1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-11 11:55:12 -05:00
Commit Graph

154 Commits

Author SHA1 Message Date
Andrew Gregory
6eac7258cd ensure realloc has a positive size
If given size 0 POSIX allows realloc to return a pointer that is not
suitable for use.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-11-03 21:45:09 +10:00
Sebastian Lackner
5780350751 libalpm: Force update when database is marked as corrupted.
When a database and its signature is updated non-atomically on a server,
there is a window where a user may update the database but grab the old
signature.  The database is marked as invalid by libalpm, which can be
fixed by forcing a refresh (assuming the server has caught up and the
user realizes what has happened) or with a future update of the repo.
Work around this by forcing a repository refresh whenever a database is
invalid.

Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-08-08 10:45:09 +10:00
Allan McRae
289fdf0d1d Read file lists from databases
If a sync database contains a "files" file, the file list will be read.

Currently, there is no known demand for the file list to be lazy loaded by
any libalpm frontend, so these files are read whenever present. Lazy loading
can be implemented when a demand exists.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:30 +10:00
Allan McRae
f6c55b3c3f Allow frontends to specify the sync database extension
This allows frontends to select between the .db and .files databases
currently supplied by repo-add or any other compatible database.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:29 +10:00
David Macek
d5536d3eb3 libalpm: Do a sanity check before manipulating final DB URL
The change in commit 9d96bed9d6 causes download errors for the .db.sig file
in case the final URL for the .db file contains query strings or other
unexpected stuff. This commit isn't intended to be a total solution, but it
should eliminate the problem in the most obvious cases.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:55 +10:00
David Macek
d568a4335b Fix comment in alpm_db_update
Fix comment to better explain the magic constant used when allocating a buffer
for ".db.sig" URL.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:55 +10:00
Allan McRae
2e48101999 Update copyright notices for 2015
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-02-01 21:19:04 +10:00
Andrew Gregory
95121cc4f1 conf.c: use masks for siglevel inheritance
This will allow pacman to parse its config file in a single pass and
removes the need for the *_SET siglevels in alpm that were only required
for pacman's siglevel inheritance.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2015-01-21 14:27:46 +10:00
Johannes Löthberg
9f527d2de4 libalpm: Parse and write PKGBASEs
This commit adds support to libalpm to parse the pkgbase present in
packages .PKGINFO files, writing the PKGBASE to the %BASE% section of
the local DBs desc files and for parsing it again when loading the local
DB

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-12-24 11:19:30 +10:00
Allan McRae
8c00dd7341 Fix crash when using external downloader
Commit 9d96bed9 attempts to use the same effective URL for the db and its
signature download.  However, this information is not available when we use
an external downloader, resulting in a crash.

Fall back to the old method when the effective URL is unavailable.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-17 17:13:48 +10:00
Christian Hesse
d649dc669d dload: mark final_url as const
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-10-19 20:48:40 +10:00
Christian Hesse
9d96bed9d6 be_sync: use effective URL for db file signature download
If download server is dynamic mirror chances are that db file download
and db file signature download are redirected to different mirrors,
resulting in invalid signature.
This uses effective URL for db file signature download and makes the
files always match.

Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-10-16 22:45:47 +10:00
Florian Pritz
4e263f24c6 libalpm: export alpm_splitdep as alpm_dep_from_depstring and alpm_dep_free
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-09-30 22:20:53 +10:00
Andrew Gregory
03b9bf08ac handle_unlock: log lock removal failure
Rather than have individual callers log failure, just
do it directly in _alpm_handle_unlock.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-08-04 14:23:58 +10:00
Olivier Brunel
28dbd5551e Update the event callback
Instead of using two void* arguments for all events, we now send one
pointer to an alpm_event_t struct. This contains the type of event that
was triggered.

With this information, the pointer can then be typecasted to the
event-specific struct in order to get additional arguments.

Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-03-03 11:25:54 +10:00
Florian Pritz
cd2370754a Remove ts and sw from vim modeline when noet is set
Forcing vim users to view files with a tabstop of 2 seems really
unnecessary when noet is set. I find it much easier to read code with
ts=4 and I dislike having to override the modeline by hand.

