summaryrefslogtreecommitdiff
path: root/src/io.c
AgeCommit message (Collapse)AuthorFilesLines
2023-02-16io: reset idcache for new passwd/group (and have a root fallback)Daniel Kolesa1-4/+12
In order to address the problem with early file ownership (before passwd/group exists), do a few changes here: 1) For root-owned things, always fall back to fixed values, as those are the ones we always know and cannot change. Since the earliest packages only have root-owned files, this fixes the problem for those. 2) During file migration, if we encounter passwd/group and this is a newly committed file, reset the idcache, similarly to how it is done for scripts. This allows the next package to reload the mappings. Since those two files are usually installed as a part of the first package, the second package onwards should have a valid, complete mapping (reset only by scripts).
2022-12-21io: fix fdo_write direct write path return value and index writingTimo Teräs1-4/+3
fixes commit 395e92b6 "io: formalize apk_ostream_write() always writing full data"
2022-04-05io: move make_dirs as apk_make_dirs and use itTimo Teräs1-0/+15
2021-12-29io: use opendirectory for UID/GID lookups on macOSAriadne Conill1-2/+8
macOS has no concept of a chroot-specific UID/GID database, as the database is actually LDAP. ref #10794
2021-12-29abstract differences between GNU and Apple xattr functionsAriadne Conill1-3/+3
2021-12-29use fstatat, not fstatat64Ariadne Conill1-2/+2
the stat64 family of functions were provided as transitional functions, but when building on glibc with _GNU_SOURCE, or any other supported system, the stat functions are equivalent to their stat64 counterparts
2021-12-27io: fix tee error handling pathTimo Teräs1-3/+6
Make sure the from is not dereferenced/used on error path, and cancel the ostream. fixes #10800
2021-12-20io.c: add missing limits.hPaul Spooren1-0/+1
Fixes compilation on MacOS X
2021-12-14everywhere: use stdlib.h for malloc(3) definition, not GNU-specific malloc.hAriadne Conill1-1/+0
musl implements support for malloc.h, but it is only a stub. we do not use any of the GNU-specific malloc interfaces, so just use POSIX stdlib.h instead. ref #10794
2021-11-09database: implement uvol supportTimo Teräs1-4/+10
by adding an abstraction layer to the file system
2021-08-23remove IS_ERR_OR_NULLTimo Teräs1-4/+4
In most places where pointer can be an 'error' it cannot be null pointer. Further, in those cases just calling PTR_ERR() is not enough to handle the null case. Simplify code by removing this case. If NULL case needs to be handled, it's better to add separate check and return fixed error code in that case.
2021-07-30extract: use extraction api, and implement it for v3 packagesTimo Teräs1-0/+55
The extract applet now works with both v2 and v3 packages.
2021-07-26adb: fix some error handling pathsTimo Teräs1-1/+1
2021-07-23db: allow read-only operations without cacheTimo Teräs1-0/+15
fixes #10748
2021-07-22io: make apk_istream_get/read() fail on incomplete readTimo Teräs1-33/+27
2021-07-22io: formalize apk_ostream_write() always writing full dataTimo Teräs1-27/+18
2021-07-22rework apk_istream_splice and apk_istream_teeTimo Teräs1-104/+54
- apk_istream_splice usage is converted to apk_stream_copy which is the newer variant. With caching enabled by default, this makes more sense mmapping or using separate buffers. - apk_istream_tee is reworked to write to apk_ostream, which simplifies quite a bit of various things
2021-07-22io: rework apk_istream_get_* to not return erros in blob valueTimo Teräs1-16/+18
The interface was slightly cumbersome, so replace these functions to return explicit error, and make the return blob a pointer arg.
2021-07-22adb: unify various interfaces to adb_m_processTimo Teräs1-8/+45
Removes code duplication, and puts important checks in one place. Support seamless decompression in adbdump.
2021-07-22adb: support seamless de/compression of adb filesTimo Teräs1-2/+8
Add compression header of adb files. Support uncompressed and deflate compression at this time.
2021-06-23mkpkg, extract: implement support for symlinks, devices and fifosTimo Teräs1-1/+1
2021-06-21print: handle write() errors in apk_print_progress()Timo Teräs1-18/+18
2021-06-19reduce misuse of error codes from errno.hTimo Teräs1-3/+3
2021-06-11extract: new applet to extract v2 packagesTimo Teräs1-16/+11
2021-06-11add basic abstraction for cryptographic operationsTimo Teräs1-42/+29
- basic digesting and signing apis (subject still to fine tuning) - update digest code, and adb signing for the thin wrapping layer - old v1 package and database handling not updated - default mkpkg file hash to sha256 ref #10744
2021-06-11mkpkg: new applet to create v2 packages with basic functionalityTimo Teräs1-90/+112
2021-04-12io_archive: add bounds limit for uname and gname tar header fieldsTimo Teräs1-6/+6
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so proper length checking is done and honored. ==31584== Conditional jump or move depends on uninitialised value(s) ==31584== at 0x5C8CA5: strlen (strlen.c:17) ==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79) ==31584== by 0x4350EB: apk_resolve_uid (io.c:1112) ==31584== by 0x43696C: apk_tar_parse (io_archive.c:152) ==31584== by 0x4271BC: apk_pkg_read (package.c:929) ==31584== by 0x402D75: add_main (app_add.c:163) ==31584== by 0x40D5FF: main (apk-static.c:516) Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139. Reported-by: Sören Tempel <soeren+git@soeren-tempel.net> Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
2021-04-11io: fix fd leak in error handling pathsTimo Teräs1-5/+20
apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in case fdopen/fdopendir fails. Additionally this does not rely on fdopen to fail if openat() returned -1, making sure that we don't call any syscalls with invalid file handle.
