alpinelinux / aports-turbo Goto Github PK
View Code? Open in Web Editor NEW[MIRROR] Alpine Linux package database
Home Page: https://gitlab.alpinelinux.org/alpine/infra/aports-turbo
License: MIT License
[MIRROR] Alpine Linux package database
Home Page: https://gitlab.alpinelinux.org/alpine/infra/aports-turbo
License: MIT License
They are hidden even when I want to select the text from the message popup itself.
(Tested in Chrome 49 on Windows 7 x64)
Currently with any version of Alpine-Linux from the Dockerhub repositories attempting to install any package with py-cffi as a dependency will return not found as it is looking for py-cffi-1.3.0 whereas it appears that on alpine-linux apk package repo it is currently version 1.4.2
https://pkgs.alpinelinux.org/package/community/x86_64/py-cffi
In the flagged section when there are limited results the tooltip applied to the message icon will be hidden behind the parent div which has overflow-x:auto set. We need overflow-x to make the table kind of usable on smaller screens.
One solution would be to make the parent div min-height set to 100% to allow the tooltip to use the extra space below the table, but this does not work.
A solution without the use of JavaScript would be preferred.
As apk-tools will probably never have this feature, maybe it would be a nice addition to add them to its own table in our db.
It is possible that two maintainers might have the same name if it is a common one. So we should use email addresses instead.
Is there an HTTP API available to get a list of all packages?
This should make it easier to find contents when a package exists in multiple repositories.
Flagging stable packages makes no sense as we never upgrade versions in stable except for bugs and security issues. We should instead change the flag button to a report button and redirect to bugs.alpinelinux.org.
It would be nice to have autolinking URLs in message popups, so we could simply click such link. Bells and whistles kind of thing, I guess, but would be useful for people browsing /flagged that are not maintainers (as maintainers get messages in their mailboxes).
Remember to use rel="nofollow" in a tag if ever implementing that.
Hey,
it would be very awesome if you could add an OpenSearch description file. That way the user cann add the package search to the browser and simply use the browser to search dircetly thru the package database.
I addded you an untested version of the correct xml and header tag.
<link rel="search" type="application/opensearchdescription+xml" href="opensearch.xml" title="Alpine Linux Package Database"/>
<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://mozilla.org/2006/browser/search">
<ShortName>Alpine Linux Package Database</ShortName>
<Description>Search for Alpine Linux packages (apk)</Description>
<Tags>linux alpine packages apk</Tags>
<Contact>[email protected]</Contact>
<Url type="text/html" method="GET" template="https://pkgs.alpinelinux.org/packages">
<Param name="name" value="{searchTerms}"/>
<Param name="repo" value="all"/>
<Param name="arch" value="x86_64"/>
<Param name="maintainer" value="all"/>
</Url>
<LongName>Alpine: Search packages</LongName>
<Image height="16" width="16" type="image/png">https://alpinelinux.org/favicon.ico</Image>
<InputEncoding>UTF-8</InputEncoding>
</OpenSearchDescription>
Thanks and greetings
Leo
The search is case-sensitive, it would be more intuitive if the search would be case-insensitive.
As package names are always lower-case there should not be any problems.
the contents and packages related templates are primarily using the triple braced interpolation which does no html escaping, when typically they should be using the double braced interpolation that atuomatically performs escaping.
quotes and html characters in values from form inputs or package metadata can wreck the output. An example of this already exists without any maliscious input, the maintainer select options has a piece templated out like:
<option value="Steffen Lange">Steffen Lange</option>
<option value="Stuart Cardall">Stuart Cardall</option>
<option selected value="Stuart Cardall <[email protected]> Cameron Banta">Stuart Cardall <developer...</option>
<option value="Sören Tempel">Sören Tempel</option>
<option value="Ted Trask">Ted Trask</option>
notice that the < and > characters aren't being transformed into > and < where appropriate - a quote would not either, as seen if we put a value with a quote in the packages form (here I've inserted the alpine logo into the middle of the page by crafting the query):
luckily modern browsers are good at detecting reflected XSS, so its not easy to use this to execute arbitrary javascript. But a browser wouldn't be able to detect scripts that come from maliscious package information. If i was able to sneak in an evil package author, description or url into the apk indexes these pages would display it.
i would imagine you actually want to use the double braces in your templates for everything except your header and footer includes.
PS I know nothing about lustache other than what i read in the variables section o fthe readme: https://github.com/Olivine-Labs/lustache#variables
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.