Skip to content

Instantly share code, notes, and snippets.

@julian-klode

julian-klode/apt-2.0.md

Last active February 26, 2020 20:28
Show Gist options
  • Save julian-klode/257574575095f803e5458ede1fe787e6 to your computer and use it in GitHub Desktop.
Save julian-klode/257574575095f803e5458ede1fe787e6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
apt-2.0.md

APT 2.0

After brewing in experimental for a while, and getting a first outing in the Ubuntu 19.10 release; both as 1.9, APT 2.0 is now releasing to unstable.

Compared to the 1.8 series, the APT 2.0 series features several new features, as well as improvements in performance, hardening. A lot of code has been removed as well, reducing the size of the library.

Changes Since 1.8

New Features

  • Commands accepting package names now accept aptitude-style patterns. The syntax of patterns is mostly a subset of aptitude, see apt-patterns(7) for more details.

  • apt(8) now waits for the dpkg locks - indefinitely, when connected to a tty, or for 120s otherwise.

  • When apt cannot acquire the lock, it prints the name and pid of the process that currently holds the lock.

  • A new satisfy command has been added to apt(8) and apt-get(8)

  • Pins can now be specified by source package, by prepending src: to the name of the package, e.g.:

    Package: src:apt
Pin: version 2.0.0
Pin-Priority: 990

    Will pin all binaries of the native architecture produced by the source package apt to version 2.0.0. To pin packages across all architectures, append :any.

Performance

  • APT now uses libgcrypt for hashing instead of embedded reference implementations of MD5, SHA1, and SHA2 hash families.

  • Distribution of rred and decompression work during update has been improved to take into account the backlog instead of randomly assigning a worker, which should yield higher parallelization.

Incompatibilities

  • The apt(8) command no longer accepts regular expressions or wildcards as package arguments, use patterns (see New Features).

Hardening

  • Credentials specified in auth.conf now only apply to HTTPS sources, preventing malicious actors from reading credentials after they redirected users from a HTTP source to an http url matching the credentials in auth.conf. Another protocol can be specified, see apt_auth.conf(5) for the syntax.

Developer changes

  • A more extensible cache format, allowing us to add new fields without breaking the ABI

  • All code marked as deprecated in 1.8 has been removed

  • Implementations of CRC16, MD5, SHA1, SHA2 have been removed

  • The apt-inst library has been merged into the apt-pkg library.

  • apt-pkg can now be found by pkg-config

  • The apt-pkg library now compiles with hidden visibility by default.

  • Pointers inside the cache are now statically typed. They cannot be compared against integers (except 0 via nullptr) anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment