From 9f542bae2b3620887345ebc3e61970f8903123a0 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 11 Dec 2009 00:32:01 +0100 Subject: add config setting for User-Agent in http and https to the Acquire group, thanks Timothy J. Miller! (Closes: #355782) --- doc/apt.conf.5.xml | 7 ++++++- doc/examples/configure-index | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index e2db9defb..726bca2cc 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -275,7 +275,12 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";}; The used bandwidth can be limited with Acquire::http::Dl-Limit which accepts integer values in kilobyte. The default value is 0 which deactivates the limit and tries uses as much as possible of the bandwidth (Note that this option implicit - deactivates the download from multiple servers at the same time.) + deactivates the download from multiple servers at the same time.) + + Acquire::http::User-Agent can be used to set a different + User-Agent for the http download method as some proxies allow access for clients + only if the client uses a known identifier. + https diff --git a/doc/examples/configure-index b/doc/examples/configure-index index f5f996460..333c8df7e 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -191,6 +191,7 @@ Acquire Max-Age "86400"; // 1 Day age on index files No-Store "false"; // Prevent the cache from storing archives Dl-Limit "7"; // 7Kb/sec maximum download rate + User-Agent "Debian APT-HTTP/1.3"; }; // HTTPS method configuration: @@ -204,6 +205,8 @@ Acquire CaPath "/etc/ssl/certs"; Verify-Host" "true"; AllowRedirect "true"; + + User-Agent "Debian APT-CURL/1.0"; }; ftp -- cgit v1.2.3-70-g09d2 From b9e9a44b3377cae2fb9aca3210f379ae1cb802ba Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 11 Dec 2009 00:38:13 +0100 Subject: add https options which default to the ones from http for the https method as this is more sane than using only the http options without a possibility to override these for https. --- debian/changelog | 2 + doc/apt.conf.5.xml | 8 ++-- doc/examples/configure-index | 33 ++++++++++---- methods/https.cc | 100 +++++++++++++++++++------------------------ 4 files changed, 76 insertions(+), 67 deletions(-) (limited to 'doc') diff --git a/debian/changelog b/debian/changelog index 0cfd36c00..e930de0dd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -56,6 +56,7 @@ apt (0.7.25) UNRELEASED; urgency=low * doc/po4a.conf: activate translation of guide.sgml and offline.sgml * doc/apt.conf.5.xml: - provide a few more details about APT::Immediate-Configure + - briefly document the behaviour of the new https options * doc/sources.list.5.xml: - add note about additional apt-transport-methods * doc/apt-mark.8.xml: @@ -97,6 +98,7 @@ apt (0.7.25) UNRELEASED; urgency=low * methods/http{,s}.cc - add config setting for User-Agent to the Acquire group, thanks Timothy J. Miller! (Closes: #355782) + - add https options which default to http ones (Closes: #557085) [ Chris Leick ] * doc/ various manpages: diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index 726bca2cc..d7ad51cfb 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -284,9 +284,11 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";}; https - HTTPS URIs. Cache-control and proxy options are the same as for - http method. - Pipeline-Depth option is not supported yet. + HTTPS URIs. Cache-control, Timeout, AllowRedirect, Dl-Limit and + proxy options are the same as for http method and will also + default to the options from the http method if they are not + explicitly set for https. Pipeline-Depth option is not + supported yet. CaInfo suboption specifies place of file that holds info about trusted certificates. diff --git a/doc/examples/configure-index b/doc/examples/configure-index index 333c8df7e..ced390447 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -194,19 +194,34 @@ Acquire User-Agent "Debian APT-HTTP/1.3"; }; - // HTTPS method configuration: - // - uses the http proxy config - // - uses the http cache-control values - // - uses the http Dl-Limit values - https + + + // HTTPS method configuration: uses the http + // - proxy config + // - cache-control values + // - Dl-Limit, Timout, ... values + // if not set explicit for https + // + // see /usr/share/doc/apt/examples/apt-https-method-example.conf.gz + // for more examples + https { Verify-Peer "false"; SslCert "/etc/apt/some.pem"; - CaPath "/etc/ssl/certs"; - Verify-Host" "true"; - AllowRedirect "true"; + CaPath "/etc/ssl/certs"; + Verify-Host" "true"; + AllowRedirect "true"; + + Timeout "120"; + AllowRedirect "true"; + + // Cache Control. Note these do not work with Squid 2.0.2 + No-Cache "false"; + Max-Age "86400"; // 1 Day age on index files + No-Store "false"; // Prevent the cache from storing archives + Dl-Limit "7"; // 7Kb/sec maximum download rate - User-Agent "Debian APT-CURL/1.0"; + User-Agent "Debian APT-CURL/1.0"; }; ftp diff --git a/methods/https.cc b/methods/https.cc index a4f39c379..ed1f18150 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -1,4 +1,4 @@ -// -*- mode: cpp; mode: fold -*- +//-*- mode: cpp; mode: fold -*- // Description /*{{{*/ // $Id: http.cc,v 1.59 2004/05/08 19:42:35 mdz Exp $ /* ###################################################################### @@ -57,54 +57,38 @@ HttpsMethod::progress_callback(void *clientp, double dltotal, double dlnow, return 0; } -void HttpsMethod::SetupProxy() -{ - URI ServerName = Queue->Uri; - - // Determine the proxy setting - string SpecificProxy = _config->Find("Acquire::http::Proxy::" + ServerName.Host); - if (!SpecificProxy.empty()) - { - if (SpecificProxy == "DIRECT") - Proxy = ""; - else - Proxy = SpecificProxy; - } - else - { - string DefProxy = _config->Find("Acquire::http::Proxy"); - if (!DefProxy.empty()) - { - Proxy = DefProxy; - } - else - { - char* result = getenv("http_proxy"); - Proxy = result ? result : ""; - } - } - - // Parse no_proxy, a , separated list of domains - if (getenv("no_proxy") != 0) - { - if (CheckDomainList(ServerName.Host,getenv("no_proxy")) == true) - Proxy = ""; - } - - // Determine what host and port to use based on the proxy settings - string Host; - if (Proxy.empty() == true || Proxy.Host.empty() == true) - { - } - else - { - if (Proxy.Port != 0) - curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port); - curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str()); - } -} - - +void HttpsMethod::SetupProxy() { /*{{{*/ + URI ServerName = Queue->Uri; + + // Determine the proxy setting - try https first, fallback to http and use env at last + string UseProxy = _config->Find("Acquire::https::Proxy::" + ServerName.Host, + _config->Find("Acquire::http::Proxy::" + ServerName.Host)); + + if (UseProxy.empty() == true) + UseProxy = _config->Find("Acquire::https::Proxy", _config->Find("Acquire::http::Proxy")); + + // User want to use NO proxy, so nothing to setup + if (UseProxy == "DIRECT") + return; + + if (UseProxy.empty() == false) { + // Parse no_proxy, a comma (,) separated list of domains we don't want to use + // a proxy for so we stop right here if it is in the list + if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true) + return; + } else { + const char* result = getenv("http_proxy"); + UseProxy = result == NULL ? "" : result; + } + + // Determine what host and port to use based on the proxy settings + if (UseProxy.empty() == false) { + Proxy = UseProxy; + if (Proxy.Port != 1) + curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port); + curl_easy_setopt(curl, CURLOPT_PROXY, Proxy.Host.c_str()); + } +} /*}}}*/ // HttpsMethod::Fetch - Fetch an item /*{{{*/ // --------------------------------------------------------------------- /* This adds an item to the pipeline. We keep the pipeline at a fixed @@ -191,12 +175,15 @@ bool HttpsMethod::Fetch(FetchItem *Itm) curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version); // cache-control - if(_config->FindB("Acquire::http::No-Cache",false) == false) + if(_config->FindB("Acquire::https::No-Cache", + _config->FindB("Acquire::http::No-Cache",false)) == false) { // cache enabled - if (_config->FindB("Acquire::http::No-Store",false) == true) + if (_config->FindB("Acquire::https::No-Store", + _config->FindB("Acquire::http::No-Store",false)) == true) headers = curl_slist_append(headers,"Cache-Control: no-store"); - ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::http::Max-Age",0)); + ioprintf(ss, "Cache-Control: max-age=%u", _config->FindI("Acquire::https::Max-Age", + _config->FindI("Acquire::http::Max-Age",0))); headers = curl_slist_append(headers, ss.str().c_str()); } else { // cache disabled by user @@ -206,7 +193,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm) curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); // speed limit - int dlLimit = _config->FindI("Acquire::http::Dl-Limit",0)*1024; + int dlLimit = _config->FindI("Acquire::https::Dl-Limit", + _config->FindI("Acquire::http::Dl-Limit",0))*1024; if (dlLimit > 0) curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, dlLimit); @@ -217,14 +205,16 @@ bool HttpsMethod::Fetch(FetchItem *Itm) "Debian APT-CURL/1.0 ("VERSION")"))); // set timeout - int timeout = _config->FindI("Acquire::http::Timeout",120); + int timeout = _config->FindI("Acquire::https::Timeout", + _config->FindI("Acquire::http::Timeout",120)); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, timeout); //set