| <!DOCTYPE html> | |
| <html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang=""> | |
| <head> | |
| <meta charset="utf-8" /> | |
| <meta name="generator" content="pandoc" /> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" /> | |
| <title>APT 3.0 dependency solver</title> | |
| <style> | |
| html { | |
| line-height: 1.5; |
| #include <list> | |
| #include <queue> | |
| #include <vector> | |
| #include <apt-pkg/pkgcache.h> | |
| #include <apt-pkg/depcache.h> | |
| #include <apt-pkg/policy.h> | |
| namespace APT | |
| { |
| #!/bin/sh | |
| args="" | |
| if [ $(id -u) -ne 0 ]; then | |
| args=--user | |
| fi | |
| if echo $@ | grep update; then | |
| args="$args -p ProtectSystem=strict -p ReadWritePaths=/var -p PrivateTmp=yes -p PrivateDevices=yes -p ProtectProc=invisible -p RestrictSUIDSGID=yes" | |
| fi | |
| exec systemd-run $args -q --wait -G --unit apt.service -Pt -p ProtectHome=yes -p NoNewPrivileges=yes -p ProtectHostname=yes -p ProtectClock=yes -p ProtectKernelTunables=yes -p ProtectKernelModules=yes -p ProtectKernelLogs=yes -p ProtectControlGroups=yes -p RestrictRealtime=yes -p SystemCallFilter=@system-service /usr/bin/apt "$@" |
| #!/bin/sh | |
| args="" | |
| if [ $(id -u) -ne 0 ]; then | |
| args=--user | |
| fi | |
| if echo $@ | grep update; then | |
| args="$args -p ProtectSystem=strict -p ReadWritePaths=/var/lib/apt -p ReadWritePaths=/var/cache/apt -p PrivateTmp=yes -p PrivateDevices=yes" | |
| fi | |
| exec systemd-run $args -q --wait -G --unit apt.service -Pt -p ProtectHome=yes -p NoNewPrivileges=yes -p ProtectHostname=yes -p ProtectClock=yes -p ProtectKernelTunables=yes -p ProtectKernelModules=yes -p ProtectKernelLogs=yes -p ProtectControlGroups=yes -p RestrictRealtime=yes -p SystemCallFilter=@system-service /usr/bin/apt "$@" |
| #!/bin/sh | |
| args="" | |
| if [ $(id -u) -ne 0 ]; then | |
| args=--user | |
| fi | |
| if echo $@ | grep update; then | |
| args="$args -p ProtectSystem=strict -p ReadWritePaths=/var -p PrivateTmp=yes -p PrivateDevices=yes" | |
| fi | |
| exec systemd-run $args -q --wait -G --unit apt.service -Pt -p ProtectHome=yes -p NoNewPrivileges=yes -p ProtectHostname=yes -p ProtectClock=yes -p ProtectKernelTunables=yes -p ProtectKernelModules=yes -p ProtectKernelLogs=yes -p ProtectControlGroups=yes -p RestrictRealtime=yes -p SystemCallFilter=@system-service /usr/bin/apt "$@" |
| <!DOCTYPE html> | |
| <html> | |
| <head><meta charset="utf-8" /> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | |
| <title>HRV</title><script src="file:///usr/share/javascript/requirejs/require.min.js"></script> | |
atomic-apt is a wrapper for apt, and integration to initramfs-tools that manages atomic system installations using btrfs.
Having a writable / file system often ends up with you installing arbitrary packages into it and making other arbitrary modifications that you forget about later, you accumulate technical debt.
You also replace files non-atomically, causing potential issues at runtime.
| JNJ,Johnson & Johnson,"0,6554 %",Pharmaceuticals,US,"87.776.930,88 $",509.472 | |
| BRK.B,Berkshire Hathaway Inc. Class B,"0,5942 %",Reinsurance,US,"79.575.944,40 $",254.220 | |
| XOM,Exxon Mobil Corp.,"0,4679 %",Integrated Oil and Gas,US,"62.660.695,32 $",824.917 | |
| CVX,Chevron Corp.,"0,3661 %",Integrated Oil and Gas,US,"49.031.004,86 $",373.342 | |
| KO,Coca-Cola Co.,"0,3405 %",Soft Drinks,US,"45.600.155,21 $",747.421 | |
| WFC,Wells Fargo & Co.,"0,3139 %",Banks,US,"42.045.560,80 $",781.516 | |
| MC,LVMH Moet Hennessy Louis Vuitton SE,"0,2939 %",Clothing and Accessories,FR,"39.364.441,11 $",48.596 | |
| WMT,Walmart Inc.,"0,2895 %",Diversified Retailers,US,"38.774.485,97 $",277.337 | |
| SHEL,Shell plc,"0,2799 %",Integrated Oil and Gas,,"37.491.469,24 $",1.481.199 | |
| BRK.A,Berkshire Hathaway Inc. Class A,"0,2385 %",Reinsurance,US,"31.946.740,00 $",68 |