summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2019-10-12run XferCommand via execAndrew Gregory2-17/+115
system() runs the provided command via a shell, which is subject to command injection. Even though pacman already provides a mechanism to sign and verify the databases containing the urls, certain distributions have yet to get their act together and start signing databases, leaving them vulnerable to MITM attacks. Replacing the system call with an almost equivalent exec call removes the possibility of a shell-injection attack for those users. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2019-10-12add arg_to_string helperAndrew Gregory3-21/+29
Converts an argc/argv pair to a string for presentation to the user. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2019-10-12move wordsplit into common for sharingAndrew Gregory2-0/+115
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2019-10-09signing: modify question text with unknwon uidChristian Hesse1-2/+8
If the key's uid is unknown (for example with db signatures) the question was: :: Import PGP key 02FD1C7A934E614545849F19A6234074498E9CEE, "(null)"? [Y/n] Let's display a modified question for unknown uid. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07Pull and push translation changes in preparation for 5.2Allan McRae43-2043/+6722
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman: speed up deptestmorganamilo1-1/+3
Try and find an exact match via pkgcache before iterating the entire localdb. Gives a noticeable speed up for exact matches e.g. `pacman -T zlib` Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman/pacman-conf, testpkg: Added translatable stringsMatthew Sexton2-31/+42
Added gettext macro to warnings, helps, and errors for translation. Signed-off-by: Matthew Sexton <wsdmatty@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman: pacman-conf: removed hputs macro for usage displayMatthew Sexton1-13/+11
Using the macro got in the way of _() macro for translation All the macro did was make it so the writer didn't have to type \n", stream); at the end of every line. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07signing: move key import confirmation before key_searchJonas Witschel1-11/+2
Ask the user whether they want to import a missing key before even doing a search on the keyserver. This will be useful for getting Web Key Directory support in place: for a WKD, looking up and importing a key are a single action, so the current key_search -> QUESTION -> key_import workflow does not apply. Since only the ID of the package signing key is available before key_search, we display the packager variable in addition to the key ID for user convenience. Signed-off-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04autotools: distribute meson filesEli Schwartz3-1/+6
If we use make dist to create the official, signed release tarballs, those will not have meson build files by default since autotools doesn't know what they are. Also distribute all src/common/ files. We never strictly needed any of them to be distributed with autotools, because the dist tarball dereferences the symlinks (???), but only some of them were being distributed, and meson needs them to be in the right location as we only build libcommon from the primary files. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-12Prepare translations for next releaseAllan McRae43-8320/+7499
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-12pacman/callback: fix buffer over-readLászló Várady1-2/+2
Commit 11ab9aa9f5f0f3873df89c73e8715b82f485bd9b replaced a strcpy() call with memcpy(), without copying the terminating null character. Since fname is allocated with malloc(), subsequent strstr() calls will overrun the buffer's boundary. Signed-off-by: László Várady <laszlo.varady93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-05create coredump on segfaultAndrew Gregory1-6/+22
Overriding the segfault handler prevents the creation of core dumps by the default handler, which makes debugging segfaults difficult. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-05sighandler: block signals while handling SIGSEGVAndrew Gregory1-1/+1
If we get SIGSEGV we need to bail out quickly, leaving other signals unblocked could lead to other signal handlers getting triggered. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-20pacman: correctly free listsmorganamilo1-2/+4
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-20Fix compiler warnings with gcc-9.1Allan McRae3-3/+3
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-07pacman: fix error during -Fymorganamilo1-1/+1
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-06pacman: rework the UI of -Fmorganamilo2-95/+49
Reworks the UI of -F according to FS#47949 In short -F replaces both -Fs and -Fo. Searching for an exact path (target contains "/"), causes the output to switch to the old -Fo output. Otherwise the old -Fs output is used. Also strip the leading "/" from targets like how -Qo does. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-06pacman: refactor file match printing to their own functionsmorganamilo1-30/+41
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08Fix clang 8 string-plus-int warningsRikard Falkeborn1-2/+2
Clang 8 warns that adding a string to an integer does not append to string. Indeed it doesn't, but that was not the intentetion. Use array indexing as suggested by the compiler to silence the warning. There should be no functional change. Example of warning message: alpm.c:71:54: warning: adding 'int' to a string does not append to the string [-Wstring-plus-int] sprintf(hookdir, "%s%s", myhandle->root, SYSHOOKDIR + 1); ~~~~~~~~~~~^~~ alpm.c:71:54: note: use array indexing to silence this warning sprintf(hookdir, "%s%s", myhandle->root, SYSHOOKDIR + 1); ^ & [ ] 1 warning generated.
