If given size 0 POSIX allows realloc to return a pointer that is not
suitable for use.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
When a database and its signature is updated non-atomically on a server,
there is a window where a user may update the database but grab the old
signature. The database is marked as invalid by libalpm, which can be
fixed by forcing a refresh (assuming the server has caught up and the
user realizes what has happened) or with a future update of the repo.
Work around this by forcing a repository refresh whenever a database is
invalid.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
If a sync database contains a "files" file, the file list will be read.
Currently, there is no known demand for the file list to be lazy loaded by
any libalpm frontend, so these files are read whenever present. Lazy loading
can be implemented when a demand exists.
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows frontends to select between the .db and .files databases
currently supplied by repo-add or any other compatible database.
Signed-off-by: Allan McRae <allan@archlinux.org>
The change in commit 9d96bed9d6 causes download errors for the .db.sig file
in case the final URL for the .db file contains query strings or other
unexpected stuff. This commit isn't intended to be a total solution, but it
should eliminate the problem in the most obvious cases.
Signed-off-by: Allan McRae <allan@archlinux.org>
This will allow pacman to parse its config file in a single pass and
removes the need for the *_SET siglevels in alpm that were only required
for pacman's siglevel inheritance.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
This commit adds support to libalpm to parse the pkgbase present in
packages .PKGINFO files, writing the PKGBASE to the %BASE% section of
the local DBs desc files and for parsing it again when loading the local
DB
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Commit 9d96bed9 attempts to use the same effective URL for the db and its
signature download. However, this information is not available when we use
an external downloader, resulting in a crash.
Fall back to the old method when the effective URL is unavailable.
Signed-off-by: Allan McRae <allan@archlinux.org>
If download server is dynamic mirror chances are that db file download
and db file signature download are redirected to different mirrors,
resulting in invalid signature.
This uses effective URL for db file signature download and makes the
files always match.
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
Rather than have individual callers log failure, just
do it directly in _alpm_handle_unlock.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Instead of using two void* arguments for all events, we now send one
pointer to an alpm_event_t struct. This contains the type of event that
was triggered.
With this information, the pointer can then be typecasted to the
event-specific struct in order to get additional arguments.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Forcing vim users to view files with a tabstop of 2 seems really
unnecessary when noet is set. I find it much easier to read code with
ts=4 and I dislike having to override the modeline by hand.
Command run:
find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} +
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
This defines a level of interest a user has in a repository. These are
described by the bitmask flags in the alpm_db_usage_t enum:
ALPM_DB_USAGE_SEARCH: repo is valid for searching
ALPM_DB_USAGE_INSTALL: repo is valid for installs (e.g. -S pkg)
ALPM_DB_USAGE_UPGRADE: repo is valid for sysupgrades
ALPM_DB_USAGE_ALL: all of the above are valid
Explicitly listing the contents of a repo will always be valid, and the
repo will always be refreshed appropriately on sync operations.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
If a sync DB is malformed and contains entries in the root of the
archive, load_pkg_for_entry will leave the 'filename' variable empty,
leading to a crash in the ensuing strcmp() calls which determine the DB
fragment being examined.
While this isn't a read error, this should be reported to the user so
that it can be addressed by the creator of the DB.
As seen: https://bbs.archlinux.org/viewtopic.php?pid=1297766
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
On operating systems we support, the behavior is always such that the
kernel will do the right thing as far as invalidating the file
descriptor, regardless of the eventual return value. Therefore,
potentially looping and calling close multiple times is wrong.
At best, we call close again on an invalid FD and throw a spurious EBADF
error. At worst, we might close an FD which doesn't belong to us when a
multi-threaded application opens its own file descriptor between
iterations of the loop.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Currently we make no effort to validate the %FILENAME% field in the
repo db. This allows for relative paths to be considered valid.
A carefully crafted db entry with a malicious relative path,
(e.g. `../../../../etc/passwd`) will cause pacman to to
overwrite _any_ file on the target's machine.
Add the following validation:
- doesn't start with '.'
- doesn't contain a '/'
- won't overflow PATH_MAX
Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
We record whether the default SigLevel is set in order to add upon
it for the *FileSigLevel entries. When using the only valid value
of "SigLevel = Never" with non-gpgme builds, we need to ignore
the ALPM_SIG_PACKAGE_SET flag when determining if we have a valid
value for the database SigLevel.
Signed-off-by: Allan McRae <allan@archlinux.org>
I suspect that eventually we're going to end up returning a pointer to
an allocated struct to describe the download result, but that's for
another patch when the need arises...
Fixes FS#33508.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
When a configured repo database is not already downloaded, a warning
message such as "warning: database file for 'testing' does not exist"
is printed. Disable this warning when the database is scheduled to
be downloaded in the transaction.
Signed-off-by: Allan McRae <allan@archlinux.org>
Similar to the case for makedepends, it is useful to be able to
access this information without parsing a PKGBUILD.
Signed-off-by: Allan McRae <allan@archlinux.org>
If known, callers can pass the line size to this function in order to
avoid an strlen call. Otherwise, they simply pass 0 and
_alpm_strip_newline will do the call instead.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is useful for tools that automatically rebuild packages and
thus require to generate a build order. These entries are skipped
by pacman.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Unify the output for local and sync packages by only printing a
list of possible validation types for sync packages. This also
has the advantage of not printing the very long sha256 checksum
which line wrapped on a standard width terminal.
