1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-16 06:15:08 -05:00
Commit Graph

341 Commits

Author SHA1 Message Date
Dan McGee
5f38660be1 Add reason to corrupted package callback
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-08 19:55:44 -05:00
Dan McGee
9d09c9fdf7 Attempt to fix up some of the brokenness around failed package loads
This is a bit of a mess, due to the fact that we have a progress meter
running. It is also ironic that we are in the midst of a method named
"commit" when we haven't done a damn thing yet, and can still fail hard
if either a checksum or signature is invalid or unrecognized.

Adapt the former test_md5sum method to be invoked for any of the various
failure types, which at least gives the user some indication of what
packages are failing. A second patch will be needed to actually show
worthwhile error codes, but this is going to involve modifying the
actual data passed with the callback.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-08 19:42:52 -05:00
Dave Reisner
3eec745910 absorb some _alpm_download params into payload struct
Restore some sanity to the number of arguments passed to _alpm_download
and curl_download_internal.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-05 23:00:02 -04:00
Dave Reisner
6dc71926f9 lib/dload: prevent large file attacks
This means creating a new struct which can pass more descriptive data
from the back end sync functions to the downloader. In particular, we're
interested in the download size read from the sync DB. When the remote
server reports a size larger than this (via a content-length header),
abort the transfer.

In cases where the size is unknown, we set a hard upper limit of:

* 25MiB for a sync DB
* 16KiB for a signature

For reference, 25MiB is more than twice the size of all of the current
binary repos (with files) combined, and 16KiB is a truly gargantuan
signature.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-05 22:58:55 -04:00
Dave Reisner
6c9b82e72a dload: handle irregular URLs
URLs might end with a slash and follow redirects, or could be a
generated by a script such as /getpkg.php?id=12345. In both cases, we
may have a better filename that we can write to, taken from either
content-disposition header, or the effective URL.

Specific to the first case, we write to a temporary file of the format
'alpmtmp.XXXXXX', where XXXXXX is randomized by mkstemp(3). Since this
is a randomly generated file, we cannot support resuming and the file is
unlinked in the event of an interrupt.

We also run into the possibility of changing out the filename from under
alpm on a -U operation, so callers of _alpm_download can optionally pass
a pointer to a *char to be filled in by curl_download_internal with the
actual filename we wrote to. Any sync operation will pass a NULL pointer
here, as we rely on specific names for packages from a mirror.

Fixes FS#22645.

Signed-off-by: Dave Reisner <d@falconindy.com>
2011-07-05 22:58:27 -04:00
Dan McGee
c748eadc80 Allow invalid sync DBs to be returned by the library
They are placeholders, but important for things like trying to re-sync a
database missing a signature. By using the alpm_db_validity() method at
the right time, a client can take the appropriate action with these
invalid databases as necessary.

In pacman's case, we disallow just about anything that involves looking
at a sync database outside of an '-Sy' operation (although we do check
the validity immediately after). A few operations are still permitted-
'-Q' ops that don't touch sync databases as well as '-R'.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-05 10:13:20 -05:00
Dan McGee
7af0ab1cde signing: move to new signing verification and return scheme
This gives us more granularity than the former Never/Optional/Always
trifecta. The frontend still uses these values temporarily but that will
be changed in a future patch.

* Use 'siglevel' consistenly in method names, 'level' as variable name
* The level becomes an enum bitmask value for flexibility
* Signature check methods now return a array of status codes rather than
  a simple integer success/failure value. This allows callers to
  determine whether things such as an unknown signature are valid.
* Specific signature error codes mostly disappear in favor of the above
  returned status code; pm_errno is now set only to PKG_INVALID_SIG or
  DB_INVALID_SIG as appropriate.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-05 10:13:20 -05:00
Allan McRae
afc96f2ab3 Prefix _alpm_errno_t members with ALPM
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02 02:01:39 +10:00
Allan McRae
bd88a8d551 Prefix alpm_transprog_t members with ALPM
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02 02:01:39 +10:00
Allan McRae
495ba26e63 Prefix alpm_transconv_t members with ALPM
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02 02:01:39 +10:00
Allan McRae
3189d3bc4a Prefix alpm_transevt_t members with ALPM
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02 02:01:39 +10:00
Allan McRae
39262acab6 Prefix alpm_transflag_t members with ALPM
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02 02:01:39 +10:00
Allan McRae
ca43fdd92f Prefix alpm_loglevel_t members with ALPM
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02 02:01:38 +10:00
Allan McRae
eb39a9482b Prefix alpm_pkgreason_t members with ALPM
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02 02:01:38 +10:00
Dan McGee
23a2d2c16a Make alpm_db_get_sigverify_level() public
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-30 16:16:41 -05:00
Allan McRae
f1bb56cebf Rename public functions with grp in their name
Using grp instead of group is a small saving at the cost of clarity.
Rename the following functions:

  alpm_option_get_ignoregrps -> alpm_option_get_ignoregroups
  alpm_option_add_ignoregrp -> alpm_option_add_ignoregroup
  alpm_option_set_ignoregrps -> alpm_option_set_ignoregroups
  alpm_option_remove_ignoregrp -> alpm_option_remove_ignoregroup
  alpm_db_readgrp -> alpm_db_readgroup
  alpm_db_get_grpcache -> alpm_db_get_groupcache
  alpm_find_grp_pkgs -> alpm_find_group_pkgs

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-29 15:46:49 +10:00
Allan McRae
bfe1771067 Rename pmdelta_t to alpm_delta_t
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28 23:28:23 +10:00
Allan McRae
1fdbe79022 Rename pmgrp_t to alpm_group_t
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28 23:28:23 +10:00
Allan McRae
220842b37b Rename pmconflict_t to alpm_conflict_t
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28 23:28:23 +10:00
Allan McRae
9540dfc4d9 Rename pmdepend_t to alpm_depend_t
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28 23:28:23 +10:00
Allan McRae
6b62508c86 Rename pmtrans_t to alpm_trans_t
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28 23:27:16 +10:00
Allan McRae
8a04bc25a1 Rename pmpkg_t to alpm_pkg_t
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28 23:26:39 +10:00
Allan McRae
939d5a9511 Rename pmdb_t to alpm_db_t
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28 14:16:12 +10:00
Allan McRae
64c1cf7921 Rename pmhandle_t to alpm_handle_t
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28 14:04:00 +10:00
Dan McGee
25b7df4dab Make pmgrp_t public
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-16 11:58:04 -05:00
Dan McGee
51359e6d33 Make pmdelta_t public
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-16 11:58:04 -05:00
Dan McGee
ee015f086f Ensure handle is valid and pm_errno is reset when calling into API
We didn't do due diligence before and ensure prior pm_errno values
weren't influencing what happened in further ALPM calls. I observed one
case of early setup code setting pm_errno to PM_ERR_WRONG_ARGS and that
flag persisting the entire time we were calling library code.

Add a new CHECK_HANDLE() macro that does two things: 1) ensures the
handle variable passed to it is non-NULL and 2) clears any existing
pm_errno flag set on the handle. This macro can replace many places we
used the ASSERT(handle != NULL, ...) pattern before.

Several other other places only need a simple 'set to zero' of the
pm_errno field.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-14 10:01:08 -05:00
Dan McGee
ba63e31cc7 Small handle related cleanups
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-14 08:39:02 -05:00
Dan McGee
0074cadb3b Add handle argument to _alpm_pkg_should_ignore()
This allows callers to retrieve it from wherever is convenient, which
may or may not be on the package object itself.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-14 08:38:51 -05:00
Dan McGee
52bffd2457 Switch all logging to use handle directly
This is the last user of our global handle object. Once again the diff
is large but the functional changes are not.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13 19:41:16 -05:00
Dan McGee
e2aa952689 Move pm_errno onto the handle
This involves some serious changes and a very messy diff, unfortunately.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13 19:38:38 -05:00
Dan McGee
8b62d9bc0a Add handle argument to two more alpm methods
This takes care of alpm_checkdeps() and alpm_find_dbs_satisfier().

