lp:~juliank/apt/+git/apt

Author: Julian Andres Klode
Author Date: 2024-05-30 07:51:13 UTC

edsp: Parse source version from the Source-Version field

EDSP uses the Source-Version field instead of storing the source
version in the Source field with the package name, adjust our
parser accordingly.

Use the override in the edspLikeListParser to do so rather than
dumb this into the correct place in the debListParser.

Author: Julian Andres Klode
Author Date: 2024-05-28 14:06:15 UTC

gpgv: Untrust reversed digests and SHA224

Author: Julian Andres Klode
Author Date: 2024-05-26 15:30:00 UTC

Add apt-gencaches.service and invoke it after upgrading apt

When we upgrade apt we bump the cache format so the cache will
be considered fully outdated, so we need to regenerate it.

This solves the case for installed systems. I don't believe this
is much of an issue for chroots or docker containers as the usual
case would be to just run the next command(s) as root too, so you
only get the delay once. Whereas on a host system, you'd go possibly
run sudo apt full-upgrade -U and then later run apt show apt as your
user account.

Author: Julian Andres Klode
Author Date: 2024-05-23 11:24:25 UTC

solver3: Fix translations of removals for marked install

We also need to issue a MarkDelete() if the package is marked for
installation currently but should not be, not only if it did not
have a previous version.

This fixes the final test in test-multiarch-barbarian, the others
only needed adjustments to mark all packages as automatic.

Author: Julian Andres Klode
Author Date: 2024-04-23 19:09:47 UTC

Replace can't->cannot, couldn't->could not

Proper written English is important, no?

This is a semi-automated sed with the following expressions

    /"/ s/can't/cannot/g
    /"/ s/Can't/Cannot/g
    /"/ s/n't/ not/g

applied globally and the same expressions without the /"/
restriction applied to doc and po and test/integration.

Author: Julian Andres Klode
Author Date: 2024-04-19 16:51:28 UTC

Use pretty formatter for Suggests/Recommends too

Author: Julian Andres Klode
Author Date: 2024-04-19 14:48:19 UTC

apt.conf(5): Document the APT::Color scope

Author: Julian Andres Klode
Author Date: 2024-04-16 10:24:31 UTC

Automatically run update if lists are older than 7 days

This is the first step for automatic update; another step is to update
on missing repositories, however we want to figure that out.

Author: Julian Andres Klode
Author Date: 2024-04-12 16:08:51 UTC

Use the same words for the summary

Instead of using Upgrades, Installs, and so on, just use
Upgrading, Installing, etc. This solves the problem of
not having a nice noun for "Not upgrading".

Author: Julian Andres Klode
Author Date: 2024-04-09 17:56:26 UTC

Revert "Temporarily downgrade key assertions to "soon worthless""

We temporarily downgraded the errors to warnings to give the
launchpad PPAs time to be fixed, but warnings are not safe:
Untrusted keys could be hiding on your system, but just not
used at the moment. Hence revert this so we get the errors we
want.

This reverts commit 66998ed3d299bede651ad40368bdb270f5f5b0f9.

LP: #2060721
Gbp-Dch: full

Author: Julian Andres Klode
Author Date: 2024-02-28 17:32:32 UTC

Do not require versioned dpkg-dev on CI

Annotate the Build-Depends with a <!pkg.apt.ci> profile and use
that in prepare-release when doing build-dep.

Author: Julian Andres Klode
Author Date: 2024-02-28 16:04:05 UTC

Temporarily downgrade key assertions to "soon worthless"

This will only issue warnings instead of errors while we continue
cleaning up our repositories.

Author: Julian Andres Klode
Author Date: 2024-01-12 13:41:20 UTC

valgrind: Add suppression file and use it, pass --error-exitcode=1

Author: Julian Andres Klode
Author Date: 2024-01-12 12:47:52 UTC

pkgcachegen: Use placement new to construct header

Avoid copying the header from a stack allocated object as this
will copy uninitialized padding bytes into the cache, triggering
valgrind errors which people then use as a strawman for unrelated
errors on armhf.

In an optimal world we should annotate the allocator however such
that valgrind actually does treat those bytes as uninitialized and
then supress warnings in the harmless places, such that when you
then go and try to access it in a place that matters, you do get
an error for uninitialized memory.

Currently any access within the pool will be considered initialized
which is clearly suboptimal. But this is very much a TBD topic and
involves annotating the allocator everywhere.

