This sets curl's CURLOPT_PINNEDPUBLICKEY option in the built-in
downloader, or replaces %p in XferCommand. This pins public
keys to ensure your TLS connection is not man-in-the-middled
without relying on CAs etc. Probably most useful currently
for very small or single groups of servers.
It would obviously be best as a per-mirror option, but such
a thing currently does not exist.
Signed-off-by: Travis Burtrum <travis.archlinux@burtrum.org>
Many bitfield variables are declared to be enums, because they are
generated using bitwise operations on enums such. However, their
actual values aren't necessary members of their parent enum, so
declaring them 'int' is more accurate.
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows functions which return an _alpm_errno_t to always return a
genuine _alpm_errno_t for consistency, even in cases where there are
no errors. Since ALPM_ERR_OK = 0, their callers can still simply check
'err = some_fn(); if (!err) { ... }'.
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Add a --with-nettle configure option that directs pacman to use the libnettle
hashing functions. Only one of the --with-libssl and --with-nettle configure
options can be specified.
[Allan: rewrote configure check]
Signed-off-by: Allan McRae <allan@archlinux.org>
This should make pacman's behavior consistent with GNU coreutils df,
as well as follow advice from affected filesystems' devs as well as
`man statvfs`.
This fixes FS#37402
Signed-off-by: Martin Kühne <mysatyre@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This was included due to use of PolarSSL's implementation for our internal
SHA2 support. As our internal checksum calculations are now removed, we
can also remove this unused code path.
Signed-off-by: Allan McRae <allan@archlinux.org>
The internal implementations for md5 and sha256 checksums have not been merged
from upstream sources for a long time. Instead of us carrying copies of code
from other projects, we should just support building against multiple libraries
that provide such functionality.
This patch removes the md5 and sha2 code (originally obtained from PolarSSL)
from our repository. The configure script will now error unless at least one
library supporting checksum generation is present, with the only library
currently supported being openssl. It will be relatively simple for other
such libraries (e.g. nettle) to be supported if anyone wishes to add them.
Signed-off-by: Allan McRae <allan@archlinux.org>
Making it size_t matches the return value of alpm_list_count() and
avoids the implicit cast to int.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Since the number of packages is not used anywhere, just return a
boolean to avoid the implicit cast from size_t to int in be_local.c.
Use 0 as success to be consistent with db_validate.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Recent gcc (tested with 6.2.1) produces the following error when
compiling with both --enable-warningflags and --enable-debug.
In particular, it seems it is the combination of GCC_STACK_PROTECT_LIB
and -Wstrict-overflow=5 produces the error.
be_local.c:609:4: error: assuming signed overflow does not occur
when simplifying conditional
[-Werror=strict-overflow]
if(count > 0) {
Fix this by changing the type of count from int to size_t, which is
fine since count is never negative.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Curl 7.32.0 added CURLOPT_XFERINFOFUNCTION, which deprecates
CURLOPT_PROGRESSFUNCTION and means less casting doubles to size_ts for
alpm. This change has no user-facing nor frontend-facing effects.
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
When curl calls alpm's dlcb, alpm calls the frontend's cb with the
following (dlsize, totalsize) arguments:
0, -1: initialize
0, 0: no change since last call
x {x>0, x<y}, y {y>0}: data downloaded, total size known
x {x>0}, x: download finished
If total size is not known, do not call frontend cb (no change to
original behavior); alpm's callback shouldn't be called if there is a
download error.
See agregory's original spec here:
https://wiki.archlinux.org/index.php/User:Apg#download_callback
Signed-off-by: Allan McRae <allan@archlinux.org>
macOS < 10.10 do not provide fstatat. We were constructing the full
path to the hook file for all other operations anyway, so there was no
real benefit to using fstatat.
Fixes FS#49771
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
If signature files are larger than SIZE_MAX, not enough memory could
be allocated for this file. The script repo-add rejects files which
are larger than 16384 bytes, therefore handle these as errors here,
too.
While at it, I also rearranged the code to avoid a quite harmless
TOCTOU race condition between stat() and fopen().
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Some resources (memory or file descriptors) are not released on all
error paths.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
In out of memory conditions, an undefined error value is written
into *err, because myerr is never explicitly set in these cases.