2021-02-04io: Handle really long linesOlliver Schinagl1-1/+1
While commit 18b0b45 (io: Handle long lines, Thu Jan 7 17:25:23 2021 +0100) did attempt to address this issue, the buffer really is still to small when dealing with big-big dependency lists. Lets make it sufficiently large for now, until the new APKINDEX format can support multi-line dependencies, making this not needed any more. [TT: Originally the buffer size was conservative to run on resource constrained embedded platforms. But since the available memory on those has also increased much, the adjustment to 128kB makes sense also to increase performance a little bit. Removing also the iolimit test.] Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2021-01-11io: Handle long linesthibault.ferrante1-1/+1
As an APKINDEX can become arbitrarely long due to dependencies and other parameters, increasing the buffer size make this less likely to happens. Closes #10731.
2021-01-11database: Propagate errors when loading an APKINDEXthibault.ferrante1-5/+13
In case of failure when loading an APKINDEX, no errors are propagated to the user which may uncorrectly interpret the current problem.
2020-10-09make apk_database optional for applets that don't need itTimo Teräs1-4/+4
The new v3 applets don't use it, and eventually all applets will use the new formats only. This prepares the code for this, and moves trust, id_cache, and root_fd to apk_ctx which is enough for v3 applets at this time. The generic code is made to not initialize apk_database if it's not needed.
2020-10-09io: make ostream_file always use tmpnameTimo Teräs1-19/+22
2020-10-09adb: introduce apk-tools database format, and few appletsTimo Teräs1-5/+4
This is a flat buffers inspired format that allows fast mmaped access to the data with low overhead, signature support and relatively good forward support.
2020-05-19make the atom functions not use global stateTimo Teräs1-7/+4
This greatly helps with memory management on applications that may want to daemonize and open/close database several times. Also the lifetime and "owner" of memory for all data is now explicitly bound to owning struct apk_database, which might be helpful when writing language bindings. As side effect, the interned "atoms" are unique only within what apk_database, so comparing packages from different apk_database may not work as expected. Fixes #10697
2020-05-07use SPDX-License-Identifier in source filesTBK1-3/+1
2020-02-14io: add stream copy helperTimo Teräs1-4/+30
2020-01-25don't ignore md parameter to apk_fileinfo_hash_xattr_array()Reid Rankin1-1/+1
2020-01-11io: use min() instead of MIN()Timo Teräs1-5/+4
2020-01-11io: convert bstream mmap to istream, remove the now obsolete bstream machineryTimo Teräs1-197/+65
2020-01-11convert remaining locations to use istream instead of bstreamTimo Teräs1-87/+110
2020-01-11istream, archive, db: convert db and tar function to use istreamTimo Teräs1-7/+157
2020-01-11istream: add buffering capabilityTimo Teräs1-33/+47
Convert all implementations to do buffering. This is in preparation to remove bstream interface as redundant. istream_read() will return full reads unless end-of-file. The backends can return short reads to optimize buffering or due to other reasons like boundary change for gz.
2020-01-06io: remove the now unused pid association with istreamTimo Teräs1-21/+6
2020-01-06io: remove unused size parameter from bstream closeTimo Teräs1-32/+22
2019-12-18io: use proper base struct types for method implementationsTimo Teräs1-50/+33
2018-10-30fix xattr hash to be sha1Timo Teräs1-1/+1
The hash type was accidentally changed in previous commit. Currently csum->data cannot hold longer hash, so fix the hash.
2018-10-26add support for openssl 1.1Timo Teräs1-19/+26
2018-01-04enable automatic update of indexes controlled by --cache-max-ageTimo Teräs1-5/+7
This modifies apk cache for indexes to be automatically refreshed periodically without explicit 'update' or '--update-cache' usage. The default is to do if-modified-since request if the local copy is older than 4 hours. This age can be changed with --cache-max-age. Using --update-cache will change this age to 60 seconds to make sure the cached copy is relatively new. The small age is in order to try to avoid downloading indexes second time when apk-tools is upgraded and apk re-execs after self-upgrade. Accordingly using explicitly 'apk update' will now enforce --force-refresh and request the very latest index by requesting any potential http proxy to do refresh too.
2017-10-12io: fix skip and splice to detect unexpected end-of-fileTimo Teräs1-28/+19