Author: Julian Andres Klode
Author Date: 2024-01-10 11:34:55 UTC

test: Split tests for ignored .list and .sources

Testing both at the same time made it depend on the readdir() ordering,
causing failures in ci.debian.net, so just test one at a time.

Reported-By: billchenchina on IRC
Gbp-Dch: full

Author: Julian Andres Klode
Author Date: 2023-09-20 07:46:51 UTC

Downgrade unmerged-usr from error to two warnings

One warning will be issued before the Y/n prompt, the other will
be issued at the end after package installs have been attempted
or if there were other failures, such that the last line you see
is warnings about unmerged-usr

I do not anticipate this to be the final version either, but
there we go.

Closes: #1052058

Author: Julian Andres Klode
Author Date: 2023-08-30 18:36:36 UTC

WIP: Add apt-sign(1) tool

This tool is a skeleton so far but will provide sign and verify
commands.

Author: Julian Andres Klode
Author Date: 2023-08-30 13:00:05 UTC

WIP: hashes: Use AF_ALG sockets on Linux instead of gcrypt

This breaks the gcrypt code, it's a PoC, and it's about half the
speed as doing it in-process.

Author: Julian Andres Klode
Author Date: 2023-08-01 11:59:09 UTC

Compare SHA256 to check if versions are really the same

If we know both SHA256, and they're different, the packages are. This
approach stores the SHA256 only at runtime, avoiding the overhead of
storing it on-disk, because when we update repositories we update all
of them anyhow.

Note that pkgCacheGenerator is hidden, so we can just modify its
ABI, hooray.

Closes: #931175
LP: #2029268

Author: Julian Andres Klode
Author Date: 2023-07-07 12:24:52 UTC

Do not mark updates for install that are still phasing

This fixes an issue where phased updates gain new dependencies
and cause them to be installed despite themselves not being
installed.

In the cause of investigation, it turned out that we also need
to evaluate the candidate version at those early stage rather
than the install version (which is only valid *after* MarkInstall).

This does not fully resolve the problem: If an update pulls in
a phased update, depends are still being installed. Resolving
this while ensuring that phased updates cannot uninstall packages
requires us to do a minimization of changes by trying to keep
back each new install removal and then seeing if any dependency
is being broken by it. This is more complex and will happen
later.

Author: Julian Andres Klode
Author Date: 2023-05-26 19:35:29 UTC

WIP: hashes collision

Author: Julian Andres Klode
Author Date: 2023-04-30 11:45:51 UTC

PoC

Only works for hooks and downloading, dpkg doesn't run with landlock

Author: Julian Andres Klode
Author Date: 2023-01-28 21:17:29 UTC

Add an add-sources command to apt(8)

Author: Julian Andres Klode
Author Date: 2022-12-08 18:28:41 UTC

Fix version finding for binary version

When we did apt source foo, and foo is a binary package, we try
to lookup the candidate and use that, but we only set the version
tag when the source version is different from the package version.

So if we have packages:

    foo Version: 1+foo Source: foo (= 1)
    foo Version: 2+foo Source: foo (= 2)
    bar Version: 1 Source: bar (= 1)
    bar Version: 2 Source: bar (= 2)

And we pin the "1" versions higher than 2,

    apt source foo downloads version 1
    apt source bar downloads version 2

This fixes it so that apt source bar also downloads version 1.

Note that we cannot set the VerTag if we have a RelTag, as the
RelTag must take precedence. This can be enhanced so that if there
are multiple versions matching the rel tag, the candidate takes
priority but this is not implemented so far.

Author: Julian Andres Klode
Author Date: 2022-10-31 14:19:01 UTC

Release 2.4.9

Author: Julian Andres Klode
Author Date: 2022-10-31 14:16:15 UTC

Release 2.5.3ubuntu0.1

Author: Julian Andres Klode
Author Date: 2022-09-28 14:28:36 UTC

full-upgrade: Mark phased upgrades for keep before anything else

By marking them at the end, we might make other decisions that
depend on the new phased updates, confusing the solver. Run the
marking at the start too.

The EDSP test file from Jeremy was modified to include Machine-ID
and Phased-Update-Percentage fields and then filtered to mostly
exclude packages irrelevant to the test case by running

    grep-dctrl \( -FRequest "EDSP 0.5" -o -FInstalled yes \
                    -oFPhased-Update-Percentage 10 \) \
                -a --not -FArchitecture i386

LP: #1990586
(cherry picked from commit 5f5a8deedffac3cdeeb2f178d910d3759d366e8e)

Author: Julian Andres Klode
Author Date: 2022-08-12 10:39:54 UTC

Release 1.6.17

Author: Julian Andres Klode
Author Date: 2022-07-24 14:28:53 UTC

Add NEWS entry

Author: Julian Andres Klode
Author Date: 2022-07-11 14:36:59 UTC

Add test cases

Author: Julian Andres Klode
Author Date: 2022-06-30 13:37:16 UTC

Release 2.3.9ubuntu0.2

Author: Julian Andres Klode
Author Date: 2022-06-28 12:53:14 UTC

policy: Do not override negative pins with 1 due to phasing

If a package is already pinned to a negative value, we should not
override this with a positive 1. This causes packages to be installable
that were pinned to -1, which is not intended.

For this, implement phasing as a ceiling of 1 for the pin instead
of a fixed 1 value. An alternative would have been to fix it to
NEVER_PIN, but that would mean entirely NEW packages would not be
installable while phasing which is not the intention either.

LP: #1978125

Author: Julian Andres Klode
Author Date: 2022-04-25 16:54:03 UTC

Move apt-key to /usr/lib/apt

This series is scheduled to remove apt-key, this is the first step
to break existing code *now* rather than later in the cycle.

Gbp-Dch: full

Author: Julian Andres Klode
Author Date: 2019-02-08 09:04:25 UTC

WIP: Add support for Authentication using Bearer tokens

This adds a Bearer field to the URI struct, and adds a bearer
field to the netrc format. Bearer tokens are gaining popularity
in various services, and are simple to implement, so we don't
want to be left out of the fun.

Author: Julian Andres Klode
Author Date: 2022-05-06 16:15:19 UTC

Do not accept arguments for apt-cache dotty, xvcg

These commands do not actually interpret the same
arguments as depends, or any own ones for that matter.

Gbp-Dch: full

Author: Julian Andres Klode
Author Date: 2021-02-12 11:53:57 UTC

Do not make DefaultRootSetFunc2 public symbol

(cherry picked from commit 3b198616423daaef69c938fbcc5dd11a1e8f866c)

Author: Julian Andres Klode
Author Date: 2022-04-06 11:51:08 UTC

Only protect two kernels, not last installed one

The kernel autoremoval algorithm was written to accomodate
for Ubuntu's boot partition sizing, which was written to
accomodate 3 kernels - 2 installed ones + a new one being
unpacked.

It seems that when the algorithm was designed, it was overlooked
that it actually kept 3 kernels.

LP: #1968154

Author: Julian Andres Klode
Author Date: 2022-04-06 11:51:08 UTC

Only protect two kernels, not last installed one

The kernel autoremoval algorithm was written to accomodate
for Ubuntu's boot partition sizing, which was written to
accomodate 3 kernels - 2 installed ones + a new one being
unpacked.

It seems that when the algorithm was designed, it was overlooked
that it actually kept 3 kernels.

LP: #1968154

Author: Helmut Grohne
Author Date: 2022-03-21 05:02:47 UTC

Avoid use of deprecated std::iterator (twice)

Closes: #1008036

Author: Julian Andres Klode
Author Date: 2022-03-07 12:03:24 UTC

gpgv: Use Valid instead of Good to determine fallback

Change the logic to use "Valid" instead of "Good" to determine
whether we need to fallback and if fallback was successful. That
means that if you have an expired key in trusted.gpg.d, and a
non-expired in trusted.gpg, verification will now fail directly
with the expired key in trusted.gpg.d and not try to fallback.

Likewise, if the key in trusted.gpg is expired, this will now
also be reported correctly again, instead of producing an error
message that the key could not be found.

Author: Julian Andres Klode
Author Date: 2022-01-07 11:43:32 UTC

Warn if the legacy trusted.gpg keyring is used for verification

With apt-key going away, people need to manage key files, rather
than keys, so they need to know if any keys are in the legacy keyring.

Author: Julian Andres Klode
Author Date: 2022-01-21 14:11:56 UTC

Add a --full mode to apt show

This adds back the missing fields that we do not show any
other way.

