From 3f732aa6ad0a81b6a6942a61fd5ed26a26590e8e Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Tue, 28 Apr 2015 23:42:03 +0200
Subject: [PATCH] a pin of 1000 always means downgrade allowed
The documentation says this, but the code only agreed while evaluating
specific packages, but not generics. These needed a pin above 1000 to
have the same effect.
The code causing this makes references to a 'second pesduo status file',
but nowhere is explained what this might stand for and/or what it was,
so we do the only reasonable thing: Remove all references and do as
documented.
---
apt-pkg/policy.cc | 32 ++-----
.../test-bug-543966-downgrade-below-1000-pin | 84 +++++++++--------
test/integration/test-policy-pinning | 92 ++++++++-----------
3 files changed, 96 insertions(+), 112 deletions(-)
diff --git a/apt-pkg/policy.cc b/apt-pkg/policy.cc
index 3cfc32829..9a1d2977e 100644
--- a/apt-pkg/policy.cc
+++ b/apt-pkg/policy.cc
@@ -4,22 +4,12 @@
/* ######################################################################
Package Version Policy implementation
-
+
This is just a really simple wrapper around pkgVersionMatch with
some added goodies to manage the list of things..
-
- Priority Table:
-
- 1000 -> inf = Downgradeable priorities
- 1000 = The 'no downgrade' pseduo-status file
- 100 -> 1000 = Standard priorities
- 990 = Config file override package files
- 989 = Start for preference auto-priorities
- 500 = Default package files
- 100 = The status file and ButAutomaticUpgrades sources
- 0 -> 100 = NotAutomatic sources like experimental
- -inf -> 0 = Never selected
-
+
+ See man apt_preferences for what value means what.
+
##################################################################### */
/*}}}*/
// Include Files /*{{{*/
@@ -56,7 +46,7 @@ using namespace std;
file matches the V0 policy engine. */
pkgPolicy::pkgPolicy(pkgCache *Owner) : Pins(0), PFPriority(0), Cache(Owner)
{
- if (Owner == 0 || &(Owner->Head()) == 0)
+ if (Owner == 0)
return;
PFPriority = new signed short[Owner->Head().PackageFileCount];
Pins = new Pin[Owner->Head().PackageCount];
@@ -125,7 +115,7 @@ bool pkgPolicy::InitDefaults()
else
PFPriority[F->ID] = Cur;
- if (PFPriority[F->ID] > 1000)
+ if (PFPriority[F->ID] >= 1000)
StatusOverride = true;
Fixed[F->ID] = true;
@@ -166,9 +156,7 @@ pkgCache::VerIterator pkgPolicy::GetCandidateVer(pkgCache::PkgIterator const &Pk
effectively excludes everything <= 0 which are the non-automatic
priorities.. The status file is given a prio of 100 which will exclude
not-automatic sources, except in a single shot not-installed mode.
- The second pseduo-status file is at prio 1000, above which will permit
- the user to force-downgrade things.
-
+
The user pin is subject to the same priority rules as default
selections. Thus there are two ways to create a pin - a pin that
tracks the default when the default is taken away, and a permanent
@@ -218,9 +206,9 @@ pkgCache::VerIterator pkgPolicy::GetCandidateVer(pkgCache::PkgIterator const &Pk
Pref = Ver;
PrefSeen = true;
}
- /* Elevate our current selection (or the status file itself)
- to the Pseudo-status priority. */
- Max = 1000;
+ /* Elevate our current selection (or the status file itself) so that only
+ a downgrade can override it from now on */
+ Max = 999;
// Fast path optimize.
