summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2016-09-25Change type of count in be_syncRikard Falkeborn1-4/+4
Making it size_t matches the return value of alpm_list_count() and avoids the implicit cast to int. Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-25Return boolean from db_populateRikard Falkeborn2-3/+4
Since the number of packages is not used anywhere, just return a boolean to avoid the implicit cast from size_t to int in be_local.c. Use 0 as success to be consistent with db_validate. Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-20Fix gcc strict-overflow errorRikard Falkeborn1-3/+3
Recent gcc (tested with 6.2.1) produces the following error when compiling with both --enable-warningflags and --enable-debug. In particular, it seems it is the combination of GCC_STACK_PROTECT_LIB and -Wstrict-overflow=5 produces the error. be_local.c:609:4: error: assuming signed overflow does not occur when simplifying conditional [-Werror=strict-overflow] if(count > 0) { Fix this by changing the type of count from int to size_t, which is fine since count is never negative. Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-09repo-add: fix error in directories with a space in their nameFabio Castell1-1/+1
Fixes FS#50285 Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-09lib/libalpm/be_sync.c: Close memory leaks when mallocing while out of memoryIvy Foster1-4/+14
Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-03bash-completion: fix leaking "files" array into shell environmentEli Schwartz1-1/+1
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-03Fix memory leak in remove_notify_needed_optdependsAllan McRae3-0/+17
Also add pactest which captures this leak when run under valgrind. Reported-by: Sergey Petrenko Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-02Fix typo in pacman-db-upgrade usage messageAllan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-31Remove AC_FUNC_MALLOC check.Alastair Hughes1-1/+0
We weren't supplying the rpl_malloc function needed if this failed, and didn't check for realloc, so just remove. Signed-off-by: Alastair Hughes <hobbitalastair@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-31Replace CURLOPT_PROGRESSFUNCTION with CURLOPT_XFERINFOFUNCTIONIvy Foster2-11/+11
Curl 7.32.0 added CURLOPT_XFERINFOFUNCTION, which deprecates CURLOPT_PROGRESSFUNCTION and means less casting doubles to size_ts for alpm. This change has no user-facing nor frontend-facing effects. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30pacman.8: fix typo in the documentation of --asexplicitLukas Fleischer1-1/+1
Add a space between the option and its argument. Also, do not enclose the argument in asterisk characters. Fixes a typo introduced in aa4c61f (Document database checking options, 2014-12-28). Reported-by: Luca Weiss <luca.emanuel.weiss@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Document contrib/verify-pacman-repo-db.plmasterFlorian Pritz3-1/+65
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-08-30contrib: Add documentation MakefileFlorian Pritz5-0/+63
Makefile.am is mostly copied from ./doc/Makefile.am Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-08-30contrib: Add verify-pacman-repo-db.plFlorian Pritz1-0/+259
From the documentation: verify-pacman-repo-db looks at a pacman repo database and verifies its content with the actual package files. The database is expected to be in the same directory as the packages (or symlinks to the packages). The following properties are verified for each package in the database: - existence of the package file - file size - MD5 and SHA256 checksum (--checksum) Signed-off-by: Florian Pritz <bluewind@xinu.at>
2016-08-30Fix file name in scripts potfileAllan McRae1-5/+5
2016-08-30Merge Giolio Fidente into "Pacman Development Team" contributionGiulio Fidente1-1/+0
As discussed on mailing list: https://lists.archlinux.org/pipermail/pacman-dev/2016-July/021239.html Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Normalize alpm download callback's frontend cb argumentsIvy Foster2-14/+27
When curl calls alpm's dlcb, alpm calls the frontend's cb with the following (dlsize, totalsize) arguments: 0, -1: initialize 0, 0: no change since last call x {x>0, x<y}, y {y>0}: data downloaded, total size known x {x>0}, x: download finished If total size is not known, do not call frontend cb (no change to original behavior); alpm's callback shouldn't be called if there is a download error. See agregory's original spec here: https://wiki.archlinux.org/index.php/User:Apg#download_callback Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30libmakepkg: look for architecture-specific hashes in get_integlistJack O'Connor1-0/+11
