|  | Commit message (Collapse) | Author | Age | 
|---|
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | When a database and its signature is updated non-atomically on a server,
there is a window where a user may update the database but grab the old
signature.  The database is marked as invalid by libalpm, which can be
fixed by forcing a refresh (assuming the server has caught up and the
user realizes what has happened) or with a future update of the repo.
Work around this by forcing a repository refresh whenever a database is
invalid.
Signed-off-by: Sebastian Lackner <sebastian@fds-team.de>
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | alpm_depend_t is an exposed data type.  Front-ends may opt for alloc'ing
one and filling the fields manually, but alpm's _alpm_hash_sdbm is not
exposed, making it impossible for them to fill in the name_hash field.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | All other option setters copy their input.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | assumeinstalled options are used as provisions for which MOD_EQ and
MOD_ANY are the only meaningful settings.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | Fixes a segfault when trying to remove an assumeinstalled
option without a version.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | The "ko_KR" locale is the same as the "ko" locale.  Remove the "ko_KR" variant
as it is incomplete and has been superseded by "ko" on transifex.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | While loading each package ensure that the internal version matches the
expected database version to avoid the possibility to circumvent the
version check.
This issue can be used by an attacker to trick the software into
installing an older version. The behavior can be  exploited by a
man-in-the-middle attack through specially crafted  database tarball
containing a higher version, yet actually delivering an  older and
vulnerable version, which was previously shipped.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | f170a94c137d355 potentially causes $pkgdirbase/$pkg to be undeleteable
with -R or -C if a previous build was interrupted. We simply can't
traverse to this directory, and rm blows up.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | Passing "-Fl pkg" will print the filelist for the first occurance of "pkg"
in the sync repos. Other version of the package can be printed using
"-Fl repo/pkg".
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| | e.g. pacman -Fsx kcm.*print.*\.so
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | Locates all packages that contain the listed file
e.g. pacman -Fs libpng.so
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | Does the equivalent of the -Ql option for local packages
e.g. pacman -Fl glibc
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | Equivalent to -Qo but for packages in the sync database
e.g.  pacman -Fo /usr/bin/pacman
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | Add the -F/--files operations, -s/--sync support and nd provide dummy
functions for -s/--search, -l/-list and -o/--owns.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | If a sync database contains a "files" file, the file list will be read.
Currently, there is no known demand for the file list to be lazy loaded by
any libalpm frontend, so these files are read whenever present. Lazy loading
can be implemented when a demand exists.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | This allows frontends to select between the .db and .files databases
currently supplied by repo-add or any other compatible database.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | 1) Remove checks for removing pre-tardb files
2) Remove the long redundant keep_used parameter
3) Fix pacman error due to removing .sig file along with database
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | If a transaction is removing a package while ignoring all dependencies, there
should not be any warning about other packages optionally requiring it.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | Fix new warnings generated by gcc-5 about potential overflows.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | Use alpm_find_satisfier() instead of alpm_db_get_pkg() when retrieving
the install status of a package to make sure we spot providers as well.
Fixes FS#36412
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | Pacman cannot handle armored signatures, so make repo-add error out if
one is detected.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This commit adds a makepkg option to generate and print the SRCINFO file
for a PKGBUILD, required by the new AUR, to stdout.
AUR 4.0 will use Git instead of source tarballs for uploading packages,
so making makepkg capable of printing the SRCINFO would simplify package
management, instead of having to extract it from a source tarball.
It is also useful for scripting other things, so that instead of having
to parse PKGBUILDs, one can make makepkg generate the SRCINFO and then
you can parse that instead, which is much simpler and less error-prone.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | Pacman cannot handle armored signatures, so use gpg's --no-armor flag to
force an unarmored signature.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | Commit 7b8f8753 removed the title parameter but forgot to remove it
from the docstring.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | The old text could be interpreted such that makepkg-template compares
the version numbers of the templates to find the most recent
one. Rephrase this to make it explicit that "$template_name.template" is
used.
Signed-off-by: Florian Pritz <bluewind@xinu.at> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | These functions group in with other functions that extract PKGBUILD
information.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | |  | 
| | 
| 
| 
| 
| 
| | pkgbase should be subject to the same restrictions as pkgname
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| | The check that pkgver is non-empty done in check_pkgver should also be
performed after running the pkgver() function.  Merge validate_pkgver
into check_pkgver and run check_pkgver after updating pkgver.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | Also rename some functions for clarity:
funcgrep -> grep_function
extract_global_var -> extract_global_variable
extract_function_var -> extract_function_variable
pkgbuild_get_attribute -> get_pkgbuild_attribute
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | The change in commit 9d96bed9d6b57 causes download errors for the .db.sig file
in case the final URL for the .db file contains query strings or other
unexpected stuff. This commit isn't intended to be a total solution, but it
should eliminate the problem in the most obvious cases.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | Fix comment to better explain the magic constant used when allocating a buffer
for ".db.sig" URL.
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| | Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| | "return 0 on success, -1 on error (pm_errno is set accordingly)"
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Even if opening the log file fails, if a user has enabled syslog we may
still be able to log to that.  Set the error return value and continue
instead of bailing out.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org> |