if (StatusOverride == false)
diff --git a/test/integration/test-bug-543966-downgrade-below-1000-pin b/test/integration/test-bug-543966-downgrade-below-1000-pin
index d37539b9f..485df999c 100755
--- a/test/integration/test-bug-543966-downgrade-below-1000-pin
+++ b/test/integration/test-bug-543966-downgrade-below-1000-pin
@@ -24,58 +24,66 @@ testsuccessequal "base-files:
5.0.0 0
500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=0
-echo 'Package: base-files
+writepin() {
+ echo "Package: $1
Pin: release a=unstable
-Pin-Priority: 99' > rootdir/etc/apt/preferences
+Pin-Priority: $2" > rootdir/etc/apt/preferences
+}
-testsuccessequal "base-files:
+
+
+testpinning() {
+ local PKGPIN=''
+ local PKGPINPRIO='0'
+ local REPPINPRIO=''
+ if [ "$1" != '*' ]; then
+ PKGPINPRIO=''
+ REPPINPRIO=' 500'
+ PKGPIN='Package pin: 5.0.0
+ '
+ fi
+ writepin "$1" '99'
+ testsuccessequal "base-files:
Installed: 5.0.0-1
Candidate: 5.0.0-1
- Package pin: 5.0.0
- Version table:
- *** 5.0.0-1 99
+ ${PKGPIN}Version table:
+ *** 5.0.0-1 ${PKGPINPRIO:-99}
100 $STATUS
- 5.0.0 99
- 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=99
+ 5.0.0 ${PKGPINPRIO:-99}
+ ${REPPINPRIO:- 99} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=99
-echo 'Package: base-files
-Pin: release a=unstable
-Pin-Priority: 100' > rootdir/etc/apt/preferences
-
-testsuccessequal "base-files:
+ writepin "$1" '100'
+ testsuccessequal "base-files:
Installed: 5.0.0-1
Candidate: 5.0.0-1
- Package pin: 5.0.0
- Version table:
- *** 5.0.0-1 100
+ ${PKGPIN}Version table:
+ *** 5.0.0-1 ${PKGPINPRIO:-100}
100 $STATUS
- 5.0.0 100
- 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=100
+ 5.0.0 ${PKGPINPRIO:-100}
+ ${REPPINPRIO:- 100} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=100
-echo 'Package: base-files
-Pin: release a=unstable
-Pin-Priority: 999' > rootdir/etc/apt/preferences
-
-testsuccessequal "base-files:
+ writepin "$1" '999'
+ testsuccessequal "base-files:
Installed: 5.0.0-1
Candidate: 5.0.0-1
- Package pin: 5.0.0
- Version table:
- *** 5.0.0-1 999
+ ${PKGPIN}Version table:
+ *** 5.0.0-1 ${PKGPINPRIO:-999}
100 $STATUS
- 5.0.0 999
- 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=999
-
-echo 'Package: base-files
-Pin: release a=unstable
-Pin-Priority: 1000' > rootdir/etc/apt/preferences
+ 5.0.0 ${PKGPINPRIO:-999}
+ ${REPPINPRIO:- 999} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=999
-testsuccessequal "base-files:
+ writepin "$1" '1000'
+ testsuccessequal "base-files:
Installed: 5.0.0-1
Candidate: 5.0.0
- Package pin: 5.0.0
- Version table:
- *** 5.0.0-1 1000
+ ${PKGPIN}Version table:
+ *** 5.0.0-1 ${PKGPINPRIO:-1000}
100 $STATUS
- 5.0.0 1000
- 500 file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=1000
+ 5.0.0 ${PKGPINPRIO:-1000}
+ ${REPPINPRIO:-1000} file:${APTARCHIVE} unstable/main i386 Packages" aptcache policy base-files -o apt::pin=1000
+}
+
+msgmsg 'Tests with generic-form pin'
+testpinning '*'
+msgmsg 'Tests with specific-form pin'
+testpinning 'base-files'
diff --git a/test/integration/test-policy-pinning b/test/integration/test-policy-pinning
index 15bf300ac..2675b51bc 100755
--- a/test/integration/test-policy-pinning
+++ b/test/integration/test-policy-pinning
@@ -25,70 +25,58 @@ testequalpolicy() {
Pinned packages:" aptcache policy $*
