summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* pacman-key: allow get_from to return a default valueDave Reisner2011-09-26
| | | | | | | | Keep the non-zero return val to let the caller know that the key wasn't found. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: simplify writing to config fileDave Reisner2011-09-26
| | | | | Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: normalize whitespace for optdepends in .PKGINFOAllan McRae2011-09-26
| | | | | | | | | | | Many PKGBUILDs use formatting whitespace when specifying optdepends. This is removed when adding a package to a repo-database so the output of "pacman -Si <package>" and "pacman -Qip <package file>" becomes inconsistent. Instead, do the adjustment when creating the .PKGINFO file. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: allow versioned optdepends with epochAllan McRae2011-09-26
| | | | | | | | | | Allow the specification of versioned optdepends with an epoch. This also (partially) enforces a whitespace between ":" and the description which is required for the future optdepends parsing code. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Revamp pacman signal handlerDan McGee2011-09-26
| | | | | | | | | | | * All errors now go to stderr, so do the same here and simplify the writing of the error message. * Add SIGHUP to the handled signal list, and don't repeat code. * Attempt to release the transaction (e.g. remove the lock file) for all of HUP, INT, and TERM. Signals HUP and INT respects transaction state, TERM will immediately terminate the process. Signed-off-by: Dan McGee <dan@archlinux.org>
* Update Doxyfile and fix some documentation errors caught by DoxygenDan McGee2011-09-22
| | | | | | | A few parameters were outdated or wrongly named, and a few things were explicitly linked that Doxygen wasn't able to resolve. Signed-off-by: Dan McGee <dan@archlinux.org>
* Ensure database validity flags are set in invalid signature caseDan McGee2011-09-22
| | | | | | | We returned the right error code but never set the flags accordingly. Also, now that we can bail early, ensure we set the error code. Signed-off-by: Dan McGee <dan@archlinux.org>
* Handle key import errors correctly and with good error messagesDan McGee2011-09-22
| | | | | | | | | This adds calls to gpgme_op_import_result() which we were not looking at before to ensure the key was actually imported. Additionally, we do some preemptive checks to ensure the keyring is even writable if we are going to prompt the user to add things to it. Signed-off-by: Dan McGee <dan@archlinux.org>
* signing: be consistent with returning -1 for error casesDan McGee2011-09-22
| | | | | | | | This also fixes a segfault found by dave when key_search is unsuccessful; the key_search return code documentation has also been updated to reflect reality. Signed-off-by: Dan McGee <dan@archlinux.org>
* Update configure.ac version to rc2Dan McGee2011-09-22
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Regenerate message catalogs and translationsDan McGee2011-09-22
| | | | | | We've had a bit of churn since the last time this was done. Signed-off-by: Dan McGee <dan@archlinux.org>
* Translation file updates from TransifexDan McGee2011-09-22
| | | | | | | Pick up any updates before I push new source messages out to the service. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: add an additional plain text 'foo-trusted' fileDan McGee2011-09-22
| | | | | | | | | | | | | | | | This is similar to the 'foo-revoked' file we had. This will be used to inform the user what keys in the shipped keyring need to be explicitly trusted by the user. A distro such as Arch will likely have 3-4 master keys listed in this trusted file, but an additional 25 developer keys present in the keyring that the user shouldn't have to directly sign. We use this list to prompt the user to sign the keys locally. If the key is already signed locally gpg will print a bit of junk but will continue without pestering the user. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: factor out validate_with_gpg() methodDan McGee2011-09-22
| | | | | | | This was copy-pasted code for the most part once the filename was factored out. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: remove holdkeys functionalityDan McGee2011-09-22
| | | | | | | | | | | | | We're putting the cart ahead of the horse a bit here. Given that our keyring is not one where everything is implicitly trusted (ala gpgv), keeping or deleting a key has no bearing on its trusted status, only whether we can actually verify things signed by said key. If we need to address this down the road, we can find a solution that works for the problem at hand rather than trying to solve it now before signing is even widespread. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: implement promptless lsigningDan McGee2011-09-22
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: disable, don't remove, revoked keysDan McGee2011-09-22
| | | | | | | | | | | | | | | | | Unlike our protégé apt-key, removing a key from our keyring is not sufficient to prevent it from being trusted or used for verification. We are better off flagging it as disabled and leaving it in the keyring so it cannot be reimported or fetched at a later date from a keyserver and continue to be used. Implement the logic to disable the key instead of delete it, figuring out --command-fd in the process. Note that the surefire way to disable a key involves including said key in the keyring package, such that it is both in foobar.gpg and foobar-revoked. Signed-off-by: Dan McGee <dan@archlinux.org>
