If a sync DB is malformed and contains entries in the root of the
archive, load_pkg_for_entry will leave the 'filename' variable empty,
leading to a crash in the ensuing strcmp() calls which determine the DB
fragment being examined.
While this isn't a read error, this should be reported to the user so
that it can be addressed by the creator of the DB.
As seen: https://bbs.archlinux.org/viewtopic.php?pid=1297766
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
On operating systems we support, the behavior is always such that the
kernel will do the right thing as far as invalidating the file
descriptor, regardless of the eventual return value. Therefore,
potentially looping and calling close multiple times is wrong.
At best, we call close again on an invalid FD and throw a spurious EBADF
error. At worst, we might close an FD which doesn't belong to us when a
multi-threaded application opens its own file descriptor between
iterations of the loop.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
It is now possible to invert patterns in NoExtract and NoUpgrade.
This feature allows users to whitelist certain files that were
previously blacklisted by another entry.
Signed-off-by: Allan McRae <allan@archlinux.org>
On upgrades, indirect dependencies were not being detected if there was
a dependency in between them that was not part of the transaction. For
example, with the dependency chain: pkg1 -> pkg2 -> pkg3, if pkg1 and
pkg3 are being upgraded but not pkg2 pacman would not order pkg1 and
pkg3 properly.
This was particularly problematic when replacements were involved
because the replaced package(s) would be removed at the start of the
transaction. If an install script required the replacer and lacked
a direct dependency, it could fail.
Fixes FS#32764.
Partially fixes FS#23011.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Currently we make no effort to validate the %FILENAME% field in the
repo db. This allows for relative paths to be considered valid.
A carefully crafted db entry with a malicious relative path,
(e.g. `../../../../etc/passwd`) will cause pacman to to
overwrite _any_ file on the target's machine.
Add the following validation:
- doesn't start with '.'
- doesn't contain a '/'
- won't overflow PATH_MAX
Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Packages removed due to conflicts are always removed at the beginning of
the transaction and as such can be included in the check for whether all
owners of a directory will be removed in a transaction. Installed
versions of packages being upgraded, other than the one with the
conflict, cannot be used because our transaction ordering is not
intelligent enough to ensure that they are removed prior to the
installation of the conflicted package.
Also, return false from dir_belongsto_pkgs on errors. Previously, we
simply continued which could return true even if we were unable to
actually establish that the package owned the entire tree.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
We always want to work with the package file itself, not its target if
it's a symlink.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
After the initial checks, we either use the path as a directory and have
to append the trailing slash anyway or use it as a file in which case
the trailing slash should be excluded.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
When attempting to install a package (either via -S or -U) and the
signature is missing, the current error message "invalid or corrupted
package (PGP signature)" is very unclear. Instead inform the user
that the package is missing the required signature.
Partial fix for FS#34741.
Signed-off-by: Allan McRae <allan@archlinux.org>
The previous implementation was overly complex with unnecessary checks
and nested conditionals. By reordering the tests and changing them to
all be checks for positive hash matches rather than non-matches, we can
collapse several cases and make the process much more linear. This
removes the need to set hash_orig = "" just to reach some of the checks
and corrects a faulty assumption that files are equivalent when the
hashing process fails.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
p1 and p2 both come directly from the upgrade list without being copied
so they can be compared directly instead of comparing their names.
Also fix minor style violation.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
We currently use the pacman version number in the libalpm.pc file. It makes
more sense to use the libalpm version.
Fixes FS#34967.
Signed-off-by: Allan McRae <allan@archlinux.org>
Remove a question that hasn't been used since the 3.0 days. To prevent
us from having an ugly enum of questions that is missing a bitmask, this
changes the API of the hidden --ask option.
Signed-off-by: Connor Behan <connor.behan@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Add details to the doxygen for the initialization and relase functions
of the library.
Signed-off-by: Richard Pougnet <richard@pougnet.ca>
Signed-off-by: Allan McRae <allan@archlinux.org>
Be complete with files listed. Comment out files where code is used
or heavily based on other projects so will never have translatable
strings.
Signed-off-by: Allan McRae <allan@archlinux.org>
I imported this translation from transifex without realising that there
was no strings translated despite being "acitve" on transifex for quite
some time. Remove it until translation begins...
