| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
fixes #8161
(cherry picked from commit 2da67940d50865d206f6a79165ce7b3de5a90de3)
|
|
This unloads --force as several of the things are really not wanted
together. E.g. --force-refresh is a lot different from --force-broken-world
and doing --force to get the other might introduce unwanted behaviour.
--force is still kept for backwards compatibility and it enables
most things --force was used for.
(cherry picked from commit 039ff3bd466819909a5295a43e40947a9e0b6c16)
|
|
ref #8161
(cherry picked from commit f90af35e9c563bd4f865d8d47a7ae357191494db)
|
|
This flag enables a group of options used during initramfs tmpfs
initial install.
(cherry picked from commit e0eff8742f342c2c23e1d7ee081f3afd08cb5169)
|
|
This flag skips running hook scripts
This flag *must* be used during initramfs tmpfs initial install.
The reason that this new flag is needed is that the hooks will currently
always fail as musl and /bin/sh is missing at this stage on diskless.
(cherry picked from commit 23cb10477537a2bbf40ac06a61046f75f2b160c5)
|
|
fixes #8160
(cherry picked from commit 99e7bb93dfff2f43987b81ce7600ad8fbd0ce64c)
|
|
This change just changes to keep deleted directory items in
the hash with ref count zero and modified flag set. Those entries
are reused when needed. The side effect is that fire_triggers()
will now see those removed direcotries and reports them. Other
enumerators of the directories hash are protected to skip removed
directories when appropriate.
(cherry picked from commit b0fcc56f221e749271bb2aa13e151699e62b09ac)
|
|
(cherry picked from commit 667cb6bca799e58f58f22ad868761c022c6600dc)
|
|
In discovery phase, there was logic to not process packages
multiple times. However, that logic failed to account the package's
depth and install_if state for the name being processed. This
caused install_if processing failure in certain topologies of the
dependency graph. Adds also a test case that should catch this
issue reliably.
(cherry picked from commit 8e7fd3e06f300bd76b659db1164da1ee12f16870)
|
|
(cherry picked from commit 97d8aab0c2e53ee82589a591637028294a6ab449)
|
|
|
|
|
|
this fixes package selection when a 'real' package exists, but would
need to be provided by another package with 'virtual provides'.
In current package database this can happen with postgresql which is
also provided by postgresql-bdr. Normally postgresql would be satisfied
by postgresql, but if any package depends on postgresql-bdr and there's
no versioned dependency on postgresql this will help apk figure out
that postgresql-bdr should be used.
|
|
|
|
dbopts->root may be null; use db->root instead
fixes #7162
|
|
|
|
OpenSSL allows passing zero-length to indicate "use strlen".
LibreSSL requires using the real length always, so pass the length.
|
|
X509_check_host() is introduced in libressl-2.5.0 and openssl-1.0.2
which are not yet universally available. Add support for building
against the older versions.
|
|
loosely based on the freebsd implementation, implement https
connection settings to override CA, and use client certificate.
new files supported in /etc/apk/:
ca.pem - if exists, it contains CAs acceptable for https
(otherwise system wide CAs are used)
crl.pem - if ca.pem is used, this is the (optional) CRL for it
cert.pem - used as client authentication certificate (+ key)
cert.key - used as client key (can be also inside cert.pem)
|
|
|
|
from freebsd
|
|
|
|
ftp://ftp.fu-berlin.de/unix/NetBSD/packages/current-src/pkgsrc/net/libfetch/files
libfetch comes (at least) in netbsd and freebsd flavors which
differing functionality. Alpine and Arch package netbsd one,
but it's not widely packaged across other distributions.
We need NetBSD version as it does not use funopen(3) which is not
supported in musl, and supports connection pooling.
FreeBSD seems to be the orignal and better maintained version
with support for SSL CAs, client certificate authentication,
proxy authentication, and improved http redirect handling.
So this imports NetBSD version, and future commits will pick up
the needed improvements from FreeBSD tree.
Incidentally, this also fixes #7857 and likes for good.
|
|
this is a regression introduced in commit 349c61c9
("add support for pre and post commit hooks")
|
|
|
|
based on github pull request #5
|
|
found by clang
|
|
|
|
|
|
|
|
|
|
|
|
APKs have been created with GNU tar so far, which uses the
GNU extensions for long names. In order to increase portability
support the standard header's 'prefix' portion in case
the GNU extensions are not present.
|
|
Depending how the directory entries are ordered, the cached dir
instance might not have been updated correctly. This has not been
a problem as the entries have been ordered, but is now triggered
on ppc.
|
|
|
|
The main usage is for alpine-chroot-install and similar scripts, so it
can depend on specific *persistent* version.
|
|
|
|
This reduces function pointers in heap, and unifies how the
io functions are called.
|
|
Detect properly if the file stream gets an error during these
read operations.
Reported-by: Ariel Zelivansky from Twistlock
|
|
The value from tar header is unsigned int; keep it casted to
unsigned int and size_t instead of (signed) int, otherwise
the comparisons fail to do their job properly. Additionally check
entry.size against SSIZE_MAX so the rounding up later on is
guaranteed to not overflow.
Fixes CVE-2017-9669 and CVE-2017-9671.
Reported-by: Ariel Zelivansky from Twistlock
|
|
This reverts commit ee5ce7284aef8679fabcf728dd5bd5a17c965798.
|
|
|
|
|
|
This behaviour has been changed in: 7d5cd2c8a0052a7446515f90d3d0ea5cc2e93efe.
|
|
Variable QEMU_EMULATOR is set by enter-chroot script from
alpine-chroot-install.
|
|
|
|
|
|
|
|
|
