Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE!

2017-05-31 Thread Larry Hall (Cygwin) 

On 05/31/2017 05:37 AM, Houder wrote:

On Tue, 30 May 2017 21:28:41, "Larry Hall (Cygwin)" wrote:

[snip]

Cygwin's link to the Windows user ID is through the UID/SID mapping.  In
your case, you're apparently using /etc/passwd and so that's where the
mapping happens.  You can map the UID of a Cygwin user to any valid Windows
SID by editing the SID as you did.  This doesn't change how things look in
the Cygwin environment (i.e. the UID and user name are still the same) but
it does make a difference to Windows.  So the fact that you can change the
SID for the 'sshd' user and still get it to run is not all that surprising,
assuming that the new Windows SID that you're using as 'sshd' now has at
least similar permissions.  Of course, if you remove Cygwin's understanding
of 'sshd' so that it can't do the mapping of UID to SID or even have a
valid UID, then subsequent problems are not unexpected.


Hi Larry,

Thanks for your reply! Discussion!

First of all, I do not pretend to know Windows ... neither do I pretend that I
know more about ssh/Cygwin than Corinna does (basically, I know not very much).

.. the only thing I am able to, is "observe" (and I may interpret wrong), and
may have done "stupid" things. That is why your reply is appreciated by me.

Now back to your reply:

I had modified /etc/password as follows: (note the  in the sid)

sshd:*:1015:513:U-Seven\sshd,S-1-5-21-91509220-1575020443-2714799223-:/var/empty:/bin/false

However, just now I modified it as follows:

sshd:*:1015:513:U-Seven\sshd,S-1-5-21--xx-xx-:/var/empty:/bin/false

(again changed the sshd service into 'automatic'), and rebooted the system.

After system reboot, an elevated shell is started ...
(the ampersand sign at the end of the prompt indicates it is an elevated shell)

# my .bash_profile interrogates the cygwin1.dll ...
/home/corinna/src/cygwin/cygwin-2.8.0/cygwin-2.8.0-1.x86_64/src/newlib-cygwin/winsup/cygwin/cygheap.cc
64-@@#
64-@@# cygrunsrv -Q sshd
Service : sshd
Display name: CYGWIN sshd
Current State   : Running
Controls Accepted   : Stop
Command : /usr/sbin/sshd -4 -D -e

Looking good ...

64-@@# net user sshd
The user name could not be found.

More help is available by typing NET HELPMSG 2221.

As far as I know, this means that Windows tells me user sshd does NOT exist!

However, I can still use the ssh command ... (see below).

Now, if I understand correctly, "Corinna" may use the first (of the 4) method,
i.e. the one based on NtCreateToken(), to change the user context ...
(Q: is that even possible for a NON-existing user?)

However, neither the ps command nor the "Process Explorer" show me a context
that "belongs" to user sshd [1] (in stead it belongs to user cyg_server).

[1] I refer to the grandchild of the listener, the one that exists before the
authentication phase terminates ...

Yes, I know; I may still be wrong ... I report what I observe ... yes, I do
not have the deep knowledge of Windows that Corinna has. I know.

Regards,

Henri

-

From an UNelevated shell:


64-@@ ssh -p  -l Henri 192.168.178.15
Enter passphrase for key '/home/Henri/.ssh/': # Henri is privileged
Last login: Wed May 31 10:30:52 2017 from 192.168.178.15
TADA ! < contents of /etc/motd
/home/corinna/src/cygwin/cygwin-2.8.0/cygwin-2.8.0-1.x86_64/src/newlib-cygwin/winsup/cygwin/cygheap.cc
64-@@# exit < full-blown elevated shell! (try whoami /all)
logout
Connection to 192.168.178.15 closed.

64-@@ ssh -p  -l jvdwater 192.168.178.15
jvdwater@192.168.178.15's password: # jvdwater is UNprivileged
Last login: Wed May 31 10:29:27 2017 from 192.168.178.15
TADA !
64-@@ exit < ordinary UNelevated shell
logout
Connection to 192.168.178.15 closed.

64-@@# tail -f /var/log/sshd.log
Server listening on 0.0.0.0 port .
Accepted publickey for Henri from 192.168.178.15 port 49186 ssh2: 
Received disconnect from 192.168.178.15 port 49186:11: disconnected by user
Disconnected from user Henri 192.168.178.15 port 49186
Accepted password for jvdwater from 192.168.178.15 port 49191 ssh2
Received disconnect from 192.168.178.15 port 49191:11: disconnected by user
Disconnected from user jvdwater 192.168.178.15 port 49191


I'm replying directly to your original replies to me but this
shouldn't indicate to anyone that subsequent discussion by others hasn't
provided good and useful information.  My reply more directly addresses
your email though so I wanted to reference it without those intervening
discussions to hopefully avoid confusion.

At the moment, the only system I have access to that has Cygwin's SSH set
up on it is one that's using AD and there when I login using public key or
password authentication, I'm always logged in as my user without elevated
privileges.  I'm not going to speculate about whether this is indicative of
proper operation or not for this environment.  I just offer it as another
observation.  That said, I will offer one speculation (because I

dash is unable to start scripts from non-ASCII paths in non-UTF8 locale

2017-05-31 Thread Andrey Repin 
Greetings, All!

Start native console with login shell,

:~
$ locale && mkdir тест && cd тест && printf '%s\n' '#!/bin/dash' 'echo 
"Works!"' > test.sh && ls -l test.sh
LANG=ru_RU.CP866
LC_CTYPE="ru_RU.CP866"
LC_NUMERIC="en_US"
LC_TIME="ru_RU.CP866"
LC_COLLATE="ru_RU.CP866"
LC_MONETARY="ru_RU.CP866"
LC_MESSAGES="en_US"
LC_ALL=
-rwxr-xr-x 1 anrdaemon None 26 июн  1 04:06 test.sh

:~/тест
$ ./test.sh
/bin/dash: 0: Can't open ./test.sh

:~/тест
$ bash ./test.sh
Works!


-- 
With best regards,
Andrey Repin
Thursday, June 1, 2017 03:56:45

Sorry for my terrible english...

Re: openssh: privilege separation no longer supported on Cygwin?

2017-05-31 Thread Brian Inglis 
On 2017-05-31 13:52, Marco Atzeri wrote:
> On 29/05/2017 11:48, Houder wrote:
>> On 2017-05-29 10:39, Marco Atzeri wrote:
>>> On 29/05/2017 07:23, Houder wrote:
>>
>> [snip]
 ... because, that is, I think, what I am seeing:

  - the userid of child sshd is still 'cyg_server' ...
  - and I get an elevated shell when I login ...

 Not what I expected ...

 Gr. Henri

>>>
>>> Hi Houder,
>>> please read the last Announcement
>>>
>>> https://sourceware.org/ml/cygwin-announce/2017-03/msg00028.html
>>
>> [snip]
>>> It seems you misunderstood the communication:
>>> - the possibility to NOT use "privilege separation" is deprecated
>>> - "privilege separation" will became mandatory
>>
>> Hi Marco,
>>
>> Sorry for the misunderstanding. Yes, to my knowledge, PS, privilege
>> separation, is now mandatory (using a new mechanism under Linux [1]).
>>
>> [1] sandboxing?
>>
>> Because of PS, I expect to see an UNprivileged sshd process talking
>> to the user process (where the ssh command has been executed).
>>
>> But above all, I expect an UNelevated shell when I login in ...
>>
>> However, what I get after login (after providing my credentials) is
>> an ELEVATED shell (yes, Administrators is part of the group set).
> 
> Is your user a member of Administrators ?
> 
>>
>> Now I wonder if this happens because I do NOT observe PS.
>>
>> Look below, please ... After executing the ssh command, ssh asks for
>> my credentials ... in stead of providing my credentials, I execute
>> the ps command in a second terminal. To my surprise, the grandchild
>> of the listener is executed using "cyg_server" and not "sshd" ...
>>
>> Currently, I am looking at:
>>
>> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview
>>
>> Regards,
>> Henri
>>
> 
> on my system as reported by lusrmgr.msc
> cyg_server is a privileged user member of Administrators
> sshd is a normal user as expected reading ssh-host-config.
> 
> The cyg_server account can setuid to other users
> otherwise you can not change user id:
> 
> $ pstree -u
> ?─┬─cygrunsrv(cyg_server)───sshd───sshd───bash(marco)───pstree
>   ├─mintty(marco)───bash───ssh
>   └─mintty(marco)───bash

You might want to look at the UG NT Security section on using LSA and
passwd -R to impersonate unprivileged userids.

Normally sshd is set up using the cyg_server account by ssh-host-config:
run cygrunsrv with -VQ (-QV doesn't work) to see most settings e.g.

$ cygrunsrv -VQ sshd
Service : sshd
Display name: CYGWIN sshd
Current State   : Running
Controls Accepted   : Stop, Preshutdown
Command : /usr/sbin/sshd -D
stdin path  : /dev/null
stdout path : /var/log/sshd.log
stderr path : /var/log/sshd.log
Process Type: Own Process
Startup : Automatic
Dependencies: cygserver, tcpip
Account : .\cyg_server

you can also check the Windows view with:

$ sc qc sshd
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: sshd
TYPE   : 10  WIN32_OWN_PROCESS
START_TYPE : 2   AUTO_START  (DELAYED)
ERROR_CONTROL  : 1   NORMAL
BINARY_PATH_NAME   : C:\...\cygwin64\bin\cygrunsrv.exe
LOAD_ORDER_GROUP   :
TAG: 0
DISPLAY_NAME   : CYGWIN sshd
DEPENDENCIES   : cygserver
   : tcpip
SERVICE_START_NAME : .\cyg_server

and I have a script that lists all service registry settings for
checking, and works with all Windows services, not just Cygwin services
started by cygrunsrv:

$ scqc.sh sshd
sshdDelayedAutostart  1
sshdDependOnService   cygserver  tcpip
sshdDisplayName   CYGWIN sshd
sshdErrorControl  1
sshdImagePath C:\...\cygwin64\bin\cygrunsrv.exe
sshdObjectName.\cyg_server
sshdParametersAppPath  AppArgs  Preshutdown
sshdStart 2
sshdType  16
sshdParameters/AppArgs-D
sshdParameters/AppPath/usr/sbin/sshd
sshdParameters/Preshutdown1

enabling you to easily see what service settings to change using sc or
registry commands like Cygwin regtool or Windows reg, as cygrunsrv does
not support all sc settings, or dynamic changes, only -R remove and -I
install, which stops the service. Parameters is a standard subkey also
used by other non-Cygwin services.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE!

2017-05-31 Thread Andrey Repin 
Greetings, Houder!

> Anyone out there, who uses AD, in stead of /etc/{passwd,group},

Nobody here uses "/etc/{passwd,group}" anymore, except for very special cases.
This is not related to AD.


-- 
With best regards,
Andrey Repin
Wednesday, May 31, 2017 23:14:34

Sorry for my terrible english...


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Setup v2.879 - can not scroll package list

2017-05-31 Thread Andrey Repin 
Greetings, Wayne Davison!

> On Wed, May 31, 2017 at 2:48 AM, David Balažic wrote:
>> it does not scroll the package list, instead it changes the selection
>> in the mentioned drop down menu.

> One thing you should be able to do to work around this is to go to the
> mouse settings and enable the "Scroll inactive windows when I hover
> over them" option.

Where's that option?

