Age | Commit message (Collapse) | Author | Files | Lines |
|
Weak had no dedicated option before and Insecure and Downgrade were both
global options, which given the effect they all have on security is
rather bad. Setting them for individual repositories only isn't great
but at least slightly better and also more consistent with other
settings for repositories.
|
|
Reported-By: cppcheck
Git-Dch: Ignore
|
|
Our error reporting is historically grown into some kind of mess.
A while ago I implemented stacking for the global error which is used in
this commit now to wrap calls to functions which do not report (all)
errors via return, so that only failures in those calls cause a failure
to propergate down the chain rather than failing if anything
(potentially totally unrelated) has failed at some point in the past.
This way we can avoid stopping the entire acquire process just because a
single source produced an error for example. It also means that after
the acquire process the cache is generated – even if the acquire
process had failures – as we still have the old good data around we can and
should generate a cache for (again).
There are probably more instances of this hiding, but all these looked
like the easiest to work with and fix with reasonable (aka net-positive)
effects.
|
|
Git-Dch: ignore
|
|
|
|
indexRecords was used to parse the Release file – mostly the hashes –
while metaIndex deals with downloading the Release file, storing all
indexes coming from this release and … parsing the Release file, but
this time mostly for the other fields.
That wasn't a problem in metaIndex as this was done in the type specific
subclass, but indexRecords while allowing to override the parsing method
did expect by default a specific format.
APT isn't really supporting different types at the moment, but this is
a violation of the abstraction we have everywhere else and, which is the
actual reason for this merge: Options e.g. coming from the sources.list
come to metaIndex naturally, which needs to wrap them up and bring them
into indexRecords, so the acquire system is told about it as they don't
get to see the metaIndex, but they don't really belong in indexRecords
as this is just for storing data loaded from the Release file… the
result is a complete mess.
I am not saying it is a lot prettier after the merge, but at least
adding new options is now slightly easier and there is just one place
responsible for parsing the Release file. That can't hurt.
|
|
Doing this disables the implicit copy assignment operator (among others)
which would cause hovac if used on the classes as it would just copy the
pointer, not the data the d-pointer points to. For most of the classes
we don't need a copy assignment operator anyway and in many classes it
was broken before as many contain a pointer of some sort.
Only for our Cacheset Container interfaces we define an explicit copy
assignment operator which could later be implemented to copy the data
from one d-pointer to the other if we need it.
Git-Dch: Ignore
|
|
Some of them modify the ABI, but given that we prepare a big one
already, these few hardly count for much.
Git-Dch: Ignore
|
|
To have a chance to keep the ABI for a while we need all three to team
up. One of them missing and we might loose, so ensuring that they are
available is a very tedious but needed task once in a while.
Git-Dch: Ignore
|
|
While it is mostly busywork to rewrite all instances it actually fixes
bugs as the data storage used by the new method is std::string rather
than a char*, the later mostly created by c_str() from a std::string
which the caller has to ensure keeps in scope – something apt-ftparchive
actually didn't ensure and relied on copy-on-write behavior instead
which c++11 forbids and hence the new default gcc abi doesn't use it.
|
|
Its a bit unpredictable which permissons and owners we will encounter on
a CD-ROM (or a USB stick, as apt-cdrom is responsible for those too),
so we have to ensure in this codepath as well that everything is nicely
setup without waiting for a 'apt-get update' to fix up the (potential)
mess.
|
|
I am pretty sure I did that before committing broken stuff…
Git-Dch: Ignore
|
|
Reimplementing an inline method is opening a can of worms we don't want
to open if we ever want to us a d-pointer in those classes, so we do the
only thing which can save us from hell: move the destructors into the cc
sources and we are good.
Technically not an ABI break as the methods inline or not do the same
(nothing), so a program compiled against the old version still works
with the new version (beside that this version is still in experimental,
so nothing really has been build against this library anyway).
