aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* fix strncpy bounds errorsTimo Teräs2019-02-135-6/+26
| | | | | | error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation] Based on patch by Elan Ruusamäe <glen@delfi.ee>
* include sys/sysmacros.h for makedev definitionElan Ruusamäe2019-02-132-0/+2
|
* fetch: fix error message for --recursiveNatanael Copa2019-01-101-1/+3
| | | | Give error message for `apk fetch --recursive missing`
* apk-tools-2.10.3v2.10.3Timo Teräs2018-11-151-1/+1
|
* Revert "move --simulate to global options"Timo Teräs2018-11-151-2/+5
| | | | | | | This reverts commit 358f703b76ece639e5d3634f677e0b345b1b9f89. The short option -s conflicts info --size and fetch --stdout. Revert this for now.
* fix orphan package handling for certain provides casesTimo Teräs2018-11-121-15/+17
|
* prefer selecting packages by their primary nameTimo Teräs2018-11-123-8/+25
|
* fix package preference based on it's conflicts in --latest modeTimo Teräs2018-11-121-4/+5
| | | | remove also redundant pkg_selectable check in repair mode.
* apk-tools-2.10.2v2.10.2Timo Teräs2018-11-091-1/+1
|
* fix short option string to be nil terminatedTimo Teräs2018-11-021-0/+1
|
* fix error reporting for virtual package additionTimo Teräs2018-11-021-1/+1
| | | | | Move addition of virtual package after the dependencies have been parsed as then the reverse dependency structers can be populated correctly.
* don't report virtual packages as maskedTimo Teräs2018-11-021-1/+1
|
* inhibit printing same 'required by' dependency multiple timesTimo Teräs2018-11-021-0/+5
| | | | | this would happen if same package matched multiple times due to multiple provided names.
* print: don't print spurious newlinesTimo Teräs2018-11-023-7/+5
|
* fix xattr hash to be sha1Timo Teräs2018-10-301-1/+1
| | | | | The hash type was accidentally changed in previous commit. Currently csum->data cannot hold longer hash, so fix the hash.
* add support for openssl 1.1Timo Teräs2018-10-268-54/+90
|
* apk: fix all_options array size off-by-oneTimo Teräs2018-10-051-1/+1
| | | | | | | | | merge_options() will write one more entry to the options table which is the end-of-table indicator. Allocate memory for it too. valgrind did not pick it up due to being in stack; changing alloca to malloc would make valgrind notice the issue too. Reported-by: Mobile Stream <info@mobile-stream.com>
* cache: support --latest and --upgrade to affect download policyTimo Teräs2018-09-251-3/+41
|
* move --simulate to global optionsTimo Teräs2018-09-251-5/+2
| | | | | there are several applets that support simulation but are not committing changes to database
* add: add --latest flag to help analyze why upgrade failsTimo Teräs2018-09-111-0/+6
|
* apk-tools-2.10.1v2.10.1Timo Teräs2018-09-101-1/+1
|
* rework unpacking of packages and harden package file format requirementsTimo Teräs2018-09-106-105/+142
| | | | | | | | | | | | | | | | | | | A crafted .apk file could to trick apk writing unverified data to an unexpected file during temporary file creation due to bugs in handling long link target name and the way a regular file is extracted. Several hardening steps are implemented to avoid this: - the temporary file is now always first unlinked (apk thus reserved all filenames .apk.* to be it's working files) - the temporary file is after that created with O_EXCL to avoid races - the temporary file is no longer directly the archive entry name and thus directly controlled by potentially untrusted data - long file names and link target names are now rejected - hard link targets are now more rigorously checked - various additional checks added for the extraction process to error out early in case of malformed (or old legacy) file Reported-by: Max Justicz <max@justi.cz>
* add .mailmap to consolidate git shortlogRobert Hencke2018-09-101-0/+5
| | | | | Consolidate author information, so that tools like 'git shortlog' show a single entry for each author.