> That allows you to scroll the list as long as your
> mouse is pointing at it.


-- 
With best regards,
Andrey Repin
Wednesday, May 31, 2017 23:18:38

Sorry for my terrible english...

Re: Setup v2.879 - can not scroll package list

2017-05-31 Thread Vlado 

On 31.5.2017 17:04, Wayne Davison wrote:

On Wed, May 31, 2017 at 2:48 AM, David Balažic wrote:

it does not scroll the package list, instead it changes the selection
in the mentioned drop down menu.

One thing you should be able to do to work around this is to go to the
mouse settings and enable the "Scroll inactive windows when I hover
over them" option. That allows you to scroll the list as long as your
mouse is pointing at it.


In fact, this workaround depends on concrete mouse driver. On my system 
neither "HP Mouse Control center" nor "Mouse properties" in Control 
panel have "Scroll inactive windows when I hover over them" option.


Only workaround I found is to move focus to Search box.

Another problem with package list is this: Package's new status is 
changing by clicking only to "New" column with one exception. If status 
is "Keep", it is changed to "Uninstall" after click (even accidental) to 
any other column.


Perhaps someone more experienced than I will be so kind and make 
corrections.

Thanks in advance.

Vlado



--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: openssh: privilege separation no longer supported on Cygwin?

2017-05-31 Thread Marco Atzeri 

On 29/05/2017 11:48, Houder wrote:

On 2017-05-29 10:39, Marco Atzeri wrote:

On 29/05/2017 07:23, Houder wrote:


[snip]

... because, that is, I think, what I am seeing:

 - the userid of child sshd is still 'cyg_server' ...
 - and I get an elevated shell when I login ...

Not what I expected ...

Gr. Henri



Hi Houder,
please read the last Announcement

https://sourceware.org/ml/cygwin-announce/2017-03/msg00028.html


[snip]

It seems you misunderstood the communication:
- the possibility to NOT use "privilege separation" is deprecated
- "privilege separation" will became mandatory


Hi Marco,

Sorry for the misunderstanding. Yes, to my knowledge, PS, privilege
separation, is now mandatory (using a new mechanism under Linux [1]).

[1] sandboxing?

Because of PS, I expect to see an UNprivileged sshd process talking
to the user process (where the ssh command has been executed).

But above all, I expect an UNelevated shell when I login in ...

However, what I get after login (after providing my credentials) is
an ELEVATED shell (yes, Administrators is part of the group set).


Is your user a member of Administrators ?



Now I wonder if this happens because I do NOT observe PS.

Look below, please ... After executing the ssh command, ssh asks for
my credentials ... in stead of providing my credentials, I execute
the ps command in a second terminal. To my surprise, the grandchild
of the listener is executed using "cyg_server" and not "sshd" ...

Currently, I am looking at:

https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-setuid-overview

Regards,
Henri



on my system as reported by lusrmgr.msc
cyg_server is a privileged user member of Administrators
sshd is a normal user as expected reading ssh-host-config.

The cyg_server account can setuid to other users
otherwise you can not change user id:

$ pstree -u
?─┬─cygrunsrv(cyg_server)───sshd───sshd───bash(marco)───pstree
  ├─mintty(marco)───bash───ssh
  └─mintty(marco)───bash

Regards
Marco






--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Perl layout for 5.26+

2017-05-31 Thread Achim Gratz 
Yaakov Selkowitz writes:
> Using lib for archful things vs. share for noarch, and /usr/local for
> site*, is for compliance with FHS, and the latter avoids a lot of
> confusion over which should be used by packages.

Also, why do you propose to drop archname from the *arch directories?
This would make it impossible to put these on shared drives, so I'm
more inclined to leave these as they were.

prefix="/usr"
siteprefix="/usr/local"
vendorprefix="/usr"

vendorman1dir="${vendorprefix}/share/man/man1"
vendorman3dir="${vendorprefix}/share/man/man3"
html1dir="${prefix}/share/doc/perl/html/html1"
html3dir="${prefix}/share/doc/perl/html/html3"
sitehtml1dir="${siteprefix}/share/doc/perl/html/html1"
sitehtml3dir="${siteprefix}/share/doc/perl/html/html3"
vendorhtml1dir="${vendorprefix}/share/doc/perl/html/html1"
vendorhtml3dir="${vendorprefix}/share/doc/perl/html/html3"

archname=${ARCHNAME}
privlib="${prefix}/share/perl5/${PERLV}"
sitelib="${siteprefix}/share/perl5/site_perl/${PERLV}"
vendorlib="${vendorprefix}/lib/perl5/vendor_perl/${PERLV}"
archlib="${prefix}/lib/perl5/${PERLV}/${ARCHNAME}"
sitearch="${siteprefix}/lib/perl5/vendor_perl/${PERLV}/${ARCHNAME}"
vendorarch="${vendorprefix}/lib/perl5/site_perl/${PERLV}/${ARCHNAME}"

sitebin="${siteprefix}/bin"
sitescript="${siteprefix}/bin"

I would also leave the versioning on the noarch dirs.  We need to do a
full rebuild for 5.26 anyway and for 5.28 we can just as easily include
the previous version of the noarch directories in @INC if that is known
to work just like we did between 5.10 and 5.14.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Q+, Q and microQ:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE!

2017-05-31 Thread cyg Simple 
On 5/31/2017 12:34 PM, Houder wrote:
> On Wed, 31 May 2017 10:59:38, cyg Simple wrote:
>> On 5/31/2017 10:16 AM, Houder wrote:
>>> On Wed, 31 May 2017 09:27:02, cyg Simple wrote:
>>>
>>> [snip]
 All of this talk of /etc/passwd leads me to point you to
 https://cygwin.com/cygwin-ug-net/ntsec.html.
>>>
>>> cyg,
>>>
>>> Do you want me to study that text a second, third, fourth or Xth time ...?
>>>
>>
>> Yes, especially section
>> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping where it
>> explains that /etc/passwd and /etc/group are now deprecated and it's use
>> is for backward compatibility and that you should be using
>> /etc/nsswitch.conf[1] instead.  Have you attempted this?
>>
>> [1] https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch
> 
> Actually, that text reads:
> 
>  = Mapping Windows SIDs to POSIX uid/gid values:
> 
>   * Read /etc/passwd and /etc/group files if they exist, just as in the olden
> days, mainly for backward compatibility.
> -
> 
> It does not stipulate that these files are no longer supported ... Corinna did
> not dare to proclaim them "deprecated".
> 
> Do I use the file /etc/nsswitch.conf? Yes, certainly. As shown in:
> 
> https://cygwin.com/ml/cygwin/2017-05/msg00456.html
> (see bottom of post)
> 
> Do you want me to drop /etc/{passwd,group} files. Yes, you do. I will not.
> 

That choice is yours but they are needless except for very limited needs.

> Moreover, it is completely irrelevant from a logical point of view  whether
> /etc/{passwd,group) or AD is used to maintain the "network administration".
> 

So what.  You have to maintain separate multiple databases for the same
user.

Just give removing these two files a try to see if you have good success.

-- 
cyg Simple

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE!

2017-05-31 Thread Houder 
On Wed, 31 May 2017 10:59:38, cyg Simple wrote:
> On 5/31/2017 10:16 AM, Houder wrote:
> > On Wed, 31 May 2017 09:27:02, cyg Simple wrote:
> > 
> > [snip]
> >> All of this talk of /etc/passwd leads me to point you to
> >> https://cygwin.com/cygwin-ug-net/ntsec.html.
> > 
> > cyg,
> > 
> > Do you want me to study that text a second, third, fourth or Xth time ...?
> > 
> 
> Yes, especially section
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping where it
> explains that /etc/passwd and /etc/group are now deprecated and it's use
> is for backward compatibility and that you should be using
> /etc/nsswitch.conf[1] instead.  Have you attempted this?
> 
> [1] https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch

Actually, that text reads:

 = Mapping Windows SIDs to POSIX uid/gid values:

  * Read /etc/passwd and /etc/group files if they exist, just as in the olden
days, mainly for backward compatibility.
-

It does not stipulate that these files are no longer supported ... Corinna did
not dare to proclaim them "deprecated".

Do I use the file /etc/nsswitch.conf? Yes, certainly. As shown in:

https://cygwin.com/ml/cygwin/2017-05/msg00456.html
(see bottom of post)

Do you want me to drop /etc/{passwd,group} files. Yes, you do. I will not.

Moreover, it is completely irrelevant from a logical point of view  whether
/etc/{passwd,group) or AD is used to maintain the "network administration".

Regards,

Henri


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Setup v2.879 - can not scroll package list

2017-05-31 Thread Wayne Davison 
On Wed, May 31, 2017 at 2:48 AM, David Balažic wrote:
> it does not scroll the package list, instead it changes the selection
> in the mentioned drop down menu.

One thing you should be able to do to work around this is to go to the
mouse settings and enable the "Scroll inactive windows when I hover
over them" option. That allows you to scroll the list as long as your
mouse is pointing at it.

..wayne..

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE!

2017-05-31 Thread cyg Simple 
On 5/31/2017 10:16 AM, Houder wrote:
> On Wed, 31 May 2017 09:27:02, cyg Simple wrote:
> 
> [snip]
>> All of this talk of /etc/passwd leads me to point you to
>> https://cygwin.com/cygwin-ug-net/ntsec.html.
> 
> cyg,
> 
> Do you want me to study that text a second, third, fourth or Xth time ...?
> 

Yes, especially section
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping where it
explains that /etc/passwd and /etc/group are now deprecated and it's use
is for backward compatibility and that you should be using
/etc/nsswitch.conf[1] instead.  Have you attempted this?

[1] https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch

-- 
cyg Simple

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: two installer questions

2017-05-31 Thread Jon Turney 

On 31/05/2017 03:30, Lloyd Wood via cygwin wrote:

1. setting up new cygwin X server, got stuff installed
by selecting xinit in installer and letting it pull things
in. (oddly, selecting xterm instead does not pull in
everything as I expected.)


You need to amend your expectations.

It's policy that X clients do not require the X server, as you may be 
using a different X server, or using the X clients remotely.



But why is adwaita-icon-theme a necessary dependency for xinit?
I'm not installing gnome...


The depchain is xinit -> xwin-xdg-menu -> adwaita-icon-theme

The package provides some icons used by xwin-xdg-menu.


2. I previously deliberately installed the older Tcl/Tk 8.5.18
instead of 8.6. rerunning the installer to add in more X stuff
automagically updated to 8.6 again. Shouldn't a specific
version chosen in a previous install be sticky somehow,
or ask if an update is desired? The ability to freeze selected
packages while everything else updates, and know about it,
seems useful to me.


If you select "Keep" rather than "Current" at the top of the package 
picker, you should be able to choose additional packages for 
installation without upgrading existing packages.


But yes, marking package versions which are explicitly selected to be 
held at that version would be a good idea...


... such a good idea it was added to the setup wishlist in 2003 [1]. 
It's a pity that in the intervening ~14 years nothing has happened, but 
there you are.


[1] 
https://sourceware.org/git/gitweb.cgi?p=cygwin-setup.git;a=commitdiff;h=3c206e03b9ffc27cff4f8a925390f57ba1f9f83f


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE! -- minor correction

2017-05-31 Thread Houder 
On Wed, 31 May 2017 16:16:38, Houder wrote:

[snip]
> Anyone out there, who uses AD, in stead of /etc/{passwd,group}, and is brave
> enough to delete the sshd account? Is ssh still working?

i.e. NOT from AD, but delete as an account (net user sshd /delete).

