1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-12-22 07:48:50 -05:00
Commit Graph

6322 Commits

Author SHA1 Message Date
Allan McRae
8566034866 pacman/files.c: fix memory leak on regex error
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20 13:41:36 +10:00
Levente Polyak
deac973188 ensure matching database and package version
While loading each package ensure that the internal version matches the
expected database version to avoid the possibility to circumvent the
version check.
This issue can be used by an attacker to trick the software into
installing an older version. The behavior can be  exploited by a
man-in-the-middle attack through specially crafted  database tarball
containing a higher version, yet actually delivering an  older and
vulnerable version, which was previously shipped.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20 12:50:39 +10:00
Dave Reisner
445aa3b52c dont remove x bit when marking pkgdir RO
f170a94c13 potentially causes $pkgdirbase/$pkg to be undeleteable
with -R or -C if a previous build was interrupted. We simply can't
traverse to this directory, and rm blows up.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20 12:50:25 +10:00
Allan McRae
bbab90836b libmakepkg: lint_package requires cd_safe
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20 11:43:27 +10:00
Allan McRae
3c41030964 Handle repo/pkg style arguments to sync repo file listing
Passing "-Fl pkg" will print the filelist for the first occurance of "pkg"
in the sync repos. Other version of the package can be printed using
"-Fl repo/pkg".

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:31 +10:00
Allan McRae
fd9ff672b0 Add regex search option to sync database file searching
e.g. pacman -Fsx kcm.*print.*\.so

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:31 +10:00
Allan McRae
acf95f6b3b Implement searching for a file in the sync databases
Locates all packages that contain the listed file
e.g. pacman -Fs libpng.so

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:31 +10:00
Allan McRae
137a4086de Implement listing files from sync packages
Does the equivalent of the -Ql option for local packages

e.g. pacman -Fl glibc

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:30 +10:00
Allan McRae
488ca24265 Implement locating file owner in sync files database
Equivalent to -Qo but for packages in the sync database
e.g.  pacman -Fo /usr/bin/pacman

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:30 +10:00
Allan McRae
5782b8356c Prototype pacman files database operations
Add the -F/--files operations, -s/--sync support and nd provide dummy
functions for -s/--search, -l/-list and -o/--owns.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:30 +10:00
Allan McRae
e49abc9860 pacman: move database syncing to util.c
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:30 +10:00
Allan McRae
b0dac754d2 Add pacman support for .files databases
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:30 +10:00
Allan McRae
289fdf0d1d Read file lists from databases
If a sync database contains a "files" file, the file list will be read.

Currently, there is no known demand for the file list to be lazy loaded by
any libalpm frontend, so these files are read whenever present. Lazy loading
can be implemented when a demand exists.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:30 +10:00
Allan McRae
f6c55b3c3f Allow frontends to specify the sync database extension
This allows frontends to select between the .db and .files databases
currently supplied by repo-add or any other compatible database.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15 10:57:29 +10:00
Allan McRae
1ada16f017 Fix formatting in parsearg_upgrade
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-14 20:46:03 +10:00
Allan McRae
2d7a41539b Simplify sync_cleandb
1) Remove checks for removing pre-tardb files
2) Remove the long redundant keep_used parameter
3) Fix pacman error due to removing .sig file along with database

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-14 20:45:55 +10:00
Allan McRae
94204d1089 Do not warn about packages that optionally require a removal when ignoring deps
If a transaction is removing a package while ignoring all dependencies, there
should not be any warning about other packages optionally requiring it.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-14 17:15:33 +10:00
Allan McRae
ff487212a2 Do not warn about downgrades when only downloading package
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-12 16:23:25 +10:00
Andrew Gregory
2e5e496eb0 Fix overflow warnings
Fix new warnings generated by gcc-5 about potential overflows.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-12 16:23:18 +10:00
Lukas Fleischer
a187fa4562 Match providers when showing optdep install status
Use alpm_find_satisfier() instead of alpm_db_get_pkg() when retrieving
the install status of a package to make sure we spot providers as well.

Fixes FS#36412

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-06-20 17:32:57 +10:00
Johannes Löthberg
4b0bc2cf97 repo-add: Reject armored signatures
Pacman cannot handle armored signatures, so make repo-add error out if
one is detected.

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-06-20 17:32:57 +10:00
Johannes Löthberg
aa9aa343cb makepkg: Add flag for printing SRCINFO to stdout
This commit adds a makepkg option to generate and print the SRCINFO file
for a PKGBUILD, required by the new AUR, to stdout.

AUR 4.0 will use Git instead of source tarballs for uploading packages,
so making makepkg capable of printing the SRCINFO would simplify package
management, instead of having to extract it from a source tarball.

It is also useful for scripting other things, so that instead of having
to parse PKGBUILDs, one can make makepkg generate the SRCINFO and then
you can parse that instead, which is much simpler and less error-prone.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-06-20 17:32:57 +10:00
Johannes Löthberg
2bed2090fb repo-add: Generate unarmored DB signature
Pacman cannot handle armored signatures, so use gpg's --no-armor flag to
force an unarmored signature.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-06-20 17:32:57 +10:00
Johannes Löthberg
53d9633449 util.c: table_display: Fix incorrect docstring
Commit 7b8f8753 removed the title parameter but forgot to remove it
from the docstring.

