This sets curl's CURLOPT_PINNEDPUBLICKEY option in the built-in
downloader, or replaces %p in XferCommand. This pins public
keys to ensure your TLS connection is not man-in-the-middled
without relying on CAs etc. Probably most useful currently
for very small or single groups of servers.
It would obviously be best as a per-mirror option, but such
a thing currently does not exist.
Signed-off-by: Travis Burtrum <travis.archlinux@burtrum.org>
Many bitfield variables are declared to be enums, because they are
generated using bitwise operations on enums such. However, their
actual values aren't necessary members of their parent enum, so
declaring them 'int' is more accurate.
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows functions which return an _alpm_errno_t to always return a
genuine _alpm_errno_t for consistency, even in cases where there are
no errors. Since ALPM_ERR_OK = 0, their callers can still simply check
'err = some_fn(); if (!err) { ... }'.
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Relying on localdb to determine which trigger operations should match is
completely broken for PostTransaction hooks because the localdb has
already been updated. Store a copy of the old version of any packages
being updated to use instead.
Fixes FS#47996
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This is necessary in order to be able to run PreTransaction hooks as
close to the actual commit as possible so that we don't prematurely run
hooks for a transaction that ultimately never happens.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
While loading each package ensure that the internal version matches the
expected database version to avoid the possibility to circumvent the
version check.
This issue can be used by an attacker to trick the software into
installing an older version. The behavior can be exploited by a
man-in-the-middle attack through specially crafted database tarball
containing a higher version, yet actually delivering an older and
vulnerable version, which was previously shipped.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
download_files sets the transaction state to STATE_DOWNLOADING.
Modifying the state after it has already been set to STATE_COMMITTING
created a brief window where SIGINT would fail to interrupt the process
and caused interrupted downloads to result in a 'transaction started'
message in the log with no matching transaction end.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Since 017184fa, alpm_sync_sysupgrade will not add both a replacement and
a literal upgrade to the transaction.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Much like with events, instead of using a bunch of void* arguments for
all questions, we now send one pointer to an alpm_question_t union.
This contains the type of question that was triggered.
With this information, a question-specific struct can be accessed in
order to get additional arguments.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Use MALLOC instead of malloc for safety in libalpm. Some changes are pure
refactoring, but for others this provides a success check for memory
allocation.
Signed-off-by: Allan McRae <allan@archlinux.org>
These will be emmitted when download a package file from a repository,
indicating that the download starts, and whether it was successfull or
not.
Note that when multiple servers are available, no event is emmitted when
switching to another server.
(This doesn't apply to alpm_fetch_pkgurl(), but since it is called by
the frontend, it shouldn't have problems knowing when the download
starts and when it ends.)
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
To go along with RETRIEVE_START, one other event will be emmitted once
the downloads are done: RETRIEVE_DONE if all files were successfully
downloaded, else RETRIEVE_FAILED.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Instead of using two void* arguments for all events, we now send one
pointer to an alpm_event_t struct. This contains the type of event that
was triggered.
With this information, the pointer can then be typecasted to the
event-specific struct in order to get additional arguments.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
If the user opted not to remove the unresolvable packages from the
transaction, the list was neither free'd nor saved to the transaction to
be free'd in trans_release.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Front-ends should be able to free memory that alpm hands them.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
_alpm_resolvedeps resets pm_errno to 0 by calling alpm_checkdeps.
Whenever the last call succeeded, pm_errno was not properly set,
preventing pacman from properly handling the error and leaking
additional memory. We know pm_errno should be ALPM_ERR_UNSATISFIED_DEPS
if resolvedeps has failed, so just set it manually.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Forcing vim users to view files with a tabstop of 2 seems really
unnecessary when noet is set. I find it much easier to read code with
ts=4 and I dislike having to override the modeline by hand.
Command run:
find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} +
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
We only care that packages are being installed from a repo, not how
many.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Packages can be removed during a sync transaction either directly or
due to conflicts and need to be sorted.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Detecting indirect dependencies by traversing a package's entire
dependency tree is prohibitively slow for larger transactions. Instead
add local packages to the dependency graph. This additionally requires
delaying dependency ordering for sync operations so that removed
packages may be excluded from dependency detection.
tests/sync012.py was also updated to ensure that the dependency cycle
was actually detected.
Fixes FS#37380
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
On 32bit systems, the progress bar intergrity checking can show values
greater than 100% with large transactions. This is due to the total
size of all package files being greater than a size_t. Use uint64_t
for these sizes.
Fixes FS#36608
Signed-off-by: Allan McRae <allan@archlinux.org>
If any package in a sync transaction is missing a required signature,
we give an uninformative error message (which may or may not state that
the missing signature is the issue). Always output the package with
the missing signature.
Signed-off-by: Allan McRae <allan@archlinux.org>
This defines a level of interest a user has in a repository. These are
described by the bitmask flags in the alpm_db_usage_t enum:
ALPM_DB_USAGE_SEARCH: repo is valid for searching
ALPM_DB_USAGE_INSTALL: repo is valid for installs (e.g. -S pkg)
ALPM_DB_USAGE_UPGRADE: repo is valid for sysupgrades
ALPM_DB_USAGE_ALL: all of the above are valid
Explicitly listing the contents of a repo will always be valid, and the
repo will always be refreshed appropriately on sync operations.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This also rearranges some code to ensure that declarations and code
aren't mixed.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Since 882bff36 literals would be searched before replacers, resulting in a
package being replaced by another not actually being replaced under certain
conditions (e.g. they're both in the same repo).
This change effectively reversed the expectations in test sync132. This patch
switches the order back to replacers first, thus making sure if a package is
replacing another one, the change will always happen, even if both are in the
same repo.
Note that a package replacing another one in a repo with higher priority will
not be done, see FS#11737 and test sync1105
Signed-off-by: Olivier Brunel <i.am.jack.mail@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
During a sysupgrade, if a package is replaced by another, and an update for the
former package is found (on another repo) the replaced package would be
re-installed.
Signed-off-by: Olivier Brunel <i.am.jack.mail@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Pacman currently bails when trying to extract a file over a directory
when using --force. Instead of ignoring all conflict, perform the
check and skip any file-file conflicts. Conflicts between directories
and files are still flagged and cause the transation to abort.
As a bonus, we now know about files changing packages when using
--force, so we can skip removing them fixing upgrade046.
Signed-off-by: Allan McRae <allan@archlinux.org>
Now that the keyring is checked for all needed keys before the
validation, we can not reach a point of a missing key when doing
validity checks for sync operations.
Signed-off-by: Allan McRae <allan@archlinux.org>
Keys used to create signatures are checked for presence in the keyring
before package validation is performed.
Signed-off-by: Allan McRae <allan@archlinux.org>
Conflicts:
lib/libalpm/alpm.h
Signed-off-by: Allan McRae <allan@archlinux.org>
I suspect that eventually we're going to end up returning a pointer to
an allocated struct to describe the download result, but that's for
another patch when the need arises...
Fixes FS#33508.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Travis Burtrum