Age | Commit message (Collapse) | Author |
|
opkg_conf_load() currently loads the configuration from a file and then
proceeds to finalize the config structure by filling in default values
or building the final config values based on other config parameters
(e.g. the offline root).
To enable overwriting of config options from the command line the
finalization phase is split out so it can be called only after the
command line arguments have been processed for the second time.
To retain API compatibility, opkg_conf_load() continues to read and
finalize the config. If the staged approach is desired opkg_conf_read()
followed by a opkg_conf_finalize() shall be used.
Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
|
|
Create a dir-hash to track the number of packages installing the
same directory or a symlink to a directory. This directory or
symlink is deleted only when there is no other package using it.
This is in line with how dpkg deletes directories.
Fixes Bugzilla #10461.
Signed-off-by: Shruthi Ravichandran <shruthi.ravichandran@ni.com>
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
|
|
The OpenSSL libraries are used by libopkg directly, as an optional
method of verifying package feed signatures against a locally stored CA
certificate. They are enabled only when the --enable-openssl argument is
passed to AutoConf.
Assert that --enable-openssl is not widely used by opkg integrators and
that GPG feed signing (--enable-gpg) is preferred in all cases.
Remove:
* OpenSSL signature verification
* the --enable-openssl AutoConf option
* the `signature_ca_file` opkg conf setting
* the `signature_ca_path` opkg conf setting
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
|
|
pathfinder-pki is an option extension to OpenSSL which facilitates
path-validation of x509 certificates. It is linked into libopkg when
--enable-pathfinder is asserted at configure-time.
Assert that pathfinder is not frequently used by opkg integrators and
the library itself is obsolescent. (The project name is also obnoxiously
common when trying to google.)
Remove:
* all references to pathfinder-pki
* the --enable-pathfinder AutoConf option
* the `check_x509_path` opkg conf setting
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
|
|
- Remove unused force_defaults option
- Remove test alias option
- Add missing options to opkg.conf man page
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
The current opkg_conf implementation acquires an exclusive lock in the
`/var/run/` directory, when it is initialized. As a result, all opkg
operations must be run as a user which has write access to that lock
directory - which should always be uid 0.
Instead, move the lock context to the opkg_cmd execution function and
add an attribute to the opkg_cmd_t which expresses whether or not the
command requires privileged execution. For all operations which do not
modify the system state, lock capture is eschewed.
When a non-root user tries to execute a privileged command, they will
receive an EPERM.
Fixes bugzilla #9348
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
Signed-off-by: Yann CARDAILLAC <yann.cardaillac@smile.fr>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
Add option to ignore specific recommended packages. On the libsolv
backed, this feature will only work on libsolv version > 0.7.2 [1].
[1] https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openSUSE_libsolv_issues_254&d=DwIBaQ&c=I_0YwoKy7z5LMTVdyO6YCiE2uzI1jjZZuIPelcSjixA&r=wNcrL2akRn6jfxhHaKavUrJB_C9JAMXtynjLd8ZzgXQ&m=GObNHzFJpWpf_PripIrf-K2RhsktYdAUEieAJexXOKw&s=3G-meChUqClFggFPqsrAxIZBfLnRKIHm62Uuy1X6nQQ&e=
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
gpgme/gpg generates many files during runtime inside it's homedir.
Many are undocumented implementation details that may change
version-to-version, and thus difficult to manage by opkg.
Dual-purposing opkg's config dir this way makes it impossible to sanely
implement `opkg-key reset` and adds otherwise unnecessary noise around
opkg's configuration files.
This change moves gpg's homedir to /etc/opkg/gpg/, a subdirectory of
opkg's config dir, and fixes `opkg-key reset` to delete everything.
Additionally, it simplifies how gpg in invoked to add/remove/list keys.
This is necessary to avoid a format change of gpg's homedir on when
using gpg 2.2+. gpg is now invoked with a `--homedir /etc/opkg/gpg/`
parameter instead specifying individual files.
This are unfortunately a breaking change (if gpg is enabled)!
