Age | Commit message (Collapse) | Author | Files | Lines |
|
A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.
Several hardening steps are implemented to avoid this:
- the temporary file is now always first unlinked (apk thus reserved
all filenames .apk.* to be it's working files)
- the temporary file is after that created with O_EXCL to avoid races
- the temporary file is no longer directly the archive entry name
and thus directly controlled by potentially untrusted data
- long file names and link target names are now rejected
- hard link targets are now more rigorously checked
- various additional checks added for the extraction process to
error out early in case of malformed (or old legacy) file
Reported-by: Max Justicz <max@justi.cz>
|
|
It's common for a pre-install script to do something like
addgroup -S group 2>/dev/null
When apk installs files after this, it sets the owner/group based on id cache
but currently the id cache is stale and doesn't contain the new group at that
point: instead the file will be installed with gid that the build host
happened to have for that group -- on target this might mean a non-existing
group or a completely different group.
We can't know if the script really did modify id cache contents so make sure
to reset the id cache on every script execution.
|
|
By introducing a new package metadata field, `provider_priority`
(index letter `k`), we can specify default packages to satisfy a
virtual.
If a user wishes to select an alternative provider for the virtual,
a changeset swapping the default provider for the selected provider
will be generated by the dependency resolver.
|
|
this is a regression introduced in commit 349c61c9
("add support for pre and post commit hooks")
|
|
This reduces function pointers in heap, and unifies how the
io functions are called.
|
|
This is useful for requirements such as: python3=~3.6, which would match python3-3.6.[0-9].
This implementation should in theory be backwards compatible with the implementation in Adelie.
|
|
|
|
This allows for instance integration of etckeeper
[TT: Reorganized code a bit, and modified to use single
directory commit_hooks.d with argument for script of stage.]
|
|
It is unreasonable to assume that all package writers would except
to reset umask themselves. It's done currently in most packages,
but we had first issue of this kind recently, so better just reset
umask.
|
|
- self-conflicts when the exact same version of a name is provided
twice is now properly detected and diagnozed
- don't print redundant satisfies diagnostic
|
|
so valgrind does not report any leaks
|
|
|
|
|
|
most notable in error report from 'del' applet
|
|
to not run any per-package scripts. useful for managing buildroot
when cross-compiling.
|
|
Mistakenly allowed masked out package to be installed if it was
in cache.
|
|
fixes #1482
|
|
|
|
|
|
|
|
Fixes also 'fetch' applet to prefer copying/linking to files from
cache if possible.
|
|
So same package it is possible to not match same package multiple
times. Use generation count, so this is handled cleanly during
recursion, like in the use case of search applet.
|
|
and remove the now unused apk_dep_is_materialized_or_provided
which was superceded by apk_dep_analyze.
|
|
|
|
... in the error printing and the package deletion.
|
|
Instead of the dependency oriented logic, switch to print them
for each package or name needed. Might give a bit more readable
errors now. There's still few corner cases that proper error is
not output, which are cought by the test cases.
|
|
fixes #1476
Instead of:
ERROR: Index generation failed: Success
The following is now printed:
ERROR: Metadata for package timo-1.0-r0 is too long.
ERROR: Index generation failed: No buffer space available
|
|
fixes #1072
|
|
Solver will now never report partial solution where a conflict
constraint is not satisfied. The is because with --force we might
install the partial solution; and if conflicted packages were to
be installed we might have extra trouble.
|
|
in preparation for provides support. implements also some
dependency satisfaction helper routines.
ref #574.
|
|
ref #574
|
|
Will use 'p' for provides.
|
|
|
|
|
|
* solver internally calculates now using tags; not repository masks
* installeddb now contains the tag name where the package came from
-> we can now handle upgrades properly
* the pinning is still a preference, and not strictly enforced;
versioned dependencies may overrule preference
|
|
|
|
|
|
Also clean up handling of signature failures for index files.
|
|
* default writing the world with spaces if a space is found
(for backwards compatibility) for now
|
|
It is really name(@tag)(>=version).
|
|
|
|
Improves /etc/apk/repositories format so you can say:
http://nl.alpinelinux.org/alpine/v2.3/main
@edge http://nl.alpinelinux.org/alpine/edge/main
@testing http://nl.alpinelinux.org/alpine/edge/testing
After which you can pin dependencies to these tags using:
apk add stableapp newapp@edge bleedingapp@testing
Apk will now by default only use the untagged repositories,
but adding a tag to specific dependency:
1. will prefer that tag for the name
2. allowing pulling in dependencies from that tag (though,
it prefers untagged packages to satisfy deps if possible)
fixes #575
|
|
One can now say in dependency "!foo<2" which means, that if foo is
installed, it needs to be >=2, but it's not a required dependency.
|
|
If two packages replace each other, the one with highes priority
will keep the file. Additionally, if we have a package overriding
another's file it's remembered and handled properly. This is
essentially to allow "policy packages" which just overwrite certain
(configuration) files from other package(s).
|
|
"replaces" is now turned to a full dependency type list, so you can
make package overwrite files only certain versions of the package
(though, we should probably take this into account already at solution
calculation phase).
Also make 'info --replaces' print the "replaces" of the package.
This is in preparation for the policy package support, which still
requires "replacement priority" field to decide which packages' files
get the preference.
|
|
the solver requires this.
|
|
|
|
Make a loud warning if the script returns failure, but do not
abort installation sequence because of that.
|
|
still todo:
- 'fix' is missing
- 'del -R' does not work
- 'upgrade' does not do self-upgrade first
... and a lot of testing.
|
|
Make indexer keep noise about errors that prevent index generation.
Detect certain errors in the APKs better. And also have the applet
return error in these scenarios.
|