Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
When unpacking a file that is in root, it got a temporary file
name /.apk... however if the --root option was used it should
have the name root/.apk... otherwise unpacking will fail if the
user does not have write access to /.
Signed-off-by: Fredrik Gustafsson <fredrigu@axis.com>
|
|
Replace dash (default sh) with bash to make tests work.
|
|
|
|
|
|
Since 37fbafcd928c466c82c892a7868d686d710e5d07 the tests hasn't worked
since a string on the stack was added as version for a virtual package.
Instead create the version string on the heap and then simply leak it.
A short running program as apk shouldn't need to worry about memory
leaks.
|
|
|
|
|
|
|
|
|
|
Fixes 37fbafcd by adding more input to the hash than just second
grained time stamp - collisions would happen when running apk
scripted.
For virtual package the hash works only as unique identifier, so
try to add elements that should make it unique in most cases.
Fixes #10648
|
|
|
|
Fixes commits 37fbafcd and 1c47f374.
|
|
Add also some testing to make sure help, long help and handling
of invalid arguments works as expected.
Based on pull request #19 originally by Laurent Arnoud (@spk).
|
|
The return -1 seems to have been left over from earlier code, and
could have been treated as -EPERM. This helps to fix the other command
line handling that potentially require changing.
|
|
Notably this fixes occasional issues when doing upgrade with multiple
versions of same packages. Without this the upgrade flag is not always
propagated properly down the dependency chain.
|
|
fixes test suite regression from previous commit
|
|
Originally the virtual packages could have dependencies added to it.
However, commit b06e3b99 broke this behaviour to fix error reporting.
The root cause however was that the virtual depedency package was not
properly versioned.
This fixes to use current date/time as the package version, and
constructs the "faked" package hash from it. This effectively makes
"add -t virtpkg deps.." replace the dependencies which should be the
desired behaviour for "abuild deps".
'world' dependency to the generated virtual package is also now
versioned to make sure it get's upgraded.
|
|
|
|
BIT(1) corresponds with decimal 2, which is the first available repository.
Before this fix, `apk list -O` would list every package installed from the
first available repository, which is the 'system' repository on most Adélie
Linux computers.
After this fix, `apk list -O` correctly lists only the packages which are
no longer available.
|
|
error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]
Based on patch by Elan Ruusamäe <glen@delfi.ee>
|
|
|
|
Give error message for `apk fetch --recursive missing`
|
|
|
|
This reverts commit 358f703b76ece639e5d3634f677e0b345b1b9f89.
The short option -s conflicts info --size and fetch --stdout.
Revert this for now.
|
|
|
|
|
|
remove also redundant pkg_selectable check in repair mode.
|
|
|
|
|
|
Move addition of virtual package after the dependencies have been parsed
as then the reverse dependency structers can be populated correctly.
|
|
|
|
this would happen if same package matched multiple times due to
multiple provided names.
|
|
|
|
The hash type was accidentally changed in previous commit. Currently
csum->data cannot hold longer hash, so fix the hash.
|
|
|
|
merge_options() will write one more entry to the options table
which is the end-of-table indicator. Allocate memory for it too.
valgrind did not pick it up due to being in stack; changing alloca
to malloc would make valgrind notice the issue too.
Reported-by: Mobile Stream <info@mobile-stream.com>
|
|
|
|
there are several applets that support simulation but are not
committing changes to database
|
|
|
|
|
|
A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.
Several hardening steps are implemented to avoid this:
- the temporary file is now always first unlinked (apk thus reserved
all filenames .apk.* to be it's working files)
- the temporary file is after that created with O_EXCL to avoid races
- the temporary file is no longer directly the archive entry name
and thus directly controlled by potentially untrusted data
- long file names and link target names are now rejected
- hard link targets are now more rigorously checked
- various additional checks added for the extraction process to
error out early in case of malformed (or old legacy) file
Reported-by: Max Justicz <max@justi.cz>
|
|
Consolidate author information, so that tools like 'git shortlog' show
a single entry for each author.
|
|
This is unwanted information disclosure.
Reported-by: Max Justicz <max@justi.cz>
|
|
Most applets return whatever apk_solver_commit() returns. It is the
number of errors found (or negative for hard error). Sanitize the
error value to not give false success exit code in the unlikely case
of errors % 256 == 0.
Reported-by: Max Justicz <max@justi.cz>
|
|
We should not update repository index when --no-network is specified.
ref #9126
|
|
|
|
ref #9063
|
|
It's common for a pre-install script to do something like
addgroup -S group 2>/dev/null
When apk installs files after this, it sets the owner/group based on id cache
but currently the id cache is stale and doesn't contain the new group at that
point: instead the file will be installed with gid that the build host
happened to have for that group -- on target this might mean a non-existing
group or a completely different group.
We can't know if the script really did modify id cache contents so make sure
to reset the id cache on every script execution.
|
|
Virtual packages have the origin pointer set to NULL. Trying to print it
using the BLOB_PRINTF macros causes a segmentation fault.
Inspired by the `print_origin_name` function from `src/search.c` this
commit attempts to fix it by checking whether `pkg->origin` is NULL
before attempting to print it. If it is NULL the pkg name is printed
instead.
Since printing the pkg name requires a different format string this
commit splits the printf call for printing the package line into
multiple ones. The output format shouldn't have changed at all though.
|