Author: Julian Andres Klode
Author Date: 2021-12-09 10:52:12 UTC

Introduce and use isalpha_ascii() in debversion rather than isalpha()

Avoid misclassifying additional alphabetical characters from
certain locales as alpha and then sort them by ASCII...

Author: Julian Andres Klode
Author Date: 2021-11-26 13:54:29 UTC

Basic CMake setup for z3 based solver

For now this is just a copy of the dump solver.

Author: Julian Andres Klode
Author Date: 2021-11-17 15:29:09 UTC

Do not remove Essential/Protected due to dependencies

Suggesting the removal of Essential and Protected packages as a
solution leads to situations where YouTubers end up removing their
desktop.

Let's not remove such packages ourselves.

Author: Julian Andres Klode
Author Date: 2021-11-17 16:20:29 UTC

Require argument to remove essential packages, do not prompt

Let's make this one step harder.

Author: Julian Andres Klode
Author Date: 2021-10-18 13:48:05 UTC

Only allow full Signed-By keys where filenames are allowed

Rename the argument to Introducer and generalize it to anything
that introduces new keys into the trusted vector, like file names
and full keys.

Author: Julian Andres Klode
Author Date: 2021-07-29 09:49:05 UTC

tests (retry-downloads): Avoid delay in second test

This delay of 4+2+1=7 seconds in unnecessary.

Author: Julian Andres Klode
Author Date: 2021-07-08 14:49:20 UTC

Introduce delay method, exponential backoff between retries

Upon retry, sleep for 2**0, 2**1, 2**2, and so on, seconds before
retrying the download, in order to ensure that we can retry across
short network or server outage.

Author: Julian Andres Klode
Author Date: 2021-07-01 13:38:10 UTC

Set haveContent to FALSE on `Content-Length: 0`

Set haveContent to HaveContent::FALSE when Content-Length is 0,
and change remaining code to only set it to TRUE if it has not
been set so far.

Closes: #990281

Author: Julian Andres Klode
Author Date: 2021-06-14 14:26:24 UTC

Release 2.2.4ubuntu0.1

Author: Julian Andres Klode
Author Date: 2021-06-14 14:29:06 UTC

Add (LP: #1931874) bug reference to 2.2.4 changelog

Author: Julian Andres Klode
Author Date: 2021-04-28 12:07:22 UTC

tests: Export TZ=UTC to work around test failures on non-UTC hosts

It's unclear to me atm why that only happens in xenial, but oh well,
this is the simplest solution.

Author: David Kalnischkies
Author Date: 2016-07-20 16:38:38 UTC

tests: avoid time-dependent rebuild of caches

The tests changes the sources.list and the modification time of this
file is considered while figuring out if the cache can be good. Usually
this isn't an issue, but in that case we have the cache generation
produce warnings which appear twice in this case.

(cherry picked from commit 70bef3257a4dc7751444db8dadedd207bd24ab35)

Author: Julian Andres Klode
Author Date: 2021-04-28 08:23:07 UTC

Avoid duplicated error in `apt search`

This was introduced by the pattern backport, because sources.list
parsing errors are fatal, so GetDepCache() and GetPkgCache() both
tried to read the sources.list and failed.

Use BuildDepCache instead, and fail early if we can't open it.

Author: Julian Andres Klode
Author Date: 2021-04-19 16:47:54 UTC

Release 1.8.2.3

Author: Julian Andres Klode
Author Date: 2021-04-15 17:23:21 UTC

Automatically retry failed downloads 3 times

Enable the Acquire::Retries option by default, set to 3.
This will help with slightly unreliable networking; future
work is needed for adding backoff and SRV/IP rotation.

LP: #1876035
Gbp-Dch: full

Author: Julian Andres Klode
Author Date: 2021-04-09 16:16:10 UTC

Error on packages without a Size field (option Acquire::AllowUnsizedPackages)

Repositories without Size information for packages are not
proper and need fixing. This ensures people see an error in
CI, and get notifications and hence the ability to fix it.

It can be turned off by setting Acquire::AllowUnsizedPackages
to true.

Author: Julian Andres Klode
Author Date: 2021-04-12 15:49:30 UTC

install: Warn if system is not merged-usr

In Bug#978636, the CTTE decided that booksworm will be merged-usr-only,
hence add a warning to APT to inform people about unsupported systems
so they get a chance to fix them up.

