summaryrefslogtreecommitdiff
path: root/src/database.c
AgeCommit message (Collapse)AuthorFilesLines
2021-07-27Refactor .apk extraction codeTimo Teräs1-80/+41
This moves and isolates the tar code to tar.c. And the actual file extraction to disk is moved to extract.c. A new API is introduced and used for v2 file extraction. This essentially moves and isolates the apk_sign_ctx_* beast into extract_v2.c and offers a saner interface to handling packages. A place holder is added for v3 extraction.
2021-07-26db: add some error checking to database state writeTimo Teräs1-39/+50
Make errors more observable. Unfortunately full rollback is non-trivial to implement. This is something to be fixed with the v3 database format.
2021-07-26db: fix installed db writing with long namesSamanta Navarro1-5/+10
Packages containing files with path names longer than 1024 characters cannot fit into the buffer which is used to write "installed" database. This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because apk_blob_push_blob notices the condition and correctly handles it. The problem occurs when arguments to apk_ostream_write are manually calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a case, bbuf.ptr - buf leads to a huge size value while buf still points into the stack. fixes #10751 [TT: minor edit to commit and abbreviating the commit message]
2021-07-23db: allow read-only operations without cacheTimo Teräs1-3/+6
fixes #10748
2021-07-22io: formalize apk_ostream_write() always writing full dataTimo Teräs1-9/+9
2021-07-22rework apk_istream_splice and apk_istream_teeTimo Teräs1-50/+28
- apk_istream_splice usage is converted to apk_stream_copy which is the newer variant. With caching enabled by default, this makes more sense mmapping or using separate buffers. - apk_istream_tee is reworked to write to apk_ostream, which simplifies quite a bit of various things
2021-07-22io: rework apk_istream_get_* to not return erros in blob valueTimo Teräs1-16/+16
The interface was slightly cumbersome, so replace these functions to return explicit error, and make the return blob a pointer arg.
2021-06-21db: check syscall errors in update_permissions()Timo Teräs1-5/+18
2021-06-19reduce misuse of error codes from errno.hTimo Teräs1-4/+4
2021-06-11extract: new applet to extract v2 packagesTimo Teräs1-2/+2
2021-06-11add basic abstraction for cryptographic operationsTimo Teräs1-27/+42
- basic digesting and signing apis (subject still to fine tuning) - update digest code, and adb signing for the thin wrapping layer - old v1 package and database handling not updated - default mkpkg file hash to sha256 ref #10744
2021-03-19database: do not chroot(".") unless actually necessaryAriadne Conill1-2/+12
If we use default root (/), then we do not have to chroot to run scripts. Use APK_NO_CHROOT flag for this scenario to avoid the chroot. This helps with using apk with bwrap and OSTree. Closes #10736.
2021-02-07db: fix control character check to use uint8_tTimo Teräs1-2/+2
fixes #10737
2021-02-04db: consider control characters in filename as maliciousTimo Teräs1-11/+19
Especially a newline can produce havoc in the database file as the filename is written there as-is. This hardenes the extraction to consider any control character as malicious. Additional hardening is added to database loading to better detect corrupt state and return proper error code about it. Reported-by: Luca Weiss <luca@z3ntu.xyz>
2021-01-14database.c: Fixed package DESCRIPTION parsingthibault.ferrante1-0/+1
Regression introduced by 0fb0d30 which makes parsing a description a critical failure. [TT: Minor stylistic change. Fix also missing final line change from the earlier commit]
2021-01-11database: Propagate errors when loading an APKINDEXthibault.ferrante1-6/+7
In case of failure when loading an APKINDEX, no errors are propagated to the user which may uncorrectly interpret the current problem.
2020-10-09rename adb_trust to apk_trust, and use it as package signature keystore tooTimo Teräs1-6/+3
2020-10-09make apk_database optional for applets that don't need itTimo Teräs1-35/+7
The new v3 applets don't use it, and eventually all applets will use the new formats only. This prepares the code for this, and moves trust, id_cache, and root_fd to apk_ctx which is enough for v3 applets at this time. The generic code is made to not initialize apk_database if it's not needed.
2020-10-09rename apk_db_options to apk_ctx, rework loggingTimo Teräs1-129/+129
makes apk_verbosity non-global fixes #10682
2020-10-09make apk_flags non-global, make progress printing state non-globalTimo Teräs1-17/+17
ref #10682
2020-10-09make apk_force non-global, remove left-over apk_archTimo Teräs1-10/+11
ref #10682
2020-10-09db: convert repository list to a string arrayTimo Teräs1-3/+4
2020-10-09io: make ostream_file always use tmpnameTimo Teräs1-30/+5
2020-10-09adb: introduce apk-tools database format, and few appletsTimo Teräs1-0/+8
This is a flat buffers inspired format that allows fast mmaped access to the data with low overhead, signature support and relatively good forward support.
