Package pinning was first implemented with 'p' tag. However, it
was before any release renamed to 's', and 'p' was reserved for
package provides support for which is used now.
there are only few combinations for that triplet, and they
occur multiple times reducing the struct sizes a bit. make
sane defaults and prepare to not write defaults to disk
to reduce on-disk installed db size.
Apk used to reset directory permissions always, but this is undesirable
if user has modified the permissions - especially during tmpfs boot.
Though, it is desirable to update the permissions when packaging has
changed permissions, or a new package is installed and the merged
permission mask / owner changes.
Thus the new code updates the permissions only if:
1) We are booting and directory is not in apkovl
2) The directory is modified by a package install/remove/upgrade
3) The filesystem directory permission matched database
Additionally "apk fix --directory-permissions" can be used to reset
all directory permissions to the database defaults.
Fixes#2966
Allows one arch index files to refer to other arch packages. Mostly
useful with noarch packages, but could be used e.g. to ship build
with some of packages optimized for specific cpu generation and
share most packages with the standard build.
basically this makes packager's life simpler as there is no need
to list the subpkg names in replaces. this was also very error
prone and tedious job to do properly.
This implements a new protected path flag '!' to include always
matching entries in the backup mode (overlay). This is also turned
on for etc/apk to include everything there in overlay, because
the full list of repositories and signing keys need to be in
overlay - just getting them from a package is not enough during
bootstrap.
Wildcard matching with no names should match all packages only for
info and search applet. "apk del" would otherwise try to delete
everything, etc.
Fix also interactive mode to ask questions only if we are actually
changing something.
fixes#1476
Instead of:
ERROR: Index generation failed: Success
The following is now printed:
ERROR: Metadata for package timo-1.0-r0 is too long.
ERROR: Index generation failed: No buffer space available
make cache a special kind of repository, and automatically cache
special packages (virtual packages, or ones installed from command
line). add test cases for handling virtual packages. fixes#1617.
fchmodat does not support this flag - symlinks do not have permissions.
Sysadmin probably does not expect us to not follow symlinks either:
if /var -> /mnt/foo/var, we should be making sure the permissions
and ownership is correct on the target directory, not on the symlink.
Since fchmodat never returned ENOENT with AT_SYMLINK_NOFOLLOW, this
also fixes directory re-creation if it does not exist. fixes#1348.
If a directory has protection mask, but does not exist in db, we
do not handle it right unless we calculate the protection mask by
hand, or create temporary db dir entry for it. For simplicity create
always the db dir entry -- depending on audit type we likely need
to create it anyway. This commit also caches the db dir entry in the
audit tree context to avoid duplicate lookups. ref #1241.
fixes#607.
audit is now mostly rewritten for the new functionality. And
has new features like --check-permissions, --recursive and
--packages.
$ROOT/etc/apk/protected_files.d/*.list can now contain additional
protected paths, one path per line:
+etc
@etc/init.d
-tmp
+ will include the directory as protected configuration directory.
@ considers the directory protected, but will backup only symlinks.
- removes any protection
lbu should be modified to put include and exclude paths in
etc/apk/protected_files.d/lbu.list. Additionally, some packages
might provide their own listings.
E.g. ssh might want to provide ssh.list with something like:
+root/.ssh
+home/*/.ssh
It is faster to just scan the cache directory for existing packages
at startup than trying to faccessat() them on demand. It also makes
quite a few parts of the code more readable and simpler.
* solver internally calculates now using tags; not repository masks
* installeddb now contains the tag name where the package came from
-> we can now handle upgrades properly
* the pinning is still a preference, and not strictly enforced;
versioned dependencies may overrule preference
Only show a warning if we have a non-existing repository or bad
repository signature but don't abort.
This is not to break compat with behaviour in previous releases.
* upgrade needs explicit check so we don't try self-upgrade
(which would print additional messages on screen)
* add can fix problems, so check against the new world
* merge the code in few places
Improves /etc/apk/repositories format so you can say:
http://nl.alpinelinux.org/alpine/v2.3/main
@edge http://nl.alpinelinux.org/alpine/edge/main
@testing http://nl.alpinelinux.org/alpine/edge/testing
After which you can pin dependencies to these tags using:
apk add stableapp newapp@edge bleedingapp@testing
Apk will now by default only use the untagged repositories,
but adding a tag to specific dependency:
1. will prefer that tag for the name
2. allowing pulling in dependencies from that tag (though,
it prefers untagged packages to satisfy deps if possible)
fixes#575
If two packages replace each other, the one with highes priority
will keep the file. Additionally, if we have a package overriding
another's file it's remembered and handled properly. This is
essentially to allow "policy packages" which just overwrite certain
(configuration) files from other package(s).
"replaces" is now turned to a full dependency type list, so you can
make package overwrite files only certain versions of the package
(though, we should probably take this into account already at solution
calculation phase).
Also make 'info --replaces' print the "replaces" of the package.
This is in preparation for the policy package support, which still
requires "replacement priority" field to decide which packages' files
get the preference.
Make indexer keep noise about errors that prevent index generation.
Detect certain errors in the APKs better. And also have the applet
return error in these scenarios.
move all files therein to other places. this allows /var to be
mounted from harddisk, but rest of system be run from ramdisk.
this also removes support for historical version of the scripts
database which was obsoleted in 2.0_pre16 (in July 2009).
Timo Teräs