Project

General

Profile

Bug #4064

apk fails to install non-repository packages

Added by Ted Trask almost 4 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Target version:
-
Start date:
04/13/2015
Due date:
% Done:

0%

Estimated time:

Description

  • Used 'abuild -r' to build an application package on my edge build box. In particular, I built freeswitch after bumping the pkgrel.
  • scp'd all of the resulting freeswitch packages to another edge box for testing.
  • ran 'apk add -f --allow-untrusted /tmp/freeswitch-1.4.18-r2.apk', and nothing happened. I see no error or success messages, just the normal OK message.

I do not have package caching enabled, therefore the need for '-f'. The new package (freeswitch><Q1cL6NhQwgE7IPZRLhO4bePmdvyWo=) is added to /etc/apk/world, but none of the files are installed. I verified that the package contains the proper files using tar. Any subsequent calls into apk (besides apk del freeswitch) result in ERROR: unsatisfiable constraints.

History

#1 Updated by Ted Trask almost 4 years ago

I added the public key used to sign the package into /etc/apk/keys and retested. I no longer needed the '--allow-untrusted' flag, but the same error occurred. So, it's unrelated to keys and related to adding non-repository packages with no cache.

#2 Updated by Timo Teräs almost 4 years ago

This sounds more like issue with the built packages dependencies.

Did you copy all generated .apks? And use "apk add <all-files-built>"? When adding non-repository files, the dependencies are not automatically picked up unless explicitly adding each .apk package.

#3 Updated by Ted Trask almost 4 years ago

I copied all of the generated apks, but only tried to install the main package. I assumed apk would either find the dependencies in the same directory or tell me what was missing. Otherwise, how am I supposed to know what the missing dependencies are? Is that a feature we could add? Because the current behavior is non-obvious.
Ted
From: "" <>
To:
Sent: Tuesday, April 14, 2015 8:01 AM
Subject: [Alpine Linux - Bug #4064] apk fails to install untrusted application

#yiv7359023426 body {font-family:Verdana, sans-serif;font-size:0.8em;color:#484848;}#yiv7359023426 h1, #yiv7359023426 h2, #yiv7359023426 h3 {font-family:"Trebuchet MS", Verdana, sans-serif;margin:0px;}#yiv7359023426 h1 {font-size:1.2em;}#yiv7359023426 h2, #yiv7359023426 h3 {font-size:1.1em;}#yiv7359023426 a, #yiv7359023426 a:link, #yiv7359023426 a:visited {color:#2A5685;}#yiv7359023426 a:hover, #yiv7359023426 a:active {color:#c61a1a;}#yiv7359023426 a.yiv7359023426wiki-anchor {display:none;}#yiv7359023426 fieldset.yiv7359023426attachments {border-width:1px 0 0 0;}#yiv7359023426 hr {width:100%;height:1px;background:#ccc;border:0;}#yiv7359023426 span.yiv7359023426footer {font-size:0.8em;font-style:italic;}Issue #4064 has been updated by Timo Teräs.
This sounds more like issue with the built packages dependencies. Did you copy all generated .apks? And use "apk add <all-files-built>"? When adding non-repository files, the dependencies are not automatically picked up unless explicitly adding each .apk package.
Bug #4064: apk fails to install untrusted application

- Author: Ted Trask
- Status: New
- Priority: Normal
- Assignee:
- Category:
- Target version:
- Affected versions: 3.2.0

- Used 'abuild -r' to build an application package on my edge build box. In particular, I built freeswitch after bumping the pkgrel.
- scp'd all of the resulting freeswitch packages to another edge box for testing.
- ran 'apk add -f --allow-untrusted /tmp/freeswitch-1.4.18-r2.apk', and nothing happened. I see no error or success messages, just the normal OK message.
I do not have package caching enabled, therefore the need for '-f'. The new package (freeswitch><Q1cL6NhQwgE7IPZRLhO4bePmdvyWo=) is added to /etc/apk/world, but none of the files are installed. I verified that the package contains the proper files using tar. Any subsequent calls into apk (besides apk del freeswitch) result in ERROR: unsatisfiable constraints.You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://bugs.alpinelinux.org/my/account

