1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-14 21:35:02 -05:00
Commit Graph

4072 Commits

Author SHA1 Message Date
Dan McGee
f10aea73e4 docs/pacman.conf: Document SigLevel option
This adds docs for SigLevel, which can exist in both [options] and
[repository] sections. It also does a bit of reworking of the structure
of this manpage and adds a labeled list under the repo sections where we
didn't have one before.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-02 08:25:23 -04:00
Dan McGee
b03b06cfd3 Implement parsing of the new SigLevel directive
Add code to conf.c that parses the new SigLevel directive. An
overwhelming number of options are presented, but most users will still
be fine with the Never/Optional/Required trio. More advanced users can
combine these or any of the other options on a 'SigLevel = ' line, which
is parsed in a left-to-right fashion and flags turned on and off
accordingly. For example, all three of these will net the same config:

    SigLevel = Required PackageOptional
    SigLevel = Optional DatabaseRequired
    SigLevel = DatabaseRequired PackageOptional

Additionally, database-specific lines assume you wish to start with any
global default that has been set. For example, if any of the above lines
were in the [options] section, something such as:

    SigLevel = PackageRequired PackageAllowMarginal

Would continue to enforce required database signatures.

Inspiration-by: Kerrick Staley <mail@kerrickstaley.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-02 08:25:09 -04:00
Dave Reisner
6997a738bb paccache: add new contrib script
paccache is a robust and flexible package cache cleaner with a variety
of options. Much credit goes to DJ Mills and Pat Brisbin for ideas
behind this script.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
[Dan: add .gitignore entry]
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-02 08:24:06 -04:00
Allan McRae
c55cbfbd5f pacman-key: follow gpg options for listing keys
The current --list option outputed the keys and all their signatures
which can be overly verbose.  It also did not take a list of keys on
the command line to limit its output (although the code suggests that
was intended).

That patch brings consistency with gpg, providing --list-keys and
--list-sigs options that function equivalently to those provided by
gpg.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-02 08:20:42 -04:00
Dan McGee
cbaff216b3 Don't trim whitespace when reading database entries
We don't write with extra or unknown whitespace, so there is little
reason for us to trim it when reading either. This also fixes the
hopefully never encountered "paths that start or end with spaces" issue,
for which two pactests have been added. The tests also contain other
evil characters that we have encountered before and handle just fine,
but it doesn't hurt to ensure we don't break such support in the future.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-02 08:20:34 -04:00
Dan McGee
573260556d pactest: use subprocess module instead of os.system
This is more in line with standard Python practice, and makes keyboard
interrupts behave a lot more sanely. It also prevents the useless
spawning of a shell as well as simplifies the command building and
working directory stuff.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-02 08:20:27 -04:00
Dan McGee
66d9995711 Revamp signing checks
This ensures we are actually making correct use of the information gpgme
is returning to us. Marginal being allowed was obvious before, but
Unknown should deal with trust level, and not the presence or lack
thereof of a public key to validate the signature with.

Return status and validity information in two separate values so check
methods and the frontend can use them independently. For now, we treat
expired keys as valid, while expired signatures are invalid.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-28 18:46:52 -05:00
Dan McGee
aecd0740cf Tidy up testdb to match coding styles
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-28 15:01:39 -05:00
Dan McGee
a3def7ac87 Make free_groupcache() private
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-28 15:01:31 -05:00
Dan McGee
dffff9659b Merge remote-tracking branch 'dave/scripts-fixup' 2011-07-28 12:48:38 -05:00
Dave Reisner
e42d97b737 scripts/pkgdelta: exit properly on missing args
Removes usage of 'nounset' which, when combined with 'errexit' can cause
undesirable early exits.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-28 13:10:10 -04:00
Dave Reisner
e99b6a131e scripts/repo-add: show usage when no DB file specified
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-28 13:07:25 -04:00
Dan McGee
cd8747ba6d Unify modelines in Asciidoc files
This gets us close to using the same modeline in all files we run
through Asciidoc, as well as adding the spell and spelllang
declarations, just as we had in NEWS already.

