The value PM_PGP_VERIFY_UNKNOWN is reserved to error cases,
now that the signature verification level defaults to the
globally set level. The only error case is when handle == NULL,
which is false in the context of _alpm_sync_commit().
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This does touch a lot of things, and hopefully doesn't break things on
other platforms, but allows us to also clean up a bunch of crud that no
longer needs to be there.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is the standard, and we have had a few of these introduced lately
that should not be here.
Done with:
find -name '*.c' | xargs sed -i -e 's#if (#if(#g'
find -name '*.c' | xargs sed -i -e 's#while (#while(#g'
Signed-off-by: Dan McGee <dan@archlinux.org>
* add _alpm_db_get_sigverify_level
* add alpm_option_{get,set}_default_sigverify
And set the default verification level to OPTIONAL if not set otherwise.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This makes it absolutely dead easy to ensure off_t has the same length
in all compilation units. I just spent 2.5 hours bashing my head on an
issue related to this so damn it I'm fixing it for good.
Signed-off-by: Dan McGee <dan@archlinux.org>
Currently the only error case then when handle == NULL.
However several handle functions return -1 on this error,
and a uniform API makes things simpler.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
For a package to be loaded from any of our backends, these two fields
are always required upfront. Due to this fact, we don't need them to be
backend-specific operations and can just refer to the field directly.
Additionally, our static (and thus private) cache package accessors had
a NULL check on pkg before returning the relevant field. Eliminate this
since they only way they are ever called is via the packages attached
callback struct, which would have caused the NULL pointer dereference in
the first place.
Signed-off-by: Dan McGee <dan@archlinux.org>
So we only need one copy in the final library, not one copy per time
used. Ensure all necessary includes are in place (especially to get the
right size of off_t each time it is compiled) by including "config.h" in
the new graph.c.
One small adjustment here makes the graph_free code more robust- ensure
we don't have invalid pointers after each iteration by looking at the
parents and children and adjusting accordingly.
Signed-off-by: Dan McGee <dan@archlinux.org>
Ensure we only have one- this looks like the result of a bad merge from
old 2008 signing code with the current stuff which has changed quite a
bit.
Originally-seen-by: Rémy Oudompheng <remyoudompheng@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
The current state of the code does not allow to see immediately
that it returns a list of pmdepmissing_t structures.
Signed-off-by: Dan McGee <dan@archlinux.org>
Some systems, like FreeBSD might define both statfs
and statvfs: however if statvfs exists whereas getmntinfo()
uses a statfs struct, the current ifdefs would select the wrong
line of code.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
There is no reason to not support versions of libarchive that lack
ARCHIVE_COMPRESSION_UU. Distributions should work properly without
this.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
That's a funny one, building with optimization levels (with both gcc and
clang) caused open_mode to always be set to "ab", which worked.
This was spotted both with clang-analyzer, and by Jakob who reported a
segfault as he was using an un-optimized build.
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
So we don't segfault when calling this on be_sync loaded packages. They
return logical values as much as possible for indicating there is no
changelog available.
Signed-off-by: Dan McGee <dan@archlinux.org>
We didn't do this sanity check before trying to open an archive. If
the alpm dbpath wasn't set, the sync database dbpath would be NULL,
causing us to hang indefinitely in archive_read_open_filename() rather
than erroring out.
We already have a corresponding check in local_db_populate().
The following program will test this case, and hangs before this patch
without the call to set_dbpath:
int main(int argc, char *argv[]) {
alpm_initialize();
// alpm_option_set_dbpath("/var/lib/pacman/");
pmdb_t *core = alpm_db_register_sync("core");
pmpkg_t *pkg = alpm_db_get_pkg(core, "pacman");
return 0;
}
Signed-off-by: Dan McGee <dan@archlinux.org>
We had two functions that were oh so similar but slightly different. We
can combine them and add some conditional operation stuff to decide what
to return.
