summaryrefslogtreecommitdiff
path: root/doc/examples
Commit message (Collapse)AuthorAgeFilesLines
* Prevent sleep while running dpkg.Nathan Pratta Teodosio2026-02-171-0/+2
| | | | | As long as we are running dpkg, keep an inhibitor that blocks us from sleeping.
* configure-index Acquire::ForceIPv4/6Christopher Bock2026-01-051-0/+3
|
* Grammar fixesVille Skyttä2025-12-031-1/+1
|
* Implement architecture variantsJulian Andres Klode2025-10-251-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Architecture variants are children of an architecture that share the same ABI but are optimized for different ISA levels. They are available in Ubuntu 25.10 and newer, and not supported in Debian or other distributions. A deb built for a variant contains the Architecture-Variant field, and the Architecture field points to the baseline, for example: Architecture: amd64 Architecture-Variant: amd64v3 However, the apt-get indextargets command reports the variant in the Architecture: field, and most of the code in APT presents the variant as the architecture. There are two types of variants: 1. Standalone variants are recorded in the Architectures field of the Release file as if they were a real architecture: Architectures: amd64 amd64v3 Standalone architecture variants only fetch the standalone architecture variant's Packages file. To do this, this patch changes the code such that the variants indextargets "supplant" the base targets. This may have complicated outcomes on the apt-get indextargets command. 2. Other variants can only be identified by their files being recorded with hashes in the Release file. APT fetches both the base architecture's as well as the variant's Packages file. Variants are configured in the APT::Architecture-Variants list. Image builders may want to build specific variant images using APT::Architecture-Variants { "amd64v3"; } But this commit also implements an automatic discovery mechanism using the varianttable and /proc/cpuinfo. APT::Architecture-Variants "auto";
* Record varying defaults based on cli-version, rather than binaryJulian Andres Klode2025-10-251-0/+4
| | | | | | The --cli-version argument can be used to request a specific CLI version. The default CLI version is the APT version for apt(8) and 0 for the other apt-get tools.
* ExecFork: Use close_range() if availableJulian Andres Klode2025-10-201-0/+1
| | | | | | | | | | | | | Use close_range() if we have it in preference to iterating over /proc/self/fd and falling back to closing all possible fds. This builds sets of ranges to close that take into account the APT::Keep-Fds vector, and a test case is provided to ensure correctness of the splitting logic. Preference is given to close_range() over /proc as in the optimal case, this results in a single system call!
* Print --solver 3.0 explanation if both internal and it failedJulian Andres Klode2025-03-091-0/+1
| | | | | | | | | | This can provide useful additional context. To avoid updating the whole test suite for it, introduce a new option `quiet::NoSolver3Explanation` and set it by default. All the other tests that assert output will already have matching tests for --solver 3.0 with the correct messages asserted, it makes no sense to duplicate them.
* Evaluate and fall back to the 3.0 solverJulian Andres Klode2025-03-091-0/+1
| | | | | | | | | | | | Always run the 3.0 solver after the internal solver. If the internal solver failed, and the 3.0 solver did not, use the 3.0 result. If 3.0 solver failed or produced a worse result than the internal solver, write an apport crash dump. We exclude situations which we now the solver can't handle, i.e. removals are forbidden and you requested removals, and stuff like that.
* solver3: Implement a timeout, default 10sJulian Andres Klode2025-02-141-0/+1
| | | | | A SAT solver can run more or less forever, but that's not a good user experience.
* solver3: Defer version selection where possibleJulian Andres Klode2025-02-141-0/+1
| | | | | | | | | | | | | If a dependency can be satisfied by all versions of a package, add the package to the clause instead of the version object. This works only if there are no providers for the package: Providers are quite hard to enumerate over and make sure that all versions of a package satisfy the provider dependency. Implement arbitrary selection between packages and versions for the CompareProviders class: We pick the best version for each package and then pit them against each other.
