aports-turbo issueshttps://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues2023-06-07T13:02:52Zhttps://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/41aports-turbo fails to start on Alpine v3.122023-06-07T13:02:52ZGreyaports-turbo fails to start on Alpine v3.12It appears there is an issue with using aports-turbo on a fresh Alpine v3.12 install. When started I get the following error:
```
[W 2020/06/13 00:46:16] _G.__TURBO_USE_LUASOCKET__ set, using LuaSocket (degraded performance).
luajit: at...It appears there is an issue with using aports-turbo on a fresh Alpine v3.12 install. When started I get the following error:
```
[W 2020/06/13 00:46:16] _G.__TURBO_USE_LUASOCKET__ set, using LuaSocket (degraded performance).
luajit: attempt to index a number value
stack traceback:
[C]: in function 'poll'
/usr/share/luajit-2.1.0-beta3/turbo/ioloop.lua:464: in function '_event_poll'
/usr/share/luajit-2.1.0-beta3/turbo/ioloop.lua:443: in function 'start'
./aports.lua:154: in main chunk
[C]: at 0x5631f48fd0b2
```
I can't quite pin down what is going on exactly, but it works fine on a fresh v3.8 install. I put this down to some sort of change in lua-turbo between the package in v3.8 (lua-turbo 2.1.2-r1) and the package in v3.12 (lua-turbo 2.1.3-r4). I haven't confirmed this, but the behaviour points that way.https://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/46Package name not properly escaped in "Contents of package" link2023-06-07T12:41:57ZSamantaz FoxPackage name not properly escaped in "Contents of package" linkThe package's name inside the `Contents of package` link is not properly URL encoded
Steps to reproduce:
1. Go to a package page like https://pkgs.alpinelinux.org/package/edge/main/x86_64/libstdc++
1. Click the `Contents of package` l...The package's name inside the `Contents of package` link is not properly URL encoded
Steps to reproduce:
1. Go to a package page like https://pkgs.alpinelinux.org/package/edge/main/x86_64/libstdc++
1. Click the `Contents of package` link
1. URL contains `&name=libstdc++`, `Package` filter contains `libstdc` and there are no results
1. Manually search for `libstdc++` on the same page
1. URL now contains `&name=libstdc%2B%2B` and the expected results appearhttps://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/10Do not allow stable flagging2023-06-07T12:19:32ZCarlo LandmeterDo not allow stable flaggingFlagging stable packages makes no sense as we never upgrade versions in stable except for bugs and security issues. We should instead change the flag button to a report button and redirect to bugs.alpinelinux.org.
Flagging stable packages makes no sense as we never upgrade versions in stable except for bugs and security issues. We should instead change the flag button to a report button and redirect to bugs.alpinelinux.org.
https://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/45Anitya watcher does not distinguish pre-release versions2022-07-28T04:31:39ZPatrycja Rosaalpine@ptrcnull.meAnitya watcher does not distinguish pre-release versionsCan be seen on `community/librsvg`:
![image](/uploads/f25a3acb3b68481e315c75e01a6b5bae/image.png)
Even though 2.53.2 is marked as pre-release, it's still flagged:
![image](/uploads/31c2f636764c59b8278073986d6a997c/image.png)Can be seen on `community/librsvg`:
![image](/uploads/f25a3acb3b68481e315c75e01a6b5bae/image.png)
Even though 2.53.2 is marked as pre-release, it's still flagged:
![image](/uploads/31c2f636764c59b8278073986d6a997c/image.png)https://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/40Discourage incorrect use of pkgs.a.o's flag feature2022-07-25T10:55:12ZTBKDiscourage incorrect use of pkgs.a.o's flag featureI have seen quite a few bug reports and other messages from flagged packages.
Here is one example:
![flagged-incorrect-use](/uploads/86d0800d7b2cf023c0f844782e527a50/flagged-incorrect-use.png)
Google Translate says it is Japanese and m...I have seen quite a few bug reports and other messages from flagged packages.
