pmb.config.apk_tools_min_version: support branches (MR 2015)
Support branches, so pmbootstrap won't fail if v20.05 is selected: ERROR: You have an outdated version of the 'apk' package manager installed (your version: 2.10.5-r1, expected at least: 2.12.1-r0). Move the logic for this check to pmb.helpers.apk.check_outdated and adjust the test. This fixes the CI failure in test_crossdirect_rust, which uses the stable channel. (My bad for not creating this patch earlier, while at the same time explaining in the creating pmbootstrap release instructions, that this minimum apk version should be adjusted.)
This commit is contained in:
parent
e9947f42de
commit
69cd7895e2
|
@ -78,13 +78,10 @@ def check_min_version(args, suffix="native"):
|
|||
|
||||
# Compare
|
||||
version_installed = installed(args, suffix)["apk-tools"]["version"]
|
||||
version_min = pmb.config.apk_tools_min_version
|
||||
if pmb.parse.version.compare(version_installed, version_min) == -1:
|
||||
raise RuntimeError("You have an outdated version of the 'apk' package"
|
||||
" manager installed (your version: " + version_installed +
|
||||
", expected at least: " + version_min + "). Delete"
|
||||
" your http cache and zap all chroots, then try again:"
|
||||
" 'pmbootstrap zap -hc'")
|
||||
pmb.helpers.apk.check_outdated(
|
||||
args, version_installed,
|
||||
"Delete your http cache and zap all chroots, then try again:"
|
||||
" 'pmbootstrap zap -hc'")
|
||||
|
||||
# Mark this suffix as checked
|
||||
args.cache["apk_min_version_checked"].append(suffix)
|
||||
|
|
|
@ -153,16 +153,12 @@ def init(args):
|
|||
indexes=[apkindex])
|
||||
version = index_data["version"]
|
||||
|
||||
# Extract and verify the apk-tools-static version
|
||||
version_min = pmb.config.apk_tools_min_version
|
||||
apk_name = "apk-tools-static-" + version + ".apk"
|
||||
if pmb.parse.version.compare(version, version_min) == -1:
|
||||
raise RuntimeError("Your APKINDEX has an outdated version of"
|
||||
" apk-tools-static (your version: " + version +
|
||||
", expected at least:" + version_min + "). Please" +
|
||||
" run 'pmbootstrap update'.")
|
||||
# Verify the apk-tools-static version
|
||||
pmb.helpers.apk.check_outdated(
|
||||
args, version, "Run 'pmbootstrap update', then try again.")
|
||||
|
||||
# Download, extract, verify apk-tools-static
|
||||
apk_name = "apk-tools-static-" + version + ".apk"
|
||||
apk_static = download(args, apk_name)
|
||||
extract(args, version, apk_static)
|
||||
|
||||
|
|
|
@ -19,10 +19,14 @@ version = "1.29.0"
|
|||
pmb_src = os.path.normpath(os.path.realpath(__file__) + "/../../..")
|
||||
apk_keys_path = pmb_src + "/pmb/data/keys"
|
||||
|
||||
# apk-tools minimum version
|
||||
# https://pkgs.alpinelinux.org/packages?name=apk-tools&branch=edge
|
||||
# Update this frequently to prevent a MITM attack with an outdated version
|
||||
# (which may contain a vulnerable apk/libressl, and allows an attacker to
|
||||
# (which may contain a vulnerable apk/openssl, and allows an attacker to
|
||||
# exploit the system!)
|
||||
apk_tools_min_version = "2.12.1-r0"
|
||||
apk_tools_min_version = {"edge": "2.12.1-r0",
|
||||
"v3.13": "2.12.1-r0",
|
||||
"v3.12": "2.10.5-r1"}
|
||||
|
||||
# postmarketOS aports compatibility (checked against "version" in pmaports.cfg)
|
||||
pmaports_min_version = "7"
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
# Copyright 2021 Johannes Marbach
|
||||
# Copyright 2021 Johannes Marbach, Oliver Smith
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
import os
|
||||
|
||||
import pmb.chroot.root
|
||||
import pmb.config.pmaports
|
||||
import pmb.helpers.cli
|
||||
import pmb.helpers.run
|
||||
import pmb.parse.version
|
||||
|
||||
|
||||
def _run(args, command, chroot=False, suffix="native", output="log"):
|
||||
|
@ -106,3 +108,26 @@ def apk_with_progress(args, command, chroot=False, suffix="native"):
|
|||
pmb.helpers.cli.progress_flush(args)
|
||||
pmb.helpers.run_core.check_return_code(args, p_apk.returncode,
|
||||
log_msg)
|
||||
|
||||
|
||||
def check_outdated(args, version_installed, action_msg):
|
||||
"""
|
||||
Check if the provided alpine version is outdated, depending on the alpine
|
||||
mirrordir (edge, v3.12, ...) related to currently checked out pmaports
|
||||
branch.
|
||||
|
||||
:param version_installed: currently installed apk version, e.g. "2.12.1-r0"
|
||||
:param action_msg: string explaining what the user should do to resolve
|
||||
this
|
||||
:raises: RuntimeError if the version is outdated
|
||||
"""
|
||||
channel_cfg = pmb.config.pmaports.read_config_channel(args)
|
||||
mirrordir_alpine = channel_cfg["mirrordir_alpine"]
|
||||
version_min = pmb.config.apk_tools_min_version[mirrordir_alpine]
|
||||
|
||||
if pmb.parse.version.compare(version_installed, version_min) >= 0:
|
||||
return
|
||||
|
||||
raise RuntimeError("Found an outdated version of the 'apk' package"
|
||||
f" manager ({version_installed}, expected at least:"
|
||||
f" {version_min}). {action_msg}")
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# Copyright 2021 Oliver Smith
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
import os
|
||||
import copy
|
||||
import sys
|
||||
import tarfile
|
||||
import glob
|
||||
|
@ -113,17 +114,16 @@ def test_signature_verification(args, tmpdir):
|
|||
assert "downgrade attack" in str(e.value)
|
||||
|
||||
|
||||
def test_outdated_version(args):
|
||||
def test_outdated_version(args, monkeypatch):
|
||||
if os.path.exists(args.work + "/apk.static"):
|
||||
os.remove(args.work + "/apk.static")
|
||||
|
||||
# change min version
|
||||
min = pmb.config.apk_tools_min_version
|
||||
pmb.config.apk_tools_min_version = "99.1.2-r1"
|
||||
# Change min version for all branches
|
||||
min_copy = copy.copy(pmb.config.apk_tools_min_version)
|
||||
for key, old_ver in min_copy.items():
|
||||
min_copy[key] = "99.1.2-r1"
|
||||
monkeypatch.setattr(pmb.config, "apk_tools_min_version", min_copy)
|
||||
|
||||
with pytest.raises(RuntimeError) as e:
|
||||
pmb.chroot.apk_static.init(args)
|
||||
assert "outdated version" in str(e.value)
|
||||
|
||||
# reset min version
|
||||
pmb.config.apk_tools_min_version = min
|
||||
|
|
Loading…
Reference in New Issue