You can preserve existing pubkeys in gpg_dir one of the following ways:
(a) Move trusted.gpg, secring.gpg, and trustdb.gpg to the new gpg
subdirectory under opkg's config dir. This is only safe before
first use (while gpg dir is empty), otherwise it may overwrite
newly added keys.
(b) Add `option gpg_dir /etc/opkg` in opkg.conf to revert back to
old directory layout. You should avoid using opkg-key in this
case, since it doesn't respect non-default gpg_dir.
Also note that running `opkg-key populate` still reloads key files from
/usr/share/opkg/keyrings/. If you keep a copy of trusted pubkeys in that
directory, it may be sufficient to simply re-populate them instead of
migrating gpg_dir.
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
The commands 'info' and 'status' now support the --short-description flag to
display only the first line of the Description. This allows client parsing of
the results to be simpler and faster.
Signed-off-by: Dan Mondrik <dan.mondrik@ni.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
The commands 'info' and 'status' now support the --fields command line
argument with a comma delimited list of fields the user wants displayed.
This allows client parsing of the results to be simpler and faster.
Signed-off-by: Dan Mondrik <dan.mondrik@ni.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
When enabled, this option stores the list files on list_dir as gz
compressed. Useful to reduce disk space usage.
bugzilla #11912
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
Enabling this option makes opkg store all the package information in
the status file, instead of just a subset. This is desirable to make
such fields available offline, when there is no connection to the repo.
Disabled by default.
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
This is necessary for OpenWRT or other distros, to place opkg.conf in a
non-volatile, writable or distro specific directory (e.g /opt/etc).
- added SYSCONFDIR and VARDIR variables set by configure in Makefile.am
(as --sysconfdir and --localstatedir)
- added SYSCONFDIR and VARDIR as prefixes for /etc and /var in
libopkg/opkg_conf.h
- tests[/*]/*.py: changed hard-coded paths with the ones configured at
compile time
Signed-off-by: Florin Gherendi <floring2502@gmail.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
'opkg list' command only displays the available packages' name, version and
description. It would be useful to also see the approximate size of the
available package.
This patch extends "opkg list" command with "--size" to optionally show also
the *.ipk size.
* Default behaviour is to list the available packages as earlier:
"name - version - description"
* with "--size" the output of is "name - version - size - description".
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46980 3c298f89-4303-0410-b956-a3cf2f4a3e73
The patch was imported from OpenWRT git server (git://git.openwrt.org/openwrt.git) as of commit id 97e7e2bae9beced5b079d352035a5e914e9715e2
Some modifications were made to match opkg version 0.3.x:
libopkg/opkg_cmd.c: changes in patch code: in static void print_pkg(pkg_t * pkg), instead of:
+ if (conf->size)
+ printf(" - %lu", pkg->size);
use:
+ if (opkg_config->size) {
+ if(pkg->state_status == SS_INSTALLED || pkg->state_status == SS_UNPACKED)
+ printf(" - %lu", pkg->installed_size);
+ else
+ printf(" - %lu", pkg->size);
+ }
man/opkg.1.in: added description for --size switch
src/opkg.c: is patched in version 0.3.x instead of src/opkg-cl.c in version 0.1.8
Signed-off-by: Florin Gherendi <floring2502@gmail.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
mismatching md5sums
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40766 3c298f89-4303-0410-b956-a3cf2f4a3e73
The patch was imported from OpenWRT git server
(git://git.openwrt.org/openwrt.git) as of commit id
37a0e124d1c685f0503b7b96351e29548fbe71cc.
Parts have been re-written to match opkg version 0.3.x:
libopkg/opkg_install.c is no longer patched; error messages for md5sum
mismatch no longer exist in this version of opkg. Patching libopkg/pkg.c
instead, for ignoring checksum mismatch (new code) patching information
for src/opkg-cl.c (version 0.1.8) used now to patch src/opkg.c (the new
program source)
man/opkg.1.in - add description for the "--force-checksum" command line switch.
man/opkg.5.in - add description for the "force_checksum" config option.
Signed-off-by: Florin Gherendi <floring2502@gmail.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
Signed-off-by: Michael Hansen <michael.j.hansen@hp.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
Previously the GPG check would simply perform a digest against a give repo/package
from the signature file. At no point would it verify the package's signature was
signed properly. This fix verifies the package/repository not only checks the digest
but that the package is also signed by a trusted source.
