summaryrefslogtreecommitdiff
path: root/lib/libalpm/be_package.c
Commit message (Collapse)AuthorAge
* Improve error message when package is missing required signatureAllan McRae2013-05-29
| | | | | | | | | | | When attempting to install a package (either via -S or -U) and the signature is missing, the current error message "invalid or corrupted package (PGP signature)" is very unclear. Instead inform the user that the package is missing the required signature. Partial fix for FS#34741. Signed-off-by: Allan McRae <allan@archlinux.org>
* Fix spelling errors using 'codespell' toolAnatol Pomozov2013-04-18
| | | | Signed-off-by: Allan McRae <allan@archlinux.org>
* fix style violationsAndrew Gregory2013-02-16
| | | | | Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
* Import key if needed when installing package from fileAllan McRae2013-02-09
| | | | | | | | When installing a package with "pacman -U" that has a detached signature, check if the needed key is in the keyring and download if necessary. Signed-off-by: Allan McRae <allan@archlinux.org>
* Use libarchive compat header for relevant symbolsDave Reisner2013-01-29
| | | | | Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
* Fix space between control structure and open parensGerardo Exequiel Pozzi2013-01-04
| | | | | Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar> Signed-off-by: Allan McRae <allan@archlinux.org>
* Update copyright year for 2013Allan McRae2013-01-03
| | | | Signed-off-by: Allan McRae <allan@archlinux.org>
* Move filelist functions into separate source fileDan McGee2012-08-02
| | | | | | | | | We have a few of these and might as well gather them together. This also cleans up the code a bit by using an enum instead of integer values, as well as makes a "search for file in filelist" function public so frontends can do better than straight linear search of the filelists. Signed-off-by: Dan McGee <dan@archlinux.org>
* lib/be_package: use qsort instead of our own msortDave Reisner2012-08-01
| | | | | | | | | | On the assumption that these arrays are already mostly sorted, use the standard quicksort method to sort the files arrays. The files_msort function name is tweaked to give it a more general name to reflect this change. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* add line length parameter to _alpm_strip_newlineDave Reisner2012-06-25
| | | | | | | | | If known, callers can pass the line size to this function in order to avoid an strlen call. Otherwise, they simply pass 0 and _alpm_strip_newline will do the call instead. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Convert ALLOC_FAIL macro into a functionDan McGee2012-04-29
| | | | | | | | | | | | | This path is rarely (read: never) taken in any normal run of the code, so injecting the fprintf() call everywhere with the macro is a bit overkill. Instead, add a lightweight _alpm_alloc_fail() function that gets called instead. This does have a reasonable effect on the size of the generated code; most places using the macros provided by util.c have their code size reduced. Signed-off-by: Dan McGee <dan@archlinux.org>
* Prefix alpm_pkgfrom_t members with ALPM_Allan McRae2012-04-07
| | | | | Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Return more useful error codes on package open failuresDan McGee2012-04-07
| | | | | | | | Failure isn't always due to the package file location not existing; permission issues can also play a part on something like a FUSE-based filesystem inaccessible to root. Signed-off-by: Dan McGee <dan@archlinux.org>
* Merge branch 'maint'Dan McGee2012-03-08
|\ | | | | | | | | Conflicts: lib/libalpm/be_package.c
| * Fix a potential memory leak in filelist creationDan McGee2012-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | If we begin to create a file list when loading a package, but abort because of an error to one of our goto labels, the memory used to create the file list will leak. This is because we use a set of local variables to hold the data, and thus _alpm_pkg_free() cannot clean up for us. Use the file list struct on the package object as much as possible to keep state when building the file list, thus allowing _alpm_pkg_free() to clean up any partially built data. Signed-off-by: Dan McGee <dan@archlinux.org>
| * Fix a memory leak when loading an invalid packageDan McGee2012-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This is easily triggered via a `pacman -Sc` operation when it attempts to open a delta file as a package- we end up leaking loads of memory due to us never freeing the archive object. When you have upwards of 1200 delta files in your sync database directory, this results in a memory leak of nearly 1.5 MiB. Also fix another memory leak noticed at the same time- we need to call the internal _alpm_pkg_free() function, as without the origin data being set the public free function will do nothing. Signed-off-by: Dan McGee <dan@archlinux.org>
* | Remove _alpm_csumAllan McRae2012-03-08
| | | | | | | | | | | | | | The enum alpm_pkgvalidation_t is essentially a more generic version of _alpm_csum, so use it instead. Signed-off-by: Allan McRae <allan@archlinux.org>
* | Add information on how an installed package was validatedAllan McRae2012-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When installing a package, store information on which validation method was used and output this on "pacman -Qi" operations. e.g. Validated By : SHA256 Sum Possible values are Unknown, None, MD5 Sum, SHA256 Sum, Signature. Dan: just a few very minor tweaks. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* | Hook new optdepend structures upBenedikt Morbach2012-03-08
