summaryrefslogtreecommitdiff
path: root/test/integration
Commit message (Collapse)AuthorAgeFilesLines
* test: Workaround gpgv warningJulian Andres Klode2017-09-091-2/+2
| | | | gpgv: WARNING: This key is not suitable for signing in --compliance=gnupg mode
* Make test-bug-818628-unreadable-source work on !amd64Julian Andres Klode2017-08-241-0/+1
| | | | | It was broken because apt.conf.d was not readable, but that's where the architecture is defined...
* ftparchive: sort discovered filenames before writing indexesDavid Kalnischkies2017-08-041-0/+64
| | | | | | | | | | | | | | | | | | | If 'apt-ftparchive packages /path/to/files/' (or sources) is used the files to include in the generated index (on stdout) were included in the order in which they were discovered, which isn't a very stable order which could lead to indexes changing without actually changing content causing needless changes in the repository changing hashsums, pdiffs, rsyncs, downloads, …. This does not effect apt-ftparchive calls which already have an order defined via a filelist (like generate) which will still print in the order given by the filelist. Note that a similar effect can be achieved by post-processing index files with apt-sortpkgs. Closes: 869557 Thanks: Chris Lamb for initial patch & Stefan Lippers-Hollmann for testing
* suggest using auth.conf for sources with passwordsDavid Kalnischkies2017-07-262-1/+19
| | | | | | | | The feature exists for a long while even if we get around to document it properly only now, so we should push for its adoption a bit to avoid the problems its supposed to solve like avoiding usage of non-world readable configuration files as they can cause strange behaviour for the unsuspecting user (like different solutions as root and non-root).
* show a warning for Debian shutting down FTP servicesDavid Kalnischkies2017-07-261-0/+31
| | | | | | | | | | | | We detect the effected sources by matching Release info – that has potential by-catch of repositories which have incorrect field values, but those are better fixed now anyhow. The bigger incorrectness is that this message will not only be printed for the Debian services itself but also for all mirrors not under Debian control but serving Debian like more local/private mirrors which will not (directly) shutdown. It is likely through that many of them will follow suite with less visible announcements or break downright if their upstream source disappears, so having false-positives here seems benefitial for the user in the end.
* lookup login info for proxies in auth.confDavid Kalnischkies2017-07-261-1/+3
| | | | | | | On HTTP Connect we since recently look into the auth.conf file for login information, so we should really look for all proxies into the file as the argument is the same as for sources entries and it is easier to document (especially as the manpage already mentions it as supported).
* reimplement and document auth.confDavid Kalnischkies2017-07-261-0/+1
| | | | | | | | | | | | | | | | | | We have support for an netrc-like auth.conf file since 0.7.25 (closing 518473), but it was never documented in apt that it even exists and netrc seems to have fallen out of usage as a manpage for it no longer exists making the feature even more arcane. On top of that the code was a bit of a mess (as it is written in c-style) and as a result the matching of machine tokens to URIs also a bit strange by checking for less specific matches (= without path) first. We now do a single pass over the stanzas. In practice early adopters of the undocumented implementation will not really notice the differences and the 'new' behaviour is simpler to document and more usual for an apt user. Closes: #811181
* show warnings instead of errors if files are unreadableDavid Kalnischkies2017-07-261-28/+35
| | | | | | | | | | We used to fail on unreadable config/preferences/sources files, but at least for sources we didn't in the past and it seems harsh to refuse to work because of a single file, especially as the error messages are inconsistent and end up being silly (like suggesting to run apt update to fix the problem…). LP: #1701852
* use FileFd to parse all apt configuration filesDavid Kalnischkies2017-07-261-2/+2
| | | | | | Using different ways of opening files means we have different behaviour and error messages for them, so by the same for all we can have more uniformity for users and apt developers alike.
* fail early in http if server answer is too small as wellDavid Kalnischkies2017-07-269-58/+61
| | | | | | | | | Failing on too much data is good, but we can do better by checking for exact filesizes as we know with hashsums how large a file should be, so if we get a file which has a size we do not expect we can drop it directly, regardless of if the file is larger or smaller than what we expect which should catch most cases which would end up as hashsum errors later now a lot sooner.
* fail earlier if server answers with too much dataDavid Kalnischkies2017-07-262-10/+8
| | | | | | | | | We tend to operate on rather large static files, which means we usually get Content-Length information from the server. If we combine this information with the filesize we are expecting (factoring in pipelining) we can avoid reading a bunch of data we are ending up rejecting anyhow by just closing the connection saving bandwidth and time both for the server as well as the client.
