It's common for a pre-install script to do something like
addgroup -S group 2>/dev/null
When apk installs files after this, it sets the owner/group based on id cache
but currently the id cache is stale and doesn't contain the new group at that
point: instead the file will be installed with gid that the build host
happened to have for that group -- on target this might mean a non-existing
group or a completely different group.
We can't know if the script really did modify id cache contents so make sure
to reset the id cache on every script execution.
Virtual packages have the origin pointer set to NULL. Trying to print it
using the BLOB_PRINTF macros causes a segmentation fault.
Inspired by the `print_origin_name` function from `src/search.c` this
commit attempts to fix it by checking whether `pkg->origin` is NULL
before attempting to print it. If it is NULL the pkg name is printed
instead.
Since printing the pkg name requires a different format string this
commit splits the printf call for printing the package line into
multiple ones. The output format shouldn't have changed at all though.
Run apk_solver_solve once with all args as dependencies instead of
running apk_solver_solve for each arg. This is neccesary so the
install_if calculation is done correctly.
During netboot on systems without RTC, time() will be near zero,
and the index fill not exist. Thus the plain test of st.st_mtime
against system time failed. Verify that fstatat() succeeds.
The list applet provides a convenient way of inspecting both the available
and installed package databases by listing their contents. In some ways,
it is similar to `apk search` but is considered to be a superset of
`apk search` functionality.
A few `apk list` criterion are not yet ready though, such as `apk list --depends`
which searches by runtime dependency (replacing `apk info --rdepends`).
This modifies apk cache for indexes to be automatically refreshed
periodically without explicit 'update' or '--update-cache' usage.
The default is to do if-modified-since request if the local copy
is older than 4 hours. This age can be changed with --cache-max-age.
Using --update-cache will change this age to 60 seconds to make
sure the cached copy is relatively new. The small age is in order
to try to avoid downloading indexes second time when apk-tools is
upgraded and apk re-execs after self-upgrade.
Accordingly using explicitly 'apk update' will now enforce
--force-refresh and request the very latest index by requesting
any potential http proxy to do refresh too.
This unloads --force as several of the things are really not wanted
together. E.g. --force-refresh is a lot different from --force-broken-world
and doing --force to get the other might introduce unwanted behaviour.
--force is still kept for backwards compatibility and it enables
most things --force was used for.
This flag skips running hook scripts
This flag *must* be used during initramfs tmpfs initial install.
The reason that this new flag is needed is that the hooks will currently
always fail as musl and /bin/sh is missing at this stage on diskless.
This change just changes to keep deleted directory items in
the hash with ref count zero and modified flag set. Those entries
are reused when needed. The side effect is that fire_triggers()
will now see those removed direcotries and reports them. Other
enumerators of the directories hash are protected to skip removed
directories when appropriate.
In discovery phase, there was logic to not process packages
multiple times. However, that logic failed to account the package's
depth and install_if state for the name being processed. This
caused install_if processing failure in certain topologies of the
dependency graph. Adds also a test case that should catch this
issue reliably.
By introducing a new package metadata field, `provider_priority`
(index letter `k`), we can specify default packages to satisfy a
virtual.
If a user wishes to select an alternative provider for the virtual,
a changeset swapping the default provider for the selected provider
will be generated by the dependency resolver.
this fixes package selection when a 'real' package exists, but would
need to be provided by another package with 'virtual provides'.
In current package database this can happen with postgresql which is
also provided by postgresql-bdr. Normally postgresql would be satisfied
by postgresql, but if any package depends on postgresql-bdr and there's
no versioned dependency on postgresql this will help apk figure out
that postgresql-bdr should be used.
APKs have been created with GNU tar so far, which uses the
GNU extensions for long names. In order to increase portability
support the standard header's 'prefix' portion in case
the GNU extensions are not present.
Depending how the directory entries are ordered, the cached dir
instance might not have been updated correctly. This has not been
a problem as the entries have been ordered, but is now triggered
on ppc.
The value from tar header is unsigned int; keep it casted to
unsigned int and size_t instead of (signed) int, otherwise
the comparisons fail to do their job properly. Additionally check
entry.size against SSIZE_MAX so the rounding up later on is
guaranteed to not overflow.
Fixes CVE-2017-9669 and CVE-2017-9671.
Reported-by: Ariel Zelivansky from Twistlock
- rework the progress bar a little bit, basically removing the [ and ] to give a more
modern aesthetic.