Regards,

Henri


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE!

2017-05-31 Thread Houder 
On Wed, 31 May 2017 09:27:02, cyg Simple wrote:

[snip]
> All of this talk of /etc/passwd leads me to point you to
> https://cygwin.com/cygwin-ug-net/ntsec.html.

cyg,

Do you want me to study that text a second, third, fourth or Xth time ...?

However, let me take another angle now ...

Active Directory is just Microsoft's version of the 'network database', a way
to keep housekeeping in a centralized manner (like NIS).

Agreed?

Anyone out there, who uses AD, in stead of /etc/{passwd,group}, and observes
that the grandchild of the listener is executed by user "sshd"?

Anyone out there, who uses AD, in stead of /etc/{passwd,group}, and is brave
enough to delete the sshd account? Is ssh still working?

Now you might say that I am "a bit aggressive" above (yes, I _do_ feel a bit
peevish). However I would like to see arguments that stick and/or proof that
shows me wrong.

Larry Hall replied with an argument, you did not (neither did Andrey Repin).

Regards,

Henri


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE!

2017-05-31 Thread cyg Simple 
On 5/31/2017 5:37 AM, Houder wrote:
> On Tue, 30 May 2017 21:28:41, "Larry Hall (Cygwin)" wrote:
> 
> [snip]
>> Cygwin's link to the Windows user ID is through the UID/SID mapping.  In
>> your case, you're apparently using /etc/passwd and so that's where the
>> mapping happens.  You can map the UID of a Cygwin user to any valid Windows
>> SID by editing the SID as you did.  This doesn't change how things look in
>> the Cygwin environment (i.e. the UID and user name are still the same) but
>> it does make a difference to Windows.  So the fact that you can change the
>> SID for the 'sshd' user and still get it to run is not all that surprising,
>> assuming that the new Windows SID that you're using as 'sshd' now has at
>> least similar permissions.  Of course, if you remove Cygwin's understanding
>> of 'sshd' so that it can't do the mapping of UID to SID or even have a
>> valid UID, then subsequent problems are not unexpected.
> 
> Hi Larry,
> 
> Thanks for your reply! Discussion!
> 
> First of all, I do not pretend to know Windows ... neither do I pretend that I
> know more about ssh/Cygwin than Corinna does (basically, I know not very 
> much).
> 
> .. the only thing I am able to, is "observe" (and I may interpret wrong), and
> may have done "stupid" things. That is why your reply is appreciated by me.
> 
> Now back to your reply:
> 
> I had modified /etc/password as follows: (note the  in the sid)
> 
> sshd:*:1015:513:U-Seven\sshd,S-1-5-21-91509220-1575020443-2714799223-:/var/empty:/bin/false
> 
> However, just now I modified it as follows:
> 
> sshd:*:1015:513:U-Seven\sshd,S-1-5-21--xx-xx-:/var/empty:/bin/false
> 
> (again changed the sshd service into 'automatic'), and rebooted the system.
> 
> After system reboot, an elevated shell is started ...
> (the ampersand sign at the end of the prompt indicates it is an elevated 
> shell)

All of this talk of /etc/passwd leads me to point you to
https://cygwin.com/cygwin-ug-net/ntsec.html.

-- 
cyg Simple

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: Bug in lrzip 0.631-1 (32 bit version) with -d -o - options

2017-05-31 Thread David Balažic 
This still doesn't work.
All current versions, including cygwin 2.8.0-1.

Result same as in above testcase.
64 bit version works fine.

PS: Compressing the test.iso (or its already compressed version) in 32
bit environment with:
lrzip  -o doppel.lrz  test.iso(.lrz)
Gives:
Unable to malloc buffer of size 309956175 in flush_buffer
Fatal error - exiting

So in 32 bit, lrzip is seriously borken and should maybe be removed.


Regards,
David

On 5 February 2017 at 15:19, David Balažic  wrote:
> On 5 February 2017 at 07:37, Marco Atzeri  wrote:
>> can you check if latest cygwin test solves the issue ?
>
> I did, it doesn't, see my previous message in thread.
>
> David

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

[PATCH setup 12/14] Use solver to check for problems and produce a list of package transactions

2017-05-31 Thread Jon Turney 
Convert chooser UI selections into a SolverTaskList

Apply SolverSolution to that task list (with choice of keep, upgrade,
upgrade with test, IncludeSource) to produce a vector of SolverTransactions.
Store a solution object in packagedb

The transaction list returned by the solver is postprocessed to add
reinstall and IncludeSource actions

Very crudely present solver problems in the PrereqChecker page UI, as text.
Change tickbox to say "accept default solutions" and don't allow to preceed
unless those solutions are accepted (ideally we would have a UI to choose
solutions).  Remove warning about missing dependencies.

Also pass initial trust state to PrereqChecker
---
 choose.cc |   7 +-
 libsolv.cc| 244 ++
 libsolv.h |  84 
 package_db.cc |   1 +
 package_db.h  |   1 +
 prereq.cc | 207 +++--
 prereq.h  |  22 ++
 res.rc|   4 +-
 8 files changed, 393 insertions(+), 177 deletions(-)

diff --git a/choose.cc b/choose.cc
index abfc14a..db8f561 100644
--- a/choose.cc
+++ b/choose.cc
@@ -153,6 +153,8 @@ ChooserPage::createListview ()
   /* FIXME: do we need to init the desired fields ? */
   static int ta[] = { IDC_CHOOSE_KEEP, IDC_CHOOSE_CURR, IDC_CHOOSE_EXP, 0 };
   rbset (GetHWND (), ta, IDC_CHOOSE_CURR);
+  changeTrust (TRUST_CURR);
+
   ClearBusy ();
 }
 
@@ -364,6 +366,8 @@ ChooserPage::keepClicked()
   pkg.desired = pkg.installed;
 }
   chooser->refresh();
+
+  PrereqChecker::setUpgrade(false);
 }
 
 void
@@ -372,7 +376,8 @@ ChooserPage::changeTrust(trusts aTrust)
   SetBusy ();
   chooser->defaultTrust (aTrust);
   chooser->refresh();
-  PrereqChecker::setTrust (aTrust);
+  PrereqChecker::setUpgrade(true);
+  PrereqChecker::setTestPackages(aTrust == TRUST_TEST);
   ClearBusy ();
 }
 
diff --git a/libsolv.cc b/libsolv.cc
index 67c68b5..df0af3d 100644
--- a/libsolv.cc
+++ b/libsolv.cc
@@ -18,6 +18,7 @@
 #include "solv/evr.h"
 
 #include "LogSingleton.h"
+#include  
 
 // ---
 // Utility functions for mapping between Operators and Relation Ids
@@ -441,3 +442,246 @@ SolverPool::internalize()
   repodata_internalize(i->second->data);
 }
 }
+
+
+void
+SolverPool::use_test_packages(bool use_test_packages)
+{
+  // Only enable repos containing test packages if wanted
+  for (RepoList::iterator i = repos.begin();
+   i != repos.end();
+   i++)
+{
+  if (i->second->test)
+{
+  i->second->repo->disabled = !use_test_packages;
+}
+}
+}
+
+// ---
+// implements class SolverSolution
+//
+// A wrapper around the libsolv solver
+// ---
+
+SolverSolution::~SolverSolution()
+{
+  if (solv)
+{
+  solver_free(solv);
+  solv = NULL;
+}
+}
+
+static
+std::ostream <<(std::ostream ,
+ SolverTransaction::transType type)
+{
+  switch (type)
+{
+case SolverTransaction::transInstall:
+  stream << "install";
+  break;
+case SolverTransaction::transErase:
+  stream << "erase";
+  break;
+default:
+  stream << "unknown";
+}
+  return stream;
+}
+
+bool
+SolverSolution::update(SolverTasks , bool update, bool 
use_test_packages, bool include_source)
+{
+  Log (LOG_PLAIN) << "solving: " << tasks.tasks.size() << " tasks," <<
+" update: " << (update ? "yes" : "no") << "," <<
+" use test packages: " << (use_test_packages ? "yes" : "no") << "," <<
+" include_source: " << (include_source ? "yes" : "no") << endLog;
+
+  pool.use_test_packages(use_test_packages);
+
+  Queue job;
+  queue_init();
+  // solver accepts a queue containing pairs of (cmd, id) tasks
+  // cmd is job and selection flags ORed together
+  for (SolverTasks::taskList::const_iterator i = tasks.tasks.begin();
+   i != tasks.tasks.end();
+   i++)
+{
+  const SolvableVersion  = (*i).first;
+
+  switch ((*i).second)
+{
+case SolverTasks::taskInstall:
+  queue_push2(, SOLVER_INSTALL | SOLVER_SOLVABLE, sv.id);
+  break;
+case SolverTasks::taskUninstall:
+  queue_push2(, SOLVER_ERASE | SOLVER_SOLVABLE, sv.id);
+  break;
+case SolverTasks::taskReinstall:
+  // we don't know how to ask solver for this, so we just add the erase
+  // and install later
+  break;
+default:
+  Log (LOG_PLAIN) << "unknown task " << (*i).second << endLog;
+}
+}
+
+  if (update)
+queue_push2(, SOLVER_UPDATE | SOLVER_SOLVABLE_ALL, 0);
+
+  if (!solv)
+solv = solver_create(pool.pool);
+
+  solver_set_flag(solv, SOLVER_FLAG_ALLOW_VENDORCHANGE, 1);
+  solver_set_flag(solv, SOLVER_FLAG_ALLOW_DOWNGRADE, 0);
+  solver_solve(solv, );
+  queue_free();
+
+  int pcnt

[PATCH setup 11/14] Drop in SolvableVersion as a replacement for packageversion

2017-05-31 Thread Jon Turney 
---
 Makefile.am|  1 +
 PackageSpecification.h |  4 +++-
 package_db.cc  |  1 +
 package_meta.h |  3 ++-
 package_version.h  | 21 +
 5 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 package_version.h

diff --git a/Makefile.am b/Makefile.am
index 7ea9d89..7fe4b2f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -208,6 +208,7 @@ inilint_SOURCES = \
package_meta.h \
package_source.cc \
package_source.h \
+   package_version.h \
PackageSpecification.cc \
PackageSpecification.h \
PackageTrust.h \
diff --git a/PackageSpecification.h b/PackageSpecification.h
index ef992fa..0706ec8 100644
--- a/PackageSpecification.h
+++ b/PackageSpecification.h
@@ -18,7 +18,9 @@
 
 #include 
 #include "String++.h"
-class packageversion;
+
+class SolvableVersion;
+typedef SolvableVersion packageversion;
 
 /* Describe a package - i.e. we need version 5 of apt */
 
diff --git a/package_db.cc b/package_db.cc
index ae71900..123e4f3 100644
--- a/package_db.cc
+++ b/package_db.cc
@@ -31,6 +31,7 @@
 #include "compress.h"
 
 #include "filemanip.h"
+#include "package_version.h"
 #include "package_db.h"
 #include "package_meta.h"
 #include "Exception.h"
diff --git a/package_meta.h b/package_meta.h
index 421646a..b6faab8 100644
--- a/package_meta.h
+++ b/package_meta.h
@@ -16,7 +16,8 @@
 #ifndef SETUP_PACKAGE_META_H
 #define SETUP_PACKAGE_META_H
 
-class packageversion;
+class SolvableVersion;
+typedef SolvableVersion packageversion;
 class packagemeta;
 
 #include 
diff --git a/package_version.h b/package_version.h
new file mode 100644
index 000..43cf146
--- /dev/null
+++ b/package_version.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2017 Jon Turney
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * A copy of the GNU General Public License can be found at
+ * http://www.gnu.org/
+ *
+ */
+
+#ifndef PACKAGE_VERSION_H
+#define PACKAGE_VERSION_H
+
+#include "libsolv.h"
+
+typedef SolvableVersion packageversion;
+
+#endif // PACKAGE_VERSION_H
-- 
2.12.3

[PATCH setup 13/14] Download/checksum/install/uninstall what transaction wants

2017-05-31 Thread Jon Turney 
Some of this goes rather around the houses to avoid lots of churm: In lots
of cases, we're looking up packagemeta for a given packageversion just so we
can use the pacakgemeta to access the name, which we could do via
packageversion just as easily.

