Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
If it's not listed by --list-secret-key we don't care if it has been
imported into your keyring, it's unusable. And you might not have a
private key at all in the no-keyid-specified case.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 02ae97b0da220d9079c6c2c1ac3e3ab0d12c1ac7)
|
|
We pass this to gpg -u and this gpg option can accept a number of
different formats, not just the historical hexadecimal fingerprint we
assumed. We should not barf hard if a format is used which happens to
contain spaces.
This also fixes a validation bug. When we initially check if the desired
key is available, we don't quote spaces, so gpg goes ahead and treats
each space-separated string as a *different key* to search for,
returning partial matches, and returning success if at least one key is
found. But gpg --detach-sign -u will certainly not accept multiple keys!
Fixes FS#66949
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 899d39b635d46f9e2daff1aada75ea07f08fef64)
|
|
In commit 882e707e40bbade0111cf3bdedbdac4d4b70453b we changed message
output to go to stdout by default, unless it was an error. The plain()
function doesn't *look* like an error function, but in practice it was
-- it's used to continue multiline messages, and all in-tree uses were
for warning/error.
This is a problem both because we're sending output to the wrong place,
and because in some cases, we were performing error logging from a
function which would otherwise return a value to be captured in a
variable using command substution.
Fix this and straighten out the API by providing two functions: one for
continuing msg output, and one which wraps this by sending output to
stderr, for continuing error output.
Change all callers to use the second function.
(cherry picked from commit bf458cced7c0845f7b6fabb887d3878ae4cd51b2)
|
|
This was broken in commit 882e707e40bbade0111cf3bdedbdac4d4b70453b,
which changed 'plain()' messages to go to stdout, which was then
captured as the download client in question: cmdline=("Aborting...").
The result was a very confusing error message e.g.
/usr/share/makepkg/source/file.sh: line 72: $'\E[1m': command not found
or with makepkg --nocolor:
/usr/share/makepkg/source/file.sh: line 72: Aborting...: command not found
The problem here is that we checked to see if an asynchronous subshell,
in our case <(...), failed, by checking if its captured stdout is
non-empty. Which is terrible, and also a limitation of old bash. But
bash 4.4 can use wait $! to retrieve the return value of an asynchronous
subshell. Now we target that as our minimum, we can sanely handle errors
in such functions.
Losing error messages on stdout by capturing them in a variable instead
of printing them, continues to be a problem, but this will be fixed
systematically in a later commit.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 381e11375569fa7588b1297e0e744749bdafe8f5)
|
|
If something like source=(..."#commit=") is used, e.g. due to failed
variable expansion, we try to check out an empty refspec as nothing at
all, and end up just running "git checkout". This happens because we
fail at variable expansion too -- so let's quote our variables properly
and make sure git sees this as an empty refspec, so it can error out.
Also make sure it is interpreted as a ref instead of a path.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 817f9fb715b4e90d28bc141dfccfc530b9e951dc)
|
|
Given RFC 4880 provides the code to do this calculation, I am not sure
how I managed to stuff that up! This bug was only exposed when a
signature made with "include-key-block" was added to the Arch repos,
which provided a subpacket with the required size to hit this issue.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 5f6ef895b1dac04c7fb1b63acab2d42c19f91922)
|
|
It's either a waste of work, or triggers edge cases in some packages
(like coreutils-8.31) where the source file is readonly and cp gets a
permission denied error trying to overwrite it with an identical copy of
itself.
Also while we are at it, make the variable names be something readable,
because I could barely tell what this was doing while editing it.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 3674144a74cfe897ec3ff46c18681df293290caa)
|
|
While iterating over the provides array, the find call for locating a
shared library may result in listing multiple entries which by itself
does not produce a stable deterministic order and may vary depending on
the underlying filesystem.
To provide a stable listing and a reproducible .PKGINFO file the result
of find is piped to sort with a static LC_ALL=C localisation.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 8ce142a2552418f64a74e773f659d92b065d6209)
|
|
This is not a warning, _parse_options() returns failure without even
parsing further lines and the attempted pacman/pacman-conf program
execution immediately aborts. Warnings are for when e.g. later on if we
don't recognize a setting at all, we skip over it and have enough
confidence in this to continue executing the program.
The current implementation results in pacman-conf aborting with:
warning: config file /etc/pacman.conf, line 60: invalid value for 'ParallelDownloads' : '2.5'
error parsing '/etc/pacman.conf'
or pacman -Syu aborting with the entirely more cryptic:
warning: config file /etc/pacman.conf, line 59: invalid value for 'ParallelDownloads' : '2.5'
and this isn't just a problem for the newly added ParallelDownloads
setting, either, you could get the same problem if you specified a
broken XferCommand, but that's harder as it's more accepting of input
and you probably don't hit this except with unbalanced quotes.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 8e769ddb8a59a9fbacf4614283d2fb519f022386)
|
|
This was only partially implemented in the original implementation.
`pacman-conf | grep ILoveCandy` would tell you if it was set, but
querying directly by name would not.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 7423b166047ff168ef337818958bf86ed1d42a0a)
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 3ea7fdd96c874e111588a6e64ee30b75b55db785)
|
|
Current code accidently uses noupgrade for the NoExtract directive.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 1d39557aa070d2260cfda650e59c8d190397ba01)
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit e76ec94083235ddc5510ab57b7c2bc12a1d34e8a)
|
|
It looks like this function has never actually worked. The current list
is never set to NULL after being freed. So the new deps were just
appended to the already freed list, leading to a segfault.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 0a25548cd0910f66dea2dfab21f75a6d15366d64)
|
|
Extracting function variables containing arbitrarily scoped variables of
arbitrary nature is a disaster, but let's at least cover the common case
of using the actual '$pkgname' in an install/changelog file. It's the
odd case of actually being basically justified use of disambiguating
between the same variable used in multiple different split packages...
and also, --printsrcinfo already uses and overwrites the variable
'pkgname' in pkgbuild_extract_to_srcinfo, so this "works" in .SRCINFO
but doesn't work in .src.tar.gz
It doesn't work in lint_pkgbuild either, but in that case the problem is
being too permissive, not too restrictive -- we might end up checking
the same file twice, and printing that it is missing twice.
Fixes FS#64932
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit d626a17ef94d79975ff17d04250152ea46aaade3)
|
|
Commit e6a6d307 detected complete part files by comparing a payload's
max_size to initial_size. However, these values are also equal when we
use pacman -U on a URL as max_size is set to 0 in that case. Add a further
condition to avoid that.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit e54617c7d554e0c14c039432b5f7bef66e43769c)
|
|
We previously has the maximum database size as 25MB. This was set in the days
before repos had as many packages as they do now, and before we started
distributing files databases. Increase this limit to 128MB.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 2856a7dea3c0d4584e126b5ca5957e13e23f83d1)
|
|
Many moons ago, libtool was bad - I mean worse than today! It gobbled all
--as-needed and we ended up with an overlinked libalpm. This was annoying,
particularly when dealing with soname bumps in libraries pacman/libalpm had
no business linking to. Luckily we had a fix, stolen from GNOME I believe.
And with that fix, we lived in harmony with libtool for many years. Until one
day, unbeknownst to us, libtool was "fixed". We kept applying our patch,
because it still applied, but it did worse than nothing. It gobbled up our
other LDFLAGS, and our libalpm started missing out on RELRO and BIND_NOW.
This made the Arch Security Team unhappy. We will make them happy again by
stopping the patch.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 2e32d51a262fef398a94a17c0a0d4ff3233990b5)
[Andrew: restore autogen.sh]
|
|
In rare cases, likely due to a well timed Ctrl+C, but possibly due to a
broken mirror, a ".part" file may have size at least that of the correct
package size.
When encountering this issue, currently pacman fails in different ways
depending on where the package falls in the list to download. If last,
"wrong or NULL argument passed" error is reported, or a "invalid or
corrupt package" issue if not.