| | | | | | | | | | | | | | | | | | No new behaviour introduced, everything should work exactly as before. Dan: refactored to use the single alpm_depend_t structure. Signed-off-by: Benedikt Morbach <benedikt.morbach@googlemail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
* | Update copyright yearsAllan McRae2012-02-20
| | | | | | | | | | | | | | Add 2012 to the copyright range for all libalpm and pacman source files. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* | use _alpm_access in a few more places for increased debugging infoFlorian Pritz2012-02-13
| | | | | | | | | | | | | | | | | | | | | | | | | | pacman -U <pkg> returns a bogus "could not find or read package" if the file is on a fuse file system that doesn't allow root access. Debug output isn't very helpful here either so we should log why the access check failed. The other 2 checks already log something when failing so logging a more specific error won't hurt either. Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Dan McGee <dan@archlinux.org>
* | Fix segfaults on opening invalid archive filesDan McGee2012-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "invalid" in this case simply means files that may or may not be archives. Discovered via a `pacman -Sc` operation with delta files in the package cache directory, but can be triggered if any file is passed to `pacman -Ql` that isn't an archive, for instance, or if the sync database file is not an archive. Fix it up so we are more careful about calling archive_read_finish() only on archives that are valid and have not already been closed, and teach our archive open function to set the returned archive to NULL if we aren't going to be returning something valid anyway. Signed-off-by: Dan McGee <dan@archlinux.org>
* | be_package.c: fix compiler warningAllan McRae2012-01-02
| | | | | | | | | | | | | | | | | | | | | | be_package.c: In function 'parse_descfile': be_package.c:181:28: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] ptr - key + 2 is guaranteed to be > 0 so we can cast to size_t Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* | be_package: be more explicit parsing key/value pairsDan McGee2011-12-23
| | | | | | | | | | | | | | | | This eliminates the need for strtrim() usage completely, instead relying on the fact that the only allowed delimiter between key and value is the " = " string. Signed-off-by: Dan McGee <dan@archlinux.org>
* | include config.h via MakefilesDave Reisner2011-12-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensures that config.h is always ordered correctly (first) in the includes. Also means that new source files get this for free without having to remember to add it. We opt for -imacros over -include as its more portable, and the added constraint by -imacros doesn't bother us for config.h. This also touches the HACKING file to remove the explicit mention of config.h as part of the includes. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* | Add helper method for creating and opening archive objectDan McGee2011-11-16
| | | | | | | | | | | | | | | | | | | | | | | | | | This moves the common setup code of about 5 different callers into one method. Error messages will now be common and shared in all places; several paths did not have any messages at all before. In addition, we now pick an ideal block size for the archive read based off the larger value of our default buffer size or the st.st_blksize field. For a filesystem such as NFS, this is often much larger than the default 8192- values such as 32768 and 131072 are common. Signed-off-by: Dan McGee <dan@archlinux.org>
* | Convert package and database archive reads to use file descriptorsDan McGee2011-11-01
|/ | | | | | | | | | | | | | This gives us a bit more control and over the archive reading process, and a bit less is done behind the scenes. It also allows us to use fstat() in preference to stat(), which should avoid some potential race conditions. Some reorganization is necessary to move the stat calls after the open() calls. Error handling and cleanup in general is also improved, as we had several potential memory and file handle leaks before in some error paths. Signed-off-by: Dan McGee <dan@archlinux.org>
* Introduce ALPM_BUFFER_SIZE constantDan McGee2011-10-27
| | | | | | | | | | | | | | This takes the place of three previously used constants: ARCHIVE_DEFAULT_BYTES_PER_BLOCK, BUFFER_SIZE, and CPBUFSIZE. In libarchive 3.0, the first constant will be no more, so we can ensure we are forward-compatible by removing our usage of it now. The rest are unified for consistency. By default, we will use the value of BUFSIZ provided by <stdio.h>, which is 8192 on Linux. If that is undefined, a default value is provided. Signed-off-by: Dan McGee <dan@archlinux.org>
* Don't realloc a 0-length files array when loading packagesDan McGee2011-10-26
| | | | | | | | | | | | | | | | | | There is some pecular behavior going on here when a package is loaded that has no files, as is very common in our test suite. When we enter the realloc/sort code, a package without files will call the following: files = realloc(NULL, 0); One would assume this is a no-op, returning a NULL pointer, but that is not the case and valgrind later reports we are leaking memory. Fix the whole thing by skipping the reallocation and sort steps if the pointer is NULL, as we have nothing to do. Note that the package still gets marked as 'files loaded', becuase although there were none, we tried and were successful. Signed-off-by: Dan McGee <dan@archlinux.org>
