Different from OPKG, APK uses a deterministic version schema which chips
the version into chunks and compares them individually. This enforces a
certain schema which was previously entirely flexible.
- Releases are added at the very and end prefixed with an `r` like
`1.2.3-r3`.
- Hashes are prefixed with a `~` like `1.2.3~abc123`.
- Dates become semantic versions, like `2024.04.01`
- Extra tags are possible like `_git`, `_alpha` and more.
For full details see the APK test list:
https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/test/version.data
Signed-off-by: Paul Spooren <mail@aparcar.org>
00b921d80ac0 Do not print line number in debug messages
96c42c5ed320 Fix length checks in cert_load()
fe06b4b836b3 usign-exec: improve usign -F output handling
19f9e1917e1b usign-exec: return code fixes
077feb5b5824 usign-exec: close writing end of pipe early in parent process
7ec4bb764e1e usign-exec: remove redundant return statements
5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17]
112488bbbccc usign-exec: do not close stdin and stderr before exec
38dcb1a6f121 usign-exec: fix exec error handling
a9be4fb17df2 usign-exec: simplify usign execv calls
854d93e2326a Introduce read_file() helper, improve error reporting
afc86f352bf7 Fix return code of write_file()
fdff10852326 stdout/stderr improvements
dddb2aa8124d ci: fix unit test failures by enabling full ucert build
5f206bcfe5c2 ci: enable unit testing
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted
19a7225ac018 fix leaking memory in cert_dump_blob
9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker
4462ff9dedfa add cram based unit tests
5fe64b5606aa cmake: split usign bits into static library
5d7626a2b6d8 cmake: reindent the file
e284ed941972 cmake: enable hardening compiler flags and fix the reported issues
7e5390666347 add initial GitLab CI support
fa0bf4ef45b1 cmake: add proper include and library dependencies
Signed-off-by: Petr Štetiar <ynezz@true.cz>
e4bd927 cast ucert_argv to proper type when passing to execv
Fixes warnings:
warning: passing argument 2 of 'execv' from incompatible pointer type
[-Wincompatible-pointer-types]
254 | execv(usign_argv[0], usign_argv)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
account (if set), so that packages do not need to manually override
PKG_BUILD_DIR just to handle variants.
This also updates most base packages with variants to use the updated
default PKG_BUILD_DIR.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
usign occasionally writes 16 characters then exits without writing a LF,
leaving ucert hanging waiting for more input. Accept 16 characters
or more rather than 17 to work around the short read.
Signed-off-by: Mike McCormack <mike@atratus.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update to latest HEAD in order to fix a stack memory corruption issue:
1056e73 Change the sigb buffer to be the same size as the fread
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
ad816fc set rpath to make bundle-libraries.sh happy
63ad591 blob_buf needs to be zero'd
Now that libubox, libjson-c and libblobms_json are installed into
STAGING_DIR_HOST we can properly bundle ucert in the ImageBuilder.
Follow-up commits will make use of it to include a signature-chain in
sysupgrade images using fwtool.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ucert is a wrapper around usign to allow delegation and revocation of
public keys for future use in sysupgrade.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)