Commit Graph

1231 Commits (272784636112c84b57b3bd4742ab9f0235abe5b8)

Author SHA1 Message Date
Aydin Mercan 2727846361
crypto: start tinkering
Start working on "cute" signatures because why not? Cute signatures are
inspired/ripped of from the signify and minisign design:

Key (URL-Safe, padded base64):
- 2 bytes of version tag (specifies the algorithm)
- 16 bytes of key ID
- Public/Private key (size depending on the version tag)

Signature (raw):
- 2 bytes of version tag (specifies the algorithm)
- Signature depending (size depending on the version tag)

The new scheme uses libsodium and thus the work of
abstracting cryptographic operations from libcrypto should also be
completed. Also, since the key of the signature is provided in the
filename, there shouldn't be a need for ID

There is also the possibility of using epheremal keys for signatures and
sign the package's public key, signature and signing timestamp in the header
such as:

- 2 bytes of version tag
- signing timestamp
- epheremal public key used
- epheremal signature
- signature of the previous sections
2022-08-24 10:13:22 +03:00
Timo Teräs c21f61ddd8 db: fix change detection for symlinks
apk_fileinfo_get() special cases symlink digest calculation.
Convert apk_fsdir_ops.file_digest to .file_info to fix symlink
change detection.

fixes #10853
2022-08-17 21:13:40 +03:00
Timo Teräs ff7c8f6ee9 fetch: implement --world
fixes #10838
2022-05-04 19:56:04 +03:00
Timo Teräs f8cf7a0a0d add: allow specifying a version for --virtual package
fixes #10835
2022-05-04 19:56:00 +03:00
Timo Teräs 191e2d412d io: move make_dirs as apk_make_dirs and use it 2022-04-05 10:53:52 +03:00
Timo Teräs 232067b3d1 db: fix atfd for access repository index
fixes #10834
2022-04-05 10:31:57 +03:00
Daniel Kolesa 55e20d3e5b mkpkg: use correct script counter when writing scripts to adb
Previously this would result in post-upgrade scripts not being
written at all.
2022-04-04 05:05:08 +00:00
Daniel Kolesa d06a99128f package: respect version fuzziness when creating dep from adb 2022-03-31 01:59:50 +02:00
Ariadne Conill feec480b34 keep APK_DEFAULT_ARCH as the define used in source code 2022-03-30 09:17:25 +00:00
Ariadne Conill 917698ec1d use arch_prefix for this feature instead 2022-03-30 09:17:25 +00:00
Ariadne Conill c29638cd81 use APK_DEFAULT_ABI_TAG everywhere APK_DEFAULT_ARCH was previously used 2022-03-30 09:17:25 +00:00
Ariadne Conill fee0587660 defines: introduce APK_DEFAULT_ABI_TAG
for most cases, this replaces APK_DEFAULT_ARCH.  if apk-tools is built without
a configured abi-tag, the ABI tag is equivalent to APK_DEFAULT_ARCH, providing
backwards compatibility with apk v2

the /etc/apk/arch configuration file is assumed to actually describe an ABI
tag.
2022-03-30 09:17:25 +00:00
Ariadne Conill 8051d458c6 meson: support definition of a custom abi tag
this is intended to allow for distributions to have alternate streams, such as
glibc-x86_64 or darwin-aarch64
2022-03-30 09:17:25 +00:00
Timo Teräs bc2b5b69b7 db: make --no-cache disable the cache completely
Including using files found from the cache, or creating the cache
directories with --initdb.

Based on patch by Paul Spooren.
2022-03-29 10:01:34 +03:00
Timo Teräs d0821b6d42 pkg: recursive create exec dir
fixes #10825
2022-03-29 09:59:59 +03:00
Timo Teräs a0bfa074f8 mkndx: fix v3 package handling
remove incorrect intialization of the ctx->pkginfo

fixes commit 950972a5 "mkndx: fix index generation for v2 and v3 packages"
2022-03-21 15:25:12 +02:00
Daniel Kolesa 386cadd0d4 package: fix error message when script fails to execute
Related: https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10825
2022-03-21 12:10:54 +00:00
Timo Teräs 1d473e004c adb: use qsort_r 2022-03-21 14:09:06 +02:00
Timo Teräs c6b9297bcb mkndx, adb: fix index searching
Additioal logic is needed to search objects on array: the object
comparer needs separate modes to match index, template or exact
object template. This should fix mkndx to be able to use old index.

fixes #10828
2022-03-21 14:09:06 +02:00
Timo Teräs 950972a56b mkndx: fix index generation for v2 and v3 packages
For v2 packages, the identity was never set.
For v3 packages, the file size was never set.

This fixes both issues.
2022-03-21 14:09:06 +02:00
Daniel Kolesa c5d9aaa1ee adb: fix handling of conflicts
Ensure not to mask away previously set APK_VERSION_CONFLICT when
serializing.

When deserializing, make sure to actually write out the conflict
flag when no version part is set.

When creating apk_dependency, ensure to set the conflict bit
correctly and mask it off result_mask.

