summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-12-21doc: document transactionsmorganamilo1-12/+23
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document files and groupsmorganamilo1-46/+56
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document packagesmorganamilo1-68/+96
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document loggingmorganamilo1-5/+20
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document databasesmorganamilo1-219/+249
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document callbacksmorganamilo1-168/+271
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document dependsmorganamilo1-131/+164
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document signaturesmorganamilo1-115/+167
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document handlemorganamilo1-28/+30
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document errormorganamilo1-13/+109
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: add doc header to alpm.hmorganamilo1-0/+12
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: remove stray doxygen commentmorganamilo1-2/+0
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-09Implement TotalDownload functionalityAnatol Pomozov3-51/+106
With the recent 'multibar' interface changes TotalDownload has been disabled. Now we have a new UI and we need to find another way to display this information. When 'TotalDownload' config option is enabled we are going to have an extra progress bar at the bottom of the screen that shows how much of the entire download has been completed. Closes FS#68202 Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-03Restore usage line for -Fhv6.0.0alpha1Colin Woodbury1-0/+2
Unlike the other main commands, -F was missing its top-level usage line in its help output. Signed-off-by: Colin Woodbury <colin@fosskers.ca> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-03Modify "pacman -h" output for files operationsAllan McRae1-1/+1
pacman -F can take both a file(s) or a package(s) as arguments. Passing a file is more common, so adjust to show that in the help. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-03libalpm: set ret in download filesmorganamilo1-2/+4
download_files never set ret on failiure, so even when downloading fails, the transaction goes on to commit and error out. :: Retrieving packages... python-packaging-20.4-4-any.pkg.tar.zst failed to download error: failed retrieving file 'python-packaging-20.4-4-any.pkg.tar.zst' from mirror.oldsql.cc : The requested URL returned error: 404 warning: failed to retrieve some files (1/1) checking keys in keyring (1/1) checking package integrity error: failed to commit transaction (wrong or NULL argument passed) Errors occurred, no packages were upgraded. Also make the ret checking more consistent. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26Add fossil scm support to makepkgIvy Foster6-2/+136
Signed-off-by: Ivy Foster <escondida@iff.ink> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libalpm: add alpm_option_get_parallel_downloadsmorganamilo2-0/+12
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libalpm: set errno when setting parallel downloads with an invalid numbermorganamilo1-3/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libalpm: clarify alpm_download_event_completed_t statusmorganamilo1-3/+3
The comment makes it seem that the result itself is an error code. But all it does is simply return -1 to indicate an error occured; Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libalpm: don't call dlcb when not setmorganamilo1-2/+2
Fixes FS#68728: Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libalpm: set parallel_downloads to 1 when creating the handlemorganamilo1-0/+2
Fixes FS#68729 Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26Move cursor to the end of the screen at the SIGINTAnatol Pomozov3-13/+15
It requires exposing 'move cursor to the end' function in a pacman header file. We use it as a chance to make naming of the cursor management functions more consistent. Note that there is still possibility of a race condition in the cursor update logic. 'update cursor index variable' and 'send ASCII control symbols to console' is not an atomic operation. So if an SIGINT is received between these two action then cursor position is going to be screwed. Fixes FS#67973 Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26Go to the end of screen if 'printonly' mode enabledAnatol Pomozov1-0/+1
At the end of download operation our code makes sure the cursor is moved to the end of the drawing area. But 'printonly' mode has its own if() branch that skips this cursor alignment. Add cursor_goto_end() to the 'printonly' codepath to make sure it does not clobber previous output. Fixes FS#68355 Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libmakepkg: compress: fix tar extensionMichael Straube1-0/+3
With commit 74aacf44958e1343b910b3fbdcf753393857f070 creating uncompressed .tar packages fails. -> Compressing package... /usr/share/makepkg/util/compress.sh: line 70: COMPRESS.TAR[@]: invalid variable name bsdtar: Write error Empty the '$ext' variable for the '.tar' extension in get_compress_command() to fix this. We would fallback to cat for 'tar' anyways. Signed-off-by: Michael Straube <michael.straubej@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-10-21makepkg: emptydirs: fix typoMichael Straube1-1/+1
Fix typo in a comment in tidy_emptydirs(). Signed-off-by: Michael Straube <michael.straubej@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-10-21makepkg: properly localize some internal function variablesEli Schwartz1-1/+1
We leaked fullver and pkgarch all over the place, and only conditionally unset the other variables. Marking them local is a more proactive solution. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-10-21makepkg: fix signing of source packagesEli Schwartz1-1/+1
