We've discovered an issue with in apk when using Rosetta2 with wolfi that was surfaced
by f3f239ac: apk, db: rework dbopts cache_max_age default handling.  With the new
settings apk now hits an fstatat conditional where it didn't before.  As far as I can tell
this failure is expected and shouldn't be a problem. It only is because the code
continues to rely out the buffer that was passed in to contain clean
values. On Rosetta2 with wolfi the st buffer is no longer clean out after the call to fstatat.

This issue only occurs if cache_max_age is positive, and `/var/cache/apk`
is empty.  This issue can be seen below:

```
a549fa77b74f:/apk-tools# apk --help | head -1
apk-tools 2.14.10, compiled for x86_64.
a549fa77b74f:/apk-tools# apk update
fetch https://packages.wolfi.dev/os/x86_64/APKINDEX.tar.gz
WARNING: opening from cache https://packages.wolfi.dev/os: No such file or directory
2 unavailable, 0 stale; 83 distinct packages available

a549fa77b74f:/apk-tools# apk update --cache-max-age 0
fetch https://packages.wolfi.dev/os/x86_64/APKINDEX.tar.gz
 [https://packages.wolfi.dev/os]
OK: 144415 distinct packages available

a549fa77b74f:/apk-tools# apk update
 [https://packages.wolfi.dev/os]
OK: 144415 distinct packages available

a549fa77b74f:/apk-tools# apk update --cache-max-age 1
 [https://packages.wolfi.dev/os]
OK: 144415 distinct packages available

a549fa77b74f:/apk-tools# rm /var/cache/apk/*

a549fa77b74f:/apk-tools# apk update
fetch https://packages.wolfi.dev/os/x86_64/APKINDEX.tar.gz
WARNING: opening from cache https://packages.wolfi.dev/os: No such file or directory
2 unavailable, 0 stale; 83 distinct packages available
```

Some debug output with Rosetta2

```
a549fa77b74f:/apk-tools# LD_PRELOAD=`pwd`/src/libapk.so ./src/apk update --cache-max-age 1
st_mtime pre fstat: 0
cache_max_age=60
ferr: -1, tmperr: 2
st_mtime post fstat: 140737472955232
fetch https://packages.wolfi.dev/os/x86_64/APKINDEX.tar.gz
WARNING: opening from cache https://packages.wolfi.dev/os: No such file or directory
2 unavailable, 0 stale; 83 distinct packages available
a549fa77b74f:/apk-tools# git diff > /test.patch
a549fa77b74f:/apk-tools# ps aux | grep rosetta
    1 root      0:02 {sh} /run/rosetta/rosetta /bin/sh /bin/sh -l
15816 root      0:00 {grep} /run/rosetta/rosetta /usr/bin/grep grep rosetta
```

Some debug output without Rosetta2

```
/apk-tools # LD_PRELOAD=`pwd`/src/libapk.so ./src/apk update --cache-max-age 1
st_mtime pre fstat: 0
cache_max_age=60
ferr: -1, tmperr: 2
st_mtime post fstat: 0
fetch https://packages.wolfi.dev/os/x86_64/APKINDEX.tar.gz
 [https://packages.wolfi.dev/os]
OK: 144391 distinct packages available
/apk-tools # ps aux | grep rosetta
 2438 root      0:00 grep rosetta
```

I cannot reproduce this with Alpine. In fact the st buffer remains clean
with Alpine. I believe the real issue is with rosetta2 & glibc not
actually apk but it seems reasonable not to rely on the buffer from
a failed system call as a solution for now.

RFC2616 §3.3.1 requires compliant client to accept the two
obsolete formats in addition to the Internet standard format.

Based on patch by John Hallam <sw@j.hallam.dk>

(cherry picked from commit 908efa92)

Signed-off-by: Jiri Kastner <cz172638@gmail.com>

For library compatibilty, treat internally dbopts.cache_max_age=0
as the default value. And translate --cache-max-age 0 to in dbopts
to be -1. This allows default initialization of the dbopts to get
default timeout.

readlink does not null terminate the link target

(cherry picked from commit f5c3fd84)

Make the action of 'update' and '--update-cache' refresh the
indexes uncondtionally, but without HTTP level cache flush.