Git-Dch: Ignore
|
|
It is not very extensible to have the supported Hashes hardcoded
everywhere and especially if it is part of virtual method names.
It is also possible that a method does not support the 'best' hash
(yet), so we might end up not being able to verify a file even though we
have a common subset of supported hashes. And those are just two of the
cases in which it is handy to have a more dynamic selection.
The downside is that this is a MAJOR API break, but the HashStringList
has a string constructor for compatibility, so with a bit of luck the
few frontends playing with the acquire system directly are okay.
|
|
Git-Dch: Ignore
Reported-By: gcc -Wsuggest-attribute={pure,const,noreturn}
|
|
Beside being a bit cleaner it hopefully also resolves oddball problems
I have with high levels of parallel jobs.
Git-Dch: Ignore
Reported-By: iwyu (include-what-you-use)
|
|
Reported-By: gcc -Wunused-parameter
Git-Dch: Ignore
|
|
Git-Dch: Ignore
Reported-By: gcc -Wuseless-cast
|
|
Git-Dch: Ignore
Reported-By: gcc -Wpedantic
|
|
Reported-By: gcc
Git-Dch: Ignore
|
|
|
|
|
|
|
|
Testing for global PendingErrors in users of CopyFile is incorrect
in so far as unrelated errors will prevent us from copying perfectly
fine files and checking for the validity of the files is just better
in CopyFiles as it already checks if files are at least opened.
Add also a higher-level error message to the error stack if it fails.
|
|
versions to fix partial upgrades (Closes: #707771)
The rename in 0.9.7.9~exp2 moved the method body to the class definition
which means it became inline, which isn't ABI compatibile. The reverse of
moving inline to non-inline is safe though.
|
|
|
|
- rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
|
|
|
|
architectures on multi-arch CD-ROMs
- do not warn about files which have a record in the Release file, but
are not present on the CD to mirror the behavior of the other methods
and to allow uncompressed indexes to be dropped without scaring users
- handle Components in the reduction for the source.list as multi-arch CDs
|
|
- do not create duplicated flat-archive cdrom sources for foreign
architectures on multi-arch cdroms
|
|
- do not use atomic writing if the target is /dev/null as we don't want
to replace it, not even automically. (Closes: #683410)
|
|
handle compressed files again (LP: #924182, closes: #658096)
|
|
internally so that it is exported and can be used like a "normal"
uncompressed file with FileFd
This allows us to hide th zlib usage in the implementation and use gzip
instead if we don't have zlib builtin (the same for other compressors).
The code includes quiet a few FIXME's so while all tests are working
it shouldn't be used just yet outside of libapt as it might break.
|
|
- support InRelease files on cdrom
|
|
to replace hardcoding of compressiontypes and compressors
|
|
TranslationsCopy::CopyTranslations() into a single common function
|
|
|
|
size are pretty unlikely for now, but we need it for deb
packages which could become bigger than 4GB now (LP: #815895)
|
|
|
|
|
|
done on the mirco-optimazation level, so lets fix them:
(performance) Possible inefficient checking for emptiness.
(performance) Prefer prefix ++/-- operators for non-primitive types.
|
|
code (LP: #784473)
|
|
- Use RealFileExists() instead of FileExists(), allows amongst other
things a directory named Sources to exist on a CD-ROM (LP: #750694).
|
|
* apt-pkg/deb/deblistparser.cc:
- rewrite LoadReleaseInfo to cope with clearsigned Releasefiles
|
|
- only use trusted.gpg.d directory if it exists
- do not replace /dev/null when running in APT::CDROM::NoAct
mode (LP: #612666), thanks to Colin Watson
|
|
mode (LP: #612666), thanks to Colin Watson
|
|
- support really still the APT::GPGV::TrustedKeyring setting,
as it breaks d-i badly otherwise (Closes: #595428)
|
|
|
|
- only use trusted.gpg.d directory if it exists
|
|
- set the default values for dir::etc::trusted options correctly
|