summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAge
* Search for PGP subkeys in a keyserver-acceptable wayDan McGee2012-01-05
| | | | | | | | | | | | | | PGP keyservers are pieces of sh** when it comes to searching for subkeys, and only allow it if you submit an 8-character fingerprint rather than the recommended and less chance of collision 16-character fingerprint. Add a second remote lookup for the 8-character version of a key ID if we don't find anything the first time we look up the key. This fixes FS#27612 and the deficiency has been sent upstream to the GnuPG users mailing list as well. Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix bogus string cast in search debug messageDan McGee2011-12-29
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Use correct size in memsetDan McGee2011-12-05
| | | | | | | | We were using the size of a pointer, not the size of the whole archive_read_buffer struct. Thanks to Clang/LLVM 3.0 and Allan/Dave in IRC for finding this one. Signed-off-by: Dan McGee <dan@archlinux.org>
* Enforce signature download size limit on -U <url> operationsDan McGee2011-12-05
| | | | | | | | We had a 16 KiB limit on database signatures, we should do the same here too to have a slight sanity check, even if we can't do so for the package itself yet. Signed-off-by: Dan McGee <dan@archlinux.org>
* _alpm_ldconfig: return value from _alpm_run_chrootDan McGee2011-11-30
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Update translations from TransifexDan McGee2011-11-16
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Allow sync_prepare to work in certain cases without sync databasesDan McGee2011-11-15
| | | | | | | | | | | | | When doing a bare -U operation on a local package that doesn't pull in any dependencies from the sync databases, we can get away with missing database files. This makes the check conditional on no sync targets found in the target list. This is not the prettiest code here so we have a bit of hackish behavior required to straighten both the behavior and the nonsensical error message out. Addresses FS#26899. Signed-off-by: Dan McGee <dan@archlinux.org>
* Update translations from TransifexDan McGee2011-11-13
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Updates in preparation for 4.0.1 releaseDan McGee2011-11-13
| | | | | | | Bump the version, update the translation template files, and fill in NEWS with relevant commits and changes since 4.0.0. Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix thinko in _alpm_strip_newlineDan McGee2011-11-01
| | | | | | | | | The point of this early compare to NULL byte check was so we could bail early and skip the strcmp() call. Given we weren't doing the check right, this never exited early. Fix it to work as intended. Noticed-by: Pepe Juárez <trulustapa@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: remove redundant conditionalDave Reisner2011-10-27
| | | | | | | Replacing the strdup when after the first NULL check assures that we get continue with payload->remote_name defined. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
* dload: chmod tempfiles to respect umaskDave Reisner2011-10-27
| | | | | | | Dan: fix mask calculation, add it to the success/fail block instead. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Introduce ALPM_BUFFER_SIZE constantDan McGee2011-10-27
| | | | | | | | | | | | | | This takes the place of three previously used constants: ARCHIVE_DEFAULT_BYTES_PER_BLOCK, BUFFER_SIZE, and CPBUFSIZE. In libarchive 3.0, the first constant will be no more, so we can ensure we are forward-compatible by removing our usage of it now. The rest are unified for consistency. By default, we will use the value of BUFSIZ provided by <stdio.h>, which is 8192 on Linux. If that is undefined, a default value is provided. Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix issues with replacing unowned symlinksDan McGee2011-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | There aretwo seperate issues in the same block of file conflict checking code here: 1) If realpath errored, such as when a symlink was broken, we would call 'continue' rather than simply exit this particular method of resolution. This was likely just a copy-paste mistake as the previous resolving steps all use loops where continue makes sense. Refactor the check so we only proceed if realpath is successful, and continue with the rest of the checks either way. 2) The real problem this code was trying to solve was canonicalizing path component (e.g., directory) symlinks. The final component, if not a directory, should not be handled at all in this loop. Add a !S_ISLNK() condition to the loop so we only call this for real files. There are few other small cleanups to the debug messages that I made while debugging this problem- we don't need to keep printing the file name, and ensure every block that sets resolved_conflict to true prints a debug message so we know how it was resolved. This fixes the expected failures from symlink010.py and symlink011.py, while still ensuring the fix for fileconflict007.py works. Signed-off-by: Dan McGee <dan@archlinux.org>
* Don't realloc a 0-length files array when loading packagesDan McGee2011-10-26