#4 Updated by Ted Trask almost 4 years ago

Trying to install all of the copied packages still didn't work, as only some were added.
vmail:~# apk add f --allow-untrusted /tmp/freeswitch*(1/2) Installing freeswitch-timezones (1.4.18-r2)(2/2) Installing freeswitch-sample-config (1.4.18-r2)OK: 39 MiB in 56 packagesvmail:~# ls /tmp/freeswitch-*/tmp/freeswitch-1.4.18-r2.apk                /tmp/freeswitch-flite-1.4.18-r2.apk          /tmp/freeswitch-pgsql-1.4.18-r2.apk          /tmp/freeswitch-sangoma-1.4.18-r2.apk        /tmp/freeswitch-timezones-1.4.18-r2.apk/tmp/freeswitch-dev-1.4.18-r2.apk            /tmp/freeswitch-freetdm-1.4.18-r2.apk        /tmp/freeswitch-sample-config-1.4.18-r2.apk  /tmp/freeswitch-snmp-1.4.18-r2.apkvmail:~# 
Ted
From: "" <>
To:
Sent: Tuesday, April 14, 2015 8:22 AM
Subject: [Alpine Linux - Bug #4064] apk fails to install untrusted application

#yiv1334679226 body {font-family:Verdana, sans-serif;font-size:0.8em;color:#484848;}#yiv1334679226 h1, #yiv1334679226 h2, #yiv1334679226 h3 {font-family:"Trebuchet MS", Verdana, sans-serif;margin:0px;}#yiv1334679226 h1 {font-size:1.2em;}#yiv1334679226 h2, #yiv1334679226 h3 {font-size:1.1em;}#yiv1334679226 a, #yiv1334679226 a:link, #yiv1334679226 a:visited {color:#2A5685;}#yiv1334679226 a:hover, #yiv1334679226 a:active {color:#c61a1a;}#yiv1334679226 a.yiv1334679226wiki-anchor {display:none;}#yiv1334679226 fieldset.yiv1334679226attachments {border-width:1px 0 0 0;}#yiv1334679226 hr {width:100%;height:1px;background:#ccc;border:0;}#yiv1334679226 span.yiv1334679226footer {font-size:0.8em;font-style:italic;}Issue #4064 has been updated by Ted Trask.
I copied all of the generated apks, but only tried to install the main package. I assumed apk would either find the dependencies in the same directory or tell me what was missing. Otherwise, how am I supposed to know what the missing dependencies are? Is that a feature we could add? Because the current behavior is non-obvious.
Ted
From: "" <>
To:
Sent: Tuesday, April 14, 2015 8:01 AM
Subject: [Alpine Linux - Bug #4064] apk fails to install untrusted application #yiv7359023426 body {font-family:Verdana, sans-serif;font-size:0.8em;color:#484848;}#yiv7359023426 h1, #yiv7359023426 h2, #yiv7359023426 h3 {font-family:"Trebuchet MS", Verdana, sans-serif;margin:0px;}#yiv7359023426 h1 {font-size:1.2em;}#yiv7359023426 h2, #yiv7359023426 h3 {font-size:1.1em;}#yiv7359023426 a, #yiv7359023426 a:link, #yiv7359023426 a:visited {color:#2A5685;}#yiv7359023426 a:hover, #yiv7359023426 a:active {color:#c61a1a;}#yiv7359023426 a.yiv7359023426wiki-anchor {display:none;}#yiv7359023426 fieldset.yiv7359023426attachments {border-width:1px 0 0 0;}#yiv7359023426 hr {width:100%;height:1px;background:#ccc;border:0;}#yiv7359023426 span.yiv7359023426footer {font-size:0.8em;font-style:italic;}Issue #4064 has been updated by Timo Teräs.
This sounds more like issue with the built packages dependencies. Did you copy all generated .apks? And use "apk add <all-files-built>"? When adding non-repository files, the dependencies are not automatically picked up unless explicitly adding each .apk package.
Bug #4064: apk fails to install untrusted application - Author: Ted Trask
- Status: New
- Priority: Normal
- Assignee:
- Category:
- Target version:
- Affected versions: 3.2.0 - Used 'abuild -r' to build an application package on my edge build box. In particular, I built freeswitch after bumping the pkgrel.
- scp'd all of the resulting freeswitch packages to another edge box for testing.
- ran 'apk add -f --allow-untrusted /tmp/freeswitch-1.4.18-r2.apk', and nothing happened. I see no error or success messages, just the normal OK message.
I do not have package caching enabled, therefore the need for '-f'. The new package (freeswitch><Q1cL6NhQwgE7IPZRLhO4bePmdvyWo=) is added to /etc/apk/world, but none of the files are installed. I verified that the package contains the proper files using tar. Any subsequent calls into apk (besides apk del freeswitch) result in ERROR: unsatisfiable constraints.You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://bugs.alpinelinux.org/my/account
Bug #4064: apk fails to install untrusted application