We do actually need packagmeta for a couple of things: To note the package
as installed/uninstalled, and to note postinstalls scripts.

If IncludeSource is on source packages installs will have been added to the
task list in post-processing, so we don't need to handle that specially
anymore.

Source packages to be installed are kept in a separate queue as they are
installed differently to binary packages (root is /usr/src, install isn't
recorded, etc.)
---
 download.cc |  71 ++
 install.cc  | 102 
 2 files changed, 64 insertions(+), 109 deletions(-)

diff --git a/download.cc b/download.cc
index fda175f..4b2fb6f 100644
--- a/download.cc
+++ b/download.cc
@@ -44,14 +44,10 @@
 
 #include "Exception.h"
 
-#include "getopt++/BoolOption.h"
-
 using namespace std;
 
 extern ThreeBarProgressPage Progress;
 
-BoolOption IncludeSource (false, 'I', "include-source", "Automatically include 
source download");
-
 static bool
 validateCachedPackage (const std::string& fullname, packagesource & pkgsource)
 {
@@ -202,59 +198,38 @@ do_download_thread (HINSTANCE h, HWND owner)
   Progress.SetText3 ("");
 
   packagedb db;
-  /* calculate the amount needed */
-  for (packagedb::packagecollection::iterator i = db.packages.begin ();
-   i != db.packages.end (); ++i)
+  const SolverTransactionList  = db.solution.transactions();
+
+  /* calculate the total size of the download */
+  for (SolverTransactionList::const_iterator i = t.begin (); i != t.end (); 
++i)
 {
-  packagemeta & pkg = *(i->second);
-  if (pkg.picked () || pkg.srcpicked ())
-   {
- packageversion version = pkg.desired;
- packageversion sourceversion = version.sourcePackage();
- try 
-   {
- if (pkg.picked())
-   {
-   if (!check_for_cached (*version.source()))
- total_download_bytes += version.source()->size;
-   }
- if (pkg.srcpicked () || IncludeSource)
-   {
-   if (!check_for_cached (*sourceversion.source()))
- total_download_bytes += sourceversion.source()->size;
-   }
-   }
- catch (Exception * e)
-   {
- // We know what to do with these..
- if (e->errNo() == APPERR_CORRUPT_PACKAGE)
-   fatal (owner, IDS_CORRUPT_PACKAGE, pkg.name.c_str());
- // Unexpected exception.
- throw e;
-   }
-   }
+  packageversion version = i->version;
+
+  try
+{
+  if (!check_for_cached (*version.source()))
+total_download_bytes += version.source()->size;
+}
+  catch (Exception * e)
+{
+  // We know what to do with these..
+  if (e->errNo() == APPERR_CORRUPT_PACKAGE)
+fatal (owner, IDS_CORRUPT_PACKAGE, version.Name().c_str());
+  // Unexpected exception.
+  throw e;
+}
 }
 
   /* and do the download. FIXME: This here we assign a new name for the cached 
version
* and check that above.
*/
-  for (packagedb::packagecollection::iterator i = db.packages.begin ();
-   i != db.packages.end (); ++i)
+  for (SolverTransactionList::const_iterator i = t.begin (); i != t.end (); 
++i)
 {
-  packagemeta & pkg = *(i->second);
-  if (pkg.picked () || pkg.srcpicked ())
+  packageversion version = i->version;
+
{
  int e = 0;
- packageversion version = pkg.desired;
- packageversion sourceversion = version.sourcePackage();
- if (pkg.picked())
-   {
-   e += download_one (*version.source(), owner);
-   }
- if (sourceversion && (pkg.srcpicked() || IncludeSource))
-   {
-   e += download_one (*sourceversion.source (), owner);
-   }
+ e += download_one (*version.source(), owner);
  errors += e;
 #if 0
  if (e)
diff --git a/install.cc b/install.cc
index 9c4c01b..94c2b16 100644
--- a/install.cc
+++ b/install.cc
@@ -69,7 +69,6 @@ static long long int total_bytes = 0;
 static long long int total_bytes_sofar = 0;
 static int package_bytes = 0;
 
-extern BoolOption IncludeSource;
 static BoolOption NoReplaceOnReboot (false, 'r', "no-replaceonreboot",
 "Disable replacing in-use files on next "
 "reboot.");
@@ -799,84 +798,61 @@ do_install_thread (HINSTANCE h, HWND owner)
   /* Writes Cygwin/setup/rootdir registry value */
   create_install_root ();
 
-  vector  install_q, uninstall_q, sourceinstall_q;
+  vector  install_q, uninstall_q,

[PATCH setup 14/14] Add obsoletes: support

2017-05-31 Thread Jon Turney 
Note that we need separate depends and obsoletes nodelists
---
 IniDBBuilderPackage.cc | 23 ++-
 IniDBBuilderPackage.h  |  5 -
 inilex.ll  |  1 +
 iniparse.yy|  3 +++
 libsolv.cc |  2 ++
 libsolv.h  |  1 +
 package_db.cc  |  1 +
 7 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/IniDBBuilderPackage.cc b/IniDBBuilderPackage.cc
index b929c7e..4e92961 100644
--- a/IniDBBuilderPackage.cc
+++ b/IniDBBuilderPackage.cc
@@ -88,7 +88,9 @@ IniDBBuilderPackage::buildPackage (const std::string& _name)
   cbpv.archive = packagesource();
 
   currentSpec = NULL;
-  currentNodeList = PackageDepends();
+  currentNodeList = NULL;
+  dependsNodeList = PackageDepends();
+  obsoletesNodeList = PackageDepends();
 #if DEBUG
   Log (LOG_BABBLE) << "Created package " << name << endLog;
 #endif
@@ -208,8 +210,9 @@ IniDBBuilderPackage::buildBeginDepends ()
   Log (LOG_BABBLE) << "Beginning of a depends statement " << endLog;
 #endif
   currentSpec = NULL;
-  currentNodeList = PackageDepends();
-  cbpv.requires = 
+  dependsNodeList= PackageDepends();
+  currentNodeList = 
+  cbpv.requires = 
 }
 
 void
@@ -219,11 +222,20 @@ IniDBBuilderPackage::buildBeginBuildDepends ()
   Log (LOG_BABBLE) << "Beginning of a Build-Depends statement" << endLog;
 #endif
   currentSpec = NULL;
-  currentNodeList = PackageDepends();
+  currentNodeList = NULL;
   /* there is currently nowhere to store Build-Depends information */
 }
 
 void
+IniDBBuilderPackage::buildBeginObsoletes ()
+{
+  currentSpec = NULL;
+  obsoletesNodeList =   PackageDepends();
+  currentNodeList = 
+  cbpv.obsoletes = 
+}
+
+void
 IniDBBuilderPackage::buildSourceName (const std::string& _name)
 {
   // When there is a Source: line, that names a real source package
@@ -247,7 +259,8 @@ IniDBBuilderPackage::buildPackageListNode (const 
std::string & name)
   Log (LOG_BABBLE) << "New node '" << name << "' for package list" << endLog;
 #endif
   currentSpec = new PackageSpecification (name);
-  currentNodeList.push_back (currentSpec);
+  if (currentNodeList)
+currentNodeList->push_back (currentSpec);
 }
 
 void
diff --git a/IniDBBuilderPackage.h b/IniDBBuilderPackage.h
index 307d2b5..4e34680 100644
--- a/IniDBBuilderPackage.h
+++ b/IniDBBuilderPackage.h
@@ -57,6 +57,7 @@ public:
 
   void buildBeginDepends ();
   void buildBeginBuildDepends ();
+  void buildBeginObsoletes ();
   void buildMessage (const std::string&, const std::string&);
   void buildSourceName (const std::string& );
   void buildSourceNameVersion (const std::string& );
@@ -83,7 +84,9 @@ private:
   std::string message_id;
   std::string message_string;
   PackageSpecification *currentSpec;
-  PackageDepends currentNodeList;
+  PackageDepends *currentNodeList;
+  PackageDepends dependsNodeList;
+  PackageDepends obsoletesNodeList;
   SolverPool::addPackageData cbpv;
 
   IniParseFeedback const &_feedback;
diff --git a/inilex.ll b/inilex.ll
index 13422b1..698775c 100644
--- a/inilex.ll
+++ b/inilex.ll
@@ -122,6 +122,7 @@ B64 [a-zA-Z0-9_-]
 "category:"|"Section:" return CATEGORY;
 "requires:"return REQUIRES;
 [dD]"epends:"  return DEPENDS;
+[oO]"bsoletes:"return OBSOLETES;
 
 ^{STR}":"  ignore_line ();
 
diff --git a/iniparse.yy b/iniparse.yy
index 18ebe2a..3b74e36 100644
--- a/iniparse.yy
+++ b/iniparse.yy
@@ -45,6 +45,7 @@ extern int yylineno;
 %token COMMA NL AT
 %token OPENBRACE CLOSEBRACE EQUAL GT LT GTEQUAL LTEQUAL 
 %token BUILDDEPENDS
+%token OBSOLETES
 %token MESSAGE
 %token ARCH RELEASE
 
@@ -103,6 +104,8 @@ singleitem /* non-empty */
  | DEPENDS { iniBuilder->buildBeginDepends(); } versionedpackagelist NL
  | REQUIRES { iniBuilder->buildBeginDepends(); } versionedpackagelistsp NL
  | BUILDDEPENDS { iniBuilder->buildBeginBuildDepends(); } versionedpackagelist 
NL
+ | OBSOLETES { iniBuilder->buildBeginObsoletes(); } versionedpackagelist NL
+
  | MESSAGE STRING STRING NL{ iniBuilder->buildMessage ($2, $3); }
  | error NL{ yyerror (std::string("unrecognized line ")
  + stringify(yylineno)
diff --git a/libsolv.cc b/libsolv.cc
index df0af3d..f509617 100644
--- a/libsolv.cc
+++ b/libsolv.cc
@@ -350,6 +350,8 @@ SolverPool::addPackage(const std::string& pkgname, const 
addPackageData 
   solvable->provides = repo_addid_dep(repo, solvable->provides, 
pool_rel2id(pool, solvable->name, solvable->evr, REL_EQ, 1), 0);
   if (pkgdata.requires)
 solvable->requires = makedeps(repo, pkgdata.requires);
+  if (pkgdata.obsoletes)
+solvable->obsoletes = makedeps(repo, pkgdata.obsoletes);
 
   /* a solvable can also store arbitrary attributes not needed for dependency
  resolution, if we need them */
diff --git a/libsolv.h b/libsolv.h
index 43b37d2..be518e9 100644
--- a/libsolv.h
+++ b/libsolv.h
@@ -130,6 +130,7 @@ public:
 PackageSpecification spkg;
 SolvableVersion spkg_id;
 PackageDepends *requires;
+

[PATCH setup 08/14] Change to using a libsolv pool for storing package information

2017-05-31 Thread Jon Turney 
Add class SolverVersion, a wrapper around a Solvable Id. The interface is
similar to class packageversion, the name change is just to make sure I've
got everything.