Command run:
find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} +

Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-28 20:19:25 +10:00
Allan McRae
3bb3b1555a Update copyright years for 2014
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-06 14:38:50 +10:00
Dave Reisner
106d0fc541 libalpm: introduce a usage level for repos
This defines a level of interest a user has in a repository. These are
described by the bitmask flags in the alpm_db_usage_t enum:

  ALPM_DB_USAGE_SEARCH: repo is valid for searching
  ALPM_DB_USAGE_INSTALL: repo is valid for installs (e.g. -S pkg)
  ALPM_DB_USAGE_UPGRADE: repo is valid for sysupgrades
  ALPM_DB_USAGE_ALL: all of the above are valid

Explicitly listing the contents of a repo will always be valid, and the
repo will always be refreshed appropriately on sync operations.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-09-04 09:51:20 +10:00
Dave Reisner
24abcddc57 be_sync: avoid crashing on files in the root of a DB
If a sync DB is malformed and contains entries in the root of the
archive, load_pkg_for_entry will leave the 'filename' variable empty,
leading to a crash in the ensuing strcmp() calls which determine the DB
fragment being examined.

While this isn't a read error, this should be reported to the user so
that it can be addressed by the creator of the DB.

As seen: https://bbs.archlinux.org/viewtopic.php?pid=1297766

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2013-07-22 13:26:56 +10:00
Allan McRae
5cc099a8ab Add missing header
Exposed when building with --without-libcurl

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-07-22 13:26:30 +10:00
Dave Reisner
eb19d41d5f do not check error from close(2)
On operating systems we support, the behavior is always such that the
kernel will do the right thing as far as invalidating the file
descriptor, regardless of the eventual return value. Therefore,
potentially looping and calling close multiple times is wrong.

At best, we call close again on an invalid FD and throw a spurious EBADF
error. At worst, we might close an FD which doesn't belong to us when a
multi-threaded application opens its own file descriptor between
iterations of the loop.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-07-05 14:32:23 +10:00
Simon Gomizelj
dd62fde53e validate %FILEPATH% when parsing repo dbs
Currently we make no effort to validate the %FILENAME% field in the
repo db. This allows for relative paths to be considered valid.

A carefully crafted db entry with a malicious relative path,
(e.g. `../../../../etc/passwd`) will cause pacman to to
overwrite _any_ file on the target's machine.

Add the following validation:

- doesn't start with '.'
- doesn't contain a '/'
- won't overflow PATH_MAX

Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-04 13:45:12 +10:00
Allan McRae
8fe8233dfa Fix registering database with non-gpgme builds
We record whether the default SigLevel is set in order to add upon
it for the *FileSigLevel entries.  When using the only valid value
of "SigLevel = Never" with non-gpgme builds, we need to ignore
the ALPM_SIG_PACKAGE_SET flag when determining if we have a valid
value for the database SigLevel.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-13 11:50:33 +10:00
Allan McRae
17d4ec5ed8 Skip reading sync db deltas files if UseDelta is unset
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Dave Reisner
e1e4bbb79d Use libarchive compat header for relevant symbols
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-29 13:37:32 +10:00
Dave Reisner
27067b1372 dload: pass back the effective URL to callers of _alpm_download
I suspect that eventually we're going to end up returning a pointer to
an allocated struct to describe the download result, but that's for
another patch when the need arises...

Fixes FS#33508.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-29 13:36:58 +10:00
Allan McRae
1dd3405813 Update copyright year for 2013
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-03 12:03:09 +10:00
Allan McRae
f5d904d97f Do not warn about missing database if being downloaded
When a configured repo database is not already downloaded, a warning
message such as "warning: database file for 'testing' does not exist"
is printed.  Disable this warning when the database is scheduled to
be downloaded in the transaction.

Signed-off-by: Allan McRae <allan@archlinux.org>
2012-12-14 12:35:34 +10:00
Dave Reisner
e0daaea38c update comments referring to alpm_option_get_syncdbs
This function was renamed alpm_get_syncdbs as part of b488f229d.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-07-10 08:37:59 -05:00
Allan McRae
e253968b4d repo-add: add checkdepends information
Similar to the case for makedepends, it is useful to be able to
access this information without parsing a PKGBUILD.

