Age | Commit message (Collapse) | Author | Files | Lines |
|
A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.
Several hardening steps are implemented to avoid this:
- the temporary file is now always first unlinked (apk thus reserved
all filenames .apk.* to be it's working files)
- the temporary file is after that created with O_EXCL to avoid races
- the temporary file is no longer directly the archive entry name
and thus directly controlled by potentially untrusted data
- long file names and link target names are now rejected
- hard link targets are now more rigorously checked
- various additional checks added for the extraction process to
error out early in case of malformed (or old legacy) file
Reported-by: Max Justicz <max@justi.cz>
|
|
This unloads --force as several of the things are really not wanted
together. E.g. --force-refresh is a lot different from --force-broken-world
and doing --force to get the other might introduce unwanted behaviour.
--force is still kept for backwards compatibility and it enables
most things --force was used for.
|
|
This flag skips running hook scripts
This flag *must* be used during initramfs tmpfs initial install.
The reason that this new flag is needed is that the hooks will currently
always fail as musl and /bin/sh is missing at this stage on diskless.
|
|
|
|
based on github pull request #5
|
|
|
|
this fixes build on ppc64le
|
|
|
|
|
|
This allows for instance integration of etckeeper
[TT: Reorganized code a bit, and modified to use single
directory commit_hooks.d with argument for script of stage.]
|
|
trigger it only if apk-tools can be upgrade, add test cases
|
|
- self-conflicts when the exact same version of a name is provided
twice is now properly detected and diagnozed
- don't print redundant satisfies diagnostic
|
|
fixes #4019
|
|
Apk used to reset directory permissions always, but this is undesirable
if user has modified the permissions - especially during tmpfs boot.
Though, it is desirable to update the permissions when packaging has
changed permissions, or a new package is installed and the merged
permission mask / owner changes.
Thus the new code updates the permissions only if:
1) We are booting and directory is not in apkovl
2) The directory is modified by a package install/remove/upgrade
3) The filesystem directory permission matched database
Additionally "apk fix --directory-permissions" can be used to reset
all directory permissions to the database defaults.
Fixes #2966
|
|
allow packages in the cache's installed to be selected for installation
by the solver. add test case for the issue.
|
|
apk would try run the trigger even if package failed to install.
|
|
|
|
|
|
|
|
fixes #1482
|
|
|
|
Wildcard matching with no names should match all packages only for
info and search applet. "apk del" would otherwise try to delete
everything, etc.
Fix also interactive mode to ask questions only if we are actually
changing something.
|
|
- let the apk_print functions deal with the forced print itself. We
avoid that the callbacks need to deal with the force flag. We can
also get rid of the APK_PRINT_PROGRESS_* defines.
- let the reader of --progress-fd decide how often things are updated
rather than having a fixed granularity off 1/100 (percent)
- avoid detect screen size and percent/bar calculations in case the
--no-progress was given
- track satistics for both the ascii bar and percent info and update bar
only if either percent or bar changes. This makes the bar go smoother
when width is wider than 100 chars and it makes the percent counter
go smooth when screen width is less thann 100 chars. It also
simplifies the callbacks as they no longer need to deal with update
granularity.
|
|
Select latest version of package (if it is not pinned), and print
error if it cannot be installed due to other dependencies.
Together with --available, it selects the latest package which is
present at least in some repository.
This also fixes few solver issues with ordering of package selection
that got quite apparent with this flag. Namely, we cannot "lock"
a package until it's reverse dependencies are locked or not all of
the solver flags are propagated properly.
|
|
the pinning11 changed when @repo got the leading @ on error messages.
analyze_dep() now properly ignores conflict dependencies, as those
names are usually intentionally left unassigned.
|
|
|
|
if all packages named N provide the virtual package, list only the
name N instead of all packages providing it.
|
|
|
|
no need to muldiv all the time, just pass the current amount of bytes
done, and let callbacks use that directly.
|
|
|
|
|
|
and add the provided version information to the conflicts.
fixes the final test case that was broken. hooray.
|
|
|
|
... in the error printing and the package deletion.
|
|
Instead of the dependency oriented logic, switch to print them
for each package or name needed. Might give a bit more readable
errors now. There's still few corner cases that proper error is
not output, which are cought by the test cases.
|
|
mostly useful for reboot, when all packages are not available.
|
|
Fix also pinning test cases to be more sane.
|
|
Handle properly per-name preference flags, and add test cases
for testing those via fix applet.
|
|
Implementing basic dependency handling, install_if and awareness
of pinning.
|