I really would like to get rid of mapped components on security-master...

Signed-off-by: NNiels Thykier <niels@thykier.net>

Letting Python close the file will also release the lock after having
flushed all buffers.
Reported-by: NNiels Thykier <niels@thykier.net>

Signed-off-by: NNiels Thykier <niels@thykier.net>

session_wrapper gets confused by generators: let "f" be a generator
making use of a database session:

    def wrapped_f():
      session = DBConn().session()
      try:
        return f(session)
      finally:
        session.close()

    for item in wrapped_f():
      do_something(item)

will leak database sessions as the implementation of "f" will only be
invoked from the for-loop. However at this time the "finally" block
closing the session has already run. SQLAlchemy will helpfully reopen
the session, but it will not be closed in the end.

Bug: https://bugs.debian.org/788669

This would need addition of the codename to the "package_list" view.

This reverts commit 87087596.

Signed-off-by: NNiels Thykier <niels@thykier.net>

Signed-off-by: NNiels Thykier <niels@thykier.net>

Signed-off-by: NNiels Thykier <niels@thykier.net>

This patch removes the old implementation of generate-packages-sources
that used apt-ftparchive instead of the metadata in the Postgres
database.

Which doubles as a fitting disclaimer too.
Signed-off-by: NNiels Thykier <niels@thykier.net>

Add a ReverseDependencyChecker class for bulk testing breakage in
reverse dependencies and use it in the auto-decrufter.

At this point, disable the NBS removal - it will be re-added in the
next commit.
Signed-off-by: NNiels Thykier <niels@thykier.net>

Signed-off-by: NNiels Thykier <niels@thykier.net>

Signed-off-by: NNiels Thykier <niels@thykier.net>

Avoid creating collections that are thrown away after a single (or
even zero) uses.
Signed-off-by: NNiels Thykier <niels@thykier.net>

Signed-off-by: NNiels Thykier <niels@thykier.net>

Signed-off-by: NNiels Thykier <niels@thykier.net>

Signed-off-by: NNiels Thykier <niels@thykier.net>

CACERTFILE now must point to a CA, using service certificates directly
doesn't work.

Also use per-connection settings for TLS. Note that the order of
set_option calls matters (setting ldap.OPT_X_TLS_NEWCTX first
fails)...

apt_pkg.parse_depends does not handle all features allowed in the
Build-Depends(-Indep) fields. In particular it gives an error when
Build-Depends contains restriction formulas as used for build
profiles.

Also inherit from Reject so a proper rejection message is shown
instead of a backtrace.

Signed-off-by: NJoerg Jaspert <joerg@debian.org>