summaryrefslogtreecommitdiff
path: root/src/package.c
AgeCommit message (Collapse)AuthorFilesLines
2020-10-07various changes to make clang not give warningsTimo Teräs1-1/+1
2020-05-19make the atom functions not use global stateTimo Teräs1-9/+9
This greatly helps with memory management on applications that may want to daemonize and open/close database several times. Also the lifetime and "owner" of memory for all data is now explicitly bound to owning struct apk_database, which might be helpful when writing language bindings. As side effect, the interned "atoms" are unique only within what apk_database, so comparing packages from different apk_database may not work as expected. Fixes #10697
2020-05-07use SPDX-License-Identifier in source filesTBK1-3/+1
2020-01-24Harden signature verification processReid Rankin1-14/+19
This mostly boils down to making sure control_started and data_started are consistently used to gate actions, instead of relying whether on file names start with a '.'. None of the weaknesses this fixes are exploitable, but they might have become so after changes to seemingly-unrelated code, so it's good to clean them up.
2020-01-24Improve documentation of signature verification processReid Rankin1-7/+19
2020-01-11archive: make apk_tar_parse check and close input streamTimo Teräs1-10/+4
simplifies other code quite a bit
2020-01-11convert remaining locations to use istream instead of bstreamTimo Teräs1-6/+5
2020-01-11istream, archive, db: convert db and tar function to use istreamTimo Teräs1-10/+7
2020-01-11archive: remove support for old packages without xattr checksumsTimo Teräs1-1/+1
2019-12-29del: report non-matching names and install-if rule non-deletionTimo Teräs1-18/+17
2018-10-26add support for openssl 1.1Timo Teräs1-18/+19
2018-09-10rework unpacking of packages and harden package file format requirementsTimo Teräs1-7/+4
A crafted .apk file could to trick apk writing unverified data to an unexpected file during temporary file creation due to bugs in handling long link target name and the way a regular file is extracted. Several hardening steps are implemented to avoid this: - the temporary file is now always first unlinked (apk thus reserved all filenames .apk.* to be it's working files) - the temporary file is after that created with O_EXCL to avoid races - the temporary file is no longer directly the archive entry name and thus directly controlled by potentially untrusted data - long file names and link target names are now rejected - hard link targets are now more rigorously checked - various additional checks added for the extraction process to error out early in case of malformed (or old legacy) file Reported-by: Max Justicz <max@justi.cz>
2018-07-02Invalidate id cache after script executionJussi Kukkonen1-0/+4
It's common for a pre-install script to do something like addgroup -S group 2>/dev/null When apk installs files after this, it sets the owner/group based on id cache but currently the id cache is stale and doesn't contain the new group at that point: instead the file will be installed with gid that the build host happened to have for that group -- on target this might mean a non-existing group or a completely different group. We can't know if the script really did modify id cache contents so make sure to reset the id cache on every script execution.
2017-11-02solver: implement support for choosing default virtualsWilliam Pitcock1-0/+8
By introducing a new package metadata field, `provider_priority` (index letter `k`), we can specify default packages to satisfy a virtual. If a user wishes to select an alternative provider for the virtual, a changeset swapping the default provider for the selected provider will be generated by the dependency resolver.
2017-10-04package: remove package script after use (fixes #7974)Timo Teräs1-6/+9
this is a regression introduced in commit 349c61c9 ("add support for pre and post commit hooks")
2017-06-23io: make io vtables const struct, and add accessors for themTimo Teräs1-15/+8
This reduces function pointers in heap, and unifies how the io functions are called.
2017-05-27version: add support for fuzzy version matchingWilliam Pitcock1-4/+10
This is useful for requirements such as: python3=~3.6, which would match python3-3.6.[0-9]. This implementation should in theory be backwards compatible with the implementation in Adelie.
2017-02-28package: add more secure signature methodsTimo Teräs1-20/+31
2017-02-15add support for pre and post commit hooksHenrik Riomar1-22/+2
This allows for instance integration of etckeeper [TT: Reorganized code a bit, and modified to use single directory commit_hooks.d with argument for script of stage.]
2016-08-23pkg: reset umask for package scriptsTimo Teräs1-0/+1
It is unreasonable to assume that all package writers would except to reset umask themselves. It's done currently in most packages, but we had first issue of this kind recently, so better just reset umask.