* don't try to parse all fields starting with HTTP as status-lineDavid Kalnischkies2017-07-261-0/+2
| | | | | It is highly unlikely to encounter fields which start with HTTP in practice, but we should really be a bit more restrictive here.
* don't move failed pdiff indexes out of partialDavid Kalnischkies2017-07-261-0/+30
| | | | | | | | | | | | | | | | | | | | | The comment says this is intended, but looking at the history reveals that the comment comes from a different era. Nowadays we don't really need it anymore (and even back then it was disputeable) as we haven't used that file for our update in the end and nothing really needs this file after the update. Triggered is this by 188f297a2af4c15cb1d502360d1e478644b5b810 which moves various error conditions forward including this code expecting the file to exist – but it doesn't need to as download could have failed. We could fix that by simple checking if the file exists and only stage it if it does, but instead we don't stage it and instead even rename it out of the way with our conventional FAILED name (if it exists). That restores support for partial mirrors (= in this case mirrors which don't ship pdiff files). Note that apt heals itself even if only such a mirror is used as the update is successful even if that error is shown. Closes: 869425
* Handle supported components with slashes in sources.listApollon Oikonomopoulos2017-07-121-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | Commit d7c92411dc1f4c6be098d1425f9c1c075e0c2154 parses the Components section of (In)Release and attempts to detect the distribution's supported components. While doing so, it handles component names with slashes in a special manner, assuming that the actual component is only the part after the final slash. This is done to handle security.debian.org, which usually appears in sources.list as follows: deb http://s.d.o/debian-security stretch/updates main contrib non-free while the actual release file has: Codename: stretch Components: updates/main updates/contrib updates/non-free While this special handing on APTs part indeed works for debian-security, it emits spurious warnings on repositories that actually use slashes in the component names *and* appear so in sources.list. We fix this by adding both component versions (whole and final part) to the SupportedComponents array. Closes: #868127
* Ignore download order in test-apt-update-failure-propagationJulian Andres Klode2017-07-011-17/+2
| | | | This caused spurious test failures.
* Switch to 'http' as the default https methodJulian Andres Klode2017-06-301-1/+1
| | | | | The old curl based method is still available as 'curl', 'curl+http', and 'curl+https'.
* Reset failure reason when connection was successfulJulian Andres Klode2017-06-301-1/+1
| | | | | | | | | | | | When APT was trying multiple addresses, any later error somewhere else would be reported with ConnectionRefused or ConnectionTimedOut as the FailReason because that was set by early connect attempts. This causes APT to handle the failures differently, leading to some weirdly breaking test cases (like the changed one). Add debugging to the previously failing test case so we can find out when something goes wrong there again.
* support tor+https being handled by httpDavid Kalnischkies2017-06-281-1/+8
| | | | | | The apt-transport-tor package operates via simple symlinks which can result in 'http' being called as 'tor+https', so it must pick up the right configuration pieces and trigger https support also in plus names.
* Strip 0: epochs from the version hashJulian Andres Klode2017-06-281-0/+44
| | | | | | | This should fix some issues with dpkg normalizing such values. Suprisingly enough apt treats the Version: field the same, even with epoch vs without, but not when searching, and does not strip the 0: from the output.
* show a Release-Notes URI if infos were changedDavid Kalnischkies2017-06-281-2/+5
| | | | | | | | This gives the repository owner a chance to explain why this change was needed – e.g. explaining the organisational changes or simply detailing the changes in the new release made. Note that this URI is also shown if the change is accepted, so it also draws attention to release notes of minor updates (if users watch apt output closely).
* error in update on Release information changesDavid Kalnischkies2017-06-283-13/+78
| | | | | | | | | | | The value of Origin, Label, Codename and co can be used in user configuration from apts own pinning to unattended upgrades. A repository changing this values can therefore have serious effects on the behaviour of apt and other tools using these values. In a first step we will generate error messages for these changes now explaining the need for explicit confirmation and provide config options and commandline flags to accept them.
