Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
Choose a base branch
1.2.y
1.3.y
1.4.y
1.5.y
attic/cmake
bugfix/acquire-error
bugfix/acquire-priority-queue
bugfix/apt-key-config-many-fd
bugfix/apt-key-config
bugfix/apt-key-config2
bugfix/big-lock
bugfix/clog
bugfix/cmake
bugfix/cross-arch-candidate
bugfix/fix-or-in-build-dep-parsing
bugfix/gcc
bugfix/gpg-versions
bugfix/happy-eyeballs
bugfix/https-proxy-environ
bugfix/internal-seek
bugfix/lp-1653094-https-quote
bugfix/portable-docbook
bugfix/proxy-popen
bugfix/run-update-scripts-if-not-all-failed
bugfix/sane-quoting
bugfix/sha1-deprecated
bugfix/sigint
bugfix/translate-common-manpage-stuff
bugfix/verify-trust-chain
bugfix/versionhash-overflow
bugfix/748936-correct-arch-patterns
cmake-no-globbing
cmake-prepare
coverty_scan
debian/experimental-no-abi-break
debian/experimental
debian/jessie
debian/sid-gcc5
debian/sid
debian/wheezy
feature/apt-cache-policy-show-current-state
feature/blake2b
feature/configurable-hash-trust
feature/extended-cache
feature/force-compressor
feature/freeze-config-optiom
feature/http-https
feature/https-http-part2
feature/https-proxy
feature/move-methods
feature/noinstall-notautomic
feature/rpm
feature/seccomp
for-1.2/apt-key
for-1.2/locale
for-1.2/1.4
for-1.6/gcov-error-file
jessie-backports
lp1615482
lp1686470
master-pu
master
misc/error-message-rework
misc/forward-string-view
misc/include-cleanup
misc/increase-manual-scores
misc/rework-filefd-lzma
misc/select-to-poll
misc/thread-local
misc/unused
misc/wait-online
performance/cachegen
performance/crc16-sliced
performance/hex2num
performance/no-packagetable
performance/no-useless-buffering
performance/perfect-hash
performance/perfect-hash2
performance/random
performance/store-string-size
performance/tagfile
performance/trie
portability/fink
portability/freebsd
portability/macos
pu/cmake-fixes
pu/compressed-indexes
pu/dpkg-1.19
pu/drop-store-symlinks
pu/happy-eyeballs
pu/happy-eyeballs2a
pu/happy-eyeballs2
pu/method-socket
pu/mmap-no-executable
pu/ninja
pu/proxy-auto-detect
pu/rules-requires-root-no
pu/seccomp-sigaction
pu/transient-error-fixes
pu/transitional-transport-https
refactor/gpgv
reformat-test
shippable
strip-zero-epochs-from-hash
travis-docker
travis-llvm
travis-test2
travis-test3
ubuntu/master
ubuntu/trusty
ubuntu/zesty
Nothing to show
...
Choose a head branch
1.2.y
1.3.y
1.4.y
1.5.y
attic/cmake
bugfix/acquire-error
bugfix/acquire-priority-queue
bugfix/apt-key-config-many-fd
bugfix/apt-key-config
bugfix/apt-key-config2
bugfix/big-lock
bugfix/clog
bugfix/cmake
bugfix/cross-arch-candidate
bugfix/fix-or-in-build-dep-parsing
bugfix/gcc
bugfix/gpg-versions
bugfix/happy-eyeballs
bugfix/https-proxy-environ
bugfix/internal-seek
bugfix/lp-1653094-https-quote
bugfix/portable-docbook
bugfix/proxy-popen
bugfix/run-update-scripts-if-not-all-failed
bugfix/sane-quoting
bugfix/sha1-deprecated
bugfix/sigint
bugfix/translate-common-manpage-stuff
bugfix/verify-trust-chain
bugfix/versionhash-overflow
bugfix/748936-correct-arch-patterns
cmake-no-globbing
cmake-prepare
coverty_scan
debian/experimental-no-abi-break
debian/experimental
debian/jessie
debian/sid-gcc5
debian/sid
debian/wheezy
feature/apt-cache-policy-show-current-state
feature/blake2b
feature/configurable-hash-trust
feature/extended-cache
feature/force-compressor
feature/freeze-config-optiom
feature/http-https
feature/https-http-part2
feature/https-proxy
feature/move-methods
feature/noinstall-notautomic
feature/rpm
feature/seccomp
for-1.2/apt-key
for-1.2/locale
for-1.2/1.4
for-1.6/gcov-error-file
jessie-backports
lp1615482
lp1686470
master-pu
master
misc/error-message-rework
misc/forward-string-view
misc/include-cleanup
misc/increase-manual-scores
misc/rework-filefd-lzma
misc/select-to-poll
misc/thread-local
misc/unused
misc/wait-online
performance/cachegen
performance/crc16-sliced
performance/hex2num
performance/no-packagetable
performance/no-useless-buffering
performance/perfect-hash
performance/perfect-hash2
performance/random
performance/store-string-size
performance/tagfile
performance/trie
portability/fink
portability/freebsd
portability/macos
pu/cmake-fixes
pu/compressed-indexes
pu/dpkg-1.19
pu/drop-store-symlinks
pu/happy-eyeballs
pu/happy-eyeballs2a
pu/happy-eyeballs2
pu/method-socket
pu/mmap-no-executable
pu/ninja
pu/proxy-auto-detect
pu/rules-requires-root-no
pu/seccomp-sigaction
pu/transient-error-fixes
pu/transitional-transport-https
refactor/gpgv
reformat-test
shippable
strip-zero-epochs-from-hash
travis-docker
travis-llvm
travis-test2
travis-test3
ubuntu/master
ubuntu/trusty
ubuntu/zesty
Nothing to show
This comparison is big! We’re only showing the most recent 250 commits
Commits on May 31, 2017
Fix parsing of or groups in build-deps with ignored packages
If the last alternative(s) of an Or group is ignored, because it does
not match an architecture list, we would end up keeping the or flag,
effectively making the next AND an OR.

For example, when parsing (on amd64):

    debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386]
 => debhelper (>= 9), libnacl-dev |

Which can cause python-apt to crash.

Even worse:

     debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386], foobar
  => debhelper (>= 9), libnacl-dev [amd64] | foobar

By setting the previous alternatives Or flag to the current Or flag
if the current alternative is ignored, we solve the issue.

LP: #1694697
Commits on Jun 01, 2017
apt.systemd.daily: Pass --dry-run to unattended-upgrade, not -d
We want to download stuff:
  --dry-run             Simulation, download but do not install
not debug:
  -d, --debug           print debug messages

Confusion everywhere!

Closes: #863859
apt.systemd.daily: Use unattend-ugrade --download-only if available
Using dry-run as in the previous commit is not really correct, as
it logs dpkg debugging output too. So, let's assume unattended-upgrade
gets a --download-only option and use that if it is available.

This lets us add the downloading part to unattended-upgrades later
on, without requiring versioned dependencies between the two.

Closes: #863859
Commits on Jun 22, 2017
Minor grammar fix
Modified the wording of an error message when a repository no longer has a release file.
Commits on Jun 26, 2017
pkgcache: Bump major version to 12
We need to be able to update 1.4.y in different ways than later
apt versions, and thus need to bump the major version so there
is no collision in the minor version at some point.
Squashed 'triehash/' changes from 565fde4e7..0ca66b761
0ca66b761 Redefine ambiguous to be much more simple
3d9adfb3f Add more comments
2896e78c2 Render C code to match longest prefix
21e620cf0 fix various typos reported by spellintian

git-subtree-dir: triehash
git-subtree-split: 0ca66b761aa56d42d35c4cc254f455424764895a
tests: fix gpg-agent killing in testcases
We want to kill the agent if its home directory exists at that location,
not if it isn't there (leaving an army of processes around).

Gbp-Dch: Ignore
schedule the correct side of the conflict for removal
In complex situations in which we want to unpack a package which has a
conflict/breaks on another package which must be removed due this
conflict apt can decide to perform this remove earlier than initially
planned.

Problem: For three years apt wouldn't remove that package, but the
package which has the conflict… The situation isn't very common and
easily hidden as the package which is removed is unpacked a few actions
later – it becomes visible for packages which protect themselves from
removal through like systemd as the running init resulting in upgrade
failures (#854041).

Note that the package isn't purged, so data shouldn't be lost even if a
user runs into a "hidden" case of it as long as the package sticks to
the policy of removing data only on purge.

Reaching this situation artificially is hard, which is why no testcase
is included, as the situation is highly state dependent. Testing with
"real" systems indicate that slight modifications in the installed
packages set can make the bug not trigger.

Regression-Of: 0eb4af9
Thanks: Michael Biebl for helping find this with countless tests
avoid explicit types for pkg counts by auto
Changes nothing on the program front and as the datatypes are
sufficently comparable fixes no bug either, but problems later on if we
ever change the types of those and prevent us using types which are too
large for the values we want to store waste (a tiny bit of) resources.

Gbp-Dch: Ignore
don't show incorrect 'How odd' errror in no-download mode
Showing messages related to downloading in a mode which can't download
is pretty pointless, so instead of trying harder to make it so that
these messages do not trigger just skip them entirely.

That the message triggered here is an artifact of the implementation in
which the download items are finished, while the code expects them to be
still pending – even the in a previous run completely downloaded files.

Closes: 863635
Call update from apt-key test for a strange path test
We setup a "horrible" environment in the apt-key testcase to check all
kinds of things, but we really should be making also at least a simple
apt update call, as that in turn will call apt-key which is how apt-key
is used in the non-testcase world, so that calling should be able to
deal with such environments as well.

