summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Initialize cURL library on first useDan McGee2011-09-28
| | | | | | | | | Rather than always initializing it on any handle creation. There are several frontend operations (search, info, etc.) that never need the download code, so spending time initializing this every single time is a bit silly. This makes it a bit more like the GPGME code init path. Signed-off-by: Dan McGee <dan@archlinux.org>
* Add more valgrind suppressionsDan McGee2011-09-28
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* verbose package lists: remove errant debuggerDan McGee2011-09-28
| | | | | | Left this in as part of the last set of commits, whoops. Signed-off-by: Dan McGee <dan@archlinux.org>
* Always show download size if -w/--downloadonly was providedDan McGee2011-09-28
| | | | | | | The prompt can be rather confusing otherwise when all files have already been downloaded, but there is not a single total size listed. Signed-off-by: Dan McGee <dan@archlinux.org>
* Table format creation code cleanupDan McGee2011-09-28
| | | | | | | | | Better scoping of variables for the most part, and ensure we are using string_length() and not strlen() as appropriate. Also refactor the longest cell code to call string_length() a lot less; by simply using an array of max sizes we don't have to recompute values nearly as much. Signed-off-by: Dan McGee <dan@archlinux.org>
* Use unsigned types for indent width and column countDan McGee2011-09-28
| | | | | | | | | | | For getcols(), the functions we call return a value of type 'unsigned short', so it makes sense for us to do the same. string_length() is meant to behave like strlen(), so it should return type size_t. This exposes other functions such as indentprint() which should also be using signed return types. Signed-off-by: Dan McGee <dan@archlinux.org>
* Show download sizes when using -S/--syncDan McGee2011-09-28
| | | | | | | | We now label the old 'Size' column as 'Net Change' to reflect the reality of what we are looking at. Sync operations now get an additional 'Download Size' column. Signed-off-by: Dan McGee <dan@archlinux.org>
* Keep track of explicitly added and removed packagesDan McGee2011-09-28
| | | | | | | This allows us to sort the output list by showing all pulled dependencies first, followed by the explicitly specified targets. Signed-off-by: Dan McGee <dan@archlinux.org>
* Combine add and removal package list displayDan McGee2011-09-28
| | | | | | There was no real reason for these to be done separately. Signed-off-by: Dan McGee <dan@archlinux.org>
* Track unresolvable transaction packagesDan McGee2011-09-28
| | | | | | | | | | | | | Rather than free them right away, keep the list on the transaction as we already do with add and remove lists. This is necessary because we may be manipulating pointers the frontend needs to refer to packages, and we are breaking our contract as stated in the alpm_add_pkg() documentation of only freeing packages at the end of a transaction. This fixes an issue found when refactoring the package list display code. Signed-off-by: Dan McGee <dan@archlinux.org>
* Move pacsave path construction code off the stackDan McGee2011-09-28
| | | | | | | This is definitely not in the normal hot path, so we can afford to do some temporary heap allocation here. Signed-off-by: Dan McGee <dan@archlinux.org>
* Use the full buffer when computing md5/sha256 sumsDan McGee2011-09-28
| | | | | | | | | | | | | | | No wonder these were slower than expected. We were only reading 4 (32-bit) or 8 (64-bit) bytes at a time and feeding it to the hash functions. Define a buffer size constant and use it correctly so we feed 8K at a time into the hashing algorithm. This cut one larger `-Sw --noconfirm` operation, with nothing to actually download so only timing integrity, from 3.3s to 1.7s. This has been broken since the original commit eba521913d6 introducing OpenSSL usage for crypto hash functions. Boy do I feel stupid. Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix memory leak in download payload->remote_nameDan McGee2011-09-28
| | | | | | | | | | | | | In the sync code, we explicitly allocated a string for this field, while in the dload code itself it was filled in with a pointer to another string. This led to a memory leak in the sync download case. Make remote_name non-const and always explicitly allocate it. This patch ensures this as well as uses malloc + snprintf (rather than calloc) in several codepaths, and eliminates the only use of PATH_MAX in the download code. Signed-off-by: Dan McGee <dan@archlinux.org>
* Revert "libalpm: compare pkgname with strcoll"Dan McGee2011-09-27
| | | | | | | | | | | | | | | | | | | | This commit was made with the intent of displaying "correctly" sorted package lists to users. Here are some reasons I think this is incorrect: * It is done in the wrong place. If a frontend application wants to show a different order of packages dependent on locale, it should do that on its own. * Even if one wants a locale-specific order, almost all package names are all ASCII and language agnostic, so this different comparison makes little sense and may serve only to confuse people. * _alpm_pkg_cmp was unlike any other comparator function. None of the rest had any dependency on anything but the content of the structs being compared (e.g., they only used strcmp() or other basic comparison operators). This reverts commit 3e4d2c3aa65416487939148828afb385de2ee146. Signed-off-by: Dan McGee <dan@archlinux.org>