Signed-off-by: Dan McGee <dan@archlinux.org>
Many alpm_option_get/set_*() functions already check this
and set pm_errno to the right value, but not all, so
this improves consistency.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This greatly simplifies the cleanup fallthrough in our download function
and we'll be able to reuse this for signatures.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Based on the fact that localf always points to the same file, there's no
need to code in multiple fopen calls with varying results. Instead,
track the desired file open mode and make a single call to fopen.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Create a more general function that allows appending a suffix to a
filepath.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This lets us determine the real size of the file on disk so that we can
properly bump the progress bar when we're resuming a download.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This addresses FS#23424. The -dd backend code was introduced in commit
b6ec9019d7, and unfortunately the munged depend used for comparison did
not carry through to the eventual display of this version. To fix this,
we undo some of the depcmp_tolerant() business introduced, and instead
make a new pmdepend_t object if necessary when the no dependency version
flag is set. This results in the correct depend being copied to the
missing depend passed onto the frontend.
Signed-off-by: Dan McGee <dan@archlinux.org>
pacman 3.5.0 removed alpm_db_register_local, so calling
alpm_db_unregister_all leaves the front end in a position where there's
no local db, and no way to re-register it.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
After updating a database, remove the old signature to prevent it
being used in validation if the new signature fails to download.
Signed-off-by: Allan McRae <allan@archlinux.org>
If signature verification is needed, attempt to download a signature
file for a repo when it is updated. Return an error if unable to
download signature only when checking is mandatory, or if signature is
invalid.
TODO: At the moment the database signature is only checked on download.
Should we do anything with a database if it fails to be verified to prevent
its future usage?
Signed-off-by: Allan McRae <allan@archlinux.org>
Add a pmpgpsig_t struct to the database entry struct and functions for
the lazy loading of database signatures. Add a function for checking
database signatures, reusing (and generalizing) the code currently used
for checking package signatures.
TODO: The code for reading in signature files from the filesystem is
duplicated for local packages and database and needs refactoring.
Signed-off-by: Allan McRae <allan@archlinux.org>
Our curl callback does a whole lot of work for nothing if the front end
never defined a callback to receive the data we'd calculate for it.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
CURLINFO_HTTP_CODE is deprecated in favor of CURLINFO_RESPONSE_CODE.
Both yield the same values.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
The files we transfer are generally compressed already, so this just
adds unnecessary overhead.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Use a static variable to effectively track the initialization state of
the progress callback via the last byte amount reported as downloaded by
libcurl.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
* introduces new macro in util.h (DOUBLE_EQ) for properly comparing
floating point values
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move the (possibly still temporary) output generated during signature
checking into the --debug output.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Once we do this, add support for VerifySig to pactest. We just check if
the repo name contains Always, Never or Optional to determine the value
of VerifySig. The default is Never. pacman uses Always by default but
this is not suitable for pactest.
Original-work-by: shankar <jatheendra@gmail.com>
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
We pass in a db object, so no need to go looking for it in the list on
the handle. This is a remnant of when we passed in a treename, more than
likely.
Signed-off-by: Dan McGee <dan@archlinux.org>
This will serve as the home directory we pass to GPGME when making calls so
we can have a libalpm-utilized keyring.
Signed-off-by: Dan McGee <dan@archlinux.org>
If a .sig file sits side-by-side on the filesystem with a package archive,
read it in during the package struct creation process so we can verify it at
a later time if necessary.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Add a new field to the package struct to hold PGP information and
instruct db_read to pick it up from the database. It is currently unused
internally but this is the first step.
Due to the fact that we store the PGP sig as binary data, we need to store
both the data and the length so we have a small utility struct to assist us.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
We will need these for GPG functionality (decoding the base64 encoded
signature stored in the databases).
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Implements FS#23103. Also modify libalpm so it ignores this value
without any warning as we know it is likely to exist.
Signed-off-by: Dan McGee <dan@archlinux.org>
Wrap lines of long length, noticed while creating and messing around
with some of the other maint branch patches.
Signed-off-by: Dan McGee <dan@archlinux.org>
Noticed with the openoffice/libreoffice replacement scheme where many
packages are listed as replacements to one package, thus electing it for
removal multiple times. Ensure a given package is not already present
before placing it in the removal list.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a rather serious data corruption issue that luckily manifested
itself today in a noticable way. A package in testing had replaces
entries read in as ["%RE pkgname", "%RE"] which was clearly wrong. This
happens when we hit the end of an archive block, do not have a newline,
and have to continue reading from the next block to complete the line.
