1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-12-23 08:18:51 -05:00
Commit Graph

5455 Commits

Author SHA1 Message Date
Dave Reisner
d080a469a0 pacman-key: Do not reinterpret keys from revoked keyrings
Given a revoked keyring containing only:

  BC1FBE4D2826A0B51E47ED62E2539214C6C11350

We should only disable this specific keyid. This change enforces that the
contents of the -revoked keyring file are full fingerprints which can uniquely
identify a key.

Before:

  # pacman-key --populate archlinux
  ==> Appending keys from archlinux.gpg...
  ==> Locally signing trusted keys in keyring...
    -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
    -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
    -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
    -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
    -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
  ==> Importing owner trust values...
  ==> Disabling revoked keys in keyring...
    -> Disabling key 1390420191...
    -> Disabling key E2539214C6C11350...
    -> Disabling key 8544EA82113502DE...
  ==> Updating trust database...
  gpg: next trustdb check due at 2014-01-22

After:

  # pacman-key --populate archlinux
  ==> Appending keys from archlinux.gpg...
  ==> Locally signing trusted keys in keyring...
    -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
    -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
    -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
    -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
    -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
  ==> Importing owner trust values...
  ==> Disabling revoked keys in keyring...
    -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
  ==> Updating trust database...
  gpg: next trustdb check due at 2014-01-22

Partially addresses FS#35478. This does nothing to confirm whether or not the
key was successfully disabled -- a ridiculously simple request which appears to
be far too difficult for gpg to manage.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-04 14:01:41 +10:00
Simon Gomizelj
dd62fde53e validate %FILEPATH% when parsing repo dbs
Currently we make no effort to validate the %FILENAME% field in the
repo db. This allows for relative paths to be considered valid.

A carefully crafted db entry with a malicious relative path,
(e.g. `../../../../etc/passwd`) will cause pacman to to
overwrite _any_ file on the target's machine.

Add the following validation:

- doesn't start with '.'
- doesn't contain a '/'
- won't overflow PATH_MAX

Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-04 13:45:12 +10:00
Allan McRae
fe794ccb25 Restrict pkgname from starting with a dot.
Adding this restriction means we can filter any FILENAME entry from
starting with a "/" or a ".".  Use the term "dot" as it is more
computing relevant compared to "full stop" or "period" which vary
depending on English locale.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-04 13:38:48 +10:00
Andrew Gregory
cbbd3781c2 improve dir->file transition conflict resolution
Packages removed due to conflicts are always removed at the beginning of
the transaction and as such can be included in the check for whether all
owners of a directory will be removed in a transaction.  Installed
versions of packages being upgraded, other than the one with the
conflict, cannot be used because our transaction ordering is not
intelligent enough to ensure that they are removed prior to the
installation of the conflicted package.

Also, return false from dir_belongsto_pkgs on errors.  Previously, we
simply continued which could return true even if we were unable to
actually establish that the package owned the entire tree.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-03 13:33:47 +10:00
Andrew Gregory
47762ab687 query_fileowner: remove symlink support
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-03 13:33:47 +10:00
Andrew Gregory
b1e495b88d unlink_file: treat symlinks like normal files
We always want to work with the package file itself, not its target if
it's a symlink.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-03 13:33:47 +10:00
Andrew Gregory
bc3e73fc8f extract_single_file: consolidate symlink cases
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-03 13:33:47 +10:00
Andrew Gregory
c91d948486 conflict.c: check for file -> dir replacements
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-03 13:33:47 +10:00
Andrew Gregory
0b3d04719d conflict.c: exclude trailing slash from file path
After the initial checks, we either use the path as a directory and have
to append the trailing slash anyway or use it as a file in which case
the trailing slash should be excluded.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-03 13:33:47 +10:00
Andrew Gregory
aa7e42db11 conflict.c: do not ignore symlink<->dir conflicts
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-03 13:33:47 +10:00
Andrew Gregory
5cfa4ec47e alpm_filelist: remove resolved_path
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-03 13:33:47 +10:00
Andrew Gregory
0c41663c7b update tests for symlink support removal
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-03 13:33:47 +10:00
Jason St. John
9ca423b981 Revise pacman(8)
Resolve several grammatical errors and minor formatting consistency issues
in pacman(8). Generalize the "FTP servers" and package file extension
information.

