summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-11-22Don't unpack files to system rootFredrik Gustafsson1-1/+5
When unpacking a file that is in root, it got a temporary file name /.apk... however if the --root option was used it should have the name root/.apk... otherwise unpacking will fail if the user does not have write access to /. Signed-off-by: Fredrik Gustafsson <fredrigu@axis.com>
2019-11-21Add debian to CI buildsFredrik Gustafsson1-3/+15
Replace dash (default sh) with bash to make tests work.
2019-11-20Add CI testing, run compile and test on pushFredrik Gustafsson1-0/+13
2019-11-18add: always use UTC for virtual package versionsMax Rees2-2/+1
2019-11-18Make tests pass and introduce a memory leakFredrik Gustafsson1-1/+1
Since 37fbafcd928c466c82c892a7868d686d710e5d07 the tests hasn't worked since a string on the stack was added as version for a virtual package. Instead create the version string on the heap and then simply leak it. A short running program as apk shouldn't need to worry about memory leaks.
2019-11-13travis: fix dependencies to match v3.10 instead of edgeJakub Jirutka1-1/+1
2019-11-13travis: update dependenciesJakub Jirutka1-2/+2
2019-11-13travis: update alpine-chroot-install to 0.11.0Jakub Jirutka1-2/+2
2019-11-13travis: change dist to bionicJakub Jirutka1-1/+1
2019-07-02add: fix virtual package id generationTimo Teräs1-16/+35
Fixes 37fbafcd by adding more input to the hash than just second grained time stamp - collisions would happen when running apk scripted. For virtual package the hash works only as unique identifier, so try to add elements that should make it unique in most cases. Fixes #10648
2019-06-05apk-tools-2.10.4v2.10.4Timo Teräs1-1/+1
2019-06-05reset TZ when running solver tests as some output has local timeTimo Teräs3-2/+3
Fixes commits 37fbafcd and 1c47f374.
2019-06-05print usage and exit with error on invalid argumentsTimo Teräs2-6/+29
Add also some testing to make sure help, long help and handling of invalid arguments works as expected. Based on pull request #19 originally by Laurent Arnoud (@spk).
2019-06-05fix all applets to return -ENOTSUP if it's unrecognizedTimo Teräs5-5/+5
The return -1 seems to have been left over from earlier code, and could have been treated as -EPERM. This helps to fix the other command line handling that potentially require changing.
2019-06-05solver: fix common dependency merging to inherit pinning and flagsTimo Teräs1-3/+7
Notably this fixes occasional issues when doing upgrade with multiple versions of same packages. Without this the upgrade flag is not always propagated properly down the dependency chain.
2019-06-03use fixed system time in test mode to have fixed test outputTimo Teräs7-6/+18
fixes test suite regression from previous commit
2019-06-03add: make virtual packages upgradeable (ref #9957)Timo Teräs1-3/+12
Originally the virtual packages could have dependencies added to it. However, commit b06e3b99 broke this behaviour to fix error reporting. The root cause however was that the virtual depedency package was not properly versioned. This fixes to use current date/time as the package version, and constructs the "faked" package hash from it. This effectively makes "add -t virtpkg deps.." replace the dependencies which should be the desired behaviour for "abuild deps". 'world' dependency to the generated virtual package is also now versioned to make sure it get's upgraded.
2019-05-28Fix compile with glibcIan Douglas Scott1-1/+1
2019-05-01list: Detect orphaned packages correctlyA. Wilcox1-2/+2
BIT(1) corresponds with decimal 2, which is the first available repository. Before this fix, `apk list -O` would list every package installed from the first available repository, which is the 'system' repository on most Adélie Linux computers. After this fix, `apk list -O` correctly lists only the packages which are no longer available.
2019-02-13fix strncpy bounds errorsTimo Teräs5-6/+26
error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation] Based on patch by Elan Ruusamäe <glen@delfi.ee>
2019-02-13include sys/sysmacros.h for makedev definitionElan Ruusamäe2-0/+2
2019-01-10fetch: fix error message for --recursiveNatanael Copa1-1/+3
Give error message for `apk fetch --recursive missing`
2018-11-15apk-tools-2.10.3v2.10.3Timo Teräs1-1/+1
2018-11-15Revert "move --simulate to global options"Timo Teräs1-2/+5
This reverts commit 358f703b76ece639e5d3634f677e0b345b1b9f89. The short option -s conflicts info --size and fetch --stdout. Revert this for now.
2018-11-12fix orphan package handling for certain provides casesTimo Teräs1-15/+17
2018-11-12prefer selecting packages by their primary nameTimo Teräs3-8/+25
2018-11-12fix package preference based on it's conflicts in --latest modeTimo Teräs1-4/+5
remove also redundant pkg_selectable check in repair mode.