* Remove leftovers from ftp and rsh/ssh methods removalDavid Kalnischkies2025-01-051-26/+0
| | | | References: fd3684cdbc165ceaa635ed19fcbd231f509b0179
* Drop SourceListWarnings::NonFreeFirmware messagesDavid Kalnischkies2025-01-051-1/+0
| | | | | | | | | They were implemented to help a tiny bit in notifying users even if they didn't read the Release notes (or didn't realize it would apply to them) that they likely have to change their sources.list entries, but that transition is now over for a while, so everyone who should have seen it has hopefully reacted to it and so all this code now does is waste space, time and idly waiting for false positives.
* Use deb.debian.org instead of ftp.debian.org URLsGuillem Jover2024-12-281-4/+4
| | | | | | | While the ftp.debian.org URLs are still functional in Debian, they can confuse people as the protocol is mismatched. Using the deb.debian.org frontend should also generally give generally good performance regardless of the client location.
* Introduce automatic pager for read commandsJulian Andres Klode2024-12-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatically show the output of `show`, `policy`, `list`, `search`, `showsrc` in a pager. The pager setup is inspired by git's pager setup. Notably, the pager is found using APT_PAGER and PAGER variables. We wait for the pager to be setup somewhat correctly by using a notify pipe to figure out whether execvp() was succesful - then the pipe will read EOF as the other end got closed by CLOEXEC during exec - or not, then the pipe will contain an errno. We set up the correct handlers for signals and exit to close the fds and wait for the pager. Notably inside the signal handler we cannot flush our streams, only close them, so there is some duplication. We call the InitOutputPager() function from inside the various Do...() functions rather than setting it up generally in InitOutput(). Doing so allows us to first render the progress without a pager, and then setup the pager for the content only which improves user experience. When we setup a pager we also take care to disable standard input, as we should not be prompting users while a pager is running (the pager will be reading from the tty directly). We do this by dup2-ing() a /dev/null over it; if we just close()d the fd, another open() might reuse the fd number and problems could occur.
* Merge branch 'fix/partialfilemirror' into 'main'Julian Andres Klode2024-11-221-19/+48
|\ | | | | | | | | Support uncompressed indexes from partial file:/ mirrors See merge request apt-team/apt!235
| * Allow AutoDetectProxy to work with more than just http(s)David Kalnischkies2024-11-221-6/+12
| | | | | | | | | | | | | | | | It is a bit unfair for third-party methods wrapping e.g. http to not have access to such tools, same for our old ftp and e.g. our tor even if in practice this isn't used much even for http. At least that is one less FIXME in the code.
| * Rewrite hidden config option checker for more patternsDavid Kalnischkies2024-11-221-13/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | The previous version allowed only foo::*::bar as a pattern, now you can have as many starred parts as you want allowing for a finer control instead of hardcoding specific common star-values or giving up with **. It also adds a new INVALID type for an option to mark options which should not be used, but are covered by a pattern which would normally allow it. Our tests are more or less the only users of this hidden feature making this change not very risky even through it has no dedicated test itself.
* | Avoid unnormalized paths for CMake install destinationsDavid Kalnischkies2024-11-221-1/+1
|/ | | | | | | | | | | CMake 3.31 is very noisy about our manpage (and to a lesser extend documentation in general) building as we used "//" and "/../" there. `cmake --help-policy CMP0177` documents the warning, so we could just decide on a value and deal with it, but given our usage is not really needed and rather trivial to change lets not pick a value and instead use a normalized path so we don't use different code paths in CMake depending on which CMake version we happen to be build with.
