mirror of https://github.com/csmith/apkutils synced 2026-01-20 20:26:17 +01:00

No description

Find a file

Chris Smith 414b1a8ad8 Fix FlattenDependencies not skipping packages If a package is referred to be a specifier such as "pc:foo" instead of its actual name, we would never skip that as already resolved as we tracked it by package name. In some rare cases this can cause an infinite loop. Fix by simply deferring the "already resolved" check until we've resolved the name, and use that.		2025-12-17 12:00:53 +00:00
.github	Dependencies: switch to weekly with cooldown	2025-11-26 11:51:27 +00:00
examples	Bump to v2	2024-12-20 17:52:53 +00:00
keys	Bump to v2	2024-12-20 17:52:53 +00:00
.gitignore	Initial version	2024-12-19 21:10:48 +00:00
CHANGELOG.md	Fix FlattenDependencies not skipping packages	2025-12-17 12:00:53 +00:00
dependencies.go	Fix FlattenDependencies not skipping packages	2025-12-17 12:00:53 +00:00
go.mod	Drop minimum go version	2025-08-25 22:14:52 +01:00
index.go	Initial version	2024-12-19 21:10:48 +00:00
LICENCE	Initial version	2024-12-19 21:10:48 +00:00
read.go	Initial version	2024-12-19 21:10:48 +00:00
README.md	Initial version	2024-12-19 21:10:48 +00:00
verify.go	Fix various verification bugs	2024-12-20 17:44:17 +00:00

apkutils

apkutils contains utilities for operating on Alpine packages and package indices from Go.

Specifically it can:

Verify the public key signature in an APKINDEX.tar.gz bundle, then parse out the contents of the index. See examples/verify-and-parse-index.
Verify the public key signature in an APK file, and then verify the hash of the contents that is stored in the metadata, then return the content of the APK. See examples/verify-and-read-apk
Given the package information from an APKINDEX, recursively resolve dependencies of packages to generate a bill of materials/list of packages to install. See examples/flatten-dependencies

Contributions of further functions or enhancements are welcome!