The choice of 'en_us' is mainly for consistency and because the body of
work already uses these spellings.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-28 11:42:08 -05:00
Pang Yan Han
804e2505cf pacman-key: Add --import and --import-trustdb
Currently, pacman-key allows the user to import their keys using the --add
option. However, no similar functionality exists for importing ownertrust
values.

The --import-trustdb option takes a list of directories and imports ownertrust
values if the directories have a trustdb.gpg database.

The --import option takes a list of directories and imports keys from
pubring.gpg and ownertrust values from trustdb.gpg. Think of it as a combination
of --add and --import-trustdb

Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:53 -05:00
DJ Mills
c5d4c92ad4 pacman-key: change GPG_PACMAN and GPG_NOKEYRING to arrays
Allows the commands to safely handle any possible arguments

Signed-off-by: DJ Mills <danielmills1@gmail.com>
Allan: rebase patch
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:46 -05:00
Allan McRae
d9875c5e6c pacman-key: fix syntax error in -r arg parsing
Previous fix did not work...

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:37 -05:00
Allan McRae
49d9426b6a makepkg: refactor checking source integrity
Move the source integrity checking into its own function as the code
was duplicated and is now more complicated with the separation of the
two checks types.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:23 -05:00
Allan McRae
2b3405e01b makepkg: more control of skipping integrity checks
Allows the skipping of all integrity checks (checksum and PGP) or
either the checksum or PGP checks individually.

Original-patch-by: Wieland Hoffman <theminew@googlemail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:13 -05:00
Wieland Hoffmann
94f61c5b29 makepkg: Add support for verifying pgp signatures
Many projects provide signature files along with the source code
archives. It's good to check these, too, when verifying the integrity
of source code archives.
Not everybody is using gpg so the verification can be disabled with
--skippgpcheck.
Additionally, only a warning is displayed when the key that signed the
source file is unknown.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:06 -05:00
Dan McGee
9929a34a6d Remove duplicate code shared between sync and upgrade
Pacman did a great job of having almost (but not quite) duplicate code
paths through the sync and upgrade code. We can use the same logic in
both upgrade in sync once the targets are resolved, so extract a
function and delete a bunch of code.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:46:15 -05:00
Allan McRae
ccdb2fa800 makepkg: get package version with overrides
When epoch, pkgver and/or pkgrel were overridden in a split package
function, makepkg failed hard finding the real version for checking
if packages were already built or trying to install packages. Fix
the get_full_version function to deal with overrides and return the
actual package version.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:45:25 -05:00
Allan McRae
03447ce39c makepkg: allow epoch to be overridden
We can override pkgver and pkgrel so it is only logical to add epoch
to that list

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:45:18 -05:00
Allan McRae
a7940e7419 makepkg: check arch overrides for required architecture
Check any overrides of the "arch" variable contain the required
architecture.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:45:12 -05:00
Allan McRae
819f675004 makepkg: check overrides for pkgrel and pkgver
Enforce syntax checking for pkgrel and pkgver overrides in package
functions.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:45:06 -05:00
Allan McRae
00949db191 makepkg: pkgver and pkgrel can not have whitespace
There is always someone who tries to break things (cough *Dave* cough...)

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:44:59 -05:00
Dan McGee
06974ebf2f contrib/pacsearch: skip non-matching lines
This prevents some perl errors from popping up when pacman prints error
or warning messages.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:44:17 -05:00
Dave Reisner
98073afe55 pacman-key: refactor post parse opt check into a case
This is a cleaner expression of the same information.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21 15:05:52 -05:00
Dave Reisner
768d3589a3 pacman-key: s/UPDATEBD/UPDATEDB/
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21 15:05:39 -05:00
Dave Reisner
2bd1687f51 pacman-key: fix syntax error in -r arg parsing
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21 15:05:30 -05:00
Dave Reisner
9f500f684d pacman-key: return $ret, not errors
fixes: /usr/bin/pacman-key: line 286: return: errors: numeric argument required

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21 15:04:49 -05:00
Dan McGee
bb3dada871 Convert package filelists to an array instead of linked list
This accomplishes quite a few things with one rather invasive change.

1. Iteration is much more performant, due to a reduction in pointer
   chasing and linear item access.
2. Data structures are smaller- we no longer have the overhead of the
   linked list as the file struts are now laid out consecutively in
   memory.
3. Memory allocation has been massively reworked. Before, we would
   allocate three different pieces of memory per file item- the list
   struct, the file struct, and the copied filename. What this resulted
   in was massive fragmentation of memory when loading filelists since
   the memory allocator had to leave holes all over the place. The new
   situation here now removes the need for any list item allocation;
   allocates the file structs in contiguous memory (and reallocs as
   necessary), leaving only the strings as individually allocated. Tests
   using valgrind (massif) show some pretty significant memory
   reductions on the worst case `pacman -Ql > /dev/null` (366387 files
   on my machine):

   Before:
     Peak heap:   54,416,024 B
	 Useful heap: 36,840,692 B
	 Extra heap:  17,575,332 B

   After:
     Peak heap:   38,004,352 B
	 Useful heap: 28,101,347 B
	 Extra heap:   9,903,005 B

Several small helper methods have been introduced, including a list to
array conversion helper as well as a filelist merge sort that works
directly on arrays.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21 15:04:30 -05:00
Dan McGee
058ee17371 contrib: add paclog-pkglist to gitignore
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21 15:03:33 -05:00
Dan McGee
70d6fe6632 Clean up my debug logger mess
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-19 00:23:42 -05:00
Dan McGee
61410814c2 Merge remote-tracking branch 'allan/pacman-key' 2011-07-18 21:10:56 -05:00
Dan McGee
05f7c0280e Fix test suite when GPGME is disabled
As noted by Allan, we failed pretty hard if gpgme was compiled out. With
these changes, only sign001.py fails. This can/will be fixed later once
we beef up the test suite with more signing tests anyway.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-18 21:06:24 -05:00
Dave Reisner
f1d25ba2dd pacman/callback: show .sig suffix on sig download
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-18 21:01:12 -05:00
Pang Yan Han
333269482a pacman-key: --init: correct creation of gpg.conf
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Pang Yan Han
fa3aaa41e3 pacman-key: correct spelling mistake
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
7e5dea5d32 pacman-key: add dependency on parse_options to Makefile
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
31c9a521b4 pacman-key: check required permissions on keyring
Makes sure that the pacman keyring is readable and that the user
has permissions to create a lock file if lock-never is not specified
in the gpg.conf file.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
0c9e86bab1 pacman-key: add --init option
Add an --init option that ensures that the pacman keyring has all
the necessary files and they have the correct permissions for being
read as a user.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Dave Reisner
0be9e4a4cd pacman-key: tidy up logic for finding pacman keyring directory
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Dave Reisner
df7b390514 pacman-key: refactor get_from
This function had a variety of pitfalls, including the inability to
successfully find a key=value pair where no whitespace surrounded the
equals sign. Make it more robust by splitting the line on the equals
itself, and performing whitespace trimming on the resulting key/value
pair.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
0e85c4989b pacman-key: add --verify option
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
fec10d4a65 pacman-key: check only a single operation has been specified
Follow the example of gpg and only allow a single operation to be
specified each time.  Prevents having to deal with conflicting
variable names and potential issues due to the order in which the
operations are run.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00
Allan McRae
74f6d717a3 pacman-key: move verifying keyring files to own function
Also check all files before bailing on errors.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00
Allan McRae
74e5a494b0 pacman-key: move --edit-key and --receive processing to functions
This moves the processing of the --edit-key and --receive options
to functions, keeping the final option processing to be all single
line statements.

Also rework the --edit-key option to validate all input before
processing.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00
Allan McRae
7963c5d000 pacman-key: update man page
Update man page to reflect current options.  Also add a description
on how to manually interact with the pacman keyring with gpg.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00
Ivan Kanakarakis
e37adcd664 pacman-key: hide output of executed commands on logic checks
This commit correctly redirects to /dev/null the output of several
commands that get executed on logic checks.

Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00
Allan McRae
e458606ad2 pacman-key: rename --trust to --edit-key
This keeps the naming of the option more consistent with what is
actually being called by gpg.

Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00