| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is intended to verify an existing signature on a database before
making further changes to it and performing updates. Rarely would you
use this without immediately resigning it via the -s/--sign option.
Instead, it is intended as a "chain of trust" operation where the
previous signature is verified to give you some sense that what you sign
off on is also safe.
Still todo: don't make changes unless the signature is not only good,
but also in the accepted list of keys.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to be fully secure, we can't only sign packages. We also need
to sign our repository metadata to prevent database falsification,
dependency injection, etc. Add an '-s/--sign' option that allows this
functionality, and will generate a .sig file side-by-side with the
package database.
While at it, fix the issue where a signature file would never be found
because of 'cd' madness (this needs fixing in another commit).
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
| |
Use base64 encoding to store the value in the database if a .sig file exists
for the package being added.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
| |
Be consistent in package and signature placements when using
PKGDEST.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
This is a rather simple patch to add signing support to makepkg. Add a
create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf,
and document the changes in the makepkg.conf manpage.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|\
| |
| |
| |
| |
| |
| |
| | |
Conflicts due to change in return calling style.
Conflicts:
src/pacman/pacman.c
src/pacman/sync.c
|
| |
| |
| |
| |
| |
| |
| | |
Remove unnecessary output when using -Sp. Fixes FS#23340.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| | |
Changes for consistency across functions
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes completion for "pacman -S <tab>" and "pacman -S repo/<tab>"
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is by no means a guarantee of this behavior remaining the same in
the future, but it is easy enough to do what we used to in this case by
delaying any sort of error condition until after we are completely done
parsing options. Addresses FS#23370.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| | |
fp can never be NULL at this point in the code, proven by Coccinelle.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| | |
Another fix found by Coccinelle example semantic patches.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| | |
Easy fix, found using null_ref.cocci example Coccinelle script.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Drawing progress bars before calling curl_easy_perform() is needless as
the curl progress callback is called with zero progress before actually
downloading the file anyways. Fixes display of "0%" progress bars when
sync'ing package databases that are already up to date.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was discussed and more or less agreed upon on the mailing list. A
huge checkin, but if we just do it and let people adjust the pain will
end soon enough. Rebasing should be relatively straighforward for anyone
that sees conflicts; just be sure you use the new return style if
possible.
The following semantic patch was used to do the change, along with some
hand-massaging in order to preserve parenthesis where appropriate:
The semantic match that finds this problem is as follows, although some
hand-massaging was done in order to keep parenthesis where appropriate:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression a;
@@
- return(a);
+ return a;
// </smpl>
A macros_file was also provided with the following content:
Additional steps taken, mainly for ASSERT() macros:
$ sed -i -e 's#return(NULL)#return NULL#' lib/libalpm/*.c
$ sed -i -e 's#return(-1)#return -1#' lib/libalpm/*.c
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| | |
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|\| |
|
| |
| |
| |
| |
| |
| | |
Needed for things like our strndup() substitute function.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is a Debian patch (from #347650) that makes libtool play nicely
with "-Wl,--as-needed".
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Noted in FS#23342. When the user attempts to install an ignored package
and answers no when asked whether to install it, pacman bails out with:
"error: target not found: packagename"
This is because satisfiers are not found for the package and execution
continues to process_group(), where the package is treated as a group
(which does not exist).
In addition, test ignore006.py is updated with PACMAN_RETCODE=0 since
saying no to installing an ignored package should not be considered an
error.
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| | |
Fixes FS#23343.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Prevents issues where optdepends descriptions contain a bracket.
Also, strip all comments from arrays before joining them.
Fixes FS#23307.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| | |
We erroniously dropped the call to _alpm_delta_parse() when macro-izing,
causing segfaults for repos that provide deltas. Addresses FS#23314.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Partially addresses the "why doesn't CheckSpace work in a chroot" issue.
We can't make it work, but we can at least detect when it won't work by
checking for a partition for our given installation root. If we can't
determine the mountpoint for this, bail out with an error.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| | |
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| | |
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Support for this script was removed in makepkg by commit b4e1365. Delta
creation support has been provided by scripts/pkgdelta.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| | |
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Change the term 'packages' to 'targets' in the synopsis as well, since
command line parameters could just as well be groups, repos, or URLs.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes all the pacman developers' jobs harder as we have to switch
files whenever running multiple pacman versions and are using newly
introduced options. Instead of erroring out, print warnings and continue
on.
This patch also fixes a const-correctness issue. We immediately cast a
'const char *' to a 'char *' in setrepeatingoption(), which is just
plain wrong as we manipulate the underlying string. Fix the types and
remove the now unnecessary variable.
Finally, a few messages change here for consistency and clarity and
because we continue parsing rather than bailing out on a problem.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This prevents a regression for people who enjoy piping yes to pacman to
avoid prompts.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| | |
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| |
| | |
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|\ \
| |/
|/| |
|
| |
| |
| |
| | |
Signed-off-by: Dave Reisner <d@falconindy.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
this is just some debuggery to allow pacman to operate with both fetch
and curl at the same time. use the PACMANDL variable to control which
library is used.
Signed-off-by: Dave Reisner <d@falconindy.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a feature complete re-implementation of the fetch based internal
downloader, with a few improvements:
* support for SSL
* gzip and deflate compression on HTTP connections
* reuses a single connection over the entire session for lower resource
usage.
Signed-off-by: Dave Reisner <d@falconindy.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add PM_ERR_LIBCURL to error enum and handle case in error.c by returning
curl_easy_strerror() based on the error number carried by the gloabl alpm
handle.
Signed-off-by: Dave Reisner <d@falconindy.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
no actual code changes here. change preprocessor logic to include
get_tempfile, get_destfile, signal handler enum, and the interrupt
handler logic when either HAVE_LIBCURL or HAVE_LIBFETCH are defined.
Signed-off-by: Dave Reisner <d@falconindy.com>
|
| |
| |
| |
| |
| |
| |
| | |
Do this in preparation for implementing similar curl based
functionality. We want the ability to test these side by side.
Signed-off-by: Dave Reisner <d@falconindy.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adding the CURLcode is necessary in order to return an error string from
pm_error. Unlike libfetch, curl returns numerical error numbers and does
not maintain a staticly allocated string with the last error generated.
Adding the curl object itself to the handle is advantageous (and
encouraged by curl_easy_perform(3)) because the handle is reusable for
successive operations. This cuts back on overhead when downloading
multiple files in a single transaction.
Signed-off-by: Dave Reisner <d@falconindy.com>
|
| |
| |
| |
| | |
Signed-off-by: Dave Reisner <d@falconindy.com>
|
| |
| |
| |
| |
| |
| |
| | |
To avoid breaking compilation, fetch defaults to 'no', and curl defaults
to 'check'.
Signed-off-by: Dave Reisner <d@falconindy.com>
|