summaryrefslogtreecommitdiff
path: root/src/package.c
AgeCommit message (Collapse)AuthorFilesLines
2021-12-14everywhere: use stdlib.h for malloc(3) definition, not GNU-specific malloc.hAriadne Conill1-1/+0
musl implements support for malloc.h, but it is only a stub. we do not use any of the GNU-specific malloc interfaces, so just use POSIX stdlib.h instead. ref #10794
2021-12-03db: convert v3 scripts to ipkg on installTimo Teräs1-7/+12
fixes #10796
2021-11-15db: lazy create directories with --initdbTimo Teräs1-1/+20
fixes #10778
2021-11-11pkg: fix reading of v3 package meta dataTimo Teräs1-1/+1
The adb object for apk_pkg_from_adb() was changed in commit 7d6de220 "database: support loading v3 indexes" which also addressed the broken site in question but omitted updating the argument. fixes #10783
2021-11-09database: support loading v3 indexesTimo Teräs1-19/+20
2021-11-09database: implement uvol supportTimo Teräs1-9/+6
by adding an abstraction layer to the file system
2021-10-27db, add: support adding v3 package filesTimo Teräs1-6/+84
2021-07-27Further refactor extract API to have separate ops vtableTimo Teräs1-21/+10
This splits the callbacks by type, and further prepares the API to be usable for v3 files too.
2021-07-27Refactor .apk extraction codeTimo Teräs1-315/+15
This moves and isolates the tar code to tar.c. And the actual file extraction to disk is moved to extract.c. A new API is introduced and used for v2 file extraction. This essentially moves and isolates the apk_sign_ctx_* beast into extract_v2.c and offers a saner interface to handling packages. A place holder is added for v3 extraction.
2021-07-26Use __attribute__ ((format)) where possible and fix issues found by itTimo Teräs1-2/+2
2021-07-22io: make apk_istream_get/read() fail on incomplete readTimo Teräs1-16/+6
2021-07-22io: formalize apk_ostream_write() always writing full dataTimo Teräs1-4/+4
2021-07-22io: rework apk_istream_get_* to not return erros in blob valueTimo Teräs1-2/+2
The interface was slightly cumbersome, so replace these functions to return explicit error, and make the return blob a pointer arg.
2021-06-19reduce misuse of error codes from errno.hTimo Teräs1-9/+9
2021-06-11add basic abstraction for cryptographic operationsTimo Teräs1-1/+7
- basic digesting and signing apis (subject still to fine tuning) - update digest code, and adb signing for the thin wrapping layer - old v1 package and database handling not updated - default mkpkg file hash to sha256 ref #10744
2020-10-09rename adb_trust to apk_trust, and use it as package signature keystore tooTimo Teräs1-19/+8
2020-10-09make apk_database optional for applets that don't need itTimo Teräs1-2/+2
The new v3 applets don't use it, and eventually all applets will use the new formats only. This prepares the code for this, and moves trust, id_cache, and root_fd to apk_ctx which is enough for v3 applets at this time. The generic code is made to not initialize apk_database if it's not needed.
2020-10-09rename apk_db_options to apk_ctx, rework loggingTimo Teräs1-13/+12
makes apk_verbosity non-global fixes #10682
2020-10-09make apk_flags non-global, make progress printing state non-globalTimo Teräs1-7/+8
ref #10682
2020-10-09adb: introduce apk-tools database format, and few appletsTimo Teräs1-3/+3
This is a flat buffers inspired format that allows fast mmaped access to the data with low overhead, signature support and relatively good forward support.
2020-10-07various changes to make clang not give warningsTimo Teräs1-1/+1
2020-05-19make the atom functions not use global stateTimo Teräs1-9/+9
This greatly helps with memory management on applications that may want to daemonize and open/close database several times. Also the lifetime and "owner" of memory for all data is now explicitly bound to owning struct apk_database, which might be helpful when writing language bindings. As side effect, the interned "atoms" are unique only within what apk_database, so comparing packages from different apk_database may not work as expected. Fixes #10697
2020-05-07use SPDX-License-Identifier in source filesTBK1-3/+1
2020-01-24Harden signature verification processReid Rankin1-14/+19
This mostly boils down to making sure control_started and data_started are consistently used to gate actions, instead of relying whether on file names start with a '.'. None of the weaknesses this fixes are exploitable, but they might have become so after changes to seemingly-unrelated code, so it's good to clean them up.