Signed-off-by: Bryan Krause <bryan.krause@baesystems.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
When enabled, opkg will download all the packages needed by the
install/upgrade operation before executing the transaction. Adds an
extra layer of robustness in case of network outages on operations that
take a long time (for example, during upgrades).
This option is not available in the internal solver backend since
multiple operations are not combined on a single solve. Instead, there
is an individual solve for each transaction. This is true even if the
combine flag is set.
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
Add an intercepts_dir option defaulted to $DATADIR/opkg/intercept or
$offline_root/$DATADIR/opkg/intercept when offline_root is set, instead
of hard-coding a path in opkg_cmd.c. DATADIR is a compile-time constant
that's typically /usr/share or /usr/local/share on most distribution.
Add a test case to verify intercepts work in an offline root and can be
disabled by setting intercepts_dir=/dev/null.
Manual testing:
* Ran `make check` with the new test --> no new failures
* Installed x86_64 package on a target containing postinst script and
verified depmod is intercepted under default config and not
intercepted when intercepts_dir=/dev/null
The motivating use case for this change is Yocto bug 8837:
An IPK installs a shared library or kernel module, then
postinst calls `ldconfig` or `depmod -a`, respectively, to register it.
Subsequent IPKs relying on those libs/ko's in their postinst's may
fail under the default configuration, since opkg defers registration
until after all postinst's run.
This option allows maintainers/sysadmins to fix the problem by
completely disabling intercepts for a minor performance penalty.
https://bugzilla.yoctoproject.org/show_bug.cgi?id=8837
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
Reviewed-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
Reviewed-by: Josh Cartwright <joshc@ni.com>
|
|
This argument tells opkg to store the cache directory outside the offline root
directory if the -o option is passed. It may be used to keep the offline root
directory clean of irrelevant cache files. It may also be helpful if the offline
root path is very long and placing cache files under this directory has a risk
of exceeding PATH_MAX.
Eg.
'opkg --cache-dir /foo -o /offline ...' stores the cache in '/offline/foo'.
'opkg --cache-dir /foo -o /offline --host-cache-dir ...' stores the cache in
'/foo'.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
On filesystems where UIDs aren't well-behaved, UIDs/GIDs can't
always be trusted to be restorable. Additionally, non-privileged
users who want to use OPKG to install files in some home directory
won't generally be able to control the permissions of the output.
OPKG's default behaviour when faced with a UID mismatch is to report
the warning that libarchive produces, but to continue anyways.
This patch doesn't change the default behavior, but it adds an
'ignore_uid' boolean option to opkg_conf. If enabled in the config
file by 'option ignore_uid', libarchive will be called without the
'ARCHIVE_EXTRACT_OWNER' flag (and UID/GID restoration won't be
attempted).
Signed-off-by: Nick Clark <nicholas.clark@gmail.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
|
|
During the tidy up, includes have been moved outside of the 'extern "C" {}'
construct where necessary.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
For each file, the command executed was:
indent -linux -i4 -nut -sc -bbo -nhnl $f
This is the first step in improving the code formatting and further work is
still required. 'indent' is confused by the 'extern "c" {}' wrapping in the
header files and gets the indentation wrong. It also produces sub-optimal
formatting for some long lines.
Each file will be reviewed by hand after this commit.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
Add a way to exclude specific packages from the install.
When an excluded package is required by another package an error
will be generated. If the excluded package is only recommended,
no error will be generated.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
Add the ability to not install ANY recommended packages.
This option is matched by the command line argument '--no-install-recommends'.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
If this option is set, the maintainer's changes to a conffile will be ignored
and a message will be printed to indicate that this has happened. This option is
useful when it is known that the user's changes to a conffile should override
those made in an upgrade of a package and allows space to be saved within the
configuration directory.
This completes the fix for issue 128.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
By default, gpg signatures will be used.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
The default behaviour of opkg is changed to allow local files to be linked
rather than copied into the cache directory. However, if the cache_local_files
option is set, the old behaviour will be followed and local files will be copied
into the cache.