To get HTTP level cache refresh, one needs to now always use
--force-refresh.

fixes #11061
(cherry picked part of from commit fb8eef15)
(cherry picked commit e5e362c1)

The callback should be called with pkg=NULL for each non-wildcard
match when there is no matching package to report errors.

fixes bd3e2be6 db, apps: sort packages by pkgname and pkgver
fixes #11065

(cherry picked from commit fb8eef15)

Make sure the pure virtual names (no auto selectable packages)
are resolved last. This allows dependency processing to uncover
additional constraints that might enable selecting them.

fixes #11059

(cherry picked from commit dc191820)

Test case from jane400@postmarketos.org

fixes #11060

(cherry-picked from 64e05307)

Adjust the rough heuristic to follow the discovery order. This allows
both install_if and conflict rules to be taken into account.

fixes 8a72686d solver: fix conflicts to prevent install_if trigger
fixes #11054

NOTE: changing ABI on 2.14-stable, so apply also the SONAME change
and update soname if cherry-picking before release.

(cherry picked from commit 3eb0b70b)

Currently no ABI guarantees are done so update soname on
every release.

Normally distribution adjust the display version to something
including the packaging version, but this avoids using that
currently.

It is left to the distribution to either build all reverse
dependencies on upgrade, or package libapk separately so
that multiple versions can coexist.

fixes #11001

(upstream commit 373b364e)

fixes 74f67ab8 fix fetching of depdencies only packages
fixes #11056

(cherry picked from commit 78c3bdc0)

fixes #11049

(cherry picked from commit 6c454d13)

fixes #11048
fixes be292bd5 "db: honor 'verify' mode in apk_cache_download"

This fixes the code path when installing new packages, but the
cache is not writable.

First check for potential in 'from' to not call apk_istream_close
with bad pointer.

fixes commit 7763d4ed fetch: validate downloaded package against repository

(cherry picked from commit a9ef3480)

- don't go to silent mode for "make test" (due to the s)
- fix test dependencies
- enable CI

(cherry picked from commit 16d93ac9)

works better cross architectures

(cherry picked from commit b05ac882)

Use the repository hash to validate the package.

fixes #11027

(cherry picked from commit 769bb19b)

Sertonix authored 4 months ago and Timo Teräs committed 4 months ago

Fixes #11034

(cherry picked from commit 229dccea)

Sertonix authored 5 months ago and Timo Teräs committed 5 months ago

(cherry picked from commit 514064e2)

Sertonix authored 6 months ago and Timo Teräs committed 5 months ago

Fixes 4aa80564 blob: optimize digit and base64 decoding

(cherry picked from commit 0d43c0e9)

Sertonix authored 6 months ago and Timo Teräs committed 5 months ago

This avoids potential information loss when converting size_t to lua_Integer by not converting to int in between.

(cherry picked from commit c194896d)

(cherry-picked from commit 11596430)

Sertonix authored 6 months ago and Timo Teräs committed 5 months ago

Casting a long pointer to size_t pointer directly is not safe as far as I
know.

(cherry picked from commit bdebe2ab)

Sertonix authored 6 months ago and Timo Teräs committed 5 months ago

(cherry picked from commit afe80baf)

Peter van Dijk authored 6 months ago and Timo Teräs committed 5 months ago

(cherry picked from commit b925392c)

Sertonix authored 6 months ago and Timo Teräs committed 5 months ago

The first message line was already hidden with --quiet but the rest was
still printed. Removing the message completely seems more reasonable to
me.

(cherry picked from commit 600688a1)

Sertonix authored 6 months ago and Timo Teräs committed 5 months ago

This is needed to avoid EACCES when running apk audit as unprivilidged
user.

(cherry picked from commit 24f28da6)

[TT: include also the st_dev -> st_rdev fix
 cherry picked from commit 22a81e8f]

Sertonix authored 6 months ago and Timo Teräs committed 5 months ago

This is to avoid issues when opening fifos cause without O_NONBLOCK they
wait until the other end is opened.

(cherry picked from commit c620d34c)

This allows at least a minimal compatibility with apk3 installeddb
when it does not contain other non-supported features.