Place test packages into separate repos.

Expressing that curr: packages are preferred to prev: ones when that is not
the version number ordering should be done with epoch numbers.

Wire up various bits of data in packageversion to Solvable attributes,
including sourcepackage, stability, archive (packagesource) and depends.

Store sourcePackage() by the id rather than name, for much faster lookup.

SolverVersions for the same package can be ordered and compared by evr.

Factor out packagedb:addBinary() and also use it in IniDBBuilder, rather
that inlining the process of adding a package there. Add an analagous
packagedb:addSource() to do the same thing for source packages.

Change to reading installed.db after setup.ini's have been read, so we can
supplement the installed.db packages with information from setup.ini.

Make packagemeta::add_version() check for successful insertion of version.
Record the version at a stability level. The last version wins in setting
curr/test.

Use a Solver object inside packagedb

XXX: All SolvableVersion methods need to check for null solvable?
---
 IniDBBuilderPackage.cc  | 304 ++---
 IniDBBuilderPackage.h   |  28 +--
 Makefile.am |   4 +-
 PackageSpecification.cc |  12 ++
 PackageSpecification.h  |   3 +
 configure.ac|   1 +
 ini.cc  |   5 +-
 libsolv.cc  | 443 
 libsolv.h   | 146 
 package_db.cc   |  90 --
 package_db.h|   6 +
 package_meta.cc | 101 ---
 package_meta.h  |   6 +-
 13 files changed, 887 insertions(+), 262 deletions(-)
 create mode 100644 libsolv.cc
 create mode 100644 libsolv.h

diff --git a/IniDBBuilderPackage.cc b/IniDBBuilderPackage.cc
index fb200a8..b929c7e 100644
--- a/IniDBBuilderPackage.cc
+++ b/IniDBBuilderPackage.cc
@@ -22,8 +22,6 @@
 #include "IniParseFeedback.h"
 #include "package_db.h"
 #include "package_meta.h"
-#include "package_version.h"
-#include "cygpackage.h"
 #include "ini.h"
 // for strtoul
 #include 
@@ -34,7 +32,7 @@
 using namespace std;
 
 IniDBBuilderPackage::IniDBBuilderPackage (IniParseFeedback const ) :
-cp (0), cbpv (), cspv (), currentSpec (0), _feedback (aFeedback){}
+currentSpec (0), _feedback (aFeedback){}
 
 IniDBBuilderPackage::~IniDBBuilderPackage()
 {
@@ -67,31 +65,28 @@ IniDBBuilderPackage::buildVersion (const std::string& 
aVersion)
 }
 
 void
-IniDBBuilderPackage::buildPackage (const std::string& name)
+IniDBBuilderPackage::buildPackage (const std::string& _name)
 {
-#if DEBUG
-  if (cp)
-{
-  Log (LOG_BABBLE) << "Finished with package " << cp->name << endLog;
-  if (cbpv)
-   {
- Log (LOG_BABBLE) << "Version " << cbpv.Canonical_version() << endLog;
- Log (LOG_BABBLE) << "Depends:";
- dumpPackageDepends (cbpv.depends(), Log (LOG_BABBLE));
- Log (LOG_BABBLE) << endLog;
-   }
-}
-#endif
-  packagedb db;
-  cp = db.findBinary (PackageSpecification(name));
-  if (!cp)
-{
-  cp = new packagemeta (name);
-  db.packages.insert 
(packagedb::packagecollection::value_type(cp->name,cp));
-}
-  cbpv = cygpackage::createInstance (name, package_binary);
-  cbpv.SetStability(TRUST_CURR);
-  cspv = packageversion ();
+  process();
+
+  /* Reset for next package */
+  name = _name;
+  message_id = "";
+  message_string = "";
+  categories.clear();
+
+  cbpv.reponame = release;
+  cbpv.version = "";
+  cbpv.vendor = release;
+  cbpv.sdesc = "";
+  cbpv.ldesc = "";
+  cbpv.stability = TRUST_CURR;
+  cbpv.type = package_binary;
+  cbpv.spkg = PackageSpecification();
+  cbpv.spkg_id = packageversion();
+  cbpv.requires = NULL;
+  cbpv.archive = packagesource();
+
   currentSpec = NULL;
   currentNodeList = PackageDepends();
 #if DEBUG
@@ -102,20 +97,19 @@ IniDBBuilderPackage::buildPackage (const std::string& name)
 void
 IniDBBuilderPackage::buildPackageVersion (const std::string& version)
 {
-  cbpv.setCanonicalVersion (version);
-  add_correct_version();
+  cbpv.version = version;
 }
 
 void
 IniDBBuilderPackage::buildPackageSDesc (const std::string& theDesc)
 {
-  cbpv.set_sdesc(theDesc);
+  cbpv.sdesc = theDesc;
 }
 
 void
 IniDBBuilderPackage::buildPackageLDesc (const std::string& theDesc)
 {
-  cbpv.set_ldesc(theDesc);
+  cbpv.ldesc = theDesc;
 }
 
 void
@@ -124,21 +118,23 @@ IniDBBuilderPackage::buildPackageInstall (const 
std::string& path,
   char *hash,
   hashType type)
 {
-  process_src (*cbpv.source(), path);
-  setSourceSize (*cbpv.source(), size);
+  // set archive path, size, mirror, hash
+  cbpv.archive.set_canonical(path.c_str());
+  cbpv.archive.size = atoi(size.c_str());
+

[PATCH setup 10/14] Remove packageversion class

2017-05-31 Thread Jon Turney 
Remove packageversion, _packageversion, defaultversion classes
---
 Makefile.am|   2 -
 PickPackageLine.cc |   1 -
 PickView.cc|   1 -
 choose.cc  |   1 -
 desktop.cc |   1 -
 download.cc|   1 -
 package_db.cc  |   2 -
 package_meta.cc|   3 -
 package_version.cc | 334 -
 package_version.h  | 168 ---
 10 files changed, 514 deletions(-)
 delete mode 100644 package_version.cc
 delete mode 100644 package_version.h

diff --git a/Makefile.am b/Makefile.am
index 27bb8f1..7ea9d89 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -208,8 +208,6 @@ inilint_SOURCES = \
package_meta.h \
package_source.cc \
package_source.h \
-   package_version.cc \
-   package_version.h \
PackageSpecification.cc \
PackageSpecification.h \
PackageTrust.h \
diff --git a/PickPackageLine.cc b/PickPackageLine.cc
index 95c1557..6f44192 100644
--- a/PickPackageLine.cc
+++ b/PickPackageLine.cc
@@ -16,7 +16,6 @@
 #include "PickPackageLine.h"
 #include "PickView.h"
 #include "package_db.h"
-#include "package_version.h"
 
 void
 PickPackageLine::paint (HDC hdc, HRGN unused, int x, int y, int col_num, int 
show_cat)
diff --git a/PickView.cc b/PickView.cc
index 4c728f8..5bc7504 100644
--- a/PickView.cc
+++ b/PickView.cc
@@ -21,7 +21,6 @@
 #include "PickPackageLine.h"
 #include "PickCategoryLine.h"
 #include "package_db.h"
-#include "package_version.h"
 #include "dialog.h"
 #include "resource.h"
 /* For 'source' */
diff --git a/choose.cc b/choose.cc
index 1bc4c0b..abfc14a 100644
--- a/choose.cc
+++ b/choose.cc
@@ -48,7 +48,6 @@
 
 #include "package_db.h"
 #include "package_meta.h"
-#include "package_version.h"
 
 #include "threebar.h"
 #include "Generic.h"
diff --git a/desktop.cc b/desktop.cc
index 24908f8..927c02f 100644
--- a/desktop.cc
+++ b/desktop.cc
@@ -35,7 +35,6 @@
 #include "mklink2.h"
 #include "package_db.h"
 #include "package_meta.h"
-#include "package_version.h"
 #include "filemanip.h"
 #include "io_stream.h"
 #include "getopt++/BoolOption.h"
diff --git a/download.cc b/download.cc
index a2237a7..fda175f 100644
--- a/download.cc
+++ b/download.cc
@@ -38,7 +38,6 @@
 
 #include "package_db.h"
 #include "package_meta.h"
-#include "package_version.h"
 #include "package_source.h"
 
 #include "threebar.h"
diff --git a/package_db.cc b/package_db.cc
index 2d6d22c..ae71900 100644
--- a/package_db.cc
+++ b/package_db.cc
@@ -31,8 +31,6 @@
 #include "compress.h"
 
 #include "filemanip.h"
-
-#include "package_version.h"
 #include "package_db.h"
 #include "package_meta.h"
 #include "Exception.h"
diff --git a/package_meta.cc b/package_meta.cc
index 3d1d666..ab358b9 100644
--- a/package_meta.cc
+++ b/package_meta.cc
@@ -35,10 +35,7 @@ using namespace std;
 /* this goes at the same time */
 #include "win32.h"
 
-
 #include "script.h"
-
-#include "package_version.h"
 #include "package_db.h"
 
 #include 
diff --git a/package_version.cc b/package_version.cc
deleted file mode 100644
index 2d4416e..000
--- a/package_version.cc
+++ /dev/null
@@ -1,334 +0,0 @@
-/*
- * Copyright (c) 2001, 2003 Robert Collins.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * A copy of the GNU General Public License can be found at
- * http://www.gnu.org/
- *
- * Written by Robert Collins  
- *
- */
-
-/* this is the parent class for all package operations. 
- */
-
-#include "package_version.h"
-#include "package_db.h"
-#include "package_meta.h"
-#include "LogSingleton.h"
-#include "state.h"
-#include "resource.h"
-#include 
-#include "csu_util/version_compare.h"
-
-using namespace std;
-
-/* a default class to avoid special casing empty packageversions */
-  
-/* TODO place into the class header */
-class _defaultversion : public _packageversion
-{
-public:
-  _defaultversion()
-{
-  // never try to free me!
-  ++references;
-}
-  const std::string Name(){return std::string();}
-  const std::string Vendor_version() {return std::string();}
-  const std::string Package_version() {return std::string();}
-  const std::string Canonical_version() {return std::string();}
-  void setCanonicalVersion (const std::string& ) {}
-  package_stability_t Stability (){return TRUST_UNKNOWN;}
-  void SetStability (package_stability_t) {}
-  package_type_t Type () {return package_binary;}
-  const std::string SDesc () {return std::string();}
-  void set_sdesc (const std::string& ) {}
-  const std::string LDesc () {return std::string();}
-  void set_ldesc (const std::string& ) {}
-};
-static _defaultversion defaultversion;
-
-/* the wrapper class */
-packageversion::packageversion() : data ()
-{
-  ++data->references;
-}
-
-/* Create from an

