RepoMirrors/abuild
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/abuild.git synced 2025-01-11 17:29:52 +00:00
Code Issues Projects Releases Wiki Activity
Alpine build tools
1,168 Commits 5 Branches 179 Tags 7.9 MiB
Shell 64.9%
Perl 19%
C 9.8%
Ruby 4.2%
Makefile 2.1%
297de93aef
Go to file
Max Rees 297de93aef abuild-sudo: don't allow --keys-dir 
Not allowing --allow-untrusted is obviously a good idea, but it can be
trivially bypassed if --keys-dir is allowed:

$ abuild-apk add foo-1-r0.apk
ERROR: foo-1-r0.apk: UNTRUSTED signature
$ abuild-apk --allow-untrusted add foo-1-r0.apk
abuild-apk: --allow-untrusted: not allowed option
$ cp -rp /etc/apk/keys /tmp/keys
$ cp untrusted.pub /tmp/keys
$ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
(1/1) Installing foo (1-r0)
OK: 4319 MiB in 806 packages

If both --allow-untrusted and --keys-dir are not allowed, then it should
no longer be possible for an unprivileged member of the abuild group to
add an untrusted package.

$ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
abuild-apk: --keys-dir: not allowed option
2019-06-20 11:36:40 +02:00
.devbuildrc add a .devbuildrc for abuild subproject itself 2009-01-15 16:11:19 +00:00
.editorconfig add .editorconfig and fix code formatting 2016-08-20 16:16:37 +02:00
.gitignore git: ignore abuild-rmtemp executable 2017-09-19 12:02:57 +00:00
abuild-fetch.c abuild-fetch: enable curl certificate verification 2019-04-29 18:31:58 +00:00
abuild-gzsplit.c abuild-gzsplit: new tool to split .apk to it's base components 2017-01-10 14:16:16 +02:00
abuild-keygen.in replace deprecated ... syntax with $(...) in shell scripts 2016-08-23 00:09:07 +02:00
abuild-rmtemp.c abuild-rmtemp: Do not follow symbolic links 2018-10-11 17:46:45 +02:00
abuild-sign.in abuild-sign: actually catch errors while signing 2019-03-05 11:42:15 +00:00
abuild-sudo.c abuild-sudo: don't allow --keys-dir 2019-06-20 11:36:40 +02:00
abuild-tar.c abuild-tar: improve portability 2016-05-20 10:19:08 +02:00
abuild.conf abuild: build in chroot 2017-06-27 14:52:50 +03:00
abuild.in abuild usage fix: fetch does not verify sources 2019-06-12 12:27:14 +00:00
abump.in replace deprecated ... syntax with $(...) in shell scripts 2016-08-23 00:09:07 +02:00
apkbuild-cpan.in apkbuild-cpan.in: add OR to licenses to indicate perl_5 GPL or artistic is a choice 2019-06-12 12:28:42 +00:00
apkbuild-gem-resolver.in add .editorconfig and fix code formatting 2016-08-20 16:16:37 +02:00
apkbuild-pypi.in apkbuild-pypi.in: modernize 2017-09-19 11:59:18 +00:00
APKBUILD.5 APKBUILD.5: match install_if example to abuild.in 2019-06-12 12:24:44 +00:00
apkgrel.in replace deprecated ... syntax with $(...) in shell scripts 2016-08-23 00:09:07 +02:00
bootchartd replace deprecated ... syntax with $(...) in shell scripts 2016-08-23 00:09:07 +02:00
buildlab.in buildlab: replace echos in usage with heredoc 2016-08-23 00:09:07 +02:00
checkapk.in checkapk: remove temporary dir on SIGINT and exit 2018-10-03 10:52:13 +00:00
config.guess abuild: add update_config_guess 2016-08-12 15:26:06 +02:00
config.sub abuild: add update_config_guess 2016-08-12 15:26:06 +02:00
functions.sh.in functions: adjust armhf triplet 2019-04-29 18:19:25 +00:00
Makefile ==== release 3.4.0 ==== 2019-06-14 12:13:23 +00:00
newapkbuild.1 newapkbuild.1: fix mdoc style 2018-10-03 08:24:18 +00:00
newapkbuild.in newapkbuild: use current directory for cmake 2019-06-12 12:21:19 +00:00
sample.APKBUILD sample.APKBUILD: use https for sourceforge download links 2018-09-24 21:43:49 +02:00
sample.confd sample: use lowercase in init.d/conf.d sample files 2009-12-30 08:55:33 +00:00
sample.initd sample.initd: modernize 2016-06-13 12:34:05 +00:00
sample.post-install abuild: fixes for new install scripts 2009-03-06 17:51:53 +00:00
sample.pre-install abuild: fixes for new install scripts 2009-03-06 17:51:53 +00:00