- Author: Ted Trask
- Status: New
- Priority: Normal
- Assignee:
- Category:
- Target version:
- Affected versions: 3.2.0

- Used 'abuild -r' to build an application package on my edge build box. In particular, I built freeswitch after bumping the pkgrel.
- scp'd all of the resulting freeswitch packages to another edge box for testing.
- ran 'apk add -f --allow-untrusted /tmp/freeswitch-1.4.18-r2.apk', and nothing happened. I see no error or success messages, just the normal OK message.
I do not have package caching enabled, therefore the need for '-f'. The new package (freeswitch><Q1cL6NhQwgE7IPZRLhO4bePmdvyWo=) is added to /etc/apk/world, but none of the files are installed. I verified that the package contains the proper files using tar. Any subsequent calls into apk (besides apk del freeswitch) result in ERROR: unsatisfiable constraints.You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://bugs.alpinelinux.org/my/account

#5 Updated by Ted Trask almost 4 years ago

Just an added note that 'apk add' has an exit status of 0 even though the requested packages were not installed. This is true both when I add just the freeswitch package and when I add all of the freeswitch packages in the same command.

#6 Updated by Timo Teräs almost 4 years ago

Ted Trask wrote:

I copied all of the generated apks, but only tried to install the main package. I assumed apk would either find the dependencies in the same directory or tell me what was missing. Otherwise, how am I supposed to know what the missing dependencies are? Is that a feature we could add? Because the current behavior is non-obvious.

Currently this is non-trivial to implement, but it would probably be doable. However, apk is designed in such a way that packages given by filename are not full grade citizens. I'm not sure what would be the best approach for this as there are several commands that cannot be fully implemented with non-repository packages.

The exit code 0 with failed 'apk add' has been fixed in edge.

If adding all generated .apks does not work, I suppose there is some conflict that prevents them from being installed. And it's probably regression of the new solver code that it prefers to keep to installed version instead of printing an error on the failed dependencies.

#7 Updated by Timo Teräs almost 4 years ago

  • Project changed from Alpine Linux to Alpine Package Keeper
  • Subject changed from apk fails to install untrusted application to apk fails to install non-repository packages
  • Assignee set to Timo Teräs

#8 Updated by Timo Teräs over 3 years ago

  • Status changed from New to Rejected

Ted Trask wrote:

  • ran 'apk add -f --allow-untrusted /tmp/freeswitch-1.4.18-r2.apk', and nothing happened. I see no error or success messages, just the normal OK message.

Only just now noticed the -f or --force. That is the problem. It will override lot of error logic mechanisms so that things work during tmpfs boot. If you try without --force, you should see an error message about the missing dependencies.

Closing as rejected, since --force is working as expected. And you get error without --force.

Also available in: Atom PDF