Commit Graph

171 Commits

Author SHA1 Message Date
Juan RP
d2208f91e0
Revert "Verify repodata signature"
This reverts commit a7830cf780.
2020-01-06 14:33:49 +01:00
Piotr Wójcik
a7830cf780 Verify repodata signature 2019-11-02 11:53:14 +01:00
q66
a72cbf3c23 lib/package_unpack.c: silence gcc false positive
On some systems, something like this happens:

package_unpack.c:375:11: error: 'buf' may be used uninitialized in this function

This is not actually a bug as logically `buf` is always initialized
in that place, but gcc doesn't like it anyway.
2019-06-21 08:59:46 +02:00
Duncaen
8a81f6ce86 lib/package_unpack.c: use transaction obsolete detection 2019-06-18 19:54:22 +02:00
Juan RP
7f75910054
libxbps: added support for multiple compression formats in repodata.
Also don't use obsolete libarchive interfaces.
2019-06-17 07:14:24 +02:00
Duncaen
ea2cb1d369 unpack: keep conf_files replaced with symlinks, unpack as .new-pkgver 2019-04-20 10:56:08 +02:00
Foxlet
4eaf45a767 Fix string formatting of 64-bit unsigned integers 2018-07-17 20:50:48 -04:00
Juan RP
eaccf4813d Merge pull request #246 from ebfe/signed_pkgver
lib/package_unpack.c: verify signed pkgver matches
2017-10-25 09:17:55 +02:00
Michael Gehring
4aae026615 lib/package_unpack.c: verify signed pkgver matches
$ARCH-repodata is currently not protected by a signature. While most of
the package metadata is also embedded into the .xbps files, which are
protected by a signature, xbps-install ignores it
(1670ff000d/lib/package_unpack.c (L123))
and relies entirely on $ARCH-repodata.

This enables anyone who is able to modify the $ARCH-repodata to
substitute packages. This patch adds a check that verifies the signed
pkgver matches the one in the repodata, so at least downgrades posing as
updates are detected.

This is an incomplete fix as the whole transaction is still set up with
the unsigned repodata and other issues surely exist. The real fix is
signing $ARCH-repodata.
2017-07-09 12:46:01 +00:00
Duncaen
332fbc195a lib/package_unpack.c: set a sane umask for pkg files plists 2017-02-27 18:24:51 +01:00
Duncaen
cf43597e74 lib/package_unpack.c: add memleak notice 2016-09-25 21:47:58 +02:00
Juan RP
42994ada07 Fix xbps_dbg_printf arguments by using __attribute__((format, printf)).
Patch provided by Michael Ghering in #148.

Close #148
2016-02-06 09:13:38 +01:00
Juan RP
faeff38ca2 Alternatives framework (1/2) (WIP). 2015-10-18 10:38:35 +02:00
Juan RP
78f9a97980 lib/package_unpack: ignore remove(2) return value (CID #98681). 2015-07-26 08:22:27 +02:00
Juan RP
c464874c1e unpack: make sure the xucd callbacks don't get a dangling pointer.
If the current entry filename has been changed, the pointer must be updated
to point to the updated string.
2015-05-28 10:39:39 +02:00
Juan RP
976718417b libxbps: remove "skip-obsoletes" handling; unnecessary with the mtime checks. 2015-02-26 19:51:03 +01:00
Juan RP
cbe493858c libxbps: apply file timestamps to unmodified files on-disk while unpacking. 2015-02-25 11:10:18 +01:00
Juan RP
b133b9023c lib/package_unpack.c: wrap some long lines and fix an obvious error. 2015-02-24 09:34:39 +01:00
Juan RP
571d96fa92 libxbps: make sure to remove pkg metadata file on upgrades with skip-obsoletes.
This fixes the following case:

 - A-1.0_1 is installed and owns bin/foo.
 - A-1.1_1 is in the transaction and depends on B-1.0_1 that owns bin/foo.
 - B-1.0_1 is in the transaction and replaces A<1.1_1.
 - A-1.1_1 in the transaction now has "skip-obsoletes".
 - A is updated to 1.1_1, its metadata file (<pkgname>-files.plist) wasn't removed.

