| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
| |
As long as we are running dpkg, keep an inhibitor that
blocks us from sleeping.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Architecture variants are children of an architecture that share
the same ABI but are optimized for different ISA levels. They
are available in Ubuntu 25.10 and newer, and not supported in
Debian or other distributions.
A deb built for a variant contains the Architecture-Variant field,
and the Architecture field points to the baseline, for example:
Architecture: amd64
Architecture-Variant: amd64v3
However, the apt-get indextargets command reports the variant in the
Architecture: field, and most of the code in APT presents the variant
as the architecture.
There are two types of variants:
1. Standalone variants are recorded in the Architectures field of the
Release file as if they were a real architecture:
Architectures: amd64 amd64v3
Standalone architecture variants only fetch the standalone
architecture variant's Packages file. To do this, this patch
changes the code such that the variants indextargets "supplant"
the base targets.
This may have complicated outcomes on the apt-get indextargets
command.
2. Other variants can only be identified by their files being recorded
with hashes in the Release file.
APT fetches both the base architecture's as well as the variant's
Packages file.
Variants are configured in the
APT::Architecture-Variants
list.
Image builders may want to build specific variant images using
APT::Architecture-Variants { "amd64v3"; }
But this commit also implements an automatic discovery mechanism
using the varianttable and /proc/cpuinfo.
APT::Architecture-Variants "auto";
|
| |
|
|
|
|
| |
The --cli-version argument can be used to request a specific
CLI version. The default CLI version is the APT version for apt(8)
and 0 for the other apt-get tools.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use close_range() if we have it in preference to iterating
over /proc/self/fd and falling back to closing all possible
fds.
This builds sets of ranges to close that take into account
the APT::Keep-Fds vector, and a test case is provided to
ensure correctness of the splitting logic.
Preference is given to close_range() over /proc as in the
optimal case, this results in a single system call!
|
| |
|
|
|
|
|
|
|
|
| |
This can provide useful additional context.
To avoid updating the whole test suite for it, introduce a new
option `quiet::NoSolver3Explanation` and set it by default. All
the other tests that assert output will already have matching
tests for --solver 3.0 with the correct messages asserted, it
makes no sense to duplicate them.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Always run the 3.0 solver after the internal solver. If the internal
solver failed, and the 3.0 solver did not, use the 3.0 result.
If 3.0 solver failed or produced a worse result than the internal
solver, write an apport crash dump.
We exclude situations which we now the solver can't handle, i.e.
removals are forbidden and you requested removals, and stuff like
that.
|
| |
|
|
|
| |
A SAT solver can run more or less forever, but that's not a good
user experience.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If a dependency can be satisfied by all versions of a package,
add the package to the clause instead of the version object.
This works only if there are no providers for the package: Providers
are quite hard to enumerate over and make sure that all versions of
a package satisfy the provider dependency.
Implement arbitrary selection between packages and versions for
the CompareProviders class: We pick the best version for each package
and then pit them against each other.
|
| |
|
|
| |
References: fd3684cdbc165ceaa635ed19fcbd231f509b0179
|
| |
|
|
|
|
|
|
|
| |
They were implemented to help a tiny bit in notifying users even if they
didn't read the Release notes (or didn't realize it would apply to them)
that they likely have to change their sources.list entries, but that
transition is now over for a while, so everyone who should have seen it
has hopefully reacted to it and so all this code now does is waste
space, time and idly waiting for false positives.
|
| |
|
|
|
|
|
| |
While the ftp.debian.org URLs are still functional in Debian, they
can confuse people as the protocol is mismatched. Using the
deb.debian.org frontend should also generally give generally good
performance regardless of the client location.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Automatically show the output of `show`, `policy`, `list`,
`search`, `showsrc` in a pager.
The pager setup is inspired by git's pager setup. Notably,
the pager is found using APT_PAGER and PAGER variables.
We wait for the pager to be setup somewhat correctly by
using a notify pipe to figure out whether execvp() was
succesful - then the pipe will read EOF as the other end
got closed by CLOEXEC during exec - or not, then the pipe
will contain an errno.