Author: Julian Andres Klode
Author Date: 2021-03-31 13:25:18 UTC

Check for and discard expected warning from MaybeAddAuth

MaybeAddAuth() here tells us that it refused to use the credentials
for an http source; but that caused the test suite to fail at a later
stage because we checked if there were any errors/warning. Strangely,
this is only triggered with LTO enabled.

Actually check that the warning is being set and then reject it.

Author: Julian Andres Klode
Author Date: 2021-03-10 13:40:17 UTC

Release 1.8.5

Author: Julian Andres Klode
Author Date: 2021-03-10 12:37:47 UTC

Release 2.1.10ubuntu0.3

Author: Julian Andres Klode
Author Date: 2020-11-02 20:27:48 UTC

Implement --allow-remove=?pattern alternative to --allow-remove-essential

--allow-remove-essential is now the same as
--allow-remove=?or(?essential,?protected) - well except we do not
have ?protected pattern yet

Author: Julian Andres Klode
Author Date: 2021-01-10 18:08:21 UTC

Release 1.0.9.8.7

Author: Julian Andres Klode
Author Date: 2021-01-08 11:36:31 UTC

Make immediate configuration optional

The benefits of immediate configuration are that Essential packages
will be configured immediately, so if they are wrongly not working
without being configured they won't fail later packages.

However, we've reached the point where dependencies on the essential set
are too complex for immediate configuration to always work, causing
installations to error out at the end, despite having succeeded, because
we did not correctly return the error here and did not check for pending
errors before running dpkg.

Given that we check and configure any packages at the end that have not
been configured yet, or fail if we can't configure them; making
immediate configuration optional is the best way forward - it orders as
it does now, but then does not spuriously fail after having successfully
installed everything.

Closes: #973305, #188161, #211075, #649588
LP: #1871268

Author: Julian Andres Klode
Author Date: 2020-12-27 10:57:20 UTC

Release 2.1.12+deb11u1

Author: Helge Kreutzmann
Author Date: 2020-12-23 14:56:43 UTC

German program translation update

Closes: #977938

Author: Julian Andres Klode
Author Date: 2020-12-05 14:49:28 UTC

ParseDepends: Parse package names using a table

This improves cycle estimation from 3.5% to 3.27%, and we see a
1.5% decrease in instruction references, woohoo

Author: Julian Andres Klode
Author Date: 2020-11-07 11:07:58 UTC

Retry failed downloads two times (Acquire::Retries=2)

While we are not entirely confident about Acquire::Retries yet, we
are seeing that we do need to have some more retries in some places,
and the previous retry code I ripped out hid the actual errors, so
it's time for us to gain some real-world experience with the Retries
option while it's still early in the release cycle.

This obviously needs some further work:

- backoff between retries
- DNS rotation between retries so we exhaust all IPs
- SRV rotation between retries so we exhaust all SRV hosts

But I don't want to reinstantiate the previous code because that
hid the error messages entirely, which led to problems not being
discovered at all.

LP: #1876035

Author: Julian Andres Klode
Author Date: 2020-10-08 09:50:19 UTC

Do not immediately configure m-a: same packages in lockstep

In LP#835625, it was reported that apt did not unpack multi-arch
packages in the correct order, and dpkg did not like that. The fix
also made apt configure packages together, which is not strictly
necessary.

This turned out to cause issues now, because of dependencies on
libc6:i386 that caused immediate configuration of that to not
work.

Work around the issue by not configuring multi-arch: same packages
in lockstep if they have the immediate flag set. This will be the
pseudo-essential set, and given how essential works, we mostly need
the native arch to work correctly anyway.

LP: #1871268
Regression-Of: 30426f4822516bdd26528aa2e6d8d69c1291c8d3

Author: Julian Andres Klode
Author Date: 2020-08-11 11:09:14 UTC

Rewrite HttpServerState::Die()

The old code was fairly confusing, and contradictory. Notably, the
second `if` also only applied to the Data state, whereas we already
terminated the Data state earlier. This was bad.

The else fallback applied in three cases:

(1) We reached our limit
(2) We are Persistent
(3) We are headers

Now, it always failed as a transient error if it had
nothing left in the buffer. BUT: Nothing left in the buffer
is the correct thing to happen if we were fetching content.