* Add a --comment option to record Comment: in historyJulian Andres Klode2024-11-181-0/+2
| | | | Suggested-by: mhoye on IRC
* http: use Retry-After HTTP header to optimize retriesFelix Moessbauer2024-11-181-0/+1
| | | | | | | | | | | | | | | | | | | Some mirrors like snapshot.debian.org apply strict http rate limits. While apt already has an exponential backoff mechanism implemented, this is not sufficient due to the following reasons: 1. all retries happen roughly at the same time 2. the retry-after information from the server is not used We fix this by improving the algorithm: First, if present, the timestamp or duration of the Retry-After header is added to the exponential backoff, optimizing for success-on-second-try. Second, a random delay is added (delay += [0, delay]) to distribute the retries to not immediately run into the limit again. To avoid super-long delays, this is capped by the configured maximum delay. This logic only becomes active if the option Acquire::Retries::HandleRetryAfter is enabled. Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
* Only revoke weak RSA keys for now, add 'next' and 'future' levelsJulian Andres Klode2024-07-151-0/+2
| | | | | | | | | | | Algorithms not in the next level give a warning, algorithms in not in the future level introduce an audit message for the --audit flag. next: >=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512 future: >=rsa3072,ed25519,ed448 LP: #2073126
* solver3: Implement APT::Solver::RemoveManual to allow removing manual packagesJulian Andres Klode2024-05-241-0/+1
| | | | | | This is mostly going to be useful for the test suite for now, implement a function there to set it up so we can use it to improve test suite correctness.
* Initial implementation of the 3.0 solverJulian Andres Klode2024-05-141-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a simple backtracking brute-force solver with heurisitcs, this initial version has the following known gaps: - Errors are not kept from branches, the error reporting after backtracking isn't particularly useful. - We cannot show automatically removed packages - We cannot replace packages with others - We do not have conflict-driven clause learning yet Untested: - Multi-arch This solver is fundamentally different in key aspects: - It solves smaller dependency groups before larger ones, leading us to avoid installing A in A|B if B is installed more often and more consistently. - It only keeps the automatic packages reachable via the strongest path. Currently it only implements autoremoval, but not display of autoremoval as we simply enqueue all automatically installed packages at the end when not doing automatic removal. This will need some translation where we Solve() first, and then Solve() again with the automatically installed packages added such that we can mark them as Garbage for display purposes. - It does not remove manually installed packages. Hook the solver in via the EDSP framework, this allows us to achieve easy initial integration without lots of issues. A lot of this work was planned and executed in my free time and then some leaked into work time I suppose. Implementation notes: - Restore the full backlog of items The annoying thing is that we record only when an item was enqueued and not the level at which it was installed, so when going back a decision level we might have to reinstall packages that were queued at an earlier decision level because they were only installed at a later decision level. - When picking one version, reject the others - Propagate conflicts up to reverse dependencies This will recursively mark every reverse dependency that can no longer be satisfied as MUSTNOT. Also make sure to recursively call Reject(Ver) from Reject(Pkg) to make sure we trigger the Rejections there. This means we now end up having Recursion in the algorithm. An alternative approach would be to push *reject* items to the heap and then do them, but this is not entirely straight forward and it may simply not be necessary. - Sort upgrades before other optional installs containing subsets If I want to upgrade a package A, I schedule A3|A2|A1; if another thing depends specifically on A1; we'd not be installed. Hence we need to sort upgrades first. This only is needed for optional packages; manual packages will figure this out naturally. - Rescoring is lazily implemented. Instead of calling make_heap() after rescoring items, we just mark the items as dirty and reinsert them. We also only rescore from the main solve loop, Reject() marks the heap as needing a rescore due to a Conflict (as some versions will no longer be installable), and RescoreWorkIfNeeded() then will do the rescoring. - Recursive unit propagation: Install() and Reject() recursively call each other to promote decisions across single-version dependencies (or across not-anymore satisfiable reverse-depends). - Make Reason constructors explicit, this enhances readability This makes calls like the one in here be Reject(object, Reason(otherObject)) Ensuring that it's clear that the 2nd argument is a reason at the caller side. - Split Decision into Decision and Hint vs. first draft When branching/deciding, we do not want to override SHOULD and MAY. We do not actually use them yet, and we do actually clean them when backtracking, but let's at least keep the data structure correct. Convert the enum to a 16-bit integer so we can still fit in the same space as before.
* Merge branch 'ui-2.9.2' into 'main'Julian Andres Klode2024-04-221-0/+3
|\ | | | | | | | | UI changes for 2.9.2 See merge request apt-team/apt!343
| * show: Highlight field names and colorize package nameJulian Andres Klode2024-04-191-0/+2
| | | | | | | | We should pass this properly to the TagSection.write()
| * apt update: Show upgradable package count in boldJulian Andres Klode2024-04-191-0/+1
| |
* | Add an --audit option to switch on audit loggingJulian Andres Klode2024-04-191-0/+1
|/ | | | | This option is recommended to be used by repository operators for testing.