We set up the correct handlers for signals and exit to close
the fds and wait for the pager. Notably inside the signal
handler we cannot flush our streams, only close them, so
there is some duplication.
We call the InitOutputPager() function from inside the
various Do...() functions rather than setting it up
generally in InitOutput(). Doing so allows us to first
render the progress without a pager, and then setup
the pager for the content only which improves user
experience.
When we setup a pager we also take care to disable
standard input, as we should not be prompting users
while a pager is running (the pager will be reading
from the tty directly). We do this by dup2-ing() a
/dev/null over it; if we just close()d the fd, another
open() might reuse the fd number and problems could
occur.
|
| |\
| |
| |
| |
| | |
Support uncompressed indexes from partial file:/ mirrors
See merge request apt-team/apt!235
|
| | |
| |
| |
| |
| |
| |
| |
| | |
It is a bit unfair for third-party methods wrapping e.g. http to not
have access to such tools, same for our old ftp and e.g. our tor even
if in practice this isn't used much even for http.
At least that is one less FIXME in the code.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous version allowed only foo::*::bar as a pattern, now you can
have as many starred parts as you want allowing for a finer control
instead of hardcoding specific common star-values or giving up with **.
It also adds a new INVALID type for an option to mark options which
should not be used, but are covered by a pattern which would normally
allow it.
Our tests are more or less the only users of this hidden feature making
this change not very risky even through it has no dedicated test itself.
|
| |/
|
|
|
|
|
|
|
|
|
| |
CMake 3.31 is very noisy about our manpage (and to a lesser extend
documentation in general) building as we used "//" and "/../" there.
`cmake --help-policy CMP0177` documents the warning, so we could just
decide on a value and deal with it, but given our usage is not really
needed and rather trivial to change lets not pick a value and instead
use a normalized path so we don't use different code paths in CMake
depending on which CMake version we happen to be build with.
|
| |
|
|
| |
Suggested-by: mhoye on IRC
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some mirrors like snapshot.debian.org apply strict http rate limits.
While apt already has an exponential backoff mechanism implemented, this
is not sufficient due to the following reasons:
1. all retries happen roughly at the same time
2. the retry-after information from the server is not used
We fix this by improving the algorithm: First, if present, the timestamp
or duration of the Retry-After header is added to the exponential
backoff, optimizing for success-on-second-try. Second, a random delay is
added (delay += [0, delay]) to distribute the retries to not immediately
run into the limit again. To avoid super-long delays, this is capped by
the configured maximum delay. This logic only becomes active if the
option Acquire::Retries::HandleRetryAfter is enabled.
Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Algorithms not in the next level give a warning, algorithms
in not in the future level introduce an audit message for
the --audit flag.
next: >=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512
future: >=rsa3072,ed25519,ed448
LP: #2073126
|
| |
|
|
|
|
| |
This is mostly going to be useful for the test suite for now,
implement a function there to set it up so we can use it to
improve test suite correctness.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a simple backtracking brute-force solver with heurisitcs,
this initial version has the following known gaps:
- Errors are not kept from branches, the error reporting after
backtracking isn't particularly useful.
- We cannot show automatically removed packages
- We cannot replace packages with others
- We do not have conflict-driven clause learning yet
Untested:
- Multi-arch
This solver is fundamentally different in key aspects:
- It solves smaller dependency groups before larger ones, leading
us to avoid installing A in A|B if B is installed more often and
more consistently.
- It only keeps the automatic packages reachable via the strongest
path. Currently it only implements autoremoval, but not display
of autoremoval as we simply enqueue all automatically installed
packages at the end when not doing automatic removal.
This will need some translation where we Solve() first, and then
Solve() again with the automatically installed packages added such
that we can mark them as Garbage for display purposes.
- It does not remove manually installed packages.
Hook the solver in via the EDSP framework, this allows us to achieve
easy initial integration without lots of issues.
A lot of this work was planned and executed in my free time and then
some leaked into work time I suppose.
Implementation notes:
- Restore the full backlog of items
The annoying thing is that we record only when an item was enqueued
and not the level at which it was installed, so when going back a
decision level we might have to reinstall packages that were queued
at an earlier decision level because they were only installed at a
later decision level.