* libfetch: do not give out user/hostname as ftp anonymous passwordTimo Teräs2018-09-051-15/+5
| | | | | | This is unwanted information disclosure. Reported-by: Max Justicz <max@justi.cz>
* apk: sanitize return valueTimo Teräs2018-09-051-0/+2
| | | | | | | | | Most applets return whatever apk_solver_commit() returns. It is the number of errors found (or negative for hard error). Sanitize the error value to not give false success exit code in the unlikely case of errors % 256 == 0. Reported-by: Max Justicz <max@justi.cz>
* prevent automatic repository index update with --no-networkNatanael Copa2018-08-211-1/+2
| | | | | | We should not update repository index when --no-network is specified. ref #9126
* archive: enable FIFO extractionJesse Young2018-08-141-2/+4
|
* prevent automatic repository index update for 'apk del'Timo Teräs2018-07-183-4/+7
| | | | ref #9063
* Invalidate id cache after script executionJussi Kukkonen2018-07-021-0/+4
| | | | | | | | | | | | | It's common for a pre-install script to do something like addgroup -S group 2>/dev/null When apk installs files after this, it sets the owner/group based on id cache but currently the id cache is stale and doesn't contain the new group at that point: instead the file will be installed with gid that the build host happened to have for that group -- on target this might mean a non-existing group or a completely different group. We can't know if the script really did modify id cache contents so make sure to reset the id cache on every script execution.
* list: fix segmentation fault with virtual packagesSören Tempel2018-07-021-3/+9
| | | | | | | | | | | | | | Virtual packages have the origin pointer set to NULL. Trying to print it using the BLOB_PRINTF macros causes a segmentation fault. Inspired by the `print_origin_name` function from `src/search.c` this commit attempts to fix it by checking whether `pkg->origin` is NULL before attempting to print it. If it is NULL the pkg name is printed instead. Since printing the pkg name requires a different format string this commit splits the printf call for printing the package line into multiple ones. The output format shouldn't have changed at all though.
* apk-tools-2.10.0v2.10.0Natanael Copa2018-06-241-1/+1
|
* apk-tools-2.10.0_rc1v2.10.0_rc1Timo Teräs2018-06-141-1/+1
|
* fetch: ignore conflicts when solving --recursive fetchesTimo Teräs2018-06-143-9/+25
|
* fetch: include install_if dependencies with --recursiveNatanael Copa2018-06-141-26/+23
| | | | | | Run apk_solver_solve once with all args as dependencies instead of running apk_solver_solve for each arg. This is neccesary so the install_if calculation is done correctly.
* url: return relevant error value from apk_istream_fetchEdan Bedrik2018-05-081-3/+10
|
* db: fix refreshing index if time is zeroTimo Teräs2018-04-051-3/+5
| | | | | | During netboot on systems without RTC, time() will be near zero, and the index fill not exist. Thus the plain test of st.st_mtime against system time failed. Verify that fstatat() succeeds.
* solver: allow names with only one provider to be autoselected regardless of ↵William Pitcock2018-02-212-3/+11
| | | | priority
* tests: make sure adding a pinning to a child dependency failsWilliam Pitcock2018-02-201-0/+5
|
* add: child dependencies can never take a pinning, give a useful errorWilliam Pitcock2018-02-201-3/+4
|
* apk: in test mode, always exit 0 (so the test harness doesn't stop running ↵William Pitcock2018-02-201-0/+5
| | | | tests)
* travis: update alpine-chroot-install to 0.7.0Jakub Jirutka2018-02-091-3/+3
|
* libfetch: support OpenSSLA. Wilcox2018-01-311-1/+1
| | | | | TLS_client_method is a LibreSSL extension. SSLv23_client_method is generic, and doesn't mean SSL v2/v3 only.
* list: use `apk list --providers` to search virtual providers instead of ↵William Pitcock2018-01-291-6/+8
| | | | enabling virtuals by default
* search: remove from APK_COMMAND_GROUP_QUERYWilliam Pitcock2018-01-291-1/+0
| | | | list does everything search does and more
* list: add option to match against real names only instead of providersWilliam Pitcock2018-01-291-1/+7
|
* list: add --depends option for searching based on rdependsWilliam Pitcock2018-01-291-3/+27
|
* list: refactor package dumping vs package filteringWilliam Pitcock2018-01-291-20/+20
|
* test: fix test6 testcaseWilliam Pitcock2018-01-291-1/+1
|
* list: new appletWilliam Pitcock2018-01-282-1/+236
| | | | | | | | | | The list applet provides a convenient way of inspecting both the available and installed package databases by listing their contents. In some ways, it is similar to `apk search` but is considered to be a superset of `apk search` functionality. A few `apk list` criterion are not yet ready though, such as `apk list --depends` which searches by runtime dependency (replacing `apk info --rdepends`).
* apk: make --help --verbose actually work.William Pitcock2018-01-091-1/+10
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 08:23:43 +0000