summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-01-10makepkg: fix one more file-seccomp issueEli Schwartz1-1/+1
When file is called via fakeroot, it doesn't matter whether you use -z or not, it is still incompatible with seccomp. Fix by configuring it with FILECMD when used in the fakeroot 'tidy' run. Fixes FS#65100 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2020-01-10pactest: set package tar format to GNU_FORMATAllan McRae1-1/+1
python-3.8 changed the default tar format to PAX_FORMAT. This caused issues in our testsuite with package extraction of files with UTF-8 characters as we run the tests under the C locale. sycn600.py: error: error while reading package /tmp/pactest-xuhri4xa/var/cache/pacman/pkg/unicodechars-2.0-1.pkg.tar.gz: Pathname can't be converted from UTF-8 to current locale. Set format back to GNU_FORMAT. Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit b9faf652735c603d1bdf849a570185eb721f11c1)
2019-11-01Release 5.2.1v5.2.1Allan McRae3-4/+5
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-01Pull latest translations from TransifexAllan McRae42-104/+133
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-01Update NEWS for pacman-5.2.1Allan McRae1-0/+11
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-30Comma failAllan McRae1-1/+1
2019-10-30autotools: be more templated when getting list of doc dist filesEli Schwartz1-13/+2
Distribute asciidoc sources for all manpages instead of remembering to add files to both variables. Fixes regression in 377d47142f7aaa01ca782e6587f2d4caf663865b which broke building the website from a dist tarball: make: *** No rule to make target 'pacman-conf.8.html', needed by 'html'. Stop. (Technically this regression is already fixed by commit 942b909829d529409216939b36af11e8480726f5, but this is just going to keep happening, I suspect, so we should fix the root cause.) Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-30makepkg: only run --clean actions if we built a packageEli Schwartz1-1/+1
Fixes issue where users were allowed to run cleanup while running --geninteg or --printsrcinfo or --packagelist, thus mixing invalid responses into stdout. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-30makepkg: do not count hard links multiple times when calculating pkg sizeEli Schwartz4-1/+44
Exclude files with hardlinks when cat'ing all the files, and do a second run to look at each file with hardlinks, keep track of the ones we've already operated on, and only cat each inode once. Then use "wc -c" to get the size of all (deduplicated) files the same way we were already doing. Original-patch-by: Ronan Pigott <rpigott@berkeley.edu> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-30makepkg: protect against unexpected whitespace in filenamesEli Schwartz4-11/+11
zipman: read -r protects against those evil manpages whose filenames contain backslash escapes, (muahahaha?) IFS= read protects against filenames with: - leading whitespace (but no one is actually stupid enough to configure their MAN_DIRS=() in makepkg.conf with such silly directories, *right*?) - trailing whitespace (but likewise, no one should be stupid enough to write an uncompressed manpage for section '1 ' or something) Also fix several other cases where we read filenames without protecting against surrounding whitespace, or without using null-delimited filenames when we could trivially do so. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-30meson: fix inodecmd for darwin/bsdEli Schwartz1-2/+2
The BSD stat command uses %N, not %n, and was incorrectly ported to meson. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-27Fix segfault importing PGP key for pacman -U operationsAllan McRae1-2/+2
Use after free. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-24Add pacman-conf(8) to the documentation indexEvangelos Foutras1-0/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-23Update copyright yearsAllan McRae176-182/+182
make update-copyright OLD=2018 NEW=2019 Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-23Remove --force from completionAllan McRae2-4/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-23Update completion for -F changesAllan McRae2-4/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-22makepkg: don't warn when PACKAGER is unsetmorganamilo1-1/+1
makepkg now complains when PACKAGER is not in the format "name <email>". Hide this warning when PACKAGER is unset but still warn if it is set to something out of format. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-22Fix compression of package databases with zstdNick Cao1-6/+6
Commit 7afe51171 attempted to add zstd compression support to repo-add, but failed... FS#64213 Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-22Fix distribution of meson filesAllan McRae2-1/+4
Also caught the source of a man page not being distributed. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-21Release v5.2.0v5.2.0Allan McRae3-6/+8
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-21Final translation updates for pacman-5.2.0Allan McRae123-939/+2674
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-17document changes between 5.1 and 5.2Eli Schwartz1-0/+116
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-10-15Update README for pacman 5.2.0 releaseAllan McRae1-0/+25
This is the first major release without any additions to the libalpm API! Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-15libalpm: set errno in signing dummy functionsmorganamilo1-3/+6