Gbp-Dch: Ignore
Annotate intended switch fall through in https
Reported-By: gcc-7
Gbp-Dch: Ignore
Show permission error if ProxyAutoDetect cmd can't be executed
As the proxy commands are not executed as root, a user can run into
permission errors (s)he isn't expecting – as our switching is an
implementation detail – so the error message in that case should really
be better than a generic "error code 100" sending the user in the wrong
direction as that implies the command was executed, but errored out.

Closes: 857885
make the create-test-data script great again
Changes in the past to the buildsystem and the testing framework broke
this little helper script – lets fix those problems to restore
functionality.

Gbp-Dch: Ignore
Avoid chdir in acquire clean with unlinkat
POSIX.1-2008 gives us a range of *at calls to deal with files
including the unlinkat so we can remove a file from a directory
based on a path to the file relative to the directory.
(In our case here the path we have is just the filename)

We avoid changing directories in this way which e.g. fails if the
directory we started in no longer exists or is otherwise inaccessible.

Closes: 860738
clean archives without changing directory
Adopting this change in other frontends will require source changes as
well similar to our own changes in apt-private/.
warn if an expected file can't be acquired
If we couldn't find an entry for a Sources file we would generate an
error while for a Packages file we would silently skip it due to
assuming it is missing because it is empty. We can do better by checking
if the repository declares that it supports a component we want to get
the file from and if not say so and hint at the user making a typo.

An example were this helps is mozilla.debian.net which dropped the
firefox-aurora component (as upstream did) meaning no upgrades until the
user notices manually that the repository doesn't provide packages
anymore. With this commit warnings are raised hopefully causing the user
to investigate what is wrong (sooner).
show .diff/Index properly as ignored if we fallback
Moving the code responsible for parsing the Index file from ::Done into
the slightly earlier ::VerifyDone allows us to still "fail" the download
if we can't make use of the Index for whatever reason, so that the
progress log correctly displays "Ign" instead of "Get" for the file.

This also makes quiet a few debug messages proper error messages (but
those are still hidden by default for Ign lines).
fail InRelease on non-404 HTTP errorcodes
There are very many HTTP errorcodes which indicate that the repository
isn't available at the moment or the connection has some kind of
problem. Given that we do not require Release files the result was that
these errors were ignored and the user presented with a message like
"Repository is no longer signed" which sends the user in the wrong
direction.

Instead of trying to figure out which http errorcodes indicate a global
problem we accept only 404 for ignoring and consider all the rest as
hard errors now causing us to stop instantly after the InRelease file
and print the errorcode (with short description from server) received.
deal with 3xx httpcodes as required by HTTP/1.1 spec
An unknown code should be handled the same as the x00 code of this
group, but for redirections we used to treat 300 (and a few others)
as an error while unknown codes were considered redirections.

Instead we check now explicitly for the redirection codes we support for
redirecting (and add the 308 defined in RFC 7538) to avoid future
problems if new 3xx codes are added expecting certain behaviours.

Potentially strange would have been e.g. "305 Use Proxy" sending a
Location for the proxy to use – which wouldn't have worked and resulted
in an error anyhow, but probably confused users in the process.
fix some unlikely memory leaks in error cases
The error cases are just as unlikely as the memory leaks to ever cause
real problems, but lets play it safe for correctness.

Reported-By: scan-build & clang
Gbp-Dch: Ignore
Commits on Jun 27, 2017
travis: ignore profiling warning in progress lines
On Travis CI running tests with code coverage enabled sometimes
generates profiling lines, which we filter out for a while now,
but that misses lines generated showing progress still causing test
failures, so more sed logic is added in the hopes to ignore them.

Extends: 5860894
Gbp-Dch: Ignore
Commits on Jun 28, 2017
Add clang-format definitions
Also add git-clang-format helper to help with }}}

Gbp-Dch: ignore
methods: connect: Change PkgAcqMethod to aptMethod
This will allow us to access ConfigFind() and stuff which makes
it possible for us to implement TLS support.

Gbp-Dch: ignore
methods: connect: Switch from int fds to new MethodFd
Use std::unique_ptr<MethodFd> everywhere we used an
integer-based file descriptor before. This allows us
to implement stuff like TLS support easily.

Gbp-Dch: ignore
methods: Add HTTPS support to http method, using GnuTLS
The http method will eventually replace the curl-based
https method, but for now, this is an opt-in experiment
that can be enabled by setting Dir::Bin::Methods::https
to "http".

Known issues:
- We do not support HTTPS proxies yet
- We do not support proxying HTTPS connections yet (CONNECT)
- IssuerCert and SslForceVersion are unsupported

Gbp-Dch: Full
Allow building without curl
This makes testing easier and prepares us for the
transition.
methods: http: Drain pending data before selecting
GnuTLS can already have data pending in its buffers, we need
to to drain that first otherwise select() might block
indefinitely.

Gbp-Dch: ignore
Introduce Acquire::AllowTLS to turn off TLS support
As requested by Henrique de Moraes Holschuh, here comes
an option to disable TLS support. If the option is set
to false, the internal TLS layer is disabled.
Skip test-apt-download-progress
The test keeps failing continously on Ubuntu, so let's
fix it for now.
fail instead of warn on insecure repositories in apt-get
The exception was made to give (script) users a one-release grace period
to adapt their setup to deal with apt enforcing signing of repositories.
As we are now at the start of a new release cycle its as good a time as
any to lift it now.

Removes-Exception: 952ee63
error in update on Release information changes
The value of Origin, Label, Codename and co can be used in user
configuration from apts own pinning to unattended upgrades.
A repository changing this values can therefore have serious effects on
the behaviour of apt and other tools using these values.

In a first step we will generate error messages for these changes now
explaining the need for explicit confirmation and provide config options
and commandline flags to accept them.
show a Release-Notes URI if infos were changed
This gives the repository owner a chance to explain why this change was
needed – e.g. explaining the organisational changes or simply detailing
the changes in the new release made. Note that this URI is also shown
if the change is accepted, so it also draws attention to release notes
of minor updates (if users watch apt output closely).
allow frontends to override releaseinfo change behaviour
Having messages being printed on the error stack and confirm them by
commandline flags is an okayish first step, but some frontends will
probably want to have a more interactive feeling here with a proper
question the user can just press yes/no for as for some frontends a
commandline flag makes no sense…
ask for releaseinfo change interactively in apt
If we have a user sitting around we can let 'apt' ask the user for a
confirmation rather than print errors at the end and require the user to
figure out which commandline flags are needed to confirm the changes
non-interactively.
Strip 0: epochs from the version hash
This should fix some issues with dpkg normalizing such
values. Suprisingly enough apt treats the Version: field
the same, even with epoch vs without, but not when searching,
and does not strip the 0: from the output.
support tor+https being handled by http
The apt-transport-tor package operates via simple symlinks which can
result in 'http' being called as 'tor+https', so it must pick up the
right configuration pieces and trigger https support also in plus names.
use port from SRV record instead of initial port
An SRV record includes a portnumber to use with the host given, but apt
was ignoring the portnumber and instead used either the port given by
the user for the initial host or the default port for the service.

In practice the service usually runs on another host on the default
port, so it tends to work as intended and even if not and apt can't get
a connection there it will gracefully fallback to contacting the initial
host with the right port, so its a user invisible bug most of the time.
Commits on Jun 29, 2017
Robert Luberda + DonKult
fix a "critical" typo in old changelog entry
This typo exposes a bug in apt-listchanges that prevents commands like
`apt-listchanges --show-all apt_*.deb' from showing the changelog.
The bug will be fixed in next upload of apt-listchanges, but I think
it would be nice have the typo fixed as well.

Closes: 866358
Improve error message if system CA store is empty
Tell the user to install ca-certificates.

Closes: #866377
Have apt Recommend ca-certificates
The http method needs ca-certificates for TLS
support, so enable it.
Demote gnupg to Suggests
stretch was the migration release for gpg->gpgv basically,
so let's demote it now.
http: Only use system CA store if CaInfo is not set
It turns out that curl only sets the system trust store if
the CaInfo option is not set, so let's do the same here.
Commits on Jun 30, 2017
Don't read CaInfo if not specified (missing else)
This fixes a regression from ~alpha2.

Closes: #866559
Gbp-Dch: Full
Reset failure reason when connection was successful
When APT was trying multiple addresses, any later error
somewhere else would be reported with ConnectionRefused
or ConnectionTimedOut as the FailReason because that
was set by early connect attempts. This causes APT to
handle the failures differently, leading to some weirdly
breaking test cases (like the changed one).

Add debugging to the previously failing test case so
we can find out when something goes wrong there again.
Allow running the TLS stack on any lower connection
This is especially needed if we use an HTTPS proxy to CONNECT
to an HTTPS URI, as we run TLS-inside-TLS then.
http: Add support for CONNECT proxying to HTTPS locations
Proxying HTTPS traffic requires the proxy providing the
CONNECT method. This implements the client side of it,
although it is a bit hacky.

HTTP connect is a normal HTTP CONNECT request, followed
by a normal HTTP response, just that the body of the
response is the TCP stream of the target host.

We use a special wrapper in case there are data bytes
in the header packets - in that case, the bytes are
stored in a buffer and the buffer will be drained first,
afterwards the connection continues directly with the
TCP stream (with one more vcall).