- When picking one version, reject the others
- Propagate conflicts up to reverse dependencies
This will recursively mark every reverse dependency that can
no longer be satisfied as MUSTNOT.
Also make sure to recursively call Reject(Ver) from Reject(Pkg)
to make sure we trigger the Rejections there.
This means we now end up having Recursion in the algorithm. An
alternative approach would be to push *reject* items to the heap
and then do them, but this is not entirely straight forward and
it may simply not be necessary.
- Sort upgrades before other optional installs containing subsets
If I want to upgrade a package A, I schedule A3|A2|A1; if another
thing depends specifically on A1; we'd not be installed. Hence we
need to sort upgrades first.
This only is needed for optional packages; manual packages will
figure this out naturally.
- Rescoring is lazily implemented. Instead of calling make_heap()
after rescoring items, we just mark the items as dirty and reinsert
them. We also only rescore from the main solve loop, Reject() marks
the heap as needing a rescore due to a Conflict (as some versions will
no longer be installable), and RescoreWorkIfNeeded() then will do the
rescoring.
- Recursive unit propagation: Install() and Reject() recursively call
each other to promote decisions across single-version dependencies
(or across not-anymore satisfiable reverse-depends).
- Make Reason constructors explicit, this enhances readability
This makes calls like the one in here be
Reject(object, Reason(otherObject))
Ensuring that it's clear that the 2nd argument is a reason at the
caller side.
- Split Decision into Decision and Hint vs. first draft
When branching/deciding, we do not want to override SHOULD and MAY.
We do not actually use them yet, and we do actually clean them when
backtracking, but let's at least keep the data structure correct.
Convert the enum to a 16-bit integer so we can still fit in the same
space as before.
|
| |\
| |
| |
| |
| | |
UI changes for 2.9.2
See merge request apt-team/apt!343
|
| | |
| |
| |
| | |
We should pass this properly to the TagSection.write()
|
| | | |
|
| |/
|
|
|
| |
This option is recommended to be used by repository operators
for testing.
|
| |
|
|
|
|
|
|
|
| |
Calculate an estimate of 110% of the biggest initrd + system.map
as the additional space a kernel needs in /boot.
If /boot is a different file system than /usr, print the size of
the kernels + the additional space they will need separately;
otherwise include it in our /usr figure.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The key talking points here are:
1. Instead of long sentences, we use short concise messages,
e.g. "The following NEW packages will be installed" becomes
"Installing".
2. Dependencies are only listed once. We removed the
"The following additional packages will be installed" section
in favor of splitting up the "Installing" section into
"Installing" and "Installing dependencies" (like dnf)
3. The order of the output is different:
1. Packages to be installed manually
2. Packages to be installed automatically
4. Weak dependencies of new packages not installed
3. Packages to be upgraded
4. Packages to be downgraded
5. Packages that have been kept back / are on hold
6. Removals
7. Essential removals
i.e. we logically show you the action that is being
done, followed by lists related to the action.
4. As requested by popey, we have colorful UI, with green for
packages being installed and red for packages being removed.
Caveats:
- The list of recommends and suggests has not been updated yet,
it should move to after the packages being installed (as they
are what triggers them)
This also introduces output format versioning, configured by the
APT::Output-Format option. The default value is 0, except for the
apt(8) binary where it is 30 - which enables the new style.
|
| |
|
|
|
|
|
|
|
|
|
| |
It's interesting to the user to see the progress when it happens,
but arguably once it's done it is just visual clutter, so let's
not write newlines, and when we are done, instead of appending
"Done", let's just empty the line.
This requires some effort to keep apt-cdrom happy which just writes
lines to stdout itself. Bad apt-cdrom. Maybe there is a better fix
for it, but this gets us going.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes it a bit easier to quickly grasp the changes
about to be performed by apt.
It displays package lists in a columnar format by default,
similar to what `ls` produces for files.
A new long option `--no-list-columns` and an associated
`APT::Get::List-Columns` config setting control the behavior.