* _alpm_splitdep: use malloc instead of callocDan McGee2011-09-27
| | | | | | | There was only one simple to handle case where we left a field uninitialized; set it to NULL and use malloc() instead. Signed-off-by: Dan McGee <dan@archlinux.org>
* be_sync: fetch only entry mode, not full stat structDan McGee2011-09-27
| | | | | | | This saves a lot of unnecessary work since we don't need any of the other fields in the stat struct. Signed-off-by: Dan McGee <dan@archlinux.org>
* alpm_list: use malloc instead of callocDan McGee2011-09-27
| | | | | | | | | | | | In every case we were calling calloc, the struct we allocated (or the memory to be used) is fully specified later in the method. For alpm_list_t allocations, we always set all of data, next, and prev. For list copying and transforming to an array, we always copy the entire data element, so no need to zero it first. Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: ensure '-' is last in a character globDave Reisner2011-09-27
| | | | | | | If '-' isn't the last item, it's interpreted as a range and not literally, causing problematic behavior in parsing optdepends. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
* pacman-key: use consistent punctuation in error messagesDan McGee2011-09-27
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix compilation using --without-gpgmeDan McGee2011-09-27
| | | | | | | I'm really good at breaking this on a regular basis. If only we had some sort of automated testing for this... Signed-off-by: Dan McGee <dan@archlinux.org>
* Remove unnecessary loggerDan McGee2011-09-27
| | | | | | | This is just a wrapper function; the real function we call logs an almost identical line. Signed-off-by: Dan McGee <dan@archlinux.org>
* Delay check for repository servers until we need themDan McGee2011-09-27
| | | | | | | | | | In the sync download code, we added an early check in 6731d0a9407e for sync download server existence so we wouldn't show the same error over and over for each file to be downloaded. Move this check into the download block so we only run it if there are actually files that need to be downloaded for this repository. Signed-off-by: Dan McGee <dan@archlinux.org>
* Avoid comparison between signed and unsigned typesAllan McRae2011-09-26
| | | | | Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Ensure fileconflict value is actually a stringDan McGee2011-09-26
| | | | | | | | | | When we switched to a file object and not just a simple string, we missed an update along the way here in target-target conflicts. This patch looks large, but it really comes down to one errant (char *) cast before that has been reworked to explicitly point to the alpm_file_t object. The rest is simply code cleanup. Signed-off-by: Dan McGee <dan@archlinux.org>
* bash_completion: add completion for pacman-keyDave Reisner2011-09-26
| | | | | Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: allow get_from to return a default valueDave Reisner2011-09-26
| | | | | | | | Keep the non-zero return val to let the caller know that the key wasn't found. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: simplify writing to config fileDave Reisner2011-09-26
| | | | | Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: normalize whitespace for optdepends in .PKGINFOAllan McRae2011-09-26
| | | | | | | | | | | Many PKGBUILDs use formatting whitespace when specifying optdepends. This is removed when adding a package to a repo-database so the output of "pacman -Si <package>" and "pacman -Qip <package file>" becomes inconsistent. Instead, do the adjustment when creating the .PKGINFO file. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: allow versioned optdepends with epochAllan McRae2011-09-26
| | | | | | | | | | Allow the specification of versioned optdepends with an epoch. This also (partially) enforces a whitespace between ":" and the description which is required for the future optdepends parsing code. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Revamp pacman signal handlerDan McGee2011-09-26
| | | | | | | | | | | * All errors now go to stderr, so do the same here and simplify the writing of the error message. * Add SIGHUP to the handled signal list, and don't repeat code. * Attempt to release the transaction (e.g. remove the lock file) for all of HUP, INT, and TERM. Signals HUP and INT respects transaction state, TERM will immediately terminate the process. Signed-off-by: Dan McGee <dan@archlinux.org>
* Update Doxyfile and fix some documentation errors caught by DoxygenDan McGee2011-09-22
| | | | | | | A few parameters were outdated or wrongly named, and a few things were explicitly linked that Doxygen wasn't able to resolve. Signed-off-by: Dan McGee <dan@archlinux.org>
* Ensure database validity flags are set in invalid signature caseDan McGee2011-09-22
| | | | | | | We returned the right error code but never set the flags accordingly. Also, now that we can bail early, ensure we set the error code. Signed-off-by: Dan McGee <dan@archlinux.org>
* Handle key import errors correctly and with good error messagesDan McGee2011-09-22
| | | | | | | | | This adds calls to gpgme_op_import_result() which we were not looking at before to ensure the key was actually imported. Additionally, we do some preemptive checks to ensure the keyring is even writable if we are going to prompt the user to add things to it. Signed-off-by: Dan McGee <dan@archlinux.org>