2018-11-09apk-tools-2.10.2v2.10.2Timo Teräs1-1/+1
2018-11-02fix short option string to be nil terminatedTimo Teräs1-0/+1
2018-11-02fix error reporting for virtual package additionTimo Teräs1-1/+1
Move addition of virtual package after the dependencies have been parsed as then the reverse dependency structers can be populated correctly.
2018-11-02don't report virtual packages as maskedTimo Teräs1-1/+1
2018-11-02inhibit printing same 'required by' dependency multiple timesTimo Teräs1-0/+5
this would happen if same package matched multiple times due to multiple provided names.
2018-11-02print: don't print spurious newlinesTimo Teräs3-7/+5
2018-10-30fix xattr hash to be sha1Timo Teräs1-1/+1
The hash type was accidentally changed in previous commit. Currently csum->data cannot hold longer hash, so fix the hash.
2018-10-26add support for openssl 1.1Timo Teräs8-54/+90
2018-10-05apk: fix all_options array size off-by-oneTimo Teräs1-1/+1
merge_options() will write one more entry to the options table which is the end-of-table indicator. Allocate memory for it too. valgrind did not pick it up due to being in stack; changing alloca to malloc would make valgrind notice the issue too. Reported-by: Mobile Stream <info@mobile-stream.com>
2018-09-25cache: support --latest and --upgrade to affect download policyTimo Teräs1-3/+41
2018-09-25move --simulate to global optionsTimo Teräs1-5/+2
there are several applets that support simulation but are not committing changes to database
2018-09-11add: add --latest flag to help analyze why upgrade failsTimo Teräs1-0/+6
2018-09-10apk-tools-2.10.1v2.10.1Timo Teräs1-1/+1
2018-09-10rework unpacking of packages and harden package file format requirementsTimo Teräs6-105/+142
A crafted .apk file could to trick apk writing unverified data to an unexpected file during temporary file creation due to bugs in handling long link target name and the way a regular file is extracted. Several hardening steps are implemented to avoid this: - the temporary file is now always first unlinked (apk thus reserved all filenames .apk.* to be it's working files) - the temporary file is after that created with O_EXCL to avoid races - the temporary file is no longer directly the archive entry name and thus directly controlled by potentially untrusted data - long file names and link target names are now rejected - hard link targets are now more rigorously checked - various additional checks added for the extraction process to error out early in case of malformed (or old legacy) file Reported-by: Max Justicz <max@justi.cz>
2018-09-10add .mailmap to consolidate git shortlogRobert Hencke1-0/+5
Consolidate author information, so that tools like 'git shortlog' show a single entry for each author.
2018-09-05libfetch: do not give out user/hostname as ftp anonymous passwordTimo Teräs1-15/+5
This is unwanted information disclosure. Reported-by: Max Justicz <max@justi.cz>
2018-09-05apk: sanitize return valueTimo Teräs1-0/+2
Most applets return whatever apk_solver_commit() returns. It is the number of errors found (or negative for hard error). Sanitize the error value to not give false success exit code in the unlikely case of errors % 256 == 0. Reported-by: Max Justicz <max@justi.cz>
2018-08-21prevent automatic repository index update with --no-networkNatanael Copa1-1/+2
We should not update repository index when --no-network is specified. ref #9126
2018-08-14archive: enable FIFO extractionJesse Young1-2/+4
2018-07-18prevent automatic repository index update for 'apk del'Timo Teräs3-4/+7
ref #9063
2018-07-02Invalidate id cache after script executionJussi Kukkonen1-0/+4
It's common for a pre-install script to do something like addgroup -S group 2>/dev/null When apk installs files after this, it sets the owner/group based on id cache but currently the id cache is stale and doesn't contain the new group at that point: instead the file will be installed with gid that the build host happened to have for that group -- on target this might mean a non-existing group or a completely different group. We can't know if the script really did modify id cache contents so make sure to reset the id cache on every script execution.
2018-07-02list: fix segmentation fault with virtual packagesSören Tempel1-3/+9
Virtual packages have the origin pointer set to NULL. Trying to print it using the BLOB_PRINTF macros causes a segmentation fault. Inspired by the `print_origin_name` function from `src/search.c` this commit attempts to fix it by checking whether `pkg->origin` is NULL before attempting to print it. If it is NULL the pkg name is printed instead. Since printing the pkg name requires a different format string this commit splits the printf call for printing the package line into multiple ones. The output format shouldn't have changed at all though.
2018-06-24apk-tools-2.10.0v2.10.0Natanael Copa1-1/+1