emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,004 Commits 1 Branch 0 Tags 11 MiB
c992049eb5
Commit Graph

164 Commits

Author SHA1 Message Date
Juan RP
eaccf4813d Merge pull request #246 from ebfe/signed_pkgver 
lib/package_unpack.c: verify signed pkgver matches
 2017-10-25 09:17:55 +02:00
Michael Gehring
4aae026615 lib/package_unpack.c: verify signed pkgver matches 
$ARCH-repodata is currently not protected by a signature. While most of
the package metadata is also embedded into the .xbps files, which are
protected by a signature, xbps-install ignores it
(1670ff000d/lib/package_unpack.c (L123))
and relies entirely on $ARCH-repodata.

This enables anyone who is able to modify the $ARCH-repodata to
substitute packages. This patch adds a check that verifies the signed
pkgver matches the one in the repodata, so at least downgrades posing as
updates are detected.

This is an incomplete fix as the whole transaction is still set up with
the unsigned repodata and other issues surely exist. The real fix is
signing $ARCH-repodata.
 2017-07-09 12:46:01 +00:00
Duncaen
332fbc195a lib/package_unpack.c: set a sane umask for pkg files plists 2017-02-27 18:24:51 +01:00
Duncaen
cf43597e74 lib/package_unpack.c: add memleak notice 2016-09-25 21:47:58 +02:00
Juan RP
42994ada07 Fix xbps_dbg_printf arguments by using __attribute__((format, printf)). 
Patch provided by Michael Ghering in #148.

Close #148
 2016-02-06 09:13:38 +01:00
Juan RP
faeff38ca2 Alternatives framework (1/2) (WIP). 2015-10-18 10:38:35 +02:00
Juan RP
78f9a97980 lib/package_unpack: ignore remove(2) return value (CID #98681). 2015-07-26 08:22:27 +02:00
Juan RP
c464874c1e unpack: make sure the xucd callbacks don't get a dangling pointer. 
If the current entry filename has been changed, the pointer must be updated
to point to the updated string.
 2015-05-28 10:39:39 +02:00
Juan RP
976718417b libxbps: remove "skip-obsoletes" handling; unnecessary with the mtime checks. 2015-02-26 19:51:03 +01:00
Juan RP
cbe493858c libxbps: apply file timestamps to unmodified files on-disk while unpacking. 2015-02-25 11:10:18 +01:00
Juan RP
b133b9023c lib/package_unpack.c: wrap some long lines and fix an obvious error. 2015-02-24 09:34:39 +01:00
Juan RP
571d96fa92 libxbps: make sure to remove pkg metadata file on upgrades with skip-obsoletes. 
This fixes the following case:

 - A-1.0_1 is installed and owns bin/foo.
 - A-1.1_1 is in the transaction and depends on B-1.0_1 that owns bin/foo.
 - B-1.0_1 is in the transaction and replaces A<1.1_1.
 - A-1.1_1 in the transaction now has "skip-obsoletes".
 - A is updated to 1.1_1, its metadata file (<pkgname>-files.plist) wasn't removed.