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-06-20 17:32:57 +10:00
Wieland Hoffmann
0f302df5ed makepkg-template.1: Clarify which file version-less markers use
The old text could be interpreted such that makepkg-template compares
the version numbers of the templates to find the most recent
one. Rephrase this to make it explicit that "$template_name.template" is
used.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-06-20 17:32:56 +10:00
Allan McRae
3d4529335c libmakepkg: extract functions for source download and extraction
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19 23:43:00 +10:00
Allan McRae
1a17249159 libmakepkg: extract functions for handling source URLs
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19 23:43:00 +10:00
Allan McRae
366adc3bb0 libmakepkg: fix test style
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19 23:43:00 +10:00
Allan McRae
23e3c48526 libmakepkg: move more functions for extracting information from PKGBIULDs
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19 23:43:00 +10:00
Allan McRae
15b6cecdd5 libmakepkg: extract more utility functions
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19 23:43:00 +10:00
Allan McRae
8ab106eb9b libmakepkg: extract get_full_version and get_pkg_arch
These functions group in with other functions that extract PKGBUILD
information.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-16 14:10:42 +10:00
Allan McRae
61dd7e03be Simplify libmakepkg .gitignore 2015-05-16 14:10:42 +10:00
Allan McRae
dbbe76b83d makepkg: put further restrictions on pkgbase
pkgbase should be subject to the same restrictions as pkgname

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-16 14:10:42 +10:00
Allan McRae
9302593cfb makepkg: merge validate_pkgver into check_pkgver
The check that pkgver is non-empty done in check_pkgver should also be
performed after running the pkgver() function.  Merge validate_pkgver
into check_pkgver and run check_pkgver after updating pkgver.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-16 14:10:42 +10:00
Allan McRae
c9a7b7e0bf libmakepkg: extract PKGBUILD linting functions
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-16 14:10:42 +10:00
Allan McRae
d38c098787 libmakepkg: extract in_array 2015-05-16 14:10:42 +10:00
Allan McRae
83b734a103 libmakepkg: move functions for extracting pkgbuild attributes
Also rename some functions for clarity:
funcgrep -> grep_function
extract_global_var -> extract_global_variable
extract_function_var -> extract_function_variable
pkgbuild_get_attribute -> get_pkgbuild_attribute

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-16 14:10:42 +10:00
David Macek
d5536d3eb3 libalpm: Do a sanity check before manipulating final DB URL
The change in commit 9d96bed9d6 causes download errors for the .db.sig file
in case the final URL for the .db file contains query strings or other
unexpected stuff. This commit isn't intended to be a total solution, but it
should eliminate the problem in the most obvious cases.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:55 +10:00
David Macek
d568a4335b Fix comment in alpm_db_update
Fix comment to better explain the magic constant used when allocating a buffer
for ".db.sig" URL.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:55 +10:00
Allan McRae
99c7b1b088 libmakepkg: fix test bracket style
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:55 +10:00
Andrew Gregory
9a9e0203de alpm_logaction: implement documented return value
"return 0 on success, -1 on error (pm_errno is set accordingly)"

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:55 +10:00
Andrew Gregory
1545a04253 alpm_logaction: allow falling back to syslog
Even if opening the log file fails, if a user has enabled syslog we may
still be able to log to that.  Set the error return value and continue
instead of bailing out.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:54 +10:00
Andrew Gregory
e4af5e3c97 alpm_logaction: check logfile before opening
valgrind does not like calling open(NULL, ...).  This also makes the
return value 0 if logfile has not been set.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:54 +10:00
Andrew Gregory
ae7067440c merge _alpm_logaction into alpm_logaction
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:54 +10:00
David Macek
f9423cfa5d makepkg: Empty/create only $pkgdir's relevant to current PKGBUILD
Currently makepkg clears the whole $pkgbasedir which is needless. Moreover,
in the obscure case of multiple makepkg runs (with different $pkgname) that
share a $pkgdirbase, only $pkgdir's from the last run will remain. Since
I consider the contents of $pkgdir an important artifact, this commit restricts
the deletion to individual $pkgdir's.

When CLEANUP is set, the behavior is unchanged.

Discussed in:
https://lists.archlinux.org/pipermail/pacman-dev/2015-February/019939.html

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:54 +10:00
Charles Duffy
1040ad4e71 Fix compilation if libarchive headers are not in standard location
With commit 097d5a478b, including alpm.h also drags in archive.h.
Ensure the tools we build that depend on ALPM also include the necessary
flags to find libarchive headers if they are not installed in a standard
location.

[Dan: Add commit message]
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:54 +10:00
Dominik Fischer
b0ae59724e makepkg-template: support multiple --template-dirs
Especially when maintaining local templates in addition to the ones
stored in /usr/share/makepkg-template, it can be useful to include
templates stored in multiple different locations into one PKGBUILD. This
patch makes this possible by allowing --template-dir to be specified
multiple times.

This also introduces a dedicated error message when a template cannot be
found, in contrast to the already existing "Couldn't detect version for
template '%s'".

If a template of the same name is present in more than one of the given
directories, the last one always takes precedence.

Neither the default behaviour without the option given, nor the handling
of a single template dir is changed.

Signed-off-by: Dominik Fischer <d.f.fischer@web.de>
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:54 +10:00
Andrew Gregory
d4e5de4bf6 pacsort: fix warning about signed overflow potential during comparison.
Some crazy person assumed we would have fewer than INT_MAX columns.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:54 +10:00
Allan McRae
54067c390f Silence warning from clang
clang is wrong - dbfile is always used initialized in that function.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:54 +10:00
Allan McRae
4dbac804a3 Pluralize callback string
In English, this string only has it plural form. However, we need to use the
pluralized translation as some languages can have multiple plural formats.

Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12 14:00:54 +10:00