When extracting variables from PKGBUILD (e.g. for .SRCINFO creation) we make
assumptions about whether variables are arrays or not. This adds a check to
the PKGBUILD linter to ensure variables are arrays or not as appropriate.
Signed-off-by: Allan McRae <allan@archlinux.org>
When a database and its signature is updated non-atomically on a server,
there is a window where a user may update the database but grab the old
signature. The database is marked as invalid by libalpm, which can be
fixed by forcing a refresh (assuming the server has caught up and the
user realizes what has happened) or with a future update of the repo.
Work around this by forcing a repository refresh whenever a database is
invalid.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
alpm_depend_t is an exposed data type. Front-ends may opt for alloc'ing
one and filling the fields manually, but alpm's _alpm_hash_sdbm is not
exposed, making it impossible for them to fill in the name_hash field.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
assumeinstalled options are used as provisions for which MOD_EQ and
MOD_ANY are the only meaningful settings.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Fixes a segfault when trying to remove an assumeinstalled
option without a version.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The "ko_KR" locale is the same as the "ko" locale. Remove the "ko_KR" variant
as it is incomplete and has been superseded by "ko" on transifex.
Signed-off-by: Allan McRae <allan@archlinux.org>
While loading each package ensure that the internal version matches the
expected database version to avoid the possibility to circumvent the
version check.
This issue can be used by an attacker to trick the software into
installing an older version. The behavior can be exploited by a
man-in-the-middle attack through specially crafted database tarball
containing a higher version, yet actually delivering an older and
vulnerable version, which was previously shipped.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
f170a94c13 potentially causes $pkgdirbase/$pkg to be undeleteable
with -R or -C if a previous build was interrupted. We simply can't
traverse to this directory, and rm blows up.
Signed-off-by: Allan McRae <allan@archlinux.org>
Passing "-Fl pkg" will print the filelist for the first occurance of "pkg"
in the sync repos. Other version of the package can be printed using
"-Fl repo/pkg".
Signed-off-by: Allan McRae <allan@archlinux.org>
Add the -F/--files operations, -s/--sync support and nd provide dummy
functions for -s/--search, -l/-list and -o/--owns.
Signed-off-by: Allan McRae <allan@archlinux.org>
If a sync database contains a "files" file, the file list will be read.
Currently, there is no known demand for the file list to be lazy loaded by
any libalpm frontend, so these files are read whenever present. Lazy loading
can be implemented when a demand exists.
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows frontends to select between the .db and .files databases
currently supplied by repo-add or any other compatible database.
Signed-off-by: Allan McRae <allan@archlinux.org>
1) Remove checks for removing pre-tardb files
2) Remove the long redundant keep_used parameter
3) Fix pacman error due to removing .sig file along with database
Signed-off-by: Allan McRae <allan@archlinux.org>
If a transaction is removing a package while ignoring all dependencies, there
should not be any warning about other packages optionally requiring it.
Signed-off-by: Allan McRae <allan@archlinux.org>
Fix new warnings generated by gcc-5 about potential overflows.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Use alpm_find_satisfier() instead of alpm_db_get_pkg() when retrieving
the install status of a package to make sure we spot providers as well.
Fixes FS#36412
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Pacman cannot handle armored signatures, so make repo-add error out if
one is detected.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit adds a makepkg option to generate and print the SRCINFO file
for a PKGBUILD, required by the new AUR, to stdout.
AUR 4.0 will use Git instead of source tarballs for uploading packages,
so making makepkg capable of printing the SRCINFO would simplify package
management, instead of having to extract it from a source tarball.
It is also useful for scripting other things, so that instead of having
to parse PKGBUILDs, one can make makepkg generate the SRCINFO and then
you can parse that instead, which is much simpler and less error-prone.
Signed-off-by: Allan McRae <allan@archlinux.org>
Pacman cannot handle armored signatures, so use gpg's --no-armor flag to
force an unarmored signature.
Signed-off-by: Allan McRae <allan@archlinux.org>
Commit 7b8f8753 removed the title parameter but forgot to remove it
from the docstring.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The old text could be interpreted such that makepkg-template compares
the version numbers of the templates to find the most recent
one. Rephrase this to make it explicit that "$template_name.template" is
used.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
The check that pkgver is non-empty done in check_pkgver should also be
performed after running the pkgver() function. Merge validate_pkgver
into check_pkgver and run check_pkgver after updating pkgver.
Signed-off-by: Allan McRae <allan@archlinux.org>