In order to be fully secure, we can't only sign packages. We also need
to sign our repository metadata to prevent database falsification,
dependency injection, etc. Add an '-s/--sign' option that allows this
functionality, and will generate a .sig file side-by-side with the
package database.
While at it, fix the issue where a signature file would never be found
because of 'cd' madness (this needs fixing in another commit).
Signed-off-by: Dan McGee <dan@archlinux.org>
Use base64 encoding to store the value in the database if a .sig file exists
for the package being added.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a rather simple patch to add signing support to makepkg. Add a
create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf,
and document the changes in the makepkg.conf manpage.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
Wrap lines of long length, noticed while creating and messing around
with some of the other maint branch patches.
Signed-off-by: Dan McGee <dan@archlinux.org>
Noticed with the openoffice/libreoffice replacement scheme where many
packages are listed as replacements to one package, thus electing it for
removal multiple times. Ensure a given package is not already present
before placing it in the removal list.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a rather serious data corruption issue that luckily manifested
itself today in a noticable way. A package in testing had replaces
entries read in as ["%RE pkgname", "%RE"] which was clearly wrong. This
happens when we hit the end of an archive block, do not have a newline,
and have to continue reading from the next block to complete the line.
Signed-off-by: Dan McGee <dan@archlinux.org>
Drawing progress bars before calling curl_easy_perform() is needless as
the curl progress callback is called with zero progress before actually
downloading the file anyways. Fixes display of "0%" progress bars when
sync'ing package databases that are already up to date.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
Remove unnecessary output when using -Sp. Fixes FS#23340.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is by no means a guarantee of this behavior remaining the same in
the future, but it is easy enough to do what we used to in this case by
delaying any sort of error condition until after we are completely done
parsing options. Addresses FS#23370.
Signed-off-by: Dan McGee <dan@archlinux.org>
This was discussed and more or less agreed upon on the mailing list. A
huge checkin, but if we just do it and let people adjust the pain will
end soon enough. Rebasing should be relatively straighforward for anyone
that sees conflicts; just be sure you use the new return style if
possible.
The following semantic patch was used to do the change, along with some
hand-massaging in order to preserve parenthesis where appropriate:
The semantic match that finds this problem is as follows, although some
hand-massaging was done in order to keep parenthesis where appropriate:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression a;
@@
- return(a);
+ return a;
// </smpl>
A macros_file was also provided with the following content:
Additional steps taken, mainly for ASSERT() macros:
$ sed -i -e 's#return(NULL)#return NULL#' lib/libalpm/*.c
$ sed -i -e 's#return(-1)#return -1#' lib/libalpm/*.c
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a Debian patch (from #347650) that makes libtool play nicely
with "-Wl,--as-needed".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
Noted in FS#23342. When the user attempts to install an ignored package
and answers no when asked whether to install it, pacman bails out with:
"error: target not found: packagename"
This is because satisfiers are not found for the package and execution
continues to process_group(), where the package is treated as a group
(which does not exist).
In addition, test ignore006.py is updated with PACMAN_RETCODE=0 since
saying no to installing an ignored package should not be considered an
error.
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Prevents issues where optdepends descriptions contain a bracket.
Also, strip all comments from arrays before joining them.
Fixes FS#23307.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We erroniously dropped the call to _alpm_delta_parse() when macro-izing,
causing segfaults for repos that provide deltas. Addresses FS#23314.
Signed-off-by: Dan McGee <dan@archlinux.org>
Support for this script was removed in makepkg by commit b4e1365. Delta
creation support has been provided by scripts/pkgdelta.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Partially addresses the "why doesn't CheckSpace work in a chroot" issue.
We can't make it work, but we can at least detect when it won't work by
checking for a partition for our given installation root. If we can't
determine the mountpoint for this, bail out with an error.
Signed-off-by: Dan McGee <dan@archlinux.org>
Change the term 'packages' to 'targets' in the synopsis as well, since
command line parameters could just as well be groups, repos, or URLs.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This makes all the pacman developers' jobs harder as we have to switch
files whenever running multiple pacman versions and are using newly
introduced options. Instead of erroring out, print warnings and continue
on.
This patch also fixes a const-correctness issue. We immediately cast a
'const char *' to a 'char *' in setrepeatingoption(), which is just
plain wrong as we manipulate the underlying string. Fix the types and
remove the now unnecessary variable.
Finally, a few messages change here for consistency and clarity and
because we continue parsing rather than bailing out on a problem.
Signed-off-by: Dan McGee <dan@archlinux.org>
This prevents a regression for people who enjoy piping yes to pacman to
avoid prompts.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This was totally screwed under a 'make distcheck' invocation. Bring it
inline with what we have (and what works!) in scripts/Makefile.am. This
was broken/introduced in commit 05f0a28932.
Signed-off-by: Dan McGee <dan@archlinux.org>
this is just some debuggery to allow pacman to operate with both fetch
and curl at the same time. use the PACMANDL variable to control which
library is used.
Signed-off-by: Dave Reisner <d@falconindy.com>
This is a feature complete re-implementation of the fetch based internal
downloader, with a few improvements:
* support for SSL
* gzip and deflate compression on HTTP connections
* reuses a single connection over the entire session for lower resource
usage.
Signed-off-by: Dave Reisner <d@falconindy.com>
Add PM_ERR_LIBCURL to error enum and handle case in error.c by returning
curl_easy_strerror() based on the error number carried by the gloabl alpm
handle.
Signed-off-by: Dave Reisner <d@falconindy.com>