summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-10-07pacman-key: make sure we actually use the Web of Trust, which GnuPG doesn't.Eli Schwartz1-0/+5
By default, the latest versions of GnuPG disable the Web of Trust and refuse to import signatures from public keyservers. This is to prevent denial of service attacks, because refusing to import signatures only if the key size is too big, is apparently too silly to consider. Either way, pacman needs the WoT. If pacman imports a key at all, it means everything failed and we are in fallback mode, trying to overcome a shortcoming in the availability of keys in the keyring package. (This commonly means the user needs to acquire a new key during the same transaction that updates archlinux-keyring.) In order for that new key to be usable, it *must* also import signatures from the Master Keys. I don't give credence to this supposed DoS, since the worst case scenario is nothing happening and needing to CTRL+C in order to exit the program. In the case of pacman, this is better than being unable to install anything at all (which is gnupg doing a much more harmful DoS to pacman), and in the already unusual case where something like --refresh-keys is being used directly instead of depending on the keyring package itself, gnupg supports WKD out of the box and will prefer that for people whose keys are marketed as being non-DOSable. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman-key: when refreshing gpg.conf, don't truncate option checkingEli Schwartz1-1/+1
If an option is a two-part option, we print both (separated by IFS=' '), but when grepping to see if it already exists, we only checked the first component. This means that something like keyserver-options could only check if there were existing keyserver options of any sort, but not which ones. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman/pacman-conf, testpkg: Added translatable stringsMatthew Sexton2-31/+42
Added gettext macro to warnings, helps, and errors for translation. Signed-off-by: Matthew Sexton <wsdmatty@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman: pacman-conf: removed hputs macro for usage displayMatthew Sexton1-13/+11
Using the macro got in the way of _() macro for translation All the macro did was make it so the writer didn't have to type \n", stream); at the end of every line. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07libalpm: resolvedep(): don't compare names twicemorganamilo1-1/+2
If we failed to get the pkg from pkgcache then we know no satisfying package exists by name. So only compare provides. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07makepkg: add rust support for *FLAGS and debug-prefix-mapEli Schwartz6-6/+19
The rust language supports $RUSTFLAGS to be used automatically in all rustc invocations. Allow setting this in makepkg.conf (e.g. for optimization or debuginfo support), and teach debug+strip to pass the rustc command line argument necessary to rewrite source file paths in the debugging symbols. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07signing: add ability to import keys using a WKDJonas Witschel1-13/+84
Currently pacman relies on the SKS keyserver network to fetch unknown PGP keys. These keyservers are vulnerable to signature spamming attacks, potentionally making it impossible to import the required keys. An alternative to keyservers is a so-called Web Key Directory (WKD), a well-known, trusted location on a server from where the keys can be fetched. This commit adds the ability to retrieve keys from a WKD. Due to the mentioned vulnerabilities, the WKD is tried first, falling back to the keyservers only if no appropriate key is found there. In contrast to keyservers, keys in a WKD are not looked up using their fingerprint, but by email address. Since the email address of the signing key is usually not included in the signature, we will use the packager email address to perform the lookup. Also see FS#63171. Signed-off-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07signing: move key import confirmation before key_searchJonas Witschel5-39/+60
Ask the user whether they want to import a missing key before even doing a search on the keyserver. This will be useful for getting Web Key Directory support in place: for a WKD, looking up and importing a key are a single action, so the current key_search -> QUESTION -> key_import workflow does not apply. Since only the ID of the package signing key is available before key_search, we display the packager variable in addition to the key ID for user convenience. Signed-off-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07dload: never return NULL from get_filenameDave Reisner1-2/+4
Downloads with a Content-Disposition header will typically not include slashes. When they do, we should most certainly only take the basename, but when they don't, we should treat the header value as the filename. Crash introduced in d197d8ab82cf when we started using get_filename in order to rightfully avoid an arbitrary file overwrite vulnerability. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04makepkg.conf.5: Document PACKAGER format requirementsAllan McRae1-0/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04libmakepkg: check if PACKAGER has the expected format for WKD lookupJonas Witschel1-0/+6
pacman should be able to extract an email address from PACKAGER for WKD lookup, so issue a warning if it is not of the form "Example Name <email@address.invalid>". Neither the name nor the email address must contain additional angle brackets. Signed-off-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04libmakepkg: fix typomorganamilo1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04autotools: distribute meson filesEli Schwartz10-2/+22
If we use make dist to create the official, signed release tarballs, those will not have meson build files by default since autotools doesn't know what they are. Also distribute all src/common/ files. We never strictly needed any of them to be distributed with autotools, because the dist tarball dereferences the symlinks (???), but only some of them were being distributed, and meson needs them to be in the right location as we only build libcommon from the primary files. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-12Prepare translations for next releaseAllan McRae124-33645/+33055
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-12pacman/callback: fix buffer over-readLászló Várady1-2/+2
Commit 11ab9aa9f5f0f3873df89c73e8715b82f485bd9b replaced a strcpy() call with memcpy(), without copying the terminating null character. Since fname is allocated with malloc(), subsequent strstr() calls will overrun the buffer's boundary. Signed-off-by: László Várady <laszlo.varady93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-12meson: remove tap-driver.py, use meson's TAP protocolDave Reisner4-642/+335
This includes a patch from Andrew to fix pactest's TAP output for subtests. Original TAP support in meson was added in 0.50, but 0.51 contains a bugfix that ensures the test still work with the --verbose flag passed to meson test, so let's depend on that.
2019-08-05makepkg: Ignore "<artificial>" source filesAustin Lund1-1/+1
An artificial symbol can be produced when requesting debugging symbols and the compiler has inlined a function. These symbols will give spurious results when listing source files for inclusion in debug packages. This will ignore these symbols and avoid an error that can be generated when creating a debug package. Signed-off-by: Austin Lund <austin.lund@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-05build-aux: detect build dir based on build.ninjaDave Reisner1-1/+1
.ninja.log is only present after building (successful or otherwise) the project, but build.ninja is output as soon as the build dir is setup. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-05meson: port over checks for types used from sys/types.hDave Reisner1-0/+15
These are defined by a POSIX standard, and we should assert that we have them, or define sane fallbacks (as per sys_types.h(0P)). Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-05meson: drop checks for things we don't useDave Reisner1-25/+0
This was ported over from the AC_CHECK_{FUNCS,HEADERS} lists in configure.ac, but I never actually checked if the resulting CPP defines are used. Turns out, lots of symbols, not a lot of define usage. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-05create coredump on segfaultAndrew Gregory1-6/+22
Overriding the segfault handler prevents the creation of core dumps by the default handler, which makes debugging segfaults difficult. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-05sighandler: block signals while handling SIGSEGVAndrew Gregory1-1/+1
If we get SIGSEGV we need to bail out quickly, leaving other signals unblocked could lead to other signal handlers getting triggered. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-28Correctly report a download failiure for 404smorganamilo1-0/+1
Currently when caling alpm_trans_commit, if fetching a package restults in a 404 (or other non 400 response code), the function returns -1 but errno is never set. This patch sets errno to ALPM_ERR_RETRIEVE. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-28meson: use dependency('gpgme') exclusivelyEli Schwartz2-30/+5
This works everywhere that gpgme >= 1.13.0 because it is a pkg-config dependency, and meson 0.51 adds a fallback config-tool dependency provider that detects older versions of gpgme seamlessly via gpgme-config. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-28meson: use not_found_message when dependencies are not foundEli Schwartz1-8/+4
The default state of `dependency()` is `required: true`, which means if a dependency is not found, meson immediately aborts and does not log our `error()` messages. meson 0.50 has builtin support for dependencies with custom error messages. The alternative would be to specify `required: false` everywhere, and only then to key off of `dep.found()`. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-28meson: bump the minimum supported version of meson to 0.51Eli Schwartz1-1/+1
We haven't reached our first public release of the meson build backend yet, so we have lots of flexibility for this... and build dependencies are easier to upgrade than runtime dependencies anyway. Updating meson allows us to make use of a bunch of new features that rewquire the latest version of meson. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-26bash-completion: use POSIX character classes in regular expressionsEli Schwartz1-3/+3
bash uses POSIX extended regular expressions via regex(3), which does not guarantee support for shorthand character classes. Although glibc supports it, msys2-runtime does not. Make sure the completion script works (hopefully) everywhere by being more portable. Fixes: https://github.com/msys2/MSYS2-packages/pull/1549 Original-patch-by: plotasse <platos@protonmail.ch> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-25makepkg: do not exit immediately on dependency install failuresAllan McRae1-2/+2
Fixes FS#63000 Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-20use consistent time notation for the logAndrew Gregory1-3/+3
%X is locale-dependent, making it impossible to reliably parse and potentially overflowing the buffer. %T is consistent across locales. Also fixes some adjacent whitespace. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-20pacman: correctly free listsmorganamilo1-2/+4
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-20Fix compiler warnings with gcc-9.1Allan McRae3-3/+3
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-20free makedepends/checkdepends when freeing packagesDave Reisner1-0/+2
Credit to Andrew for identifying source of the leak. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-07pacman: fix error during -Fymorganamilo1-1/+1
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-06hooks: rename type File to PathAndrew Gregory7-15/+20
Make it clearer that the targets are matched against both directories and regular files and free up File to potentially refer specifically to regular files in the future. File is retained as a deprecated alias for Path for the time being to avoid breaking existing hooks and will be removed in a future release. See FS#53136. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-06makepkg: restrict pkgname and pkgver to asciiAndrew Gregory2-0/+9
pkgname and pkgver are used as directory names within database files. libarchive does not provide a reliable locale-independent method for reading archive file names, causing errors when archive paths include non-ascii characters. This is a first step toward dealing with FS#49342, by hopefully reducing the number of packages with non-ascii data in the wild before updating libalpm to reject them outright. See https://github.com/libarchive/libarchive/wiki/Filenames and https://github.com/libarchive/libarchive/issues/587 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-06pacman: rework the UI of -Fmorganamilo3-105/+53
Reworks the UI of -F according to FS#47949 In short -F replaces both -Fs and -Fo. Searching for an exact path (target contains "/"), causes the output to switch to the old -Fo output. Otherwise the old -Fs output is used. Also strip the leading "/" from targets like how -Qo does. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-06pacman: refactor file match printing to their own functionsmorganamilo1-30/+41
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28makepkg: also move restore_envvars handling into libmakepkgEli Schwartz2-6/+21
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28makepkg: move config loading into libmakepkgEli Schwartz5-31/+73
When scripting/automating around makepkg, it is sometimes desirable to know how makepkg will be configured to operate. One example is the archlinux devtools, which must forward select makepkg.conf variables into a build chroot (for example PACKAGER) or use those variables itself (for example {SRC,PKG,LOG}DEST). The configuration file can be in up to 3 places, and should be capable of being overridden via environment variables. It is sufficiently complex to represent distinct functionality, and sufficiently useful to merit easy accessibility in other scripts, therefore, let us move it into a publicly exposed utility library. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28doc: update SRCEXT/PKGEXT to reduce needlessly scary warningsEli Schwartz4-7/+9
Currently this tells people that the settings should not be touched, but we should just rely on the description of what it should be set to, and leave it up to the user. With the previous patch, makepkg aborts if an invalid value is set, greatly reducing the danger of it being badly configured. Also make this clearer by indicating when it would be useful to change the settings -- i.e. disable compression -- and ensure their described defaults are based on the ones established during ./configure or meson setup. Reported-by: Jouke Witteveen <j.witteveen@gmail.com> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28libmakepkg: add lint_config to validate SRCEXT/PKGEXTEli Schwartz3-0/+47
These variables must begin with .src.tar / .pkg.tar respectively, so fail early if those expectations are not matched. This prevents makepkg from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64" which are actually uncompressed tarballs. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28repo-add: Add --prevent-downgrade optionekardnam1-3/+16
Implements FS#17752 Signed-off-by: Luca Bertozzi <ekarndam@autistici.org>
2019-05-28Support application/gzip MIME type in extractionKevin Mihelich1-1/+1
file 5.37 changed the gzip MIME type from application/x-gzip to application/gzip, so support this when checking to extract source files. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08makepkg: propagate error codes when package failed to sign correctlyEli Schwartz3-4/+8
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08libmakepkg: install pkg-config fileEli Schwartz4-2/+19
Since makepkg exports a public library of functions, other projects may wish to use these functions. Highlights include parseopts or our messaging functions. Install a pkg-config file in order to let downstream users detect where they can source the libmakepkg functionality. This is useful e.g. to gracefully handle the case where a thirdparty project is configured and installed into a different datarootdir from pacman, but still wants to use the installed pacman's version of libmakepkg. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08libmakepkg: fix missing or inaccurate interdependenciesEli Schwartz13-14/+14
When the executable checking was refactored into libmakepkg, it carried with it, usage of $E_* error codes, which need to be declared from error.sh but are only available when the parent program already sources error.sh; additionally, message.sh was only loaded in a parent library, but not where it was needed, and option.sh was often loaded when it wasn't needed at all. util.sh, meanwhile, has always depended on message.sh functions. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08scripts: protect against unintended glob matching in [[ ]] RHSEli Schwartz10-11/+11
The right-hand side of the [[ ... = ... ]] keyword is an exception to the general rule that quoting is unnecessary with [[ This is usually not a problem, e.g. in libmakepkg, lint_one_pkgname will already fail if pkgname has an asterisk, but it certainly doesn't hurt to be "more proper" and go with the spec; it is more dangerous in repo-add, which can get caught in an infinite loop instead of safely asserting there is no package named 'foo*'. Reported-by: Rafael Ascensão <rafa.almas@gmail.com> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08makepkg: use more schema.sh to clean the environment of special variablesEli Schwartz1-3/+3
Fixes "arch" and "checkdepends" never having been unset, fixes b2sums (but not ${!b2sums_@}) being recently left out. The "build" function used to be unset as well, explicitly unset it as a function and do the same for other official functions as well. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08meson: fix build of executables with nonstandard libarchive pathEli Schwartz1-0/+2
The libarchive header is used in alpm.h, and several binaries include this header. This is noticeably a problem when using e.g. the musl-gcc compiler which does not include /usr/include by default, and thus the build system reports: ...../lib/libalpm/alpm.h:35:10: fatal error: archive.h: No such file or directory More commonly, this will result in compiling against potentially the wrong headers, if the libarchive installation picked up by pkg-config is different from the one with headers in /usr/include, and /usr/include is in the -isystem path. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08makepkg: fix bash 5 compatibility when packaging symlinks to a directoryEli Schwartz1-1/+2
In commit b5191ea140386dd9b73e4509ffa9a6d347c1b5fa we moved to using shell globbing to print package files for a couple of reasons including reproducible packaging of .METADATA files. Unfortunately, this only works reliably when the glob pattern does not resolve to a symlinked directory due to a change in the bash 5.0 release. Note that the previous, desired behavior was rather to merely refuse to recurse into symlinked directories, but due to an unrelated issue, the symlink handling for globstar was reworked in a way that had this side effect. See https://lists.gnu.org/archive/html/bug-bash/2019-04/msg00015.html for discussion; this may be fixed at some point, but bash 5.0 is broken either way. The appropriate way of handling this seems to be to use **/* to match instead; this produces the same results on both bash 4 and bash 5, as the ** matches any leading directory component (or none), and the * matches any file, directory, or symlink to either one. Fixes FS#62278 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>