Commit Graph

125 Commits

Author SHA1 Message Date
Leonid Pliushch
a40783aad4
apt: remove broken symlinks
Since we are removing "mirror" method, symlinks mirror+copy, mirror+file,
mirror+ftp and similar should be removed too.
2021-07-10 00:35:44 +03:00
Lucy Phipps
6ba2862ab5
apt: update to 2.3.6 2021-06-27 02:45:32 +01:00
Leonid Pliushch
c9c1187857
apt: update default repository url
Using packages.termux.org since it is now a primary host.
2021-06-03 16:07:39 +03:00
Suhan G Paradkar
3dc78812f1
Updates to a few packages (#6850)
* Update apt

* Update bat

* Update caddy

* Update clash

* Update croc

* Update dar

* Update exiftool

* Update ffsend

* Update delve

* Update imagemagick

* Update libxml2

* Update micro

* Update mime-support

* Update notmuch
2021-05-25 07:39:23 +05:30
Leonid Pliushch
0a8eed0361
apt: update to 2.3.3 2021-05-03 18:08:14 +00:00
Lucy Phipps
1d7298d31c
apt: update to 2.3.2 2021-04-25 16:24:45 +01:00
agnostic-apollo
71025e6b4e apt: update to 2.2.2 2021-04-04 07:29:54 +05:00
Lucy Phipps
adb1ddc2c8
apt: update to 2.2.0 2021-02-25 13:50:56 +00:00
Leonid Pliushch
c061024982
apt: update patches
***

This commit contains further changes to user agent string in addition
to introduced in fd66e2fe2920cdcf39006643c1341ae27f3029d9.

Now it will send installation prefix obtained by /proc/self/exe. It
should resist patching `apt` with sed or in other way. Reminding that
installation prefix provided in user agent http header is intended for
distinguishing Termux from derivatives.

Here are sample lines from my mirror logs showing usage of Termux repo
by third-party projects:
```
162.158.103.43 - - [21/Jan/2021:09:46:43 +0200] "GET /dists/stable/Release HTTP/1.1" 304 0 "-" "Termux-PKG/1.0 mirror-checker (termux-tools 0.104) Termux (pl.sviete.dom; install-prefix:/data/data/pl.sviete.dom/files/usr)"
162.158.210.8 - - [20/Jan/2021:06:24:54 +0200] "GET /dists/stable/InRelease HTTP/1.1" 404 146 "-" "Debian APT-HTTP/1.3 (2.1.15) Termux (vn.vhn.vsc; install-prefix:/data/data/vn.vhn.vsc/files/usr)"
162.158.210.142 - - [20/Jan/2021:06:24:54 +0200] "GET /dists/stable/Release.gpg HTTP/1.1" 304 0 "-" "Debian APT-HTTP/1.3 (2.1.15) Termux (vn.vhn.vsc; install-prefix:/data/data/vn.vhn.vsc/files/usr)"
```

***

CloudFlare firewall for termux.org and termux-mirror.ml hosts would be
adjusted to block all requests which do not have install-prefix set or
if the latter doesn't match one of the Termux.
2021-02-03 22:33:22 +02:00
Leonid Pliushch
5b5f81f1fb
apt: update to 2.1.18 2021-02-03 21:08:41 +02:00
Leonid Pliushch
896ad3a3c9
apt: update to 2.1.15 2021-01-07 13:54:51 +02:00
Leonid Pliushch
c5eeff5b0b
apt: add xxhash as dependency 2020-12-24 16:45:21 +02:00
Leonid Pliushch
fd66e2fe29
get rid of verify-prefix.patch.txt
Switching to a more "soft" solution which will be focused on apt only.

Apt will now send an application package name (com.termux) and prefix
(/data/data/com.termux/files/usr) as part of user-agent string. That
will allow to distinguish real Termux users from parties which download
our packages and binary-patching them for the custom prefix.

Note that this will disable user's possibility to set custom User-Agent
for apt.
2020-12-24 16:42:32 +02:00
Leonid Pliushch
271d8b1b59
apt: update to 2.1.14 2020-12-24 15:48:29 +02:00
Leonid Pliushch
37375312b9
explicitly set maintainer for each package
In issue https://github.com/termux/termux-packages/issues/6160 I have found
that community repo "its-pointless.github.io" specifies us as maintainer
for its packages. This is NOT TRUE and potentially misleads people using
these packages.

