libopkg: support https_proxy Add support for https_proxy since feeds switched to HTTPS. In general case, https_proxy may not match http_proxy. Process http_proxy, https_proxy, and ftp_proxy separately. Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
opkg_remove: avoid remove pkg repeatly with option --force-removal-of-dependent-packages While remove pkg with '--force-removal-of-dependent-packages', pkg may be added to pkgs remove list multiple times, add status check to make sure pkg only be removed once. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Paul Barker <paul@paulbarker.me.uk> (Cherry picked from https://git.yoctoproject.org/cgit/cgit.cgi/opkg/commit/?id=e8996180833aa35d101fbeadec3d787ce0bbda5c) (Fixes https://dev.archive.openwrt.org/ticket/18320 and openwrt/packages CI)
libopkg: pkg_hash: print unresolved dependencies When a package is not installed because it has unresolved dependencies normally we get only an error message like this: * pkg_hash_fetch_best_installation_candidate: Packages for ltq-vdsl-app found, but incompatible with the architectures configured * opkg_install_cmd: Cannot install package ltq-vdsl-app. Log in addition the following error message: * pkg_hash_check_unresolved: cannot find dependency ltq-dsl-base for ltq-vdsl-app Fixes: FS#3814 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
libopkg: pkg_hash: prefer original packages to satisfy dependencies When one package "provides" another non-virtual package, prefer to use the original package instead of the providing package. Example: Consider packages "foo" and "bar", where "foo" provides "bar". The current code will sort all candidates by name and use the last entry by default, so "foo" would be used to satisfy a dependency on "bar". Change the logic to prefer the actual package "bar" in this case. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
libopkg: add option to strip ABI versions from listed names Listing packages without the ABI versions appended to their names is needed in some situations. Add a new command line option '--strip-abi' for that which affects the 'list' and 'list-installed' command. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
pkg: pass-through ABIVersion to status file This allows removing it from package names if needed without storing the SourceName for each and every package, which is mostly redundant information. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
libopkg: remove "extra_data" option The "extra_data" allowed to add an extra option behind a repository definition. This was only ever used to either ignore a specific feed by setting it to "__dummy__" or adding a sub-folder in the repository path, as done for Debian repositories. Instead of using "__dummy__" it is cleaner to "comment out" the specific repository and Debian repository structure is nowhere used in the OpenWrt ecosystem, therefore it seem save to remove "extra_data". Signed-off-by: Paul Spooren <mail@aparcar.org>
libopkg: remove support for "dist" config The "dist" config option is legacy to imitate Debians repository structure. However this is never used within the OpenWrt ecosystem and can therefore be removed. Signed-off-by: Paul Spooren <mail@aparcar.org>
libopkg: fix md5sum calculation This regression prevents MD5 checksums from being checked. Packages are still installed, but this raises several issues: - if only MD5 checksums are provided in the package list, it is trivial for an attacker to modify the content of a package, since checksum verification is bypassed. If both MD5 and SHA256 checksums are provided, then SHA256 is correctly verified and the attack is not possible. - future efforts to harden checksum verification would prevent package installation. Note that OpenWrt has switched to SHA256 for all its packages several years ago. As a result, this bug does not affect OpenWrt packages from the official package feeds. However, custom package repositories that only use MD5 are affected. Initially submitted at https://github.com/openwrt/openwrt/pull/3087 Fixes: 33f7b80aa325 ("libopkg: drop custom md5 implementation, unconditionally enable sha256 support") Signed-off-by: Alexander Ryzhov <github@ryzhov-al.ru> [Add commit description] Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
man: remove obsolete manual pages The man pages have not been updated since 2010. Options are documented in the usage message obtained when running "opkg" without arguments. In addition, the man page are no longer used anywhere in the build system since 2017: the autoconf-based build system was removed in 6215c27b1d3a ("build: remove automake/autoconf build system"). Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
opkg_verify_integrity: better logging and error conditions The function now always returns an error if size/checksum don't match: we let the caller decide what to do with the result. In addition, most of the logging is also moved to the caller. We just keep logging for unexpected errors and a bit of debug at loglevel INFO. Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
download: purge cached packages that have incorrect checksum Before using a package from the cache, verify its size and checksum against a package index, and delete the package from the cache if they don't match. The install process will then proceed to download the "fixed" package as usual. This allows to cope with remote packages that are rebuilt while keeping the same version number as packages in the local cache. With this change, any outdated package in the local cache will be purged and the new version will be downloaded instead. This is mostly useful when running opkg on the host (e.g. in the imagebuilder). When running on a device, no cache is configured by default, so this change does nothing in that case. Fixes: FS#2690 Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
download: factor out the logic for building cache filenames If we want to access files in the cache from multiple functions, it is necessary to have a single source of truth regarding the naming of files in the cache. Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
libopkg: factor out checksum and size verification This is a sizeable chunk of code that be can pretty well isolated in its own function. This refactoring will be necessary for an upcoming feature in which opkg_download_pkg() will need to verify the checksum of packages in the cache. This is the reason why the new function is located in `opkg_download.c`. Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
download: remove compatibility with old cache naming scheme A long time ago, the name of cached files was derived from the source URL. This was changed in 2011 with d46db43e21 ("Don't include the source URI in the cached filename.") Some compatibility code was left behind: even today, we are still trying to read from the old filename. The goal of this compatibility code was to account for existing caches that still had files with the old naming scheme. More than 9 years later, it is safe to remove this compatibility code. It simplifies the download code and avoids a useless disk access. Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
libopkg: clean up handling of unresolved dependencies Drastically improves performance, back to the level seen before the previous commit. Fixes: 3837489 ("libopkg: work-around yet another dependency checking problem") Signed-off-by: Daniel Golle <daniel@makrotopia.org> Signed-off-by: Paul Spooren <mail@aparcar.org>