Age | Commit message (Collapse) | Author | Files | Lines |
|
commit 941fc1b1 uncovered a bug that directory permissions are
not updated properly at db load time if it's the default acl.
|
|
there's no nice syscall to manipulate xattrs with atfd and
or open the symlink without dereferencing it (and having fd
that we can do xattrs with)
|
|
user xattrs on tmpfs are not supported no non-grsec kernels,
and many times root fs is mounted without user_xattr. Thus
to allow things to go smoothly on non-grsec kernels xattr
unsupported errors are now hidden.
xattrs can be fixed still now with "apk fix --xattrs"
|
|
|
|
ref #3027
|
|
|
|
fixes #3840
|
|
there are only few combinations for that triplet, and they
occur multiple times reducing the struct sizes a bit. make
sane defaults and prepare to not write defaults to disk
to reduce on-disk installed db size.
|
|
Add also a new 'commit' group that is the common options
for all applets that can commit package changes.
|
|
fixes #2113
|
|
This implements a new protected path flag '!' to include always
matching entries in the backup mode (overlay). This is also turned
on for etc/apk to include everything there in overlay, because
the full list of repositories and signing keys need to be in
overlay - just getting them from a package is not enough during
bootstrap.
|
|
|
|
|
|
|
|
|
|
Add new 'd' flag for it.
|
|
If a directory has protection mask, but does not exist in db, we
do not handle it right unless we calculate the protection mask by
hand, or create temporary db dir entry for it. For simplicity create
always the db dir entry -- depending on audit type we likely need
to create it anyway. This commit also caches the db dir entry in the
audit tree context to avoid duplicate lookups. ref #1241.
|
|
Use the paths' protection mask where available instead of the parent
paths'. ref #1241
|
|
|
|
fixes #607.
audit is now mostly rewritten for the new functionality. And
has new features like --check-permissions, --recursive and
--packages.
$ROOT/etc/apk/protected_files.d/*.list can now contain additional
protected paths, one path per line:
+etc
@etc/init.d
-tmp
+ will include the directory as protected configuration directory.
@ considers the directory protected, but will backup only symlinks.
- removes any protection
lbu should be modified to put include and exclude paths in
etc/apk/protected_files.d/lbu.list. Additionally, some packages
might provide their own listings.
E.g. ssh might want to provide ssh.list with something like:
+root/.ssh
+home/*/.ssh
|
|
|
|
And implement --directory-permissions for fix-applet to reset all
directory uid, gid and modes.
|
|
|
|
|
|
this makes the database package entry smaller, and we propbably
get more fields to installed_package later too. this cleans up
the way scripts are stored and is a preparation for supporting
triggers. some parsing for trigger meta-data. ref #45.
|
|
so user can override trusted keys directory and repositories file.
|
|
they are not needed, and cause errors if signing keys are not
present.
|
|
|
|
usually we are interested on the actual file's length. but
audit is interested about the link. so add a flag for this and
use it in audit.
|
|
make the system audit compare only installed files, instead of
scanning the whole file system. also make it print only package
names with -q, so reinstalling modified packages becomes easy.
|
|
this way we never change cwd, and relative filenames are always
parsed consistently. this also helps filename construction in many
places. this patch also changes '--root' to override location of
all configuration to be in the new root. previously it depended
on the file which one was used.
|
|
also take precautions in audit code if the db is missing the
checksum.
|
|
and use it for /etc/init.d by default. fixes #99.
|
|
to check system files for changes.
|
|
this also convers scripts file to a tar archive.
|
|
avoid recalculating hashes, and store the lengths of names, so
we can optimize some operations.
|
|
in future we want to checksum on gzip boundary basis, not the
full file.
|
|
And add some more verbosity to the help message.
|
|
A = "added"
U = "updated"
|
|
Add flags field to db open call. Also make error reporting quite a bit
more detailed.
|
|
also introduce apk_verbosity. --quiet reduce verbosity and --verbose
increases it.
Default verbosity is 1.
|
|
Currently only implement --backup to get list of (config) files in
protected directories to backup.
This also fixes a database corruption bug in database.c.
|