GitLab

It is possible that if we try to immediately kill process that it won't
make it to exec and that way kill might be caught by check library and
reported as failure. By waiting at least short amount we pretty much
make sure that exec happens and that we are killing sleep process rather
our fork.

With four parallel jobs it is common that connection fails with OCSP
response error. This seems to be an issue with some sort of
rate-limiting in nginx (target web server) on OCSP stamping. It looks
like as 3 is the magic number here for that.

This is no longer valid. All this is now implemented differently or is
going to be shortly.

These documentation is kind of old and although partially correct they
also say a lot of stuff that are no longer true. We should replace them
with more accurate documentation.

Added
* Queue messages for 'upgrade' and 'downgrade' now also print current
  version in square brackets.

Changed
* Default connection timeout for download was extended from one minute
  to ten minutes.

Removed
* Possibility to reboot immediatelly after package installation. Reboot
  after update is deemed sufficient.

Fixed
* Queue messages now state 'upgrade', 'downgrade' and 'reinstall'
  instead of original generic 'install'.

The code used for checking current system status was invalid and in
result whole if condition was being skipped silently. This now enabled
"upgrade", "downgrade" and "reinstall" messages instead of "install".

This also adds current version to upgrades and downgrades of packages.
This is info that is beneficial to know in most cases so it makes no
sense to not show it when we have simple access to it.

This removes immediate reboot possibility from updater.

Original reasoning was to reboot router because update of specific
package broke system so much it can't continue. We never used it. It is
also questionable how such package could break system in a way where
reboot helps. That would have to be kernel module but having some core
systems in module that we would have to do reboot and were unable to
finish update seems like impossible. To finish update we in general need
just filesystem and shell. Existing solution would not work with
theoretical breakage of any of those anyway so it is pretty much useless
feature. Anything this can solve can be also solved by reboot at the end
of update.

This should increase reliability on unstable network connection.

One minute was was way short as it looks like. Ten minutes should be
better, hopefully not the other way around (too long).

We are now focusing primary on English and, in the future, this could be
translated via Weblate. By removing Czech language this script does not
longer prints warning about running in compatible mode

Changed
* pkgupdate's conf.lua now loads scripts with Full security level
  instead of Local
* libupdater is now versioned with release version (there is no API
  compatibility between versions)

Original idea was to limit what scripts placed there can do but in the
end it makes code of those scripts pretty much ugly as it then requires
duplicate code and prevents usage of libraries.

We lost nothing with Full security as Local allows running any arbitrary
shell code.

We use -release because libupdater is technically binary compatible only
with same version of binary tools. This means every build requires new
version of library and vice versa.

This adds additional test for configuration stealing. It checks that
stealing between installed packages works. It also renames original test
to more reflect that it tests only stealing when package is being
replaced.

Fixed
* Warning about cycles for packages providing and at the same time
  conflicting with some other package
* Configure script now checks if uthash is available

The reason is that Conflicts are included as negative dependencies but
to allows flow that package can Conflict and at the same time Provide
specific package (to do effectively replacement) it is implemented as
negative dependency for any version. Version dependencies are satisfied
only by packages of exact name, not by provided packages (for obvious
reasons as Provided packages do not have same versioning scheme).

Fix is that we pass to planning function version limitation of
dependency and plan package only if that is fulfilled by candidate
selected for given group.

We are using uthash.h and we should check if we have it available in
configure.ac.

This is release to only fix build because of missing submodule.

Changed
* Lunit submodule now points to new Github repository

Original repository seems to be no longer accessible. The webside links
to github repo now so this is replacement to that repo.

This improves reporting about action to be performed. Now user is
informed in more standard way if package is new or if it is modification
(and what kind of modification) of installed version.

This extends list of fields checked for reinstall to not only Version
but also to Architecture, LinkSignature, Depends, Conflicts, Provides.

There are two reasons why we want to have these:

First reason applies on Architecture, Depends, Conflicts and Provides.
Those trigger update to get package information in sync with repository.
Updater runs planning against repository so this has no effect but in
the end if someone forgets to bump package but modifies dependencies for
example then we reinstall package anyway.

Second reason to reinstall package applies on LinkSignature and that is
field inserted with hash generated from dynamic linker information
collected for package. When this hash changes then link dependencies
changed and even if version is same we have to reinstall such package as
it most probably won't work with updated dependencies.

As a tinny bonus logs now contain info about version or any other field
if the differ and that way info about the reason to reinstall given
package.

We are grabing scripts output including stderr and because of that we
can't trace childs. Instead we make it so most of our code runs without
fork.

This reverts commit cd44f638.

We can't do this as we are checking output of childs in subprocess and
valgrind taints stderr output with its output.

We have problem with libb64 on ARM (it effectively does not work).
Updater is already linked against OpenSSL so why not use it for that as
well. The API for it is not exactly clean so it is wrapped in its own
file but otherwise it is clean solution as it removes dependency and
reuses existing one.

There can be sunsequent lines although it is not part of standard.
Accepting those and ignoring them fixes possible problem with invalid
signature read as size might not match.

This adds more descriptive debug messages to check for cause of
signature verification fail.

This was causing that long files were not correctly verified. The files
bigger than 2^8 were just considered as broken as size wasn't provided
properly.

I have no idea why it was passing previously but this is obviously
wrong.

Checking for lua with version 5.1 is required for systems with single
version of Lua while lua5.1 is required for those providing multiple
versions.