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13 19:35:22 -05:00
Dan McGee
70a86c14f4 Require handle for alpm_checkconflicts()
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13 19:35:22 -05:00
Dan McGee
d76341297a Require handle for alpm_pkg_load()
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13 19:35:22 -05:00
Dan McGee
ff8e519d4b Require handle for alpm_sync_sysupgrade()
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-09 14:24:45 -05:00
Dan McGee
17a6ac5675 Require handle argument to all alpm_option_(get|set)_*() methods
This requires a lot of line changes, but not many functional changes as
more often than not our handle variable is already available in some
fashion.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-09 14:24:45 -05:00
Dan McGee
e68f5d9a30 Remove global handle dependencies from sync/upgrade paths
This kills a lot more global handle business off. sync.c still requires
the handle declaration for one reference that can't be changed yet; it
will be removed in a future patch which isolates all of the necesary API
changes.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-03 13:18:36 -05:00
Dan McGee
d2f05f72f0 Remove global handle from remove.c
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-03 12:53:53 -05:00
Dan McGee
4015b23e8e Remove global handle from diskspace.c
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-03 12:36:13 -05:00
Dan McGee
de36c5fac4 Push down extern handle variable to files that need it
This will make the patching process less invasive as we start to remove
this variable from all source files.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-03 12:23:32 -05:00
Dan McGee
78cbc045c1 Remove ALPM_LOG_FUNC macro
The usefulness of this is rather limited due to it not being compiled
into production builds. When you do choose to see the output, it is
often overwhelming and not helpful. The best bet is to use a debugger
and/or well-placed fprintf() statements.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-03 11:48:24 -05:00
Dan McGee
47de7973fd dload: ensure we return success if we found files on any mirror
We were erroring out in the case where a first (possibly bogus) mirror
would cause the download process to return a failure code, even though
subsequent servers had the file.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-05-05 10:01:01 -05:00
Dan McGee
4d63ebe2fb Perform package verification at package load time
Both md5sum verification and PGP verification can and should be done at
package load time. This allows verification to happen as early as
possible for packages provided by filename and loaded in the frontend,
and moves more stuff out of sync_commit that doesn't really belong
there. This should also set the stage for simplified parallel loading of
packages later down the road.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:48:34 -05:00
Dan McGee
1cf79eb8c8 sync_commit: refactor out validate_deltas
More stuff going on in the pre-committing stage that can be in a static
method to make things a bit more clear.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:48:34 -05:00
Dan McGee
2df1534b78 sync_commit: refactor out file downloads
This part is almost completely self-contained, except building the list
of delta filenames that we use later to check their md5sums. Refactor it
into a static method so we can bring most of the code in sync_commit
closer to the method name.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:48:34 -05:00
Dan McGee
225acbbff1 Rein in the complexity of the signature type
Given that we offer no transparency into the pmpgpsig_t type, we don't
really need to expose it outside of the library, and at this point, we
don't need it at all. Don't decode anything except when checking
signatures. For packages/files not from a sync database, we now just
read the signature file directly anyway.

Also push the decoding logic down further into the check method so we
don't need this hanging out in a less than ideal place. This will make
it easier to conditionally compile things down the road.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:48:33 -05:00
Dan McGee
9579879b1b libalpm/dload: major refactor of signature downloading
There's a lot of related moving parts here:
* Iteration through mirrors is moved back to the calling functions. This
  allows removal of _alpm_download_single_file and _alpm_download_files.
* The download function gets a few more arguments to influence behavior.
  This allows several different scenarios to customize behavior:
  - database
  - database signature (req'd and optional)
  - package
  - package via direct URL
  - package signature via direct URL (req'd and optional)
* For databases, we need signatures from the same mirror, so structure
  the code accordingly.

Some-inspiration-from: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-22 17:08:33 -05:00
Rémy Oudompheng
10b8cd75b3 sync.c: remove unnecessary check for PM_PGP_VERIFY_UNKNOWN
The value PM_PGP_VERIFY_UNKNOWN is reserved to error cases,
now that the signature verification level defaults to the
globally set level. The only error case is when handle == NULL,
which is false in the context of _alpm_sync_commit().

Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21 12:14:34 -05:00
Rémy Oudompheng
670b315c4d alpm.h: add/improve function documentation
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
2011-04-21 07:08:35 +02:00
Dan McGee
791928dc48 Header inclusion cleanup
This does touch a lot of things, and hopefully doesn't break things on
other platforms, but allows us to also clean up a bunch of crud that no
longer needs to be there.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20 20:09:13 -05:00