A local file is any which is accessed using a 'file://' protocol.
This patch fixes issue 139.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
If the check_pkg_signature option is set, a signature file will be downloaded
for each package file and this signature will be validated before the package is
installed. This adds an additional layer of security to the use of opkg.
This patch fixes issue 132.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
When the option is enabled, installs and upgrades will be combined via calls to
opkg_install_multiple_by_name and opkg_upgrade_multiple_pkgs respectively.
This should resolve the case of issue 124 where multiple packages depend on a
common package with version constraints in such a way that all dependent
packages need to be upgraded together.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
Only one definition remained in opkg_defines.h after recent changes, it is
simpler just to include it in opkg_conf.h.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
The default paths listed in opkg_conf.h are now given in full rather than
relative to OPKG_STATE_DIR_PREFIX.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
The default cache directory should be under /var/cache, not /var/lib.
This fixes issue 131.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
This option is used to set the status_file_name for each pkg_dest and will be
interpreted as relative to the root_dir of the pkg_dest. It eliminates the need
for the OPKG_STATUS_FILE_SUFFIX symbol and allows more control over where the
status file directory is placed.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
This option is used to set the info_dir for each pkg_dest and will be
interpreted as relative to the root_dir of the pkg_dest. It eliminates the need
for the OPKG_INFO_DIR_SUFFIX symbol and allows more control over where the info
directory is placed.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
As before, we don't need to support stupid configurations. If you want to read
config files from somewhere else, set the environment variable OPKG_CONF_DIR
before running opkg.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
The macros which define the default values of configuration options should
include the word DEFAULT in their names.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
The ./configure option '--with-opkglockfile' is dropped and OPKGLOCKFILE is no
longer set at compile time. Instead the lock file path may be set using the
lock_file option in a config file as these config files are parsed before the
lock file is used. The default value is now given by OPKG_CONF_DEFAULT_LOCK_FILE
and to comply with the FHS and avoid the requirement to create any directories
which shouldn't already exist it is placed at '/var/run/opkg.lock'.
The static variable lock_file is also moved into the opkg_config structure.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
This also corrects the existing vim modelines to match the desired format.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
The decision as to which signature verification method to use does not have to
be determined at compile time. Instead this decision can be selected at run time
using a configuration option.
If support for the selected method has not been compiled in, an error message is
displayed and the return value is -1.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
The environment variable http_auth, is used for telling libcurl
the username and password
Signed-off-by: Ilkka Kellokoski <ilkka.kellokoski@gmail.com>
|
|
The environment variable 'https_proxy' is required by libcurl to use a
proxy for https targets.
Signed-off-by: Mathias Kunert <mathias.kunert@dezem.de>
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
Add extra curl follow_location option to conffile
Example:
follow_location 1
Signed-off-by: Gaël PORTAY <g.portay@overkiz.com>
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
Add extra curl options to conffile.
Example:
connect_timeout_ms 5000
transfer_timeout_ms 5000
Signed-off-by: Gaël PORTAY <g.portay@overkiz.com>
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
Volatile cache is cleared on exit and may be used to save some space.
Respective command line option "volatile-cache" was added to use this cache.
Some downloading methods were optimized to avoid using of cache
if "volatile-cache" option is set.
Signed-off-by: Yevhen Kyriukha <kirgene@gmail.com>
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
New internal caching mechanism is implemented for all downloads (local and
remote). Stamps are used to detect source file changes before downloading. HTTP
ETag header and mtime stamps are used to detect remote and local file change
respectively. Cache is used to save stamps and downloading files. Cache
directory is created under root directory.
Also drop --cache option from opkg-cl as it doesn't fit with the new
implementation.
Signed-off-by: Yevhen Kyriukha <kirgene@gmail.com>
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
Explicit mode is supported when setting the ftp_explicit_ssl
configuration option to true.
Both ftp:// and ftps:// schemes are supported when using explicit
mode. Implicit mode is enabled by Curl if ftp_explicit_mode is
not set to true and if the URL starts with "ftps://".
Implicit and explicit modes require curl and SSL support.
Signed-off-by: Julien Gilli <julien.gilli@gmail.com>
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
|
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|