Checking all combinations for the flags, we can compare the results
of Die() between 2.1.7 - the last "known-acceptable-ish" version
and this version:
                                2.1.7 this
Data !Persist !Space !Limit OK (A) OK
Data !Persist !Space Limit OK (A) OK
Data !Persist Space !Limit OK (C) OK
Data !Persist Space Limit OK OK

Data Persist !Space !Limit ERR ERR *
Data Persist !Space Limit OK (B) OK
Data Persist Space !Limit ERR ERR
Data Persist Space Limit OK OK

=> Data connections are OK if they have not reached their limit,
   or are persistent (in which case they'll probably be chunked)

Header !Persist !Space !Limit ERR ERR
Header !Persist !Space Limit ERR ERR
Header !Persist Space !Limit OK OK
Header !Persist Space Limit OK OK
Header Persist !Space !Limit ERR ERR
Header Persist !Space Limit ERR ERR
Header Persist Space !Limit OK OK
Header Persist Space Limit OK OK

=> Common scheme here is that header connections are fine if they have
   read something into the input buffer (Space). The rest does not matter.

(A) Non-persistent connections with !space always enter the else clause, hence success
(B) no Space means we enter the if/else, we go with else because IsLimit(), and we succeed because we don't have space
(C) Having space we do enter the while (WriteSpace()) loop, but we never reach IsLimit(),
    hence we fall through. Given that our connection is not persistent, we fall through to the
    else case, and there we win because we have data left to write.

Author: Julian Andres Klode
Author Date: 2020-08-10 13:39:33 UTC

Default Acquire::AllowReleaseInfoChange::Suite to "true"

Closes: #931566

Author: Julian Andres Klode
Author Date: 2020-08-10 09:39:30 UTC

Do not retry on failure to fetch

While we fixed the infinite retrying earlier, we still have
problems if we retry in the middle of a transfer, we might
end up resuming downloads that are already done and read
more than we should (removing the IsOpen() check so that
it always retries makes test-ubuntu-bug-1098738-apt-get-source-md5sum
fail with wrong file sizes).

I think the retrying was added to fixup pipelining messups,
but we have better solutions now, so let's get rid of it,
until we have implemented this properly.

Author: Julian Andres Klode
Author Date: 2020-07-14 14:34:20 UTC

Replace whitelist/blacklist with allowlist/denylist

Author: Julian Andres Klode
Author Date: 2020-08-04 09:37:45 UTC

http: Always write to the file if there's something to write

We only add the file to the select() call if we have data to
write to it prior to the select() call. This is problematic:

Assuming we enter Go() with no data to write to the file,
but we read some from the server as well as an EOF, we end
up not writing it to the file because we did not add the file
to the select.

We can't always add the file to the select(), because it's
basically always ready and we don't want to wake up if we
don't have anything to read or write.

So for a solution, let's just always write data to the file
if there's data to write to it. If some gets leftover, or if
some was already present when we started Go(), it will still
be added to the select() call and unblock it.

Closes: #959518

Author: Julian Andres Klode
Author Date: 2020-05-14 19:57:09 UTC

Run tests with ulimit -n 64 and add .gitlab-ci.yml for CI

Author: Julian Andres Klode
Author Date: 2020-05-13 22:06:56 UTC

private-search: Only use V.TranslatedDescription() if good

When we could not find a translated description, we were
pushing V.TranslatedDescription() to the vector, but that
one might not have been good either.

Add the check so we don't crash later when trying to access
it.

LP: #1877987
Regression-Of: 19033186919b9c6d31ca3aabaacfb069a4b64f88

Author: Julian Andres Klode
Author Date: 2020-05-13 08:52:52 UTC

gitlab-ci: Run autopkgtest

Author: Julian Andres Klode
Author Date: 2020-05-12 09:58:00 UTC

Release 1.9.4ubuntu0.1

Author: Julian Andres Klode
Author Date: 2020-05-12 09:58:00 UTC

Release 2.0.2ubuntu0.1

Author: Julian Andres Klode
Author Date: 2020-05-12 09:58:00 UTC

Release 1.4.10

Author: Julian Andres Klode
Author Date: 2020-05-06 10:52:57 UTC

apt-key: Allow depending on gpg instead of gnupg

Maintainer scripts that need to use apt-key del might as well
depend on gpg, they don't need the full gnupg suite.

Author: Julian Andres Klode
Author Date: 2020-04-01 13:08:25 UTC

Custom timer intervals should be configured in systemd, not apt.conf

This addresses the problem where people configure an interval other
than 1 or 0, and end up with skewed results due to daylight saving.