Signed-off-by: Allan McRae <allan@archlinux.org>
We shouldn't assume a frontend program didn't explicitly set the LC_TIME
setting to a value not in the environment, which is what we previously
assumed. Save the old locale before forcing the 'C' locale and restore
it when we are done.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Currently pacman either prints 'adding' or 'upgrading' when installing
a package. This make pacman print and log the other possible actions:
'downgrade' and 'reinstall'
Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This also rearranges some code to ensure that declarations and code
aren't mixed.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Since 882bff36 literals would be searched before replacers, resulting in a
package being replaced by another not actually being replaced under certain
conditions (e.g. they're both in the same repo).
This change effectively reversed the expectations in test sync132. This patch
switches the order back to replacers first, thus making sure if a package is
replacing another one, the change will always happen, even if both are in the
same repo.
Note that a package replacing another one in a repo with higher priority will
not be done, see FS#11737 and test sync1105
Signed-off-by: Olivier Brunel <i.am.jack.mail@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
During a sysupgrade, if a package is replaced by another, and an update for the
former package is found (on another repo) the replaced package would be
re-installed.
Signed-off-by: Olivier Brunel <i.am.jack.mail@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Although technically correct, this results in my system taking ~30 seconds
to resolve all filelists when removing a package that has a directory not
owned by any package. The check for if any package own the empty directory
is a rare enough occurance, and it will be even rarer when that directory
has a directory symlink in its path, so just revert this at this stage.
Signed-off-by: Allan McRae <allan@archlinux.org>
alpm_filelist_contains is listed in alpm.h and should be public but was
not exported.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Fix FS#31556 by printing filename instead of entryname. Thus,
removing a lot of confusion from the output.
Signed-off-by: Allan McRae <allan@archlinux.org>
Pacman currently bails when trying to extract a file over a directory
when using --force. Instead of ignoring all conflict, perform the
check and skip any file-file conflicts. Conflicts between directories
and files are still flagged and cause the transation to abort.
As a bonus, we now know about files changing packages when using
--force, so we can skip removing them fixing upgrade046.
Signed-off-by: Allan McRae <allan@archlinux.org>
alpm_filelist_contains was being used to search for resolved paths, but
searching in the unresolved paths, causing it to miss matches. We
always search unresolved paths and search the resolved paths if
available because _alpm_filelist_resolve is not public and requires
a context handle, so it can't be called from alpm_filelist_contains.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
We were comparing files based on resolved paths but returning the
original file_t structures, which were not necessarily in the same
order. The extra file_t information was only being used to determine if
the file was a directory which can be accomplished by testing for
a trailing slash, so just return the resolved path.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
We were comparing files based on resolved paths but returning the
original file_t structures, which were not necessarily in the same
order. The additional file_t information was never used, so just return
the resolved path.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
alpm_filelist_intersection returns a list of pointers to internal file_t
struct's, so only the list itself should be freed.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
'/' should not be appended to the resolved root when root is "/".
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Arch Linux typically runs into this with /sys when upgrading the
filesystem package in build chroots, but LXC users might also run into
this, since their /sys is shared from the host and must, for security
reasons, be mounted RO.
I've neglected to add any tests for this because they would require root
in order to run. Current tests all pass with this patch and I've
confirmed the desired behavior in a VM. Incidentally, the first hunk of
this patch (skipping can_remove_file checks for directories) resolves the
case of API mountpoints being removed since they eventually fall into
unlink_file and fail with "contains files". However, this patch should
still be the Right Thing To Do™, as we can't possibly remove a directory
that is also a mountpoint.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
[Allan] Do not skip checking if directories can be removed. Instead test
if directories are mountpoints in can_remove_file.
Signed-off-by: Allan McRae <allan@archlinux.org>
We record whether the default SigLevel is set in order to add upon
it for the *FileSigLevel entries. When using the only valid value
of "SigLevel = Never" with non-gpgme builds, we need to ignore
the ALPM_SIG_PACKAGE_SET flag when determining if we have a valid
value for the database SigLevel.
Signed-off-by: Allan McRae <allan@archlinux.org>
Fixes all clang warnings with -Wformat-literal.
Also, fix genuine formating issue discovered once adding these attributes
and add a cast to prevent a gcc warning.
Signed-off-by: Allan McRae <allan@archlinux.org>
This also lead me to notice that in _alpm_gpgme_checksig many things
were not being cleaned up. Fix this by having CHECK_ERR goto gpg_error
and make the required adjustments.
Signed-off-by: Allan McRae <allan@archlinux.org>
When installing a package with "pacman -U" that has a detached
signature, check if the needed key is in the keyring and download
if necessary.
Signed-off-by: Allan McRae <allan@archlinux.org>
Now that the keyring is checked for all needed keys before the
validation, we can not reach a point of a missing key when doing
validity checks for sync operations.
