summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2015-07-20pacman/files.c: fix memory leak on regex errorAllan McRae1-0/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20ensure matching database and package versionLevente Polyak1-0/+18
While loading each package ensure that the internal version matches the expected database version to avoid the possibility to circumvent the version check. This issue can be used by an attacker to trick the software into installing an older version. The behavior can be exploited by a man-in-the-middle attack through specially crafted database tarball containing a higher version, yet actually delivering an older and vulnerable version, which was previously shipped. Signed-off-by: Levente Polyak <anthraxx@archlinux.org> Signed-off-by: Remi Gacogne <rgacogne@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20dont remove x bit when marking pkgdir RODave Reisner1-1/+1
f170a94c137d355 potentially causes $pkgdirbase/$pkg to be undeleteable with -R or -C if a previous build was interrupted. We simply can't traverse to this directory, and rm blows up. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20libmakepkg: lint_package requires cd_safeAllan McRae1-0/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15Handle repo/pkg style arguments to sync repo file listingAllan McRae1-2/+25
Passing "-Fl pkg" will print the filelist for the first occurance of "pkg" in the sync repos. Other version of the package can be printed using "-Fl repo/pkg". Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15Add regex search option to sync database file searchingAllan McRae3-8/+35
e.g. pacman -Fsx kcm.*print.*\.so Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15Implement searching for a file in the sync databasesAllan McRae1-1/+63
Locates all packages that contain the listed file e.g. pacman -Fs libpng.so Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15Implement listing files from sync packagesAllan McRae1-2/+36
Does the equivalent of the -Ql option for local packages e.g. pacman -Fl glibc Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15Implement locating file owner in sync files databaseAllan McRae1-1/+53
Equivalent to -Qo but for packages in the sync database e.g. pacman -Fo /usr/bin/pacman Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15Prototype pacman files database operationsAllan McRae7-2/+158
Add the -F/--files operations, -s/--sync support and nd provide dummy functions for -s/--search, -l/-list and -o/--owns. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15pacman: move database syncing to util.cAllan McRae3-32/+33
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15Add pacman support for .files databasesAllan McRae2-3/+7
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15Read file lists from databasesAllan McRae1-2/+36
If a sync database contains a "files" file, the file list will be read. Currently, there is no known demand for the file list to be lazy loaded by any libalpm frontend, so these files are read whenever present. Lazy loading can be implemented when a demand exists. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15Allow frontends to specify the sync database extensionAllan McRae6-8/+44
This allows frontends to select between the .db and .files databases currently supplied by repo-add or any other compatible database. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-14Fix formatting in parsearg_upgradeAllan McRae1-4/+12
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-14Simplify sync_cleandbAllan McRae1-33/+12
1) Remove checks for removing pre-tardb files 2) Remove the long redundant keep_used parameter 3) Fix pacman error due to removing .sig file along with database Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-14Do not warn about packages that optionally require a removal when ignoring depsAllan McRae1-1/+3
If a transaction is removing a package while ignoring all dependencies, there should not be any warning about other packages optionally requiring it. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-12Do not warn about downgrades when only downloading packageAllan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-12Fix overflow warningsAndrew Gregory2-6/+5
Fix new warnings generated by gcc-5 about potential overflows. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-06-20Match providers when showing optdep install statusLukas Fleischer2-2/+4
Use alpm_find_satisfier() instead of alpm_db_get_pkg() when retrieving the install status of a package to make sure we spot providers as well. Fixes FS#36412 Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-06-20repo-add: Reject armored signaturesJohannes Löthberg1-0/+4
Pacman cannot handle armored signatures, so make repo-add error out if one is detected. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-06-20makepkg: Add flag for printing SRCINFO to stdoutJohannes Löthberg2-1/+11
This commit adds a makepkg option to generate and print the SRCINFO file for a PKGBUILD, required by the new AUR, to stdout. AUR 4.0 will use Git instead of source tarballs for uploading packages, so making makepkg capable of printing the SRCINFO would simplify package management, instead of having to extract it from a source tarball. It is also useful for scripting other things, so that instead of having to parse PKGBUILDs, one can make makepkg generate the SRCINFO and then you can parse that instead, which is much simpler and less error-prone. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-06-20repo-add: Generate unarmored DB signatureJohannes Löthberg1-1/+1
Pacman cannot handle armored signatures, so use gpg's --no-armor flag to force an unarmored signature. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-06-20util.c: table_display: Fix incorrect docstringJohannes Löthberg1-1/+0
Commit 7b8f8753 removed the title parameter but forgot to remove it from the docstring. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-06-20makepkg-template.1: Clarify which file version-less markers useWieland Hoffmann1-2/+2