really low lowspeed timeout (see #497983) curl_easy_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, DL_MIN_SPEED); curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, timeout); // set redirect options and default to 10 redirects - bool AllowRedirect = _config->FindI("Acquire::https::AllowRedirect", true); + bool AllowRedirect = _config->FindB("Acquire::https::AllowRedirect", + _config->FindB("Acquire::http::AllowRedirect",true)); curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, AllowRedirect); curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 10); -- cgit v1.2.3-70-g09d2 From ca4907db7c8ec2d409a9ca32aeb2ccb4c3cd40aa Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 11 Dec 2009 00:48:52 +0100 Subject: fix a few typos in strings, comments and manpage of apt-ftparchive thanks Karl Goetz! (Closes: #558757) --- debian/changelog | 3 +++ doc/apt-ftparchive.1.xml | 2 +- ftparchive/apt-ftparchive.cc | 4 ++-- ftparchive/cachedb.cc | 6 +++--- ftparchive/contents.cc | 2 +- ftparchive/multicompress.cc | 2 +- ftparchive/writer.cc | 2 +- 7 files changed, 12 insertions(+), 9 deletions(-) (limited to 'doc') diff --git a/debian/changelog b/debian/changelog index 7fa06e02c..af68b8ec2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -104,6 +104,9 @@ apt (0.7.25) UNRELEASED; urgency=low * debian/apt.cron.daily: - check cache size even if we do nothing else otherwise, thanks Francesco Poli for patch(s) and patience! (Closes: #459344) + * ftparchive/*: + - fix a few typos in strings, comments and manpage, + thanks Karl Goetz! (Closes: #558757) [ Chris Leick ] * doc/ various manpages: diff --git a/doc/apt-ftparchive.1.xml b/doc/apt-ftparchive.1.xml index d47df957a..fb1b10adc 100644 --- a/doc/apt-ftparchive.1.xml +++ b/doc/apt-ftparchive.1.xml @@ -285,7 +285,7 @@ Sources - Sets the output Packages file. Defaults to + Sets the output Sources file. Defaults to $(DIST)/$(SECTION)/source/Sources diff --git a/ftparchive/apt-ftparchive.cc b/ftparchive/apt-ftparchive.cc index d0dea7768..5b6b3940c 100644 --- a/ftparchive/apt-ftparchive.cc +++ b/ftparchive/apt-ftparchive.cc @@ -3,7 +3,7 @@ // $Id: apt-ftparchive.cc,v 1.8.2.3 2004/01/02 22:01:48 mdz Exp $ /* ###################################################################### - apt-scanpackages - Efficient work-alike for dpkg-scanpackages + apt-ftparchive - Efficient work-alike for dpkg-scanpackages Let contents be disabled from the conf @@ -792,7 +792,7 @@ bool Generate(CommandLine &CmdL) if (_config->FindB("APT::FTPArchive::Contents",true) == false) return true; - c1out << "Done Packages, Starting contents." << endl; + c1out << "Packages done, Starting contents." << endl; // Sort the contents file list by date string ArchiveDir = Setup.FindDir("Dir::ArchiveDir"); diff --git a/ftparchive/cachedb.cc b/ftparchive/cachedb.cc index dfda827b6..e02f0e1b6 100644 --- a/ftparchive/cachedb.cc +++ b/ftparchive/cachedb.cc @@ -69,7 +69,7 @@ bool CacheDB::ReadyDB(string DB) // apt 0.6.44 if (err == EINVAL) { - _error->Error(_("DB format is invalid. If you upgraded from a older version of apt, please remove and re-create the database.")); + _error->Error(_("DB format is invalid. If you upgraded from an older version of apt, please remove and re-create the database.")); } if (err) { @@ -83,7 +83,7 @@ bool CacheDB::ReadyDB(string DB) return true; } /*}}}*/ -// CacheDB::OpenFile - Open the filei /*{{{*/ +// CacheDB::OpenFile - Open the file /*{{{*/ // --------------------------------------------------------------------- /* */ bool CacheDB::OpenFile() @@ -139,7 +139,7 @@ bool CacheDB::GetCurStat() if (DBLoaded) { - /* First see if thre is anything about it + /* First see if there is anything about it in the database */ /* Get the flags (and mtime) */ diff --git a/ftparchive/contents.cc b/ftparchive/contents.cc index 1f2cbcc3d..fb1438f74 100644 --- a/ftparchive/contents.cc +++ b/ftparchive/contents.cc @@ -13,7 +13,7 @@ removing the massive sort time overhead. By breaking all the pathnames into components and storing them - separately a space savings is realized by not duplicating the string + separately a space saving is realized by not duplicating the string over and over again. Ultimately this saving is sacrificed to storage of the tree structure itself but the tree structure yields a speed gain in the sorting and processing. Ultimately it takes about 5 seconds to diff --git a/ftparchive/multicompress.cc b/ftparchive/multicompress.cc index 2fc8efcbf..16cef9769 100644 --- a/ftparchive/multicompress.cc +++ b/ftparchive/multicompress.cc @@ -365,7 +365,7 @@ bool