Moo! 9th preview of APT 1.1 released: Go and test new supercow powers

To: debian-devel-announce@lists.debian.org

Cc: deity@lists.debian.org

Subject: Moo! 9th preview of APT 1.1 released: Go and test new supercow powers

From: Julian Andres Klode <jak@debian.org>

Date: Tue, 18 Aug 2015 19:18:41 +0200

Message-id: <[🔎] 20150818191538.GA13719@debian.org>

Mail-followup-to: debian-devel-announce@lists.debian.org, deity@lists.debian.org

Reply-to: deity@lists.debian.org

Today, in celebration of DebConf 15 and David's talk `This APT has Supercow Powers' we uploaded a new pre-release of APT to experimental. Special thanks to paultag for ACCEPTing the upload today. There's also a matching python-apt upload, and a new aptitude should come soon as well. It is the best pre-release ever. Since the previous 1.1 pre-releases in experimental, and even much more since the 1.0 series in unstable, APT has seen a huge amount of changes, and we would love to get feedback from you on those! Changes to the retrieval of files --------------------------------- The Acquire system got reworked and is more transactional also much smarter about what files to fetch and what compression formats to use. It will strictly stick to the information provided in InRelease and will no longer do any speculative fetching. The apt in experimental also provides a fix for a long standing race-condition that sometimes, when the archive is getting mirrored users may experience a "hashsum mismatch" error. A new fetching schema is introduced called "by-hash" where apt will fetch the Packages.xz data by its hashsum instead of its name. Once the archive uses this the race condition should appear no more. Furthermore, the progress reporting now shows the final repository a file is downloaded from, so instead of 'httpredir.debian.org' it now reports the real mirror, such as 'mirror.dc15.debconf.org'. Oh, and APT can now download additional files from a repository, verifying their signature. Other package can use that, for example, a software installer can add a configuration to download AppStream data from the repository. Changes to the pinning with apt_preferences(5) ---------------------------------------------- The pinning algorithm has been replaced using a new one. The old pinning algorithm was broken in many cases with specific package names or patterns like regular expressions. We are sure that some corner cases involving specific package names or pattern will change behaviour with this release, but we are also sure that the previous behaviour was entirely broken and did not match the intention of the users, as a large amount of bug reports over pinning have shown us. Usability improvements ---------------------- * apt install foo_1.0_all.deb works now and apt will correctly resolve the dependencies * "apt-get build-dep foo_1.0_all.dsc" works now and apt will install the build-dependencies of the given .dsc file * The commands 'autoremove' and 'autoclean' can now be written as 'auto-remove' and 'auto-clean', respectively. * The option '--upgradable' can now be written as '--upgradeable' * When a package is specified on the command-line, and it already is the current version, the version number is now shown in the message, that is, instead of: apt is already the newest version. it now displays: apt is already the newest version (1.1~exp9). * Parsing the preferences file now produces an error message if the Pin-Priority value exceeds the range of valid pin values (that is, 16-bit integers) Please help translating! ------------------------ We broke a lot of translations, and we might break some more before the next upload. Please help translating the new strings. Deprecation of repository formats --------------------------------- Support repositories without a release file is deprecated, and warnings will be shown in such cases. Unauthenticated repositories will trigger a warning message as well now but continue downloading the metadata (Packages. Sources). In the future apt will no longer download any metadata from unauthenticated repositories unless you specify the --allow-unauthenticated option or unless you mark the sources.list line with [trusted=yes]. Key pinning for sources ----------------------- You can now pin a specific key or a keyring to a source by using the signed-by option in your sources.list entry, where you can specify a path to a keyring or a key finger print. Local installs -------------- For quite some time already, APT can install local packages using the install command, and satisfy Build-Dependencies of build trees using the build-dep command with a path. Changes to automatic removal ---------------------------- Dependencies of meta packages are marked manually, and for oldlibs packages, the information whether the package is automatically installed moves to the old package. Replacement of --force-yes -------------------------- The --force-yes option has been deprecated and multiple new options have been introduced to replace it: --allow-downgrades --allow-remove-essential --allow-change-held packages We hope the option names are long enough to scare you off more. Other changes ------------- * The 'changelog' command now has configurable changelog URLs. The defaults support Debian, Ubuntu, Tanglu, and Ultimedia (the last one from the census). Other distributions might want to ship a config file for their users. * It's possible to disable the checking of the valid-until field of Release files in your sources.list, for snapshot archives and friends. Also the moo command has new surprises for you, go and find them. Cheers and enjoy! The APT team -- Julian Andres Klode - Debian Developer, Ubuntu Member See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/. Be friendly, do not top-post, and follow RFC 1855 "Netiquette". - If you don't I might ignore you.