`makepkg -g` looks for existing checksums in the PKGBUILD file, so that it can generate new sums of the same type. Previously it only checked variables of the form "sha256sums", and not "sha256sums_x86_64". That meant it would always fall back to MD5 for packages with only architecture-specific sources. This change makes it look at architecture-specific checksums too to determine the type. Signed-off-by: Jack O'Connor <oconnor663@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Add newline to the end of error messages for signature format issuesAllan McRae1-6/+6
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30configure.ac: Fix handling --with-libcurlOlivier Brunel1-2/+2
It was reported being --with-libcurl in the help (and the check for libcurl being installed used $with_libcurl accordingly), but the option handling was set using $with_curl and, therefore, expected option --with-curl. In the end, --with-libcurl wasn't recognized, and --with-curl had no effect. Signed-off-by: Olivier Brunel <jjk@jjacky.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30hook.c: replace fstatat with statAndrew Gregory1-1/+1
macOS < 10.10 do not provide fstatat. We were constructing the full path to the hook file for all other operations anyway, so there was no real benefit to using fstatat. Fixes FS#49771 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30hook.c: replace readdir_r with readdirAndrew Gregory1-14/+12
glibc 2.24 deprecates readdir_r. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Handle all POSIX compliant systems in mbscasecmp.Tobias Stoeckmann1-3/+5
The width of wchar_t is allowed to be of the same width as long, according to standards. The return type of mbscasecmp is int though. On amd64 with a 32 bit int, this means that mbscasecmp can return zero (indicating that strings are equal) even though the input strings differ. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Reject files larger than 16384 bytes in read_sigfile.Tobias Stoeckmann1-5/+9
If signature files are larger than SIZE_MAX, not enough memory could be allocated for this file. The script repo-add rejects files which are larger than 16384 bytes, therefore handle these as errors here, too. While at it, I also rearranged the code to avoid a quite harmless TOCTOU race condition between stat() and fopen(). Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Release resources on error paths.Tobias Stoeckmann4-6/+24
Some resources (memory or file descriptors) are not released on all error paths. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30pacman-key: reject armored signaturesAllan McRae1-0/+4
pacman expects an unarmored signature. makepkg forces the generation of unarmored signatures, and repo-add will reject any armored signature. For consistency pacman-key should also reject armored signatures. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Always use proper error code in alpm_initialize.Tobias Stoeckmann1-6/+7
In out of memory conditions, an undefined error value is written into *err, because myerr is never explicitly set in these cases. I have also converted a calloc into a MALLOC call, because the memory will be properly filled by the snprintf call right after it. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Remove obsolete TODOAllan McRae1-1/+0
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30recursedeps: include cyclic dependenciesAndrew Gregory3-52/+94
Cyclic dependencies (A depends on B, B depends on A) were not selected because neither package could be removed individually, so can_remove_package would always return false for both. By preselecting all dependencies then filtering back out any dependencies still required by any packages that will not be uninstalled, groups of unneeded cyclic dependencies can be found. Fixes FS#41031 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Turn off colours once finished using themAllan McRae2-4/+5
The colour of the package version could leak onto the next line in both -Qo and -Fo. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18pacman.8: add link to alpm-hooks(5) in see alsoChristian Hesse1-1/+2
Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18libalpm.3: add link to alpm-hooks(5) in see alsoChristian Hesse1-1/+2
Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18libmakepkg: extract functions for integrity checkingAshley Whetter10-429/+579
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18Use a more generic regexp when parsing output of gpg(1) in signature ↵Leonid Isaev1-1/+1
verification. The current way of extracting key trust from output of gpg --verify is not very robust against changes in the format of said output. As a result, pacman-key can return an error even if the signature is actuall good. This change relaxes the regexp when parsing output of gpg. Signed-off-by: Leonid Isaev <leonid.isaev@jila.colorado.edu> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18makepkg: ignore the architecture for --printsrcinfoAlastair Hughes1-1/+1
