aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* rework unpacking of packages and harden package file format requirementsTimo Teräs2018-09-106-105/+142
| | | | | | | | | | | | | | | | | | | A crafted .apk file could to trick apk writing unverified data to an unexpected file during temporary file creation due to bugs in handling long link target name and the way a regular file is extracted. Several hardening steps are implemented to avoid this: - the temporary file is now always first unlinked (apk thus reserved all filenames .apk.* to be it's working files) - the temporary file is after that created with O_EXCL to avoid races - the temporary file is no longer directly the archive entry name and thus directly controlled by potentially untrusted data - long file names and link target names are now rejected - hard link targets are now more rigorously checked - various additional checks added for the extraction process to error out early in case of malformed (or old legacy) file Reported-by: Max Justicz <max@justi.cz>
* apk: sanitize return valueTimo Teräs2018-09-051-0/+2
| | | | | | | | | Most applets return whatever apk_solver_commit() returns. It is the number of errors found (or negative for hard error). Sanitize the error value to not give false success exit code in the unlikely case of errors % 256 == 0. Reported-by: Max Justicz <max@justi.cz>
* prevent automatic repository index update with --no-networkNatanael Copa2018-08-211-1/+2
| | | | | | We should not update repository index when --no-network is specified. ref #9126
* archive: enable FIFO extractionJesse Young2018-08-141-2/+4
|
* prevent automatic repository index update for 'apk del'Timo Teräs2018-07-183-4/+7
| | | | ref #9063
* Invalidate id cache after script executionJussi Kukkonen2018-07-021-0/+4
| | | | | | | | | | | | | It's common for a pre-install script to do something like addgroup -S group 2>/dev/null When apk installs files after this, it sets the owner/group based on id cache but currently the id cache is stale and doesn't contain the new group at that point: instead the file will be installed with gid that the build host happened to have for that group -- on target this might mean a non-existing group or a completely different group. We can't know if the script really did modify id cache contents so make sure to reset the id cache on every script execution.
* list: fix segmentation fault with virtual packagesSören Tempel2018-07-021-3/+9
| | | | | | | | | | | | | | Virtual packages have the origin pointer set to NULL. Trying to print it using the BLOB_PRINTF macros causes a segmentation fault. Inspired by the `print_origin_name` function from `src/search.c` this commit attempts to fix it by checking whether `pkg->origin` is NULL before attempting to print it. If it is NULL the pkg name is printed instead. Since printing the pkg name requires a different format string this commit splits the printf call for printing the package line into multiple ones. The output format shouldn't have changed at all though.
* fetch: ignore conflicts when solving --recursive fetchesTimo Teräs2018-06-143-9/+25
|
* fetch: include install_if dependencies with --recursiveNatanael Copa2018-06-141-26/+23
| | | | | | Run apk_solver_solve once with all args as dependencies instead of running apk_solver_solve for each arg. This is neccesary so the install_if calculation is done correctly.
* url: return relevant error value from apk_istream_fetchEdan Bedrik2018-05-081-3/+10
|
* db: fix refreshing index if time is zeroTimo Teräs2018-04-051-3/+5
| | | | | | During netboot on systems without RTC, time() will be near zero, and the index fill not exist. Thus the plain test of st.st_mtime against system time failed. Verify that fstatat() succeeds.
* solver: allow names with only one provider to be autoselected regardless of ↵William Pitcock2018-02-211-2/+3
| | | | priority
* add: child dependencies can never take a pinning, give a useful errorWilliam Pitcock2018-02-201-3/+4
|
* apk: in test mode, always exit 0 (so the test harness doesn't stop running ↵William Pitcock2018-02-201-0/+5
| | | | tests)
* list: use `apk list --providers` to search virtual providers instead of ↵William Pitcock2018-01-291-6/+8
| | | | enabling virtuals by default
* search: remove from APK_COMMAND_GROUP_QUERYWilliam Pitcock2018-01-291-1/+0
| | | | list does everything search does and more
* list: add option to match against real names only instead of providersWilliam Pitcock2018-01-291-1/+7
|
* list: add --depends option for searching based on rdependsWilliam Pitcock2018-01-291-3/+27
|
* list: refactor package dumping vs package filteringWilliam Pitcock2018-01-291-20/+20
|
* list: new appletWilliam Pitcock2018-01-282-1/+236
| | | | | | | | | | The list applet provides a convenient way of inspecting both the available and installed package databases by listing their contents. In some ways, it is similar to `apk search` but is considered to be a superset of `apk search` functionality. A few `apk list` criterion are not yet ready though, such as `apk list --depends` which searches by runtime dependency (replacing `apk info --rdepends`).
* apk: make --help --verbose actually work.William Pitcock2018-01-091-1/+10
|
* apk: properly error out if an unknown command is requestedWilliam Pitcock2018-01-091-1/+5
|
* apk: commit options help text: fix typo concerning diskless bootWilliam Pitcock2018-01-091-1/+1
|
* apk: usage: cleanup help text when no applet is selectedWilliam Pitcock2018-01-0916-13/+52
|
* fix --update-cache help to reflect realityTimo Teräs2018-01-091-1/+1
| | | | | Internally the value is in seconds, but on command line it's in minutes.
