Commit Graph

628 Commits (ba3ee3f86396f05123f732da7c7879c8ed016c9d)

Author SHA1 Message Date
Timo Teräs ba3ee3f863 audit, db: add etc/apk/protected_files.d and new audit features
fixes #607.

audit is now mostly rewritten for the new functionality. And
has new features like --check-permissions, --recursive and
--packages.

$ROOT/etc/apk/protected_files.d/*.list can now contain additional
protected paths, one path per line:

+etc
@etc/init.d
-tmp

+ will include the directory as protected configuration directory.
@ considers the directory protected, but will backup only symlinks.
- removes any protection

lbu should be modified to put include and exclude paths in
etc/apk/protected_files.d/lbu.list. Additionally, some packages
might provide their own listings.

E.g. ssh might want to provide ssh.list with something like:
+root/.ssh
+home/*/.ssh
2012-02-23 15:05:06 +02:00
Timo Teräs a1d16c5d5d db: fix repositories.d to be loaded only without --repositories-file 2012-02-22 17:08:07 +02:00
Timo Teräs 77e203bf32 db, io: load repositories also from etc/apk/repositories.d/*.list
Load additional repositories from $ROOT/etc/apk/repositories.d/*.list
unless --repositories-file is given as parameter.
2012-02-22 13:57:05 +02:00
Timo Teräs d633746892 solver: lock early names that have only single option left
care is needed to get the score right.
2012-02-22 13:09:51 +02:00
Timo Teräs 93a0f0b3cc solver: lazily update name state in main loop 2012-02-22 12:59:46 +02:00
Timo Teräs b9f3db2158 solver: handle fix/reinstall better
In case someone did "fix --force" for package for which we have no
APK available, we would uninstall the package instead of silently
ignoring the request. This could mean worse things.

So now we just consider unavailable packages a bad deal for reinstall
requests. And will downgrade if necessary. But if we really don't
have any APK available, we just skip the request but report it.
2012-02-22 10:31:07 +02:00
Timo Teräs 8e5c040ffd db: merge identical repositories
Just in case same repository is mentioned with different tags.
2012-02-22 09:52:28 +02:00
Timo Teräs a7500a9df5 solver: transitive dependency requiring
If n+1 packages depend A, and A depend on B. Add n+1 dependencies
to B. Otherwise if someone conflicts B, B might be left out.

Leaving package unassigned is no longer a non-preferred action,
this fixes the final test case that was failing.

And with --force we might even install that scenario.
Add also some debug checks.
2012-02-22 09:43:47 +02:00
Timo Teräs 955153eac2 solver: remove dependency merging; it's not worth it
callgrind says it's more overhead than improvement. back jumping
effectively prunes all bad trees. but can be added later if it
becomes needed; due to e.g. provides support.
2012-02-22 09:08:14 +02:00
Timo Teräs bf82e2e5fd db, solver, io: scan cache items at startup
It is faster to just scan the cache directory for existing packages
at startup than trying to faccessat() them on demand. It also makes
quite a few parts of the code more readable and simpler.
2012-02-22 08:45:40 +02:00
Timo Teräs 568d57336d solver: make apk_score a 64-bit int for speed 2012-02-21 11:01:21 +02:00
Timo Teräs c18e159185 solver: remove unneeded flag 2012-02-21 10:36:26 +02:00
Timo Teräs 6f237d9149 solver: implement backwards jumping and various other optimizations 2012-02-21 09:19:24 +02:00
Timo Teräs 6ae573887d solver: rewrite backtracking and scoring system
* properly do absolute scoring now, the previous scoring where
  preference could get reduced could have caused incorrect early
  pruning of search tree

* backtracking is now separated from package state, and first
  branching point is the decision if a name is left unassigned
  or if something _has_ to be assigned. this allows multiple future
  search tree optimizations like handling of common dependencies
  early.