Here is one example:
![flagged-incorrect-use](/uploads/86d0800d7b2cf023c0f844782e527a50/flagged-incorrect-use.png)
Google Translate says it is Japanese and means "thank you" https://translate.google.com/#view=home&op=translate&sl=auto&tl=en&text=%E3%82%88%E3%82%8D%E3%81%97%E3%81%8F%E3%81%8A%E9%A1%98%E3%81%84%E3%81%84%E3%81%9F%E3%81%97%E3%81%BE%E3%81%99%E3%80%82
A simple warning/notice might alleviate the problem.
I made a quick markup:
![warning](/uploads/36651b747f8cd86fcf937ed70f079eac/warning.png)
Related code:
```html
<div class="pure-u-1 pure-u-lg-10-24">
.......
<div class="grid-head">Be aware!</div>
<div class="grid-body" style="">
<notice style="color: #fff;background-color: #dd320b;padding: 1em;border-radius: 4px;line-height: 2em;width: 541.167px;height: 57px;display: inherit;" color="d9edf7">This form is intented to report outdated packages.<br>Please report all other issues related to tini via the <a href="https://bugs.alpinelinux.org/projects/alpine/issues">Bug Tracker</a></notice>
</div>
</div>
```
```css
element {
color: #fff;
background-color: #dd320b;
padding: 1em;
border-radius: 4px;
line-height: 2em;
width: 541.167px;
height: 57px;
display: inherit;
}
```https://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/43Use code fragments for OpenWrt2020-11-11T05:56:22ZPaul SpoorenUse code fragments for OpenWrtHi, I'm doing some stuff around the OpenWrt project and there are some ambitions to "beautify" the current package overview. The Alpine project solved the matter in a elegant way and even if the reporting/flagging features are a bit out ...Hi, I'm doing some stuff around the OpenWrt project and there are some ambitions to "beautify" the current package overview. The Alpine project solved the matter in a elegant way and even if the reporting/flagging features are a bit out of the current scope, I'd like to use parts of the current website - if that's okay.
I'd obviously apply a different style/logo, but keep the structure (because it's great). Would that work for the Alpine devs? What kind of *mentioning* would you require or do you very much dislike the idea? In that case I'd have to reinvent the wheel.Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/37css tooltip does not like overflow on parent div2020-03-28T15:23:02ZCarlo Landmetercss tooltip does not like overflow on parent divIn the flagged section when there are [limited results](https://pkgs.alpinelinux.org/flagged?origin=&maintainer=7heo) the tooltip applied to the message icon will be hidden behind the parent div which has overflow-x:auto set. We need ove...In the flagged section when there are [limited results](https://pkgs.alpinelinux.org/flagged?origin=&maintainer=7heo) the tooltip applied to the message icon will be hidden behind the parent div which has overflow-x:auto set. We need overflow-x to make the table kind of usable on smaller screens.
One solution would be to make the parent div min-height set to 100% to allow the tooltip to use the extra space below the table, but this does not work.
A solution without the use of JavaScript would be preferred.https://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/28add makedepens to db2018-01-31T08:34:30ZCarlo Landmeteradd makedepens to dbAs apk-tools will probably never have this feature, maybe it would be a nice addition to add them to its own table in our db.
As apk-tools will probably never have this feature, maybe it would be a nice addition to add them to its own table in our db.
https://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/14pager is broken on flagged page2016-09-13T13:03:08ZCarlo Landmeterpager is broken on flagged pagehttps://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/8Message popups on /flagged page vanish too easily2016-04-18T22:47:16ZPrzemysław PawełczykMessage popups on /flagged page vanish too easilyThey are hidden even when I want to select the text from the message popup itself.
(Tested in Chrome 49 on Windows 7 x64)
They are hidden even when I want to select the text from the message popup itself.
(Tested in Chrome 49 on Windows 7 x64)
https://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/6Adding a OpenSearch description file2016-04-18T15:31:39ZCarlo LandmeterAdding a OpenSearch description file*Created by: leo-unglaub*
Hey,
it would be very awesome if you could add an OpenSearch description file. That way the user cann add the package search to the browser and simply use the browser to search dircetly thru the package databas...*Created by: leo-unglaub*
Hey,
it would be very awesome if you could add an OpenSearch description file. That way the user cann add the package search to the browser and simply use the browser to search dircetly thru the package database.