Usage example, with 60 column wide terminal:
```
$ sudo apt upgrade |
Reading package lists... Done |
Building dependency tree... Done |
Reading state information... Done |
Calculating upgrade... Done |
The following packages were automatically installed and are |
no longer required: |
libappindicator1 libindicator7 |
libdbusmenu-gtk4 linux-image-5.14.0-4-amd64 |
Use 'sudo apt autoremove' to remove them. |
The following packages have been kept back: |
criu linux-headers-amd64 nvidia-settings |
libxnvctrl0 nvidia-modprobe xwayland |
0 upgraded, 0 newly installed, 0 to remove and 6 not upgrade|
d. |
```
The effect becomes more pronounced with more packages (e.g. when
doing a dist-upgrade).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The assertion can be overriden using apt::key::assert-pubkey-algo,
the default is the most opinionated one.
This will inform the user during apt-cdrom add as we do not
pass --quiet to user, so adjust test case.
Add a simple test case for it to test-method-gpgv.
LP: #2055193
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit introduces the following configuration for keeping a
configurable amount of kernels: APT::NeverAutoRemove::KernelCount
The logic dictates that the running kernel and the latest kernel are not
autoremoved. In case the running kernel is the latest kernel, the
previous kernel is kept. Any count lower than two is therefore
disregarded. This is in line with the previous behavior.
The default is therefore similar to:
APT::NeverAutoRemove::KernelCount 2;
This will be ignored and we will still keep two:
APT::NeverAutoRemove::KernelCount 1;
This will keep 3 kernels (including the runnig, and most recent)
APT::NeverAutoRemove::KernelCount 3;
Signed-off-by: Wesley Schwengle <wesleys@opperschaap.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Usually this method will return the package in the most preferred
architecture (e.g. native) as that is usually what the user talks about
and also information wise for our internal usage the most dense.
Early on in parsing Packages files through it can happen that we
encounter stanzas about packages in architectures we are not even
configured to know about – we have to collect them anyhow as we might be
requested to show info about them or they could be in the status file
and we can't ignore stanzas in the status file… trouble is that this
method used to not return anything if only such an architecture was
present if we later discover other architectures which causes Provides
and Conflicts which are added lazily on discovery of an architecture
to not be added correctly.
The result is like in the testcase that apt could be instructed to
install a package without respecting its negative dependencies, which is
bad even if its discovered by dpkg and refused. It does only happen with
unknown architectures through which mostly happens if you are unlucky
(amd64 users tend to be very lucky as that sorts early) and use
flat-style repositories containing multiple architectures.
Reported-By: Tianyu Chen (billchenchina) on IRC
|
| |
|
|
|
|
|
| |
We want to gently steer users towards having Signed-By for each
source such that we can retire a shared keyring across sources
which improves resilience against configuration issues and
incompetent malicious actors.
|
| |
|
|
|
| |
This will attempt to fallback to a per-server setting if we could
not determine a value from the release file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide snapshot support for offical Debian and Ubuntu archives.
There are two ways to enable snapshots for sources:
1. Add Snapshot: yes to your sources file ([snapshot=yes]). This
will allow you to specify a snapshot to use when updating or
installing using the --snapshot,-S option.
2. Add Snapshot: ID to your sources files to request a specific
snapshot for this source.
Snapshots are discovered using Label and Origin fields in the Release
file of the main source, hence you need to have updated the source at
least once before you can use snapshots.
The Release file may also declare a snapshots server to use, similar
to Changelogs, it can contain a Snapshots field with the values:
1. `Snapshots: https://example.com/@SNAPSHOTID@` where `@SNAPSHOTID@`
is a placeholder that is replaced with the requested snapshot id
2. `Snapshots: no` to disable snapshot support for this source.
Requesting snapshots for this source will result in a failure
to load the source.
The implementation adds a SHADOWED option to deb source entries,
and marks the main entry as SHADOWED when a snapshot has been
requested, which will cause it to be updated, but not included
in the generated cache.
The concern here was that we need to keep generating the shadowed
entries because the cleanup in `apt update` deletes any files not
queued for download, so we gotta keep downloading the main source.