Fixes https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10824
2022-03-07 08:26:07 +00:00
Timo Teräs fa913aba4b test: fix tests by setting sane active_layers without state
finally fixes #10821
2022-03-07 10:15:06 +02:00
Daniel Kolesa 1be55db3d0 db: fix APK_OPENF_NO_STATE check
fixes #10821
2022-03-06 18:28:10 +02:00
Timo Teräs 296647e3f9 mkpkg: use -I for --info
-i is already global option

fixes #10822
2022-03-06 16:18:11 +02:00
Timo Teräs b5da1ccf4c mkpkg: check apk_ostream_to_file/adb_compress error
fixes #10823
2022-03-06 16:15:53 +02:00
Timo Teräs 00e397d564 db: honor APK_OPENF_NO_STATE again
Do not call apk_db_read_layer() or try to process the layer
if APK_OPENF_NO_STATE is specified. It might fail because of
non-existing database directory. Based on patch by Daniel.

fixes commit 9e4dd29f "db: prepare database reading for layers"

Fixes #10821

Reported-and-analyzed-by: Daniel Kolesa <daniel@octaforge.org>
2022-03-06 16:07:42 +02:00
Timo Teräs 62bc43d2a4 pkg: use lib/apk/exec as the package script execution directory
var/cache is also reported to be mounted noexec on hardened
systems. Document some of the issues, and use lib/apk/exec
for the time being. Keep the scripts still in separate directory
from lib/apk so we can just delete directory if needed.

fixes #6591
2022-02-24 14:29:38 +02:00
Timo Teräs e4dc2373d6 solver: do not auto select virtual-only package with one provider
This reverts most of 0dcbd933 which allowed automatic selection
of package with a "virtual provides" having only one provider.
While convenient, it creates problems if multiple versions of the
same package exist, or if in future other providers would be added
to one of the repositories. This restore the original behaviour,
and improve the error message to tell the user to mention one of
the providers explicitly.

fixes #10810
2022-02-24 14:18:41 +02:00
Timo Teräs 86d75e10f5 db, uvol: commit regular files before uvol volumes
add priority to order fsdir commit sequence
2022-02-22 14:03:47 +02:00
Timo Teräs 3a194ea5d7 db: fix apkindex path generation
remove the left over apk_blob_push_fmt() call that corrupted uri and
trim the path end from trailing slashes to get original functionality.

fixes commit be4ce407 "support new index format without attaching arch"
2022-02-22 14:02:44 +02:00
Timo Teräs fedaa44546 io_gunzip: fix handling short reads near end-of-file
The gzip library can drain all of the input to internal buffers
and still keep providing data even if avail_in is zero. Previously
it was assumed that avail_in != 0 if there is still data expected out,
but this logic breaks near end-of-file for multiple short reads.

Adjust logic to not process end-of-file event too early.

fixes #10809
2022-02-21 12:36:46 +02:00
Timo Teräs 17f22530a5 fs_fsys: ignore mkdir EEXIST
Be happy if the directory already exists.
2022-02-21 12:10:52 +02:00
ptrcnull b576f08284 tar: allow for space as numeric field terminator 2022-02-21 08:26:20 +00:00
Timo Teräs 3ad4d6bed1 solver: require package layer to be enabled for install 2022-02-21 10:24:05 +02:00
Timo Teräs 21519221c2 adb: add layer to pkginfo 2022-02-21 10:24:05 +02:00
Timo Teräs f69ae30272 db: sort world dependencies to layers 2022-02-21 10:24:05 +02:00
Timo Teräs 9089edcc44 db: prepare database writing for layers 2022-02-21 10:24:05 +02:00
Timo Teräs 9e4dd29f54 db: prepare database reading for layers 2022-02-21 10:24:05 +02:00
Paul Spooren be4ce40797 support new index format without attaching arch
By default the package architecture is attached to the repository url.
With this commit it is possible to define new indexes ending on `.adb`.
If such index file is detected the packages must be in the same folder
as the index.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-02-14 17:21:51 +00:00
Daniel Golle aa4880bc04 fs_uvol: take down volume before removal
Make sure volume is in 'down' state before attempting to remove it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-14 17:18:54 +00:00
Daniel Golle 4c568416e3 context: fix 'uvol' default path
'uvol' is installed to /usr/sbin by default. Assume that path if not
set by APK_UVOL environment variable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-02-13 09:50:50 +01:00
Ariadne Conill 6315575af1 database: fix apk_db_cache_active returning true when cache not configured
this regression was caused by refactoring of the options handling into the
apk_ctx struct in 354713d2, presumably a little too much innovation with sed

fixes #10799
2022-02-03 22:26:57 +00:00
Timo Teräs 6df225eac3 mkpkg, adb: validate version and dependency format
Fail if the package or dependency version format is not valid.

fixes #10807
2022-02-01 14:47:27 +02:00
Timo Teräs b7e3ca22f7 genhelp: fix upper case substition 2022-01-21 14:47:54 +02:00
Timo Teräs 10d0043063 cache: allow various flags, and addition of dependencies
Allow controlling 'cache download' more closely to 'upgrade' so
it can be used to pre-download packages for ugprade.
2022-01-21 14:36:31 +02:00
Timo Teräs a2cd188039 package: fail on invalid control data
Handle meta data error to produce hard failure.

fixes #10806
2022-01-17 10:55:37 +02:00
Ariadne Conill e8650d4d44 support building with uncompressed help databases 2022-01-13 14:13:53 +00:00
Ariadne Conill 3d41d1c90a package: factor out /dev initialization to linux-specific helper function 2021-12-29 20:38:40 +02:00
Ariadne Conill 10b26851a4 database: refactor mounting and unmounting /proc 2021-12-29 20:37:28 +02:00
Ariadne Conill dfe2e141ca database: relocate find_mountpoint() 2021-12-29 20:37:28 +02:00