Bug#868127: marked as done (apt: spurious missing component warning for components with slashes)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Thu, 17 Aug 2017 17:49:06 +0000
with message-id <E1diOuo-000BF3-2A@fasolo.debian.org>
and subject line Bug#868127: fixed in apt 1.5~beta2
has caused the Debian Bug report #868127,
regarding apt: spurious missing component warning for components with slashes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
868127: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868127
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: apt: spurious missing component warning for components with slashes
• From: Apollon Oikonomopoulos <apoikos@debian.org>
• Date: Wed, 12 Jul 2017 11:58:34 +0300
• Message-id: <20170712085834.c7bbnvyp6emuvrsr@marvin.dmesg.gr>

Package: apt
Version: 1.5~beta1
Severity: normal
Tags: patch

Dear APT Maintainers,

1.5 introduced a check that warns users about components specified in 
sources.list but not present in the Release file's Component section.  
While doing so, it assumes that any component that includes a slash 
should be treated like the components in security.debian.org, which are 
specified without a slash in sources.list (as "updates" is part of the 
suite), but with a slash in Release ("updates/main updates/contrib" 
etc). This leads to spurious warnings on repositories that use slashes 
in components in a more "regular" way.

Take for example the following sources.list entry:

 deb http://deb.example.com/debian stretch profile/es

And the following Release file

 Codename: stretch
 Components: main profile/es

apt will mangle the supported component list to ['main', 'es'], thus 
complaining with the following warning:

 W: Skipping acquire of configured file 'profile/es/i18n/Translation-en_US' as repository 'http://debian.example.com/debian stretch InRelease' doesn't have the component 'profile/es' (component misspelt in sources.list?)

The attached patch fixes this issue.

Regards,
Apollon

From fda828a6aca867be7e48997c90ca67386c646365 Mon Sep 17 00:00:00 2001
From: Apollon Oikonomopoulos <apoikos@debian.org>
Date: Wed, 12 Jul 2017 10:41:58 +0300
Subject: [PATCH] Handle supported components with slashes in sources.list

Commit d7c92411dc1f4c6be098d1425f9c1c075e0c2154 parses the Components
section of (In)Release and attempts to detect the distribution's
supported components. While doing so, it handles component names with
slashes in a special manner, assuming that the actual component is only
the part after the final slash. This is done to handle
security.debian.org, which usually appears in sources.list as follows:

 deb http://s.d.o/debian-security stretch/updates main contrib non-free

while the actual release file has:
 Codename: stretch
 Components: updates/main updates/contrib updates/non-free

While this special handing on APTs part indeed works for
debian-security, it emits spurious warnings on repositories that
actually use slashes in the component names *and* appear so in
sources.list.

We fix this by adding both component versions (whole and final part) to
the SupportedComponents array.
---
 apt-pkg/deb/debmetaindex.cc                            |  5 ++---
 test/integration/test-apt-update-disappeared-component | 14 ++++++++++----
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index df7419ddd..d7c458e66 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -414,10 +414,9 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
       if (comp.empty())
 	 continue;
       auto const pos = comp.find_last_of('/');
-      if (pos == std::string::npos)
-	 d->SupportedComponents.push_back(std::move(comp));
-      else // e.g. security.debian.org uses this style
+      if (pos != std::string::npos) // e.g. security.debian.org uses this style
 	 d->SupportedComponents.push_back(comp.substr(pos + 1));
+      d->SupportedComponents.push_back(std::move(comp));
    }
    {
       decltype(pkgCache::ReleaseFile::Flags) flags = 0;
diff --git a/test/integration/test-apt-update-disappeared-component b/test/integration/test-apt-update-disappeared-component
index d38405bc2..7c7dd7711 100755
--- a/test/integration/test-apt-update-disappeared-component
+++ b/test/integration/test-apt-update-disappeared-component
@@ -10,13 +10,14 @@ insertpackage 'unstable' 'foobar' 'all' '1'
 
 APTARCHIVE="file:$(readlink -f ./aptarchive) unstable InRelease"
 setupaptarchive --no-update
-sed -i -e 's#main\s*$#main contrib non-free#' rootdir/etc/apt/sources.list.d/*
+sed -i -e 's#main\s*$#main contrib non-free sub/component#' rootdir/etc/apt/sources.list.d/*
 
