If apk is run as a non-root user, it's not possible to chown files.
Maintainers note: minor wording changes on commit log and man page.
Signed-off-by: Fredrik Gustafsson <fredrigu@axis.com>
This modifies apk cache for indexes to be automatically refreshed
periodically without explicit 'update' or '--update-cache' usage.
The default is to do if-modified-since request if the local copy
is older than 4 hours. This age can be changed with --cache-max-age.
Using --update-cache will change this age to 60 seconds to make
sure the cached copy is relatively new. The small age is in order
to try to avoid downloading indexes second time when apk-tools is
upgraded and apk re-execs after self-upgrade.
Accordingly using explicitly 'apk update' will now enforce
--force-refresh and request the very latest index by requesting
any potential http proxy to do refresh too.
This allows for instance integration of etckeeper
[TT: Reorganized code a bit, and modified to use single
directory commit_hooks.d with argument for script of stage.]
resolve reverse dependencies after all packages have been loaded,
and avoid traversing the reverse name lists. now that we use
automatic virtual packages (soname, pkg-config, etc.) the reverse
dependency chains can become considerable longer than what it was
when the rdependency construction code was originally written.
there are only few combinations for that triplet, and they
occur multiple times reducing the struct sizes a bit. make
sane defaults and prepare to not write defaults to disk
to reduce on-disk installed db size.
Apk used to reset directory permissions always, but this is undesirable
if user has modified the permissions - especially during tmpfs boot.
Though, it is desirable to update the permissions when packaging has
changed permissions, or a new package is installed and the merged
permission mask / owner changes.
Thus the new code updates the permissions only if:
1) We are booting and directory is not in apkovl
2) The directory is modified by a package install/remove/upgrade
3) The filesystem directory permission matched database
Additionally "apk fix --directory-permissions" can be used to reset
all directory permissions to the database defaults.
Fixes#2966
This implements a new protected path flag '!' to include always
matching entries in the backup mode (overlay). This is also turned
on for etc/apk to include everything there in overlay, because
the full list of repositories and signing keys need to be in
overlay - just getting them from a package is not enough during
bootstrap.
make cache a special kind of repository, and automatically cache
special packages (virtual packages, or ones installed from command
line). add test cases for handling virtual packages. fixes#1617.
If a directory has protection mask, but does not exist in db, we
do not handle it right unless we calculate the protection mask by
hand, or create temporary db dir entry for it. For simplicity create
always the db dir entry -- depending on audit type we likely need
to create it anyway. This commit also caches the db dir entry in the
audit tree context to avoid duplicate lookups. ref #1241.
apk_name_state is now quite small; and we avoid overhead of two
pointers (+ malloc overhead) when we just make it part of apk_name.
It also fixes some problems (that got introduced) where apk_name_state
was not allocated.
fixes#607.
audit is now mostly rewritten for the new functionality. And
has new features like --check-permissions, --recursive and
--packages.
$ROOT/etc/apk/protected_files.d/*.list can now contain additional
protected paths, one path per line:
+etc
@etc/init.d
-tmp
+ will include the directory as protected configuration directory.
@ considers the directory protected, but will backup only symlinks.
- removes any protection
lbu should be modified to put include and exclude paths in
etc/apk/protected_files.d/lbu.list. Additionally, some packages
might provide their own listings.
E.g. ssh might want to provide ssh.list with something like:
+root/.ssh
+home/*/.ssh
It is faster to just scan the cache directory for existing packages
at startup than trying to faccessat() them on demand. It also makes
quite a few parts of the code more readable and simpler.
* solver internally calculates now using tags; not repository masks
* installeddb now contains the tag name where the package came from
-> we can now handle upgrades properly
* the pinning is still a preference, and not strictly enforced;
versioned dependencies may overrule preference
* upgrade needs explicit check so we don't try self-upgrade
(which would print additional messages on screen)
* add can fix problems, so check against the new world
* merge the code in few places
Improves /etc/apk/repositories format so you can say:
http://nl.alpinelinux.org/alpine/v2.3/main
@edge http://nl.alpinelinux.org/alpine/edge/main
@testing http://nl.alpinelinux.org/alpine/edge/testing
After which you can pin dependencies to these tags using:
apk add stableapp newapp@edge bleedingapp@testing
Apk will now by default only use the untagged repositories,
but adding a tag to specific dependency:
1. will prefer that tag for the name
2. allowing pulling in dependencies from that tag (though,
it prefers untagged packages to satisfy deps if possible)
fixes#575