* auto-update index only when database is opened for writingTimo Teräs2018-01-082-1/+3
|
* increase libfetch connection pool limits slightlyTimo Teräs2018-01-041-1/+1
|
* enable automatic update of indexes controlled by --cache-max-ageTimo Teräs2018-01-049-36/+53
| | | | | | | | | | | | | | | | This modifies apk cache for indexes to be automatically refreshed periodically without explicit 'update' or '--update-cache' usage. The default is to do if-modified-since request if the local copy is older than 4 hours. This age can be changed with --cache-max-age. Using --update-cache will change this age to 60 seconds to make sure the cached copy is relatively new. The small age is in order to try to avoid downloading indexes second time when apk-tools is upgraded and apk re-execs after self-upgrade. Accordingly using explicitly 'apk update' will now enforce --force-refresh and request the very latest index by requesting any potential http proxy to do refresh too.
* url: add "Cache-Control: no-cache" header with --force-refreshTimo Teräs2018-01-031-1/+1
| | | | fixes #8161
* split --force to several --force-[type] optionsTimo Teräs2018-01-039-24/+60
| | | | | | | | | This unloads --force as several of the things are really not wanted together. E.g. --force-refresh is a lot different from --force-broken-world and doing --force to get the other might introduce unwanted behaviour. --force is still kept for backwards compatibility and it enables most things --force was used for.
* add new umbrella flag --initramfs-diskless-bootHenrik Riomar2018-01-031-0/+6
| | | | | This flag enables a group of options used during initramfs tmpfs initial install.
* add new flag --no-commit-hooksHenrik Riomar2018-01-033-0/+9
| | | | | | | | This flag skips running hook scripts This flag *must* be used during initramfs tmpfs initial install. The reason that this new flag is needed is that the hooks will currently always fail as musl and /bin/sh is missing at this stage on diskless.
* db: fix triggers to report deleted directoriesTimo Teräs2018-01-032-16/+20
| | | | | | | | | This change just changes to keep deleted directory items in the hash with ref count zero and modified flag set. Those entries are reused when needed. The side effect is that fire_triggers() will now see those removed direcotries and reports them. Other enumerators of the directories hash are protected to skip removed directories when appropriate.
* apk, del: fix few memory leaksTimo Teräs2018-01-032-1/+5
| | | | | | This fixes couple of valgrind reported leaks - though they are non-important since the leak happens on "exit" only and kernel frees it anyway.
* commit: properly analyze packages with provides="$pkgname"Timo Teräs2018-01-021-1/+2
|
* fix typo in MIPS byte-order apk_defines.hNils Andreas Svee2017-12-151-1/+1
|
* solver: fix potential install_if processing failure, fixes #8237Timo Teräs2017-12-121-46/+49
| | | | | | | | | In discovery phase, there was logic to not process packages multiple times. However, that logic failed to account the package's depth and install_if state for the name being processed. This caused install_if processing failure in certain topologies of the dependency graph. Adds also a test case that should catch this issue reliably.
* add detection of mips archsNils Andreas Svee2017-12-111-0/+8
|
* fetch: print additional error diagnostics in verbose modeTimo Teräs2017-11-281-2/+5
|
* solver: prefer highest requirer count above installed statusWilliam Pitcock2017-11-021-5/+5
| | | | | This ensures a swap is emitted when replacing a virtual with apk add.
* solver: fix dbg_printf() call in select_package()William Pitcock2017-11-021-2/+2
|
* solver: only select a default if there is at least one provider with a ↵William Pitcock2017-11-021-0/+6
| | | | declared provider_priority
* solver: instead of tracking selected packages, score by requirer count for ↵William Pitcock2017-11-022-7/+13
| | | | tiebreaking
* solver: implement support for choosing default virtualsWilliam Pitcock2017-11-024-7/+27
| | | | | | | | | | By introducing a new package metadata field, `provider_priority` (index letter `k`), we can specify default packages to satisfy a virtual. If a user wishes to select an alternative provider for the virtual, a changeset swapping the default provider for the selected provider will be generated by the dependency resolver.
* solver: consider virtual provides to exclude non-provides transitivelyTimo Teräs2017-10-272-12/+20
| | | | | | | | | | | this fixes package selection when a 'real' package exists, but would need to be provided by another package with 'virtual provides'. In current package database this can happen with postgresql which is also provided by postgresql-bdr. Normally postgresql would be satisfied by postgresql, but if any package depends on postgresql-bdr and there's no versioned dependency on postgresql this will help apk figure out that postgresql-bdr should be used.
* io: fix skip and splice to detect unexpected end-of-fileTimo Teräs2017-10-122-31/+22
|
* db: handle default root correctly for /procTimo Teräs2017-10-101-1/+1
| | | | | | dbopts->root may be null; use db->root instead fixes #7162
* build and use bundled libfetch nativelyTimo Teräs2017-10-051-4/+7
|
* package: remove package script after use (fixes #7974)Timo Teräs2017-10-041-6/+9
| | | | | this is a regression introduced in commit 349c61c9 ("add support for pre and post commit hooks")
* info: fix typo in helpDamiano Albani2017-09-271-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-24 08:47:38 +0000