Commit Graph

1382 Commits (4dde7e7e0fc79708119644b14b7123213d0de10d)

Author SHA1 Message Date
Timo Teräs f90af35e9c libfetch: add option to set "Cache-Control: no-cache"
ref #8161
2018-01-03 14:25:07 +02:00
Henrik Riomar e0eff8742f add new umbrella flag --initramfs-diskless-boot
This flag enables a group of options used during initramfs tmpfs
initial install.
2018-01-03 14:21:40 +02:00
Henrik Riomar 23cb104775 add new flag --no-commit-hooks
This flag skips running hook scripts

This flag *must* be used during initramfs tmpfs initial install.
The reason that this new flag is needed is that the hooks will currently
always fail as musl and /bin/sh is missing at this stage on diskless.
2018-01-03 14:20:58 +02:00
Timo Teräs 99e7bb93df libfetch: honor https_proxy variable for https
fixes #8160
2018-01-03 10:43:31 +02:00
Timo Teräs b0fcc56f22 db: fix triggers to report deleted directories
This change just changes to keep deleted directory items in
the hash with ref count zero and modified flag set. Those entries
are reused when needed. The side effect is that fire_triggers()
will now see those removed direcotries and reports them. Other
enumerators of the directories hash are protected to skip removed
directories when appropriate.
2018-01-03 09:31:10 +02:00
Timo Teräs 8ee79c72b2 apk, del: fix few memory leaks
This fixes couple of valgrind reported leaks - though they are
non-important since the leak happens on "exit" only and kernel
frees it anyway.
2018-01-03 09:30:12 +02:00
Timo Teräs 667cb6bca7 commit: properly analyze packages with provides="$pkgname" 2018-01-02 15:45:21 +02:00
William Pitcock 2a161588fb test: add test to ensure a provider that is already satisfied doesn't get swapped 2018-01-02 04:43:53 +00:00
William Pitcock 467ba0cee0 test: add testcases to ensure provider collisions generate an error 2018-01-02 04:42:43 +00:00
Timo Teräs 7b3023ec49 apk-tools-2.9.0 2017-12-30 08:11:00 +02:00
Nils Andreas Svee ac1681247f fix typo in MIPS byte-order apk_defines.h 2017-12-15 10:08:36 +02:00
Timo Teräs 8e7fd3e06f solver: fix potential install_if processing failure, fixes #8237
In discovery phase, there was logic to not process packages
multiple times. However, that logic failed to account the package's
depth and install_if state for the name being processed. This
caused install_if processing failure in certain topologies of the
dependency graph. Adds also a test case that should catch this
issue reliably.
2017-12-12 15:16:52 +02:00
Nils Andreas Svee 0700e8318f add detection of mips archs 2017-12-11 09:02:50 +02:00
Timo Teräs 97d8aab0c2 fetch: print additional error diagnostics in verbose mode 2017-11-28 14:25:38 +00:00
William Pitcock 20ae27c1da solver: prefer highest requirer count above installed status
This ensures a swap is emitted when replacing a virtual with
apk add.
2017-11-02 17:15:00 +00:00
William Pitcock 6aabb96c20 solver: fix dbg_printf() call in select_package() 2017-11-02 17:14:18 +00:00
William Pitcock 0a17a648db solver: only select a default if there is at least one provider with a declared provider_priority 2017-11-02 16:31:50 +00:00
William Pitcock 9165aa3894 solver: instead of tracking selected packages, score by requirer count for tiebreaking 2017-11-02 16:24:09 +00:00
William Pitcock f18c708183 solver: implement support for choosing default virtuals
By introducing a new package metadata field, `provider_priority`
(index letter `k`), we can specify default packages to satisfy a
virtual.

If a user wishes to select an alternative provider for the virtual,
a changeset swapping the default provider for the selected provider
will be generated by the dependency resolver.
2017-11-02 03:08:24 +00:00
Timo Teräs ee3740fcc6 apk-tools-2.8.1 2017-10-27 16:12:05 +03:00
Timo Teräs 7cdeaa6a2e build: add 'make tag' 2017-10-27 16:11:57 +03:00
Timo Teräs e03716ff3b solver: consider virtual provides to exclude non-provides transitively
this fixes package selection when a 'real' package exists, but would
need to be provided by another package with 'virtual provides'.

In current package database this can happen with postgresql which is
also provided by postgresql-bdr. Normally postgresql would be satisfied
by postgresql, but if any package depends on postgresql-bdr and there's
no versioned dependency on postgresql this will help apk figure out
that postgresql-bdr should be used.
2017-10-27 15:20:03 +03:00
Timo Teräs 2f3c842049 io: fix skip and splice to detect unexpected end-of-file 2017-10-12 13:35:46 +03:00
Timo Teräs 97e4d0531f db: handle default root correctly for /proc
dbopts->root may be null; use db->root instead

fixes #7162
2017-10-10 11:39:38 +03:00
Timo Teräs 342909da68 apk-tools-2.8.0 2017-10-06 19:08:49 +03:00
Timo Teräs 0d814ba35b libfetch: fix certificate host name check
OpenSSL allows passing zero-length to indicate "use strlen".
LibreSSL requires using the real length always, so pass the length.
2017-10-06 18:09:37 +03:00
Timo Teräs eb8f44d629 libfetch: improve openssl/libressl compatibility
X509_check_host() is introduced in libressl-2.5.0 and openssl-1.0.2
which are not yet universally available. Add support for building
against the older versions.
2017-10-06 13:25:27 +03:00
Timo Teräs 52fd85a8dc libfetch: improve ssl connections
loosely based on the freebsd implementation, implement https
connection settings to override CA, and use client certificate.

