Digests now use bearssl + libsodium instead of openssl + libsodium.
It fits better with the API looking more similar and I don't think it
will be that much of a bottleneck.
Instead of a apk_pkey that mimicks the EVP_PKEY semantics, have seperate
public and private key structures. However, apk is broken because of it
and needs fixing. The rest of the code might compile but won't work
as I haven't handled the cases where pkey corressponds to public/private
keys in codebase properly. Also, DSA signatures are removed.
Public and private keys impls' now use a static array of vtables
internally. The indicies correspond to the signature scheme version and
checking `< APK_*_MAX` should be enough? I tried to make so that higher
values correspond to more desirable constructs, this might come in handy.
Signing/verifying start is free from keys as it isn't used though it
might be brought back for domain seperated hashes, ability to get
timestamps involved with epheremal keys in the future etc.
`apk_crypto.h` is free from openssl includes although some headers still
use them for now.
Do not call apk_db_read_layer() or try to process the layer
if APK_OPENF_NO_STATE is specified. It might fail because of
non-existing database directory. Based on patch by Daniel.
fixes commit 9e4dd29f "db: prepare database reading for layers"
Fixes#10821
Reported-and-analyzed-by: Daniel Kolesa <daniel@octaforge.org>
remove the left over apk_blob_push_fmt() call that corrupted uri and
trim the path end from trailing slashes to get original functionality.
fixes commit be4ce407 "support new index format without attaching arch"
By default the package architecture is attached to the repository url.
With this commit it is possible to define new indexes ending on `.adb`.
If such index file is detected the packages must be in the same folder
as the index.
Signed-off-by: Paul Spooren <mail@aparcar.org>
this regression was caused by refactoring of the options handling into the
apk_ctx struct in 354713d2, presumably a little too much innovation with sed
fixes#10799
the stat64 family of functions were provided as transitional functions,
but when building on glibc with _GNU_SOURCE, or any other supported system,
the stat functions are equivalent to their stat64 counterparts
This options is useful for (post)install scripts to run with the same
environment variables as apk is executed.
[TT: minor stylistic changes]
Signed-off-by: Paul Spooren <mail@aparcar.org>
musl implements support for malloc.h, but it is only a stub. we do not use
any of the GNU-specific malloc interfaces, so just use POSIX stdlib.h instead.
ref #10794
The apk_fsdir_file_digest() servers dual purpose: to calculate
the checksum, but also to determine if the file exists. Move
it's error check where it originally was.
fixes#10791
Remove the APK_REPOSITORY_CACHED bit from dependencies only
packages (that is, installed_size == 0). For fetch, the problem
is that apk_db_select_repo() would return the cache repository,
but the package would not be there. Update also the locations
needed to handle these packages correctly without the cached
repository bit being set.
In most places where pointer can be an 'error' it cannot be null
pointer. Further, in those cases just calling PTR_ERR() is not enough
to handle the null case. Simplify code by removing this case.
If NULL case needs to be handled, it's better to add separate check
and return fixed error code in that case.
This moves and isolates the tar code to tar.c. And the actual
file extraction to disk is moved to extract.c.
A new API is introduced and used for v2 file extraction. This
essentially moves and isolates the apk_sign_ctx_* beast into
extract_v2.c and offers a saner interface to handling packages.
A place holder is added for v3 extraction.
Packages containing files with path names longer than 1024 characters
cannot fit into the buffer which is used to write "installed" database.
This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because
apk_blob_push_blob notices the condition and correctly handles it.
The problem occurs when arguments to apk_ostream_write are manually
calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a
case, bbuf.ptr - buf leads to a huge size value while buf still points
into the stack.
fixes#10751
[TT: minor edit to commit and abbreviating the commit message]
- apk_istream_splice usage is converted to apk_stream_copy which
is the newer variant. With caching enabled by default, this
makes more sense mmapping or using separate buffers.
- apk_istream_tee is reworked to write to apk_ostream, which simplifies
quite a bit of various things
Aydin Mercan
Timo Teräs
Ariadne Conill