Now TERMUX_PKG_MAINTAINER will contain a default value which is neutral
and not specify maintainer. So all packages now have to override it to
the correct value.

[skip ci]
%ci:no-build
2020-12-20 15:16:34 +02:00
Leonid Pliushch
6eb165b3bf
apt: fix patch 2020-12-11 18:11:51 +02:00
Leonid Pliushch
27ed137858
apt: fix patch 2020-12-11 17:49:02 +02:00
Leonid Pliushch
ca4359c981
apt: update to 2.1.13 2020-12-11 17:38:20 +02:00
Leonid Pliushch
14aa1996ae
apt: bump revision 2020-12-07 20:29:20 +00:00
Leonid Pliushch
0686801218
apt: update to 2.1.12 2020-12-07 20:10:06 +00:00
Leonid Pliushch
030ea9465e apt: need libgnutls 2020-11-05 19:35:50 +02:00
Leonid Pliushch
91fa3a889b apt: try fix glob on android 7 2020-11-05 19:17:02 +02:00
Leonid Pliushch
9dffff8858 apt: fix arguments for getsockopt causing errors on i686 2020-11-05 18:29:01 +02:00
Leonid Pliushch
e217e4cf04 apt: add -Wno-c++11-narrowing to CXXFLAGS 2020-11-05 18:11:03 +02:00
Leonid Pliushch
06fbff4755 apt: update to 2.1.11 2020-11-05 17:17:56 +02:00
Leonid Pliushch
9b92a45bc6 fix Termux hardcoded directories in apt, rsnapshot 2020-10-30 22:32:52 +02:00
Leonid Pliushch
7e89e130ce apply prefix verification patches again - now shouldn't cause crash 2020-09-28 02:54:13 +03:00
Leonid Pliushch
a6102de687 Revert "add patches for prefix verification"
This reverts commit 2703e4f68f856bb816c695ab53118306ba8104a4.

https://github.com/termux/termux-packages/issues/5858 - seem to be buffer overflow...
2020-09-28 01:37:34 +03:00
Leonid Pliushch
9d92a7360c add patches for prefix verification - prevent use of prebuilt packages by third parties
Add a small stub which verifies whether /data/data/com.termux/files/usr is readable
into few important packages such like Bash or APT. If this check fails, e.g.
in case if binary was executed in program with different package name (non-Termux),
program will print warning and exit with error status immediately.

This should prevent use of prebuilt packages by third-party applications.

NOTE: for now it uses /data/data/com.termux/files/usr in reversed order to
prevent automatic "blind" patching with sed. Will replace with randomized
XOR-based variant in case if that measure won't be enough.
2020-09-28 00:10:00 +03:00
Leonid Pliushch
9d022115ca apt: bump revision 2020-08-01 02:29:15 +03:00
Lucy Phipps
ad6251f97c apt: allow bzip2 2020-08-01 05:27:27 +01:00
Butta
b6dfeec127 apt: update from 1.4.9 to 1.4.10, use Termux cache directory, and keep downloaded packages by default 2020-07-31 19:28:18 +03:00
Leonid Pliushch
af5fc36867 apt: fix regression when building of apt-ftparchive was disabled and produced empty subpackage 2020-07-09 20:29:22 +03:00
its-pointless
e16ed5140d rebuild apt for new libc++ 2020-07-09 13:51:35 +02:00
Henrik Grimler
6c4affb005 Bump liblzma and dependent packages to restart CI
All except php since it has been uploaded manually
2020-03-20 08:54:28 +01:00
Leonid Pliushch
6d7e9429f7 bump liblzma-dependent packages 2020-03-19 20:58:37 +02:00
Leonid Pliushch
5aa214736c apt: show more informative messages if "repository has no release file"
During repository updates & cleanup there can be a short period of time
when repository metadata is not consistent. There may appear an error
like

 E: The repository 'https://termux.org/package stable Release' does not have a Release file.
 N: Updating from such a repository can't be done securely, and is therefore disabled by default.
 N: See apt-secure(8) manpage for repository creation and user configuration details.

but it may not be clear for some users what can cause the issue.