Signed-off-by: Allan McRae <allan@archlinux.org>
Keys used to create signatures are checked for presence in the keyring
before package validation is performed.
Signed-off-by: Allan McRae <allan@archlinux.org>
Conflicts:
lib/libalpm/alpm.h
Signed-off-by: Allan McRae <allan@archlinux.org>
This does not support all possibilities of RFC4880, but it does
cover every key currently used in Arch Linux.
Signed-off-by: Allan McRae <allan@archlinux.org>
This will be useful for checking the availablity of all keys before
perfoming validation in sync operations and for downloading a needed
key in upgrade operations.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add LocalFileSigLevel and RemoteFileSigLevel to control the signature
checking for "pacman -U <file>" and "pacman -U <url>" operations
respectively. The starting value for both these options is SigLevel,
if it is specified in the [options] section, or the built-in system
default. The specified values override and/or supplement this initial
value. Note there is no distinction between setting "Required" and
"PackageRequired" as there are no database options for Upgrade
operations.
Signed-off-by: Allan McRae <allan@archlinux.org>
We still call some of these 'deprecated' methods elsewhere, so this
shouldn't present a problem. When we decide 2.x support is to be dropped,
we should update all of the code to not call deprecated methods.
Allan: Adjusted with respect to previous patches adding libarchive
compatibilty layer.
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows us to support both libarchive 2.8.x as well as 3.x without
deprecation warnings on compile.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
I suspect that eventually we're going to end up returning a pointer to
an allocated struct to describe the download result, but that's for
another patch when the need arises...
Fixes FS#33508.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Users have hit issues behind corporate firewalls that initially throttle
downloads to ~1B/sec.
Signed-off-by: Olivier Langlois < olivier.pis.langlois@transport.alstom.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
prefix defaults to "UNKOWN" if null or an empty string is provided.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The FHS (2.3) says having ldconfig in /sbin is optional and it is usually
located in /usr/sbin. So /sbin/ldconfig should not be hard coded in
pacman. Instead, provide a configure option --with-ldconfig that defaults
to the current path.
Signed-off-by: Allan McRae <allan@archlinux.org>
This reverts commit 4a8c2852a8.
This reverts commit 993700bc6b.
This reverts commit bb4d2b72c1.
This reverts commit 60b192e383.
Signed-off-by: Allan McRae <allan@archlinux.org>
RFC 2616 doesn't forbid a 301 or 302 repsonse from having a body, and
servers exist in the wild that show this behavior. In order to prevent
pacman from showing a progress bar when we aren't actually downloading a
package (and merely following one of these pain in the butt redirects),
capture the server response code in the response header, rather than
waiting to peel it off the handle after the download has finished.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Reported-by: Alexandre Filgueira <alexfilgueira@cinnarch.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The ldconfig binary is not guaranteed to be in /sbin. Change to calling
just "ldconfig" rather than using the full path.
This removed the check that the ldconfig binary exists. However, it is
a reasonable assumption that it will exist if its configuration file
does.
Signed-off-by: Allan McRae <allan@archlinux.org>
This makes us more robust to utilities changing paths. There is no
functional change when a full path is specified.
Signed-off-by: Allan McRae <allan@archlinux.org>
Teach pacman to save backup files with extension .pacsave.n, where n is a
positive integer. The current backup file shall be saved as <name>.pacsave,
while existing .pacsave.n files will be renamed to <name>.pacsave.n+1
Example:
1. You have subversion installed in your local repo. /etc/conf.d/svnserve
is a file to be backed up. It contains local modifications
2. You remove subversion from your repo. /etc/conf.d/svnserve is backed up as
/etc/conf.d/svnserve.pacsave
2. You install subversion again
3. You edit /etc/conf.d/svnserve
4. You remove subversion. The existing /etc/conf.d/svnserve.pacsave is renamed
to /etc/conf.d/svnserve.pacsave.1 and /etc/conf.d/svnserve is backed up as
/etc/conf.d/svnserve.pacsave
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Rebased from original email and adjusted for util-common usage.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
There is duplicated code in the util.c files in the libalpm and pacman
source code. Split this into a separate file so that it can be shared
via a symlink. This prevents code divergence between the two code bases.
Also, move mbasename and mdirname from pacman/util.c into util-common.c
in preparation for the following patch that uses them to add an extension
to pacsave files.
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows compiling in both clang and gcc without running into
oddities regarding const vs. defined constant values.
Signed-off-by: Dan McGee <dan@archlinux.org>