From ba3ee3f86396f05123f732da7c7879c8ed016c9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Thu, 23 Feb 2012 15:05:06 +0200 Subject: [PATCH] audit, db: add etc/apk/protected_files.d and new audit features fixes #607. audit is now mostly rewritten for the new functionality. And has new features like --check-permissions, --recursive and --packages. $ROOT/etc/apk/protected_files.d/*.list can now contain additional protected paths, one path per line: +etc @etc/init.d -tmp + will include the directory as protected configuration directory. @ considers the directory protected, but will backup only symlinks. - removes any protection lbu should be modified to put include and exclude paths in etc/apk/protected_files.d/lbu.list. Additionally, some packages might provide their own listings. E.g. ssh might want to provide ssh.list with something like: +root/.ssh +home/*/.ssh --- src/apk_database.h | 29 +++-- src/audit.c | 298 ++++++++++++++++++++++++++------------------- src/database.c | 171 +++++++++++++++++++------- src/fix.c | 2 +- src/io.c | 7 +- 5 files changed, 321 insertions(+), 186 deletions(-) diff --git a/src/apk_database.h b/src/apk_database.h index 177f18f..c9e1634 100644 --- a/src/apk_database.h +++ b/src/apk_database.h @@ -38,22 +38,32 @@ struct apk_db_file { char name[]; }; -#define APK_DBDIRF_PROTECTED 0x01 -#define APK_DBDIRF_SYMLINKS_ONLY 0x02 -#define APK_DBDIRF_MODIFIED 0x04 -#define APK_DBDIRF_RECALC_MODE 0x08 +struct apk_protected_path { + char *relative_pattern; + unsigned protected : 1; + unsigned symlinks_only : 1; +}; +APK_ARRAY(apk_protected_path_array, struct apk_protected_path); struct apk_db_dir { apk_hash_node hash_node; unsigned long hash; + struct apk_db_dir *parent; + struct apk_protected_path_array *protected_paths; mode_t mode; uid_t uid; gid_t gid; unsigned short refs; unsigned short namelen; - unsigned char flags; + + unsigned protected : 1; + unsigned symlinks_only : 1; + unsigned has_protected_children : 1; + unsigned modified : 1; + unsigned recalc_mode : 1; + char rooted_name[1]; char name[]; }; @@ -125,7 +135,7 @@ struct apk_database { int compat_old_world : 1; struct apk_dependency_array *world; - struct apk_string_array *protected_paths; + struct apk_protected_path_array *protected_paths; struct apk_repository repos[APK_MAX_REPOS]; struct apk_repository_tag repo_tags[APK_MAX_TAGS]; struct apk_id_cache id_cache; @@ -158,11 +168,10 @@ struct apk_name *apk_db_get_name(struct apk_database *db, apk_blob_t name); struct apk_name *apk_db_query_name(struct apk_database *db, apk_blob_t name); int apk_db_get_tag_id(struct apk_database *db, apk_blob_t tag); -struct apk_db_dir *apk_db_dir_query(struct apk_database *db, - apk_blob_t name); +struct apk_db_dir *apk_db_dir_get(struct apk_database *db, apk_blob_t name); +struct apk_db_dir *apk_db_dir_query(struct apk_database *db, apk_blob_t name); struct apk_db_file *apk_db_file_query(struct apk_database *db, - apk_blob_t dir, - apk_blob_t name); + apk_blob_t dir, apk_blob_t name); #define APK_OPENF_READ 0x0001 #define APK_OPENF_WRITE 0x0002 diff --git a/src/audit.c b/src/audit.c index b1fbef5..071ff4d 100644 --- a/src/audit.c +++ b/src/audit.c @@ -17,28 +17,69 @@ #include #include "apk_applet.h" #include "apk_database.h" +#include "apk_print.h" + +enum { + MODE_BACKUP = 0, + MODE_SYSTEM +}; struct audit_ctx { - unsigned int open_flags; - int check_permissions : 1; - int (*audit)(struct audit_ctx *actx, struct apk_database *db); + unsigned mode : 1; + unsigned recursive : 1; + unsigned check_permissions : 1; + unsigned packages_only : 1; +}; + +static int audit_parse(void *ctx, struct apk_db_options *dbopts, + int optch, int optindex, const char *optarg) +{ + struct audit_ctx *actx = (struct audit_ctx *) ctx; + + switch (optch) { + case 0x10000: + actx->mode = MODE_BACKUP; + break; + case 0x10001: + actx->mode = MODE_SYSTEM; + break; + case 0x10002: + actx->check_permissions = 1; + break; + case 0x10003: + actx->packages_only = 1; + break; + case 'r': + actx->recursive = 1; + break; + default: + return -1; + } + return 0; +} + +struct audit_tree_ctx { + struct audit_ctx *actx; + struct apk_database *db; + size_t pathlen; + char path[PATH_MAX]; }; static int audit_file(struct audit_ctx *actx, struct apk_database *db, struct apk_db_file *dbf, - const char *name) + int dirfd, const char *name) { struct apk_file_info fi; if (dbf == NULL) return 'A'; - if (apk_file_get_info(db->root_fd, name, APK_FI_NOFOLLOW | dbf->csum.type, &fi) != 0) - return 0; + if (apk_file_get_info(dirfd, name, APK_FI_NOFOLLOW | dbf->csum.type, &fi) != 0) + return -EPERM; if (dbf->csum.type != APK_CHECKSUM_NONE && - apk_checksum_compare(&fi.csum, &dbf->csum) == 0) + apk_checksum_compare(&fi.csum, &dbf->csum) != 0) return 'U'; if (S_ISLNK(fi.mode) && dbf->csum.type == APK_CHECKSUM_NONE) @@ -74,160 +115,163 @@ static int audit_directory(struct audit_ctx *actx, return 0; } -struct audit_tree_ctx { - struct audit_ctx *actx; - struct apk_database *db; -}; +static void report_audit(struct audit_ctx *actx, + char reason, apk_blob_t bfull, struct apk_package *pkg) +{ + if (!reason) + return; -static int audit_directory_tree(apk_hash_item item, void *ctx) + if (actx->packages_only) { + if (pkg == NULL || pkg->state_int != 0) + return; + pkg->state_int = 1; + if (apk_verbosity < 1) + printf("%s\n", pkg->name->name); + else + printf(PKG_VER_FMT "\n", PKG_VER_PRINTF(pkg)); + } else if (apk_verbosity < 1) { + printf(BLOB_FMT "\n", BLOB_PRINTF(bfull)); + } else + printf("%c " BLOB_FMT "\n", reason, BLOB_PRINTF(bfull)); +} + +static int audit_directory_tree_item(void *ctx, int dirfd, const char *name) { struct audit_tree_ctx *atctx = (struct audit_tree_ctx *) ctx; + apk_blob_t bdir = APK_BLOB_PTR_LEN(atctx->path, atctx->pathlen); + apk_blob_t bent = APK_BLOB_STR(name); + apk_blob_t bfull; struct audit_ctx *actx = atctx->actx; struct apk_database *db = atctx->db; - struct apk_db_dir *dbd = (struct apk_db_dir *) item; + struct apk_db_dir *dbd; struct apk_file_info fi; - struct dirent *de; - apk_blob_t bdir = APK_BLOB_PTR_LEN(dbd->name, dbd->namelen); - char tmp[PATH_MAX], reason; - DIR *dir; + int reason = 0; - if (!