MultiCompress::CloseOld(int Fd,pid_t Proc) // MultiCompress::Child - The writer child /*{{{*/ // --------------------------------------------------------------------- /* The child process forks a bunch of compression children and takes - input on FD and passes it to all the compressor childer. On the way it + input on FD and passes it to all the compressor child. On the way it computes the MD5 of the raw data. After this the raw data in the original files is compared to see if this data is new. If the data is new then the temp files are renamed, otherwise they are erased. */ diff --git a/ftparchive/writer.cc b/ftparchive/writer.cc index b2ebdca8a..4e6c9a77d 100644 --- a/ftparchive/writer.cc +++ b/ftparchive/writer.cc @@ -463,7 +463,7 @@ bool PackagesWriter::DoPackage(string FileName) SetTFRewriteData(Changes[End++], "Maintainer", NewMaint.c_str()); /* Get rid of the Optional tag. This is an ugly, ugly, ugly hack that - dpkg-scanpackages does.. Well sort of. dpkg-scanpackages just does renaming + dpkg-scanpackages does. Well sort of. dpkg-scanpackages just does renaming but dpkg does this append bit. So we do the append bit, at least that way the status file and package file will remain similar. There are other transforms but optional is the only legacy one still in use for some lazy reason. */ -- cgit v1.2.3-70-g09d2 From f8b832bdbe85ca315404edcf1159fb1225fddfbf Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 12 Dec 2009 16:32:18 +0100 Subject: remove informalexample tag which hides the programlisting in the tree section of the apt-ftparchive manpage, thanks Chris Leick for noticing it! --- debian/changelog | 2 ++ doc/apt-ftparchive.1.xml | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/debian/changelog b/debian/changelog index d60bdb51f..2b09c9b68 100644 --- a/debian/changelog +++ b/debian/changelog @@ -113,6 +113,8 @@ apt (0.7.25) UNRELEASED; urgency=low - correct various errors, typos and oddities (Closes: #552535) * doc/apt-secure.8.xml: - replace literal with emphasis tags in Archive configuration + * doc/apt-ftparchive.1.xml: + - remove informalexample tag which hides the programlisting [ Eugene V. Lyubimkin ] * apt-pkg/contib/strutl.h diff --git a/doc/apt-ftparchive.1.xml b/doc/apt-ftparchive.1.xml index fb1b10adc..c56ff235a 100644 --- a/doc/apt-ftparchive.1.xml +++ b/doc/apt-ftparchive.1.xml @@ -350,11 +350,11 @@ When processing a Tree section apt-ftparchive performs an operation similar to: - + for i in Sections do for j in Architectures do Generate for DIST=scope SECTION=i ARCH=j - + Sections -- cgit v1.2.3-70-g09d2 From 5d70f74c114450f001d415eea101610eedaee05b Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 12 Dec 2009 19:06:01 +0100 Subject: fix to other oddities observed by Chris Leick while translating in doc/apt-get.8.xml, namely: - change equivalent "for" to "to the" (purge command) - clarify --fix-broken sentence about specifying packages --- debian/changelog | 3 +++ doc/apt-get.8.xml | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/debian/changelog b/debian/changelog index 2b09c9b68..cd4573468 100644 --- a/debian/changelog +++ b/debian/changelog @@ -115,6 +115,9 @@ apt (0.7.25) UNRELEASED; urgency=low - replace literal with emphasis tags in Archive configuration * doc/apt-ftparchive.1.xml: - remove informalexample tag which hides the programlisting + * doc/apt-get.8.xml: + - change equivalent "for" to "to the" (purge command) + - clarify --fix-broken sentence about specifying packages [ Eugene V. Lyubimkin ] * apt-pkg/contib/strutl.h diff --git a/doc/apt-get.8.xml b/doc/apt-get.8.xml index d3c3772bd..3d22f262c 100644 --- a/doc/apt-get.8.xml +++ b/doc/apt-get.8.xml @@ -333,8 +333,8 @@ Fix; attempt to correct a system with broken dependencies in place. This option, when used with install/remove, can omit any packages - to permit APT to deduce a likely solution. Any Package that are specified - must completely correct the problem. The option is sometimes necessary when + to permit APT to deduce a likely solution. If packages are specified, + these have to completely correct the problem. The option is sometimes necessary when running APT for the first time; APT itself does not allow broken package dependencies to exist on a system. It is possible that a system's dependency structure can be so corrupt as to require manual intervention @@ -466,7 +466,7 @@ Use purge instead of remove for anything that would be removed. An asterisk ("*") will be displayed next to packages which are - scheduled to be purged. is equivalent for + scheduled to be purged. is equivalent to the command. Configuration Item: APT::Get::Purge. -- cgit v1.2.3-70-g09d2