* merge common dependency names early to provide deeper forward
  checking.
2012-02-20 13:02:09 +02:00
Timo Teräs a9d526836e apk: fix some unharmful leaks reported by valgrind 2012-02-17 10:02:44 +02:00
Timo Teräs 15c920ab90 solver: get rid of saved score in backtracking
also, discover late if package is needed or not.
2012-02-17 09:43:14 +02:00
Timo Teräs 4bc8add78d solver: convert some package state flags to bitfields 2012-02-16 21:46:09 +02:00
Timo Teräs 706664c178 solver: name's unlocked chosen is always next package getting locked
Instead of "skipping" certain packages, we include them as-if required,
and at expansion time we decide if they actually need to be considered
for installation. This cleans up the expansion main loop a little bit
and makes the code work together better.
2012-02-16 21:35:05 +02:00
Timo Teräs b0c0b900db solver: rework internals a bit
* cleaned up little bit on the internal state machine
* the decision applying mechanism now aborts early to avoid work
  if we are approaching bad solution candidate
* package availability checking is now done on-demand; which
  could still be improved
2012-02-16 21:11:22 +02:00
Timo Teräs 53f8a36c1f solver: fix allowed pinning calculation 2012-02-16 11:45:54 +02:00
Timo Teräs 0800d7e050 solver: record repository tag, and flags in solution
name state could get overwritten later, so we can't use that when
generating the changeset.
2012-02-16 10:57:52 +02:00
Timo Teräs 7399f1950f solver: remove an unneeded name state variable 2012-02-16 08:28:08 +02:00
Timo Teräs 7a4647d27b ver: handle pinned packages better 2012-02-15 14:28:29 +02:00
Timo Teräs 41fb3a4f9e solver, db: repository pinning improvements
* solver internally calculates now using tags; not repository masks
* installeddb now contains the tag name where the package came from
  -> we can now handle upgrades properly
* the pinning is still a preference, and not strictly enforced;
  versioned dependencies may overrule preference
2012-02-15 13:57:36 +02:00
Timo Teräs 29064d88f3 ver: by default show only upgradeable packages 2012-02-14 16:34:10 +02:00
Timo Teräs ab20d61832 audit: check dirent mode, uid and gid if requested 2012-02-14 16:31:40 +02:00
Timo Teräs 97bd260bfd db: record file uid/gid/mode in installed db 2012-02-14 15:51:26 +02:00
Timo Teräs 087c587e57 db: allow directory to have sticky bit, and suid/sgid bits set 2012-02-10 23:08:10 +02:00
Timo Teräs 9ac8d87102 db, fix: more secure way to choose effective directory permissions
And implement --directory-permissions for fix-applet to reset all
directory uid, gid and modes.
2012-02-10 16:40:01 +02:00
Timo Teräs f2e41a488e db: fix directory permissions recalculation 2012-02-10 15:58:35 +02:00
Timo Teräs 29ebf435d7 db: smarter handling of directory owner, group and mode 2012-02-10 15:21:41 +02:00
Timo Teräs dd923ed065 print: minimum screen width of 50 2012-02-10 15:20:57 +02:00
Timo Teräs 073df81973 blob: fix base64 decoding after previous optimizations 2012-02-10 14:19:53 +02:00
Timo Teräs fe9b4a3888 blob: optimize spn and cspn 2012-02-08 17:01:14 +02:00
Timo Teräs 3320fba50d db: increase hash sizes 2012-02-08 14:02:51 +02:00
Timo Teräs 4aa80564f9 blob: optimize digit and base64 decoding 2012-02-08 14:02:26 +02:00
Timo Teräs ac1a8ac712 apk-tools-2.2.5 2012-02-02 16:31:11 +02:00
Natanael Copa 7d88cdc9e4 db: do not abort on bad repositories
Only show a warning if we have a non-existing repository or bad
repository signature but don't abort.

This is not to break compat with behaviour in previous releases.
2012-02-01 17:04:06 +01:00
Natanael Copa ddd386157c db: fix bug with --repository
The 'r' variable is overwritten and no longer holds the repository
number.
2012-02-01 13:41:25 +01:00
Timo Teräs 02f9400f8a apk-tools-2.2.4 2012-02-01 09:46:54 +02:00
Timo Teräs 304dc4a692 pkg, db: fix signature checking for files without control part
Also clean up handling of signature failures for index files.
2012-01-31 15:49:04 +02:00
Timo Teräs 0f89565099 solver: fix regression from "calculate branch minimum penalty early"
Forgot to reset per-name penalty when it got locked by apply_decision.
This also fine tunes compare_package_preference() to always prefer
packages specified on command line speeding up calculation certain
complicated solutions.
2012-01-20 10:39:38 +02:00
Timo Teräs 00fd7b07f1 lua: fix compile error 2012-01-17 15:59:01 +02:00
Timo Teräs 27d6c85177 apk-tools-2.2.3 2012-01-17 15:11:19 +02:00
Timo Teräs b3df78ed03 solver, upgrade: properly detect missing repository tags
* upgrade needs explicit check so we don't try self-upgrade
   (which would print additional messages on screen)
 * add can fix problems, so check against the new world
 * merge the code in few places
2012-01-17 14:48:22 +02:00
Timo Teräs eaaba3ee89 upgrade: make -a reset versioned dependencies like it used to
regression from upgrade to the new solver system.
2012-01-17 14:31:29 +02:00
Timo Teräs 64b03ab603 solver: fix change ordering of removed pages in relation to installed 2012-01-17 14:18:10 +02:00
Timo Teräs 12183024fd solver: calculate branch minimum penalty early
Previously we would cache the penalty when evaluating the final
solution, and adding that until we backtrack to first topology
position changing that penalty. However, we can just keep track
of minimum penalty based on name state, and add it. This allows
us to bail out early on bad branches because we know in advance
how things will turn out.
2012-01-17 14:18:02 +02:00
Timo Teräs 60ee611620 db: print dependencies referring to missing tags instead of tags 2012-01-17 10:53:35 +02:00
Timo Teräs fc57b73101 db: fix loading of world after previous commits 2012-01-16 10:29:49 +02:00