This is necessary in order to be able to run PreTransaction hooks as
close to the actual commit as possible so that we don't prematurely run
hooks for a transaction that ultimately never happens.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
When a database and its signature is updated non-atomically on a server,
there is a window where a user may update the database but grab the old
signature. The database is marked as invalid by libalpm, which can be
fixed by forcing a refresh (assuming the server has caught up and the
user realizes what has happened) or with a future update of the repo.
Work around this by forcing a repository refresh whenever a database is
invalid.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
alpm_depend_t is an exposed data type. Front-ends may opt for alloc'ing
one and filling the fields manually, but alpm's _alpm_hash_sdbm is not
exposed, making it impossible for them to fill in the name_hash field.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
assumeinstalled options are used as provisions for which MOD_EQ and
MOD_ANY are the only meaningful settings.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Fixes a segfault when trying to remove an assumeinstalled
option without a version.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The "ko_KR" locale is the same as the "ko" locale. Remove the "ko_KR" variant
as it is incomplete and has been superseded by "ko" on transifex.
Signed-off-by: Allan McRae <allan@archlinux.org>
While loading each package ensure that the internal version matches the
expected database version to avoid the possibility to circumvent the
version check.
This issue can be used by an attacker to trick the software into
installing an older version. The behavior can be exploited by a
man-in-the-middle attack through specially crafted database tarball
containing a higher version, yet actually delivering an older and
vulnerable version, which was previously shipped.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
If a sync database contains a "files" file, the file list will be read.
Currently, there is no known demand for the file list to be lazy loaded by
any libalpm frontend, so these files are read whenever present. Lazy loading
can be implemented when a demand exists.
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows frontends to select between the .db and .files databases
currently supplied by repo-add or any other compatible database.
Signed-off-by: Allan McRae <allan@archlinux.org>
If a transaction is removing a package while ignoring all dependencies, there
should not be any warning about other packages optionally requiring it.
Signed-off-by: Allan McRae <allan@archlinux.org>
The change in commit 9d96bed9d6 causes download errors for the .db.sig file
in case the final URL for the .db file contains query strings or other
unexpected stuff. This commit isn't intended to be a total solution, but it
should eliminate the problem in the most obvious cases.
Signed-off-by: Allan McRae <allan@archlinux.org>
"return 0 on success, -1 on error (pm_errno is set accordingly)"
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Even if opening the log file fails, if a user has enabled syslog we may
still be able to log to that. Set the error return value and continue
instead of bailing out.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
valgrind does not like calling open(NULL, ...). This also makes the
return value 0 if logfile has not been set.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
clang is wrong - dbfile is always used initialized in that function.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
libalpm does not guarantee that script output will be presented to the
user or that stdin will be connected to a terminal. Close stdin so that
scripts do not attempt to use it for user interaction.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
In order to work properly, loading the filelist from an mtree file
requires a libarchive patch that has not yet been included in an
official release.[1] Under certain circumstances, an unpatched
libarchive may refuse to read the mtree file due to inconsistencies
between it and the user's file system. In order to allow alpm to
recover in this situation, read the mtree data into a temporary filelist
that is only copied over to the package if the entire read is
successful.
[1] 661684170b
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Allows entries to be added to arbitrary filelists not connected to
a package.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Paths from noupgrade, the transaction skip_remove, and package backup
lists were combined into a single list matched using fnmatch causing
paths with glob characters to match unrelated files.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
There was a lot of confusion regarding these warnings, particularly for
packages that create users post_install and then chown the directories.
Signed-off-by: Allan McRae <allan@archlinux.org>
If the call to alpm_logaction failed it would overwrite pm_errno,
leading to error messages unrelated to the actual reason the transaction
failed.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Prevents the need to rename the file if we end up keeping it and ensures
that pacnew files always reflect the most recent version by overwriting
stale copies.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Leave user files in place and save new config files with a .pacnew
extension. This reduces the complexity of file extraction and respects
the principle that pacman shouldn't modify files it didn't create.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
If an error occurs the actual path being extracted is more useful than
the original path from the package file list. The original path is
still used for checks that use it directly.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
alpm's database files (.INSTALL, .MTREE, etc.) should be extracted no
matter what; skip mtree/needbackup/noextract/noupgrade checks for them.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
This will allow pacman to parse its config file in a single pass and
removes the need for the *_SET siglevels in alpm that were only required
for pacman's siglevel inheritance.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
It was allocating the required size rather than the calculated new size,
resulting in pathological incremental reallocations.
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The files_size variable contains the current capacity (in bytes) and
should not be used to calculate the next length increment. It only works
because _alpm_greedy_grow currently results in incremental growth.
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
_alpm_pkg_dup leaves the destination pointer unaltered in case of fatal
errors, so when commits 2f0ca00e and be4198b3 freed the pointer, they
fixed a memory leak on non-fatal errors by replacing it with
a segmentation fault on fatal errors.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
We can only get to cleanup: through fp being NULL due to fopen failing or
normal execution when fclose is called.
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit adds the necessary accessor functions to get the PKGBASE of
a package, forcing the desc file to be parsed.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit adds support to libalpm to parse the pkgbase present in
packages .PKGINFO files, writing the PKGBASE to the %BASE% section of
the local DBs desc files and for parsing it again when loading the local
DB
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Following commit 086bbc5 (Use O_CLOEXEC as much as possible when opening
files), the log file would be created by pacman with blank permissions.
Signed-off-by: Allan McRae <allan@archlinux.org>
For parity with alpm_option_match_noextract.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
With globbing in NoExtract, these log events can quickly pile up hiding
important information from the log.
Signed-off-by: Allan McRae <allan@archlinux.org>
Commit 9d96bed9 attempts to use the same effective URL for the db and its
signature download. However, this information is not available when we use
an external downloader, resulting in a crash.
Fall back to the old method when the effective URL is unavailable.
Signed-off-by: Allan McRae <allan@archlinux.org>
On filesize exceeded error pacman leaves a .part file in cache dir,
resulting in this error on next try:
error: failed to commit transaction (wrong or NULL argument passed)
Errors occurred, no packages were upgraded.
Unlink the file on error to avoid this.
If download server is dynamic mirror chances are that db file download
and db file signature download are redirected to different mirrors,
resulting in invalid signature.
This uses effective URL for db file signature download and makes the
files always match.
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
download_files sets the transaction state to STATE_DOWNLOADING.
Modifying the state after it has already been set to STATE_COMMITTING
created a brief window where SIGINT would fail to interrupt the process
and caused interrupted downloads to result in a 'transaction started'
message in the log with no matching transaction end.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
When a package is already partially downloaded in the cache, its download
size will only be of what's left to be downloaded. Since pkg->download_size
is what's used when calculating the total download size for the totaldl
callback, same thing apply.
However, the download progress callback was including this initial size,
which would thus lead to invalid values (and percentage) used in frontends.
That is, the progress bar could e.g. go further than 100%
In the case of pacman, there is a sanity check for different historical
reason (44a57c89), so before the possible "overflow" was noticed, the total
download size/progress reported was wrong. Once caught, the TotalDownload
option was ignored and it would use individual file download values as
fallback instead.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>