This design is not entirely optimal, but avoids the pitfalls of
having to reimplement list cleanup.
Gaps:
- Ubuntu Pro repositories and PPAs are not yet supported.
|
| |
|
|
|
| |
This runs update before opening the cache and sources.list for
installing/upgrading.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In an ideal world everyone would read release notes, but if the last
sources.list change is any indication a lot of people wont. This is
even more a problem in so far as apt isn't producing errors for
invalid repositories, but instead carries on as normal even through it
will not be able to install upgrades for the moved packages.
This commit implements two scenarios and prints a notice in those cases
pointing to the release notes:
a) User has 'non-free' but not 'non-free-firmware'
b) User has a firmware package which isn't available from anywhere
Both only happen if we are talking about a repository which identifies
itself as one of Debian and is for a release codenamed bookworm (or
sid). Note that as (usually) apt/oldstable is used to upgrade to the
new stable release these suggestions only show for users after they
have upgraded to bookworm on apt command line usage after that.
|
| |
|
|
|
|
| |
This changes a lot of lines technically, but its easy enough to unfuzzy
the translations as most of the mentions are examples to be copied
literally in translations (sadly po4a isn't clever enough for this).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a lot closer to the original implementation in update-manager,
but still has a couple of differences that might cause bugs:
- When checking whether a version is a security update, we only
check versions in between and not any later version. This happens
mostly because we do not know the suite, so we just check if there
is any version between the installed version and our target that
is a security update
- We only keep already installed packages, as we run before the
resolver. update-manager first runs the resolver, and then marks
for keep all packages that were upgraded or newly installed that
are phasing (afaict).
This approach has a significant caveat that if you have version 1
installed from a release pocket, version 2 is in security, and version
3 is phasing in updates, that it installs version 3 rather than 2
from security as the policy based implementation does.
It also means that apt install does not respect phasing and would
always install version 3 in such a scenario.
LP: #1979244
|
| |
|
|
|
|
|
|
| |
Suggesting the removal of Essential and Protected packages as a
solution leads to situations where YouTubers end up removing their
desktop.
Let's not remove such packages ourselves.
|
| |\
| |
| |
| |
| | |
Add AllowRange option to disable HTTP Range usage
See merge request apt-team/apt!188
|
| | |
| |
| |
| |
| |
| |
| |
| | |
apt makes heavy usage of HTTP1.1 features including Range and If-Range.
Sadly it is not obvious if the involved server(s) (and proxies) actually
support them all. The Acquire::http::AllowRange option defaults to true
as before, but now a user can disable Range usage if it is known that
the involved server is not dealing with such requests correctly.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
APT is not the place this information should be stored at, but it is a
good place to experiment and see what will be (not) needed in the future
for a proper implementation higher up the stack.
This is why "BarbarianArchitectures" is chosen instead of a more neutral
and/or sensible "VeryForeign" and isn't readily exported in the API to
other clients for this PoC as a to be drawn up standard will likely
require potentially incompatible changes. Having a then outdated and
slightly different implementation block a "good" name would be bad.
The functionality itself mostly exists (ignoring bugs) since the
introduction of MultiArch as we always had the risk of encountering
packages of architectures not known to dpkg (forced onto the system,
potentially before MultiArch) we had to deal with somehow and other
edge cases.
All this commit really does is allowing what could previously only be
achieved with editing sources.list and some conf options via a single
config option: -o APT::BarbarianArchitectures=foo,bar
|
| |
|
|
|
|
| |
This is very basic support on the testing side, we just test
the debug output but not how long it actually took. Would be
nice to check time really.
|
| |
|
|
|
|
|
| |
Add a new Item field called FetchAfter, which determines the earliest
time the item should be fetched at. Adjust insertion into queue to
take it into account alongside priority, and only fill pipelines
with items that are ready.
|
| |
|
|
| |
It defaults to false, like the other options there do.
|
| |
|
|
|
|
|
|
|
| |
Repositories without Size information for packages are not
proper and need fixing. This ensures people see an error in
CI, and get notifications and hence the ability to fix it.
It can be turned off by setting Acquire::AllowUnsizedPackages
to true.
|