Author: Julian Andres Klode
Author Date: 2019-08-13 17:15:19 UTC

apt-pkg: default visibility to hidden

Author: Julian Andres Klode
Author Date: 2020-02-20 12:34:37 UTC

tagfile: Check out-of-bounds access to Tags vector

Check that the index we're going to use is within the size
of the array.

Author: Julian Andres Klode
Author Date: 2019-04-15 07:40:20 UTC

Widen regular expressions for versioned kernel packages

Since we append a concrete kernel version to each pattern, and then
anchor the pattern, let's just pick any package starting with a
kernel name (linux-, kfreebsd-, gnumach-), and not worry about
linux-headers, linux-tools, etc specifically, as they'll be caught
by the generic pattern.

LP: #1607845

Author: Julian Andres Klode
Author Date: 2020-01-16 11:32:09 UTC

pkgcache: Embed APT version and check it, set Major:Minor to 42:0

I forget to update the major:minor versions of the cache all the
time, so let's put an end to that and use the apt version directly.

This means that the cache needs rebuilding after apt is upgraded,
but this is a minor issue as it does not happen very often.

Author: Julian Andres Klode
Author Date: 2019-12-04 12:58:38 UTC

netrc: Add warning when ignoring entries for unencrypted protocols

Commit 93f33052de84e9aeaf19c92291d043dad2665bbd restricted auth.conf
entries to only apply to https by default, but this was silent - there
was no information why http sources with auth.conf entries suddenly
started failing. Add such information, and extend test case to cover
it.

Author: Julian Andres Klode
Author Date: 2019-12-04 15:28:17 UTC

more fixup

Author: Julian Andres Klode
Author Date: 2019-12-02 10:46:49 UTC

netrc: Restrict auth.conf entries to https by default

This avoids downgrade attacks where an attacker could inject

Location: http://private.example/

and then (having access to raw data to private.example, for example,
by opening a port there, or sniffing network traffic) read the credentials
for the private repository.

Closes: #945911

Author: Julian Andres Klode
Author Date: 2019-11-26 11:01:42 UTC

patterns: Add ?section

Author: Julian Andres Klode
Author Date: 2019-08-15 13:06:20 UTC

patterns: Allow more complex words

Only disallow ,() and on the start of a word also ~ and ?. Make
sure to include \0 as disallowed.

Author: Julian Andres Klode
Author Date: 2019-06-21 20:45:13 UTC

Improve locking messaging - pid and name, "do not remove lock file"

We want to tell users which process is holding the lock so they
can easily understand what's going on, and we want to advise
users not to remove the lock file, because ugh, that's bad.

Re-initalize the flock structure, in case it got mangled by
previous fcntl call.

Author: Julian Andres Klode
Author Date: 2019-05-09 20:23:17 UTC

Introduce apt satisfy and apt-get satisfy

Allow to satisfy dependency strings supplied on
the command line, optionally prefixed with
"Conflicts:" to satisfy them like Conflicts.

Build profiles and architecture restriction lists,
as used in build dependencies, are supported as
well.

Compared to build-dep, build-essential is not
installed automatically, and installing of recommended
packages follows the global default, which defaults
to yes.

Closes: #275379

Author: Julian Andres Klode
Author Date: 2019-05-10 10:42:38 UTC

WIP: README.md: Minor editing to make it read easier

Went as far as "A test case here is a shell script", this paragraph
is _hard_.

Author: Julian Andres Klode
Author Date: 2019-05-06 20:23:45 UTC

Merge the ParseDepends functions

Author: Julian Andres Klode
Author Date: 2019-05-06 10:22:42 UTC

Use debDebFile to get control file instead of dpkg-deb

Author: Julian Andres Klode
Author Date: 2019-05-06 10:22:42 UTC

Use debDebFile to get control file instead of dpkg-deb

Author: Julian Andres Klode
Author Date: 2019-04-15 09:32:50 UTC

Prevent shutdown while running dpkg

As long as we are running dpkg, keep an inhibitor that
blocks us from shutting down.

LP: #1820886

Author: Julian Andres Klode
Author Date: 2019-03-19 16:49:39 UTC

Tighten dependencies from apt and apt-utils on libs

Make apt pull in at least the same version of libapt-pkg,
and apt-utils at least the same version of libapt-inst,
so that upgrading only apt also upgrades the libraries.