* fail instead of warn on insecure repositories in apt-getDavid Kalnischkies2017-06-283-5/+9
| | | | | | | | | The exception was made to give (script) users a one-release grace period to adapt their setup to deal with apt enforcing signing of repositories. As we are now at the start of a new release cycle its as good a time as any to lift it now. Removes-Exception: 952ee63b0af14a534c0aca00c11d1a99be6b22b2
* Merge branch 'feature/http-https'Julian Andres Klode2017-06-282-7/+9
|\
| * Fix test suite and enable non-curl testing on travis, shippableJulian Andres Klode2017-06-281-0/+6
| | | | | | | | Gbp-Dch: ignore
| * Fix https->http redirect issuesDavid Kalnischkies2017-06-281-7/+3
| | | | | | | | Gbp-Dch: ignore
* | Skip test-apt-download-progressJulian Andres Klode2017-06-281-0/+0
|/ | | | | The test keeps failing continously on Ubuntu, so let's fix it for now.
* travis: ignore profiling warning in progress linesDavid Kalnischkies2017-06-271-2/+2
| | | | | | | | | | On Travis CI running tests with code coverage enabled sometimes generates profiling lines, which we filter out for a while now, but that misses lines generated showing progress still causing test failures, so more sed logic is added in the hopes to ignore them. Extends: 58608941e6b58a46109b7cd875716b3d8054c4bf Gbp-Dch: Ignore
* deal with 3xx httpcodes as required by HTTP/1.1 specDavid Kalnischkies2017-06-261-2/+2
| | | | | | | | | | | | | | An unknown code should be handled the same as the x00 code of this group, but for redirections we used to treat 300 (and a few others) as an error while unknown codes were considered redirections. Instead we check now explicitly for the redirection codes we support for redirecting (and add the 308 defined in RFC 7538) to avoid future problems if new 3xx codes are added expecting certain behaviours. Potentially strange would have been e.g. "305 Use Proxy" sending a Location for the proxy to use – which wouldn't have worked and resulted in an error anyhow, but probably confused users in the process.
* fail InRelease on non-404 HTTP errorcodesDavid Kalnischkies2017-06-261-0/+9
| | | | | | | | | | | | | | There are very many HTTP errorcodes which indicate that the repository isn't available at the moment or the connection has some kind of problem. Given that we do not require Release files the result was that these errors were ignored and the user presented with a message like "Repository is no longer signed" which sends the user in the wrong direction. Instead of trying to figure out which http errorcodes indicate a global problem we accept only 404 for ignoring and consider all the rest as hard errors now causing us to stop instantly after the InRelease file and print the errorcode (with short description from server) received.
* show .diff/Index properly as ignored if we fallbackDavid Kalnischkies2017-06-261-2/+2
| | | | | | | | | | Moving the code responsible for parsing the Index file from ::Done into the slightly earlier ::VerifyDone allows us to still "fail" the download if we can't make use of the Index for whatever reason, so that the progress log correctly displays "Ign" instead of "Get" for the file. This also makes quiet a few debug messages proper error messages (but those are still hidden by default for Ign lines).
* warn if an expected file can't be acquiredDavid Kalnischkies2017-06-262-2/+41
| | | | | | | | | | | | | | If we couldn't find an entry for a Sources file we would generate an error while for a Packages file we would silently skip it due to assuming it is missing because it is empty. We can do better by checking if the repository declares that it supports a component we want to get the file from and if not say so and hint at the user making a typo. An example were this helps is mozilla.debian.net which dropped the firefox-aurora component (as upstream did) meaning no upgrades until the user notices manually that the repository doesn't provide packages anymore. With this commit warnings are raised hopefully causing the user to investigate what is wrong (sooner).