I addded you an untested version of the correct xml and header tag.
`<link rel="search" type="application/opensearchdescription+xml" href="opensearch.xml" title="Alpine Linux Package Database"/>`
```
<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://mozilla.org/2006/browser/search">
<ShortName>Alpine Linux Package Database</ShortName>
<Description>Search for Alpine Linux packages (apk)</Description>
<Tags>linux alpine packages apk</Tags>
<Contact>webmaster@alpinelinux.org</Contact>
<Url type="text/html" method="GET" template="https://pkgs.alpinelinux.org/packages">
<Param name="name" value="{searchTerms}"/>
<Param name="repo" value="all"/>
<Param name="arch" value="x86_64"/>
<Param name="maintainer" value="all"/>
</Url>
<LongName>Alpine: Search packages</LongName>
<Image height="16" width="16" type="image/png">https://alpinelinux.org/favicon.ico</Image>
<InputEncoding>UTF-8</InputEncoding>
</OpenSearchDescription>
```
Thanks and greetings
Leo
https://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/4Need to use escaping in a number of templates2016-04-11T10:01:00ZCarlo LandmeterNeed to use escaping in a number of templates*Created by: djimenez*
the contents and packages related templates are primarily using the triple braced interpolation which does no html escaping, when typically they should be using the double braced interpolation that atuomatically p...*Created by: djimenez*
the contents and packages related templates are primarily using the triple braced interpolation which does no html escaping, when typically they should be using the double braced interpolation that atuomatically performs escaping.
quotes and html characters in values from form inputs or package metadata can wreck the output. An example of this already exists without any maliscious input, the maintainer select options has a piece templated out like:
```
<option value="Steffen Lange">Steffen Lange</option>
<option value="Stuart Cardall">Stuart Cardall</option>
<option selected value="Stuart Cardall <developer@it-offshore.co.uk> Cameron Banta">Stuart Cardall <developer...</option>
<option value="Sören Tempel">Sören Tempel</option>
<option value="Ted Trask">Ted Trask</option>
```
notice that the < and > characters aren't being transformed into > and < where appropriate - a quote would not either, as seen if we put a value with a quote in the packages form (here I've inserted the alpine logo into the middle of the page by crafting the query):
https://pkgs.alpinelinux.org/packages?name=%22%3E%3Cimg+src%3D%22https%3A%2F%2Fpkgs.alpinelinux.org%2Fassets%2Falpinelinux-logo.svg%22%3E&repo=all&arch=x86_64&maintainer=all
luckily modern browsers are good at detecting reflected XSS, so its not easy to use this to execute arbitrary javascript. But a browser wouldn't be able to detect scripts that come from maliscious package information. If i was able to sneak in an evil package author, description or url into the apk indexes these pages would display it.
i would imagine you actually want to use the double braces in your templates for everything except your header and footer includes.
PS I know nothing about lustache other than what i read in the variables section o fthe readme: https://github.com/Olivine-Labs/lustache#variables
https://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/3Py-Cffi not found2016-03-30T06:56:55ZCarlo LandmeterPy-Cffi not found*Created by: kilpatty*
Currently with any version of Alpine-Linux from the Dockerhub repositories attempting to install any package with py-cffi as a dependency will return not found as it is looking for py-cffi-1.3.0 whereas it appears...*Created by: kilpatty*
Currently with any version of Alpine-Linux from the Dockerhub repositories attempting to install any package with py-cffi as a dependency will return not found as it is looking for py-cffi-1.3.0 whereas it appears that on alpine-linux apk package repo it is currently version 1.4.2
https://pkgs.alpinelinux.org/package/community/x86_64/py-cffi
https://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/1Add repository filter on contents form2015-08-20T09:20:57ZCarlo LandmeterAdd repository filter on contents formThis should make it easier to find contents when a package exists in multiple repositories.
This should make it easier to find contents when a package exists in multiple repositories.
Carlo LandmeterCarlo Landmeter