* Add status and check for key being disabledDan McGee2011-09-22
| | | | | | | | | | Because we aren't using gpgv and a dedicated keyring that is known to be all safe, we should honor this flag being set on a given key in the keyring to know to not honor it. This prevents a key from being reimported that a user does not want to be used- instead of deleting, one should mark it as disabled. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: simplify import in populateDan McGee2011-09-22
| | | | | | | | This finishes the cleanup started in 710e83999bbf. We can do a straight import from another keyring rather than all the funky parsing and piping business we were doing. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: don't hide --verify details in populateDan McGee2011-09-22
| | | | | | | | Otherwise we're hiding extremely relevant bits like this one: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: print message in populate if signature is missingDan McGee2011-09-22
| | | | | | Rather than saying it was invalid, tell the user no signature exists. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: clean up populate outputDan McGee2011-09-22
| | | | | | | * Ensure usage message is indented correctly * Show short filenames for both the gpg keyring and revocation file Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: ensure array iterations are quotedDan McGee2011-09-22
| | | | | | | When doing something like `pacman-key --edit-key 'Dan McGee'`, one would expect it to work, and not fail. Signed-off-by: Dan McGee <dan@archlinux.org>
* Implement PGP key search and importDan McGee2011-09-22
| | | | | | | | | | | | | | | Add two new static methods, key_search() and key_import(), to our growing list of signing code. If we come across a key we do not have, attempt to look it up remotely and ask the user if they wish to import said key. If they do, flag the validation process as a potential 'retry', meaning it might succeed the next time it is ran. These depend on you having a 'keyserver hkp://foo.example.com' line in your gpg.conf file in your gnupg home directory to function. Signed-off-by: Dan McGee <dan@archlinux.org>
* signing: document most undocumented functionsDan McGee2011-09-22
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Add _alpm_process_siglist() logic to failed package validationDan McGee2011-09-22
| | | | | | | | | | | | | | | | | | This moves the result processing out of the validation check loop itself and into a new loop. Errors will be presented to the user one-by-one after we fully complete the validation loop, so they no longer overlap the progress bar. Unlike the database validation, we may have several errors to process in sequence here, so we use a function-scoped struct to track all the necessary information between seeing an error and asking the user about it. The older prompt_to_delete() callback logic is still kept, but only for checksum failures. It is debatable whether we should do this at all or just delegate said actions to the user. Signed-off-by: Dan McGee <dan@archlinux.org>
* Add new import key question enum value and stub frontend functionDan McGee2011-09-22
| | | | | | | | This is for eventual use by the PGP key import code. Breaking this into a separate commit now makes the following patches a bit easier to understand. Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix signature printing in package infoDan McGee2011-09-22
| | | | | | | pm_asprintf() does not return a length as asprintf() does. Fail. Make sure it is not -1 as that is the only failure condition. Signed-off-by: Dan McGee <dan@archlinux.org>
* config parsing: add note if libcurl disabled and no XferCommandDan McGee2011-09-22
| | | | | | Just a helpful warning for those users in this unenviable position. Signed-off-by: Dan McGee <dan@archlinux.org>
* config parsing: include file and line number in more errorsDan McGee2011-09-22
| | | | | | | | | | | | Before: $ pacman -Si pacman error: invalid value for 'SigLevel' : 'FooValue' After: $ ./src/pacman/pacman -Si pacman error: config file /etc/pacman.conf, line 88: invalid value for 'SigLevel' : 'FooValue' Signed-off-by: Dan McGee <dan@archlinux.org>
* Pull option names out of messages in config parsingDan McGee2011-09-22
| | | | | | | This allows some message reuse, as well as making it clear to translators what *not* to translate. Signed-off-by: Dan McGee <dan@archlinux.org>
* Check capabilities in SigLevel option parsingDan McGee2011-09-22
| | | | | | Only allow turning it on if the backend library has support for it. Signed-off-by: Dan McGee <dan@archlinux.org>
* Add alpm_capabilities() method and enumerationDan McGee2011-09-22
| | | | | | | | This allows a frontend program to query, at runtime, what the library supports. This can be useful for sanity checking during config- requiring a downloader or disallowing signature settings, for example. Signed-off-by: Dan McGee <dan@archlinux.org>
* Move default siglevel value from backend to frontendDan McGee2011-09-22
| | | | | | | | | | | | | | | This takes the libraries hidden default out of the equation: hidden in the sense that we can't even find out what it is until we create a handle. This is a chicken-and-egg problem where we have probably already parsed the config, so it is hard to get the bitmask value right. Move it to the frontend so the caller can do whatever the heck they want. This also exposes a shortcoming where the frontend doesn't know if the library even supports signatures, so we should probably add a alpm_capabilities() method which exposes things like HAS_DOWNLOADER, HAS_SIGNATURES, etc. Signed-off-by: Dan McGee <dan@archlinux.org>