This commit improves the situation a bit.
2020-01-16 01:55:34 +02:00
Leonid Pliushch
cac8691700 apt: unsplit libapt-pkg as apt depends on it 2019-11-20 23:42:23 +02:00
Henrik Grimler
3abcf56444 apt: add apt-ftparchive and libapt-pkg subpackages 2019-11-20 21:12:44 +01:00
Leonid Pliushch
0bcdeecc1a apt: move gnupg to suggests to prevent its automatic installation during upgrade 2019-11-13 17:09:37 +02:00
Leonid Pliushch
dc14c12940 apt: prevent usage of certain commands as root
Usage of package manager as root has certain bad effects in Termux such as
messed up SELinux contexts and ownership. Root checks done in 'pkg' wrapper
are not reliable because one can execute 'apt' directly or with third-party
script downloaded from the Internet.

This commit adds user id check and if it found that uid is 0, apt will
refuse to do any work in root session. These checks done in such way so
they cannot be bypassed in any way unless command is executed as non-root
user.

Those who use Termux via ADB root shell should be able to switch to Termux
user id with command 'su' in order to have package manager working.

---

This change also affects the 'termux-info' utility:

 * It will no longer use 'apt policy' to detect subscribed repositories. Each
   source will be checked by script manually.

 * Information will be copied to clipboard only if 'termux-api' is installed.

 * Syntax error in timeout command is fixed: 'timeout' doesn't understand the
   argument '-t'.

 * Minor information entries reordering.
2019-11-13 16:38:40 +02:00
Leonid Pliushch
7e6a37fe9a apt: update patches
Reorganize patches for better understanding and ensure they are applied in
expected order.

Another changes:

 * gnupg is now in recommends (used by apt-key).

 * x11-repo is now in suggests.

 * TCSAFLUSH patch is dropped because it is covered by one of NDK patches
   where TCSAFLUSH value is replaced with TCSANOW.
2019-11-13 14:43:04 +02:00
Leonid Pliushch
1786c2d897 apt: use redirectable (termux.org) url for main repository
Makes possible to redirect traffic to mirror in case if main
repository is down (like in https://github.com/termux/termux-packages/issues/4358).
2019-10-20 21:44:43 +03:00
Leonid Pliushch
aebb1ab86c Revert "apt: use redirectable url for main repository"
Reverting since it causes https://github.com/termux/termux-app/issues/1286.

This reverts commit afb59ff17a77943df304159e0fe8ea770fa4bd6b.
2019-10-17 16:14:54 +03:00
Leonid Pliushch
cda2a692fa apt: use redirectable url for main repository
Makes possible to redirect traffic to mirror in case if main
repository is down (like in https://github.com/termux/termux-packages/issues/4358).

Will add small overhead due to http redirect.
2019-10-17 14:14:01 +03:00
Leonid Pliushch
9cb03b6870 apt: add man pages
Fixes https://github.com/termux/termux-packages/issues/2419.
2019-09-23 20:37:00 +03:00
Fredrik Fornwall
ea6b9a4503 apt: Fix build with current cmake 2019-09-17 20:39:03 +02:00
Leonid Pliushch
ba7f9f1c53 apt: fix subpackage script 2019-08-20 14:50:17 +03:00
Leonid Pliushch
c352216c63 packages: standardize values of several control variables for build.sh
Variables

 TERMUX_PKG_PLATFORM_INDEPENDENT
 TERMUX_DEBUG
 TERMUX_PKG_HAS_DEBUG
 TERMUX_PKG_ESSENTIAL
 TERMUX_SUBPKG_ESSENTIAL
 TERMUX_PKG_NO_STATICSPLIT
 TERMUX_PKG_BUILD_IN_SRC
 TERMUX_PKG_FORCE_CMAKE
 TERMUX_PKG_HOSTBUILD

should not accept arbitrary values for marking them "enabled". Instead
they should accept boolean values which makes them easier to handle and
also makes their meaning clear.

build-package.sh should make decision based on variable's value but not on
whether it is set or empty.

%ci:no-build
2019-08-12 18:49:13 +03:00
Leonid Pliushch
c81d4c8698 add stubs to prevent on-device building packages with dangerous operations in build.sh
%ci:no-build
2019-08-08 16:58:34 +03:00