* Add _alpm_process_siglist() logic to failed package validationDan McGee2011-09-22
| | | | | | | | | | | | | | | | | | This moves the result processing out of the validation check loop itself and into a new loop. Errors will be presented to the user one-by-one after we fully complete the validation loop, so they no longer overlap the progress bar. Unlike the database validation, we may have several errors to process in sequence here, so we use a function-scoped struct to track all the necessary information between seeing an error and asking the user about it. The older prompt_to_delete() callback logic is still kept, but only for checksum failures. It is debatable whether we should do this at all or just delegate said actions to the user. Signed-off-by: Dan McGee <dan@archlinux.org>
* Pass package signature data up one more levelDan McGee2011-09-20
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Allow our PGP helper method to pass back the signature resultsDan McGee2011-09-20
| | | | | | | This will make its way up the call chain eventually to allow trusting and importing of keys as necessary. Signed-off-by: Dan McGee <dan@archlinux.org>
* Extract an _alpm_pkg_validate_internal() methodDan McGee2011-09-20
| | | | | | | | | _alpm_pkg_load_internal() was becoming a monster. Extract the top bit of the method that dealt with checksum and signature validation into a separate method that should be called before one loads a package to ensure it is valid. Signed-off-by: Dan McGee <dan@archlinux.org>
* Remove const specifier from changelog_read() void parameterDan McGee2011-09-18
| | | | | | | | | | This shouldn't really be declared with const, and causes a compile error when -Wcast-qual is used. Remove the const specifier from the function specification and all implementations. Also fix one other trivial -Wcast-qual warning in _alpm_db_cmp(). Signed-off-by: Dan McGee <dan@archlinux.org>
* Ensure PackageRequired works as expectedDan McGee2011-09-07
| | | | | | | | | Changes in commit dc3336c277 caused this to stop working as expected for sync packages, due to the way the logic is structured. Ensure we always enter the signature code if the bitflag is flipped on to check signatures for packages. Rename 'use_sig' to 'has_sig' for clarity. Signed-off-by: Dan McGee <dan@archlinux.org>
* Parse > 2GiB file sizes correctlyDan McGee2011-08-29
| | | | | | | | | | | | | | | | | | | | | | We were using atol(), which on 32 bit, cannot handle values greater than 2GiB, which is fail. Switch to a strtoull() wrapper function tailored toward parsing off_t values. This allows parsing of very large positive integer values. off_t is a signed type, but in our usages, we never parse or have a need for negative values, so the function will return -1 on error. Before: $ pacman -Si flightgear-data | grep Size Download Size : 2097152.00 K Installed Size : 2097152.00 K After: $ ./src/pacman/pacman -Si flightgear-data | grep Size Download Size : 2312592.52 KiB Installed Size : 5402896.00 KiB Signed-off-by: Dan McGee <dan@archlinux.org>
* Better error handling out of package load methodDan McGee2011-08-28
| | | | | | | | There are many other ways to fail a package load other than "file not found". We should also use the correct error code in this case. Clean it up a bit in the various callers. Signed-off-by: Dan McGee <dan@archlinux.org>
* Refactor some args out of pkg_load_internalDan McGee2011-08-28
| | | | | | | | Just pass the entire sync package in if we have it; that way we can do any necessary operations involving it rather than have a parameter list growing endlessly. Signed-off-by: Dan McGee <dan@archlinux.org>
* Remove argument from check_pgp_helperDan McGee2011-08-25
| | | | | | | This one wasn't all that necessary as we only used it in one place in the function, which can be checked easily enough at the call site. Signed-off-by: Dan McGee <dan@archlinux.org>
* Only check necessary signatures and checksumsDan McGee2011-08-15
| | | | | | | | | | | The precedence goes as follows: signature > sha256sum > md5sum Add some logic and helper methods to check what we have available when loading a package, and then only check what is necessary to verify the package. This should speed up sync database verifies as we no longer will be doing both a checksum and a signature validation. Signed-off-by: Dan McGee <dan@archlinux.org>
* Parse conflicts/provides/replaces at database load timeDan McGee2011-08-15
| | | | | | | | | | | | | | | | | | | | | | We did this with depends way back in commit c244cfecf654d3 in 2007. We can do it with these fields as well. Of note is the inclusion of provides even though only '=' is supported- we'll parse other things, but no guarantees are given as to behavior, which is more or less similar to before since we only looked for the equals sign. Also of note is the non-inclusion of optdepends; this will likely be resolved down the road. The biggest benefactors of this change will be the resolving code that formerly had to parse and reparse several of these fields; it only happens once now at load time. This does lead to the disadvantage that we will now always be parsing this information up front even if we never need it in the split form, but as these are uncommon fields and our parser is quite efficient it shouldn't be a big concern. Signed-off-by: Dan McGee <dan@archlinux.org>
