State unions and operation lists aren't really useful here.
For example, if someone wanted to have cute-only signatures, we would
need to have stubs that return unsupported only.
Digests now use bearssl + libsodium instead of openssl + libsodium.
It fits better with the API looking more similar and I don't think it
will be that much of a bottleneck.
Instead of a apk_pkey that mimicks the EVP_PKEY semantics, have seperate
public and private key structures. However, apk is broken because of it
and needs fixing. The rest of the code might compile but won't work
as I haven't handled the cases where pkey corressponds to public/private
keys in codebase properly. Also, DSA signatures are removed.
Public and private keys impls' now use a static array of vtables
internally. The indicies correspond to the signature scheme version and
checking `< APK_*_MAX` should be enough? I tried to make so that higher
values correspond to more desirable constructs, this might come in handy.
Signing/verifying start is free from keys as it isn't used though it
might be brought back for domain seperated hashes, ability to get
timestamps involved with epheremal keys in the future etc.
`apk_crypto.h` is free from openssl includes although some headers still
use them for now.
Start working on "cute" signatures because why not? Cute signatures are
inspired/ripped of from the signify and minisign design:
Key (URL-Safe, padded base64):
- 2 bytes of version tag (specifies the algorithm)
- 16 bytes of key ID
- Public/Private key (size depending on the version tag)
Signature (raw):
- 2 bytes of version tag (specifies the algorithm)
- Signature depending (size depending on the version tag)
The new scheme uses libsodium and thus the work of
abstracting cryptographic operations from libcrypto should also be
completed. Also, since the key of the signature is provided in the
filename, there shouldn't be a need for ID
There is also the possibility of using epheremal keys for signatures and
sign the package's public key, signature and signing timestamp in the header
such as:
- 2 bytes of version tag
- signing timestamp
- epheremal public key used
- epheremal signature
- signature of the previous sections
FreeBSD (and also Darwin) introduced its own qsort_r, which has different
semantics than the one slated for inclusion in POSIX. Add a portability
thunk to deal with translating between implementations.
[TT: minor stylistic fixes]
for most cases, this replaces APK_DEFAULT_ARCH. if apk-tools is built without
a configured abi-tag, the ABI tag is equivalent to APK_DEFAULT_ARCH, providing
backwards compatibility with apk v2
the /etc/apk/arch configuration file is assumed to actually describe an ABI
tag.
Additioal logic is needed to search objects on array: the object
comparer needs separate modes to match index, template or exact
object template. This should fix mkndx to be able to use old index.
fixes#10828
Ensure not to mask away previously set APK_VERSION_CONFLICT when
serializing.
When deserializing, make sure to actually write out the conflict
flag when no version part is set.
When creating apk_dependency, ensure to set the conflict bit
correctly and mask it off result_mask.
Fixes https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10824
Do not call apk_db_read_layer() or try to process the layer
if APK_OPENF_NO_STATE is specified. It might fail because of
non-existing database directory. Based on patch by Daniel.
fixes commit 9e4dd29f "db: prepare database reading for layers"
Fixes#10821
Reported-and-analyzed-by: Daniel Kolesa <daniel@octaforge.org>
var/cache is also reported to be mounted noexec on hardened
systems. Document some of the issues, and use lib/apk/exec
for the time being. Keep the scripts still in separate directory
from lib/apk so we can just delete directory if needed.
fixes#6591
This reverts most of 0dcbd933 which allowed automatic selection
of package with a "virtual provides" having only one provider.
While convenient, it creates problems if multiple versions of the
same package exist, or if in future other providers would be added
to one of the repositories. This restore the original behaviour,
and improve the error message to tell the user to mention one of
the providers explicitly.
fixes#10810
remove the left over apk_blob_push_fmt() call that corrupted uri and
trim the path end from trailing slashes to get original functionality.
fixes commit be4ce407 "support new index format without attaching arch"
The gzip library can drain all of the input to internal buffers
and still keep providing data even if avail_in is zero. Previously
it was assumed that avail_in != 0 if there is still data expected out,
but this logic breaks near end-of-file for multiple short reads.
Adjust logic to not process end-of-file event too early.
fixes#10809
Aydin Mercan
Timo Teräs
Ariadne Conill