new files supported in /etc/apk/:
  ca.pem   - if exists, it contains CAs acceptable for https
	     (otherwise system wide CAs are used)
  crl.pem  - if ca.pem is used, this is the (optional) CRL for it
  cert.pem - used as client authentication certificate (+ key)
  cert.key - used as client key (can be also inside cert.pem)
2017-10-05 16:59:14 +03:00
Timo Teräs 531fea4c90 libfetch: remove unwanted code conditionals 2017-10-05 16:59:14 +03:00
Timo Teräs f6860e0e11 libfetch: fix ssl context leak
from freebsd
2017-10-05 16:59:14 +03:00
Timo Teräs 86436fce2f build and use bundled libfetch natively 2017-10-05 16:59:14 +03:00
Timo Teräs 9dc6278c7b import libfetch-2.38 from NetBSD
ftp://ftp.fu-berlin.de/unix/NetBSD/packages/current-src/pkgsrc/net/libfetch/files

libfetch comes (at least) in netbsd and freebsd flavors which
differing functionality. Alpine and Arch package netbsd one,
but it's not widely packaged across other distributions.

We need NetBSD version as it does not use funopen(3) which is not
supported in musl, and supports connection pooling.

FreeBSD seems to be the orignal and better maintained version
with support for SSL CAs, client certificate authentication,
proxy authentication, and improved http redirect handling.

So this imports NetBSD version, and future commits will pick up
the needed improvements from FreeBSD tree.

Incidentally, this also fixes #7857 and likes for good.
2017-10-05 16:58:09 +03:00
Timo Teräs 8f0938a056 package: remove package script after use (fixes #7974)
this is a regression introduced in commit 349c61c9
("add support for pre and post commit hooks")
2017-10-04 16:56:07 +03:00
Damiano Albani 806a476190 info: fix typo in help 2017-09-27 18:01:07 +03:00
Timo Teräs e6e90a6463 commit: proper singular/plural for 'error(s)' in commit message
based on github pull request #5
2017-08-23 09:03:35 +03:00
Dmitry Golovin 16336ba265 fix comparison of unsigned expression < 0 is always false
found by clang
2017-08-23 08:56:44 +03:00
Dmitry Golovin 04003569c5 make preprocessor arguments clang-compatible 2017-08-23 08:54:00 +03:00
Dmitry Golovin c099018e01 use labs istead of abs with long argument 2017-08-23 08:54:00 +03:00
A. Wilcox 8221be3569 index: Only rewrite arch if no error is encountered 2017-07-29 01:57:55 +00:00
A. Wilcox 13747fab83 database: include POSIX header for ST_* defines 2017-07-29 01:57:34 +00:00
Jakub Jirutka 1a52c1e4bd travis: notify on IRC 2017-07-25 23:25:52 +02:00
Timo Teräs 677d3240a8 tar: use standard header prefix
APKs have been created with GNU tar so far, which uses the
GNU extensions for long names. In order to increase portability
support the standard header's 'prefix' portion in case
the GNU extensions are not present.
2017-06-26 14:29:29 +03:00
Timo Teräs 51ec463e9d db: fix current directory instance caching in tar extraction
Depending how the directory entries are ordered, the cached dir
instance might not have been updated correctly. This has not been
a problem as the entries have been ordered, but is now triggered
on ppc.
2017-06-26 10:59:37 +03:00
A. Wilcox 17dd532e42 database: mark error on renameat failure 2017-06-26 10:32:38 +03:00
Jakub Jirutka 6f9dd59098 travis: deploy tarballs with static binary to GH Releases
The main usage is for alpine-chroot-install and similar scripts, so it
can depend on specific *persistent* version.
2017-06-23 20:54:16 +02:00
Jakub Jirutka 43e0656c1a travis: update alpine-chroot-install to 0.5.1 2017-06-23 18:30:57 +02:00
Timo Teräs 4d9c0c39b0 io: make io vtables const struct, and add accessors for them
This reduces function pointers in heap, and unifies how the
io functions are called.
2017-06-23 10:07:44 +03:00
Timo Teräs ca9d476ba3 archive: validate reading of pax and gnu long filename extensions
Detect properly if the file stream gets an error during these
read operations.

Reported-by: Ariel Zelivansky from Twistlock
2017-06-23 10:07:44 +03:00
Timo Teräs 6b9a07d1ad archive: fix incorrect bounds checking for memory allocation
The value from tar header is unsigned int; keep it casted to
unsigned int and size_t instead of (signed) int, otherwise
the comparisons fail to do their job properly. Additionally check
entry.size against SSIZE_MAX so the rounding up later on is
guaranteed to not overflow.

Fixes CVE-2017-9669 and CVE-2017-9671.
Reported-by: Ariel Zelivansky from Twistlock
2017-06-23 10:07:44 +03:00
William Pitcock 5d439c4739 Revert "version: consider pkg-rX and pkg to be the same version"
This reverts commit ee5ce7284a.
2017-06-23 06:59:13 +00:00