In practice this should fix to e.g. not wipe out /etc/apk/world if
final flush to /etc/apk/world.new fails.
This was prompted by an incident the other day where I ran the root
partition of an Alpine box out of space using 'apk add', and apk
helpfully wiped the contents of /etc/apk/world at the same time.
It might be tricky to try to reproduce exactly the same failure,
but from an examination of the code, setting 'rc' before the final
call to fdo_flush rather than after is one possible cause of this
behavior. (If the entire contents of /etc/apk/world.new are buffered,
and all get written out in the final fdo_flush call, and that call
fails, fdo_close will still happily rename /etc/apk/world.new to
/etc/apk/world.)
According to the C standards, uint32_t is defined in stdint.h.
Presumably apk is usually built against C libraries where
stdint.h is indirectly included through another header file,
but this isn't the case with the version of glibc which I am using.
fixes#607.
audit is now mostly rewritten for the new functionality. And
has new features like --check-permissions, --recursive and
--packages.
$ROOT/etc/apk/protected_files.d/*.list can now contain additional
protected paths, one path per line:
+etc
@etc/init.d
-tmp
+ will include the directory as protected configuration directory.
@ considers the directory protected, but will backup only symlinks.
- removes any protection
lbu should be modified to put include and exclude paths in
etc/apk/protected_files.d/lbu.list. Additionally, some packages
might provide their own listings.
E.g. ssh might want to provide ssh.list with something like:
+root/.ssh
+home/*/.ssh
It is faster to just scan the cache directory for existing packages
at startup than trying to faccessat() them on demand. It also makes
quite a few parts of the code more readable and simpler.
move all files therein to other places. this allows /var to be
mounted from harddisk, but rest of system be run from ramdisk.
this also removes support for historical version of the scripts
database which was obsoleted in 2.0_pre16 (in July 2009).
the old code treated a symlink to directory as file; it tried
to calculate regular has of it. fix this by: 1) using no follow
on migration and pruning stats, and 2) the helper function to
check if it's point to directory and not calculate hash in that
case. fixes#188.
this way we never change cwd, and relative filenames are always
parsed consistently. this also helps filename construction in many
places. this patch also changes '--root' to override location of
all configuration to be in the new root. previously it depended
on the file which one was used.
apparently it needs to have both PROT_READ and PROT_WRITE. and
it needs to be MAP_SHARED for the writing to be effective. oh,
and the data needs to be preallocated with ftruncate; otherwise,
one gets SIGBUS.
change the index generation to do old index, or the new style index
where package identity is sha1 of control block and it's contained
within an .tar.gz to allow signing in future.
Natanael Copa