package-manager: migrate to apk-tools JSON API#8463
package-manager: migrate to apk-tools JSON API#8463Konstantin-Glukhov wants to merge 1 commit intoopenwrt:masterfrom
Conversation
Konstantin-Glukhov
force-pushed
the
package-manager
branch
from
0bb60ef to
fb13ead
Compare
|
Two comments: we need to maintain support for opkg until 24.10 goes out of support, in case anything gets backported to 24.10. It looks like opkg gets removed here. I'd like an OK from at least @efahl also. |
|
I'm still digesting it before review. And although my conceptual opinion is that this is a good cleanup, getting rid of a bunch of old junk, I think we need some input from @Ansuel as he's the one who migrated from opkg-only to dual package manager support, and surely has some opinions on this. |
I was not aware that 24.10 needs to be maintained in the master branch. I will merge the prior stuff back. |
I'd wait a bit on that, it may be the case that this is fine for master and 25.12, and that we can just maintain 24.10 package manager independently. (I personally would like that, but it's not my call. 🙂) |
OK, if it is decided to have the dual functionality (opk+apk), then I have the change is tested and staged for a commit. |
|
Retain opkg for now, please. |
|
@Konstantin-Glukhov Please also consider changing |
If anything, this should probably have a checkbox for this flag, so user's don't blindly install harmful code. |
|
I'm against allow untrusted... also the APK are now also signed so official .apk should also work from the upload page. |
|
Fair. I figure the problem is apk from external repos (I've been contemplating a 'repo' file format that one can drag+drop onto the repokeys page, so adding repos would be easy) or from their own build environment. |
|
There is no point to use Upload Package for trusted packages, because it's simply possible to install them let's call it "official way". The "Upload package" button is really used for uploading untrusted packages. Otherwise there is no point to keep it in Luci. It's fine to have a check box to allow untrusted packages and/or some warning, but users should have a choice. |
|
@XCas13 what about situation when the device doesn't have connection ? |
Agree, this case is also real, but imho most often users will be trying to install untrusted packages. I'm not asking about creating a security breach, but about better user experience. You can connect by ssh and run |
Replace legacy opkg status parsing with native apk-tools JSON queries. This modernizes the backend calls and improves dependency resolution. - Implement 'apk query --format json' for package data retrieval. - Add robust regex for versioned dependencies (e.g., name>=version). - Update version comparison to handle APK date-based revisions. - Fix label-input associations to resolve accessibility warnings. - Retain deprecated opkg fallback logic for LuCI master. Signed-off-by: Konstantin Glukhov <KGlukhov@Hotmail.com>
Konstantin-Glukhov
force-pushed
the
package-manager
branch
from
fb13ead to
b6d2cd8
Compare
|
I pushed the change that leave opkg functionality alone. If you decide to add '--allow-untrusted' option, I would happily do this. Just let me know. |
5 participants
Replace legacy opkg status parsing with native apk-tools JSON queries. This modernizes the backend calls and improves dependency resolution.
NOTE: The change rational is discussed in openwrt/openwrt#22512
Signed-off-by: <my@email.address>row (viagit commit --signoff)<package name>: titlefirst line subject for packages