}
-aptgetupdate() {
- # just to be sure that no old files are used
- rm -rf rootdir/var/lib/apt
- if aptget update --allow-insecure-repositories -qq 2>&1 | grep '^E: '; then
- msgwarn 'apt-get update failed with an error'
- fi
-}
+testglobalpolicy() {
+ aptgetupdate
-### not signed archive
+ testequalpolicy 100 500
+ testequalpolicy 990 500 -t now
-aptgetupdate
+ sed -i aptarchive/Release -e 1i"NotAutomatic: yes"
+ aptgetupdate
-testequalpolicy 100 500
-testequalpolicy 990 500 -t now
+ testequalpolicy 100 1 -o Test=NotAutomatic
+ testequalpolicy 990 1 -o Test=NotAutomatic -t now
-sed -i aptarchive/Release -e 1i"NotAutomatic: yes"
-aptgetupdate
+ sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes"
+ aptgetupdate
-testequalpolicy 100 1 -o Test=NotAutomatic
-testequalpolicy 990 1 -o Test=NotAutomatic -t now
+ testequalpolicy 100 100 -o Test=ButAutomaticUpgrades
+ testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now
-sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes"
-aptgetupdate
+ sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d'
+ aptgetupdate
-testequalpolicy 100 100 -o Test=ButAutomaticUpgrades
-testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now
+ testequalpolicy 100 500 -o Test=Automatic
+ testequalpolicy 990 500 -o Test=Automatic -t now
-sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d'
-aptgetupdate
-
-testequalpolicy 100 500 -o Test=Automatic
-testequalpolicy 990 500 -o Test=Automatic -t now
-
-sed -i aptarchive/Release -e '/NotAutomatic: / d' -e '/ButAutomaticUpgrades: / d'
-
-### signed but no key in trusted
-
-signreleasefiles 'Marvin Paranoid'
-aptgetupdate
-testequalpolicy 100 500
-testequalpolicy 990 500 -t now
-
-sed -i aptarchive/Release -e 1i"NotAutomatic: yes"
-signreleasefiles 'Marvin Paranoid'
-aptgetupdate
-
-testequalpolicy 100 1 -o Test=NotAutomatic
-testequalpolicy 990 1 -o Test=NotAutomatic -t now
-
-sed -i aptarchive/Release -e 1i"ButAutomaticUpgrades: yes"
-signreleasefiles 'Marvin Paranoid'
-aptgetupdate
+ sed -i aptarchive/Release -e '/NotAutomatic: / d' -e '/ButAutomaticUpgrades: / d'
+}
-testequalpolicy 100 100 -o Test=ButAutomaticUpgrades
-testequalpolicy 990 100 -o Test=ButAutomaticUpgrades -t now
+msgmsg 'Test with not signed archive'
+aptgetupdate() {
+ rm -rf rootdir/var/lib/apt
+ testwarning aptget update --allow-insecure-repositories
+}
+testglobalpolicy
-sed -i aptarchive/Release -e 's#NotAutomatic: yes#NotAutomatic: no#' -e '/ButAutomaticUpgrades: / d'
-signreleasefiles 'Marvin Paranoid'
-aptgetupdate
+msgmsg 'Test with signed but no key in trusted'
+aptgetupdate() {
+ rm -rf rootdir/var/lib/apt
+ signreleasefiles 'Marvin Paranoid'
+ testwarning aptget update --allow-insecure-repositories
+}
+testglobalpolicy
-testequalpolicy 100 500 -o Test=Automatic
-testequalpolicy 990 500 -o Test=Automatic -t now
+# much the same tests will be executed below in more detail again for this one
+msgmsg 'Test with signed and valid key'
+aptgetupdate() {
+ rm -rf rootdir/var/lib/apt
+ signreleasefiles 'Joe Sixpack'
+ testsuccess aptget update
+}
+testglobalpolicy
-### signed and valid key
+msgmsg 'Test with specific packages'
buildsimplenativepackage "coolstuff" "all" "1.0" "stable"
buildsimplenativepackage "coolstuff" "all" "2.0~bpo1" "backports"
--
2.47.2