I have also converted a calloc into a MALLOC call, because the memory
will be properly filled by the snprintf call right after it.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Cyclic dependencies (A depends on B, B depends on A) were not selected
because neither package could be removed individually, so
can_remove_package would always return false for both. By preselecting
all dependencies then filtering back out any dependencies still required
by any packages that will not be uninstalled, groups of unneeded cyclic
dependencies can be found.
Fixes FS#41031
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The value EAGAIN is allowed by POSIX to be the same as EWOULDBLOCK, but this is
not guaranteed. Thus on some systems (e.g. glibc Linux), we get a warning that
the logical OR is being performed on two expressions of the same type. We can
not get rid of this test in case any system defines these as unique values.
Suggested-by: Dave Reisner
Signed-off-by: Allan McRae <allan@archlinux.org>
GCC-6 points out that the value we use for the sentinal in enums is actually
too large for the integer type. Reduce the bitshift by one to fix this.
Signed-off-by: Allan McRae <allan@archlinux.org>
Checking install status and if a package is optionally required on removal
now considers the version of the optdepend.
Fixes FS#44957.
Signed-off-by: Allan McRae <allan@archlinux.org>
RET_ERR calls _alpm_log which includes calls that are not safe for use
in asynchronous signal handlers (see signal(7)). Replace it in
functions called from our signal handlers with a new macro
RET_ERR_ASYNC_SAFE which is identical except that it lacks the call to
_alpm_log.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Commit e374e6829c closed stdin before
running scripts/hooks. This left the exec'd process with no file
descriptor 0. If the process subsequently opened a file it would be
assigned fd 0, and could potentially be confused for stdin. Connecting
and immediately closing the parent2child pipe ensures that the child has
an fd 0 and that it is empty.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
init_gpgme checks for various paths under gpgdir by concatenating them
directly, giving warning messages incorrectly if gpgdir does not end
with '/'.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Relying on localdb to determine which trigger operations should match is
completely broken for PostTransaction hooks because the localdb has
already been updated. Store a copy of the old version of any packages
being updated to use instead.
Fixes FS#47996
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Check if we overwrote an exiting pacnew file before unlinking it.
Otherwise, updating to a version with an unchanged file would delete
existing pacnew files.
FS#47993
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Useful if there's some output (to know where it comes from), or in case of
failure.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
PATH_MAX is only defined in limits.h in musl libc, so ensure that it is
included. Presumably this is also required on other platforms.
Signed-off-by: Alastair Hughes <hobbitalastair@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
alpm_list_add always returns the provided list making it impossible for
callers to check whether or not the operation actually succeeded without
manually comparing the list length before and after. alpm_list_append
instead returns a pointer to the newly created list item so that success
can be checked.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The signedness of char is implementation defined. Since the
alpm_graph state is clearly meant to be signed, make the
signedness explicit.
This fixes bugs on systems where char is unsigned, in comparissons
of the following type:
if(v.state == -1)
which, if state is unsigned, will never be true due to integer
promotion rules.
Fixes failing test/pacman/tests/sync012.py when compiling with -funsigned-char.
Fixes two warnings [-Wtype-limits] for comparissons with -1 when compiling
with -funsigned-char.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The CheckSpace option checks the size of all files in a package being replaced
and gives a warning when it can not read the file. However, files in NoExtract
are expected to be missing and should not be warned about.
Fixes FS#47470.
Signed-off-by: Allan McRae <allan@archlinux.org>
There is no need to run any/remaining pre-transaction hooks as soon as a failure
has occured, which will lead to aborting the transaction.
So if an error occured during the first phase (reading directories/parsing
files), or as soon as a hook flagged abort_on_fail does fail, we stop processing
them and return.
(For post-transaction hooks, all hooks are run regardless since there's no
aborting.)
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The "Description" field allows a hook to provide a some text for frontends
to use in describing what the hook is doing. For example:
Description = updating info page directory
Signed-off-by: Allan McRae <allan@archlinux.org>
Introduces the ALPM_EVENT_HOOK_RUN_{START,DONE} events that are triggered
at the start and end of running an individual hook.
Signed-off-by: Allan McRae <allan@archlinux.org>
This provides a way to detect when the processing of package changes starts,
allowing pacman to delineate hook output and package installation/removal
output.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add events to let frontends know when hooks are being processed (and when it's
done), as that might be useful to update the UI.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Having a first pass that checks which hooks are triggered followed by a
second pass of the triggered hooks allows us to only provide output when
a hook is actually triggered.
Signed-off-by: Allan McRae <allan@archlinux.org>