- if utf-8 locale is enabled, use unicode codepoint 0x2588 instead of # to give the
progress bar a nicer look.
- if APK_PROGRESS_CHAR environment variable is defined, use the character defined there
for the progress bar.
This is useful for requirements such as: python3=~3.6, which would match python3-3.6.[0-9].
This implementation should in theory be backwards compatible with the implementation in Adelie.
Fixes regression from commit 5ba27c90 which caused stdio
buffering issues now that output is split to stderr/stdout.
See also commit 51737872 for some of the history.
Fixes#7107
On some (probably buggy) terminals, printing up to the rightmost column
may end up with the terminal issueing a newline (probably due to putting
the cursor at the next char -> new line).
Some other progress bars avoid it by not reaching the rightmost column.
Shorten the bar width from term-width - 7 to -8 (the 7 are "xxx% []").
fixes#5616
The original intention was not use unnecessary space on tmpfs
e.g. if the cache directory is a mount point, but accidentally
left unmounted. But there are valid cases when packages are
intentionally wanted to be cached on tmpfs. If caching is not
desired, the user can just remove the cache directory.
This allows for instance integration of etckeeper
[TT: Reorganized code a bit, and modified to use single
directory commit_hooks.d with argument for script of stage.]
Currently apk only knows about powerpc and ppc64. I am adding support for ppc64le.
ppc64le is the based on the ABI v2, which defines the endianess as little,
while ppc64 is based on the first 64-bits ABI.
It is unreasonable to assume that all package writers would except
to reset umask themselves. It's done currently in most packages,
but we had first issue of this kind recently, so better just reset
umask.
Make it possible to individually override openssl, zlib and libfetch
cflags and linker flags. This makes it possible to build apk-tools
without having pkg-config installed.
it's only used to speed up things, and having it non-existant
is not a fatal error - all included things in index will be
passed in command line anyway
which will delete any .apk package on output directory that were
not downloaded by fetch
this allows apk fetch to incrementally build repositories for
binary images
- self-conflicts when the exact same version of a name is provided
twice is now properly detected and diagnozed
- don't print redundant satisfies diagnostic
Implement --no-cache. The index is read directly from network and not
cached. This is useful for docker, where you install a set of packages
and directly after purge the cache. (see
1fc9e59d16/builder/scripts/apk-install)
fixes#4905
preserve [am]time for all packages and indexes. this fixes the caching
error that 'apk update' is after new index is generated, but before
the used mirror is synchronized. this caused local apkindex timestamp
to be newer than file in mirror, when in fact it was outdated index.
this also fixes fetched files to have build timestamp so that files
going to .iso or custom images have proper timestamps (rsync with
appropriate --modify-window now works)
the problem is that var/lock is on root installs symlink to /run/lock
(on tmpfs) and does not exist if doing chroot() to that root. fixes
apk to work when chrooted to existing rootfs install.
resolve reverse dependencies after all packages have been loaded,
and avoid traversing the reverse name lists. now that we use
automatic virtual packages (soname, pkg-config, etc.) the reverse
dependency chains can become considerable longer than what it was
when the rdependency construction code was originally written.
In practice this should fix to e.g. not wipe out /etc/apk/world if
final flush to /etc/apk/world.new fails.
This was prompted by an incident the other day where I ran the root
partition of an Alpine box out of space using 'apk add', and apk
helpfully wiped the contents of /etc/apk/world at the same time.
It might be tricky to try to reproduce exactly the same failure,
but from an examination of the code, setting 'rc' before the final
call to fdo_flush rather than after is one possible cause of this
behavior. (If the entire contents of /etc/apk/world.new are buffered,
and all get written out in the final fdo_flush call, and that call
fails, fdo_close will still happily rename /etc/apk/world.new to
/etc/apk/world.)
the security implications are not as high as compared to regular
tar/unzip archiver. this is because you are anyway trusting
the package to install files anywhere in the filesystem.
this serves rather as a sanity to check against errors in created
package.
fetch_maperror() translates error codes returned by libfetch to our error
codes. Handle those in apk_error_str(), returning error messages which
advise the user of the most likely fix.
A custom error code, EAPKSTALEINDEX, has been added for cases where
retrieving a package fails due to a HTTP error 404 or similar.