* validate_deltas: split verify/check errors loopsDan McGee2011-09-22
| | | | | | | | | | | | | | | | This allows us to do all delta verification up front, followed by whatever needs to be done with any found errors. In this case, we call prompt_to_delete() for each error. Add back the missing EVENT(ALPM_EVENT_DELTA_INTEGRITY_DONE) that accidentally got removed in commit 062c391919e93f1d6. Remove use of *data; we never even look at the stuff in this array for the error code we were returning and this would be much better handled by one callback per error anyway, or at least some strongly typed return values. Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix possible segfault if siglist was emptyDan McGee2011-09-22
| | | | | | | | If siglist->results wasn't a NULL pointer, we would try to free it anyway, even if siglist->count was zero. Only attempt to free this pointer if we had results and the pointer is valid. Signed-off-by: Dan McGee <dan@archlinux.org>
* Remove noisy debug loggerDan McGee2011-09-21
| | | | | | | | This one can be overwhelming when reading debug output from a very large package. We already have the output of each extracted file so we probably can do without this in 99.9% of cases. Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix int/size_t type in alpm_list_count() callDan McGee2011-09-20
| | | | | | | alpm_list_count() returns size_t, which we should use to store the result since it is easy enough to format for printing. Signed-off-by: Dan McGee <dan@archlinux.org>
* _alpm_sync_commit: extract two static methodsDan McGee2011-09-20
| | | | | | | | This adds two new static methods, check_validity() and load_packages(), to sync.c which are simply code fragments pulled out of our do-everything sync commit code. Signed-off-by: Dan McGee <dan@archlinux.org>
* Pass package signature data up one more levelDan McGee2011-09-20
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* signing: add a process and retry loop for database signaturesDan McGee2011-09-20
| | | | | | | | | | | | | | | | | | | | | | | In reality, there is no retrying that happens as of now because we don't have any import or changing of the keyring going on, but the code is set up so we can drop this in our new _alpm_process_siglist() function. Wire up the basics to the sync database validation code, so we see something like the following: $ pacman -Ss unknowntrust error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust error: database 'core' is not valid (invalid or corrupted database (PGP signature)) $ pacman -Ss missingsig error: core: missing required signature error: core: missing required signature error: database 'core' is not valid (invalid or corrupted database (PGP signature)) Yes, there is some double output, but this should be fixable in the future. Signed-off-by: Dan McGee <dan@archlinux.org>
* Allow our PGP helper method to pass back the signature resultsDan McGee2011-09-20
| | | | | | | This will make its way up the call chain eventually to allow trusting and importing of keys as necessary. Signed-off-by: Dan McGee <dan@archlinux.org>
* Split package validation and load loopsDan McGee2011-09-20
| | | | | | | | | | This adds a some new callback event and progress codes for package loading, which was formerly bundled in with package validation before. The main sync.c loop where loading occurred is now two loops running sequentially. The behavior should not change with this patch outside of progress and event display; more changes will come in following patches. Signed-off-by: Dan McGee <dan@archlinux.org>
* Extract an _alpm_pkg_validate_internal() methodDan McGee2011-09-20
| | | | | | | | | _alpm_pkg_load_internal() was becoming a monster. Extract the top bit of the method that dealt with checksum and signature validation into a separate method that should be called before one loads a package to ensure it is valid. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman/upgrade: print 'loading packages...' only onceDave Reisner2011-09-20
| | | | | | | | Do this outside the loop to prevent the message from being displayed (and pluralized!) for each individual package. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman: use dynamic string allocation where it makes senseDan McGee2011-09-20
| | | | | | | | None of these are hot-code paths, and at least the target reading has little need for an arbitrary length limitation (however crazy it might be to have longer arguments). Signed-off-by: Dan McGee <dan@archlinux.org>
* utils/cleanupdelta: remove unneeded syncdbpathDan McGee2011-09-20
| | | | | | This variable was totally unused. Signed-off-by: Dan McGee <dan@archlinux.org>
* Remove all usages of alpm_list_getdata() from the libraryDan McGee2011-09-20
| | | | | | No need for the indirection; just access ->data instead. Signed-off-by: Dan McGee <dan@archlinux.org>
* _alpm_runscriptlet(): remove clean_tmpdir variableDan McGee2011-09-20
| | | | | | | This is always true at the end since we return early if we couldn't create the tmpdir, so it is totally unnecessary. Signed-off-by: Dan McGee <dan@archlinux.org>
* Access db->pkgcache directly in db_free_pkgcache()Dan McGee2011-09-20
| | | | | | | | We shouldn't be going through the accessor that does a bunch of unnecessary legwork, including potentially loading the pkgcache right before we free it. Signed-off-by: Dan McGee <dan@archlinux.org>