[Bug 1814727] Re: Backport never pinning and Packages-Require-Authorization

Julian Andres Klode 1814727 at bugs.launchpad.net
Wed Mar 6 11:40:13 UTC 2019 

I have verfied from the autopkgtest runs that the specified tests have
passed in all releases:

- 1.7.3 in cosmic
- 1.6.9 in bionic
- 1.2.30 in xenial
- 1.0.1ubuntu2.21 in trusty

I specifically checked that test-packages-require-authorization run, and
that test-policy-pinning has more tests run than before; indicating the
presence of the additional tests.


** Description changed:

  [Impact]
  These are not driven from a direct user experience, but are related to other developments:
  
  (1) unattended-upgrades could use the never pinning to disable
  repositories rather than switching candidates. That would simplify code
  quite a bit.
  
  (2) Packages-Require-Authorization lets a repository declare that
  downloading packages from it requires authorization. This is useful both
  for private repositories, as it can prevent unattended-upgrades failures
  if you remove authorization info; and it also allows creating a new form
  of semi-private repository, where only pool/ requires authorization.
  
  [Test case]
  Tests are included in autopkgtests and cover the common scenarios
  https://salsa.debian.org/apt-team/apt/blob/master/test/integration/test-packages-require-authorization:
  (1) Add repository with Packages-Require-Authorization and no auth.conf entry: pin -32768
  (2) Add repository with Packages-Require-Authorization and a auth.conf entry: pin 500
  (3) As (2), but a custom pin still applies
  
  https://salsa.debian.org/apt-team/apt/blob/master/test/integration/test-policy-pinning#L365
  (1) Test that Pin-Priority: never overrides both per-package pins and per-repository pins
  (2) Test that Pin-Priority: never is only applied for per-repository (Package: *) pins
  
- Tests in older releases should be the same, but it's not clear yet. Bug
- will be updated once the SRUs are ready.
- 
  [Regression potential]
  The changes might introduce regressions in pinning. The pinning implementation in trusty is substantially different from the other releases, and should thus require more testing.

** Tags removed: verification-needed verification-needed-bionic verification-needed-cosmic verification-needed-trusty verification-needed-xenial
** Tags added: verification-done verification-done-bionic verification-done-cosmic verification-done-trusty verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1814727

Title:
  Backport never pinning and Packages-Require-Authorization

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Trusty:
  Fix Committed
Status in apt source package in Xenial:
  Fix Committed
Status in apt source package in Bionic:
  Fix Committed
Status in apt source package in Cosmic:
  Fix Committed
Status in apt source package in Disco:
  Fix Released

Bug description:
  [Impact]
  These are not driven from a direct user experience, but are related to other developments:

  (1) unattended-upgrades could use the never pinning to disable
  repositories rather than switching candidates. That would simplify
  code quite a bit.

  (2) Packages-Require-Authorization lets a repository declare that
  downloading packages from it requires authorization. This is useful
  both for private repositories, as it can prevent unattended-upgrades
  failures if you remove authorization info; and it also allows creating
  a new form of semi-private repository, where only pool/ requires
  authorization.

  [Test case]
  Tests are included in autopkgtests and cover the common scenarios
  https://salsa.debian.org/apt-team/apt/blob/master/test/integration/test-packages-require-authorization:
  (1) Add repository with Packages-Require-Authorization and no auth.conf entry: pin -32768
  (2) Add repository with Packages-Require-Authorization and a auth.conf entry: pin 500
  (3) As (2), but a custom pin still applies

  https://salsa.debian.org/apt-team/apt/blob/master/test/integration/test-policy-pinning#L365
  (1) Test that Pin-Priority: never overrides both per-package pins and per-repository pins
  (2) Test that Pin-Priority: never is only applied for per-repository (Package: *) pins

  [Regression potential]
  The changes might introduce regressions in pinning. The pinning implementation in trusty is substantially different from the other releases, and should thus require more testing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1814727/+subscriptions

More information about the foundations-bugs mailing list