[PATCH setup 09/14] Remove cygpackage class

2017-05-31 Thread Jon Turney 
---
 Makefile.am |   2 -
 bootstrap.sh|   2 +-
 cygpackage.cc   | 136 
 cygpackage.h|  82 --
 package_db.cc   |   1 -
 package_meta.cc |   1 -
 6 files changed, 1 insertion(+), 223 deletions(-)
 delete mode 100644 cygpackage.cc
 delete mode 100644 cygpackage.h

diff --git a/Makefile.am b/Makefile.am
index a8bfe4b..27bb8f1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -128,8 +128,6 @@ inilint_SOURCES = \
crypto.cc \
crypto.h \
cyg-pubkey.h \
-   cygpackage.cc \
-   cygpackage.h \
desktop.cc \
desktop.h \
dialog.cc \
diff --git a/bootstrap.sh b/bootstrap.sh
index f21206d..a676268 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -21,7 +21,7 @@ bootstrap() {
 cd "$srcdir"
 
 # Make sure we are running in the right directory
-if [ ! -f cygpackage.cc ]; then
+if [ ! -f bmain.cc ]; then
   echo "You must run this script from the directory containing it"
   exit 1
 fi
diff --git a/cygpackage.cc b/cygpackage.cc
deleted file mode 100644
index 2724249..000
--- a/cygpackage.cc
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright (c) 2001, Robert Collins.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * A copy of the GNU General Public License can be found at
- * http://www.gnu.org/
- *
- * Written by Robert Collins  
- *
- */
-
-/* this is the parent class for all package operations. 
- */
-
-#include "cygpackage.h"
-#include 
-#include 
-#include 
-
-#include "io_stream.h"
-#include "compress.h"
-
-#include "package_version.h"
-#include "cygpackage.h"
-#include "LogSingleton.h"
-
-/* this constructor creates an invalid package - further details MUST be 
provided */
-cygpackage::cygpackage ():
-name (),
-vendor (),
-packagev (),
-canonical (),
-sdesc (),
-ldesc (),
-type (package_binary)
-{
-  /* FIXME: query the install database for the currently installed 
-   * version details
-   */
-}
-
-packageversion
-cygpackage::createInstance (const std::string& pkgname,
-const package_type_t type)
-{
-  cygpackage *temp = new cygpackage;
-  temp->name = pkgname;
-  temp->type = type;
-  return packageversion(temp);
-}
-
-packageversion
-cygpackage::createInstance (const std::string& pkgname,
-const std::string& version,
-   package_type_t const newtype)
-{
-  cygpackage *temp = new cygpackage;
-  temp->name = pkgname;
-  temp->type = newtype;
-  temp->setCanonicalVersion (version);
-  return packageversion(temp);
-}
-
-/* tell the version */
-void
-cygpackage::setCanonicalVersion (const std::string& version)
-{
-  canonical = version;
-
-  const char *start = canonical.c_str();
-  const char *curr = strchr(start, '-');
-
-  if (curr)
-{
-  const char *next;
-  while ((next = strchr (curr + 1, '-')))
-   curr = next;
-
-  /* package version appears after the last '-' in the version string */
-  packagev = curr + 1;
-  /* vendor version is everything up to that last '-' */
-  vendor.assign(canonical.c_str(), (size_t)(curr - start));
-}
-  else
-{
-  // FIXME: What's up with the "0"? It's probably a mistake, and should be
-  // "". It used to be written as 0, and was subject to a bizarre implicit
-  // conversion by the unwise String(int) constructor.
-  packagev = "0";
-  vendor = version;
-}
-}
-
-cygpackage::~cygpackage ()
-{
-}
-
-const std::string
-cygpackage::Name ()
-{
-  return name;
-}
-
-const std::string
-cygpackage::Vendor_version ()
-{
-  return vendor;
-}
-
-const std::string
-cygpackage::Package_version ()
-{
-  return packagev;
-}
-
-std::string  const
-cygpackage::Canonical_version ()
-{
-  return canonical;
-}
-
-void
-cygpackage::set_sdesc (const std::string& desc)
-{
-  sdesc = desc;
-}
-
-void
-cygpackage::set_ldesc (const std::string& desc)
-{
-  ldesc = desc;
-}
diff --git a/cygpackage.h b/cygpackage.h
deleted file mode 100644
index 720921d..000
--- a/cygpackage.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 2001, Robert Collins.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * A copy of the GNU General Public License can be found at
- * http://www.gnu.org/
- *
- * Written by Robert Collins  
- *
- */
-
-#ifndef SETUP_CYGPACKAGE_H
-#define SETUP_CYGPACKAGE_H
-
-/* This is a cygwin specific package class, that should be able to 
- * arbitrate acceess to cygwin binary packages

[PATCH setup 06/14] Hoist scan() up from packageversion to packagemeta

2017-05-31 Thread Jon Turney 
---
 package_meta.cc| 37 +++--
 package_meta.h |  2 ++
 package_version.cc | 29 -
 package_version.h  |  2 --
 4 files changed, 37 insertions(+), 33 deletions(-)

diff --git a/package_meta.cc b/package_meta.cc
index f4678f0..425df59 100644
--- a/package_meta.cc
+++ b/package_meta.cc
@@ -44,6 +44,9 @@ using namespace std;
 
 #include 
 #include "Generic.h"
+#include "download.h"
+#include "Exception.h"
+#include "resource.h"
 
 using namespace std;
 
@@ -582,6 +585,36 @@ packagemeta::logSelectionStatus() const
   pkg.logAllVersions();
 }
 
+/* scan for local copies of package */
+void
+packagemeta::scan (const packageversion , bool mirror_mode)
+{
+  /* Already have something */
+  if (!pkg)
+return;
+
+  /* Remove mirror sites.
+   * FIXME: This is a bit of a hack.
+   */
+  try
+{
+  if (!check_for_cached (*(pkg.source ()), mirror_mode)
+ && ::source == IDC_SOURCE_LOCALDIR)
+   pkg.source ()->sites.clear ();
+}
+  catch (Exception * e)
+{
+  // We can ignore these, since we're clearing the source list anyway
+  if (e->errNo () == APPERR_CORRUPT_PACKAGE)
+   {
+ pkg.source ()->sites.clear ();
+ return;
+   }
+  // Unexpected exception.
+  throw e;
+}
+}
+
 void
 packagemeta::ScanDownloadedFiles (bool mirror_mode)
 {
@@ -601,10 +634,10 @@ packagemeta::ScanDownloadedFiles (bool mirror_mode)
   && (*i != pkg.installed
   || pkg.installed == pkg.curr
   || pkg.installed == pkg.exp);
- const_cast(*i).scan (lazy_scan);
+ scan (*i, lazy_scan);
  packageversion foo = *i;
  packageversion pkgsrcver = foo.sourcePackage ();
- pkgsrcver.scan (lazy_scan);
+ scan (pkgsrcver, lazy_scan);
 
  /* For local installs, if there is no src and no bin, the version
   * is unavailable
diff --git a/package_meta.h b/package_meta.h
index 529b2a2..8041aa1 100644
--- a/package_meta.h
+++ b/package_meta.h
@@ -159,6 +159,8 @@ protected:
 private:
   std::string trustLabel(packageversion const &) const;
   std::vector

[PATCH setup 04/14] Hoist pick() up to packagemeta

2017-05-31 Thread Jon Turney 
We are always writing packagemeta.desired.pick(bool, packagemeta).  This
kind of suggests something not quite right.

The pick flag means install/reinstall, so despite being stored per
packageversion, is only significant to download/install for the desired
version.

There's a slight wrinkle in that we want to also set/clear this flag for the
source packageversion.  We can't change this to point to packagemeta rather
than packageversion, as that may not be the same for all versions, so
instead just track this flag separately as srcpicked.

Note that there is still a complicated mapping between the state of desired
and pick and the action represented in the UI:

desired == empty, installed == desired : skip
desired == empty, installed != desired : uninstall
desired == installed, pick == true : reinstall
desired == installed, pick == false: keep
desired != installed, pick == true : upgrade
desired != installed, pick == false: invalid
---
 PickPackageLine.cc | 13 +--
 PickView.cc|  8 +++
 download.cc| 12 +-
 install.cc | 19 
 package_db.cc  |  2 +-
 package_meta.cc| 67 ++
 package_meta.h | 11 -
 package_version.cc | 16 -
 package_version.h  |  7 --
 prereq.cc  | 11 +
 10 files changed, 90 insertions(+), 76 deletions(-)

diff --git a/PickPackageLine.cc b/PickPackageLine.cc
index 60ece7f..95c1557 100644
--- a/PickPackageLine.cc
+++ b/PickPackageLine.cc
@@ -44,7 +44,7 @@ PickPackageLine::paint (HDC hdc, HRGN unused, int x, int y, 
int col_num, int sho
   /* current version */ pkg.desired == pkg.installed ||
   /* no source */ !pkg.desired.accessible())
 theView.DrawIcon (hdc, x + HMARGIN/2, by, theView.bm_checkna);
-  else if (pkg.desired.picked())
+  else if (pkg.picked())
 theView.DrawIcon (hdc, x + HMARGIN/2, by, theView.bm_checkyes);
   else
 theView.DrawIcon (hdc, x + HMARGIN/2, by, theView.bm_checkno);
@@ -67,7 +67,7 @@ PickPackageLine::paint (HDC hdc, HRGN unused, int x, int y, 
int col_num, int sho
   /* when no source mirror available */
   !pkg.desired.sourcePackage().accessible())
 theView.DrawIcon (hdc, x + HMARGIN/2, by, theView.bm_checkna);
-  else if (pkg.desired.sourcePackage().picked())
+  else if (pkg.srcpicked())
 theView.DrawIcon (hdc, x + HMARGIN/2, by, theView.bm_checkyes);
   else
 theView.DrawIcon (hdc, x + HMARGIN/2, by, theView.bm_checkno);
@@ -100,7 +100,7 @@ PickPackageLine::paint (HDC hdc, HRGN unused, int x, int y, 
int col_num, int sho
   /* Include the size of the binary package, and if selected, the source
  package as well.  */
   sz += picked.source()->size;
-  if (picked.sourcePackage().picked())
+  if (pkg.srcpicked())
 sz += picked.sourcePackage().source()->size;
 
   /* If size still 0, size must be unknown.  */
@@ -133,20 +133,19 @@ PickPackageLine::click (int const myrow, int const 
ClickedRow, int const x)
   && x <= theView.headers[theView.bintick_col + 1].x - HMARGIN / 2)
 {
   if (pkg.desired.accessible ())
-   pkg.desired.pick (!pkg.desired.picked (), );
+   pkg.pick (!pkg.picked ());
 }
   else if (x >= theView.headers[theView.srctick_col].x - HMARGIN / 2
   && x <= theView.headers[theView.srctick_col + 1].x - HMARGIN / 2)
 {
   if (pkg.desired.sourcePackage ().accessible ())
-   pkg.desired.sourcePackage ().pick (
-   !pkg.desired.sourcePackage ().picked (), NULL);
+   pkg.srcpick (!pkg.srcpicked ());
 }
   /* Unchecking binary while source is unchecked or vice versa is equivalent
  to uninstalling.  It's essential to set desired correctly, otherwise the
  package gets uninstalled without visual feedback to the user.  The package
  will not even show up in the "Pending" view! */
-  if (!pkg.desired.picked () && !pkg.desired.sourcePackage ().picked ())
+  if (!pkg.picked () && !pkg.srcpicked ())
 pkg.desired = packageversion ();
   return 0;
 }
diff --git a/PickView.cc b/PickView.cc
index 222bcb8..4c728f8 100644
--- a/PickView.cc
+++ b/PickView.cc
@@ -175,13 +175,13 @@ PickView::setViewMode (views mode)
   || (view_mode == PickView::views::PackagePending &&
   ((!pkg.desired && pkg.installed) || // uninstall
 (pkg.desired &&
-  (pkg.desired.picked () ||   // install bin
-   pkg.desired.sourcePackage ().picked () // src
+  (pkg.picked () ||   // install bin
+   pkg.srcpicked () // src
   
   // "Up to date" : installed packages that will not be changed
   || (view_mode == PickView::views::PackageKeeps &&
-  (pkg.installed && pkg.desired &&

[PATCH setup 01/14] Opaque how PackageDepends is stored

2017-05-31 Thread Jon Turney 
We want to be more opaque about how the PackageDepends for a packageversion
is stored, so rather than exposing a pointer to a PackageDepends object
inside class packageversion, access it by value.