Signed-off-by: Jason St. John <jstjohn@purdue.edu>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-30 13:12:00 +10:00
Jason St. John
5df5d2c411 Revise PKGBUILD(5)
Resolve several grammatical errors and minor formatting consistency issues
in PKGBUILD(5).

Signed-off-by: Jason St. John <jstjohn@purdue.edu>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-30 13:11:46 +10:00
Florian Pritz
477fd794a0 makepkg-template: add --version and some license info
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-30 13:11:02 +10:00
Eric Bélanger
f1d74d928a Remove backslash typo from makepkg man page
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2013-05-29 14:45:45 +10:00
Florian Pritz
a36d4b2831 makepkg-template: Stop using given/when
given/when has been marked experimental in perl 5.18 because it will
change it 5.20. if/else is ugly, but hiding the generated warning is no
good solution either, so we us if/else for now.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:17:21 +10:00
Florian Pritz
cbc25c22fc makepkg-template: Add gettext support
This also slighty changes the word order in the description for
--newest.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:17:21 +10:00
Florian Pritz
ce3125196d Add makepkg-template
This allows for somewhat easy templating for PKGBUILDs.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:17:21 +10:00
Jason St. John
7ea58d09f6 Update example PKGBUILD
Update doc/PKGBUILD-example.txt with several changes from the official
Arch Linux package for patch-2.7.1-1, including other changes shown below:

-- replaces spaces with tabs in functions
-- replaces 'make prefix=' with 'make DESTDIR='
-- improves quoting of the "cd" command in functions

Signed-off-by: Jason St. John <jstjohn@purdue.edu>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:08:03 +10:00
Jason St. John
4fadcbfab2 Quote sources in PKGBUILD prototypes and example PKGBUILD
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:08:03 +10:00
Allan McRae
dc08eca368 Improve error message when package is missing required signature
When attempting to install a package (either via -S or -U) and the
signature is missing, the current error message "invalid or corrupted
package (PGP signature)" is very unclear.  Instead inform the user
that the package is missing the required signature.

Partial fix for FS#34741.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:08:03 +10:00
Andrew Gregory
9555ec714a pacman.8: document .pacorig files
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:08:03 +10:00
Andrew Gregory
e5dd8c2ac5 add.c: refactor backup file modification checks
The previous implementation was overly complex with unnecessary checks
and nested conditionals.  By reordering the tests and changing them to
all be checks for positive hash matches rather than non-matches, we can
collapse several cases and make the process much more linear.  This
removes the need to set hash_orig = "" just to reach some of the checks
and corrects a faulty assumption that files are equivalent when the
hashing process fails.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:08:03 +10:00
Phillip Smith
5bcc058d42 makepkg: add support for CARCH environment var
Add support for overriding configuration in /etc/makepkg.conf and
~/.makepkg.conf by setting the environment variable CARCH similar to
how SRCDEST and PKGDEST behave.

Fixes FS#35030.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:08:03 +10:00
Allan McRae
a975523fb9 Clean partial downloads from cache
When using "pacman -Sc" to clean the cache, it make sense to also remove
partially downloaded files.

Fixes FS#34317.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:08:03 +10:00
Allan McRae
dece66ac18 makepkg: remove support for PKGBUILDs without a package() function
Not having a package() function means all building occurs as root
and repackaging can lose permissions.  Given the use of package()
functions has been around for years and we deprecated not having
one in pacman-4.1, we can remove support for PKGBUILDs without
package() functions altogether. However, keep PKGBUILDs that have
neither a build() or package() function working.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:08:02 +10:00
Allan McRae
3b4e74cb3b makepkg: Add helper to test for functions in build script
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:08:02 +10:00
Allan McRae
28dd29dedb makepkg: remove sourcing PKGBUILD from stdin
Using PKGBUILDs from stdin means that we can not use pkgver() in
packages.  Given we have the "-p" option to pass any file to
makepkg and passing a PKGBUILD in the form "cat foo | makepkg"
does not work, this feature is unneeded.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:08:02 +10:00
Andrew Gregory
296e630edd pmtest: set LC_ALL=C in subprocess.call
LC_ALL=C is required to force pacman's output to English for tests that
rely on that output, but setting it in Makefile.am results in those
tests breaking under different locales when pactest.py is run directly.
This will also ease an eventual transition to python3 which LC_ALL=C
causes to default to ascii encoded strings, creating problems for tests
with unicode strings.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 14:08:02 +10:00
Allan McRae
84ac55b052 Merge branch 'maint' 2013-05-29 14:02:56 +10:00
Jason St. John
7d2c7fb347 Fix various typos in NEWS
imporve -> improve
diskspace -> disk space
BTRFS -> Btrfs
filelists -> file lists
filesize -> file size