2019-03-07Remove support for deltas from libalpmAllan McRae1-8/+0
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07Make pacman forget deltas existAllan McRae5-62/+9
Dummy callbacks are still present to prevent compiler warnings until libalpm is delta free. Also remove Delta parsing from pacman.conf. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07Remove cleanupdeltaAllan McRae5-143/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07pacman: fix segfault when Usage is specified without a valuemorganamilo1-18/+20
And extract all the common code to a macro. Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-21Use standard, consistent units in the download progress.Sever Oraz1-10/+10
Rather than use M/s which can be either MB or MiB, specify that it uses MiB (consistent with the displayed total size). Fixes FS#59201 Signed-off-by: Sever Oraz <severoraz@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-12Add implicit fall through warningAllan McRae1-1/+1
Requires modification to our comment about fall through to match compilers expectations. Works for GCC and Clang. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-04fix various typosmorganamilo1-1/+1
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-10Add [ignored] to -Qu output for packages in repos that are not Usage = UpgradeAllan McRae1-1/+5
List all available updates in -Qu output, but include [ignored] beside those that will not be updated in a -Su operation due to thier repo Usage value (in addition to those that are Ignored). Fixes FS#59854. The following people provided initial patches to print [ignored] on -Qu operations, which highlighted a larger problem to be fixed first: With-thanks-to: morganamilo <morganamilo@gmail.com> With-thanks-to: Michael Straube <michael.straube@posteo.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-10libalpm/sync.c: change alpm_sync_newversion() to alpm_sync_get_new_version()Allan McRae1-2/+2
The behaviour of "pacman -Qu" was very strange... It would only consider packages from repos with Usage = Search (or All), and ignore those with Usage = Sync, Install or Upgrade. This is because the function alpm_sync_newversion() used ALPM_DB_USAGE_SEARCH for its filtering. Given this function is documented (at least in the source) to "Check for new version of pkg in sync repos", I would expect that to look at all repos. However, just changing this parameter, would result in a fairly silent change in behaviour of this function. Instead, rename the function and remove this filtering altogether. Users of this function can filter the dbs passed to this function to achieve their desired output. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-04Move skipping of duplicate sync/remove targets into libalpmMichael Straube2-17/+4
sync: As pointed out by Andrew Gregory there could be an error when adding duplicates if they are two separate packages with the same name. Add a check in alpm_add_pkg() to test whether the duplicate is actually the same package, and if so, log a debug message and return success to skip the package. If the duplicate is a different package return ALPM_ERR_TRANS_DUP_TARGET and treat that error just like any other error in pacman. remove: Change alpm_remove_pkg() to just log a debug message and return success to skip duplicates. Remove the handling of ALPM_ERR_TRANS_DUP_TARGET in pacman. Also fixes FS#49377. Suggested-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Michael Straube <michael.straube@posteo.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-11-28common/ini: remove unnecessary alpm includeAndrew Gregory1-2/+1
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-11-02Add meson.build files to build with mesonDave Reisner4-0/+45
Provide both build systems in parallel for now, to ensure that we work out all the differences between the two. Some time from now, we'll give up on autotools. Meson tends to be faster and probably easier to read/maintain. On my machine, the full meson configure+build+install takes a little under half as long as a similar autotools-based invocation. Building with meson is a two step process. First, configure the build: meson build Then, compile the project: ninja -C build There's some mild differences in functionality between meson and autotools. specifically: 1) No singular update-po target. meson only generates individual update-po targets for each textdomain (of which we have 3). To make this easier, there's a build-aux/update-po script which finds all update-po targets and runs them. 2) No 'make dist' equivalent. Just run 'git archive' to generate a suitable tarball for distribution.
2018-10-20pacman: don't error when a group exists but all packages are ignoredmorganamilo1-0/+18
Currently when attempting to sync a group where all packages are ignored, either by ignorepkg, ignoregroup or --needed, pacman will error with "target not found". Instead, if a group has no packages check if the group exists before throwing an error. Signed-off-by: morganamilo <morganamilo@gmail.com>
2018-09-19Show group status during file searchmorganamilo3-15/+22
When doing "pacman -Fs", show the "(groupname)" message just like "pacman -Ss". And refactor group printing to its own function. Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-09-19pacman: check versioned optdepends in -Qi operationEli Schwartz1-1/+1
Fixes FS#60106 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-09-18pacman-conf: add missing DisableDownloadTimeoutmorganamilo1-0/+3
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-08-29Show install status during file searchmorganamilo1-1/+5
When doing "pacman -Fs", show the "[installed: version]" message just like "pacman -Ss". Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-08-29pacman/conf: Remove unused includeDave Reisner1-1/+0
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-08-29common/ini: Depend on util-common, not utilDave Reisner1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-08-10Remove the last traces of the pacman --force optionAllan McRae2-8/+0
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-27Pull updated translations from TransifexAllan McRae43-1665/+1705
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-25Revert "Deprecate --root in favour of --sysroot"Allan McRae1-2/+1
The use of --sysroot in the real world has flagged some issues that need addressing. Undeprecate --root for now. This reverts commit a278356f75866f89232e3e6230bbf9fb2dc1893c. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-04pacman-conf: fix detection of repo usageAllan McRae1-2/+2
pacman-conf returned All for any repo Usage query because it was checking if any repo options were enabled rather than if all options were enabled. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-28Pull updated translations from TransifexAllan McRae25-14147/+577
Also remove any translations that are less than 75% complete. These will be readded once translation completion passes our minimum threshold. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-15Pull translations from Transifex and regenerateAllan McRae50-3714/+2901
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-14Remove all modelines from the projectEli Schwartz29-59/+0
Many of these are pointless (e.g. there is no need to explicitly turn on spellchecking and language dictionaries for the manpages by default). The only useful modelines are the ones enforcing the project coding standards for indentation style (and "maybe" filetype/syntax, but everything except the asciidoc manpages and makepkg.conf is already autodetected), and indent style can be applied more easily with .editorconfig Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-04-29Initial translation preparation for pacman-5.1Allan McRae46-12906/+19940
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-04-29Import updated translations from TransifexAllan McRae51-9874/+8417
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-04-29Update POTFILES.inAllan McRae1-0/+9
Add all files to the relevant POTFILES.in. This avoids missing translations added to old files. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-14make_aligned_titles: initialise wbufAllan McRae1-1/+1
This prevents a valgrind warning from deep inside wcstombs. Signed-off-by: Allan McRae <allan@archlinux.org>