This allows pacman to print the correct error message when checking keys and libalpm has been compiled without gpgme support. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-15libalpm: fix segfault when -Qip'ing a packagemorganamilo1-1/+2
The dummy checksigs function never sets count to 0, leaving it unitialized. This caused the siglist cleanup to try and free the empty list. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-14Translation updatesAllan McRae126-10098/+6303
Pull all translations with >75% completion. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-14remove: improve broken dependency error messageAndrew Gregory1-2/+2
This message was clarified for sync operations in 2b1b7b70753eb56bee08cd270efc7cfa342bc0ec. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-13pacman: return 1 when -F <target> has no resultsmorganamilo1-2/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-12run XferCommand via execAndrew Gregory4-19/+117
system() runs the provided command via a shell, which is subject to command injection. Even though pacman already provides a mechanism to sign and verify the databases containing the urls, certain distributions have yet to get their act together and start signing databases, leaving them vulnerable to MITM attacks. Replacing the system call with an almost equivalent exec call removes the possibility of a shell-injection attack for those users. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2019-10-12add arg_to_string helperAndrew Gregory3-21/+29
Converts an argc/argv pair to a string for presentation to the user. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2019-10-12move wordsplit into common for sharingAndrew Gregory3-116/+118
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2019-10-09makepkg: do not save fflags when creating packagesEli Schwartz1-2/+2
Saving fflages breaks reproducible builds due to encoding information specific to the filesystem that was used to build the package. This information is not needed for packaging purposes anyway. Including fflags also means that attempting to extract a package file as root (or fakeroot) might result in angry warnings being printed to the console by bsdtar, followed by a non-zero exit code, unless the user remembers to use --no-fflags during extraction. This is unpleasant UI, even if pacman itself won't care about these. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-09signing: handle unknown uid in key importChristian Hesse1-0/+5
With unknown uid pacman crashed. Return with error from email_from_uid() if uid is NULL. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-09signing: modify question text with unknwon uidChristian Hesse1-2/+8
If the key's uid is unknown (for example with db signatures) the question was: :: Import PGP key 02FD1C7A934E614545849F19A6234074498E9CEE, "(null)"? [Y/n] Let's display a modified question for unknown uid. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman-key: receive keys from WKD with -r/--recv-keysJonas Witschel1-8/+17
If an email address is specified, we use --locate-key to look up the key using WKD and keyserver as a fallback. If the key is specified as a key ID, this doesn't work, so we use the normal keyserver-based --recv-keys. Note that --refresh-keys still uses the keyservers exclusively for refreshing, though the situation might potentially be improved in a new version of GnuPG: https://lists.gnupg.org/pipermail/gnupg-users/2019-July/062169.html Signed-off-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07Pull and push translation changes in preparation for 5.2Allan McRae126-17478/+17859
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07makepkg: propagate E_REMOVE_BUILD_DEPSAlad Wenter1-1/+5
remove_deps is called once, at the end of clean_up() before makepkg exit. If remove_deps returns >0 (e.g. when pressing "n" in the resulting prompt), the error is caught by the ERR signal handler. This in turns sends SIGUSR1 to the process group, with resulting exit code 138. In case remove_deps fails, this patch exits makepkg with E_REMOVE_DEPS if there was no previous error (that is, EXIT_CODE equals E_OK). Otherwise, makepkg exits with EXIT_CODE. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07makepkg: remove makedepends before installing built packageErich Eckner1-0/+3
When running `makepkg -i` it may be necessary to first remove make- and checkdepends before installing the built package - for example if they conflict each other. This is the case for wireguard-arch which makedepends and conflicts wireguard-dkms. Signed-off-by: Erich Eckner <git@eckner.net> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07makepkg: wait for process to finishAllan McRae1-1/+1
Without the -f option to wait, we might move on and try to delete the logpipe before the process is completed. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07makepkg: Delete logpipe when exitingAustin Lund1-3/+4
The logpipe fifo can remain when exiting on a non-error condition such as recieving signals INT and USR1. This can be seen by doing either a manual CTRL-C to interrupt the build or by sending a signal such as: $ makepkg & sleep 5 ; kill -USR1 $! Remove the fifo in all cases on script exit if it still exists. Signed-off-by: Austin Lund <austin.lund@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman: speed up deptestmorganamilo1-1/+3