* Show space estimate for /boot, if separate; or estimate initrd for /usrJulian Andres Klode2024-04-131-0/+3
| | | | | | | | | Calculate an estimate of 110% of the biggest initrd + system.map as the additional space a kernel needs in /boot. If /boot is a different file system than /usr, print the size of the kernels + the additional space they will need separately; otherwise include it in our /usr figure.
* apt: Introduce the new terse apt output format 3.0Julian Andres Klode2024-04-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The key talking points here are: 1. Instead of long sentences, we use short concise messages, e.g. "The following NEW packages will be installed" becomes "Installing". 2. Dependencies are only listed once. We removed the "The following additional packages will be installed" section in favor of splitting up the "Installing" section into "Installing" and "Installing dependencies" (like dnf) 3. The order of the output is different: 1. Packages to be installed manually 2. Packages to be installed automatically 4. Weak dependencies of new packages not installed 3. Packages to be upgraded 4. Packages to be downgraded 5. Packages that have been kept back / are on hold 6. Removals 7. Essential removals i.e. we logically show you the action that is being done, followed by lists related to the action. 4. As requested by popey, we have colorful UI, with green for packages being installed and red for packages being removed. Caveats: - The list of recommends and suggests has not been updated yet, it should move to after the packages being installed (as they are what triggers them) This also introduces output format versioning, configured by the APT::Output-Format option. The default value is 0, except for the apt(8) binary where it is 30 - which enables the new style.
* OpProgress: Erase lines when doneJulian Andres Klode2024-04-121-0/+1
| | | | | | | | | | | It's interesting to the user to see the progress when it happens, but arguably once it's done it is just visual clutter, so let's not write newlines, and when we are done, instead of appending "Done", let's just empty the line. This requires some effort to keep apt-cdrom happy which just writes lines to stdout itself. Bad apt-cdrom. Maybe there is a better fix for it, but this gets us going.
* Columnar output for package lists similar to 'ls'Christian Blichmann2024-04-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change makes it a bit easier to quickly grasp the changes about to be performed by apt. It displays package lists in a columnar format by default, similar to what `ls` produces for files. A new long option `--no-list-columns` and an associated `APT::Get::List-Columns` config setting control the behavior. Usage example, with 60 column wide terminal: ``` $ sudo apt upgrade | Reading package lists... Done | Building dependency tree... Done | Reading state information... Done | Calculating upgrade... Done | The following packages were automatically installed and are | no longer required: | libappindicator1 libindicator7 | libdbusmenu-gtk4 linux-image-5.14.0-4-amd64 | Use 'sudo apt autoremove' to remove them. | The following packages have been kept back: | criu linux-headers-amd64 nvidia-settings | libxnvctrl0 nvidia-modprobe xwayland | 0 upgraded, 0 newly installed, 0 to remove and 6 not upgrade| d. | ``` The effect becomes more pronounced with more packages (e.g. when doing a dist-upgrade).
