This fixes ordering for the following patterns:
* 1.0 < 1.0a
* 1.0a < 1.0ab
* 1.0a < 1.0a1
Note that trailing zeros are still ignored (1.0 == 1., 1test0 == 1test),
which matches the behaviour of dpkg and opkg.
Version strings with the same prefix, e.g. "1.0" and "1.0~pre", or even
"1.0" and "1.0.1" were considered equal. This is a regression in the C
autoupdater rewrite.
Give the user a better error message when allocations fail by using our
checked allocation functions.
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
[Matthias Schiffer: squash, use safe_realloc]
safe_malloc() and safe_realloc() are wrappers around malloc() and realloc()
than abort the process if the memory allocation fails.
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
[Matthias Schiffer: add safe_realloc()]
Previously the return value of uci_alloc_context was not checked leading
to a possible null ptr dereference
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
[Matthias Schiffer: use abort()]
Previously supplying an invalid url for download would result in
uclient_new returning NULL and crash the autoupdater as soon as
cl->priv is accessed.
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
This new version of the autoupdater is implemented in C instead of Lua,
allowing us to interface with libuclient (HTTP downloads) and libecdsautil
(signature checks) directly instead of spawning external processes,
saving RAM and making error handling more robust.
[Matthias Schiffer: add commit message]
The -T parameter only seems to limit the maximum time between received
packets, but not the overall run time.
This adds simple timeouts to the wget calls (5 minutes for the manifest,
30 minutes for the image). The implementation is very simple, only checking
the manifest timeout each time a line was received, and the image timeout
once a second. A more elegent fix seems like overkill, as the Lua
autoupdater will be replaced with a new implementation after Gluon 2016.2
anyways.
All executables in download.d are executed before after the update manifest
has been verified, but before the image is downloaded. This can be used to
stop non-essential services to free RAM.
abort.d is run when the download has failed and should revert the actions
of download.d.
The oneshot update now won't be considered until 24h after the priority delay
has passed (so regular updates should have at least one chance to do the updates
even for PRIORITY=0 updates)