Also: Do not send full URI to https destinations when proxying,
as we are directly interfacing with the destination data stream.
http: Add support for https:// proxies
HTTPS proxies just require unwrapping the TLS layer at the proxy
connection, that's easy, and of course sending proxy-specific
headers that are sent on "http" proxies.
Allow http(s) and socks5h for http and https in proxy auto detect
This makes it possible to write sensible auto detect scripts.
travis: Switch to Docker
This runs parallel builds on docker, based on debian:testing
docker images, with ccache enabled and parallel running of the
test suite (ccache supports coverage builds these days, and
parallel testing just needs unbuffer to handle the stty stuff)

This is a huge step up from building on a mix of trusty, wily,
and xenial. Most importantly, coverage now correctly detects
partial covered lines instead of just reporting almost all of
them as fully covered.

We use ftp.de.debian.org as deb.debian.org backed by Amazon
503s too often.

Gbp-Dch: ignore
Switch to 'http' as the default https method
The old curl based method is still available as 'curl',
'curl+http', and 'curl+https'.
Improve closing the TLS connection
If gnutls_session_bye() exited with an error, we never closed
the underlying file descriptor, causing the method to think the
connection was still open. This caused problems especially in
test-partial-file-support where we checked that a "complete"
file and an incomplete file work. The first GET returns a 416
with Connection: close, and the next GET request then accidentally
reads the body of the 416 as the header for its own request.
TLS support: Error out on unsupported curl options
Silently ignoring the options might be a security issue,
so produce an error instead.
CMake: Do not allow FORCE_CURL=ON with WITH_CURL=OFF
This makes no sense. We need both entries in the cache, as
we check FORCE_CURL in the test suite.

Gbp-Dch: ignore
shippable: Run tests in parallel
Gbp-Dch: ignore
Commits on Jul 01, 2017
Make Verify-Host and Verify-Peer independent again
We can actually just pass null as a hostname, so let's just
do that when Verify-Host is set to false.
http: A response with Content-Length: 0 has no content
APT considered any response with a Content-Length to have a
body, even if the value of the header was 0. A 0 length body
however, is equal to no body.
Ignore download order in test-apt-update-failure-propagation
This caused spurious test failures.
travis/docker: Various improvements
- Use a tmpfs for /tmp - not really a benefit here,
  except for travis as it's writing less now.
- Use the fastly CDN - about twice as fast as ftp.de,
  and seems more stable than cloudfront
- Run apt-get clean to keep container smaller - should
  not be needed really, but let's just do it.

Gbp-Dch: ignore
Commits on Jul 03, 2017
tls: Add more details to error messages, and detect more errors
This should make it easier to figure out what was
going on.
Do not error out, only warn if ca certificates are not available
This probably makes more sense if Verify-Peer is set to off.
Swap file descriptors before the handshake
This makes more sense. If the handshake failed midway, we still
should run the gnutls bye stuff. The thinking here is to only
set the fd after the session setup, as we do not modify it
before, so if it fails in session setup, you retain a usable
file descriptor.

Gbp-Dch: ignore
don't set ip addresses as server names for SNI
It is kinda unlikely that apt will ever encounter a certificate for an
IP and a user actually using it, but the API documentation for
gnutls_server_name_set explicitly says that "IPv4 or IPv6 addresses are
not permitted to be set by this function.", so we should follow it.

[jak@d.o: Slightly rebased]
Stop bragging about old speeds in http.cc comments
That's just ridiculous these days.

Gbp-Dch: ignore
Алексей Шилин + julian-klode
Commits on Jul 04, 2017
Commits on Jul 07, 2017
don't expect more downloads from failed transactions
Progress only shows if we have an idea of how much files we will
acquire, but if a transaction fails before we have got an idea we ended
up never showing progress even through we know that a failed transaction
will not download additional files.
Commits on Jul 08, 2017
Beatrice Torracca + DonKult
fix various typos reported by codespell & spellintian
Reported-By: codespell & spellintian
Gbp-Dch: Ignore
Commits on Jul 12, 2017
Handle supported components with slashes in sources.list
Commit d7c9241 parses the Components
section of (In)Release and attempts to detect the distribution's
supported components. While doing so, it handles component names with
slashes in a special manner, assuming that the actual component is only
the part after the final slash. This is done to handle
security.debian.org, which usually appears in sources.list as follows:

 deb http://s.d.o/debian-security stretch/updates main contrib non-free

while the actual release file has:
 Codename: stretch
 Components: updates/main updates/contrib updates/non-free

While this special handing on APTs part indeed works for
debian-security, it emits spurious warnings on repositories that
actually use slashes in the component names *and* appear so in
sources.list.

We fix this by adding both component versions (whole and final part) to
the SupportedComponents array.

Closes: #868127
Drop cacheiterators.h include
Including cacheiterators.h before pkgcache.h fails because
pkgcache.h depends on cacheiterators.h.
Reformat and sort all includes with clang-format
This makes it easier to see which headers includes what.

The changes were done by running

    git grep -l '#\s*include'  \
        | grep -E '.(cc|h)$' \
        | xargs sed -i -E 's/(^\s*)#(\s*)include/\1#\2 include/'

To modify all include lines by adding a space, and then running
./git-clang-format.sh.
cacheiterators: Warn about direct include and don't include pkgcache.h
This adds a warning so existing working code will still
work (as it includes pkgcache.h first anyway), but it will
know that it's not right to include this file directly.
Merge branch 'misc/include-cleanup'
This should make it easier to read includes.
Support zero delay for the various APT::Periodic activities
[squashed:]

apt.systemd.daily: check_stamp: check for 'always' before numerical values

Prevents a crash when the configuration actually uses 'always':

apt.systemd.daily: 402: [: Illegal number: always
Switch from /org to /srv in example apt-ftparchive configuration
/org has been obsoleted by /srv for many years on debian.org hosts.
Commits on Jul 17, 2017
Merge pull request Debian/apt#44 from willismonroe/patch-1
Minor grammar fix

[jak@d.o: Fixed up po/]
Commits on Jul 20, 2017
Use C++11 threading support instead of pthread
This makes the code easier to read.
Fix memory leak in C++-thread-local _error implementation
We can't allocate a pointer here, it would not get released - use
an object instead.

Gbp-Dch: ignore
Commits on Jul 26, 2017
Gracefully terminate process when stopping apt-daily-upgrade
The main process is guessed by systemd. This prevents killing dpkg
run by unattended-upgrades in the middle of installing packages
and ensures graceful shutdown.

The timeout of 900 seconds after which apt-daily-upgrade.service
is killed is in sync with unattended-upgrades's timer.

LP: #1690980
remove reference to a-t-debtorrent in description
debtorrent and its helper apt-transport-debtorrent were removed from
Debian in 2013 based on the bugreports #730459 and #731281. As they
aren't available, we shouldn't make references to them anymore. a-t-tor
is picked as replacement for the example.
ignore SIGPIPE in dump solver if forwarding
Our test-external-dependency-solver-protocol test sometimes fails on the
immediately 'crashing' solver exit1withoutmsg with the message that it
got SIGPIPE from the solver. That isn't really possible as the solver
produces no output, but on inspection its not this solver getting the
signal but the wrapping provided by the dump-solver as the wrapped
solver instantly exits. Simply ignoring the signal helps in perhaps
extracting the last words of another solver (as this one has none), but
at the very least we get the exit code of the wrapped solver we
interested in as output.
support compressed extended_states file for bug triage
This file isn't compressed by default, but it might be compressed by a
bugreporter and uncompressing it is extra work apt could do just as well
on the fly as needed just like it does for the dpkg/status file.
don't try to rename failed pdiff patches twice
RenameOnError does the rename already, so the check for existence will
always fail making this some completely harmles but also completely
pointless two lines of code we are better of removing.

Gbp-Dch: Ignore
don't move failed pdiff indexes out of partial
The comment says this is intended, but looking at the history reveals
that the comment comes from a different era. Nowadays we don't really
need it anymore (and even back then it was disputeable) as we haven't
used that file for our update in the end and nothing really needs this
file after the update.

Triggered is this by 188f297 which
moves various error conditions forward including this code expecting the
file to exist – but it doesn't need to as download could have failed.
We could fix that by simple checking if the file exists and only stage
it if it does, but instead we don't stage it and instead even rename it
out of the way with our conventional FAILED name (if it exists).

That restores support for partial mirrors (= in this case mirrors which
don't ship pdiff files). Note that apt heals itself even if only such a
mirror is used as the update is successful even if that error is shown.

Closes: 869425
don't try to parse all fields starting with HTTP as status-line
It is highly unlikely to encounter fields which start with HTTP in
practice, but we should really be a bit more restrictive here.
send weak-only hashes to methods
Weak hashes like filesize can be used by methods for basic checks and
early refusals even if we can't use them for hard security proposes.

Normal apt operations are not affected by this as they fail if no strong
hash is available, but if apt is forced to work with weak-only files or
e.g. in apt-helper context it can have benefits as weak is better than
no hash for the methods.
fail earlier if server answers with too much data
We tend to operate on rather large static files, which means we usually
get Content-Length information from the server. If we combine this
information with the filesize we are expecting (factoring in pipelining)
we can avoid reading a bunch of data we are ending up rejecting anyhow
by just closing the connection saving bandwidth and time both for the
server as well as the client.
fail early in http if server answer is too small as well
Failing on too much data is good, but we can do better by checking for
exact filesizes as we know with hashsums how large a file should be, so
if we get a file which has a size we do not expect we can drop it
directly, regardless of if the file is larger or smaller than what we
expect which should catch most cases which would end up as hashsum
errors later now a lot sooner.
use FileFd to parse all apt configuration files
Using different ways of opening files means we have different behaviour
and error messages for them, so by the same for all we can have more
uniformity for users and apt developers alike.
show warnings instead of errors if files are unreadable
We used to fail on unreadable config/preferences/sources files, but at
least for sources we didn't in the past and it seems harsh to refuse to
work because of a single file, especially as the error messages are
inconsistent and end up being silly (like suggesting to run apt update
to fix the problem…).