2020-10-07various changes to make clang not give warningsTimo Teräs1-4/+4
2020-10-06db: make the --repositories-file change more announcedTimo Teräs1-3/+7
Document the version when changed. And print error with similar note if the given repositories-file cannot be read.
2020-10-06database: automatically create missing cache dirPaul Spooren1-0/+6
On some systems the `/var/` dir is mounted in a tmpfs which is reseted after each reboot. For that reason no post-install script can handle the creation of the cache dir at `/var/cache/apk`. Check on database opnening if the folder is available, if not create it. Fixes #10715 Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-10-05db: make --repositories-file relative to host rootTimo Teräs1-1/+1
It used to be relative to the --root specified root, but that causes issues with relative command line filenames and is unintuitive. Update documentation accordingly. Fixes #10702.
2020-10-05db: mask password component of printed URLsTimo Teräs1-12/+19
fixes #10710
2020-10-01db: check cache only if some repositories are enabledTimo Teräs1-1/+1
2020-08-29database: clarify the deprecation notice for checksum-less packagesAriadne Conill1-3/+7
Closes #10708.
2020-05-27database: create additional device nodes when initializing root fsAriadne Conill1-0/+4
Some triggers and maintainer scripts depend on /dev/random, /dev/urandom, /dev/zero and /dev/console.
2020-05-19make the atom functions not use global stateTimo Teräs1-17/+19
This greatly helps with memory management on applications that may want to daemonize and open/close database several times. Also the lifetime and "owner" of memory for all data is now explicitly bound to owning struct apk_database, which might be helpful when writing language bindings. As side effect, the interned "atoms" are unique only within what apk_database, so comparing packages from different apk_database may not work as expected. Fixes #10697
2020-05-07use SPDX-License-Identifier in source filesTBK1-3/+1
2020-04-28apk: do not manage file ownership as non-root or when asked soFredrik Gustafsson1-1/+5
If apk is run as a non-root user, it's not possible to chown files. Maintainers note: minor wording changes on commit log and man page. Signed-off-by: Fredrik Gustafsson <fredrigu@axis.com>
2020-04-01db: fix database reading without scripts or triggersTimo Teräs1-6/+10
Most notably this happens after blank database is initialized with --initdb, but can happen also in other conditions. The error checking changes modified behaviour if the file does not exist. Explicitly check for ENOENT and ignore it. But the behaviour is improved from earlier as now e.g. EPERM will be detected and reported correctly. Fixes #10679 Fixes: 6da3e8eb15 "istream, archive, db: convert db and tar function to use istream"
2020-02-21db: fix unaligned memory access in csum_hash()Timo Teräs1-1/+3
2020-02-14io: add stream copy helperTimo Teräs1-1/+1
2020-02-04remove apk_time() as it is causing problems with shared objectsTimo Teräs1-2/+2
Instead, to make sure test mode produces same output, redefine time() for the test mode binary. Reverts parts of 0b82bcc53e60.
2020-01-25document mysterious SHA-1 blob in database.cReid Rankin1-0/+2
2020-01-24db: additional clean up and hardening for apk extractionTimo Teräs1-15/+16
This enforces all scripts to be in the control block, and all data files to be in data block. Ignoring of dot files in root is added back: packages without any real files will ship one ".dummy" item in the data block to trigger processing and validation to work.
2020-01-24Harden signature verification processReid Rankin1-15/+13
This mostly boils down to making sure control_started and data_started are consistently used to gate actions, instead of relying whether on file names start with a '.'. None of the weaknesses this fixes are exploitable, but they might have become so after changes to seemingly-unrelated code, so it's good to clean them up.
2020-01-11archive: make apk_tar_parse check and close input streamTimo Teräs1-19/+7
simplifies other code quite a bit
2020-01-11convert remaining locations to use istream instead of bstreamTimo Teräs1-25/+17
2020-01-11istream, archive, db: convert db and tar function to use istreamTimo Teräs1-51/+34
2020-01-11archive: remove support for old packages without xattr checksumsTimo Teräs1-4/+9
2020-01-09database.c: drop GNU extension for fnmatchDrew DeVault1-1/+1
The non-wildcard version of the function is case-sensitive anyway.
2020-01-06io: remove unused size parameter from bstream closeTimo Teräs1-5/+5
2019-12-27db: parse tabulator as repository separator charTimo Teräs1-0/+1
Fixes #10662
2019-11-22Don't unpack files to system rootFredrik Gustafsson1-1/+5
When unpacking a file that is in root, it got a temporary file name /.apk... however if the --root option was used it should have the name root/.apk... otherwise unpacking will fail if the user does not have write access to /. Signed-off-by: Fredrik Gustafsson <fredrigu@axis.com>
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-01-02 17:49:08 +0000