| | | | | | | | | | | | | | | | | | There is some pecular behavior going on here when a package is loaded that has no files, as is very common in our test suite. When we enter the realloc/sort code, a package without files will call the following: files = realloc(NULL, 0); One would assume this is a no-op, returning a NULL pointer, but that is not the case and valgrind later reports we are leaking memory. Fix the whole thing by skipping the reallocation and sort steps if the pointer is NULL, as we have nothing to do. Note that the package still gets marked as 'files loaded', becuase although there were none, we tried and were successful. Signed-off-by: Dan McGee <dan@archlinux.org>
* lib/sync: inform callers of compute_download_size of a partialDave Reisner2011-10-25
| | | | | | | | | | Extend the return values of compute_download_size to allow callers to know that a .part file exists for the package. This extra value isn't currently used, but it'll be needed later on. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Add more logging to download codeDan McGee2011-10-24
| | | | | | | | | This adds a logger to the CURLE_OK case so we can always know the return code if it was >= 400, and debug log it regardless. Also adjust another logger to use the cURL error message directly, as well as use fstat() when we have an open file handle rather than stat(). Signed-off-by: Dan McGee <dan@archlinux.org>
* Show an error message on failed remote key lookupDan McGee2011-10-17
| | | | | | | | | | | | | The absolutely terrible part about this is the failure on GPGME's part to distinguish between "key not found" and "keyserver timeout". Instead, it returns the same silly GPG_ERR_EOF in both cases (why isn't GPG_ERR_TIMEOUT being used?), leaving us helpless to tell them apart. Spit out a generic enough error message that covers both cases; unfortunately we can't provide much guidance to the user because we aren't sure what actually happened. Signed-off-by: Dan McGee <dan@archlinux.org>
* Add missing #ifdef around cURL error code in download structDan McGee2011-10-14
| | | | | | Thanks to Eduardo Tongson on the mailing list. Signed-off-by: Dan McGee <dan@archlinux.org>
* curl_gethost() potential bug fixupsDan McGee2011-10-13
| | | | | | | | | | | | | | This is in the realm of "probably not going to happen", but if someone were to translate "disk" to a string longer than 256 characters, we would have a smashed/corrupted stack due to our unchecked strcpy() call. Rework the function to always length-check the value we copy into the hostname buffer, and do it with memcpy rather than the more cumbersome and unnecessary snprintf. Finally, move the magic 256 value into a constant and pass it into the function which is going to get inlined anyway. Signed-off-by: Dan McGee <dan@archlinux.org>
* Add user-visible warning message if public keyring not foundDan McGee2011-10-12
| | | | | | | This should help point users in the right direction if they have not initialized via pacman-key just yet. Signed-off-by: Dan McGee <dan@archlinux.org>
* signing: delay gpgme_init() until latest possible momentDan McGee2011-10-12
| | | | | | | | | | | | | | In the default configuration, we can enter the signing code but still have nothing to do with GPGME- for example, if database signatures are optional but none are present. Delay initialization of GPGME until we know there is a signature file present or we were passed base64-encoded data. This also makes debugging with valgrind a lot easier as you don't have to deal with all the GPGME error noise because their code leaks like a sieve. Signed-off-by: Dan McGee <dan@archlinux.org>
* Final Transifex update before 4.0Dan McGee2011-10-12
| | | | | | | | We have a few incomplete translations, but these should be addressable before the 4.0.1 maint release that is surely not that far in the future. Signed-off-by: Dan McGee <dan@archlinux.org>
* Update translations from TransifexDan McGee2011-10-11
| | | | | | In prep for the 4.0.0 release. Signed-off-by: Dan McGee <dan@archlinux.org>
* dload: unhook error buffer after transfer finishesDave Reisner2011-10-10
| | | | | | | | | | | | | | Similar to what we did in edd9ed6a, disconnect the relationship with our stack allocated error buffer from the curl handle. Just as an FTP connection might have some network chatter on teardown causing the progress callback to be triggered, we might also hit an error condition that causes curl to write to our (now out of scope) error buffer. I'm unable to reproduce FS#26327, but I have a suspicion that this should fix it. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Update translation message catalogs in prep for 4.0 releaseDan McGee2011-10-05
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Update translations from TransifexDan McGee2011-10-05
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Parse '0' as a valid package installed sizeDan McGee2011-10-04
| | | | | | This was a bad oversight on my part, pointed out by Jakob. Whoops. Signed-off-by: Dan McGee <dan@archlinux.org>
* Use _alpm_local_db_pkgpath in _cache_changelog_openDan McGee2011-09-30
| | | | | | Another place where we were doing the dirty work by hand. Signed-off-by: Dan McGee <dan@archlinux.org>
* Revamp scriptlet path formation for scriptlets in local databaseDan McGee2011-09-30
| | | | | | | | | Expose the current static get_pkgpath() function internally to the rest of the library as _alpm_local_db_pkgpath(). This allows use of this convenience function in add.c and remove.c when forming the path to the scriptlet location. Signed-off-by: Dan McGee <dan@archlinux.org>
