Age | Commit message (Collapse) | Author | Files | Lines |
|
RFC 4880 defines two packet formats for OpenPGP. Pacman aborted its key
in keyring check with an error message if it encountered the new format.
This was fine until some annoying Arch Trusted User generated a key
using the new format!
Implement the new format. This also required parsing the hashed sub
packets. requiring the parsing code to moved to its own function.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Commit 8bec63bf92d8dd028aa88dbd5109c314cdb9ebea attempted to switch to
using -fdebug-prefix-map to set file locations in debug packages. It
make a few mistakes...
1) Adding debug C{,XX}FLAGS only worked if DBGSRCDIR was defined in
makepkg.conf. Fix this by falling back to the default value.
2) Using -fdebug-prefix-map altered a lot of assumptions about file
locations when copying source files into debug packages. This resulted
in lots of messages of failed cp in packaging output.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
If rehash ever failed with a full hash it would return the old hash
that is already full. get_hash_position would then loop forever
because it would never find an empty bucket.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
If you manage to download a bad database (e.g. an html file when
behind a proxy or with a badly configured webserver), pacman makes
sure you know about it. Here is some example output:
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format
I don't know how many times that gets printed because it goes beyond my scrollback
buffer.
Flag a database that we can "open" and "fstat" but not read from as invalid to avoid
this.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Passing an empty string to pacman -Qo results in:
error: No package owns <first directory in $PATH>
Catch empty strings and report an error.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
6cfc4757b98e813428d261dbc185e20618ca83a6 was overzealous in attempting
to optimize away a call to strcmp based on a comparison of hashes. The
call can be skipped if the hashes are different, but different strings
could have the same hash.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
I think two ways to ask for this are enough for everyone, and we have
never documented this anyway.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Frontends rely on an initialization call for setup between downloads.
Checking for intialization after checking for a completed download can
skip initialization in cases where files are small enough to be
downloaded all at once (FS#56408). Relying on previous download size
can result in multiple initializations if there are multiple
non-transfer events prior to the download starting (fS#56468).
Introduce a new cb_initialized variable to the payload struct and use it
to ensure that the callback is initialized exactly once prior to any
actual events.
Fixes FS#56408, FS#56468
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In eaa82b4d0775252856a4e54a6f2a9ea191cf0b8f source_has_signature() was
modified to check if git repositories are marked as signed. However, due
to a typo the unused variable $netfile was checked. This worked as long
as the last source element was marked as signed, due to $netfile being
mistakenly set as a global in check_vcs_software(), but usually failed
with multiple sources.
Break this more consistently by properly declaring $netfile as a local
variable in check_vcs_software() which it should be regardless. Fix it
again by completely moving over to $netfile in source_has_signature()
as netfile is more descriptive of the current state.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In 42e7020281d3ae260e1e9693495f527b7f476625 creating the gpg statusfile
for a source file was split into a separate function, which used the
return code to indicate unsigned files and proto-specific errors.
However, the fallback return code was set by the final gpg invocation,
which would be 1 if the signature was somehow broken (for example, the
key was not available in the gpg keyring). As a result makepkg thought
that file did not have a signature and skipped over it rather than
erroring out.
Fix this by explicitly setting the return code for all
verify_*_signature() functions.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit 8b0d59b83a60eb504567590346119fe4cd891cad support was added for
storing the source files of binaries in debug packages. This made use of
the debugedit program which is part of the RPM package manager, which is
not very standalone.
The same effect can be achieved using -fdebug-prefix-map, an option
accepted by both the gcc and clang compilers which modifies how the
compiler itself stores the references to the source files rather than
requiring us to later edit the produced binaries. This also removes the
dependency on external programs like debugedit.
As a result of this change, source files will only be effectively added
for programs which actually use the exported CFLAGS. This is a reasonable
tradeoff as we expect our CFLAGS to be used rather than ignored. Upstream
software which do not produce useful debug packages are expected to fix
their build systems to respect the environment CFLAGS.
As a result of this change, the routine for extracting source filenames
from binaries had to be modified to derive the source file from the
final debug location, rather than the other way around.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit 8b0d59b83a60eb504567590346119fe4cd891cad support was added for
storing the source files of binaries in debug packages. Allow the user
to specify where those source files should be stored via makepkg.conf
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This allows for more easily extending the list of allowed compression
methods, as it has to be modified in only one place.
Also allow the user to specify their own preferred command + options for
source packages in addition to compiled packages. Currently,
makepkg.conf(5) erroneously claims this is already possible.
|
|
Prior to commit aca153bfa6b1bcd828f0b35db453bb9fea6a08bf some .sh files
were not generated and simply included directly, and it was necessary to
explicitly iterate all ignored files to prevent git from ignoring the
directly-included files. However, now all .sh files are in fact
generated so it makes no sense to list each one separately in the
.gitignore file.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The extra variables on the commandline were inconsistently applied. They
should override anything else, instead, most were overridden by
environment variables with the exception of BUILDDIR (and this was not
sanity-checked to see if it had write permissions).
e.g. given the commandline:
`PKGDEST="$(pwd)"` BUILDDIR="$(pwd)" makepkg PKGDEST=/doesnt/exist BUILDDIR=/doesnt/exist`
We would incorrectly use the current working directory for PKGDEST.
Meanwhile, we checked the wrong directory for BUILDDIR, and later
errored when we tried to create $srcdir inside the non-writable
directory "/doesnt/exist".
In order to fix this, use the preferred bash builtin for saving variable
definitions, similar to how we restore traps etc. rather than tediously
redefining each one by hand, and restore this immediately after
makepkg.conf is sourced. Finally, the `make`-style commandline overrides
are applied.
Also canonicalize_path is applied only on the final paths we try to use.
While it is unlikely the value in makepkg.conf will be a relative path,
since we now properly respect commandline overrides, they should be
canonicalized as well.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This is a rewrite of Tobias Stoeckmann’s patch from June 2016[1] using
functions instead of macros. (Thanks to Tobias for explanations of his patch.)
A short question on Freenode IRC showed that macros are generally discouraged
and functions should be used.
The patch introduces a static size_t length_check() in libalpm/signing.c.
[1] Original patch:
https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html
CVE request (and assignment):
http://seclists.org/oss-sec/2016/q2/526
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The documentation for OPTIONS and BUILDENV listed some incorrect
defaults for undefined options. The defaults are implementation-defined
in the source code for makepkg itself (e.g. it depends whether we use
`check_option "opt" "y"` or `check_option "opt" "n"`) but were
erroneously declared to be "whatever we *define* in the default
makepkg.conf".
Fixes FS#55754
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
For your convenience, makepkg now has 16 distinct ways to fail.
Also closes FS#54204.
Signed-off-by: Ivy Foster <iff@escondida.tk>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The leading directory is distraction from identifying the files containing
build references.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Not all sed implementations on linux accept the --follow-symlinks
argument, so let the user configure the arguments passed to sed if
required.
Signed-off-by: Alastair Hughes <hobbitalastair@gmail.com>
[Allan: fixed configure summary output]
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
If SOURCE_DATE_EPOCH is set, `touch` all source files between the (optional)
prepare() and build() functions to unify the modification times. This works
around build systems and compilers that embed the file modification times
into the file contents of release artifacts.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
As per https://lists.archlinux.org/pipermail/arch-general/2017-July/043876.html
git doesn't check that the tag name matches what an annotated tag object
*thinks* it should be called. This is a bit of a theoretical attack and
some would argue that we should always use commits since upstream can
legitimately change a tag, but nevertheless this can result in a
downgrade attack if the git download transport was manipulated or the
upstream repository hacked.
So, check the tag blob to make sure the tag actually matches the name we
used for `git checkout`.
This really should be fixed in git itself, rather than forcing all
downstream users of git verify-tag to implement their own checks, but
the git developers disagree, see the discussion surrounding
https://public-inbox.org/git/xmqqk2hzldx8.fsf@gitster.mtv.corp.google.com/
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
- Add missing braces to one-line if blocks
- Move opening brace to line end
Signed-off-by: Michael Straube <straubem@gmx.de>
|
|
Add missing braces to some one-line if blocks.
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This is primarily to help users who are not aware that -F operations use
a separate set of databases that need to be separately downloaded.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This makes it possible to detect a failure in several alpm_list
functions. Previously these functions would continue after a failure,
returning partial results and potentially leaking memory.
Unfortunately, NULL is a valid return value for the affected functions
if the input list is empty, so they still do not have a dedicated error
value. Callers can at least detect an error by checking if the input
list was empty.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The .BUILDINFO file should retain all the information needed to reproducibly
build a package. Add some extra information to the file and also provide a
version number to keep track of future changes.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In write_pkginfo, we checked if $PACKAGER was undefined, and gave a default
value if not. Just do this upfront to simplify this function.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
There is little savings in only writing pkgbase when different to pkgname, and
it makes determining the pkgbase by parsing .PKGINFO slightly easier. Lets just
write it...
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Since 8a02abcf19, this attribute will never exist. Remove check to write it.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
There were a couple places where filenames beginning with "-" were not
properly guarded against by passing them after "--". Some PKGBUILD
authors are crazy, but we still take those into account.
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
contatenate -> concatenate
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This patch introduces the SOURCE_DATE_EPOCH environmental variable. All files
in a package are adjusted to have their modification dates set to the value
of SOURCE_DATE_EPOCH, which defaults to "date +%s".
Setting this variable allows a package that is built twice in the same
environment to be (potentially) reproducible in that the checksum of the
generated package file will be the same.
Also adjust the compression of the mtree file to avoid gzip embedding a
timestamp.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
This information is duplicated (in less friendly format) in the "builddate"
entry and removing it improves reproducible packaging.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
snprintf prints at most n bytes including the terminating '\0'. The
extra reserved byte was never being used.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
gcc7 issues a warning about a potential overflow if left unchecked.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Copying a string into a buffer that has just been determined to not be
able to hold it is obviously incorrect. The actual error handling
appears to have been unintentionally removed in
47762ab687959e48acc2de8592fcf3ba3cfa502b.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Prevents SIGSEGV if we catch SIGINT or SIGHUP before initializing alpm.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|