(dbd->flags & APK_DBDIRF_PROTECTED)) - return 0; + if (bdir.len + bent.len + 1 >= sizeof(atctx->path)) + return -ENOMEM; - dir = fdopendir(openat(db->root_fd, dbd->name, O_RDONLY | O_CLOEXEC)); - if (dir == NULL) - return 0; + dbd = apk_db_dir_get(db, bdir); + if (dbd == NULL) + return -ENOMEM; - while ((de = readdir(dir)) != NULL) { - if (strcmp(de->d_name, ".") == 0 || - strcmp(de->d_name, "..") == 0) - continue; + if (apk_file_get_info(dirfd, name, APK_FI_NOFOLLOW, &fi) < 0) + return -EPERM; - snprintf(tmp, sizeof(tmp), "%s/%s", dbd->name, de->d_name); + memcpy(&atctx->path[atctx->pathlen], bent.ptr, bent.len); + atctx->pathlen += bent.len; + bfull = APK_BLOB_PTR_LEN(atctx->path, atctx->pathlen); - if (apk_file_get_info(db->root_fd, tmp, APK_FI_NOFOLLOW, &fi) < 0) - continue; + if (S_ISDIR(fi.mode)) { + struct apk_db_dir *child; + int recurse = TRUE; - if ((dbd->flags & APK_DBDIRF_SYMLINKS_ONLY) && - !S_ISLNK(fi.mode)) - continue; - - if (S_ISDIR(fi.mode)) { - struct apk_db_dir *dbd; - dbd = apk_db_dir_query(db, APK_BLOB_STR(tmp)); - reason = audit_directory(actx, db, dbd, &fi); + child = apk_db_dir_query(db, bfull); + if (actx->mode == MODE_BACKUP) { + if (!dbd->has_protected_children) + recurse = FALSE; + if (!dbd->protected) + goto recurse_check; } else { - struct apk_db_file *dbf; - dbf = apk_db_file_query(db, bdir, APK_BLOB_STR(de->d_name)); - reason = audit_file(actx, db, dbf, tmp); + if (child == NULL) + recurse = FALSE; } - if (reason) { - if (apk_verbosity < 1) - printf("%s\n", tmp); - else - printf("%c %s\n", reason, tmp); + reason = audit_directory(actx, db, child, &fi); + if (reason < 0) + goto done; + if (reason == 'D') { + if (actx->mode == MODE_SYSTEM) + goto done; + if (!actx->recursive) + recurse = FALSE; } - } - closedir(dir); - return 0; -} - -static int audit_backup(struct audit_ctx *actx, struct apk_database *db) -{ - struct audit_tree_ctx atctx = { - .actx = actx, - .db = db, - }; - return apk_hash_foreach(&db->installed.dirs, audit_directory_tree, &atctx); -} - -static int audit_system(struct audit_ctx *actx, struct apk_database *db) -{ - struct apk_installed_package *ipkg; - struct apk_package *pkg; - struct apk_db_dir_instance *diri; - struct apk_db_file *file; - struct hlist_node *dn, *fn; - char name[PATH_MAX]; - int done; - - list_for_each_entry(ipkg, &db->installed.packages, installed_pkgs_list) { - pkg = ipkg->pkg; - hlist_for_each_entry(diri, dn, &ipkg->owned_dirs, pkg_dirs_list) { - if (diri->dir->flags & APK_DBDIRF_PROTECTED) - continue; - - done = 0; - hlist_for_each_entry(file, fn, &diri->owned_files, - diri_files_list) { - - snprintf(name, sizeof(name), "%s/%s", - diri->dir->name, file->name); - - if (audit_file(actx, db, file, name) == 0) - continue; - - if (apk_verbosity < 1) { - printf("%s\n", pkg->name->name); - done = 1; - break; - } - - printf("M %s\n", name); - } - if (done) - break; +recurse_check: + atctx->path[atctx->pathlen++] = '/'; + bfull.len++; + report_audit(actx, reason, bfull, NULL); + if (recurse) { + reason = apk_dir_foreach_file( + openat(dirfd, name, O_RDONLY|O_CLOEXEC), + audit_directory_tree_item, atctx); } + bfull.len--; + atctx->pathlen--; + } else { + struct apk_db_file *dbf; + + if (actx->mode == MODE_BACKUP) { + if (!dbd->protected) + goto done; + if (dbd->symlinks_only && !S_ISLNK(fi.mode)) + goto done; + } else { + if (dbd->protected) + goto done; + } + + dbf = apk_db_file_query(db, bdir, bent); + reason = audit_file(actx, db, dbf, dirfd, name); + if (reason < 0) + goto done; + if (reason == 'A' && actx->mode == MODE_SYSTEM) + goto done; + report_audit(actx, reason, bfull, dbf ? dbf->diri->pkg : NULL); } - return 0; -} - -static int audit_parse(void *ctx, struct apk_db_options *dbopts, - int optch, int optindex, const char *optarg) -{ - struct audit_ctx *actx = (struct audit_ctx *) ctx; - - switch (optch) { - case 0x10000: - actx->audit = audit_backup; - break; - case 0x10001: - actx->audit = audit_system; - break; - case 0x10002: - actx->check_permissions = 1; - break; - default: - return -1; - } - return 0; +done: + atctx->pathlen -= bent.len; + return reason < 0 ? reason : 0; } static int audit_main(void *ctx, struct apk_database *db, int argc, char **argv) { - struct audit_ctx *actx = (struct audit_ctx *) ctx; + struct audit_tree_ctx atctx; + int i, r = 0; - if (actx->audit == NULL) - return -EINVAL; + atctx.db = db; + atctx.actx = (struct audit_ctx *) ctx; + atctx.pathlen = 0; + atctx.path[0] = 0; - return actx->audit(actx, db); + if (argc == 0) { + r = apk_dir_foreach_file(dup(db->root_fd), audit_directory_tree_item, &atctx); + } else { + for (i = 0; i < argc; i++) { + if (argv[i][0] != '/') { + apk_warning("%s: relative path skipped.\n", + argv[i]); + continue; + } + argv[i]++; + atctx.pathlen = strlen(argv[i]); + memcpy(atctx.path, argv[i], atctx.pathlen); + if (atctx.path[atctx.pathlen-1] != '/') + atctx.path[atctx.pathlen++] = '/'; + + r |= apk_dir_foreach_file( + openat(db->root_fd, argv[i], O_RDONLY|O_CLOEXEC), + audit_directory_tree_item, &atctx); + } + } + return r; } static struct apk_option audit_options[] = { - { 0x10000, "backup", - "List all modified configuration files that need to be backed up" }, - { 0x10001, "system", "Verify checksums of all installed files " - "(-q to print only modfied packages)" }, + { 0x10000, "backup", "List all modified configuration files (in " + "protected_paths.d) that need to be backed up" }, + { 0x10001, "system", "Verify checksums of all installed non-configuration files " }, { 0x10002, "check-permissions", "Check file and directory uid/gid/mode too" }, + { 'r', "recursive", "List individually all entries in new directories" }, + { 0x10003, "packages", "List only the changed packages (or names only with -q)" }, }; static struct apk_applet apk_audit = { .name = "audit", - .help = "Audit the filesystem for changes compared to installed " - "database.", + .help = "Audit the directories (defaults to all) for changes " + "compared to installed database. Use -q to list only " + "package names instead of files.", + .arguments = "[directory to audit]...", .open_flags = APK_OPENF_READ|APK_OPENF_NO_SCRIPTS|APK_OPENF_NO_REPOS, .context_size = sizeof(struct audit_ctx), .num_options = ARRAY_SIZE(audit_options), diff --git a/src/database.c b/src/database.c index 9da4815..da3dcb9 100644 --- a/src/database.c +++ b/src/database.c @@ -245,7 +245,7 @@ static void apk_db_dir_unref(struct apk_database *db, struct apk_db_dir *dir, dir->refs--; if (dir->refs > 0) { if (allow_rmdir) { - dir->flags |= APK_DBDIRF_RECALC_MODE; + dir->recalc_mode = 1; dir->mode = 0; dir->uid = (uid_t) -1; dir->gid = (gid_t) -1; @@ -258,13 +258,13 @@ static void apk_db_dir_unref(struct apk_database *db, struct apk_db_dir *dir, if (allow_rmdir) { /* The final instance of this directory was removed, * so this directory gets deleted in reality too. */ - dir->flags &= ~APK_DBDIRF_RECALC_MODE; + dir->recalc_mode = 0; dir->mode = 0; dir->uid = (uid_t) -1; dir->gid = (gid_t) -1; unlinkat(db->root_fd, dir->name, AT_REMOVEDIR); - } else if (dir->flags & APK_DBDIRF_RECALC_MODE) { + } else if (dir->recalc_mode) { /* Directory permissions need a reset. */ apk_db_dir_mkdir(db, dir); } @@ -285,12 +285,13 @@ struct apk_db_dir *apk_db_dir_query(struct apk_database *db, return (struct apk_db_dir *) apk_hash_get(&db->installed.dirs, name); } -static struct apk_db_dir *apk_db_dir_get(struct apk_database *db, - apk_blob_t name) +struct apk_db_dir *apk_db_dir_get(struct apk_database *db, apk_blob_t name) { struct apk_db_dir *dir; + struct apk_protected_path_array *ppaths; apk_blob_t bparent; unsigned long hash = apk_hash_from_key(&db->installed.dirs, name); + char *relative_name; int i; if (name.len && name.ptr[name.len-1] == '/') @@ -311,38 +312,54 @@ static struct apk_db_dir *apk_db_dir_get(struct apk_database *db, dir->name[name.len] = 0; dir->namelen = name.len; dir->hash = hash; + apk_protected_path_array_init(&dir->protected_paths); apk_hash_insert_hashed(&db->installed.dirs, dir, hash); - if (name.len == 0) + if (name.len == 0) { dir->parent = NULL; - else if (apk_blob_rsplit(name, '/', &bparent, NULL)) + dir->has_protected_children = 1; + ppaths = NULL; + } else if (apk_blob_rsplit(name, '/', &bparent, NULL)) { dir->parent = apk_db_dir_get(db, bparent); - else + dir->protected = dir->parent->protected; + dir->has_protected_children = dir->protected; + dir->symlinks_only = dir->parent->symlinks_only; + ppaths = dir->parent->protected_paths; + } else { dir->parent = apk_db_dir_get(db, APK_BLOB_NULL); + ppaths = db->protected_paths; + } - if (dir->parent != NULL) - dir->flags = dir->parent->flags; + if (ppaths == NULL) + return dir; - for (i = 0; i < db->protected_paths->num; i++) { - int flags = dir->flags, j; + relative_name = strrchr(dir->rooted_name, '/') + 1; + for (i = 0; i < ppaths->num; i++) { + struct apk_protected_path *ppath = &ppaths->item[i]; + char *slash; - flags |= APK_DBDIRF_PROTECTED; - for (j = 0; ; j++) { - switch (db->protected_paths->item[i][j]) { - case '-': - flags &= ~(APK_DBDIRF_PROTECTED | - APK_DBDIRF_SYMLINKS_ONLY); - continue; - case '*': - flags |= APK_DBDIRF_SYMLINKS_ONLY | - APK_DBDIRF_PROTECTED; + slash = strchr(ppath->relative_pattern, '/'); + if (slash != NULL) { + *slash = 0; + if (fnmatch(ppath->relative_pattern, relative_name, FNM_PATHNAME) != 0) { + *slash = '/'; continue; } - break; - } + *slash = '/'; - if (strcmp(&db->protected_paths->item[i][j], dir->name) == 0) - dir->flags = flags; + *apk_protected_path_array_add(&dir->protected_paths) = (struct apk_protected_path) { + .relative_pattern = slash + 1, + .protected = ppath->protected, + .symlinks_only = ppath->symlinks_only, + }; + dir->has_protected_children |= ppath->protected; + } else { + if (fnmatch(ppath->relative_pattern, relative_name, FNM_PATHNAME) != 0) + continue; + + dir->protected = ppath->protected; + dir->symlinks_only = ppath->symlinks_only; + } } return dir; @@ -393,8 +410,8 @@ static void apk_db_diri_free(struct apk_database *db, struct apk_db_dir_instance *diri, int allow_rmdir) { - if ((allow_rmdir == APK_DISALLOW_RMDIR) && - (diri->dir->flags & APK_DBDIRF_RECALC_MODE)) + if (allow_rmdir == APK_DISALLOW_RMDIR && + diri->dir->recalc_mode) apk_db_dir_apply_diri_permissions(diri); apk_db_dir_unref(db, diri->dir, allow_rmdir); @@ -407,6 +424,9 @@ struct apk_db_file *apk_db_file_query(struct apk_database *db, { struct apk_db_file_hash_key key; + if (dir.len && dir.ptr[dir.len-1] == '/') + dir.len--; + key = (struct apk_db_file_hash_key) { .dirname = dir, .filename = name, @@ -1120,8 +1140,67 @@ int apk_db_index_write(struct apk_database *db, struct apk_ostream *os) static int add_protected_path(void *ctx, apk_blob_t blob) { struct apk_database *db = (struct apk_database *) ctx; + int protected = 0, symlinks_only = 0; + + /* skip empty lines and comments */ + if (blob.len == 0) + return 0; + + switch (blob.ptr[0]) { + case '#': + return 0; + case '-': + blob.ptr++; + blob.len--; + break; + case '@': + protected = 1; + symlinks_only = 1; + blob.ptr++; + blob.len--; + break; + case '+': + protected = 1; + blob.ptr++; + blob.len--; + break; + default: + protected = 1; + break; + } + + *apk_protected_path_array_add(&db->protected_paths) = (struct apk_protected_path) { + .relative_pattern = apk_blob_cstr(blob), + .protected = protected, + .symlinks_only = symlinks_only, + }; + + return 0; +} + +static int file_ends_with_dot_list(const char *file) +{ + const char *ext = strrchr(file, '.'); + if (ext == NULL || strcmp(ext, ".list") != 0) + return FALSE; + return TRUE; +} + +static int add_protected_paths_from_file(void *ctx, int dirfd, const char *file) +{ + struct apk_database *db = (struct apk_database *) ctx; + apk_blob_t blob; + + if (!file_ends_with_dot_list(file)) + return 0; + + blob = apk_blob_from_file(dirfd, file); + if (APK_BLOB_IS_NULL(blob)) + return 0; + + apk_blob_for_each_segment(blob, "\n", add_protected_path, db); + free(blob.ptr); - *apk_string_array_add(&db->protected_paths) = apk_blob_cstr(blob); return 0; } @@ -1238,10 +1317,8 @@ static int add_repos_from_file(void *ctx, int dirfd, const char *file) apk_blob_t blob; if (dirfd != db->root_fd) { - /* if loading from repositories.d, - * the name must end in .list */ - const char *ext = strrchr(file, '.'); - if (ext == NULL || strcmp(ext, ".list") != 0) + /* loading from repositories.d; check extension */ + if (!file_ends_with_dot_list(file)) return 0; } @@ -1282,7 +1359,7 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts) list_init(&db->installed.packages); list_init(&db->installed.triggers); apk_dependency_array_init(&db->world); - apk_string_array_init(&db->protected_paths); + apk_protected_path_array_init(&db->protected_paths); db->permanent = 1; /* Get first repository tag (the NULL tag) */ @@ -1348,8 +1425,11 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts) } } - blob = APK_BLOB_STR("etc:*etc/init.d"); - apk_blob_for_each_segment(blob, ":", add_protected_path, db); + blob = APK_BLOB_STR("+etc\n" "@etc/init.d\n"); + apk_blob_for_each_segment(blob, "\n", add_protected_path, db); + + apk_dir_foreach_file(openat(db->root_fd, "etc/apk/protected_paths.d", O_RDONLY | O_CLOEXEC), + add_protected_paths_from_file, db); /* figure out where to have the cache */ fd = openat(db->root_fd, apk_linked_cache_dir, O_RDONLY | O_CLOEXEC); @@ -1546,9 +1626,10 @@ void apk_db_close(struct apk_database *db) free(db->repos[i].description.ptr); } for (i = 0; i < db->protected_paths->num; i++) - free(db->protected_paths->item[i]); + free(db->protected_paths->item[i].relative_pattern); + apk_protected_path_array_free(&db->protected_paths); + apk_dependency_array_free(&db->world); - apk_string_array_free(&db->protected_paths); apk_hash_free(&db->available.packages); apk_hash_free(&db->available.names); @@ -1602,8 +1683,7 @@ static int fire_triggers(apk_hash_item item, void *ctx) int i; list_for_each_entry(ipkg, &db->installed.triggers, trigger_pkgs_list) { - if ((!ipkg->run_all_triggers) && - ((dbd->flags & APK_DBDIRF_MODIFIED) == 0)) + if (!ipkg->run_all_triggers && !dbd->modified) continue; for (i = 0; i < ipkg->triggers->num; i++) { @@ -2243,7 +2323,7 @@ static void apk_db_purge_pkg(struct apk_database *db, hlist_for_each_entry_safe(diri, dc, dn, &ipkg->owned_dirs, pkg_dirs_list) { if (exten == NULL) - diri->dir->flags |= APK_DBDIRF_MODIFIED; + diri->dir->modified = 1; hlist_for_each_entry_safe(file, fc, fn, &diri->owned_files, diri_files_list) { snprintf(name, sizeof(name), "%s/%s%s", @@ -2254,7 +2334,7 @@ static void apk_db_purge_pkg(struct apk_database *db, .filename = APK_BLOB_PTR_LEN(file->name, file->namelen), }; hash = apk_blob_hash_seed(key.filename, diri->dir->hash); - if (!(diri->dir->flags & APK_DBDIRF_PROTECTED) || + if ((!diri->dir->protected) || (apk_flags & APK_PURGE) || (file->csum.type != APK_CHECKSUM_NONE && apk_file_get_info(db->root_fd, name, APK_FI_NOFOLLOW | file->csum.type, &fi) == 0 && @@ -2289,7 +2369,7 @@ static void apk_db_migrate_files(struct apk_database *db, hlist_for_each_entry_safe(diri, dc, dn, &ipkg->owned_dirs, pkg_dirs_list) { dir = diri->dir; - dir->flags |= APK_DBDIRF_MODIFIED; + dir->modified = 1; hlist_for_each_entry_safe(file, fc, fn, &diri->owned_files, diri_files_list) { snprintf(name, sizeof(name), "%s/%s", @@ -2311,8 +2391,7 @@ static void apk_db_migrate_files(struct apk_database *db, /* We want to compare checksums only if one exists * in db, and the file is in a protected path */ cstype = APK_CHECKSUM_NONE; - if (ofile != NULL && - (diri->dir->flags & APK_DBDIRF_PROTECTED)) + if (ofile != NULL && diri->dir->protected) cstype = ofile->csum.type; cstype |= APK_FI_NOFOLLOW; @@ -2321,7 +2400,7 @@ static void apk_db_migrate_files(struct apk_database *db, /* File was from overlay, delete the * packages version */ unlinkat(db->root_fd, tmpname, 0); - } else if ((diri->dir->flags & APK_DBDIRF_PROTECTED) && + } else if ((diri->dir->protected) && (r == 0) && (ofile == NULL || ofile->csum.type == APK_CHECKSUM_NONE || diff --git a/src/fix.c b/src/fix.c index e3fea11..d63006a 100644 --- a/src/fix.c +++ b/src/fix.c @@ -50,7 +50,7 @@ static int fix_parse(void *pctx, struct apk_db_options *dbopts, static int mark_recalculate(apk_hash_item item, void *ctx) { struct apk_db_dir *dir = (struct apk_db_dir *) item; - dir->flags |= APK_DBDIRF_RECALC_MODE; + dir->recalc_mode = 1; return 0; } diff --git a/src/io.c b/src/io.c index 71ccfda..0ae46f0 100644 --- a/src/io.c +++ b/src/io.c @@ -560,8 +560,11 @@ int apk_dir_foreach_file(int dirfd, apk_dir_file_cb cb, void *ctx) rewinddir(dir); while ((de = readdir(dir)) != NULL) { - if (de->d_name[0] == '.') - continue; + if (de->d_name[0] == '.') { + if (de->d_name[1] == 0 || + (de->d_name[1] == '.' && de->d_name[2] == 0)) + continue; + } cb(ctx, dirfd, de->d_name); } closedir(dir);