* Implement gpgv --assert-pubkey-algo=>=rsa2048,ed25519,ed448Julian Andres Klode2024-02-281-0/+1
| | | | | | | | | | | | The assertion can be overriden using apt::key::assert-pubkey-algo, the default is the most opinionated one. This will inform the user during apt-cdrom add as we do not pass --quiet to user, so adjust test case. Add a simple test case for it to test-method-gpgv. LP: #2055193
* Configure the amount of kernels to keepWesley Schwengle2024-01-241-0/+1
| | | | | | | | | | | | | | | | | | | | | This commit introduces the following configuration for keeping a configurable amount of kernels: APT::NeverAutoRemove::KernelCount The logic dictates that the running kernel and the latest kernel are not autoremoved. In case the running kernel is the latest kernel, the previous kernel is kept. Any count lower than two is therefore disregarded. This is in line with the previous behavior. The default is therefore similar to: APT::NeverAutoRemove::KernelCount 2; This will be ignored and we will still keep two: APT::NeverAutoRemove::KernelCount 1; This will keep 3 kernels (including the runnig, and most recent) APT::NeverAutoRemove::KernelCount 3; Signed-off-by: Wesley Schwengle <wesleys@opperschaap.net>
* Have Grp.FindPreferredPkg return very foreign pkgs as last resortDavid Kalnischkies2023-12-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Usually this method will return the package in the most preferred architecture (e.g. native) as that is usually what the user talks about and also information wise for our internal usage the most dense. Early on in parsing Packages files through it can happen that we encounter stanzas about packages in architectures we are not even configured to know about – we have to collect them anyhow as we might be requested to show info about them or they could be in the status file and we can't ignore stanzas in the status file… trouble is that this method used to not return anything if only such an architecture was present if we later discover other architectures which causes Provides and Conflicts which are added lazily on discovery of an architecture to not be added correctly. The result is like in the testcase that apt could be instructed to install a package without respecting its negative dependencies, which is bad even if its discovered by dpkg and refused. It does only happen with unknown architectures through which mostly happens if you are unlucky (amd64 users tend to be very lucky as that sorts early) and use flat-style repositories containing multiple architectures. Reported-By: Tianyu Chen (billchenchina) on IRC
* update: Add notice about missing Signed-By in deb822 sourcesJulian Andres Klode2023-06-271-0/+1
| | | | | | | We want to gently steer users towards having Signed-By for each source such that we can retire a shared keyring across sources which improves resilience against configuration issues and incompetent malicious actors.
* Seed snapshot servers for well-known hostsJulian Andres Klode2023-05-241-0/+1
| | | | | This will attempt to fallback to a per-server setting if we could not determine a value from the release file.
* Initial support for snapshot servers, apt --snapshot optionJulian Andres Klode2023-05-021-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Provide snapshot support for offical Debian and Ubuntu archives. There are two ways to enable snapshots for sources: 1. Add Snapshot: yes to your sources file ([snapshot=yes]). This will allow you to specify a snapshot to use when updating or installing using the --snapshot,-S option. 2. Add Snapshot: ID to your sources files to request a specific snapshot for this source. Snapshots are discovered using Label and Origin fields in the Release file of the main source, hence you need to have updated the source at least once before you can use snapshots. The Release file may also declare a snapshots server to use, similar to Changelogs, it can contain a Snapshots field with the values: 1. `Snapshots: https://example.com/@SNAPSHOTID@` where `@SNAPSHOTID@` is a placeholder that is replaced with the requested snapshot id 2. `Snapshots: no` to disable snapshot support for this source. Requesting snapshots for this source will result in a failure to load the source. The implementation adds a SHADOWED option to deb source entries, and marks the main entry as SHADOWED when a snapshot has been requested, which will cause it to be updated, but not included in the generated cache. The concern here was that we need to keep generating the shadowed entries because the cleanup in `apt update` deletes any files not queued for download, so we gotta keep downloading the main source. This design is not entirely optimal, but avoids the pitfalls of having to reimplement list cleanup. Gaps: - Ubuntu Pro repositories and PPAs are not yet supported.
* Add apt install,upgrade,... -U,--update optionsJulian Andres Klode2023-05-021-1/+1
| | | | | This runs update before opening the cache and sources.list for installing/upgrading.
* Suggest using non-free-firmware in update for DebianDavid Kalnischkies2023-02-041-1/+5
| | | | | | | | | | | | | | | | | | | In an ideal world everyone would read release notes, but if the last sources.list change is any indication a lot of people wont. This is even more a problem in so far as apt isn't producing errors for invalid repositories, but instead carries on as normal even through it will not be able to install upgrades for the moved packages. This commit implements two scenarios and prints a notice in those cases pointing to the release notes: a) User has 'non-free' but not 'non-free-firmware' b) User has a firmware package which isn't available from anywhere Both only happen if we are talking about a repository which identifies itself as one of Debian and is for a release codenamed bookworm (or sid). Note that as (usually) apt/oldstable is used to upgrade to the new stable release these suggestions only show for users after they have upgraded to bookworm on apt command line usage after that.