LP: #1701852
reimplement and document auth.conf
We have support for an netrc-like auth.conf file since 0.7.25 (closing
518473), but it was never documented in apt that it even exists and
netrc seems to have fallen out of usage as a manpage for it no longer
exists making the feature even more arcane.

On top of that the code was a bit of a mess (as it is written in c-style)
and as a result the matching of machine tokens to URIs also a bit
strange by checking for less specific matches (= without path) first.
We now do a single pass over the stanzas.

In practice early adopters of the undocumented implementation will not
really notice the differences and the 'new' behaviour is simpler to
document and more usual for an apt user.

Closes: #811181
lookup login info for proxies in auth.conf
On HTTP Connect we since recently look into the auth.conf file for login
information, so we should really look for all proxies into the file as
the argument is the same as for sources entries and it is easier to
document (especially as the manpage already mentions it as supported).
allow the auth.conf to be root:root owned
Opening the file before we drop privileges in the methods allows us to
avoid chowning in the acquire main process which can apply to the wrong
file (imagine Binary scoped settings) and surprises users as their
permission setup is overridden.

There are no security benefits as the file is open, so an evil method
could as before read the contents of the file, but it isn't worse than
before and we avoid permission problems in this setup.
show a warning for Debian shutting down FTP services
We detect the effected sources by matching Release info – that has
potential by-catch of repositories which have incorrect field values,
but those are better fixed now anyhow. The bigger incorrectness is that
this message will not only be printed for the Debian services itself but
also for all mirrors not under Debian control but serving Debian like more
local/private mirrors which will not (directly) shutdown. It is likely
through that many of them will follow suite with less visible
announcements or break downright if their upstream source disappears, so
having false-positives here seems benefitial for the user in the end.
suggest using auth.conf for sources with passwords
The feature exists for a long while even if we get around to document
it properly only now, so we should push for its adoption a bit to avoid
the problems its supposed to solve like avoiding usage of non-world
readable configuration files as they can cause strange behaviour for the
unsuspecting user (like different solutions as root and non-root).
Commits on Jul 27, 2017
Always warn if --force-yes is validly specified, not just if used
The code only used to warn when it came into a situation where
something actually had to be forced. Warn directly after parsing
the command-line instead, that's more accurate.
Commits on Aug 04, 2017
ftparchive: sort discovered filenames before writing indexes
If 'apt-ftparchive packages /path/to/files/' (or sources) is used the
files to include in the generated index (on stdout) were included in the
order in which they were discovered, which isn't a very stable order
which could lead to indexes changing without actually changing content
causing needless changes in the repository changing hashsums, pdiffs,
rsyncs, downloads, ….

This does not effect apt-ftparchive calls which already have an order
defined via a filelist (like generate) which will still print in the
order given by the filelist.

Note that a similar effect can be achieved by post-processing index
files with apt-sortpkgs.

Closes: 869557
Thanks: Chris Lamb for initial patch & Stefan Lippers-Hollmann for testing
don't hang if multiple sources use unavailable method
APT clients always noticed if a method isn't supported and nowadays
generate a message of the form:
	E: The method driver …/foobar could not be found.
	N: Is the package apt-transport-foobar installed?

This only worked if a single source was using such an unavailable method
through as we were registering the failed config the first round and
the second would try to send requests to the not started method, which
wouldn't work and hang instead (+ hiding the error messages as they would
be shown only at the end of the execution).

Closes: 870675
Commits on Aug 12, 2017
Work around float rounding change in gcc 7 on i386
This caused a build failure in the test suite.
Commits on Aug 17, 2017
Handle GCC 7 std::string operator ABI break
We now require gcc 7 on the packaging side, and add an appropriate
symbol to our symbols file.

Also adjust prepare-release to ignore g++ version requirements
when setting up build dependencies on CI.

Closes: #871275
debian: Update symbols for libapt-pkg5.0
The version is probably wrong for most, but oh well,
let's just pretend we are introducing them now.
doc: Fix validity error in apt_auth.conf.5.xml
It contained raw text inside a refsect1

Gbp-Dch: ignore
Commits on Aug 24, 2017
Redefine APT_CONST to mean APT_PURE
Functions marked with the const attribute may not inspect
any global memory. This includes targets of pointers or
references passed as arguments. A pure function however
is free to inspect memory, but may not have any side
effects.

The function StringSplit() was marked as const, but took
two references to strings. When the second one was passed
as a literal as in StringSplit(name, "::") the compiler
cleverly figured out that we only inspect the address of
"::" (since StringSplit is const) and thus optimized away
the "::" content.

While patching out individual broken uses of APT_CONST
would be possible, this is already the second case, and
there might be more, so let's redefine APT_CONST to use
the pure attribute, so we don't end up with the same
situation again in some time.
Replace APT_CONST with APT_PURE everywhere
As a follow up to the last commit, let's replace APT_CONST
with APT_PURE everywhere to clean stuff up.
Make test-bug-818628-unreadable-source work on !amd64
It was broken because apt.conf.d was not readable, but that's
where the architecture is defined...
Commits on Sep 01, 2017
Actually install apt_auth.conf manual page
Seems we forgot to update the packaging when adding the manual
page. Once we have translations for it, we need to add them
as well...

Closes: #873934
Commits on Sep 04, 2017
Frans Spiesschaert + julian-klode
Dutch program translation update
Closes: #874285
Frans Spiesschaert + julian-klode
Dutch manpage translation update
Closes: #874293
Commits on Sep 09, 2017
test: Workaround gpgv warning
gpgv: WARNING: This key is not suitable for signing in --compliance=gnupg mode
don't write & chmod /dev/null log files
APT by default logs terminal (term.log) and actions (history.log), but
if either or Dir::Log directly is set to /dev/null it continues to do
so, which isn't too bad – just wasted effort – but term.log is
chmodded to protect it from the general public (as it may contain
otherwise private data the admin entired in the terminal) which
shouldn't happen for /dev/null.
add test for bug 870675 (hang on unsupported method)
Commit e250a8d implemented the fix and
should have included already this testcase for it.

Gbp-Dch: Ignore
don't ask an uninit _system for supported archs
A libapt user who hasn't initialized _system likely has a reason, so we
shouldn't greet back with a segfault usually deep down in the callstack
for no reason. If the user had intended to pick up information from the
system, _system wouldn't be uninitialized after all.

LP: #1613184
SRU: 1.4.y
drop unused/unimplemented & hidden LoadReleaseInfo
The relevant calling code as well as the implementation for the deb
system was removed 2 years ago with the refactoring of release
information storage (b07aeb1).
This commit removes the the unused remains of this change with no
practical effect on anybody (expect codesize) as the methods were
declared as hidden and hence only libapt could have called it.

Gbp-Dch: Ignore
apt-daily: Wait for network before daily updates
Introduce a new helper, apt-helper wait-online that uses
NetworkManager and/or systemd-networkd to wait for them
reporting online, with a time out of 30 seconds; and run
that helper before running the daily update script.

LP: #1699850
Gbp-Dch: Full
apt-daily: Pull in network-online.target in service, not timer
There's no real point in pulling it in in the timer already,
and it it somewhat saver to do so in the service.
Do not warn about duplicate "legacy" targets
If a source has a legacy Contents file, and two lines mention
the same archive but different components, a warning would be
issued that is confusing. So, as the field is named Contents-deb-legacy,
let's just not print warnings for fields containing "legacy".

LP: #1697120
Closes: #839259
cdrom: Don't hardcode "Files" field for copying source files
This fails if no Files field exists anymore, for example, because
the Sources index only contains SHA256 hashes. Instead check all
hashes.
ftparchive: Do not pass through disabled hashes in Sources
When writing a Sources files hashes that were already present
in the .dsc were always copied through (or modified), even if
disabled. Remove them instead when they are disabled, otherwise
we end up with hashes for tarballs and stuff but not for dsc
files (as the dsc obviously does not hash itself).

Also adjust the tests: test-compressed-indexes relied on Files
being present in showsrc, and test-apt-update-weak-hashes expected
the tarball to be downloaded when an archive only has MD5 and we
are requiring SHA256 because that used to work because the tarball
was always included.

Closes: #872963
Directly link against libudev on Linux systems
We previously dlopen()ed it, but it seems painful to do that
without any real gain, except for possibly not having libudev
in the address space and not having code #ifdefed for Linux.

The latter means that we are a bit more likely to break stuff
for non-Linux systems now if we play with udev, but at least
we don't end up with it silently breaking because of a libudev
ABI break.

The existing function pointers in the struct were renamed and
kept for compat purposes.

Fixes Debian/apt#48

Also adjust prepare-release to strip [linux-any] from build-depends
for travis.
Commits on Sep 10, 2017
CMake: Properly handle Udev missing
When udev is not available, the variables for libraries and
include paths are set to NOTFOUND rather than an empty string
and CMake exits with an error. Use a generator expression to
only use these variables when UDEV_FOUND is true.
CMake: Mark BZip2, LZMA, and LZ4 as required
We do not actually test without these libraries, and it likely
would not build without them due to them being NOTFOUND and CMake
exiting with an error, so let's just mark them as required.
clang-format: Set ContinuationIndentWidth: 3
This fixes the indentation of struct members, for
example, which were previously indented by 4 spaces.

