Fixes 37fbafcd by adding more input to the hash than just second
grained time stamp - collisions would happen when running apk
scripted.
For virtual package the hash works only as unique identifier, so
try to add elements that should make it unique in most cases.
Fixes#10648
Add also some testing to make sure help, long help and handling
of invalid arguments works as expected.
Based on pull request #19 originally by Laurent Arnoud (@spk).
The return -1 seems to have been left over from earlier code, and
could have been treated as -EPERM. This helps to fix the other command
line handling that potentially require changing.
Notably this fixes occasional issues when doing upgrade with multiple
versions of same packages. Without this the upgrade flag is not always
propagated properly down the dependency chain.
Originally the virtual packages could have dependencies added to it.
However, commit b06e3b99 broke this behaviour to fix error reporting.
The root cause however was that the virtual depedency package was not
properly versioned.
This fixes to use current date/time as the package version, and
constructs the "faked" package hash from it. This effectively makes
"add -t virtpkg deps.." replace the dependencies which should be the
desired behaviour for "abuild deps".
'world' dependency to the generated virtual package is also now
versioned to make sure it get's upgraded.
BIT(1) corresponds with decimal 2, which is the first available repository.
Before this fix, `apk list -O` would list every package installed from the
first available repository, which is the 'system' repository on most Adélie
Linux computers.
After this fix, `apk list -O` correctly lists only the packages which are
no longer available.
merge_options() will write one more entry to the options table
which is the end-of-table indicator. Allocate memory for it too.
valgrind did not pick it up due to being in stack; changing alloca
to malloc would make valgrind notice the issue too.
Reported-by: Mobile Stream <info@mobile-stream.com>
A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.
Several hardening steps are implemented to avoid this:
- the temporary file is now always first unlinked (apk thus reserved
all filenames .apk.* to be it's working files)
- the temporary file is after that created with O_EXCL to avoid races
- the temporary file is no longer directly the archive entry name
and thus directly controlled by potentially untrusted data
- long file names and link target names are now rejected
- hard link targets are now more rigorously checked
- various additional checks added for the extraction process to
error out early in case of malformed (or old legacy) file
Reported-by: Max Justicz <max@justi.cz>
Most applets return whatever apk_solver_commit() returns. It is the
number of errors found (or negative for hard error). Sanitize the
error value to not give false success exit code in the unlikely case
of errors % 256 == 0.
Reported-by: Max Justicz <max@justi.cz>
It's common for a pre-install script to do something like
addgroup -S group 2>/dev/null
When apk installs files after this, it sets the owner/group based on id cache
but currently the id cache is stale and doesn't contain the new group at that
point: instead the file will be installed with gid that the build host
happened to have for that group -- on target this might mean a non-existing
group or a completely different group.
We can't know if the script really did modify id cache contents so make sure
to reset the id cache on every script execution.
Virtual packages have the origin pointer set to NULL. Trying to print it
using the BLOB_PRINTF macros causes a segmentation fault.
Inspired by the `print_origin_name` function from `src/search.c` this
commit attempts to fix it by checking whether `pkg->origin` is NULL
before attempting to print it. If it is NULL the pkg name is printed
instead.
Since printing the pkg name requires a different format string this
commit splits the printf call for printing the package line into
multiple ones. The output format shouldn't have changed at all though.
Run apk_solver_solve once with all args as dependencies instead of
running apk_solver_solve for each arg. This is neccesary so the
install_if calculation is done correctly.
During netboot on systems without RTC, time() will be near zero,
and the index fill not exist. Thus the plain test of st.st_mtime
against system time failed. Verify that fstatat() succeeds.
Jakub Jirutka