* Validate the sha256sum if availableDan McGee2011-08-15
| | | | | | Adjust load_internal() to check the sha256sum value if we have it. Signed-off-by: Dan McGee <dan@archlinux.org>
* Attempt to fix up some of the brokenness around failed package loadsDan McGee2011-08-08
| | | | | | | | | | | | | | | This is a bit of a mess, due to the fact that we have a progress meter running. It is also ironic that we are in the midst of a method named "commit" when we haven't done a damn thing yet, and can still fail hard if either a checksum or signature is invalid or unrecognized. Adapt the former test_md5sum method to be invoked for any of the various failure types, which at least gives the user some indication of what packages are failing. A second patch will be needed to actually show worthwhile error codes, but this is going to involve modifying the actual data passed with the callback. Signed-off-by: Dan McGee <dan@archlinux.org>
* Store a package info level flag if we fail to load dataDan McGee2011-08-08
| | | | | | | | | | | | | | | | | If we are missing a local database file, we get repeated messages over and over telling us the same thing, rather than being sane and erroring only once. This package adds an INFRQ_ERROR level that is added to the mask if we encounter any errors on a local_db_read() operation, and short circuits future calls if found in the value. This fixes FS#25313. Note that this does not make any behavior changes other than suppressing error messages and repeated code calls to failure cases; we still have more to do in the "local database is hosed" department. Also make a small update to the wrong but unused flags set in be_package; using INFRQ_ALL there was not totally correct. Signed-off-by: Dan McGee <dan@archlinux.org>
* Don't trim whitespace when reading database entriesDan McGee2011-08-02
| | | | | | | | | | | We don't write with extra or unknown whitespace, so there is little reason for us to trim it when reading either. This also fixes the hopefully never encountered "paths that start or end with spaces" issue, for which two pactests have been added. The tests also contain other evil characters that we have encountered before and handle just fine, but it doesn't hurt to ensure we don't break such support in the future. Signed-off-by: Dan McGee <dan@archlinux.org>
* Convert package filelists to an array instead of linked listDan McGee2011-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This accomplishes quite a few things with one rather invasive change. 1. Iteration is much more performant, due to a reduction in pointer chasing and linear item access. 2. Data structures are smaller- we no longer have the overhead of the linked list as the file struts are now laid out consecutively in memory. 3. Memory allocation has been massively reworked. Before, we would allocate three different pieces of memory per file item- the list struct, the file struct, and the copied filename. What this resulted in was massive fragmentation of memory when loading filelists since the memory allocator had to leave holes all over the place. The new situation here now removes the need for any list item allocation; allocates the file structs in contiguous memory (and reallocs as necessary), leaving only the strings as individually allocated. Tests using valgrind (massif) show some pretty significant memory reductions on the worst case `pacman -Ql > /dev/null` (366387 files on my machine): Before: Peak heap: 54,416,024 B Useful heap: 36,840,692 B Extra heap: 17,575,332 B After: Peak heap: 38,004,352 B Useful heap: 28,101,347 B Extra heap: 9,903,005 B Several small helper methods have been introduced, including a list to array conversion helper as well as a filelist merge sort that works directly on arrays. Signed-off-by: Dan McGee <dan@archlinux.org>
* signing: move to new signing verification and return schemeDan McGee2011-07-05
| | | | | | | | | | | | | | | | | This gives us more granularity than the former Never/Optional/Always trifecta. The frontend still uses these values temporarily but that will be changed in a future patch. * Use 'siglevel' consistenly in method names, 'level' as variable name * The level becomes an enum bitmask value for flexibility * Signature check methods now return a array of status codes rather than a simple integer success/failure value. This allows callers to determine whether things such as an unknown signature are valid. * Specific signature error codes mostly disappear in favor of the above returned status code; pm_errno is now set only to PKG_INVALID_SIG or DB_INVALID_SIG as appropriate. Signed-off-by: Dan McGee <dan@archlinux.org>
* Merge remote-tracking branch 'allan/ALPM'Dan McGee2011-07-03
|\ | | | | | | | | | | | | | | | | | | Conflicts: lib/libalpm/be_local.c lib/libalpm/be_package.c lib/libalpm/conflict.c lib/libalpm/diskspace.c lib/libalpm/dload.c lib/libalpm/remove.c
| * Prefix _alpm_errno_t members with ALPMAllan McRae2011-07-02
| | | | | | | | Signed-off-by: Allan McRae <allan@archlinux.org>
| * Prefix alpm_loglevel_t members with ALPMAllan McRae2011-07-02
| | | | | | | | Signed-off-by: Allan McRae <allan@archlinux.org>