 # if no Component info is available we assume all are supported, which means
 # that non-existent Packages files are assumed to be missing because they are
 # empty (as the repository is declaring support for them via Architectures)
 testwarningmsg "W: Skipping acquire of configured file 'contrib/source/Sources' as repository '${APTARCHIVE}' does not seem to provide it (sources.list entry misspelt?)
-W: Skipping acquire of configured file 'non-free/source/Sources' as repository '${APTARCHIVE}' does not seem to provide it (sources.list entry misspelt?)" apt update
+W: Skipping acquire of configured file 'non-free/source/Sources' as repository '${APTARCHIVE}' does not seem to provide it (sources.list entry misspelt?)
+W: Skipping acquire of configured file 'sub/component/source/Sources' as repository '${APTARCHIVE}' does not seem to provide it (sources.list entry misspelt?)" apt update
 
 sed -i -e '/^Codename: / a\
 Components: main contrib' $(find ./aptarchive -name 'Release')
@@ -24,16 +25,21 @@ signreleasefiles
 
 testwarningmsg "W: Skipping acquire of configured file 'contrib/source/Sources' as repository '${APTARCHIVE}' does not seem to provide it (sources.list entry misspelt?)
 W: Skipping acquire of configured file 'non-free/source/Sources' as repository '${APTARCHIVE}' doesn't have the component 'non-free' (component misspelt in sources.list?)
+W: Skipping acquire of configured file 'sub/component/source/Sources' as repository '${APTARCHIVE}' doesn't have the component 'sub/component' (component misspelt in sources.list?)
 W: Skipping acquire of configured file 'non-free/binary-amd64/Packages' as repository '${APTARCHIVE}' doesn't have the component 'non-free' (component misspelt in sources.list?)
 W: Skipping acquire of configured file 'non-free/binary-all/Packages' as repository '${APTARCHIVE}' doesn't have the component 'non-free' (component misspelt in sources.list?)
-W: Skipping acquire of configured file 'non-free/i18n/Translation-en' as repository '${APTARCHIVE}' doesn't have the component 'non-free' (component misspelt in sources.list?)" apt update
+W: Skipping acquire of configured file 'non-free/i18n/Translation-en' as repository '${APTARCHIVE}' doesn't have the component 'non-free' (component misspelt in sources.list?)
+W: Skipping acquire of configured file 'sub/component/binary-amd64/Packages' as repository '${APTARCHIVE}' doesn't have the component 'sub/component' (component misspelt in sources.list?)
+W: Skipping acquire of configured file 'sub/component/binary-all/Packages' as repository '${APTARCHIVE}' doesn't have the component 'sub/component' (component misspelt in sources.list?)
+W: Skipping acquire of configured file 'sub/component/i18n/Translation-en' as repository '${APTARCHIVE}' doesn't have the component 'sub/component' (component misspelt in sources.list?)" apt update
 
 # the field looks like this e.g. for security.debian.org sources
-sed -i -e 's#^Components:.*$#Components: updates/main updates/contrib#' $(find ./aptarchive -name 'Release')
+sed -i -e 's#^Components:.*$#Components: updates/main updates/contrib sub/component#' $(find ./aptarchive -name 'Release')
 signreleasefiles
 
 testwarningmsg "W: Skipping acquire of configured file 'contrib/source/Sources' as repository '${APTARCHIVE}' does not seem to provide it (sources.list entry misspelt?)
 W: Skipping acquire of configured file 'non-free/source/Sources' as repository '${APTARCHIVE}' doesn't have the component 'non-free' (component misspelt in sources.list?)
+W: Skipping acquire of configured file 'sub/component/source/Sources' as repository '${APTARCHIVE}' does not seem to provide it (sources.list entry misspelt?)
 W: Skipping acquire of configured file 'non-free/binary-amd64/Packages' as repository '${APTARCHIVE}' doesn't have the component 'non-free' (component misspelt in sources.list?)
 W: Skipping acquire of configured file 'non-free/binary-all/Packages' as repository '${APTARCHIVE}' doesn't have the component 'non-free' (component misspelt in sources.list?)
 W: Skipping acquire of configured file 'non-free/i18n/Translation-en' as repository '${APTARCHIVE}' doesn't have the component 'non-free' (component misspelt in sources.list?)" apt update
-- 
2.11.0

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

• To: 868127-close@bugs.debian.org
• Subject: Bug#868127: fixed in apt 1.5~beta2
• From: Julian Andres Klode <jak@debian.org>
• Date: Thu, 17 Aug 2017 17:49:06 +0000
• Message-id: <E1diOuo-000BF3-2A@fasolo.debian.org>