* make the create-test-data script great againDavid Kalnischkies2017-06-262-19/+32
| | | | | | | | Changes in the past to the buildsystem and the testing framework broke this little helper script – lets fix those problems to restore functionality. Gbp-Dch: Ignore
* Show permission error if ProxyAutoDetect cmd can't be executedDavid Kalnischkies2017-06-262-0/+7
| | | | | | | | | | As the proxy commands are not executed as root, a user can run into permission errors (s)he isn't expecting – as our switching is an implementation detail – so the error message in that case should really be better than a generic "error code 100" sending the user in the wrong direction as that implies the command was executed, but errored out. Closes: 857885
* Call update from apt-key test for a strange path testDavid Kalnischkies2017-06-262-1/+17
| | | | | | | | | | We setup a "horrible" environment in the apt-key testcase to check all kinds of things, but we really should be making also at least a simple apt update call, as that in turn will call apt-key which is how apt-key is used in the non-testcase world, so that calling should be able to deal with such environments as well. Gbp-Dch: Ignore
* Add a few more Auto-Detect-Proxy testsDavid Kalnischkies2017-06-262-6/+31
| | | | Gbp-Dch: Ignore
* tests: fix gpg-agent killing in testcasesDavid Kalnischkies2017-06-261-1/+1
| | | | | | | We want to kill the agent if its home directory exists at that location, not if it isn't there (leaving an army of processes around). Gbp-Dch: Ignore
* Fix parsing of or groups in build-deps with ignored packagesJulian Andres Klode2017-05-311-0/+58
| | | | | | | | | | | | | | | | | | | | | | | If the last alternative(s) of an Or group is ignored, because it does not match an architecture list, we would end up keeping the or flag, effectively making the next AND an OR. For example, when parsing (on amd64): debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386] => debhelper (>= 9), libnacl-dev | Which can cause python-apt to crash. Even worse: debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386], foobar => debhelper (>= 9), libnacl-dev [amd64] | foobar By setting the previous alternatives Or flag to the current Or flag if the current alternative is ignored, we solve the issue. LP: #1694697
* Ignore AutomaticRemove conffile option in upgradeDavid Kalnischkies2017-03-191-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are in a dilemma here: The regression of sorts was introduced in 2013 with commit d8a8f9d7f0 allowing pkg modifiers for the upgrade commands. That calls the autoremover as a sideeffect through and with it comes the option to remove the garbage packages in these commands (similar to aptitude). Having the option on the commandline is no problem – people aren't going to request what they don't want (or so I hope), but the documentation explicitly states that this option only effects install/remove and mentions a config knob users might use and expect to not suddenly apply (especially without documentation) to more commands. Just reverting the commit is out of question, completely ignoring the option breaks the workflow of every user who happened to use --autoremove on the commandline for upgrade and expects that to work given that it was accepted and worked in a stable release. Changing the documentation to reflect reality while perhaps the simplest and cleanest option contradicts freeze and is a surprising change we tend to avoid like the plague while just leaving it be confuses all users who end up believing the documentation even if was different in the last 3 years. So what we do is a tricky compromise: The configuration option if read from a file does apply only for install/remove as documented, while if the option is encountered on the commandline it is accepted and applies to the upgrade which should make 99% of the users happy. The rest has to wait for us to figure out for buster how to get that documented and implemented in a saner way. Closes: #855891
* Do not package names representing .dsc/.deb/... filesJulian Andres Klode2017-02-101-7/+12
| | | | | | | | | | | | | | | | | | | | | In the case of build-dep and other commands where a file can be passed we must make sure not to normalize the path name as that can have odd side effects, or well, cause the operation to do nothing. Test for build-dep-file is adjusted to perform the vcard check once as "vcard" and once as "VCard", thus testing that this solves the reported bug. We inline the std::transform() and optimize it a bit to not write anything in the common case (package names are defined to be lowercase, the whole transformation is just for names that should not exist...) to counter the performance hit of the added find() call (it's about 0.15% more instructions than with the existing transform, but we save about 0.67% in writes...). Closes: #854794
* don't test with "too early for 32bit" yearsDavid Kalnischkies2017-02-091-1/+2
| | | | | | | | | $ uname -m i686 $ date -d '0-12-25' date: invalid date '0-12-25' Test-Regression-In: 25a14d4ccfceb2698edce01092bc6a1dbe9fb217
* test suite: Do not exit 0 in trap for QUITJulian Andres Klode2017-01-241-1/+2
| | | | | | | | | This hides errors in the test suite because it will exit with 0 here. Instead, just do exit 1 in most traps, and do just the cleanup in the QUIT hook. This fixes a regression introduced with the caching of the GPG home directory in 4ce2f35248123ff2366c8c365ad6a94945578d66.
