1. 17 Jul, 2019 2 commits
  2. 08 Jul, 2019 1 commit
  3. 20 Jun, 2019 1 commit
    • Max Rees's avatar
      abuild-sudo: don't allow --keys-dir · 297de93a
      Max Rees authored
      Not allowing --allow-untrusted is obviously a good idea, but it can be
      trivially bypassed if --keys-dir is allowed:
      
      $ abuild-apk add foo-1-r0.apk
      ERROR: foo-1-r0.apk: UNTRUSTED signature
      $ abuild-apk --allow-untrusted add foo-1-r0.apk
      abuild-apk: --allow-untrusted: not allowed option
      $ cp -rp /etc/apk/keys /tmp/keys
      $ cp untrusted.pub /tmp/keys
      $ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
      (1/1) Installing foo (1-r0)
      OK: 4319 MiB in 806 packages
      
      If both --allow-untrusted and --keys-dir are not allowed, then it should
      no longer be possible for an unprivileged member of the abuild group to
      add an untrusted package.
      
      $ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
      abuild-apk: --keys-dir: not allowed option
      297de93a
  4. 14 Jun, 2019 1 commit
  5. 12 Jun, 2019 9 commits
  6. 03 May, 2019 2 commits
  7. 30 Apr, 2019 4 commits
  8. 29 Apr, 2019 13 commits
  9. 25 Apr, 2019 1 commit
    • Natanael Copa's avatar
      Revert "abuild: unset depends for subpackages" · c0dc7ace
      Natanael Copa authored
      Apparently there are many packages that does soemthing like:
      
      subpackages="$pkgname-foo:_foo"
      
      _foo() {
      	depends="$depends something-else"
      }
      
      and thus depend on the previous behavior. We need to revert and plan
      this better.
      
      This reverts commit 8fbbffd2.
      c0dc7ace
  10. 09 Apr, 2019 2 commits
  11. 05 Apr, 2019 1 commit
  12. 03 Apr, 2019 3 commits
    • Timothy Legge's avatar
    • tcely's avatar
      abuild: -openrc should not inherit depends · 801578a0
      tcely authored
      801578a0
    • Chloe Kudryavtsev's avatar
      Add default_cleanup_srcdir · 6a6310f0
      Chloe Kudryavtsev authored
      In some cases, a simple rm -rf is not sufficent to clean srcdir.
      One such case is the new go module system, that marks everything as
      read-only - thus only letting root rm -rf it without a chmod.
      There is a command intended to clean them - `go clean -modcache`.
      However, for that to work, GOPATH must be defined and existent.
      Running chmod for all srcdir cleanups makes no sense, nor does enforcing
      root, or putting global overrides just for go.
      
      This patch allows overriding what happens on `cleanup srcdir`, by
      overriding cleanup_srcdir, and allows the use of default_cleanup_srcdir.
      
      In our go example, it might be used as such:
      
      cleanup_srcdir() {
      	go clean -modcache
      	default_cleanup_srcdir
      }
      6a6310f0