2015-12-10commit: self-conflict error and satisfies printingTimo Teräs1-6/+6
- self-conflicts when the exact same version of a name is provided twice is now properly detected and diagnozed - don't print redundant satisfies diagnostic
2015-06-12for completeness free all arrays before exitTimo Teräs1-0/+1
so valgrind does not report any leaks
2015-03-10rename file info related functions for consistencyTimo Teräs1-1/+1
2015-03-10rework error handling for read streamsTimo Teräs1-1/+3
2014-04-10package: do not report duplicate reverse dependenciesTimo Teräs1-1/+4
most notable in error report from 'del' applet
2013-09-10apk: new option --no-scriptsTimo Teräs1-2/+2
to not run any per-package scripts. useful for managing buildroot when cross-compiling.
2013-06-20solver: fix pinning+cache to workTimo Teräs1-3/+2
Mistakenly allowed masked out package to be installed if it was in cache.
2013-06-20commit, db: make file conflicts and script errors non-fatalTimo Teräs1-23/+18
fixes #1482
2013-06-18db: store repository tag names including leading @Timo Teräs1-5/+7
2013-06-18apk: use string array in applet mains, separate apk_name_foreach_matchingTimo Teräs1-6/+9
2013-06-18all: various conversions to foreach_array_item, and simplifications of codeTimo Teräs1-32/+23
2013-06-17db: refactor repository file constructionTimo Teräs1-23/+0
Fixes also 'fetch' applet to prefer copying/linking to files from cache if possible.
2013-06-15pkg: apk_pkg_foreach_* add matching generationTimo Teräs1-6/+27
So same package it is possible to not match same package multiple times. Use generation count, so this is handled cleanly during recursion, like in the use case of search applet.
2013-06-15lua: use apk_dep_analyzeTimo Teräs1-22/+0
and remove the now unused apk_dep_is_materialized_or_provided which was superceded by apk_dep_analyze.
2013-06-13solver, errors: fix few additional test cases and clean upsTimo Teräs1-8/+6
2013-06-13pkg: add global reverse dependency iterator helpers and use themTimo Teräs1-2/+57
... in the error printing and the package deletion.
2013-06-13errors: rewrite the logic how errors are reportedTimo Teräs1-0/+34
Instead of the dependency oriented logic, switch to print them for each package or name needed. Might give a bit more readable errors now. There's still few corner cases that proper error is not output, which are cought by the test cases.
2013-05-30index: add sensible error message if metadata is too longTimo Teräs1-3/+6
fixes #1476 Instead of: ERROR: Index generation failed: Success The following is now printed: ERROR: Metadata for package timo-1.0-r0 is too long. ERROR: Index generation failed: No buffer space available
2012-04-03pkg: honor --allow-untrusted when installing non-repository packagesTimo Teräs1-13/+21
fixes #1072
2012-02-29solver, test: make conflicts unconditionalTimo Teräs1-29/+22
Solver will now never report partial solution where a conflict constraint is not satisfied. The is because with --force we might install the partial solution; and if conflicted packages were to be installed we might have extra trouble.
2012-02-24all: introduce apk_provides and use it in apk_nameTimo Teräs1-11/+74
in preparation for provides support. implements also some dependency satisfaction helper routines. ref #574.
2012-02-24pkg: add field for provides as 'p'Timo Teräs1-1/+7
ref #574
2012-02-24pkg, db: use 's' for source repository tags instead of 'p'Timo Teräs1-1/+1
Will use 'p' for provides.
2012-02-23pkg: fix writing of versioned conflictsTimo Teräs1-1/+1
2012-02-21solver: implement backwards jumping and various other optimizationsTimo Teräs1-2/+11
2012-02-15solver, db: repository pinning improvementsTimo Teräs1-1/+1
* solver internally calculates now using tags; not repository masks * installeddb now contains the tag name where the package came from -> we can now handle upgrades properly * the pinning is still a preference, and not strictly enforced; versioned dependencies may overrule preference
2012-02-14db: record file uid/gid/mode in installed dbTimo Teräs1-0/+1
2012-02-08blob: optimize spn and cspnTimo Teräs1-4/+13
2012-01-31pkg, db: fix signature checking for files without control partTimo Teräs1-7/+24
Also clean up handling of signature failures for index files.
2012-01-12db: support line feed as 'world' dependency separatorTimo Teräs1-49/+39
* default writing the world with spaces if a space is found (for backwards compatibility) for now