Source: apt
Source-Version: 1.5~beta2

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868127@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 Aug 2017 19:28:00 +0200
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 1.5~beta2
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - Transitional package: curl-https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst2.0 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.0 - package management runtime library
Closes: 811181 858877 868127 869425 869557 870675 871275
Changes:
 apt (1.5~beta2) unstable; urgency=medium
 .
   [ M. Willis Monroe ]
   * Minor grammar fix
 .
   [ Zhou Mo ]
   * zh_CN.po: update Simplified Chinese programs translation
 .
   [ David Kalnischkies ]
   * don't expect more downloads from failed transactions
   * remove reference to a-t-debtorrent in description
   * ignore SIGPIPE in dump solver if forwarding
   * support compressed extended_states file for bug triage
   * don't move failed pdiff indexes out of partial (Closes: 869425)
   * don't try to parse all fields starting with HTTP as status-line
   * send weak-only hashes to methods
   * fail earlier if server answers with too much data
   * fail early in http if server answer is too small as well
   * use FileFd to parse all apt configuration files
   * show warnings instead of errors if files are unreadable (LP: #1701852)
   * reimplement and document auth.conf (Closes: #811181)
   * lookup login info for proxies in auth.conf
   * allow the auth.conf to be root:root owned
   * update URI scheme descriptions in sources.list(5)
   * show a warning for Debian shutting down FTP services
   * suggest using auth.conf for sources with passwords
   * ftparchive: sort discovered filenames before writing indexes.
     Thanks to Chris Lamb for initial patch & Stefan Lippers-Hollmann for testing
     (Closes: 869557)
   * don't keep configuration files open needlessly
   * don't hang if multiple sources use unavailable method (Closes: 870675)
 .
   [ Beatrice Torracca ]
   * Italian manpage translation update (Closes: 858877)
 .
   [ Apollon Oikonomopoulos ]
   * Handle supported components with slashes in sources.list (Closes: #868127)
 .
   [ Julian Andres Klode ]
   * Drop cacheiterators.h include
   * methods/aptmethod.h: Add missing fileutl.h include
   * Reformat and sort all includes with clang-format
   * cacheiterators: Warn about direct include and don't include pkgcache.h
   * Update gitignore with new files
   * Use C++11 threading support instead of pthread
   * Always warn if --force-yes is validly specified, not just if used
   * Work around float rounding change in gcc 7 on i386
   * Handle GCC 7 std::string operator ABI break (Closes: #871275)
   * debian: Update symbols for libapt-pkg5.0
 .
   [ Paul Wise ]
   * Support zero delay for the various APT::Periodic activities
   * Support seconds, minutes, hours and days for APT::Periodic intervals
   * Switch from /org to /srv in example apt-ftparchive configuration
 .
   [ Balint Reczey ]
   * Gracefully terminate process when stopping apt-daily-upgrade (LP: #1690980)
 .
   [ Dominik ]
   * doc: Add '--allow-unauthenticated' to '--force-yes'
Checksums-Sha1:
 c2df9b299098ef0808f78c3ebbf21d1c873aa09a 2598 apt_1.5~beta2.dsc
 3407383a7fbf657b593ea9bc25d549b00c2c8640 2094844 apt_1.5~beta2.tar.xz
 7966ef2ea16c0e2d98d6b6f7dc17b4fd09b64c85 8066 apt_1.5~beta2_source.buildinfo
Checksums-Sha256:
 aaa01458752d8674808cd840aeeafacf4a531ace17259428d9b3d67886ad376a 2598 apt_1.5~beta2.dsc
 5a9866b613a65929cd8852cd8813a1065bfe700928b66a91c5181a03196db4f5 2094844 apt_1.5~beta2.tar.xz
 8192235ea359c3849cb40afcd0de627cd130dd0436fc9a28d47c1e22c5c98dae 8066 apt_1.5~beta2_source.buildinfo
Files:
 3e8f485696568afa308951087eefe601 2598 admin important apt_1.5~beta2.dsc
 0ba1e229813604beea627beee8941765 2094844 admin important apt_1.5~beta2.tar.xz
 c1757e0d03dcccbce5f863d2d7429c5d 8066 admin important apt_1.5~beta2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEzeVhi4gF/W4gLOnC1zw55WWAs4YFAlmV0loPHGpha0BkZWJp
YW4ub3JnAAoJENc8OeVlgLOGr8UP/3ewme1YZHZ+0Yqdx/NY0qnyFrGNBxQV+hQX
xO7ncGalAqF0bJ3nw9FrDpC1d7DVAlNOU9N3SsbGNSz+ZnPkqCvkssG0H/0pxXGQ
WkdkTH3dSgRDoJd6CvSHapt69/GBPrAqukE3jBZnA9KdKRXvdRlVyrAZ7lj2cvVM
eeC+vpy2sRf2+LgEUa179tniVH4DQkdNMu17xmmvLLairlr5fhEkf0GUv1GoOXJ+
A6eOnOYyvfgZpSlrAPU5hkJAS56mhG7MeGOnzdhVqJ9sJrWzBLr0QAMHg8+Kks0h
SKLrUeFGC5E1xlm+dHORukmTLyMp6UaxQTsjx6lfwDYFfxbxx3UJTSkcgV2ANpnN
70ZiWRaEa6OEpEl495GOrRN8jQYOFqfkX5yJrJ+/OadYXQstsIKR6Y/u73PeszKJ
ON1rEqYDwr6cEML4IJ4L0HaWlcc2dMMV5HOujQTJMsOubCHpTmyTYN2IZhNu3HfI
JesYFMc/CfX8VzdVIA9beZTbELM5IchB7uKUi1KheO6j4UXSlZkEj6KwVPonlA7v
i7s7qV31t0WW9muodl7lUX8jTAfvVo/Fopx+gTym/wW9sFWq/ATNy3Bqhlr7wUpM
miAVOeG/E/FAj33hp4S1zcSbRD+infVQPgXGbQiv+QQIzMarujQISupO3Y4OWFnx
+V6aKjWE
=aaby
-----END PGP SIGNATURE-----

--- End Message ---