The old text could be interpreted such that makepkg-template compares the version numbers of the templates to find the most recent one. Rephrase this to make it explicit that "$template_name.template" is used. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2015-05-19libmakepkg: extract functions for source download and extractionAllan McRae11-524/+749
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: extract functions for handling source URLsAllan McRae5-120/+148
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: fix test styleAllan McRae2-2/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: move more functions for extracting information from PKGBIULDsAllan McRae2-46/+46
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: extract more utility functionsAllan McRae2-31/+31
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-16libmakepkg: extract get_full_version and get_pkg_archAllan McRae2-35/+35
These functions group in with other functions that extract PKGBUILD information. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-16Simplify libmakepkg .gitignoreAllan McRae1-11/+2
2015-05-16makepkg: put further restrictions on pkgbaseAllan McRae2-2/+13
pkgbase should be subject to the same restrictions as pkgname Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-16makepkg: merge validate_pkgver into check_pkgverAllan McRae2-9/+5
The check that pkgver is non-empty done in check_pkgver should also be performed after running the pkgver() function. Merge validate_pkgver into check_pkgver and run check_pkgver after updating pkgver. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-16libmakepkg: extract PKGBUILD linting functionsAllan McRae21-333/+874
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-16libmakepkg: extract in_arrayAllan McRae4-16/+41
2015-05-16libmakepkg: move functions for extracting pkgbuild attributesAllan McRae3-106/+130
Also rename some functions for clarity: funcgrep -> grep_function extract_global_var -> extract_global_variable extract_function_var -> extract_function_variable pkgbuild_get_attribute -> get_pkgbuild_attribute Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12libalpm: Do a sanity check before manipulating final DB URLDavid Macek1-4/+11
The change in commit 9d96bed9d6b57 causes download errors for the .db.sig file in case the final URL for the .db file contains query strings or other unexpected stuff. This commit isn't intended to be a total solution, but it should eliminate the problem in the most obvious cases. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12Fix comment in alpm_db_updateDavid Macek1-1/+1
Fix comment to better explain the magic constant used when allocating a buffer for ".db.sig" URL. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12libmakepkg: fix test bracket styleAllan McRae14-14/+14
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12alpm_logaction: implement documented return valueAndrew Gregory1-8/+16
"return 0 on success, -1 on error (pm_errno is set accordingly)" Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12alpm_logaction: allow falling back to syslogAndrew Gregory1-1/+1
Even if opening the log file fails, if a user has enabled syslog we may still be able to log to that. Set the error return value and continue instead of bailing out. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12alpm_logaction: check logfile before openingAndrew Gregory1-1/+1
valgrind does not like calling open(NULL, ...). This also makes the return value 0 if logfile has not been set. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12merge _alpm_logaction into alpm_logactionAndrew Gregory3-54/+29
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12makepkg: Empty/create only $pkgdir's relevant to current PKGBUILDDavid Macek1-2/+5
Currently makepkg clears the whole $pkgbasedir which is needless. Moreover, in the obscure case of multiple makepkg runs (with different $pkgname) that share a $pkgdirbase, only $pkgdir's from the last run will remain. Since I consider the contents of $pkgdir an important artifact, this commit restricts the deletion to individual $pkgdir's. When CLEANUP is set, the behavior is unchanged. Discussed in: https://lists.archlinux.org/pipermail/pacman-dev/2015-February/019939.html Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12Fix compilation if libarchive headers are not in standard locationCharles Duffy2-2/+4
With commit 097d5a478b32, including alpm.h also drags in archive.h. Ensure the tools we build that depend on ALPM also include the necessary flags to find libarchive headers if they are not installed in a standard location. [Dan: Add commit message] Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12makepkg-template: support multiple --template-dirsDominik Fischer14-21/+80
Especially when maintaining local templates in addition to the ones stored in /usr/share/makepkg-template, it can be useful to include templates stored in multiple different locations into one PKGBUILD. This patch makes this possible by allowing --template-dir to be specified multiple times. This also introduces a dedicated error message when a template cannot be found, in contrast to the already existing "Couldn't detect version for template '%s'". If a template of the same name is present in more than one of the given directories, the last one always takes precedence. Neither the default behaviour without the option given, nor the handling of a single template dir is changed. Signed-off-by: Dominik Fischer <d.f.fischer@web.de> Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12pacsort: fix warning about signed overflow potential during comparison.Andrew Gregory1-1/+1
Some crazy person assumed we would have fewer than INT_MAX columns. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12Silence warning from clangAllan McRae1-1/+1
clang is wrong - dbfile is always used initialized in that function. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12Pluralize callback stringAllan McRae1-2/+3
In English, this string only has it plural form. However, we need to use the pluralized translation as some languages can have multiple plural formats. Signed-off-by: Allan McRae <allan@archlinux.org>