In commit c6b04c04653ba9933fe978829148312e412a9ea7 the signing stage was moved out of fakeroot, and thus into the main control flow instead of create_{,src}package While the function for signing binary packages has logic to build and gpg-sign multiple filenames, the source package never got this special treatment. This would be fine, except it uses the standard variables to set define the filename... like ${fullver}, which is usually set beforehand, but in this case is not. We don't define fullver globally as it's an internal implementation detail, except by sheer coincidence if PKGVERFUNC is false due to improperly guarded code. Result: source packages didn't end up signed. Instead, we raised a logic error: ==> WARNING: Failed to sign package file somepackage-.src.tar.gz. ==> ERROR: An unknown error has occurred. Exiting... Instead, let's just build the version inline, since we only use it once. Reported-by: GaKu999 <g4ku999@gmail.com> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-09-23makepkg: libprovides: don't provide both versioned and unversioned sonamesEli Schwartz1-8/+8
If multiple files match the pattern libfoo.so*, we want to check each of them and see if they are shared libraries, and if so, if they have versions attached. But some packages can have both shared libraries and random files which match the filename pattern. This is true at least for files in /usr/share/gdb/auto-load/, which must match the filename they are paired with, followed by "-gdb.py" (or some other gdb scripting ext), but definitely don't contain a shared library. In this case, we don't want to double-report the library in the generated provides. It's also possible (probably) for a package to provide a versioned as well as an unversioned shared library, but in such cases a single provides entry is sufficient to cover both cases (and the libdepends for the depending package would contain an unversioned dependency). Solve this by keeping track of whether we have added a versioned soname provides already, and then only adding a maximum of one unversioned provides *iff* there isn't a versioned one yet. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-09-23util.c: table_print_line: properly align texts involving CJKChih-Hsuan Yen1-1/+3
For printf in C, width is counted as bytes rather than Unicode width. [1] > If the precision is specified, no more than that many bytes are written. [1] Section 7.21.6, N2176, final draft for ISO/IEC 9899:2017 (C18) Thanks Andrew Gregory for suggesting a simpler approach. Fixes FS#59229 Signed-off-by: Chih-Hsuan Yen <yan12125@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-09-23FS#66472: Remove *.sig file if package corruptedAnatol Pomozov1-0/+6
In case if a package corrupted (e.g. signature or hash is invalid) pacman tries to remove the package file to redownload it anew the next time. Remove *.sig file as well to make sure no data is left for the invalid package. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-09-03Add pacman-conf zsh completionsRonan Pigott1-1/+95
Signed-off-by: Ronan Pigott <rpigott@berkeley.edu> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-09-03remove more autotools filesEli Schwartz7-424/+0
We forgot to remove m4/ in commit 454ea024383eab60295e4c4fdf2c329475887b2c and now it's tragically reminding me of autotools! Also take this opportunity to drop some symlinks in lib/libalpm/ for libcommon source files. In autotools these were built specifically for libalpm and needed to be available in that directory, but the meson setup just has libalpm depend on libcommon. So these pseudo source files aren't needed anymore. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-09-03makepkg.conf: Reword "Defaults"Allan McRae1-2/+2
FS#61661 notes that we have a comment "Defaults" value for BUILDENV and OPTIONS but that does not necessarily correspond to what the example makepkg.conf sets. Change the comment to "Makepkg defaults" to indicate this is what makepkg will do unless told otherwise. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-08-10Enable sha256/md5 hash verification if detached signatures are usedAnatol Pomozov1-1/+1
Pacman has multiple ways to verify package content integrity: - gpg signature - sha256 - md5 These verification mechanisms overlap each other. gpg signatures already contain hash value of the package content. So if a package signature is present then pacman ignored the other 2 hash values. This worked well with signtures embedded into pacman database. Recently pacman got an ability to handle detached signatures (*.sig files located next to the package files). If pacman verifies detached signature only then one can replace pkg+sig files with some other content and pacman still processes it as a valid package. To prevent it we need to verify database<->package integrity using hash values stored in the database. This commit fixes FS#67232 The new debug output is: checking package integrity... debug: found cached pkg: /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: sha256sum: 77baf61c62c5570b3a37cf0c3b16c5d9a97dde6fedd1a3528bf0cc5f96dd5e52 debug: checking sha256sum for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: sig data: <from .sig> debug: checking signature for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: 1 signatures returned debug: fingerprint: B5971F2C5C10A9A08C60030F786C63F330D7CB92 Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-08-10Fix error during keyring checkingAnatol Pomozov1-3/+1
With current master version the 'keyring checking' step produces an error: debug: returning error 6 from alpm_pkg_get_sig (../lib/libalpm/package.c: 274) : wrong or NULL argument passed The package signature is still checked later at the integrity verification step though. This commit fixes keyring checking and now the debug log looks like this: debug: found cached pkg: /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: found detached signature /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst.sig with size 566 debug: found signature key: 786C63F330D7CB92 debug: looking up key 786C63F330D7CB92 locally debug: key lookup success, key exists Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-08-10repo-add: use more libmakepkg to handle common compression routinesEli Schwartz1-20/+12
Currently the list of supported formats for an archive, is maintained in two places. And repo-add does not actually get updated. :( In the process, remove some of the logical duplication when calling bsdtar/compress_as. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-08-10libmakepkg: extend compress.sh to also permit checking validityEli Schwartz1-13/+40
get_compression_command() can now be used to do upfront checks for whether a given extension is known to do something successfully. This is useful when writing tools in which an unknown compression type is a fatal error. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-14doc/makepkg.8: Added punctuations.Morten Linderud1-2/+2
Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-14Check that destfile_name exists before using itAnatol Pomozov1-3/+6
In some cases (when trust_remote_name is used for a URL without a filename and no Content-Disposition is provided by the server) destfile_name will be NULL. In this case payload data will be stored in tempfile_name and no destfile_name is set. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-14Do not free payload fields in the middle of this structure useAnatol Pomozov1-4/+0
At the end of payload use it calls _alpm_dload_payload_reset() that will free() these and other fields anyway. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-14Build signature remote name based on the main payload nameAnatol Pomozov1-24/+37
The main payload final name might be affected by url redirects or Content-Disposition HTTP header value. We want to make sure that accompanion *.sig filename always matches the package filename. So ignore finalname/Content-Disposition for the *.sig file. It also helps to fix a corner case when the download URL does not contain a filename and server provides Content-Disposition for the main payload but not for the signature payload. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-07Fallback to detached signatures during keyring checkAnatol Pomozov5-9/+98
Pacman has a 'key in keyring' verification step that makes sure the signatures have a valid keyid. Currently pacman parses embedded package signatures only. Add a fallback to detached signatures. If embedded signature is missing then it tries to read corresponding *.sig file and get keyid from there. Verification: debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310 debug: found signature key: A5E9288C4FA415FA debug: looking up key A5E9288C4FA415FA locally debug: key lookup success, key exists Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-07FS#33992: force download *.sig file if it does not exist in the cacheAnatol Pomozov2-9/+24
In case if *.pkg exists but *.sig file does not we still have to pass the pkg to multi_download API. To avoid redownloading *.pkg file we use CURLOPT_TIMECONDITION curl option. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-07Add a utility function to check whether a file exists in the cacheAnatol Pomozov2-0/+16
It is similar to _alpm_filecache_find() but does not return a dynamically allocated memory to user. Thus the user does not need to free this resource. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-07Do not use counter for error trackingAnatol Pomozov1-8/+10
Current code uses an incrementing counter to check whether a function returned error: errors += some_function(); if(errors) { goto finish } Replace with a more standard variable errors = some_function(); if(errors) { goto finish } Rename 'errors' variable to a more typical 'ret'. Avoid reporting both ALPM_EVENT_PKG_RETRIEVE_FAILED and ALPM_EVENT_PKG_RETRIEVE_DONE in the error path. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-07Move signature payload creation to download engineAnatol Pomozov3-64/+67
Until now callee of ALPM download functionality has been in charge of payload creation both for the main file (e.g. *.pkg) and for the accompanied *.sig file. One advantage of such solution is that all payloads are independent and can be fetched in parallel thus exploiting the maximum level of download parallelism. To build *.sig file url we've been using a simple string concatenation: $requested_url + ".sig". Unfortunately there are cases when it does not work. For example an archlinux.org "Download From Mirror" link looks like this https://www.archlinux.org/packages/core/x86_64/bash/download/ and it gets redirected to some mirror. But if we append ".sig" to the end of the link url and try to download it then archlinux.org returns 404 error. To overcome this issue we need to follow redirects for the main payload first, find the final url and only then append '.sig' suffix. This implies 2 things: - the signature payload initialization need to be moved to dload.c as it is the place where we have access to the resolved url - *.sig is downloaded serially with the main payload and this reduces level of parallelism Move *.sig payload creation to dload.c. Once the main payload is fetched successfully we check if the callee asked to download the accompanied signature. If yes - create a new payload and add it to mcurl. *.sig payload does not use server list of the main payload and thus does not support mirror failover. *.sig file comes from the same server as the main payload. Refactor event loop in curl_multi_download_internal() a bit. Instead of relying on curl_multi_check_finished_download() to return number of new payloads we simply rerun the loop iteration one more time to check if there are any active downloads left. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-26srcinfo.sh: remove trailing newlineDenton Liu1-3/+2
When a .SRCINFO file is generated via `makepkg --printsrcinfo`, each section is concluded with an empty line. This means that at the end of the file, an empty line remains. This is considered a trailing whitespace error. In fact, `git diff --check` will warn about this, saying "new blank line at EOF." Instead of closing each section off with an empty line, use the empty line to separate sections, omitting the empty line at the end of the file. Signed-off-by: Denton Liu <liu.denton@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-26Cleanup the old sequential download codeAnatol Pomozov4-340/+19
All users of _alpm_download() have been refactored to the new API. It is time to remove the old _alpm_download() functionality now. This change also removes obsolete SIGPIPE signal handler functionality (this is a leftover from libfetch days). Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
2020-06-26Convert '-U pkg1 pkg2' codepath to parallel downloadAnatol Pomozov4-143/+184
Installing remote packages using its URL is an interesting case for ALPM API. Unlike package sync ('pacman -S pkg1 pkg2') '-U' does not deal with server mirror list. Thus _alpm_multi_download() should be able to handle file download for payloads that either have 'fileurl' field or pair of fields ('servers' and 'filepath') set. Signature for alpm_fetch_pkgurl() has changed and it accepts an output list that is populated with filepaths to fetched packages. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>