Gbp-Dch: ignore
Commits on Sep 11, 2017
apt-daily: Do not Wants=network-online, and add some more After=
We now wait for being online ourselves, so all we need to wait
on is for services we are using to be online first. This avoids
severe boot slowdowns by other services having specified an
After=network-online.target without a Wants=.

Gbp-Dch: Full
Commits on Sep 13, 2017
Fix translator comment location for legacy target warning
In commit Do not warn about duplicate "legacy" targets, we
we added an if, that changed the .po files...
Commits on Sep 24, 2017
Drop curl method and apt-transport-https package
This automatically removes any old apt-transport-https, as
apt now Breaks it unversioned.
Commits on Sep 26, 2017
proper error reporting for v3 onion services
APT connects just fine to any .onion address given, only if the connect
fails somehow it will perform checks on the sanity of which in this case
is checking the length as they are well defined and as the strings are
arbitrary a user typing them easily mistypes which apt should can be
slightly more helpful in figuring out by saying the onion hasn't the
required length.
allow empty build-dependency fields in the parser
APT used to parse only wellformed files produced by repository creation
tools which removed empty files as pointless before apt would see them.

Now that apt can be told to parse e.g. debian/control files directly, it
needs to be a little more accepting through: We had this with comments
already, now let it deal with the far more trivial empty fields.

Closes: #875363
use pkgTagSection::Key in srcRecords parser
Using hardcoded array-indexes in the build-dependency parsing is
efficient, but less discoverable and easier to break. We can avoid
this by making it even more efficient (not that it would be noticeable)
allowing us to do explicitly named comparisons instead.

Gbp-Dch: Ignore
Commits on Oct 05, 2017
send the hashes for alternative file correctly
This isn't really used by the acquire system at all at the moment and
the only method potentially sending this information is file://, but
that used to be working correctly before broken in 2013, so better fix
it now and worry about maybe using the data some day later.

Regression-Of: b3501ed
ignore unsupported key formats in apt-key
gpg2 generates keyboxes by default and users end up putting either those
or armored files into the trusted.gpg.d directory which apt tools
neither expect nor can really work with without fortifying backward
compatibility (at least under the ".gpg" extension).

A (short) discussion about how to deal with keyboxes happened in
https://lists.debian.org/deity/2017/07/msg00083.html
As the last message in that thread is this changeset lets go ahead
with it and see how it turns out.

The idea is here simply that we check the first octal of a gpg file to
have one of three accepted values. Testing on my machines has always
produced just one of these, but running into those values on invalid
files is reasonabily unlikely to not worry too much.

Closes: #876508
remove pointless va_copy to avoid cleanup dance
A va_copy call needs to be closed in all branches with va_end, so these
functions would need to be reworked slightly, but we don't actually need
to copy the va_list as we don't work on it, we just push it forward, so
dropping the copy and everyone is happy.

Reported-By: cppcheck
Gbp-Dch: Ignore
avoid using NULL in varadic function for cmdline parsing
cppcheck reports:
(portability) Passing NULL after the last typed argument to a variadic
function leads to undefined behaviour.

We don't ship on any platform which has this as undefined behaviour
through – or it would be pretty well defined "bad" behaviour which
always works, so even through UB is a trigger word, its hardly
noteworthy as a change (and as a bonus the scanners of gcc/clang
don't consider it UB).

The commonly accepted method of fixing that seems to be (const
char*)NULL, but it is in fact much simpler to just switch to the varadic
functions C++ provides resolving the warning and reducing code.

Reported-By: cppcheck
Gbp-Dch: Ignore
Commits on Oct 08, 2017
Commits on Oct 20, 2017
Frans Spiesschaert + julian-klode
Dutch program translation update
Closes: #879137
Fix testsuite for and add new fields from dpkg 1.19
tagfile-order.c: Add missing fields from dpkg 1.19

For binary packages, this is Build-Essential; for source packages,
it is Description.

test-bug-718329-...: Ignore control.tar.*, changes in dpkg 1.19

test-apt-extracttemplates: Fix for dpkg 1.19
Commits on Oct 22, 2017
Run Proxy-Auto-Detect script from main process
This avoids running the Proxy-Auto-Detect script inside the
untrusted (well, less trusted for now) sandbox. This will allow
us to restrict the http method from fork()ing or exec()ing via
seccomp.
Run the ProxyAutoDetect script in the sandbox again
The previous change moved running the proxy detection program from the
method to the main process, so it runs as root and not as _apt. This
brings it back into the sandbox.

Gbp-Dch: ignore
methods/mirror: Enable sandboxing and other aptMethod features
Sandboxing was turned off because we called pkgAcqMethod's
Configuration() instead of aptMethod's.
methods/basehttp.cc: Remove proxy autodetect debugging code
This was a left over from the autodetect move.

Gbp-Dch: ignore
Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh
This reduces the number of syscalls to about 140 from about
350 or so, significantly reducing security risks.

Also change prepare-release to ignore the architecture lists
in the build dependencies when generating the build-depends
package for travis.

We might want to clean up things a bit more and/or move it
somewhere else.
seccomp: Add missing syscalls for ppc64el, i386, and others
These are a few overlooked syscalls. Also add readv(), writev(),
renameat2(), and statx() in case libc uses them.

Gbp-Dch: ignore
Commits on Oct 23, 2017
seccomp: Conditionalize statx() whitelisting
statx was introduced in 4.11, so it fails to build in stretch if
we just unconditionally use it.
CMake: methods: Cleanup link libraries, use OBJECT libraries
Use OBJECT libraries for http and connect stuff, and move the
seccomp link expression into a global link_libraries() call.

This also fixes a bug where only the http target pulled in
the gnutls header arguments despite gnutls being used in
connect.cc, and thus by mirror and ftp as well.

Adjust translation support to ignore TARGET_OBJECTS sources
and add the OBJECT libraries to the translated files.
Commits on Oct 25, 2017
methods: Enable additional syscalls (SYSV IPC) in fakeroot
If FAKED_MODE is set, enable SYSV IPC so we don't crash when
running in fakeroot.

Closes: #879662
Don't segfault if receiving a method warning on empty queue
We would like to issue a warning about seccomp support in
Configuration(), but since the queue is empty, there is no
current item to show the URL for and we get a segfault. Show
the protocol instead.
Only warn about seccomp() EINVAL (normal) and EFAULT (qemu) errors
If seccomp is disabled, we fallback to running without it. Qemu fails
in the seccomp() call, returning ENOSYS and libseccomp falls back to
prctl() without adjusting the pointer, causing the EFAULT. I hope
qemu gets fixed at some point to return EINVAL for seccomp via
prctl.

Bug-Qemu: https://bugs.launchpad.net/qemu/+bug/1726394
Print syscall number and arch to stderr when trapped by seccomp
This should help debugging crashes. The signal handler is a C++11
lambda, yay! Special care has been taken to only use signal handler
-safe functions inside there.
CMake: Get rid of some debugging messages
This fixes a regression introduced in

commit 43b9eb5

  CMake: methods: Cleanup link libraries, use OBJECT libraries

Gbp-Dch: ignore
Commits on Oct 26, 2017
debian/tests/control: Add dpkg so we get triggered by it
We do want to get our autopkgtests triggered by dpkg uploads
in Ubuntu, but this does not happen because we don't have
an explicit dependency on it. Add one.
seccomp: Allow ipc() for fakeroot, and allow sysinfo() for sort
Sorting apparently calls sysconf() which calls sysinfo() to get
free pages or whatever.

Closes: #879814, #879826
Drop unused gzip, lzma, bzip2, and xz symlinks of store
The store method replaced them all, the symlinks where mostly
for partial upgrades or whatever, they should not be needed
any longer.
Commits on Oct 27, 2017
seccomp: Allow clock_nanosleep() and nanosleep() syscalls
We sleep in http.cc, so we should allow the sleeping syscalls.
Commits on Oct 28, 2017
Prevent overflow in Installed-Size (and Size) in apt show
Installed-Size for linux-image-4.13.0-1-amd64-dbg and friends
are larger than 4 GB, but read as a signed integer - that's
fine so far, as the value is in KB, but it's multiplied with
1024 which overflows. So let's read it as unsigned long long
instead.

While we're at it, also use unsigned long long for Size, in
case that is bigger than 2 GB.
Also use FindULL for checking if the size tags is valid
It used FindI() > 0, but if it is too big, FindI() would
cause an error "Cannot convert %s to integer: out of range",
so let's also use FindULL() here.

Gbp-Dch: ignore
Commits on Oct 29, 2017
debian: Set Rules-Requires-Root: no
We don't need fakeroot for building!
debian: Bump Standards-Version to 4.1.1
No further changes required.
Commits on Nov 05, 2017
Re-introduce a transitional apt-transport-https
This fixes issues with debootstrap. The package will disappear
after the release of buster.
Add ${misc:Depends} to apt-transport-https depends
Makes lintian happy, but is basically useless

Gbp-Dch: ignore
[amend] Use a versioned breaks for a-t-https in apt
We need to use a versioned breaks again, otherwise the
transitional package would not be installable.

Gbp-Dch: ignore
Commits on Nov 12, 2017
Do not attempt seccomp under qemu-user and drop EFAULT workaround
qemu-user passes prctl()-based seccomp through to the kernel,
umodified. That's bad, as it blocks the wrong syscalls.