This also makes us be more explicit about set/get of package depends()

Fix some iterations to deal with depends() returning a value rather than a
pointer.

Also adjust dumpPackageDepends() appropriately
Also remove useless debug showing the dependency list before we build it.
---
 IniDBBuilderPackage.cc | 30 --
 IniDBBuilderPackage.h  |  2 +-
 package_db.cc  | 10 ++
 package_depends.cc | 19 ---
 package_depends.h  |  2 +-
 package_meta.cc| 11 ---
 package_version.cc | 10 +-
 package_version.h  |  5 ++---
 prereq.cc  |  4 ++--
 9 files changed, 41 insertions(+), 52 deletions(-)

diff --git a/IniDBBuilderPackage.cc b/IniDBBuilderPackage.cc
index ad1cc88..0e1be78 100644
--- a/IniDBBuilderPackage.cc
+++ b/IniDBBuilderPackage.cc
@@ -34,7 +34,7 @@
 using namespace std;
 
 IniDBBuilderPackage::IniDBBuilderPackage (IniParseFeedback const ) :
-cp (0), cbpv (), cspv (), currentSpec (0), currentNodeList (0), trust (0), 
_feedback (aFeedback){}
+cp (0), cbpv (), cspv (), currentSpec (0), trust (0), _feedback (aFeedback){}
 
 IniDBBuilderPackage::~IniDBBuilderPackage()
 {
@@ -92,7 +92,7 @@ IniDBBuilderPackage::buildPackage (const std::string& name)
   cbpv = cygpackage::createInstance (name, package_binary);
   cspv = packageversion ();
   currentSpec = NULL;
-  currentNodeList = NULL;
+  currentNodeList = PackageDepends();
   trust = TRUST_CURR;
 #if DEBUG
   Log (LOG_BABBLE) << "Created package " << name << endLog;
@@ -231,12 +231,10 @@ void
 IniDBBuilderPackage::buildBeginDepends ()
 {
 #if DEBUG
-  Log (LOG_BABBLE) << "Beginning of a depends statement for " << cp->name
-<< endLog;
-  dumpPackageDepends (currentNodeList, Log (LOG_BABBLE));
+  Log (LOG_BABBLE) << "Beginning of a depends statement " << endLog;
 #endif
   currentSpec = NULL;
-  currentNodeList = cbpv.depends();
+  currentNodeList = PackageDepends();
 }
 
 void
@@ -246,7 +244,7 @@ IniDBBuilderPackage::buildBeginBuildDepends ()
   Log (LOG_BABBLE) << "Beginning of a Build-Depends statement" << endLog;
 #endif
   currentSpec = NULL;
-  currentNodeList = NULL; /* there is currently nowhere to store Build-Depends 
information */
+  currentNodeList = PackageDepends(); /* there is currently nowhere to store 
Build-Depends information */
 }
 
 void
@@ -287,14 +285,11 @@ IniDBBuilderPackage::buildSourceNameVersion (const 
std::string& version)
 void
 IniDBBuilderPackage::buildPackageListNode (const std::string & name)
 {
-  if (currentNodeList)
-{
 #if DEBUG
-  Log (LOG_BABBLE) << "New node '" << name << "' for package list" << 
endLog;
+  Log (LOG_BABBLE) << "New node '" << name << "' for package list" << endLog;
 #endif
-  currentSpec = new PackageSpecification (name);
-  currentNodeList->push_back (currentSpec);
-}
+  currentSpec = new PackageSpecification (name);
+  currentNodeList.push_back (currentSpec);
 }
 
 void
@@ -337,8 +332,7 @@ IniDBBuilderPackage::buildPackageListOperatorVersion (const 
std::string& aVersio
 void
 IniDBBuilderPackage::add_correct_version()
 {
-  if (currentNodeList)
-*cbpv.depends() = *currentNodeList;
+  cbpv.setDepends(currentNodeList);
 
   int merged = 0;
   for (set::iterator n = cp->versions.begin();
@@ -362,11 +356,11 @@ IniDBBuilderPackage::add_correct_version()
   ver.set_sdesc (cbpv.SDesc ());
 if (cbpv.LDesc ().size() && !n->LDesc ().size())
   ver.set_ldesc (cbpv.LDesc ());
-   if (cbpv.depends()->size() && !ver.depends ()->size())
- *ver.depends() = *cbpv.depends();
+   if (cbpv.depends().size() && !ver.depends().size())
+ ver.setDepends(cbpv.depends());
/* TODO: other package lists */
/* Prevent dangling references */
-   currentNodeList = NULL;
+   currentNodeList = PackageDepends();
currentSpec = NULL;
 cbpv = *n;
 merged = 1;
diff --git a/IniDBBuilderPackage.h b/IniDBBuilderPackage.h
index 766a5ef..dee65d4 100644
--- a/IniDBBuilderPackage.h
+++ b/IniDBBuilderPackage.h
@@ -79,7 +79,7 @@ private:
   packagemeta *csp;
   packageversion cspv;
   PackageSpecification *currentSpec;
-  PackageDepends *currentNodeList;
+  PackageDepends currentNodeList;
   int trust;
   IniParseFeedback const &_feedback;
 };
diff --git a/package_db.cc b/package_db.cc
index dbec17e..00395d3 100644
--- a/package_db.cc
+++ b/package_db.cc
@@ -312,8 +312,9 @@ ConnectedLoopFinder::visit(packagemeta *nodeToVisit)
   nodesInStronglyConnectedComponent.push(nodeToVisit);
 
   /* walk through each node */
-  PackageDepends::const_iterator dp = 
nodeToVisit->installed.depends()->begin();
-  while (dp != nodeToVisit->installed.depends()->end())
+  const PackageDepends deps = nodeToVisit->installed.depends();
+

[PATCH setup 00/14] Use libsolv, solve all our problems... (WIP)

2017-05-31 Thread Jon Turney 
... solve some problems, perhaps add some new ones, I guess.  I'm not 100% 
sure this is the right approach to take, but I wrote it, so here it is.

This replaces the current PackageVersion class with a similar one which stores 
the information in a libsolv pool, and the current depsolver with the libsolv 
solver (as used by zypper, dnf and others).

Immediately, this enables:
- use of a version relation in package dependencies
- an obsoletes: relation between packages

This also makes it much easier to support:
- version numbers with an epoch component (I think just how we handle ':' in 
filenames needs auditing to make this work)
- other commonly-implemented package relations such as conflicts:, provides: 
etc.

What remains to be done:
- I've dodged a lot of the UI issues: If the solver reports problems, all that 
can be done is accept the default solution or cancel.  This possibly isn't a 
big problem until we have a package set which can contain problems...
- We had a very poor UI for showing what will actually be done (combine in 
your head the "Pending" view with packages listed in the text on the 
PrereChecker page), and this removes part of that
- As implemented, selecting "Current" overrides "Keep".  This is wrong, and a 
change from current behaviour, but is probably a symptom of some deeper 
confusion in the picker UI I'm not sure how to address

libsolv needs to be lightly patched to build for Win32, see [1].  I will ITP 
that, but it probably also needs an RPM to support cross-building.

[1] https://github.com/jon-turney/libsolv

Jon Turney (14):
  Opaque how PackageDepends is stored
  Factor out reading installed.db
  Hoist addScript() etc. up from packageversion to packagemeta
  Hoist pick() up to packagemeta
  Hoist uninstall up to Installer::uninstallOne()
  Hoist scan() up from packageversion to packagemeta
  Store package stability in class packageversion
  Change to using a libsolv pool for storing package information
  Remove cygpackage class
  Remove packageversion class
  Drop in SolvableVersion as a replacement for packageversion
  Use solver to check for problems and produce a list of package
transactions
  Download/checksum/install/uninstall what transaction wants
  Add obsoletes: support

 IniDBBuilderPackage.cc  | 331 ---
 IniDBBuilderPackage.h   |  32 ++-
 Makefile.am |   7 +-
 PackageSpecification.cc |  12 +
 PackageSpecification.h  |   7 +-
 PickPackageLine.cc  |  14 +-
 PickView.cc |   9 +-
 bootstrap.sh|   2 +-
 choose.cc   |   8 +-
 configure.ac|   1 +
 cygpackage.cc   | 187 -
 cygpackage.h|  88 ---
 desktop.cc  |   1 -
 download.cc |  72 ++---
 ini.cc  |   1 +
 inilex.ll   |   1 +
 iniparse.yy |   3 +
 install.cc  | 176 -
 libsolv.cc  | 689 
 libsolv.h   | 231 
 package_db.cc   | 115 ++--
 package_db.h|   8 +
 package_depends.cc  |  19 +-
 package_depends.h   |   2 +-
 package_meta.cc | 294 -
 package_meta.h  |  30 ++-
 package_version.cc  | 414 -
 package_version.h   | 190 +
 postinstall.cc  |   6 +-
 prereq.cc   | 206 ---
 prereq.h|  22 +-
 res.rc  |   4 +-
 32 files changed, 1606 insertions(+), 1576 deletions(-)
 delete mode 100644 cygpackage.cc
 delete mode 100644 cygpackage.h
 create mode 100644 libsolv.cc
 create mode 100644 libsolv.h
 delete mode 100644 package_version.cc

-- 
2.12.3

[PATCH setup 03/14] Hoist addScript() etc. up from packageversion to packagemeta

2017-05-31 Thread Jon Turney 
We're only interesting in storing scripts and later running them from the
desired version as we install it, so despite being stored per
packageversion, this is only significant for the desired version.