Capture these .part files, and remove the extension. This lets pacman
either use the package if valid, or offer to remove it if it fails checksum
or signature verification.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit e6a6d3079315ce722fec39604fddbab1c7ac79b3)
|
|
We now store key structs of our missing key info, so can not search the list
for string matches. This caused missing keys to be downloaded once for every
package they signed.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 540b19164b1ab3a4950b4a828fb90d047f4a591d)
|
|
In commit 9c817b654996249b8022e189ee7e2692f4668431 we made these sources
extendable, and heuristically determined the correct extraction
functions to use. But our fallback for protos that didn't have an exact
extract_* function didn't take into account that 'extract_file' matches
an actual proto... so we passed the netfile in while the function
expected a file.
Solution: the function should expect a netfile too, thereby allowing us
to delay an attempted resolution of netfile -> file, to the one case
where it is actually used. This makes us slightly more efficient in the
non-file case, makes our functions a bit more consistent, and makes
file:// extraction work again.
Fixes FS#64648
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 349c22d043290ccd0cce9f30981f5415e295442a)
|
|
Daniel T. Borelli <danieltborelli@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit eaa2770c80f8f3b168b99021e4258d696523d38a)
|
|
When file is called via fakeroot, it doesn't matter whether you use -z
or not, it is still incompatible with seccomp. Fix by configuring it
with FILECMD when used in the fakeroot 'tidy' run.
Fixes FS#65100
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
python-3.8 changed the default tar format to PAX_FORMAT. This caused
issues in our testsuite with package extraction of files with UTF-8
characters as we run the tests under the C locale.
sycn600.py:
error: error while reading package /tmp/pactest-xuhri4xa/var/cache/pacman/pkg/unicodechars-2.0-1.pkg.tar.gz: Pathname can't be converted from UTF-8 to current locale.
Set format back to GNU_FORMAT.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit b9faf652735c603d1bdf849a570185eb721f11c1)
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
Distribute asciidoc sources for all manpages instead of remembering to
add files to both variables. Fixes regression in
377d47142f7aaa01ca782e6587f2d4caf663865b which broke building the
website from a dist tarball:
make: *** No rule to make target 'pacman-conf.8.html', needed by 'html'. Stop.
(Technically this regression is already fixed by commit
942b909829d529409216939b36af11e8480726f5, but this is just going to keep
happening, I suspect, so we should fix the root cause.)
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Fixes issue where users were allowed to run cleanup while running
--geninteg or --printsrcinfo or --packagelist, thus mixing invalid
responses into stdout.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Exclude files with hardlinks when cat'ing all the files, and do a second
run to look at each file with hardlinks, keep track of the ones we've
already operated on, and only cat each inode once. Then use "wc -c" to get
the size of all (deduplicated) files the same way we were already doing.
Original-patch-by: Ronan Pigott <rpigott@berkeley.edu>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
zipman:
read -r protects against those evil manpages whose filenames contain
backslash escapes, (muahahaha?)
IFS= read protects against filenames with:
- leading whitespace (but no one is actually stupid enough to configure
their MAN_DIRS=() in makepkg.conf with such silly directories, *right*?)
- trailing whitespace (but likewise, no one should be stupid enough to
write an uncompressed manpage for section '1 ' or something)
Also fix several other cases where we read filenames without protecting
against surrounding whitespace, or without using null-delimited
filenames when we could trivially do so.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The BSD stat command uses %N, not %n, and was incorrectly ported to
meson.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Use after free.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
make update-copyright OLD=2018 NEW=2019
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
makepkg now complains when PACKAGER is not in the format
"name <email>".
Hide this warning when PACKAGER is unset but still warn if it is set to
something out of format.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Commit 7afe51171 attempted to add zstd compression support to repo-add,
but failed...
FS#64213
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Also caught the source of a man page not being distributed.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
This is the first major release without any additions to the libalpm API!
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This allows pacman to print the correct error message when checking keys
and libalpm has been compiled without gpgme support.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The dummy checksigs function never sets count to 0, leaving it
unitialized. This caused the siglist cleanup to try and free the empty
list.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Pull all translations with >75% completion.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This message was clarified for sync operations in
2b1b7b70753eb56bee08cd270efc7cfa342bc0ec.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|