* fix various typos reported by spellintianDavid Kalnischkies2017-01-199-10/+10
| | | | | | | | Most of them in (old) code comments. The two instances of user visible string changes the po files of the manpages are fixed up as well. Gbp-Dch: Ignore Reported-By: spellintian
* make the moo reproducibleDavid Kalnischkies2017-01-191-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | Normal cows moo every time they feel like it and it might be a "moo", "moo!" or "moo?". This is completely unacceptable behaviour in our super cow through as as a superior being it has to show its superiority over the common cows and the meager easter eggs by being fully reproducible! The second version of Chris' patch is modified to include an array of tests for this feature – which doubles as explanation for some of the moo lines by giving more exact dates – and falling back to current time if the environment is invalid + passing time around instead of having an invalid environment be an unrecoverable error (aka: Guru Meditation) as that is more inline with how apt usually behaves: The wisdom of super cow should be available to everyone, even to the most misfortune users not capable of having a valid environment variable. That makes the code slightly more ugly, so instead of requiring a young follower to produce a third version a high priest of the cult applied the finishing touches as he is used to the pain by now – and another round with the slowpoke high priest would have been a serious threat to the Debian release schedule which the cow would not approve. Closes: #848721 Signed-off-by: Super Cow Thanks: Chris Lamb for initial patch and guru meditation
* remove 'old' FAILED files in the next acquire callDavid Kalnischkies2017-01-191-0/+4
| | | | | | | | | | | | | | | If apt renames a file to .FAILED it leaves its namespace and is never touched again – expect since 1.1~exp4 in which "apt clean" will remove those files. The usefulness of these files rapidly degrades if you don't keep the update log itself (together with debug output in the best case) through and on 99% of all system they will be kept around forever just to collect dust over time and eat up space. With this commit an update call will remove all FAILED files of previous runs, so that the FAILED files you have on disk are always only the ones related to the last apt run stopping apt from hoarding files. Closes: 846476
* fix 'install --no-download' modeDavid Kalnischkies2017-01-191-1/+12
| | | | | | | The mode wasn't working at all if not used together with --fix-missing which while likely to come in pairs its legal to use standalone. Regression-in: eb1f04dda07c2b69549ad9fd793cca0e91841b3e
* don't show update stats if cache generation is disabledDavid Kalnischkies2017-01-191-0/+1
| | | | | | Unlikely that anyone is actually running into this, but if we asked to not generate a cache and avoid it in the first step we shouldn't create one implicitly anyway by displaying the statistics.
* test: use downloadfile instead of apthelper download-fileJulian Andres Klode2017-01-171-4/+4
| | | | | | | This prevents CI failures from happening in 1.3 and 1.2 and might actually be more complete. Gbp-Dch: ignore
* https: Quote path in URL before passing it to curlJulian Andres Klode2017-01-171-0/+19
| | | | | | | | | | | | | | | | | | | | | | | Curl requires URLs to be urlencoded. We are however giving it undecoded URLs. This causes it go completely nuts if there is a space in the URI, producing requests like: GET /a file HTTP/1.1 which the servers then interpret as a GET request for "/a" with HTTP version "file" or some other non-sense. This works around the issue by encoding the path component of the URL. I'm not sure if we should encode other parts of the URL as well, this one seems to do the trick for the actual issue at hand. A more correct fix is to avoid the dequoting and (re-)quoting of URLs when a redirect occurs / a new request is sent. That's been on the radar for probably a year or two now, but nobody bothered implementing that yet. LP: #1651923
* Read dpkg tables to handle architecture wildcardsJulian Andres Klode2017-01-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our implementation of wildcards was rudimentary. It worked for some common ones, but it was also broken: For example, armel matched any-armel, but should match any-arm. With this commit, we load the correct tables from dpkg. Supported are both triplets and quadruplet tables (the latter introduced in dpkg 1.18.11). There are some odd things we have to deal with in the cache filter for historical and API reasons: * The character "*" must be accepted as an alternative to any - in fact it may appear anywhere in the wildcard as we also allow fnmatch() style wildcard matching on the commandline. * The code might get passed an arch with a minus at the end, for example the cmdline "install apt:any-arm-" will first try to check if any-arm- is a valid architecture. We deal with this by rejecting any wildcard ending in a minus. * Triplets are actually implemented by extending them to faux quadruplets - by prepending a "base" component for the architecture tuple, and "any" if there is a wildcard component. Once we have constructed a wildcard, it is transformed into an fnmatch() expression for historical reasons. In the future, we should really get a tuple class and implement matching in a better, more explicit way. This does for now though - it passes all the test cases and accepts all things it should accept. Closes: #748936 Thanks: James Clarke <jrtc27@jrtc27.com> for the initial patch
* allow warning generation for non-whitelisted optionsDavid Kalnischkies2016-12-311-0/+1
| | | | | | | | | | | | | | | The idea is simple: Each¹ Find*( call starts with a call check if the given option (with the requested type) exists in the whitelist. The whitelist is specified via our configure-index file so that we have a better chance at keeping it current. the whitelist is loaded via a special (undocumented for now) configuration stanza and if none is loaded the empty whitelist will make it so that no warnings are shown. Much needs to be done still, but that is as good a time as any to take a snapshot of the current state and release it into the wild given that it found some bugs already and has no practical effect on users. ¹ not all in this iteration, but many