Signed-off-by: Allan McRae <allan@archlinux.org>
No new behaviour introduced, everything should work exactly as before.
Dan: refactored to use the single alpm_depend_t structure.
Signed-off-by: Benedikt Morbach <benedikt.morbach@googlemail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add 2012 to the copyright range for all libalpm and pacman source files.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
pacman -U <pkg> returns a bogus "could not find or read package" if the
file is on a fuse file system that doesn't allow root access. Debug
output isn't very helpful here either so we should log why the access
check failed.
The other 2 checks already log something when failing so logging a more
specific error won't hurt either.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
"invalid" in this case simply means files that may or may not be
archives. Discovered via a `pacman -Sc` operation with delta files in
the package cache directory, but can be triggered if any file is passed
to `pacman -Ql` that isn't an archive, for instance, or if the sync
database file is not an archive.
Fix it up so we are more careful about calling archive_read_finish()
only on archives that are valid and have not already been closed, and
teach our archive open function to set the returned archive to NULL if
we aren't going to be returning something valid anyway.
Signed-off-by: Dan McGee <dan@archlinux.org>
This patch changes a variety of small things related to our pkghash
implementation with an eye toward performance, especially on native
32-bit systems.
* Use `unsigned int` rather than `size_t` for hash sizes. We already
return ERANGE for any attempted creation of a hash greater than 1
million elements, so unsigned int is more than large enough for our
purposes. Switching to this type allows 32 bit systems to do native
math without helper functions from libgcc.
* _alpm_pkghash_create() now internally adds extra padding for
additional array elements, rather than that being the responsibility of
the caller.
* #define values are moved into static const values in pkghash.c; a new
`stride` value is also extracted (but remains set at 1).
* Division and modulus operators are removed from the normal find and
add paths if possible. We store the upper limit of the number of
elements in the hash so we no longer need to calculate this every
element addition. When doing wraparound position calculations, we only
apply the modulus operator if the value is greater than the number of
buckets.
Signed-off-by: Dan McGee <dan@archlinux.org>
This reduces the number of regcomp() calls when parsing delta entries in
the database from once per entry to once for the entire context handle
by storing the compiled regex data on the handle itself. Just as we do
with the cURL handle, we initialize it the first time it is needed and
free it when releasing the handle.
A few other small tweaks to the parsing function also take place,
including using the stack to store the transient and short file size
string while parsing it.
When parsing a sync database with 1378 delta entries, this reduces the
time of a `pacman -Sl deltas` operation by 50% from 0.22s to 0.12s.
Signed-off-by: Dan McGee <dan@archlinux.org>
Ensures that config.h is always ordered correctly (first) in the
includes. Also means that new source files get this for free without
having to remember to add it.
We opt for -imacros over -include as its more portable, and the
added constraint by -imacros doesn't bother us for config.h.
This also touches the HACKING file to remove the explicit mention of
config.h as part of the includes.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This moves the common setup code of about 5 different callers into one
method. Error messages will now be common and shared in all places;
several paths did not have any messages at all before.
In addition, we now pick an ideal block size for the archive read based
off the larger value of our default buffer size or the st.st_blksize
field. For a filesystem such as NFS, this is often much larger than the
default 8192- values such as 32768 and 131072 are common.
Signed-off-by: Dan McGee <dan@archlinux.org>
This gives us a bit more control and over the archive reading process,
and a bit less is done behind the scenes. It also allows us to use
fstat() in preference to stat(), which should avoid some potential race
conditions.
Some reorganization is necessary to move the stat calls after the open()
calls. Error handling and cleanup in general is also improved, as we had
several potential memory and file handle leaks before in some error
paths.
Signed-off-by: Dan McGee <dan@archlinux.org>
This takes the place of three previously used constants:
ARCHIVE_DEFAULT_BYTES_PER_BLOCK, BUFFER_SIZE, and CPBUFSIZE.
In libarchive 3.0, the first constant will be no more, so we can ensure
we are forward-compatible by removing our usage of it now. The rest are
unified for consistency.
By default, we will use the value of BUFSIZ provided by <stdio.h>, which
is 8192 on Linux. If that is undefined, a default value is provided.
Signed-off-by: Dan McGee <dan@archlinux.org>
This was done to squash a memory leak in the sync database download
code. When we downloaded a database and then reused the payload struct,
we could find ourselves calling get_fullpath() for the signatures and
overwriting non-freed values we had left over from the database
download.
Refactor the payload_free function into a payload_reset function that we
can call that does NOT free the payload itself, so we can reuse payload
structs. This also allows us to move the payload to the stack in some
call paths, relieving us of the need to alloc space.
Signed-off-by: Dan McGee <dan@archlinux.org>
We returned the right error code but never set the flags accordingly.
Also, now that we can bail early, ensure we set the error code.
Signed-off-by: Dan McGee <dan@archlinux.org>
In reality, there is no retrying that happens as of now because we don't
have any import or changing of the keyring going on, but the code is set
up so we can drop this in our new _alpm_process_siglist() function. Wire
up the basics to the sync database validation code, so we see something
like the following:
$ pacman -Ss unknowntrust
error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust
error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust
error: database 'core' is not valid (invalid or corrupted database (PGP signature))
$ pacman -Ss missingsig
error: core: missing required signature
error: core: missing required signature
error: database 'core' is not valid (invalid or corrupted database (PGP signature))
Yes, there is some double output, but this should be fixable in the
future.
Signed-off-by: Dan McGee <dan@archlinux.org>