Signed-off-by: Allan McRae <allan@archlinux.org>
2012-06-25 23:08:15 -05:00
Dave Reisner
f556fe8b4a add line length parameter to _alpm_strip_newline
If known, callers can pass the line size to this function in order to
avoid an strlen call. Otherwise, they simply pass 0 and
_alpm_strip_newline will do the call instead.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-06-25 23:04:31 -05:00
Allan McRae
81bc390dc1 repo-add: add makedepends information
This is useful for tools that automatically rebuild packages and
thus require to generate a build order. These entries are skipped
by pacman.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-05-20 19:03:43 -05:00
Allan McRae
3be02aa27c Prefix alpm_pkgfrom_t members with ALPM_
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-04-07 11:29:55 -05:00
Allan McRae
f34864cc9e Simplify package validation info output for sync packages
Unify the output for local and sync packages by only printing a
list of possible validation types for sync packages.  This also
has the advantage of not printing the very long sha256 checksum
which line wrapped on a standard width terminal.

Signed-off-by: Allan McRae <allan@archlinux.org>
2012-03-08 18:00:05 -06:00
Benedikt Morbach
e85e77e6f9 Hook new optdepend structures up
No new behaviour introduced, everything should work exactly as before.

Dan: refactored to use the single alpm_depend_t structure.

Signed-off-by: Benedikt Morbach <benedikt.morbach@googlemail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-08 17:26:46 -06:00
Allan McRae
326c6a8eed Update copyright years
Add 2012 to the copyright range for all libalpm and pacman source files.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-20 16:54:34 -06:00
Florian Pritz
20a16f55b3 use _alpm_access in a few more places for increased debugging info
pacman -U <pkg> returns a bogus "could not find or read package" if the
file is on a fuse file system that doesn't allow root access. Debug
output isn't very helpful here either so we should log why the access
check failed.

The other 2 checks already log something when failing so logging a more
specific error won't hurt either.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-13 10:02:02 -06:00
Dan McGee
7f51ba99ae Fix segfaults on opening invalid archive files
"invalid" in this case simply means files that may or may not be
archives. Discovered via a `pacman -Sc` operation with delta files in
the package cache directory, but can be triggered if any file is passed
to `pacman -Ql` that isn't an archive, for instance, or if the sync
database file is not an archive.

Fix it up so we are more careful about calling archive_read_finish()
only on archives that are valid and have not already been closed, and
teach our archive open function to set the returned archive to NULL if
we aren't going to be returning something valid anyway.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-08 11:53:22 -06:00
Dan McGee
2d794cc031 Update sync database size estimation values
As the comment states, this is more like a dartboard than science.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-07 11:28:37 -06:00
Dan McGee
0b9cd9448c pkghash improvements/modifications
This patch changes a variety of small things related to our pkghash
implementation with an eye toward performance, especially on native
32-bit systems.

* Use `unsigned int` rather than `size_t` for hash sizes. We already
  return ERANGE for any attempted creation of a hash greater than 1
  million elements, so unsigned int is more than large enough for our
  purposes. Switching to this type allows 32 bit systems to do native
  math without helper functions from libgcc.
* _alpm_pkghash_create() now internally adds extra padding for
  additional array elements, rather than that being the responsibility of
  the caller.
* #define values are moved into static const values in pkghash.c; a new
  `stride` value is also extracted (but remains set at 1).
* Division and modulus operators are removed from the normal find and
  add paths if possible. We store the upper limit of the number of
  elements in the hash so we no longer need to calculate this every
  element addition. When doing wraparound position calculations, we only
  apply the modulus operator if the value is greater than the number of
  buckets.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-02 19:41:42 -06:00
Dan McGee
177beb91c9 Minor optimization on likely sync package lookup
We have a name_hash value here, so add a cheap compare of it before
falling to the strcmp() call.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-02 13:17:44 -06:00
Dan McGee
819c28bf8c Only compile delta regex once
This reduces the number of regcomp() calls when parsing delta entries in
the database from once per entry to once for the entire context handle
by storing the compiled regex data on the handle itself. Just as we do
with the cURL handle, we initialize it the first time it is needed and
free it when releasing the handle.

