[apk] package file format error

[cnt0]

What happened?

OK, I build the apk package with the following config

# ...
contents:
- src: ./install
  dst: /usr
  type: tree

apk:
  signature:
    key_file: xxxx.rsa
    key_name: xxxx.rsa.pub

uploaded to local repository and trying to install it. I'm getting the following error:

$ doas apk add my_package
ERROR: my_package: package file format error

I managed to investigate this problem on the apk side and found that it complains about the missing mode data in the archive. So it can be worked around by modifying the nfpm.yaml like this:

# ...
contents:
- src: ./install
  dst: /usr
  type: tree
  file_info:
    mode: 0755
# ...

However, this file_info attribute is actually very dangerous with such config, cause it can overwrite your /usr/bin, /usr/lib, etc permissions with some incorrect value, resulting in unusable system. So I'd rather fix the appropriate parts of nfpm code.

How can we reproduce this?

prepare the apk package with config described above, add to the repository and try installing it with apk add command

nfpm version

the one from https://github.com/goreleaser/nfpm/pull/804 (so git main, essentially)

Search

• [X] I did search for other open and closed issues before opening this.

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

Additional context

No response

[caarlos0]

I think this will be fixed by #834