[TimoT: add also EAPKBADURL, as well as organize a bit better where the
EAPKSTALEINDEX is generated]
According to the C standards, uint32_t is defined in stdint.h.
Presumably apk is usually built against C libraries where
stdint.h is indirectly included through another header file,
but this isn't the case with the version of glibc which I am using.
user xattrs on tmpfs are not supported no non-grsec kernels,
and many times root fs is mounted without user_xattr. Thus
to allow things to go smoothly on non-grsec kernels xattr
unsupported errors are now hidden.
xattrs can be fixed still now with "apk fix --xattrs"
on arm char is by default unsigned, so this caused crashes
as the ERR_PTR mechanism did not work as expected with unsigned
types. extend the array type to be signed short explicitly.
Package pinning was first implemented with 'p' tag. However, it
was before any release renamed to 's', and 'p' was reserved for
package provides support for which is used now.
this makes 'lbu diff' and aaudit diffs nice when a world
dependency is added or removed. sorting also makes the ordering
more deterministic as the world targets constraints are always
applied in the same order. test suite updated accordingly.
when removing large sets of packets, the ordering of removal
was not quaranteed to honor dependencies. this fixes the removal
order to be in reverse dependency order as far as possible.
there are only few combinations for that triplet, and they
occur multiple times reducing the struct sizes a bit. make
sane defaults and prepare to not write defaults to disk
to reduce on-disk installed db size.
Apk used to reset directory permissions always, but this is undesirable
if user has modified the permissions - especially during tmpfs boot.
Though, it is desirable to update the permissions when packaging has
changed permissions, or a new package is installed and the merged
permission mask / owner changes.
Thus the new code updates the permissions only if:
1) We are booting and directory is not in apkovl
2) The directory is modified by a package install/remove/upgrade
3) The filesystem directory permission matched database
Additionally "apk fix --directory-permissions" can be used to reset
all directory permissions to the database defaults.
Fixes#2966
This makes sure any conflicted packages will be removed first.
Useful if we know there are conflicting files, and want to avoid
adding potentially harmful replaces line. Add a test case for
this too.
Allows one arch index files to refer to other arch packages. Mostly
useful with noarch packages, but could be used e.g. to ship build
with some of packages optimized for specific cpu generation and
share most packages with the standard build.
the dynamic applet registration never worked with PIE, and as
a temporary hack -nopie was added to default link flags in 2008.
this commit reworks the applet registration mechanism to something
that is compatible with PIE, and removes the hack. finally!
basically this makes packager's life simpler as there is no need
to list the subpkg names in replaces. this was also very error
prone and tedious job to do properly.
noticeable fixes upgrading of packages which get pulled in only
by install_if rule. this also simplifies the inheritance calculation
for packages, as well as the place where it is done for install_if
triggered packages.
'available' really means 'available in one or more configured
repository'. Cache is not a repository we track, so those are
only available for installation, but not available as preferred
to be installed from repository. fixes#2831.
This implements a new protected path flag '!' to include always
matching entries in the backup mode (overlay). This is also turned
on for etc/apk to include everything there in overlay, because
the full list of repositories and signing keys need to be in
overlay - just getting them from a package is not enough during
bootstrap.
We should not disqualify non-selectable packages as it would mark it as
dirty, forcing it to reconsider the name again, which could end up in
an endless loop.
fixes#2135
- do not link with -llua. We should not link apk or lua module with it.
- default to lua 5.2
- allow override the lua version with LUA_VERSION
- allow override the lua pkg-config package with LUA_PC
- only add the pkg-config lua --cflags to the lua module
Wildcard matching with no names should match all packages only for
info and search applet. "apk del" would otherwise try to delete
everything, etc.
Fix also interactive mode to ask questions only if we are actually
changing something.
If name N is required, and all providers of A also provide B, it
means that only instances of B can be selected that provide N. This
is strong help with cases when so:libfoo.so.1 is updated to
so:libfoo.so.2 and not everything is recompiled.
- let the apk_print functions deal with the forced print itself. We
avoid that the callbacks need to deal with the force flag. We can
also get rid of the APK_PRINT_PROGRESS_* defines.
- let the reader of --progress-fd decide how often things are updated
rather than having a fixed granularity off 1/100 (percent)
- avoid detect screen size and percent/bar calculations in case the
--no-progress was given
- track satistics for both the ascii bar and percent info and update bar
only if either percent or bar changes. This makes the bar go smoother
when width is wider than 100 chars and it makes the percent counter
go smooth when screen width is less thann 100 chars. It also
simplifies the callbacks as they no longer need to deal with update
granularity.
