Check if we overwrote an exiting pacnew file before unlinking it.
Otherwise, updating to a version with an unchanged file would delete
existing pacnew files.
FS#47993
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Useful if there's some output (to know where it comes from), or in case of
failure.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
PATH_MAX is only defined in limits.h in musl libc, so ensure that it is
included. Presumably this is also required on other platforms.
Signed-off-by: Alastair Hughes <hobbitalastair@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
alpm_list_add always returns the provided list making it impossible for
callers to check whether or not the operation actually succeeded without
manually comparing the list length before and after. alpm_list_append
instead returns a pointer to the newly created list item so that success
can be checked.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The signedness of char is implementation defined. Since the
alpm_graph state is clearly meant to be signed, make the
signedness explicit.
This fixes bugs on systems where char is unsigned, in comparissons
of the following type:
if(v.state == -1)
which, if state is unsigned, will never be true due to integer
promotion rules.
Fixes failing test/pacman/tests/sync012.py when compiling with -funsigned-char.
Fixes two warnings [-Wtype-limits] for comparissons with -1 when compiling
with -funsigned-char.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The CheckSpace option checks the size of all files in a package being replaced
and gives a warning when it can not read the file. However, files in NoExtract
are expected to be missing and should not be warned about.
Fixes FS#47470.
Signed-off-by: Allan McRae <allan@archlinux.org>
There is no need to run any/remaining pre-transaction hooks as soon as a failure
has occured, which will lead to aborting the transaction.
So if an error occured during the first phase (reading directories/parsing
files), or as soon as a hook flagged abort_on_fail does fail, we stop processing
them and return.
(For post-transaction hooks, all hooks are run regardless since there's no
aborting.)
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The "Description" field allows a hook to provide a some text for frontends
to use in describing what the hook is doing. For example:
Description = updating info page directory
Signed-off-by: Allan McRae <allan@archlinux.org>
Introduces the ALPM_EVENT_HOOK_RUN_{START,DONE} events that are triggered
at the start and end of running an individual hook.
Signed-off-by: Allan McRae <allan@archlinux.org>
This provides a way to detect when the processing of package changes starts,
allowing pacman to delineate hook output and package installation/removal
output.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add events to let frontends know when hooks are being processed (and when it's
done), as that might be useful to update the UI.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Having a first pass that checks which hooks are triggered followed by a
second pass of the triggered hooks allows us to only provide output when
a hook is actually triggered.
Signed-off-by: Allan McRae <allan@archlinux.org>
Removes a leftover error message from when fdopen and fgets were used to
read from the pipe.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The path of the default system hook directory was created
by concatenating `myhandle->root` (usually "/"), and
SYSHOOKDIR (usually "/usr/share/libalpm/hooks/"), resulting
in "//usr/share/libalpm/hooks/". Fix this by skipping the
initial slash from SYSHOOKDIR.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signature downloading and DB validation was being based on the most
recent download status for the DB. If a DB successfully downloaded but
a signature did not, db_update would move to the next server. If the
next server tried does not have a more recent copy of the DB, db_update
would not download the DB again and would forget that the DB had
previously been updated. In this case it would skip validation
entirely, leaving an updated DB with the original validation status.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
alpm_unlock is a limited version of alpm_release that does nothing but
the actual unlinking of the lock file and is therefore safe to call from
signal handlers.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Returning -1 is useless since we don't provide any way
to determine why it failed.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
When replacing a file with a directory, any files inside the new
directory cannot possibly exist on the filesystem and can be skipped.
This allows cross-package symlink-to-directory transitions when there
are files with the same name under both the symlinked directory and the
new directory.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
libarchive will not extract a directory over an existing directory
symlink, making it impossible to replace a symlink with a directory
across packages. Adding the ARCHIVE_EXTRACT_UNLINK and
ARCHIVE_EXTRACT_SECURE_SYMLINKS causes libarchive to unlink the existing
symlink and prevents it from extracting any paths that contain
a symlink, which we should not be doing anyway.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Large file support is enabled by our configure script as required. If anything
linking to libalpm does not also define large file support, there will be
differences in the size of off_t which are not caught until runtime.
Add the required CFLAGS to the pkg-config file so that users of libalpm know
what flags are required.
Signed-off-by: Allan McRae <allan@archlinux.org>
If the script output does not end in a newline there could still be data
in the buffer after the poll loop.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
If given size 0 POSIX allows realloc to return a pointer that is not
suitable for use.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
If a hook path equals or exceeds PATH_MAX characters the path will be
left unterminated. Pre-calculating the path length also allows us to
use the more efficient memcpy over strncpy.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Also, use FREE() instead of free() in _alpm_backup_free()
to set the pointers to NULL.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This is necessary in order to be able to run PreTransaction hooks as
close to the actual commit as possible so that we don't prematurely run
hooks for a transaction that ultimately never happens.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
When a database and its signature is updated non-atomically on a server,
there is a window where a user may update the database but grab the old
signature. The database is marked as invalid by libalpm, which can be
fixed by forcing a refresh (assuming the server has caught up and the
user realizes what has happened) or with a future update of the repo.
Work around this by forcing a repository refresh whenever a database is
invalid.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
alpm_depend_t is an exposed data type. Front-ends may opt for alloc'ing
one and filling the fields manually, but alpm's _alpm_hash_sdbm is not
exposed, making it impossible for them to fill in the name_hash field.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
assumeinstalled options are used as provisions for which MOD_EQ and
MOD_ANY are the only meaningful settings.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Fixes a segfault when trying to remove an assumeinstalled
option without a version.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The "ko_KR" locale is the same as the "ko" locale. Remove the "ko_KR" variant
as it is incomplete and has been superseded by "ko" on transifex.
Signed-off-by: Allan McRae <allan@archlinux.org>
While loading each package ensure that the internal version matches the
expected database version to avoid the possibility to circumvent the
version check.
This issue can be used by an attacker to trick the software into
installing an older version. The behavior can be exploited by a
man-in-the-middle attack through specially crafted database tarball
containing a higher version, yet actually delivering an older and
vulnerable version, which was previously shipped.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
If a sync database contains a "files" file, the file list will be read.
Currently, there is no known demand for the file list to be lazy loaded by
any libalpm frontend, so these files are read whenever present. Lazy loading
can be implemented when a demand exists.
Signed-off-by: Allan McRae <allan@archlinux.org>