Hoist it up from packageversion to packagemeta.
---
 install.cc |  2 +-
 package_meta.cc| 12 
 package_meta.h |  7 ++-
 package_version.cc | 28 
 package_version.h  |  8 
 postinstall.cc |  6 +++---
 6 files changed, 22 insertions(+), 41 deletions(-)

diff --git a/install.cc b/install.cc
index 79ddd20..cd3128c 100644
--- a/install.cc
+++ b/install.cc
@@ -485,7 +485,7 @@ Installer::installOne (packagemeta , const 
packageversion ,
   lst->write (tmp.c_str(), tmp.size());
 }
   if (Script::isAScript (fn))
-pkgm.desired.addScript (Script (canonicalfn));
+pkgm.addScript (Script (canonicalfn));
 
   int iteration = 0;
   archive::extract_results extres;
diff --git a/package_meta.cc b/package_meta.cc
index 1f548e2..f37340b 100644
--- a/package_meta.cc
+++ b/package_meta.cc
@@ -693,3 +693,15 @@ packagemeta::addToCategoryAll()
 {
   add_category ("All");
 }
+
+void
+packagemeta::addScript(Script const )
+{
+  scripts_.push_back(aScript);
+}
+
+std::vector

[PATCH setup 02/14] Factor out reading installed.db

2017-05-31 Thread Jon Turney 
Rather that doing implicitly the first time a packagedb is constructed, do
it explicitly at a certain point in time that is early enough.
---
 ini.cc| 4 +++-
 package_db.cc | 9 +++--
 package_db.h  | 1 +
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/ini.cc b/ini.cc
index 82990a2..1162b91 100644
--- a/ini.cc
+++ b/ini.cc
@@ -346,13 +346,15 @@ do_remote_ini (HWND owner)
 static bool
 do_ini_thread (HINSTANCE h, HWND owner)
 {
+  packagedb db;
+  db.read();
+
   size_t ini_count = 0;
   if (source == IDC_SOURCE_LOCALDIR)
 ini_count = do_local_ini (owner);
   else
 ini_count = do_remote_ini (owner);
 
-  packagedb db;
   db.upgrade();
 
   if (ini_count == 0)
diff --git a/package_db.cc b/package_db.cc
index 00395d3..3d6d0de 100644
--- a/package_db.cc
+++ b/package_db.cc
@@ -45,10 +45,15 @@ using namespace std;
 
 packagedb::packagedb ()
 {
-  io_stream *db = 0;
+}
+
+void
+packagedb::read ()
+{
   if (!installeddbread)
 {
-  /* no parameters. Read in the local installation database. */
+  /* Read in the local installation database. */
+  io_stream *db = 0;
   db = io_stream::open ("cygfile:///etc/setup/installed.db", "rt", 0);
   installeddbread = 1;
   if (!db)
diff --git a/package_db.h b/package_db.h
index d02dbc4..d26f8ad 100644
--- a/package_db.h
+++ b/package_db.h
@@ -63,6 +63,7 @@ class packagedb
 {
 public:
   packagedb ();
+  void read();
   /* 0 on success */
   int flush ();
   void upgrade ();
-- 
2.12.3

Re: ImageMagick is crashing

2017-05-31 Thread Marco Atzeri 

On 31/05/2017 08:56, Axel Heinrici wrote:

Hello,

strace doesn't seem to work either.

$ strace convert z06.png  z06.jpg
  0 [main] strace 8996 C:\cygwin64\bin\strace.exe: *** fatal error - 
Internal error: TP_NUM_W_BUFS too small: 50.
   1341 [main] strace 8996 cygwin_exception::open_stackdumpfile: Dumping stack 
trace to strace.exe.stackdump

And even more surprising
$ strace.exe ls
  0 [main] strace 1916 C:\cygwin64\bin\strace.exe: *** fatal error - 
Internal error: TP_NUM_W_BUFS too small: 50.
   1231 [main] strace 1916 cygwin_exception::open_stackdumpfile: Dumping stack 
trace to strace.exe.stackdump

Best regards,
Axel



Axel,
on this mailing list we use bottom posting.

I know that "Text Over, Full-quote Under"
https://cygwin.com/acronyms/#TOFU
is the typical usage in most companies, but here is deprecated.


If strace is segfaulting, I assume the Antivirus is the most
likely culprit of your problems.
Can you, or ask your IT, to make an experiment with the AV
disabled, or better removed ?

Regards
Marco




--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Setup v2.879 - can not scroll package list

2017-05-31 Thread David Balažic 
In the "Select Packages" part of the installer dialog, I selected in
the "View" dropdown menu "Not Installed" and then tried to scroll thru
the list using the mouse wheel.

But it does not scroll the package list, instead it changes the
selection in the mentioned drop down menu. Even after clicking inside
the list control.

Apparently clicking in the package list does not move the focus to it.

It is the same in 32 bit and 64 bit version.

Regards,
David

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE!

2017-05-31 Thread Houder 
On Tue, 30 May 2017 21:28:41, "Larry Hall (Cygwin)" wrote:

[snip]
> Cygwin's link to the Windows user ID is through the UID/SID mapping.  In
> your case, you're apparently using /etc/passwd and so that's where the
> mapping happens.  You can map the UID of a Cygwin user to any valid Windows
> SID by editing the SID as you did.  This doesn't change how things look in
> the Cygwin environment (i.e. the UID and user name are still the same) but
> it does make a difference to Windows.  So the fact that you can change the
> SID for the 'sshd' user and still get it to run is not all that surprising,
> assuming that the new Windows SID that you're using as 'sshd' now has at
> least similar permissions.  Of course, if you remove Cygwin's understanding
> of 'sshd' so that it can't do the mapping of UID to SID or even have a
> valid UID, then subsequent problems are not unexpected.

Hi Larry,

Thanks for your reply! Discussion!

First of all, I do not pretend to know Windows ... neither do I pretend that I
know more about ssh/Cygwin than Corinna does (basically, I know not very much).

.. the only thing I am able to, is "observe" (and I may interpret wrong), and
may have done "stupid" things. That is why your reply is appreciated by me.

Now back to your reply:

I had modified /etc/password as follows: (note the  in the sid)

sshd:*:1015:513:U-Seven\sshd,S-1-5-21-91509220-1575020443-2714799223-:/var/empty:/bin/false

However, just now I modified it as follows:

sshd:*:1015:513:U-Seven\sshd,S-1-5-21--xx-xx-:/var/empty:/bin/false

(again changed the sshd service into 'automatic'), and rebooted the system.

After system reboot, an elevated shell is started ...
(the ampersand sign at the end of the prompt indicates it is an elevated shell)

# my .bash_profile interrogates the cygwin1.dll ...
/home/corinna/src/cygwin/cygwin-2.8.0/cygwin-2.8.0-1.x86_64/src/newlib-cygwin/winsup/cygwin/cygheap.cc
64-@@# 
64-@@# cygrunsrv -Q sshd
Service : sshd
Display name: CYGWIN sshd
Current State   : Running
Controls Accepted   : Stop
Command : /usr/sbin/sshd -4 -D -e

Looking good ...

64-@@# net user sshd
The user name could not be found.

More help is available by typing NET HELPMSG 2221.

As far as I know, this means that Windows tells me user sshd does NOT exist!

However, I can still use the ssh command ... (see below).

Now, if I understand correctly, "Corinna" may use the first (of the 4) method,
i.e. the one based on NtCreateToken(), to change the user context ...
(Q: is that even possible for a NON-existing user?)

However, neither the ps command nor the "Process Explorer" show me a context
that "belongs" to user sshd [1] (in stead it belongs to user cyg_server).

[1] I refer to the grandchild of the listener, the one that exists before the
authentication phase terminates ...

Yes, I know; I may still be wrong ... I report what I observe ... yes, I do
not have the deep knowledge of Windows that Corinna has. I know.

Regards,

Henri

-
>From an UNelevated shell:

64-@@ ssh -p  -l Henri 192.168.178.15
Enter passphrase for key '/home/Henri/.ssh/': # Henri is privileged
Last login: Wed May 31 10:30:52 2017 from 192.168.178.15
TADA ! < contents of /etc/motd
/home/corinna/src/cygwin/cygwin-2.8.0/cygwin-2.8.0-1.x86_64/src/newlib-cygwin/winsup/cygwin/cygheap.cc
64-@@# exit < full-blown elevated shell! (try whoami /all)
logout
Connection to 192.168.178.15 closed.

64-@@ ssh -p  -l jvdwater 192.168.178.15
jvdwater@192.168.178.15's password: # jvdwater is UNprivileged
Last login: Wed May 31 10:29:27 2017 from 192.168.178.15
TADA !
64-@@ exit < ordinary UNelevated shell
logout
Connection to 192.168.178.15 closed.

64-@@# tail -f /var/log/sshd.log
Server listening on 0.0.0.0 port .
Accepted publickey for Henri from 192.168.178.15 port 49186 ssh2: 
Received disconnect from 192.168.178.15 port 49186:11: disconnected by user
Disconnected from user Henri 192.168.178.15 port 49186
Accepted password for jvdwater from 192.168.178.15 port 49191 ssh2
Received disconnect from 192.168.178.15 port 49191:11: disconnected by user
Disconnected from user jvdwater 192.168.178.15 port 49191

=


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

RE: Bug: bash -e misbehaves with several nested

2017-05-31 Thread Pavel Fedin 
 Hello!

> $ ./prova_bash
> Works: /cygdrive/e/cygwin/tmp
> 
> $ cat prova_bash
> #!/bin/bash -e
> 
> DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
> echo Works: $DIR

 Ok, ok, ok... Yet another "find it yourself" problem :) I'll try to...
 Sorry for late reply, i tend to forget things...

Kind regards,
Pavel Fedin
Senior Engineer
Samsung Electronics Research center Russia



--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: ImageMagick is crashing

2017-05-31 Thread Axel Heinrici 
Hello,
 
this is a company computer, on which I don't have admin privileges. Though 
possible, I have to be frugal with provident reinstallations. I need a little 
higher level of certainty on the cause of these problems to ask the 
IT-department for another reinstallation.

> comparing with mine I see that some of your dlls are not matching
> as timing.
> I don't know if that the reason, as I built ImageMagick last December,
> but can you please update to latest package versions ?
> ...
> - 203k 2016/05/31 C:\cygwin64\bin\cygcroco-0.6-3.dll - os=4.0 img=0.0
> sys=5.2
> - "cygcroco-0.6-3.dll" v0.0 ts=2016-05-31 18:31
> + 203k 2017/04/25 C:\cygwin64\bin\cygcroco-0.6-3.dll - os=4.0 img=0.0
> sys=5.2
> + "cygcroco-0.6-3.dll" v0.0 ts=2017-04-25 17:03
> ...


Best regards,
Axel

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: ImageMagick is crashing

2017-05-31 Thread Axel Heinrici 
Hello,
 
strace doesn't seem to work either.

$ strace convert z06.png  z06.jpg
  0 [main] strace 8996 C:\cygwin64\bin\strace.exe: *** fatal error - 
Internal error: TP_NUM_W_BUFS too small: 50.
   1341 [main] strace 8996 cygwin_exception::open_stackdumpfile: Dumping stack 
trace to strace.exe.stackdump

And even more surprising
$ strace.exe ls
  0 [main] strace 1916 C:\cygwin64\bin\strace.exe: *** fatal error - 
Internal error: TP_NUM_W_BUFS too small: 50.
   1231 [main] strace 1916 cygwin_exception::open_stackdumpfile: Dumping stack 
trace to strace.exe.stackdump

Best regards,
Axel
 

Gesendet: Mittwoch, 31. Mai 2017 um 06:59 Uhr
Von: "Marco Atzeri" 
An: "Axel Heinrici" , "cygwin@cygwin.com" 
Betreff: Re: ImageMagick is crashing
On 30/05/2017 15:26, Axel Heinrici wrote:
> Hello,
>
> the question remains, what is going wrong on my machine.
>
> Best regards,
> Axel
>

I have no idea.
Can you try to run with strace to see where is segfaulting ?

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple