summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-05-16makepkg: introduce SOURCE_DATE_EPOCHAllan McRae1-4/+9
This patch introduces the SOURCE_DATE_EPOCH environmental variable. All files in a package are adjusted to have their modification dates set to the value of SOURCE_DATE_EPOCH, which defaults to "date +%s". Setting this variable allows a package that is built twice in the same environment to be (potentially) reproducible in that the checksum of the generated package file will be the same. Also adjust the compression of the mtree file to avoid gzip embedding a timestamp. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2017-05-16makepkg: remove build date from .PKGINFO headerAllan McRae1-1/+0
This information is duplicated (in less friendly format) in the "builddate" entry and removing it improves reproducible packaging. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2017-05-16remove unused byte from user agent bufferAndrew Gregory1-1/+1
snprintf prints at most n bytes including the terminating '\0'. The extra reserved byte was never being used. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-16check for overflow when setting HTTP_USER_AGENTAndrew Gregory1-1/+6
gcc7 issues a warning about a potential overflow if left unchecked. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-16query_fileowner: avoid buffer overflowAndrew Gregory1-0/+1
Copying a string into a buffer that has just been determined to not be able to hold it is obviously incorrect. The actual error handling appears to have been unintentionally removed in 47762ab687959e48acc2de8592fcf3ba3cfa502b. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-16alpm_unlock: check handle before dereferencingAndrew Gregory1-0/+1
Prevents SIGSEGV if we catch SIGINT or SIGHUP before initializing alpm. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-08pacman.8: fix typo in query optionsMichael Straube1-1/+1
Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-08free memory for --overwrite listsAndrew Gregory2-0/+2
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-08add send_fakem to valgrind.suppAndrew Gregory1-0/+8
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-08be_sync: error out if a db cannot be parsedAndrew Gregory1-5/+12
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-08makepkg: create signature files outside of fakerootAllan McRae2-7/+36
With recent version of gpg, signing within fakeroot works on the first invocation, but fails on later runs. Sign all packages outside of fakeroot to avoid this issue. Fixes FS#49946. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-17makepkg: do not create symlinks in build directoryAllan McRae1-28/+0
Setting PKGDEST and friends enables us to keep all built packages in a single location. Symlinking these files into the build directory creates unnecessary clutter and requires clean-up in multiple places when removing old version. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-17makepkg: clean up pkgver and prepare log filesHEADworkingMichael Straube1-0/+6
Delete log files for the pkgver and prepare functions if -c,--clean is passed. Fixes FS#51039 and FS#51075 Includes patch submitted by Christian Braun. Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-17run_chroot: label pipe endpoints for readabilityAndrew Gregory1-12/+17
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-17add --sysroot optionAndrew Gregory4-8/+32
--root is not sufficient to properly operate on a mounted guest system. Using --root still uses the host system's configuration and there is no way to correctly use the guest configuration without manually modifying any Include directives. --sysroot provides an easier way to operate on a guest system by chrooting immediately after option parsing before configuration parsing or performing any operations. It is currently limited to the root user, but that's enough for restoring a guest system to a working state, which is the primary intended use case. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-17use sockets for scriptlet/hook communicationAndrew Gregory1-13/+4
If a scriptlet/hook dies at the wrong moment it can trigger SIGPIPE, terminating the process. For pipes, there is no way to prevent SIGPIPE other than ignoring it process-wide. This can have unintended consequences in a multi-threaded process. Using send(2) with sockets, however, allows ignoring SIGPIPE on a per-call basis, leaving other threads able to make use of SIGPIPE. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-17conflict: include owner for filesystem conflictsAndrew Gregory4-7/+45
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-17unlink_file: strip trailing slashesAndrew Gregory3-1/+29
If the user replaces a directory with a symlink, libalpm would get confused because the trailing slash causes system calls to resolve the symlink. This leads to errors and a misleading message during upgrades. Even though libalpm does not support this, it should not be giving misleading errors. Also adds an overflow check. Fixes FS#51377 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16sortbydeps: rename vptr -> iAndrew Gregory1-5/+5
vptr is a simple list iterator, which are typically named i. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16sortbydeps: rename found -> switched_to_childAndrew Gregory1-4/+4
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16sortbydeps: factor out dep cycle warningAndrew Gregory1-33/+37
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16graph.h: rename childptr -> iteratorAndrew Gregory3-10/+10
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16graph.h: replace hardcoded values with an enumAndrew Gregory3-8/+14
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-12deprecate --force in favor of --overwriteAndrew Gregory2-9/+2
--force is widely misunderstood and the same effect can now be achieved with --overwrite, which is better named and can be used more safely. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-12add --overwrite option to ignore file conflictsAndrew Gregory12-4/+101
Allows for safer, more fine-grained control for overwriting files than --force's all-or-nothing approach. Implements FS#31549. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-12libalpm: Use archive_read_extract2Armin K1-1/+15
archive_read_extract() forces resolution of uid/gid to names when extracting the tarball. This can lead to wrong file ownership when using pacman with -r option and when uid/gid differ in the host and in the chroot. archive_read_extract2() uses uid's and gid's only. See also: https://lists.archlinux.org/pipermail/pacman-dev/2017-March/021912.html Signed-off-by: Armin K <krejzi@email.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-04Replace @SIZECMD@ with POSIX-compatible commandDrew DeVault3-10/+5
Now uses wc -c $file | cut -d' ' -f1, which works using only POSIX commands and removes the need for any platform-specific usages. Signed-off-by: Drew DeVault <sir@cmpwn.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-04parse stdin as newline-separatedAndrew Gregory1-32/+23
Newline-separated input is more reliable because most of the arguments we accept over stdin can validly contain spaces but not newlines. Resolves FS#52992 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-04add alpm_list_append_strdupAndrew Gregory2-0/+21
Makes error detection and handling easier for a common operation. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-04pactest: add --review optionAndrew Gregory1-1/+40
Opens the test file(s), test output, and any log files in the test environment in an editor after the tests run for review. Simplifies debugging tests by avoiding the need to use --keep-root and manually opening the relevant files. The editor used can be set with --editor or $EDITOR, falling back to vim. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-04Ignore comments in INSTALL files (FS#51916)Michael Straube1-0/+4
If a comment in an INSTALL file contains the name of a valid INSTALL file function but the function itself is not present, pacman tries to execute that function. That leads to an error. Ignore comments in the grep function in libalpm/trans.c to avoid such errors. Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-13Introduce a 'disable-download-timeout' optionChristian Hesse9-3/+38
Add command line option ('--disable-download-timeout') and config file option ('DisableDownloadTimeout') to disable defaults for low speed limit and timeout on downloads. Use this if you have issues downloading files with proxy and/or security gateway. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04alpm_fetch_pkgurl: fix memory leakAllan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Fix memory leak in alpm_pkg_checkmd5sumAllan McRae1-3/+3
Also remove redundant additional return path. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Suppress valgrind error in fakechrootRikard Falkeborn1-1/+3
This was spotted on Arch Linux, most likely it was introduced when fakechroot was updated to 2.19-1. Valgrind suggests to add the following suppression, which can be tweaked to fit an already existing one. { <insert_a_suppression_name_here> Memcheck:Leak match-leak-kinds: reachable fun:calloc obj:/usr/lib/libdl-2.24.so fun:dlsym obj:/usr/lib/libfakeroot/fakechroot/libfakechroot.so fun:bindtextdomain obj:/usr/lib/libgpg-error.so.0.20.0 fun:call_init.part.0 fun:_dl_init obj:/usr/lib/ld-2.24.so obj:* obj:* obj:* } Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Provide source files for useful debug packagesAllan McRae1-2/+21
Debug packages are fairly useless currently because the soucre files needed for stepping through code etc are not packaged with them. This patch adds the needed source files to the debug package and adjusts the debug info to look at the /usr/src/debug/ directory for them rather than the build location. This requires using the "debugedit" program which is provided as part of the RPM sources. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Document the new query parameter for VCS sourcesEli Schwartz1-5/+10
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: Verify git signaturesEli Schwartz3-12/+79
A git repository is marked as signed if it contains the query "signed" as defined by https://tools.ietf.org/html/rfc3986 Adds two utility functions in util/source.sh.in to extract fragments and queries, and modifies source/git.sh.in to use them. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04libmakepkg/integrity: Verify file signatures in a separate functionEli Schwartz1-38/+46
This makes it easier to add signature verification for new protos. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Add alpm_pkg_get_makedepends and alpm_pkg_get_checkdependsMark Weiman4-2/+38
makepkg adds makedepends and checkdepends to a package's .PKGINFO file. Add functions that allow use of these from libalpm. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04filelist_sort: check if filelist is presortedAndrew Gregory1-2/+9
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04add _alpm_filelist_sortAndrew Gregory5-9/+11
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04repo-add: sort file list entriesAndrew Gregory1-1/+1
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: sort package contentsAndrew Gregory1-12/+12
By passing a NUL-separated filelist, this also fixes a bug where files that look like bsdtar options in the package root could break the package ("-C" was particularly troublesome because bsdtar interprets it as an option anywhere in the file list, even following "--"). Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04find_fileconflicts: rename tmpfiles -> newfilesAndrew Gregory1-6/+6
The files belong to the new version of a package being installed, they are not temporary in any way. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04conflict: skip dir children when replacing a fileAndrew Gregory3-1/+34
When replacing a file with a directory, any files under that directory do not need to be checked for conflicts. This prevents possible false-positive conflicts where the file being replaced is a symlink. We were already skipping the directory children when the file was owned by the previous version of a package being upgraded. This extends that to other packages being removed. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04ini: only recognize comments at beginning of lineAndrew Gregory1-7/+2
Allows the hash sign to be used in values in config files and hooks. Fixes #48702 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04dload: s/CURLOPT_WRITEHEADER/CURLOPT_HEADERDATA/Dave Reisner1-1/+1
The former is really old, and should be avoided. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04pacman: ensure linkage against libarchiveDave Reisner1-1/+4
Fixes build on ubuntu/debian platforms. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04configure.ac: Use POSIX compatible equality checksDave Reisner1-2/+2
Signed-off-by: Allan McRae <allan@archlinux.org>