From the documentation:
verify-pacman-repo-db looks at a pacman repo database and verifies its
content with the actual package files. The database is expected to be in
the same directory as the packages (or symlinks to the packages).
The following properties are verified for each package in the database:
- existence of the package file
- file size
- MD5 and SHA256 checksum (--checksum)
Signed-off-by: Florian Pritz <bluewind@xinu.at>
When curl calls alpm's dlcb, alpm calls the frontend's cb with the
following (dlsize, totalsize) arguments:
0, -1: initialize
0, 0: no change since last call
x {x>0, x<y}, y {y>0}: data downloaded, total size known
x {x>0}, x: download finished
If total size is not known, do not call frontend cb (no change to
original behavior); alpm's callback shouldn't be called if there is a
download error.
See agregory's original spec here:
https://wiki.archlinux.org/index.php/User:Apg#download_callback
Signed-off-by: Allan McRae <allan@archlinux.org>
`makepkg -g` looks for existing checksums in the PKGBUILD file, so that
it can generate new sums of the same type. Previously it only checked
variables of the form "sha256sums", and not "sha256sums_x86_64". That
meant it would always fall back to MD5 for packages with only
architecture-specific sources. This change makes it look at
architecture-specific checksums too to determine the type.
Signed-off-by: Jack O'Connor <oconnor663@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
It was reported being --with-libcurl in the help (and the check for libcurl
being installed used $with_libcurl accordingly), but the option handling was set
using $with_curl and, therefore, expected option --with-curl.
In the end, --with-libcurl wasn't recognized, and --with-curl had no effect.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
macOS < 10.10 do not provide fstatat. We were constructing the full
path to the hook file for all other operations anyway, so there was no
real benefit to using fstatat.
Fixes FS#49771
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The width of wchar_t is allowed to be of the same width as long,
according to standards. The return type of mbscasecmp is int though.
On amd64 with a 32 bit int, this means that mbscasecmp can return
zero (indicating that strings are equal) even though the input
strings differ.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
If signature files are larger than SIZE_MAX, not enough memory could
be allocated for this file. The script repo-add rejects files which
are larger than 16384 bytes, therefore handle these as errors here,
too.
While at it, I also rearranged the code to avoid a quite harmless
TOCTOU race condition between stat() and fopen().
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Some resources (memory or file descriptors) are not released on all
error paths.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
pacman expects an unarmored signature. makepkg forces the generation of
unarmored signatures, and repo-add will reject any armored signature.
For consistency pacman-key should also reject armored signatures.
Signed-off-by: Allan McRae <allan@archlinux.org>
In out of memory conditions, an undefined error value is written
into *err, because myerr is never explicitly set in these cases.
I have also converted a calloc into a MALLOC call, because the memory
will be properly filled by the snprintf call right after it.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Cyclic dependencies (A depends on B, B depends on A) were not selected
because neither package could be removed individually, so
can_remove_package would always return false for both. By preselecting
all dependencies then filtering back out any dependencies still required
by any packages that will not be uninstalled, groups of unneeded cyclic
dependencies can be found.
Fixes FS#41031
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The current way of extracting key trust from output of gpg --verify is not very
robust against changes in the format of said output. As a result, pacman-key
can return an error even if the signature is actuall good.
This change relaxes the regexp when parsing output of gpg.
Signed-off-by: Leonid Isaev <leonid.isaev@jila.colorado.edu>
Signed-off-by: Allan McRae <allan@archlinux.org>
When using "pacman -Sp" operation to get URLs of packages to download, it is
useful to know which packages are already in the file cache and do not need
downloaded. Print packages in the cache with a file:// prefix.
e.g
$ pacman -Sp glibc
file:///var/cache/pacman/glibc-2.23-1-x86_64.pkg.tar.xz
Also use package locations in case statements rather than opersations. This
allows the ALPM_PKG_SYNCDB to fall thorough to just printing the package name
for weird serverless repo setups.
Fixes FS#15868
Signed-off-by: Allan McRae <allan@archlinux.org>
This is a requirement to split the preparation of the build environment
into libmakepkg, which will allow dropping in extensions (e.g. to allow PGO).
After this patch, disabling buildflags or makeflags and enabling debug
CFLAGS will only effect the build(), check() and package() functions. The
relevant variables are no longer exported for the prepare() function. This
should have zero impact for the prepare() function of a properly written
PKGBUILD, as no building/linking is done there...
Signed-off-by: Allan McRae <allan@archlinux.org>
The value EAGAIN is allowed by POSIX to be the same as EWOULDBLOCK, but this is
not guaranteed. Thus on some systems (e.g. glibc Linux), we get a warning that
the logical OR is being performed on two expressions of the same type. We can
not get rid of this test in case any system defines these as unique values.
Suggested-by: Dave Reisner
Signed-off-by: Allan McRae <allan@archlinux.org>
GCC-6 points out that the value we use for the sentinal in enums is actually
too large for the integer type. Reduce the bitshift by one to fix this.
Signed-off-by: Allan McRae <allan@archlinux.org>
Matching output for -s operations, the repository is coloured 'magenta', the
package name is 'bold', and the version is outputted in 'green'.
Signed-off-by: Xavion <Xavion (dot) 0 (at) Gmail (dot) com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Colour the group name in 'blue' and the repository names in 'magenta'.
Signed-off-by: Xavion <Xavion (dot) 0 (at) Gmail (dot) com>
Signed-off-by: Allan McRae <allan@archlinux.org>
It is useful to be able to use "pacman -Qi" on any dependency, even if that
dependency is a provide. For example, on Arch Linux systems, "sh" is provided
by the "bash" package, and many packages depend on "sh". Querying the
package that provides the "sh" dependency currently requires first searching
for "sh".
This patch allows the use of "pacman -Qi" on a provide.
Fixes FS#20650.
Signed-off-by: Allan McRae <allan@archlinux.org>
This ensures any additions to these test do not have to rely on the correct
error condition being set by libalpm.
Signed-off-by: Allan McRae <allan@archlinux.org>
I caught myself searching for operations when in need for an option.
However this made me find transaction and update options only. So add
the actual operations to captions for easy searching.
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
When printing a list of URLs of packages to be updated, pacman was ignoring any
replacements that would be made in the update process.
Fixes FS#35812
Signed-off-by: Allan McRae <allan@archlinux.org>
When checking .INSTALL and .CHANGELOG files in the mtree file, we need to find
the path they are stored in the local database. This was appending the root
prefix twice as alpm_option_get_dbpath already returns the absolute path to
the database.
While fixing that issue I added checks that the paths for the database files
were not longer than PATH_MAX.
Fixes FS#48563.
Signed-off-by: Allan McRae <allan@archlinux.org>
Using "-exec command {} +" systax exits on any error. Such errors occur when
running rmdir on a non-empty directory. Switch to "{} ;" syntax instead which
avoids exiting before the find command is completed.
Fixes FS#48515.
Note, we can not use "-empty" in the find command because it is not supported
by Busybox find, and the "--ignore-fail-on-non-empty" flag for rmdir is not
available on BSD rmdir variants.
Signed-off-by: Allan McRae <allan@archlinux.org>
Previously, we errored only if all databases failed to download. If any
database downloads fail, we are unable to determine whether an update is
still considered safe. So now if any database download fails, the transaction
is aborted (after attempting all database downloads).
Fixes FS#47599.
Signed-off-by: Allan McRae <allan@archlinux.org>
Checking install status and if a package is optionally required on removal
now considers the version of the optdepend.
Fixes FS#44957.
Signed-off-by: Allan McRae <allan@archlinux.org>
Florian Pritz