Signed-off-by: Alastair Hughes <hobbitalastair@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18Report local file URL for -Sp operations if package is in cacheAllan McRae1-3/+24
When using "pacman -Sp" operation to get URLs of packages to download, it is useful to know which packages are already in the file cache and do not need downloaded. Print packages in the cache with a file:// prefix. e.g $ pacman -Sp glibc file:///var/cache/pacman/glibc-2.23-1-x86_64.pkg.tar.xz Also use package locations in case statements rather than opersations. This allows the ALPM_PKG_SYNCDB to fall thorough to just printing the package name for weird serverless repo setups. Fixes FS#15868 Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18makepkg: move build enviroment set-up to functionAllan McRae1-36/+43
This is a requirement to split the preparation of the build environment into libmakepkg, which will allow dropping in extensions (e.g. to allow PGO). After this patch, disabling buildflags or makeflags and enabling debug CFLAGS will only effect the build(), check() and package() functions. The relevant variables are no longer exported for the prepare() function. This should have zero impact for the prepare() function of a properly written PKGBUILD, as no building/linking is done there... Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05Avoid logical OR duplication warning from gcc-6Allan McRae1-2/+12
The value EAGAIN is allowed by POSIX to be the same as EWOULDBLOCK, but this is not guaranteed. Thus on some systems (e.g. glibc Linux), we get a warning that the logical OR is being performed on two expressions of the same type. We can not get rid of this test in case any system defines these as unique values. Suggested-by: Dave Reisner Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05Add -m/--nocolor options to updpkgsumsAshley Whetter1-7/+16
Fixes FS#43346 Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05pacsort help clearly states that files contain inputs to be sortedAshley Whetter1-1/+4
Fixes FS#44121 Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05Prevent wrapping of enum itemsAllan McRae2-2/+2
GCC-6 points out that the value we use for the sentinal in enums is actually too large for the integer type. Reduce the bitshift by one to fix this. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05fix spelling mistakesEric Engestrom5-7/+7
Signed-off-by: Eric Engestrom <eric@engestrom.ch> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05Add colour to the output of the "-{F, Q}o" operations.Xavion2-4/+7
Matching output for -s operations, the repository is coloured 'magenta', the package name is 'bold', and the version is outputted in 'green'. Signed-off-by: Xavion <Xavion (dot) 0 (at) Gmail (dot) com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05Add colour to group selection dialogXavion2-4/+6
Colour the group name in 'blue' and the repository names in 'magenta'. Signed-off-by: Xavion <Xavion (dot) 0 (at) Gmail (dot) com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05Handle provides with -QAllan McRae1-0/+3
It is useful to be able to use "pacman -Qi" on any dependency, even if that dependency is a provide. For example, on Arch Linux systems, "sh" is provided by the "bash" package, and many packages depend on "sh". Querying the package that provides the "sh" dependency currently requires first searching for "sh". This patch allows the use of "pacman -Qi" on a provide. Fixes FS#20650. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05pacman_query: move error messages into relevant if statementsAllan McRae1-16/+16
This ensures any additions to these test do not have to rely on the correct error condition being set by libalpm. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05pacman.8: add actual operation to captions for easy searchingChristian Hesse1-12/+11
I caught myself searching for operations when in need for an option. However this made me find transaction and update options only. So add the actual operations to captions for easy searching. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05Remove notification of system upgrade when only printing URLsAllan McRae1-3/+5
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05Print replacements when using -SupAllan McRae3-4/+23
When printing a list of URLs of packages to be updated, pacman was ignoring any replacements that would be made in the update process. Fixes FS#35812 Signed-off-by: Allan McRae <allan@archlinux.org>
2016-03-28Changed documentation to use 'the default' instead of 'a typical default'Alastair Hughes2-11/+11
Signed-off-by: Allan McRae <allan@archlinux.org>