We ignored EFAULT which fixed the problem for targets with different
pointer sizes from the host, but was a bad hack. In order to identify
qemu we can rely on the fact that qemu-user prints its version and
exits with 0 if QEMU_VERSION is set to an unsupported value. If we
run a command that should fail in such an environment, and it exits
with 0, then we are running in qemu-user.

apt-helper is an obvious command to run. The tests ensure it exits
with 1, and it only prints usage information. We also could not use
/bin/false because apt might just as well be from a foreign arch
while /bin/false is not.

Closes: #881519
Frans Spiesschaert + julian-klode
Dutch manpage translation update
Closes: #881402
Commits on Nov 15, 2017
Add Breaks: aptitude (<< 0.8.10) for gzip method removal
aptitude used to use gzip:// for changelog URLs, but is now
fixed to use store.
Commits on Nov 19, 2017
Also look at https_proxy for https URLs
We accidentally regressed here in 1.5 when replacing the https
method.
Run wrap-and-sort
Clean up the control file a bit.
allow multivalue fields in deb822 sources to be folded
The documentation said "spaces", but there is no real reason to be so
strict and only allow spaces to separate values as that only leads to
very long lines if e.g. multiple URIs are specified which are again hard
to deal with from a user PoV which the deb822 format is supposed to
avoid. It also deals with multiple consecutive spaces and strange things
like tabs users will surely end up using in the real world.

The old behviour on encountering folded lines is the generation of URIs
which end up containing all these whitespace characters which tends to
mess really bad with output and further processing.

Closes: 881875
support COLUMNS environment variable in apt tools
apt usually gets the width of the window from the terminal or failing
that has a default value, but especially for testing it can be handy
to control the size as you can't be sure that variable sized content
will always be linebreaked as expected in the testcases.
allow apt_auth.conf(5) to be translated
Adding manpages is really hard it seems.

References: ea408c5,
 ea7581c,
 90bfc5b
Commits on Nov 20, 2017
Translate shared documentation parts again
We accidentally did not translate the entity file, but should
have. This makes apt.ent translatable again. This generates the
target multiple times, but surprisingly, that works just fine, so
let's just keep it that way, as it's clean code otherwise.
Commits on Nov 22, 2017
tests: Improve handling profiling messages on CI
We did not strip away profiling messages when we were diffing
from stdin (-). Just always write temporary files and strip from
them.

We also had a problem when stripping ...profiling: from a line
and the next line starts with profiling. Split the sed into two
calls so we first remove complete profiling: lines before fixing
the ...profiling: cases.
Commits on Dec 13, 2017
if insecure repo is allowed continue on all http errors
If a InRelease file fails to download with a non-404 error
we assumed there is some general problem with repository like
a webportal or your are blocked from access (wrong auth, Tor, …).

Turns out some server like S3 return 403 if a file doesn't exist.
Allowing this in general seems like a step backwards as 403 is a
reasonable response if auth failed, so failing here seems better
than letting those users run into problems.

What we can do is show our insecure warnings through and allow the
failures for insecure repos: If the repo is signed it is easy to add
an InRelease file and if not you are setup for trouble anyhow.

References: cbbf185
don't auto-switch candidate if installed is good enough
If we perform candidate switching in requests like "apt install foo/bar"
we should first check if the dependencies of foo from release bar are
already satisfied by what is already installed before checking if the
candidate (or switched candidate) would.
use the newest available git-clang-format in PATH
Hardcoding a specific version is sad as default versions change over
time, so instead of tying us to a specific clang version we let the
script figure out a good version by looking at what is available in
PATH.

Gbp-Dch: Ignore
update libapt-pkg symbols file
Beside adding the relatively new Item::Proxy method we are also slightly
preparing for gcc-8.
fix over-calculating dpkg commandline length
Mostly harmless as it just means that apt thinks that the dpkg
commandline it is building is slightly longer than it actually is and we
have various ways of avoiding generating very long lines nowadays, but
calculating the right value can't hurt.

Reported-By: gcc -Wmultistatement-macros
clearing object via constructor instead of memset
Reported-By: gcc -Wclass-memaccess
Gbp-Dch: Ignore
don't name unused parameter in apt-helper waitonline
Reported-By: gcc -Wunused-parameter
Gbp-Dch: Ignore
deprecate the single-line deprecation ignoring macro
gcc has problems understanding this construct and additionally thinks it
would produce multiple lines and stuff, so to keep using it isn't really
worth it for the few instances we have: We can just write the long form
there which works better.

Reported-By: gcc
Gbp-Dch: Ignore
convert various c-style casts to C++-style
gcc was warning about ignored type qualifiers for all of them due to the
last 'const', so dropping that and converting to static_cast in the
process removes the here harmless warning to avoid hidden real issues in
them later on.

Reported-By: gcc
Gbp-Dch: Ignore
avoid some useless casts reported by -Wuseless-cast
The casts are useless, but the reports show some where we can actually
improve the code by replacing them with better alternatives like
converting whatever int type into a string instead of casting to a
specific one which might in the future be too small.

Reported-By: gcc -Wuseless-cast
deal with floats without old-style cast
We have no speed problem with handling floats/doubles in our progress
handling, but that shouldn't prevent us from cleaning up the handling
slightly to avoid unclean casting to ints.

Reported-By: gcc -Wdouble-promotion -Wold-style-cast
Merge branch 'feature/happy-gcc'
Fixing various real and imagined bugs reported by gcc warnings
support multiline values in LookupTag
LookupTag is a little helper to deal with rfc822-style strings we use in
apt e.g. to pass acquire messages around for cases in which our usual
rfc822 parser is too heavy. All the fields it had to deal with so far
were single line, but if they aren't it should really produce the right
output and not just return the first line. Error messages are a prime
candidate for becoming multiline as at the moment they are stripped of
potential newlines due to the previous insufficiency of LookupTag.
mark some 500 HTTP codes as transient acquire errors
If retries are enabled only transient errors are retried, which are very
few errors. At least for some HTTP codes it could be beneficial to retry
them through so adding them seems like a good idea if only to be more
consistent in what we report.
report transient errors as transient errors
The Fail method for acquire methods has a boolean parameter indicating
the transient-nature of a reported error. The problem with this is that
Fail is called very late at a point where it is no longer easily
identifiable if an error is indeed transient or not, so some calls were
and some weren't and the acquire system would later mostly ignore the
transient flag and guess by using the FailReason instead.

Introducing a tri-state enum we can pass the information about fatal or
transient errors through the callstack to generate the correct fails.
implement Acquire::Retries support for all items
Moving the Retry-implementation from individual items to the worker
implementation not only gives every file retry capability instead of
just a selected few but also avoids needing to implement it in each item
(incorrectly).
give the methods more metadata about the files to acquire
We have quite a bit of metadata available for the files we acquire, but
the methods weren't told about it and got just the URI. That is indeed
fine for most, but to avoid methods trying to parse the metadata out of
the provided URIs (and fail horribly in edgecases) we can just as well
be nice and tell them stuff directly.
implement fallback to alternative URIs for all items
For deb files we always supported falling back from one server to the
other if one failed to download the deb, but that was hardwired in the
handling of this specific item. Moving this alongside the retry
infrastructure we can implement it for all items and allow methods to
use this as well by providing additional URIs in a redirect.
Merge branch 'feature/altretries'
Generalizing the behaviour of retrying a download on the same server (if
enabled via options) as well as retrying a download via a different
alternative server from the acquire item responsible for deb files to
the handling of items in general so that all are effected.
Commits on Dec 14, 2017
relax test to accept various connection failures
For the failure propagation testing we try to connect to a port which
isn't open – you would think that this has a rather limited set of
failure modes but it turns out that there are various ways this can
fail, so instead of trying to guess all error message we just accept
any.

Reported-By: travis-ci
Gbp-Dch: Ignore
remove pointless APT_PURE from void functions
Earlier gcc versions used to complain that you should add them althrough
there isn't a lot of point to it if you think about it, but now gcc (>= 8)
complains about the attribute being present.

warning: ‘pure’ attribute on function returning ‘void’ [-Wattributes]

Reported-By: gcc -Wattributes
Gbp-Dch: Ignore
Commits on Dec 24, 2017
do not remap current files if nullptrs in cache generation
If the cache needs to grow to make room to insert volatile files like
deb files into the cache we were remapping null-pointers making them
non-null-pointers in the process causing trouble later on.

Only the current Releasefile pointer can currently legally be a
nullpointer as volatile files have no release file they belong to, but
for safety the pointer to the current Packages file is equally guarded.

The option APT::Cache-Start can be used to workaround this problem.

Reported-By: Mattia Rizzolo on IRC
Commits on Jan 01, 2018
Commits on Jan 02, 2018
apt.daily: remove unused dbus signal for apt update
The signal was introduced with the introduction of the script itself,
but seems to have never got any user as all references to it I can find
are references to other code appearing in the cronjob.

It is also the wrong place nowadays as the cronjob is just one place an
update can be triggered by, so if notifications about an update being
run are desired it is better to use a hook which will be called by all
update calls (script, cron, user, …).

Removing this code solves also the problem of improving the check to
avoid running into problems with security systems like SELinux.

References: 0c13268
Closes: 849636
apt.daily: fix several "shellcheck" annotations
Various corrections, mostly quoting, which shouldn't be a problem for us
as we tend to act in "sane" environments, but just to be sure.

[commit message written by committer]

References: Debian bugreport #849636
Support cleartext signed InRelease files with CRLF line endings
Commit 89c4c58 ("fix from David Kalnischkies for the InRelease gpg
verification code (LP: #784473)") amended verification of cleartext
signatures by a check whether the file to be verified actually starts
with "-----BEGIN PGP SIGNATURE-----\n".

