xbps icon indicating copy to clipboard operation
xbps copied to clipboard
verified publisher icon void-linux

[RFC] lib: don't allow xbps self-update to bypass integrity checks

Open oreo639 opened this issue 1 year ago • 2 comments

cc: @Duncaen

Right now, this is just a dumb implementation of the fix to get feedback, ~~this does not currently remove the xbps_autoupdate() mechanism.~~ Ofc if you prefer to go a different route (e.g. static linking) please let me know.

You can test this using libhelloworld and test1 from https://github.com/void-linux/xbps/issues/580 and then having xbps depends on libhelloworld>=<helloworld_version> where helloworld_version would be 1 for the first build and 2 for the second ofc.

Closes: https://github.com/void-linux/xbps/issues/592

oreo639 avatar Apr 15 '24 10:04 oreo639

I made an alternative version where the self-update check is kept, but just made into a warning if that is preferable? https://github.com/oreo639/xbps/commit/8cb137a49c1a6eff83eb960677955c87cf18c368

oreo639 avatar Feb 28 '25 06:02 oreo639

Seems reasonable to make it a warning.

Duncaen avatar Feb 28 '25 13:02 Duncaen