Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
apk-tools
apk-tools
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 59
    • Issues 59
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 13
    • Merge Requests 13
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • apk-toolsapk-tools
  • Issues
  • #7104

Closed
Open
Opened Apr 08, 2017 by Chris Giorgi@TemptorSent
  • Report abuse
  • New issue
Report abuse New issue

[subset of #7103] Extract manifest of pax checksum headers vs. files for apks to stdout.

This particular portion of Feature #7103 is needed immediately to improve user experience in upcoming Alpine 3.6 release.

In order to verify integrity of files extracted from apks and uniquely identify specific versions of a file, the checksum stored in the pax header

68 APK-TOOLS.checksum.SHA1=

needs to be retrieved for each file in the apk tar archive. No standard tar tool can extract this information, and using an awk script results in unreasonably long runtimes for large packages such as ‘linux-grsec’, ‘linux-firmware’, etc.

apk already reads these headers, but there is currently no way to expose that information.

Proposed functionality is export of a manifest to stdout (or optionally file) containing one line per file (with optional comments), and each line having information to uniquely identify a file by arch, package name, and full package version.

Format currently in use in kerneltool/mkimage project is

printf 'apk:%s/%s-%s\t%s:$s\t%s' $arch $pkgname $pkgver $sumtype $sum $filename

where $sumtype is the lowercase name of the checksum function, such as ‘sha1’, ‘sha512’, or ‘md5’, which, when prepended to ‘sum’, yields the appropriate command to verify the sum (i.e. ‘sha1’ ->sha1sum)

(from redmine: issue id 7104, created on 2017-04-08)

Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
3
Labels
Feature New Normal
Assign labels
  • View project labels
Reference: alpine/apk-tools#7104