A few other small tweaks to the parsing function also take place,
including using the stack to store the transient and short file size
string while parsing it.

When parsing a sync database with 1378 delta entries, this reduces the
time of a `pacman -Sl deltas` operation by 50% from 0.22s to 0.12s.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-02 12:55:55 -06:00
Dave Reisner
d6ccd44390 include config.h via Makefiles
Ensures that config.h is always ordered correctly (first) in the
includes. Also means that new source files get this for free without
having to remember to add it.

We opt for -imacros over -include as its more portable, and the
added constraint by -imacros doesn't bother us for config.h.

This also touches the HACKING file to remove the explicit mention of
config.h as part of the includes.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-21 18:13:17 -06:00
Dan McGee
dee8144ce5 Add helper method for creating and opening archive object
This moves the common setup code of about 5 different callers into one
method. Error messages will now be common and shared in all places;
several paths did not have any messages at all before.

In addition, we now pick an ideal block size for the archive read based
off the larger value of our default buffer size or the st.st_blksize
field. For a filesystem such as NFS, this is often much larger than the
default 8192- values such as 32768 and 131072 are common.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-16 14:51:06 -06:00
Dan McGee
6df558177f Convert package and database archive reads to use file descriptors
This gives us a bit more control and over the archive reading process,
and a bit less is done behind the scenes. It also allows us to use
fstat() in preference to stat(), which should avoid some potential race
conditions.

Some reorganization is necessary to move the stat calls after the open()
calls. Error handling and cleanup in general is also improved, as we had
several potential memory and file handle leaks before in some error
paths.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-01 10:27:31 -05:00
Dan McGee
3343185473 Introduce ALPM_BUFFER_SIZE constant
This takes the place of three previously used constants:
ARCHIVE_DEFAULT_BYTES_PER_BLOCK, BUFFER_SIZE, and CPBUFSIZE.

In libarchive 3.0, the first constant will be no more, so we can ensure
we are forward-compatible by removing our usage of it now. The rest are
unified for consistency.

By default, we will use the value of BUFSIZ provided by <stdio.h>, which
is 8192 on Linux. If that is undefined, a default value is provided.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-27 14:59:24 -05:00
Dan McGee
e0acf2f144 Refactor download payload reset and free
This was done to squash a memory leak in the sync database download
code. When we downloaded a database and then reused the payload struct,
we could find ourselves calling get_fullpath() for the signatures and
overwriting non-freed values we had left over from the database
download.

Refactor the payload_free function into a payload_reset function that we
can call that does NOT free the payload itself, so we can reuse payload
structs. This also allows us to move the payload to the stack in some
call paths, relieving us of the need to alloc space.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-28 13:01:03 -05:00
Dan McGee
d8fab9b441 be_sync: fetch only entry mode, not full stat struct
This saves a lot of unnecessary work since we don't need any of the
other fields in the stat struct.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-27 17:49:34 -05:00
Dan McGee
c406949226 Ensure database validity flags are set in invalid signature case
We returned the right error code but never set the flags accordingly.
Also, now that we can bail early, ensure we set the error code.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 16:01:11 -05:00
Dan McGee
ec790ced7c signing: add a process and retry loop for database signatures
In reality, there is no retrying that happens as of now because we don't
have any import or changing of the keyring going on, but the code is set
up so we can drop this in our new _alpm_process_siglist() function. Wire
up the basics to the sync database validation code, so we see something
like the following:

    $ pacman -Ss unknowntrust
    error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust
    error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust
    error: database 'core' is not valid (invalid or corrupted database (PGP signature))

    $ pacman -Ss missingsig
    error: core: missing required signature
    error: core: missing required signature
    error: database 'core' is not valid (invalid or corrupted database (PGP signature))

Yes, there is some double output, but this should be fixable in the
future.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-20 10:23:11 -05:00