Select latest version of package (if it is not pinned), and print
error if it cannot be installed due to other dependencies.
Together with --available, it selects the latest package which is
present at least in some repository.
This also fixes few solver issues with ordering of package selection
that got quite apparent with this flag. Namely, we cannot "lock"
a package until it's reverse dependencies are locked or not all of
the solver flags are propagated properly.
the pinning11 changed when @repo got the leading @ on error messages.
analyze_dep() now properly ignores conflict dependencies, as those
names are usually intentionally left unassigned.
So same package it is possible to not match same package multiple
times. Use generation count, so this is handled cleanly during
recursion, like in the use case of search applet.
Instead of the dependency oriented logic, switch to print them
for each package or name needed. Might give a bit more readable
errors now. There's still few corner cases that proper error is
not output, which are cought by the test cases.
- try harder to not change anything during self-upgrade
- also honor locking to packages that where earlier used in
merging common dependencies
- clarify upgrade applet help messages
fixes#1476
Instead of:
ERROR: Index generation failed: Success
The following is now printed:
ERROR: Metadata for package timo-1.0-r0 is too long.
ERROR: Index generation failed: No buffer space available
make cache a special kind of repository, and automatically cache
special packages (virtual packages, or ones installed from command
line). add test cases for handling virtual packages. fixes#1617.
It is incorrect optimization causing valid solutions to be skipped.
Any performance it might've gained, should be fixed by reintroduction
of the minimum penalty logic added in previous commit.
Enabled when all attempts to satisfy a name failed, we know that we
can ignore all decisions until we find a decision affecting the name
we wanted to satisfy.
We can't just use the primary name, as that would mess up
backtracking. We need to record the name which caused the name
to get considered - that way the right last_touched_decision is
used on backtracking.
* push_decision expects to always get the package primary 'name'
as apk_name. ASSERT that and fix problem cases.
(though - this might need to be reverted, and store the non
primary name in apk_decision instead to accomodate for better
backtracking optimizations)
* fix error reporting of virtual package names
* make 'assign_name' errors soft. the incorrect packages just are
no longer consider instead of aborting whole calculation.
* fix backtracking of virtual packages that are not depended
directly
fchmodat does not support this flag - symlinks do not have permissions.
Sysadmin probably does not expect us to not follow symlinks either:
if /var -> /mnt/foo/var, we should be making sure the permissions
and ownership is correct on the target directory, not on the symlink.
Since fchmodat never returned ENOENT with AT_SYMLINK_NOFOLLOW, this
also fixes directory re-creation if it does not exist. fixes#1348.
If a directory has protection mask, but does not exist in db, we
do not handle it right unless we calculate the protection mask by
hand, or create temporary db dir entry for it. For simplicity create
always the db dir entry -- depending on audit type we likely need
to create it anyway. This commit also caches the db dir entry in the
audit tree context to avoid duplicate lookups. ref #1241.
Do not print version numbers or compare result char when in quiet
mode. This makes the output suitable for be used in scripts or pipes.
For example:
# Upgrade all packages that matches a given regexp
apk version --limit '<' --quiet | grep $regexp | apk fix --reinstall
# Delete all packages that are removed from repository
apk version --limit '?' --quiet | xargs apk del
apk_name_state is now quite small; and we avoid overhead of two
pointers (+ malloc overhead) when we just make it part of apk_name.
It also fixes some problems (that got introduced) where apk_name_state
was not allocated.
Solver will now never report partial solution where a conflict
constraint is not satisfied. The is because with --force we might
install the partial solution; and if conflicted packages were to
be installed we might have extra trouble.
Required for provides support as package might be pulled in via
non-primary package name. This allows relatively easily to pass
through inherited flags via the provided names. ref #574.
Reasoning:
- it is less useful now that we do not do common dependency merging
- provides support would make the required logic overly complicated
- callgrind reports that depending on the case it can improve or
decrease performance (the overhead pays off only in some cases);
the difference is not large either way
Otherwise we might start to change packages unexpectedly when not
upgrading. This also fixes some other things the solver might've
decided to do.
Add also few test cases to detect bad behaviour.
Timo Teräs