2020-01-24Improve documentation of signature verification processReid Rankin1-7/+19
2020-01-11archive: make apk_tar_parse check and close input streamTimo Teräs1-10/+4
simplifies other code quite a bit
2020-01-11convert remaining locations to use istream instead of bstreamTimo Teräs1-6/+5
2020-01-11istream, archive, db: convert db and tar function to use istreamTimo Teräs1-10/+7
2020-01-11archive: remove support for old packages without xattr checksumsTimo Teräs1-1/+1
2019-12-29del: report non-matching names and install-if rule non-deletionTimo Teräs1-18/+17
2018-10-26add support for openssl 1.1Timo Teräs1-18/+19
2018-09-10rework unpacking of packages and harden package file format requirementsTimo Teräs1-7/+4
A crafted .apk file could to trick apk writing unverified data to an unexpected file during temporary file creation due to bugs in handling long link target name and the way a regular file is extracted. Several hardening steps are implemented to avoid this: - the temporary file is now always first unlinked (apk thus reserved all filenames .apk.* to be it's working files) - the temporary file is after that created with O_EXCL to avoid races - the temporary file is no longer directly the archive entry name and thus directly controlled by potentially untrusted data - long file names and link target names are now rejected - hard link targets are now more rigorously checked - various additional checks added for the extraction process to error out early in case of malformed (or old legacy) file Reported-by: Max Justicz <max@justi.cz>
2018-07-02Invalidate id cache after script executionJussi Kukkonen1-0/+4
It's common for a pre-install script to do something like addgroup -S group 2>/dev/null When apk installs files after this, it sets the owner/group based on id cache but currently the id cache is stale and doesn't contain the new group at that point: instead the file will be installed with gid that the build host happened to have for that group -- on target this might mean a non-existing group or a completely different group. We can't know if the script really did modify id cache contents so make sure to reset the id cache on every script execution.
2017-11-02solver: implement support for choosing default virtualsWilliam Pitcock1-0/+8
By introducing a new package metadata field, `provider_priority` (index letter `k`), we can specify default packages to satisfy a virtual. If a user wishes to select an alternative provider for the virtual, a changeset swapping the default provider for the selected provider will be generated by the dependency resolver.
2017-10-04package: remove package script after use (fixes #7974)Timo Teräs1-6/+9
this is a regression introduced in commit 349c61c9 ("add support for pre and post commit hooks")
2017-06-23io: make io vtables const struct, and add accessors for themTimo Teräs1-15/+8
This reduces function pointers in heap, and unifies how the io functions are called.
2017-05-27version: add support for fuzzy version matchingWilliam Pitcock1-4/+10
This is useful for requirements such as: python3=~3.6, which would match python3-3.6.[0-9]. This implementation should in theory be backwards compatible with the implementation in Adelie.
2017-02-28package: add more secure signature methodsTimo Teräs1-20/+31
2017-02-15add support for pre and post commit hooksHenrik Riomar1-22/+2
This allows for instance integration of etckeeper [TT: Reorganized code a bit, and modified to use single directory commit_hooks.d with argument for script of stage.]
2016-08-23pkg: reset umask for package scriptsTimo Teräs1-0/+1
It is unreasonable to assume that all package writers would except to reset umask themselves. It's done currently in most packages, but we had first issue of this kind recently, so better just reset umask.
2015-12-10commit: self-conflict error and satisfies printingTimo Teräs1-6/+6
- self-conflicts when the exact same version of a name is provided twice is now properly detected and diagnozed - don't print redundant satisfies diagnostic
2015-06-12for completeness free all arrays before exitTimo Teräs1-0/+1
so valgrind does not report any leaks
2015-03-10rename file info related functions for consistencyTimo Teräs1-1/+1
2015-03-10rework error handling for read streamsTimo Teräs1-1/+3
2014-04-10package: do not report duplicate reverse dependenciesTimo Teräs1-1/+4
most notable in error report from 'del' applet
2013-09-10apk: new option --no-scriptsTimo Teräs1-2/+2
to not run any per-package scripts. useful for managing buildroot when cross-compiling.
2013-06-20solver: fix pinning+cache to workTimo Teräs1-3/+2
Mistakenly allowed masked out package to be installed if it was in cache.
2013-06-20commit, db: make file conflicts and script errors non-fatalTimo Teräs1-23/+18
fixes #1482
2013-06-18db: store repository tag names including leading @Timo Teräs1-5/+7
2013-06-18apk: use string array in applet mains, separate apk_name_foreach_matchingTimo Teräs1-6/+9