Added two new test cases to verify moving files from/to a dependency.
 2015-01-27 17:53:37 +01:00
Juan RP
d11230a29d libxbps: abort pkg unpacking as soon as a file cannot be written. 
Close #74
 2015-01-18 10:22:05 +01:00
Juan RP
91b7b2fd5a Use a sane umask(2) before unpacking package files. 
See https://github.com/voidlinux/void-packages/issues/835
for more information.
 2015-01-11 11:01:09 +01:00
Juan RP
e75beec76f unpack: get rid of code that checks for modified symlinks. 
Unpacking those symlinks is so cheap that there's no point in wasting
resources just to check if those have been modified, just unpack them
unconditionally.
 2014-10-25 06:52:12 +02:00
Juan RP
654c77df25 Switch back to uncompressed plists. 
There's no point in slowing down read performance just to save a few bytes.
 2014-10-24 10:15:41 +02:00
Juan RP
e35d0c202c unpack: simplify pkg metadata extraction. 
There's no need to internalize props.plist because there are no changes
compared to the pkg dictionary stored in the repo index, simply ignore it.
The code only cares for the files.plist to check for obsolete files.
 2014-10-21 09:25:15 +02:00
Juan RP
b1eb62a2df lib/package_unpack.c: switch pkg meta files to zplist too. 2014-10-17 10:23:12 +02:00
Juan RP
89b8c61c47 lib/package_unpack.c: remove unused var (CID 62731) 2014-10-05 11:57:20 +02:00
Juan RP
dd851f18a2 lib/package_unpack.c: zero out struct (CID 62755) 2014-10-05 07:12:30 +02:00
Juan RP
2fe35a5bf3 lib/package_unpack.c: do not initialize xucd at all, unnecessary. 
Initializing with {0} wasn't understood with gcc-4.6.x on travis-ci,
so just remove it.
 2014-10-04 21:59:47 +02:00
Juan RP
ac2c517bd7 Fixed install/update tests on pkgs with no files. 2014-09-14 18:04:10 +02:00
Juan RP
ed6b3c00f5 xbps_entry_install_conf_file: fix non debug build. 2014-09-11 11:56:23 +02:00
Juan RP
01dbb968dd Welcome pkgdb-0.38. 2014-09-11 00:12:12 +02:00
Juan RP
f8d8f91a08 Implement support to "preserve" existent on-disk files. 
See NEWS for more information. Fix #51
 2014-08-01 15:09:51 +02:00
Juan RP
04c7647492 lib/package_unpack.c: fix a typo that made modified files to not be unpacked. 2014-07-30 18:50:43 +02:00
Juan RP
cc6f9901f1 Fix #50 (Existent files on disk might be overwritten by packages with conf_files). 2014-07-30 16:18:57 +02:00
Juan RP
b63cc62e3d lib/package_unpack.c: add some comments. 2014-07-02 11:30:41 +02:00
Juan RP
18e0524287 libxbps: optimize rootdir access/creation by checking/creating it only once. 2014-05-27 10:02:01 +02:00
Juan RP
8c47021ec3 Fix #31 and add new test case to reproduce it. 2014-02-25 22:55:39 +01:00
Juan RP
5eea259c13 Remove the config.h kludge and override vasprintf detection via HAVE_VASPRINTF. 2014-01-20 18:50:33 +01:00
Juan RP
16fc064aef Remove obsolete files also on package reinstalls (and downgrades). 2014-01-15 21:52:35 +01:00
Juan RP
6943eedd26 Partial revert of 36adf15 (lib code is not yet ready). 2014-01-15 21:03:53 +01:00
Juan RP
36adf15c6b tests: new test to verify obsolete files code works in updates and reinstalls. 2014-01-15 20:59:49 +01:00
Juan RP
92a73a9a54 lib/package_unpack.c: remove redundant assertions. 2013-12-25 09:00:51 +01:00
Juan RP
0cf9047bd2 unpack: use files.plist from binpkg when checking for configuration files. 2013-12-25 08:40:45 +01:00
Juan RP
73509b3556 lib/package_unpack.c: remove dead code (softreplace). 2013-12-25 08:35:55 +01:00
Juan RP
3c0edd40c8 lib/package_unpack.c: only create rootdir if it doesn't exist once. 2013-12-21 12:03:38 +01:00
Juan RP
79bf795e1a lib/package_unpack.c: make clang stfu due to -Wmissing-field-initializers. 2013-11-19 10:39:46 +01:00
Juan RP
8d7c899d48 lib/package_unpack.c: initiliaze struct rather than memset. 2013-11-18 18:23:31 +01:00
Juan RP
44533f9f57 lib/package_unpack.c: compute unpack cb stats only once. 2013-11-15 10:36:31 +01:00
Juan RP
6d9bb47fba unpack: make sure to remove only on-disk files if file type does not match. 
Added another ATF test-case to make sure it works properly.
 2013-11-09 08:59:02 +01:00
Juan RP
8f36f8e638 Make sure that configuration files are properly kept or unpacked. 
Added two new test cases to verify it works as advertised.
 2013-11-06 10:45:33 +01:00
Juan RP
c1fafcd339 Fix #20 and added an ATF test-case. 2013-11-05 09:56:36 +01:00
Juan RP
747f250202 unpack: apply correctly file permissions to existent files. 
Will be backported to the 0.26.x branch.
 2013-10-30 12:02:16 +01:00
Juan RP
4057e4961c Use C99 for loop initializers. 
That means that a C99 compiler is now mandatory.
 2013-09-15 10:06:49 +02:00
Juan RP
571d8748b4 lib/package_unpack.c: fix a double free. 2013-08-30 15:34:29 +02:00
Juan RP
24ff0472dd Use fs blksize from stat(2)ed file when reading archives. 2013-08-29 14:30:14 +02:00
Juan RP
20fb38142b lib/package_unpack.c: fixed two memleaks. 2013-08-29 12:06:04 +02:00
Juan RP
52fc384e4e Fixed some issues/warnings found by clang-analyzer. 2013-06-20 11:25:43 +02:00