Try and find an exact match via pkgcache before iterating the entire localdb. Gives a noticeable speed up for exact matches e.g. `pacman -T zlib` Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07libalpm: short circuit alpm_find_dbs_satisfiermorganamilo1-8/+7
when a satisfying package is already installed, we always pick it instead of prompting the user. So we can return that package as soon as we find it, instead of waiting until we've iterated through all the databases. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07libalpm: fix incorrect documentationmorganamilo1-5/+7
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07meson: work around broken pkg-config file with private requiresEli Schwartz1-12/+10
In addition to the general issue of staticlibs linkage, linking a static lib to a library() does not seem to generate the needed Libs.private. Rework how we handle this entirely. Instead of relying on convenience libraries, we will *sigh* go extract a boatload of .o files again, then relink those to the installable libalpm, while mentioning our dependencies again. We still have our guaranteed static library for linking arbitrary programs with (e.g. vercmp), and we still only generate one identical copy of the .o files, but now we potentially `ar` it up twice, which isn't so bad. And linking still works, and pkg-config files also still work. One alternative would be to explicitly list our dependencies to pkgconfig.generate with requires_private, but since gpgme might be an elevated config-tool dependency, this can fail with: meson.build:341:10: ERROR: requires argument not a string, library with pkgconfig-generated file or pkgconfig-dependency object, got <GpgmeDependency gpgme: True> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07meson: fix incorrect libalpm versionEli Schwartz1-1/+1
LIB_VERSION is supposed to be something like 11.0.1, not simply reiterate the project version. As a result, we ended up with this: $ pacman -V [...] Pacman v5.1.0 - libalpm v5.1.0 [...] Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07meson: fix libcommon being publicly exposed as a static link dependencyEli Schwartz1-2/+2
libcommon isn't even installed, so that means libalpm.a (if installed) is fatally broken as it misses objects. The problem is that meson doesn't handle this case correctly: https://github.com/mesonbuild/meson/issues/3934 https://github.com/mesonbuild/meson/issues/3937 https://github.com/mesonbuild/meson/pull/3939 Work around this by manually extracting libcommon's .o files into the list of objects used to create libalpm. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07Support file with seccomp enabledEli Schwartz7-1/+36
Not all compression types can be detected in the seccomp sandbox, so we need to disable it. This requires either configuring makepkg to know the sandbox is available, or checking for file >= 5.38 in which the sandbox option is a no-op even when seccomp is disabled. - Requires autoconf-archive for autotools version compare macro. - meson version comparison could be made a lot simpler using meson-git. Fixes FS#58626 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman-key: clean keys on import to remove unknown signaturesEli Schwartz1-0/+1
There is no good reason to bloat the keyring by importing tons of signatures we cannot use; drop any signatures that don't validate against another available key (probably the master keys). If any desired signatures get cleaned, the key can be refreshed after importing the new signing public key. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman-key: make sure we actually use the Web of Trust, which GnuPG doesn't.Eli Schwartz1-0/+5
By default, the latest versions of GnuPG disable the Web of Trust and refuse to import signatures from public keyservers. This is to prevent denial of service attacks, because refusing to import signatures only if the key size is too big, is apparently too silly to consider. Either way, pacman needs the WoT. If pacman imports a key at all, it means everything failed and we are in fallback mode, trying to overcome a shortcoming in the availability of keys in the keyring package. (This commonly means the user needs to acquire a new key during the same transaction that updates archlinux-keyring.) In order for that new key to be usable, it *must* also import signatures from the Master Keys. I don't give credence to this supposed DoS, since the worst case scenario is nothing happening and needing to CTRL+C in order to exit the program. In the case of pacman, this is better than being unable to install anything at all (which is gnupg doing a much more harmful DoS to pacman), and in the already unusual case where something like --refresh-keys is being used directly instead of depending on the keyring package itself, gnupg supports WKD out of the box and will prefer that for people whose keys are marketed as being non-DOSable. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman-key: when refreshing gpg.conf, don't truncate option checkingEli Schwartz1-1/+1
If an option is a two-part option, we print both (separated by IFS=' '), but when grepping to see if it already exists, we only checked the first component. This means that something like keyserver-options could only check if there were existing keyserver options of any sort, but not which ones. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>