Signed-off-by: Jason St. John <jstjohn@purdue.edu>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29 13:56:55 +10:00
Allan McRae
d235f54114 Remove incorrect bug number from NEWS
The wrong bug number is mentioned in commit 32327dc8 and this was
perpetuated into the NEWS file.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-19 22:53:06 +10:00
Allan McRae
8335e169a6 makepkg: Use LOGDEST for logpipe
If LOGDEST is set, we may not check that $startdir is writable. Store
the log pipe in LOGDEST instead.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-18 23:14:21 +10:00
Allan McRae
1ed881fed3 Fix comment typo
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-18 22:43:12 +10:00
William Giokas
090c4006d7 contrib: Remove harcoded /etc/pacman.conf
Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-18 10:43:42 +10:00
Dave Reisner
8be08f7cae Revert "paccache: avoid subshell in calling runcmd"
su is terribad. In addition to reverting, this also removes support for
privilege escalation via su. If you want to use paccache as root and
fail to comprehend how much better sudo is than su, then run paccache
directly via su.

Fixes FS#35173.

This reverts commit 597286eb25.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-18 10:43:16 +10:00
Dave Reisner
72c6d19d64 makepkg: fixup broken revision and repo references
bzr support "worked", but didn't handle any of the actual features we
wanted with makepkg. This moves the revision specification to the proper
place (extraction, rather than download), and fixes an additional broken
reference to $repo which was never set.

Fixes FS#35281.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-18 10:42:30 +10:00
Allan McRae
0f988beff8 Merge branch 'maint' 2013-05-07 12:59:44 +10:00
Allan McRae
a4a7336dff 4.1.1 release NEWS, version bumps, etc.
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-07 12:53:24 +10:00
Allan McRae
35289bc17e More translation updates
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-07 12:53:23 +10:00
Andrew Gregory
692633264a pacman/util.c: add missing braces
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-07 12:53:23 +10:00
Andrew Gregory
34da9d25e4 pacman/util.c: fix output flushing in questions
Flush stream before taking input in select_question() and only flush
once during question().  Also fix some tabs inside related fprintf
statements.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-07 12:53:23 +10:00
Andrew Gregory
c5716d0e72 conflict.c: compare package pointers directly
p1 and p2 both come directly from the upgrade list without being copied
so they can be compared directly instead of comparing their names.

Also fix minor style violation.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-05 07:45:33 +10:00
Allan McRae
0aa9628560 Pull translation updates from transifex
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-30 21:18:42 +10:00
Eric Bélanger
9de33488bf Add --noprepare option to makepkg
This new option disables the prepare function. Useful in combination
with -o to get an unpatched copy of the sources for testing purpose.

Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-30 21:04:21 +10:00
Eric Bélanger
91b9ea922a Add -V/--version option to makepkg's usage function and man page
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-30 21:01:38 +10:00
Dave Reisner
c5a4b35528 makepkg: avoid redirecting stdout
If stdout is already redirected, redirecting stderr to stdout can lead
to undesirable results.

Fixes FS#34974.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-28 23:11:37 +10:00
Allan McRae
c1dfdd2010 Use libalpm version in pkg-config file
We currently use the pacman version number in the libalpm.pc file. It makes
more sense to use the libalpm version.

Fixes FS#34967.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-26 12:43:53 +10:00
Eric Bélanger
99b8d78bc6 Add prepare function to PKGBUILD proto files
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-24 13:57:50 +10:00