However cleartext signed InRelease files have been found in the wild
which use \r\n as line ending for this armor header line, presumably
generated by a Windows PGP client.  Such files are incorrectly deemed
unsigned and result in the following (misleading) error:

    Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)

RFC 4880 specifies in 6.2 Forming ASCII Armor:

    That is to say, there is always a line ending preceding the
    starting five dashes, and following the ending five dashes.  The
    header lines, therefore, MUST start at the beginning of a line, and
    MUST NOT have text other than whitespace following them on the same
    line.

RFC 4880 does not seem to specify whether LF or CRLF is used as line
ending for armor headers, but CR is generally considered whitespace
(e.g. "man perlrecharclass"), hence using CRLF is legal even under
the assumption that LF must be used.

SplitClearSignedFile() is stripping whitespace (including CR) on lineend
already before matching the string, so StartsWithGPGClearTextSignature() is
adapted to use the same ignoring. As the earlier method is responsible
for what apt will end up actually parsing nowadays as signed/unsigned this
change has no implications for security.

Thanks: Lukas Wunner for detailed report & initial patch!
References: 89c4c58
Closes: 884922
Commits on Jan 03, 2018
connect: Alternate address families for addresses
As a first step to implementing Happy Eyeballs version 2, we
need to order the list of hosts getaddrinfo() gave us so it
alternates between preferred and other address families.

RFC: https://tools.ietf.org/html/rfc8305
Gbp-Dch: ignore
connect: Extract a Connection struct
This struct holds information about a connection attempt, like
the addrinfo, the resolved address, the fd for the connection,
and so on.

Gbp-Dch: ignore
connect: Store the IP used when picking a connection
There's no real point in storing the IP address while resolving
it - failure messages include the IP address in any case. Do this
when picking the connection for actual use instead.
connect: Extract Connection::CheckError() method
Extracting the error checking method allows us to reuse it
in different places, so we can move the waiting and checking
out of DoConnect() eventually.

Gbp-Dch: ignore
Add rapid "happy eyeballs" connection fallback (RFC 8305)
Try establishing connections in alternating address families in
rapid intervals of 250 ms, adding more connections to the wait
list until one succeeds (RFC 8305, happy eyeballs 2).

It is important that WaitAndCheckErrors() waits until it has
a successful connection, a time out, or all connections failed
- otherwise the timing between tries might be wrong, and the
final long wait might exit early because one connection failed
without trying the others. Timing wise, this only works correctly
on Linux, as select() counts down there. But we rely on that in
some other places too, so this is not the time to fix that.

Timeouts are only reported in the final long wait - the short
inner waits are expected to time out more often, and multiple
times, we do not want to report them.

Closes: #668948
LP: #1308200
Gbp-Dch: paragraph
Merge branch 'pu/happy-eyeballs2a'
Happy Eyeballs are coming, yay!
Correctly report transient errors again
Commit 47c0bdc ("report transient
errors as transient error") accidentally changed some connection
failures to become non-transient, because the result of the error
checks where being ignored and then fatal error was returned if an
error was pending - even if that error was trivial.

After the merge of pu/happy-eyeballs2a this becomes a lot clearer,
and easy to fix.