Signed-off-by: Dan McGee <dan@archlinux.org>
Drawing progress bars before calling curl_easy_perform() is needless as
the curl progress callback is called with zero progress before actually
downloading the file anyways. Fixes display of "0%" progress bars when
sync'ing package databases that are already up to date.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
This was discussed and more or less agreed upon on the mailing list. A
huge checkin, but if we just do it and let people adjust the pain will
end soon enough. Rebasing should be relatively straighforward for anyone
that sees conflicts; just be sure you use the new return style if
possible.
The following semantic patch was used to do the change, along with some
hand-massaging in order to preserve parenthesis where appropriate:
The semantic match that finds this problem is as follows, although some
hand-massaging was done in order to keep parenthesis where appropriate:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression a;
@@
- return(a);
+ return a;
// </smpl>
A macros_file was also provided with the following content:
Additional steps taken, mainly for ASSERT() macros:
$ sed -i -e 's#return(NULL)#return NULL#' lib/libalpm/*.c
$ sed -i -e 's#return(-1)#return -1#' lib/libalpm/*.c
Signed-off-by: Dan McGee <dan@archlinux.org>
We erroniously dropped the call to _alpm_delta_parse() when macro-izing,
causing segfaults for repos that provide deltas. Addresses FS#23314.
Signed-off-by: Dan McGee <dan@archlinux.org>
Partially addresses the "why doesn't CheckSpace work in a chroot" issue.
We can't make it work, but we can at least detect when it won't work by
checking for a partition for our given installation root. If we can't
determine the mountpoint for this, bail out with an error.
Signed-off-by: Dan McGee <dan@archlinux.org>
this is just some debuggery to allow pacman to operate with both fetch
and curl at the same time. use the PACMANDL variable to control which
library is used.
Signed-off-by: Dave Reisner <d@falconindy.com>
This is a feature complete re-implementation of the fetch based internal
downloader, with a few improvements:
* support for SSL
* gzip and deflate compression on HTTP connections
* reuses a single connection over the entire session for lower resource
usage.
Signed-off-by: Dave Reisner <d@falconindy.com>
Add PM_ERR_LIBCURL to error enum and handle case in error.c by returning
curl_easy_strerror() based on the error number carried by the gloabl alpm
handle.
Signed-off-by: Dave Reisner <d@falconindy.com>
no actual code changes here. change preprocessor logic to include
get_tempfile, get_destfile, signal handler enum, and the interrupt
handler logic when either HAVE_LIBCURL or HAVE_LIBFETCH are defined.
Signed-off-by: Dave Reisner <d@falconindy.com>
Do this in preparation for implementing similar curl based
functionality. We want the ability to test these side by side.
Signed-off-by: Dave Reisner <d@falconindy.com>
Adding the CURLcode is necessary in order to return an error string from
pm_error. Unlike libfetch, curl returns numerical error numbers and does
not maintain a staticly allocated string with the last error generated.
Adding the curl object itself to the handle is advantageous (and
encouraged by curl_easy_perform(3)) because the handle is reusable for
successive operations. This cuts back on overhead when downloading
multiple files in a single transaction.
Signed-off-by: Dave Reisner <d@falconindy.com>
repo-add can add a "files" entry into the sync db. Currently we
do nothing with this file, so explicitly skip it to prevent
unknown database file warnings.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Our keywords were all screwed up in this regard. Fix it so our
ngettext() shortcut calls are actually recognized and respected.
Signed-off-by: Dan McGee <dan@archlinux.org>
Fixes FS#23090, a rather serious problem where the user was completely
unable to read the local database. Even if entry->d_type is available,
the given filesystem providing it may not fill the contents, in which
case we should fall back to a stat() as we did before. In this case, the
filesystem was XFS but there may be others.
Signed-off-by: Dan McGee <dan@archlinux.org>
A lot of these were places that should have used the same message but
didn't, or were very easy to convert to using the same message and
letting some of the burden off of the translators.
Signed-off-by: Dan McGee <dan@archlinux.org>
Ensure we have a local DB version that is up to par with what we expect
before we go down any road that might modify it. This should prevent
stupid mistakes with the 3.5.X upgrade and people not running
pacman-db-upgrade after the transaction as they will need to.
