| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This reverts commit 86e6eace1d50527b5a2396290acd1db819b13e26, reversing
changes made to 6e43eef9ca8250eb561f2c9af2f4890d674f3911.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Usually this method will return the package in the most preferred
architecture (e.g. native) as that is usually what the user talks about
and also information wise for our internal usage the most dense.
Early on in parsing Packages files through it can happen that we
encounter stanzas about packages in architectures we are not even
configured to know about – we have to collect them anyhow as we might be
requested to show info about them or they could be in the status file
and we can't ignore stanzas in the status file… trouble is that this
method used to not return anything if only such an architecture was
present if we later discover other architectures which causes Provides
and Conflicts which are added lazily on discovery of an architecture
to not be added correctly.
The result is like in the testcase that apt could be instructed to
install a package without respecting its negative dependencies, which is
bad even if its discovered by dpkg and refused. It does only happen with
unknown architectures through which mostly happens if you are unlucky
(amd64 users tend to be very lucky as that sorts early) and use
flat-style repositories containing multiple architectures.
Reported-By: Tianyu Chen (billchenchina) on IRC
|
| | |
|
| |\
| |
| |
| |
| | |
Update fr.po (add a missing dot)
See merge request apt-team/apt!306
|
| | | |
|
| | |
| |
| |
| | |
Thanks: jwilk for suggestion
|
| | |
| |
| |
| | |
Translation template reordering carnage :D
|
| | |
| |
| |
| | |
Closes: #1051731
|
| | | |
|
| | | |
|
| | | |
|
| |/
|
|
| |
Closes: #1051723
|
| | |
|
| |
|
|
|
|
|
| |
While we are at it fix the mislabeling as (5) in some places and
unfuzzy the translations.
Reported-By: Enrico Zini on IRC
|
| |
|
|
| |
Closes: #1033904
|
| | |
|
| | |
|
| |\
| |
| |
| |
| | |
update: Add notice about missing Signed-By in deb822 sources
See merge request apt-team/apt!298
|
| | |
| |
| |
| |
| |
| |
| | |
We want to gently steer users towards having Signed-By for each
source such that we can retire a shared keyring across sources
which improves resilience against configuration issues and
incompetent malicious actors.
|
| |/ |
|
| | |
|
| |
|
|
|
| |
This will attempt to fallback to a per-server setting if we could
not determine a value from the release file.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide snapshot support for offical Debian and Ubuntu archives.
There are two ways to enable snapshots for sources:
1. Add Snapshot: yes to your sources file ([snapshot=yes]). This
will allow you to specify a snapshot to use when updating or
installing using the --snapshot,-S option.
2. Add Snapshot: ID to your sources files to request a specific
snapshot for this source.
Snapshots are discovered using Label and Origin fields in the Release
file of the main source, hence you need to have updated the source at
least once before you can use snapshots.
The Release file may also declare a snapshots server to use, similar
to Changelogs, it can contain a Snapshots field with the values:
1. `Snapshots: https://example.com/@SNAPSHOTID@` where `@SNAPSHOTID@`
is a placeholder that is replaced with the requested snapshot id
2. `Snapshots: no` to disable snapshot support for this source.
Requesting snapshots for this source will result in a failure
to load the source.
The implementation adds a SHADOWED option to deb source entries,
and marks the main entry as SHADOWED when a snapshot has been
requested, which will cause it to be updated, but not included
in the generated cache.
The concern here was that we need to keep generating the shadowed
entries because the cleanup in `apt update` deletes any files not
queued for download, so we gotta keep downloading the main source.
This design is not entirely optimal, but avoids the pitfalls of
having to reimplement list cleanup.
Gaps:
- Ubuntu Pro repositories and PPAs are not yet supported.
|
| |
|
|
|
| |
This runs update before opening the cache and sources.list for
installing/upgrading.
|
| | |
|
| | |
|
| |\
| |
| |
| |
| | |
Support transition to new non-free-firmware component
See merge request apt-team/apt!282
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In an ideal world everyone would read release notes, but if the last
sources.list change is any indication a lot of people wont. This is
even more a problem in so far as apt isn't producing errors for
invalid repositories, but instead carries on as normal even through it
will not be able to install upgrades for the moved packages.
This commit implements two scenarios and prints a notice in those cases
pointing to the release notes:
a) User has 'non-free' but not 'non-free-firmware'
b) User has a firmware package which isn't available from anywhere
Both only happen if we are talking about a repository which identifies
itself as one of Debian and is for a release codenamed bookworm (or
sid). Note that as (usually) apt/oldstable is used to upgrade to the
new stable release these suggestions only show for users after they
have upgraded to bookworm on apt command line usage after that.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
This changes a lot of lines technically, but its easy enough to unfuzzy
the translations as most of the mentions are examples to be copied
literally in translations (sadly po4a isn't clever enough for this).
|
| |/ |
|
| |
|
|
|
| |
since --no-allow-insecure-repositories is the default.
Signed-off-by: MichaIng <micha@dietpi.com>
|
| | |
|
| |
|
|
| |
They have been since 1.9.9, lol
|
| |
|
|
|
|
|
|
| |
This is the correct behavior, but it was overlooked when aptitude
patterns where ported. I remember wondering about this, but I checked
the aptitude code and saw a check that CurrentVer != 0 or something
and then apparently did not notice another implementation for version
matching.
|
| |\
| |
| |
| |
| | |
Do not document path to be repeatable in apt-ftparchive cmds
See merge request apt-team/apt!267
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The manpage for apt-ftparchive {packages,sources} claims that the
path argument can be repeated, but that logically conflicts with having
two optional arguments after that and isn't implemented in code either,
so we just adapt the documentation to reality here.
So, since when is this documentation wrong? The manpage is currently
written in xml (since 2004), but the sgml before that had the same
mistake included all the way back to a time in which time itself is not
stable (the commit is dated in git 2004, but the commit message
says 2001 while including a d/changelog stanza dated 2000) in
my favorite commit "Join with aliencode" which brought in a whole lot
of stuff adding also (quoting said d/changelog entry) "apt-ftparchive
the all dancing all singing FTP archive maintenance program".
In other words: It was documented this way for more than 22 years.
Reported-By: Michael Tokarev on IRC
|
| |/
|
|
| |
Closes: #1023456, #1025843
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The documentation currently does not specify whether `apt-get download`
verifies the authenticity of downloaded packages or not. The underlying
code does verify the authenticity of packages as usual and would fail if
the package signature is invalid. Therefore it makes sense to make this
guarantee explicit in the documentation, because without it
security-conscious users will likely want to recheck the signatures or
checksums manually which is not necessary in this case and just wastes
time.
|
| | |
|
| | |
|
| | |
|