Gbp-Dch: ignore
Regression-Of: 47c0bdc
Showing 385 changed files with 14,380 additions and 7,770 deletions.
View
@@ -0,0 +1,25 @@
+Language: Cpp
+# BasedOnStyle
+
+TabWidth: 8
+UseTab: Always
+IndentWidth: 3
+ContinuationIndentWidth: 3
+ColumnLimit: 0
+BreakBeforeBraces: Allman
+AccessModifierOffset: 0
+IncludeCategories:
+ - Regex: 'apti18n.h'
+ Priority: 9999
+ - Regex: 'apt-[^/]*/'
+ Priority: 20
+ - Regex: '^"'
+ Priority: 10
+ - Regex: 'config.h'
+ Priority: 0
+ - Regex: '(zlib|bzlib|lzma|lz4frame|gtest/gtest|db|gnutls/.*)\.h'
+ Priority: 30
+ - Regex: '\.h'
+ Priority: 100
+ - Regex: '.*'
+ Priority: 99
View
@@ -51,6 +51,9 @@ docbook-text-style.xsl
**/methods/file
**/methods/copy
+**/methods/curl
+**/methods/curl+http
+**/methods/curl+https
**/methods/store
**/methods/gpgv
**/methods/cdrom
@@ -99,7 +102,9 @@ Makefile
/debian/*.log
/debian/*.substvars
/debian/*.debhelper
+/debian/debhelper-build-stamp
/debian/files
+/debian/tmp/
/debian/apt/
/debian/apt-doc/
/debian/apt-utils/
View
@@ -1,33 +1,20 @@
language: cpp
cache: ccache
sudo: required
-dist: trusty
+services:
+ - docker
env:
- - TEST_SUITE=user CMAKE_FLAGS=
- - TEST_SUITE=root CMAKE_FLAGS=-DWITH_DOC=OFF
-before_install:
- - sudo add-apt-repository 'deb http://archive.ubuntu.com/ubuntu/ wily main universe' -y
- - sudo add-apt-repository 'deb http://archive.ubuntu.com/ubuntu/ xenial main' -y
- - |
- sudo sh -c '/bin/echo -e "Package: *\nPin: release n=wily\nPin-Priority: 1" > /etc/apt/preferences.d/wily'
- sudo sh -c '/bin/echo -e "Package: *\nPin: release n=xenial\nPin-Priority: 1" > /etc/apt/preferences.d/xenial'
- - sudo apt-get update -qq
+ - USER=travis CMAKE_FLAGS=
+ - USER=root CMAKE_FLAGS=-DWITH_DOC=OFF
install:
- - sudo apt-get -qq -y -t wily install gettext liblz4-dev python3-apt
- - sudo apt-get -qq -y -t xenial install cmake ninja-build
- - sudo ./prepare-release travis-ci
+ - sed -i -e "s#1000#$(id -u)#g" Dockerfile
+ - docker build --tag=apt-ci .
before_script:
- - ( mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=Coverage -G Ninja $CMAKE_FLAGS .. )
- - ninja -C build
+ - docker run --rm -w $PWD -v $HOME/.ccache:$HOME/.ccache -v $PWD:$PWD --user=travis apt-ci sh -e -c "mkdir build && cd build && env PATH=/usr/lib/ccache:\$PATH cmake -DCMAKE_BUILD_TYPE=Coverage -G Ninja $CMAKE_FLAGS .."
+ - docker run --rm -w $PWD -v $HOME/.ccache:$HOME/.ccache -v $PWD:$PWD --user=travis apt-ci ninja -C build
script:
- - CTEST_OUTPUT_ON_FAILURE=1 ninja -C build test
- - DESTDIR=$PWD/rootdir chronic ninja -C build install
- - test "$TEST_SUITE" != "user" || ./test/integration/run-tests -qq
- - sudo adduser --force-badname --system --home /nonexistent --no-create-home --quiet _apt || true
- - sudo chmod go+x /home/travis
- - sudo chmod -R go+rwX /home/travis/build
- - test "$TEST_SUITE" != "root" || sudo ./test/integration/run-tests -qq
+ - docker run --rm -w $PWD -v $PWD:$PWD --user=travis apt-ci env CTEST_OUTPUT_ON_FAILURE=1 ninja -C build test
+ - docker run --rm -w $PWD -v $PWD:$PWD --user=travis apt-ci env DESTDIR=$PWD/rootdir chronic ninja -C build install
+ - docker run --rm -w $PWD -v $PWD:$PWD --user=$USER --tmpfs /tmp:suid,exec apt-ci unbuffer ./test/integration/run-tests -qq -j 4
after_script:
- - cd build
- - gcov -r $(find -name '*.gcno')
- - bash <(curl -s https://codecov.io/bash)
+ - docker run --rm -w $PWD/build -v $PWD:$PWD --user=$USER `bash <(curl -s https://codecov.io/env)` apt-ci bash -c 'bash <(curl -s https://codecov.io/bash)'
View
@@ -89,12 +89,18 @@ endfunction()
# Process one document
function(po4a_one stamp_out out full_document language deps)
path_join(full_path "${CMAKE_CURRENT_SOURCE_DIR}" "${full_document}")
- po4a_components(document _ section ext "${full_document}")
+ if (full_document MATCHES "\.ent$")
+ set(dest "${language}/${full_document}")
+ set(full_dest "${dest}")
+ else()
+ po4a_components(document _ section ext "${full_document}")
- # Calculate target file name
- set(dest "${language}/${document}.${language}")
- if(section)
- set(dest "${dest}.${section}")
+ # Calculate target file name
+ set(dest "${language}/${document}.${language}")
+ if(section)
+ set(dest "${dest}.${section}")
+ endif()
+ set(full_dest "${dest}.${ext}")
endif()
# po4a might drop files not translated enough, so build a stamp file
@@ -106,17 +112,17 @@ function(po4a_one stamp_out out full_document language deps)
--package-name='${PROJECT_NAME}-doc'
--package-version='${PACKAGE_VERSION}'
--msgid-bugs-address='${PACKAGE_MAIL}'
- --translate-only ${dest}.${ext}
+ --translate-only ${full_dest}
--srcdir ${CMAKE_CURRENT_SOURCE_DIR}
--destdir ${CMAKE_CURRENT_BINARY_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/po4a.conf
COMMAND ${CMAKE_COMMAND} -E touch ${stamp}
- COMMENT "Generating ${dest}.${ext} (or dropping it)"
+ COMMENT "Generating ${full_dest} (or dropping it)"
DEPENDS ${full_document} ${deps} po/${language}.po
)
# Return result
set(${stamp_out} ${stamp} PARENT_SCOPE)
- set(${out} ${CMAKE_CURRENT_BINARY_DIR}/${dest}.${ext} PARENT_SCOPE)
+ set(${out} ${CMAKE_CURRENT_BINARY_DIR}/${full_dest} PARENT_SCOPE)
endfunction()
function(xsltproc_one)
@@ -251,7 +257,7 @@ function(add_docbook target)
set(generated "")
set(options HTML TEXT MANPAGE ALL)
set(oneValueArgs)
- set(multiValueArgs INSTALL DOCUMENTS LINGUAS DEPENDS)
+ set(multiValueArgs INSTALL DOCUMENTS LINGUAS TRANSLATED_ENTITIES DEPENDS)
cmake_parse_arguments(DOC "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
if (DOC_HTML)
@@ -264,6 +270,13 @@ function(add_docbook target)
list(APPEND formats MANPAGE)
endif()
+ foreach(document ${DOC_TRANSLATED_ENTITIES})
+ foreach(lang ${DOC_LINGUAS})
+ po4a_one(po4a_stamp po4a_out ${document} "${lang}" "")
+ list(APPEND DOC_DEPENDS ${po4a_stamp})
+ endforeach()
+ endforeach()
+
foreach(document ${DOC_DOCUMENTS})
foreach(lang ${DOC_LINGUAS})
po4a_one(po4a_stamp po4a_out ${document} "${lang}" "${DOC_DEPENDS}")
View
@@ -0,0 +1,25 @@
+# - Try to find SECCOMP
+# Once done, this will define
+#
+# SECCOMP_FOUND - system has SECCOMP
+# SECCOMP_INCLUDE_DIRS - the SECCOMP include directories
+# SECCOMP_LIBRARIES - the SECCOMP library
+find_package(PkgConfig)
+
+pkg_check_modules(SECCOMP_PKGCONF libseccomp)
+
+find_path(SECCOMP_INCLUDE_DIRS
+ NAMES seccomp.h
+ PATHS ${SECCOMP_PKGCONF_INCLUDE_DIRS}
+)
+
+
+find_library(SECCOMP_LIBRARIES
+ NAMES seccomp
+ PATHS ${SECCOMP_PKGCONF_LIBRARY_DIRS}
+)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(SECCOMP DEFAULT_MSG SECCOMP_INCLUDE_DIRS SECCOMP_LIBRARIES)
+
+mark_as_advanced(SECCOMP_INCLUDE_DIRS SECCOMP_LIBRARIES)
View
@@ -0,0 +1,25 @@
+# - Try to find UDEV
+# Once done, this will define
+#
+# UDEV_FOUND - system has UDEV
+# UDEV_INCLUDE_DIRS - the UDEV include directories
+# UDEV_LIBRARIES - the UDEV library
+find_package(PkgConfig)
+
+pkg_check_modules(UDEV_PKGCONF libudev)
+
+find_path(UDEV_INCLUDE_DIRS
+ NAMES libudev.h
+ PATHS ${UDEV_PKGCONF_INCLUDE_DIRS}
+)
+
+
+find_library(UDEV_LIBRARIES
+ NAMES udev
+ PATHS ${UDEV_PKGCONF_LIBRARY_DIRS}
+)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Udev DEFAULT_MSG UDEV_INCLUDE_DIRS UDEV_LIBRARIES)
+
+mark_as_advanced(UDEV_INCLUDE_DIRS UDEV_LIBRARIES)
View
@@ -31,6 +31,9 @@ function(apt_add_translation_domain)
get_target_property(source_dir ${target} SOURCE_DIR)
get_target_property(sources ${target} SOURCES)
foreach(source ${sources})
+ if (source MATCHES TARGET_OBJECTS)
+ continue()
+ endif()
path_join(file "${source_dir}" "${source}")
file(RELATIVE_PATH relfile ${PROJECT_SOURCE_DIR} ${file})
set(files ${files} ${relfile})
View
@@ -17,6 +17,12 @@
/* Define if we have the lz4 library for lz4 */
#cmakedefine HAVE_LZ4
+/* Define if we have the udev library */
+#cmakedefine HAVE_UDEV
+
+/* Define if we have the seccomp library */
+#cmakedefine HAVE_SECCOMP
+
/* These two are used by the statvfs shim for glibc2.0 and bsd */
/* Define if we have sys/vfs.h */
#cmakedefine HAVE_VFS_H
@@ -31,9 +37,6 @@
/* Define if we have machine/endian.h */
#cmakedefine HAVE_MACHINE_ENDIAN_H
-/* Define if we have enabled pthread support */
-#cmakedefine HAVE_PTHREAD
-
/* Check for getresuid() function and similar ones */
#cmakedefine HAVE_GETRESUID
#cmakedefine HAVE_GETRESGID
@@ -71,6 +74,7 @@
#define APT_8_CLEANER_HEADERS
#define APT_9_CLEANER_HEADERS
#define APT_10_CLEANER_HEADERS
+#define APT_15_CLEANER_HEADERS
/* unrolling is faster combined with an optimizing compiler */
#define SHA2_UNROLL_TRANSFORM
View
@@ -32,7 +32,7 @@ include(CheckFunctionExists)
include(CheckStructHasMember)
include(GNUInstallDirs)
include(TestBigEndian)
-find_package(Threads)
+find_package(Threads REQUIRED)
find_package(LFS REQUIRED)
find_package(Iconv REQUIRED)
@@ -75,11 +75,9 @@ if (BERKELEY_DB_FOUND)
set(HAVE_BDB 1)
endif()
-
-# apt-transport-https dependencies
-find_package(CURL REQUIRED)
-if (CURL_FOUND)
- set(HAVE_CURL 1)
+find_package(GnuTLS REQUIRED)
+if (GNUTLS_FOUND)
+ set(HAVE_GNUTLS 1)
endif()
# (De)Compressor libraries
@@ -89,22 +87,32 @@ if (ZLIB_FOUND)
endif()
-find_package(BZip2)
+find_package(BZip2 REQUIRED)
if (BZIP2_FOUND)
set(HAVE_BZ2 1)
endif()
-find_package(LZMA)
+find_package(LZMA REQUIRED)
if (LZMA_FOUND)
set(HAVE_LZMA 1)
endif()
-find_package(LZ4)
+find_package(LZ4 REQUIRED)
if (LZ4_FOUND)
set(HAVE_LZ4 1)
endif()
+find_package(Udev)
+if (UDEV_FOUND)
+ set(HAVE_UDEV 1)
+endif()
+
+find_package(Seccomp)
+if (SECCOMP_FOUND)
+ set(HAVE_SECCOMP 1)
+endif()
+
# Mount()ing and stat()ing and friends
check_symbol_exists(statfs sys/vfs.h HAVE_VFS_H)
check_include_files(sys/params.h HAVE_PARAMS_H)
@@ -132,10 +140,6 @@ test_big_endian(WORDS_BIGENDIAN)
# FreeBSD
add_definitions(-D_WITH_GETLINE=1)
-if (CMAKE_USE_PTHREADS_INIT)
- set(HAVE_PTHREAD 1)
-endif()
-
CHECK_INCLUDE_FILES(machine/endian.h HAVE_MACHINE_ENDIAN_H)
CHECK_INCLUDE_FILES(sys/endian.h HAVE_SYS_ENDIAN_H)
CHECK_INCLUDE_FILES(endian.h HAVE_ENDIAN_H)
@@ -172,7 +176,7 @@ endif()
# Configure some variables like package, version and architecture.
set(PACKAGE ${PROJECT_NAME})
set(PACKAGE_MAIL "APT Development Team <deity@lists.debian.org>")
-set(PACKAGE_VERSION "1.4")
+set(PACKAGE_VERSION "1.6~alpha5")
if (NOT DEFINED DPKG_DATADIR)
execute_process(COMMAND ${PERL_EXECUTABLE} -MDpkg -e "print $Dpkg::DATADIR;"
View
@@ -0,0 +1,11 @@
+FROM debian:testing
+COPY . /tmp
+WORKDIR /tmp
+RUN sed -i s#://deb.debian.org#://cdn-fastly.deb.debian.org# /etc/apt/sources.list \
+ && apt-get update \
+ && adduser --home /home/travis travis --quiet --disabled-login --gecos "" --uid 1000 \
+ && env DEBIAN_FRONTEND=noninteractive apt-get install build-essential ccache ninja-build expect curl git -q -y \
+ && env DEBIAN_FRONTEND=noninteractive ./prepare-release travis-ci \
+ && dpkg-reconfigure ccache \
+ && rm -r /tmp/* \
+ && apt-get clean
@@ -14,16 +14,16 @@
##################################################################### */
/*}}}*/
// Include Files /*{{{*/
-#include<config.h>
+#include <config.h>
#include <apt-pkg/arfile.h>
-#include <apt-pkg/strutl.h>
-#include <apt-pkg/fileutl.h>
#include <apt-pkg/error.h>
+#include <apt-pkg/fileutl.h>
+#include <apt-pkg/strutl.h>
+#include <string>
#include <string.h>
#include <sys/types.h>
-#include <string>
#include <apti18n.h>
/*}}}*/
@@ -15,9 +15,8 @@
#ifndef PKGLIB_ARFILE_H
#define PKGLIB_ARFILE_H
-
-#include <string>
#include <apt-pkg/macros.h>
+#include <string>
#ifndef APT_8_CLEANER_HEADERS
#include <apt-pkg/fileutl.h>
#endif
Oops, something went wrong.

No commit comments for this range