Added two new test cases to verify moving files from/to a dependency.
2015-01-27 17:53:37 +01:00
Juan RP
d11230a29d libxbps: abort pkg unpacking as soon as a file cannot be written.
Close #74
2015-01-18 10:22:05 +01:00
Juan RP
91b7b2fd5a Use a sane umask(2) before unpacking package files.
See https://github.com/voidlinux/void-packages/issues/835
for more information.
2015-01-11 11:01:09 +01:00
Juan RP
e75beec76f unpack: get rid of code that checks for modified symlinks.
Unpacking those symlinks is so cheap that there's no point in wasting
resources just to check if those have been modified, just unpack them
unconditionally.
2014-10-25 06:52:12 +02:00
Juan RP
654c77df25 Switch back to uncompressed plists.
There's no point in slowing down read performance just to save a few bytes.
2014-10-24 10:15:41 +02:00
Juan RP
e35d0c202c unpack: simplify pkg metadata extraction.
There's no need to internalize props.plist because there are no changes
compared to the pkg dictionary stored in the repo index, simply ignore it.
The code only cares for the files.plist to check for obsolete files.
2014-10-21 09:25:15 +02:00
Juan RP
b1eb62a2df lib/package_unpack.c: switch pkg meta files to zplist too. 2014-10-17 10:23:12 +02:00
Juan RP
89b8c61c47 lib/package_unpack.c: remove unused var (CID 62731) 2014-10-05 11:57:20 +02:00
Juan RP
dd851f18a2 lib/package_unpack.c: zero out struct (CID 62755) 2014-10-05 07:12:30 +02:00
Juan RP
2fe35a5bf3 lib/package_unpack.c: do not initialize xucd at all, unnecessary.
Initializing with {0} wasn't understood with gcc-4.6.x on travis-ci,
so just remove it.
2014-10-04 21:59:47 +02:00
Juan RP
ac2c517bd7 Fixed install/update tests on pkgs with no files. 2014-09-14 18:04:10 +02:00
Juan RP
ed6b3c00f5 xbps_entry_install_conf_file: fix non debug build. 2014-09-11 11:56:23 +02:00
Juan RP
01dbb968dd Welcome pkgdb-0.38. 2014-09-11 00:12:12 +02:00
Juan RP
f8d8f91a08 Implement support to "preserve" existent on-disk files.
See NEWS for more information. Fix #51
2014-08-01 15:09:51 +02:00
Juan RP
04c7647492 lib/package_unpack.c: fix a typo that made modified files to not be unpacked. 2014-07-30 18:50:43 +02:00
Juan RP
cc6f9901f1 Fix #50 (Existent files on disk might be overwritten by packages with conf_files). 2014-07-30 16:18:57 +02:00
Juan RP
b63cc62e3d lib/package_unpack.c: add some comments. 2014-07-02 11:30:41 +02:00
Juan RP
18e0524287 libxbps: optimize rootdir access/creation by checking/creating it only once. 2014-05-27 10:02:01 +02:00
Juan RP
8c47021ec3 Fix #31 and add new test case to reproduce it. 2014-02-25 22:55:39 +01:00
Juan RP
5eea259c13 Remove the config.h kludge and override vasprintf detection via HAVE_VASPRINTF. 2014-01-20 18:50:33 +01:00
Juan RP
16fc064aef Remove obsolete files also on package reinstalls (and downgrades). 2014-01-15 21:52:35 +01:00
Juan RP
6943eedd26 Partial revert of 36adf15 (lib code is not yet ready). 2014-01-15 21:03:53 +01:00
Juan RP
36adf15c6b tests: new test to verify obsolete files code works in updates and reinstalls. 2014-01-15 20:59:49 +01:00
Juan RP
92a73a9a54 lib/package_unpack.c: remove redundant assertions. 2013-12-25 09:00:51 +01:00
Juan RP
0cf9047bd2 unpack: use files.plist from binpkg when checking for configuration files. 2013-12-25 08:40:45 +01:00
Juan RP
73509b3556 lib/package_unpack.c: remove dead code (softreplace). 2013-12-25 08:35:55 +01:00
Juan RP
3c0edd40c8 lib/package_unpack.c: only create rootdir if it doesn't exist once. 2013-12-21 12:03:38 +01:00
Juan RP
79bf795e1a lib/package_unpack.c: make clang stfu due to -Wmissing-field-initializers. 2013-11-19 10:39:46 +01:00
Juan RP
8d7c899d48 lib/package_unpack.c: initiliaze struct rather than memset. 2013-11-18 18:23:31 +01:00
Juan RP
44533f9f57 lib/package_unpack.c: compute unpack cb stats only once. 2013-11-15 10:36:31 +01:00
Juan RP
6d9bb47fba unpack: make sure to remove only on-disk files if file type does not match.
Added another ATF test-case to make sure it works properly.
2013-11-09 08:59:02 +01:00
Juan RP
8f36f8e638 Make sure that configuration files are properly kept or unpacked.
Added two new test cases to verify it works as advertised.
2013-11-06 10:45:33 +01:00