* Add non-free-firmware component in documentationDavid Kalnischkies2023-01-301-0/+7
| | | | | | This changes a lot of lines technically, but its easy enough to unfuzzy the translations as most of the mentions are examples to be copied literally in translations (sadly po4a isn't clever enough for this).
* Add flag to disable upgrade by source and test caseJulian Andres Klode2022-07-241-0/+1
|
* (Temporarily) Rewrite phased updates using a keep-back approachJulian Andres Klode2022-06-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This is a lot closer to the original implementation in update-manager, but still has a couple of differences that might cause bugs: - When checking whether a version is a security update, we only check versions in between and not any later version. This happens mostly because we do not know the suite, so we just check if there is any version between the installed version and our target that is a security update - We only keep already installed packages, as we run before the resolver. update-manager first runs the resolver, and then marks for keep all packages that were upgraded or newly installed that are phasing (afaict). This approach has a significant caveat that if you have version 1 installed from a release pocket, version 2 is in security, and version 3 is phasing in updates, that it installs version 3 rather than 2 from security as the policy based implementation does. It also means that apt install does not respect phasing and would always install version 3 in such a scenario. LP: #1979244
* Do not remove Essential/Protected due to dependenciesJulian Andres Klode2021-11-171-0/+1
| | | | | | | | Suggesting the removal of Essential and Protected packages as a solution leads to situations where YouTubers end up removing their desktop. Let's not remove such packages ourselves.
* Merge branch 'pu/ifrange' into 'main'Julian Andres Klode2021-10-181-3/+4
|\ | | | | | | | | Add AllowRange option to disable HTTP Range usage See merge request apt-team/apt!188
| * Add AllowRange option to disable HTTP Range usageDavid Kalnischkies2021-09-161-3/+4
| | | | | | | | | | | | | | | | apt makes heavy usage of HTTP1.1 features including Range and If-Range. Sadly it is not obvious if the involved server(s) (and proxies) actually support them all. The Acquire::http::AllowRange option defaults to true as before, but now a user can disable Range usage if it is known that the involved server is not dealing with such requests correctly.
* | Streamline access to barbarian architecture functionalityDavid Kalnischkies2021-09-041-0/+1
|/ | | | | | | | | | | | | | | | | | | | | | APT is not the place this information should be stored at, but it is a good place to experiment and see what will be (not) needed in the future for a proper implementation higher up the stack. This is why "BarbarianArchitectures" is chosen instead of a more neutral and/or sensible "VeryForeign" and isn't readily exported in the API to other clients for this PoC as a to be drawn up standard will likely require potentially incompatible changes. Having a then outdated and slightly different implementation block a "good" name would be bad. The functionality itself mostly exists (ignoring bugs) since the introduction of MultiArch as we always had the risk of encountering packages of architectures not known to dpkg (forced onto the system, potentially before MultiArch) we had to deal with somehow and other edge cases. All this commit really does is allowing what could previously only be achieved with editing sources.list and some conf options via a single config option: -o APT::BarbarianArchitectures=foo,bar
* Add support for a maximum delay and testing of delayJulian Andres Klode2021-07-281-1/+4
| | | | | | This is very basic support on the testing side, we just test the debug output but not how long it actually took. Would be nice to check time really.
* Implement exponential delay between retriesJulian Andres Klode2021-07-281-1/+3
| | | | | | | Add a new Item field called FetchAfter, which determines the earliest time the item should be fetched at. Adjust insertion into queue to take it into account alongside priority, and only fill pipelines with items that are ready.
* Remove inversed comment for AllowUnsizedPackagesJulian Andres Klode2021-04-131-1/+1
| | | | It defaults to false, like the other options there do.
* Error on packages without a Size field (option Acquire::AllowUnsizedPackages)Julian Andres Klode2021-04-131-0/+1
| | | | | | | | | Repositories without Size information for packages are not proper and need fixing. This ensures people see an error in CI, and get notifications and hence the ability to fix it. It can be turned off by setting Acquire::AllowUnsizedPackages to true.