* signing: be consistent with returning -1 for error casesDan McGee2011-09-22
| | | | | | | | This also fixes a segfault found by dave when key_search is unsuccessful; the key_search return code documentation has also been updated to reflect reality. Signed-off-by: Dan McGee <dan@archlinux.org>
* Update configure.ac version to rc2Dan McGee2011-09-22
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Regenerate message catalogs and translationsDan McGee2011-09-22
| | | | | | We've had a bit of churn since the last time this was done. Signed-off-by: Dan McGee <dan@archlinux.org>
* Translation file updates from TransifexDan McGee2011-09-22
| | | | | | | Pick up any updates before I push new source messages out to the service. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: add an additional plain text 'foo-trusted' fileDan McGee2011-09-22
| | | | | | | | | | | | | | | | This is similar to the 'foo-revoked' file we had. This will be used to inform the user what keys in the shipped keyring need to be explicitly trusted by the user. A distro such as Arch will likely have 3-4 master keys listed in this trusted file, but an additional 25 developer keys present in the keyring that the user shouldn't have to directly sign. We use this list to prompt the user to sign the keys locally. If the key is already signed locally gpg will print a bit of junk but will continue without pestering the user. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: factor out validate_with_gpg() methodDan McGee2011-09-22
| | | | | | | This was copy-pasted code for the most part once the filename was factored out. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: remove holdkeys functionalityDan McGee2011-09-22
| | | | | | | | | | | | | We're putting the cart ahead of the horse a bit here. Given that our keyring is not one where everything is implicitly trusted (ala gpgv), keeping or deleting a key has no bearing on its trusted status, only whether we can actually verify things signed by said key. If we need to address this down the road, we can find a solution that works for the problem at hand rather than trying to solve it now before signing is even widespread. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: implement promptless lsigningDan McGee2011-09-22
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: disable, don't remove, revoked keysDan McGee2011-09-22
| | | | | | | | | | | | | | | | | Unlike our protégé apt-key, removing a key from our keyring is not sufficient to prevent it from being trusted or used for verification. We are better off flagging it as disabled and leaving it in the keyring so it cannot be reimported or fetched at a later date from a keyserver and continue to be used. Implement the logic to disable the key instead of delete it, figuring out --command-fd in the process. Note that the surefire way to disable a key involves including said key in the keyring package, such that it is both in foobar.gpg and foobar-revoked. Signed-off-by: Dan McGee <dan@archlinux.org>
* Add status and check for key being disabledDan McGee2011-09-22
| | | | | | | | | | Because we aren't using gpgv and a dedicated keyring that is known to be all safe, we should honor this flag being set on a given key in the keyring to know to not honor it. This prevents a key from being reimported that a user does not want to be used- instead of deleting, one should mark it as disabled. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: simplify import in populateDan McGee2011-09-22
| | | | | | | | This finishes the cleanup started in 710e83999bbf. We can do a straight import from another keyring rather than all the funky parsing and piping business we were doing. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: don't hide --verify details in populateDan McGee2011-09-22
| | | | | | | | Otherwise we're hiding extremely relevant bits like this one: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: print message in populate if signature is missingDan McGee2011-09-22
| | | | | | Rather than saying it was invalid, tell the user no signature exists. Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: clean up populate outputDan McGee2011-09-22
| | | | | | | * Ensure usage message is indented correctly * Show short filenames for both the gpg keyring and revocation file Signed-off-by: Dan McGee <dan@archlinux.org>
* pacman-key: ensure array iterations are quotedDan McGee2011-09-22
| | | | | | | When doing something like `pacman-key --edit-key 'Dan McGee'`, one would expect it to work, and not fail. Signed-off-by: Dan McGee <dan@archlinux.org>
* Implement PGP key search and importDan McGee2011-09-22
| | | | | | | | | | | | | | | Add two new static methods, key_search() and key_import(), to our growing list of signing code. If we come across a key we do not have, attempt to look it up remotely and ask the user if they wish to import said key. If they do, flag the validation process as a potential 'retry', meaning it might succeed the next time it is ran. These depend on you having a 'keyserver hkp://foo.example.com' line in your gpg.conf file in your gnupg home directory to function. Signed-off-by: Dan McGee <dan@archlinux.org>
* signing: document most undocumented functionsDan McGee2011-09-22
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>