Signed-off-by: Dan McGee <dan@archlinux.org>
We only call these from the transaction init and teardown, so move them
to that file, mark them static, and push more of the logic of handle
manipulation into these functions.
Signed-off-by: Dan McGee <dan@archlinux.org>
According to FOPEN(3), using fclose on an fdopen'd file stream also
closes the underlying file descriptor. This happened in _alpm_lckmk
(util.c), which meant that when alpm_trans_release closed it again, the
log file (which reused the original file descriptor) was closed instead.
Signed-off-by: Jonathan Conder <jonno.conder@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
There's no API functions exposed which allow manipulation of this type,
so remove it from public view. Also, rename the public and private
alpm_db_get_pkgcache symbol to alpm_db_get_pkgcache_has.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows error messages emitted by the frontend to be a bit more
descriptive and not have the annoying "well why didn't you tell me that
the first time" problem. If a package had multiple missing deps, we
would bail on the first one before rather than finish processing all
missing dependencies, and only print one error message. Instead,
continue through this entire set of missing deps and append all eventual
errors.
The added pactest tests this case, as the to be installed package has
two missing dependencies. However, pactest does not actually test or see
the difference in output from before and after, so it passes in both
cases, but it is clearly visible in the logs.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is old code that has since gone stale; we no longer ever add
anything to this list so no need to keep it around and check the
contents during extraction.
Signed-off-by: Dan McGee <dan@archlinux.org>
* Make conflict_isin() static; it is used nowhere else.
* Remove does_conflict(): it turns out to be replaceable by a single call to
_alpm_depcmp(). By pushing it up, we can reduce calls to _alpm_splitdep()
from 60,368 to 16,940 during one test -Su operation I ran.
Signed-off-by: Dan McGee <dan@archlinux.org>
* Use stat() and not lstat(); we don't care for the size of the symlink if
it is one, we want the size of the reference file.
* FS#22896, fix local database estimation on platforms that don't abide by
the nlink assumption for number of children.
* Fix a missing newline on an error message.
Signed-off-by: Dan McGee <dan@archlinux.org>
Change _alpm_graph_new() to use CALLOC to avoid explicit zeroing out of fields
in pmgraph_t.
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Turn it into an enum rather than a boolean, and use a bitmask like we do for
reading DB entries. The relevant flag is turned on in our two calculate
loops, and anything reading the used flag later can decided which flag (or
either) is relevant.
This will allow the read-only partition code to be triggered on a
remove-only operation, e.g. if /boot was read-only and one tried to remove
grub in a sync transaction. Of course, right now, we don't actually run the
diskspace check code in the '-R' codepath.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a bit of a stopgap solution for the problem, but an easier one than
revamping the file conflict checking code to support the same stuff. Using
some more gross autoconf magic, figure out which struct field we need to
look at to determine read-only status and store that on our mountpoint
struct. If we find out we needed this partition after calculating size
requirements, then toss an error.
Signed-off-by: Dan McGee <dan@archlinux.org>
In the getmntinfo() section, the local variable mnt doesn't exist; this
would have caused a compile error if I had tested the code on such a
platform. Unify both codepaths to just run strlen() on the already copied
mount path instead.
Signed-off-by: Dan McGee <dan@archlinux.org>
In packages, our description file contains:
key = value is here
type entries, and we passed "key " and " value is here" to our strtrim
function, causing us to always memmove the value portion to remove the
space. Since this is a throwaway buffer, do the advancing on our own before
trimming to save the need to shift memory around; "value is here" will now
be passed and strtrim will be responsible for trailing whitespace.
Signed-off-by: Dan McGee <dan@archlinux.org>
We did this in some but not all cases, assuming the 0 value coming out of
libarchive would not be a problem. However, this does not work for "fake"
filesystems such as rpc_pipefs, which reports a free block and total block
count of zero.
Fix this by not ever counting symlinks or directories, and adding a note
explaining that if we someday do count directories, their size needs to be
attributed to the proper place.
This patch also includes a few cleanups/performance tweaks- avoid calling
strlen() on the mountpoint directory string as much by storing this size in
our mountpoint struct, and push the snprintf() call up to the calculate
functions since we were already doing it here in the remove case.
Signed-off-by: Dan McGee <dan@archlinux.org>