fix priority sorting by prefering higher in MarkInstall
Used to work until a certain (here unnamed) person came along and used
the wrong operator causing low-priority packages to be sorted above
high-priority packages while choosing a provider in commit 2b5c35c7bb915dbd46fefd7c79f05364ba22f93b from Nov 2011
Doing Removes early is good to have them out of the way, so they
don't break 'Inst' or 'Conf' chains, but scoring them above Essentials
means that we end up upgrading (many) less important packages before
we handle big stuff like libc6 or debconf which not only fails if those
less important packages have unannounced (strict) dependencies, but also
leads to having these packages unconfigured for a long time triggering
bugs in maintainer scripts for no good reason (#708831).
So this commits sets the default value for remove scores to 100, which
is below the one for essentials (200) and a lot lower than the previous
default value (500).
rewrite pkgOrderList::DepRemove to stop incorrect immediate setting
Some squeeze → wheezy upgrades indicate that DepRemove runs amok
in complicated setups as it wasn't correctly working with or-groups.
Completely rewritten the check is now moving from or-group to or-group
instead.
The behavior should be the same as the code before, but
(hopefully) with less bugs and more comments.
remove -ldl from cdrom and -lutil from apt-get linkage
Building src:apt shows:
dpkg-shlibdeps: warning: package could avoid a useless dependency if
debian/apt/usr/lib/apt/methods/cdrom was not linked against libdl.so.2
(it uses none of the library's symbols)
dpkg-shlibdeps: warning: package could avoid a useless dependency if
debian/apt/usr/bin/apt-get was not linked against libutil.so.1 (it uses
none of the library's symbols)
non-inline RunGPGV methods to restore ABI compatibility with previous versions to fix partial upgrades (Closes: #707771)
The rename in 0.9.7.9~exp2 moved the method body to the class definition
which means it became inline, which isn't ABI compatibile. The reverse of
moving inline to non-inline is safe though.
Michael Vogt [Wed, 8 May 2013 15:46:31 +0000 (17:46 +0200)]
* apt-pkg/algorithms.cc:
- Do not propagate negative scores from rdepends. Propagating the absolute
value of a negative score may boost obsolete packages and keep them
installed instead of installing their successors. (Closes: #699759)
support dash-escaped text in clearsigned files as implementations are
free to escape all lines (we have no lines in our files which need
to be escaped as these would be invalid fieldnames) and while ExecGPGV
would detect dash-escaped text as invalid (as its not expected in
messages with detached signatures) it would be possible to "comment"
lines in (signed) dsc files which are only parsed but not verified
* apt-pkg/deb/debindexfile.cc,
apt-pkg/deb/deblistparser.cc:
- use OpenMaybeClearSignedFile to be free from detecting and
skipping clearsigning metadata in dsc and Release files
We can't write a "clean" file to disk as not all acquire methods copy
Release files before checking them (e.g. cdrom), so this reverts recombining,
but uses the method we use for dsc files also in the two places we
deal with Release files
- add method to open (maybe) clearsigned files transparently
* ftparchive/writer.cc:
- use OpenMaybeClearSignedFile to be free from detecting and
skipping clearsigning metadata in dsc files
- if ExecGPGV deals with a clear-signed file it will split this file
into data and signatures, pass it to gpgv for verification and
recombines it after that in a known-good way without unsigned blocks
and whitespaces resulting usually in more or less the same file as
before, but later code can be sure about the format
* apt-pkg/deb/debmetaindex.cc:
- reenable InRelease by default
* apt-pkg/acquire-item.cc:
- keep the last good InRelease file around just as we do it with
Release.gpg in case the new one we download isn't good for us
* apt-pkg/deb/debmetaindex.cc,
test/integration/test-bug-595691-empty-and-broken-archive-files,
test/integration/test-releasefile-verification:
- disable InRelease downloading until the verification issue is
fixed, thanks to Ansgar Burchardt for finding the flaw
* apt-pkg/pkgcachegen.cc:
- do not store the MD5Sum for every description language variant as
it will be the same for all so it can be shared to save cache space