess. This sudo-prefixing feature is a gimmick after all. Closes: 825742
* look into the right textdomain for apt-utils againDavid Kalnischkies2016-05-283-3/+26
| | | | | Broken in e7e10e47476606e3b2274cf66b1e8ea74b236757 by looking always into "apt" while we ship some tools in "apt-utils"…
* use std::locale::global instead of setlocaleDavid Kalnischkies2016-05-281-1/+3
| | | | | | We use a wild mixture of C and C++ ways of generating output, so having a consistent world-view in both styles sounds like a good idea and should help in preventing regressions.
* prevent C++ locale number formatting in text APIsDavid Kalnischkies2016-05-273-5/+5
| | | | | | | | | | | Setting the C++ locale via std::locale::global(std::locale("")); which would otherwise default to the default C locale (aka: unaffected by setlocale) effects the formatting of numeric types in IO streams, which for output for humans is perfectly sensible, but breaks our many text interfaces used and parsed by us and others without expecting the numbers to be formatted. Closes: #825396
* don't try to get acquire lock in simulation modeDavid Kalnischkies2016-05-201-0/+2
| | | | | | | | | | | The code moving in eb1f04dda07c2b69549ad9fd793cca0e91841b3e moved the acquire stuff above the simulation exit, so before getting locks (and creating/chmod directories) we should be checking if we should actually really do it… [ignore as bugfix of an unreleased commit] Git-Dch: Ignore
* fail instead of segfault on unreadable config filesDavid Kalnischkies2016-05-204-12/+23
| | | | | | | | | | | | | The report mentions "apt list --upgradable", but there are others which have inconsistent behavior ranging from segfaulting to doing something with the partial (and hence incomplete) data. We had a recent report about sources.list (#818628), this one mentions prefences, the obvious next step is conf files… so the testcase is adapted to check for all three in file and directory versions and run a bunch of commands each time which should all have more or less the same behavior in such a case (aka error out). Closes: 824503
* show final solution in --no-download --fix-missing modeDavid Kalnischkies2016-05-161-109/+102
| | | | | | | | | | | | | | This commit moves the creation of the fetcher and with it the calculation of the filenames before the code generation the various lists detailing the solution. This means that simulation comes even so slightly closer to a real run as it will require and parse the package indexes for filenames and queuing of URIs, so that a simulation "using" an unavailable download method actually fails now. The real benefit of this change is through that the rather special but nontheless handy --no-download --fix-missing mode now actually shows what the solution is it will apply to the system rather than the solution it would if it could download all not-downloaded packages.
* show globalerrors before asking for confirmationDavid Kalnischkies2016-05-165-23/+36
| | | | | | | | | | | | | | Errors cause a kind of automatic no already, but warnings and notices are only displayed at the end of the apt execution even through they could effect the choice of saying yes/no to questions: E.g. if a configuration (file) was ignored you wanted to have an effect or if an external solver you used generated warnings suggesting that the solution might be valid, but bogus non-the-less and similar things. Note that this only moves those messages up to the question if the answer is interactive – not if e.g. -y is used or no question is asked at all so this has an effect only on interactive usage of apt(-get), not script who might be parsing apt output.
* Speed up GetLocalitySortedVersionSet.Adrian Wielgosik2016-05-091-9/+20
|
* factor out Pkg/DepIterator prettyprinters into own headerDavid Kalnischkies2016-04-281-3/+3
| | | | | | | | | The old prettyprinters have only access to the struct they pretty print, which isn't enough usually as we want to know for a package also a bit of state information like which version is the candidate. We therefore need to pull the DepCache into context and hence use a temporary struct which is printed instead of the iterator itself.
* private-show: Get rid of old policy support codeJulian Andres Klode2016-04-251-35/+2
| | | | | This does not make much sense anymore, now that we dropped the old candidate ver algorithm.
* format multiline errors properly in acquire progressDavid Kalnischkies2016-04-251-5/+21
| | | | | | | | | | | Together with the GlobalError change this allows us to add errors spanning multiple lines, just that we control GlobalError while the acquire progress is dealt with potentially by individual clients which might or might not need to be adapted. This isn't critical through as it either just works as expected anyhow or is a minor styling thing (after all, all this commit does it add two spaces to indent the lines a bit…).
* drop empty line from fetch errorDavid Kalnischkies2016-04-251-1/+1
| | | | | | | | This is a duplicate of sorts of 0efb29eb36184bbe6de7b1013d1898796d94b171 which is the a lot more frequent case of this error – and also a duplicate of this error message, just without the \n at the end. Git-Dch: Ignore
* support APT::Get::Build-Dep-Automatic again in build-depDavid Kalnischkies2016-03-061-0/+23
| | | | | | | | | | | In a249b3e6fd798935a02b769149c9791a6fa6ef16 I dropped with the manual first resolver step also the support for installing build-deps as automatic in such a way that it behaved like this option was enabled by default. Restoring support for it means that we go back to mark build- dependencies as manually installed again by default and provide this option to keep them as automatically installed.
* use local changelog from /usr/share/doc if possibleDavid Kalnischkies2016-02-111-0/+2
| | | | | | | | | | | If pkgAcqChangelog is told to acquire the changelog for a version it will check first if this version is installed on the disk and if so will use the local changelog in /usr/share/doc (possibily/likely gz compressed) instead of downloading the file from the web. An option is provided to disable this, which is enabled by default for the Ubuntu vendor as they truncate the local changelogs – and for apts --print-uris action.