* Refactor _alpm_runscriptlet()Dan McGee2011-09-30
| | | | | | | | | | Add an is_archive parameter to reduce the amount of black magic going on. Rework to use fewer PATH_MAX sized local variables, and simplify some of the logic where appropriate in both this function and in the callers where duplicate calls can be replaced by some conditional parameter code. Signed-off-by: Dan McGee <dan@archlinux.org>
* move prevprogress onto payload handleDave Reisner2011-09-29
| | | | | | | | | | | This is a poor place for it, and it will likely move again in the future, but it's better to have it here than as a static variable. Initialization of this variable is now no longer necessary as its zeroed on creation of the payload struct. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Refactor download payload reset and freeDan McGee2011-09-28
| | | | | | | | | | | | | | | This was done to squash a memory leak in the sync database download code. When we downloaded a database and then reused the payload struct, we could find ourselves calling get_fullpath() for the signatures and overwriting non-freed values we had left over from the database download. Refactor the payload_free function into a payload_reset function that we can call that does NOT free the payload itself, so we can reuse payload structs. This also allows us to move the payload to the stack in some call paths, relieving us of the need to alloc space. Signed-off-by: Dan McGee <dan@archlinux.org>
* Initialize cURL library on first useDan McGee2011-09-28
| | | | | | | | | Rather than always initializing it on any handle creation. There are several frontend operations (search, info, etc.) that never need the download code, so spending time initializing this every single time is a bit silly. This makes it a bit more like the GPGME code init path. Signed-off-by: Dan McGee <dan@archlinux.org>
* Track unresolvable transaction packagesDan McGee2011-09-28
| | | | | | | | | | | | | Rather than free them right away, keep the list on the transaction as we already do with add and remove lists. This is necessary because we may be manipulating pointers the frontend needs to refer to packages, and we are breaking our contract as stated in the alpm_add_pkg() documentation of only freeing packages at the end of a transaction. This fixes an issue found when refactoring the package list display code. Signed-off-by: Dan McGee <dan@archlinux.org>
* Move pacsave path construction code off the stackDan McGee2011-09-28
| | | | | | | This is definitely not in the normal hot path, so we can afford to do some temporary heap allocation here. Signed-off-by: Dan McGee <dan@archlinux.org>
* Use the full buffer when computing md5/sha256 sumsDan McGee2011-09-28
| | | | | | | | | | | | | | | No wonder these were slower than expected. We were only reading 4 (32-bit) or 8 (64-bit) bytes at a time and feeding it to the hash functions. Define a buffer size constant and use it correctly so we feed 8K at a time into the hashing algorithm. This cut one larger `-Sw --noconfirm` operation, with nothing to actually download so only timing integrity, from 3.3s to 1.7s. This has been broken since the original commit eba521913d6 introducing OpenSSL usage for crypto hash functions. Boy do I feel stupid. Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix memory leak in download payload->remote_nameDan McGee2011-09-28
| | | | | | | | | | | | | In the sync code, we explicitly allocated a string for this field, while in the dload code itself it was filled in with a pointer to another string. This led to a memory leak in the sync download case. Make remote_name non-const and always explicitly allocate it. This patch ensures this as well as uses malloc + snprintf (rather than calloc) in several codepaths, and eliminates the only use of PATH_MAX in the download code. Signed-off-by: Dan McGee <dan@archlinux.org>
* Revert "libalpm: compare pkgname with strcoll"Dan McGee2011-09-27
| | | | | | | | | | | | | | | | | | | | This commit was made with the intent of displaying "correctly" sorted package lists to users. Here are some reasons I think this is incorrect: * It is done in the wrong place. If a frontend application wants to show a different order of packages dependent on locale, it should do that on its own. * Even if one wants a locale-specific order, almost all package names are all ASCII and language agnostic, so this different comparison makes little sense and may serve only to confuse people. * _alpm_pkg_cmp was unlike any other comparator function. None of the rest had any dependency on anything but the content of the structs being compared (e.g., they only used strcmp() or other basic comparison operators). This reverts commit 3e4d2c3aa65416487939148828afb385de2ee146. Signed-off-by: Dan McGee <dan@archlinux.org>
* _alpm_splitdep: use malloc instead of callocDan McGee2011-09-27
| | | | | | | There was only one simple to handle case where we left a field uninitialized; set it to NULL and use malloc() instead. Signed-off-by: Dan McGee <dan@archlinux.org>
* be_sync: fetch only entry mode, not full stat structDan McGee2011-09-27
| | | | | | | This saves a lot of unnecessary work since we don't need any of the other fields in the stat struct. Signed-off-by: Dan McGee <dan@archlinux.org>
* alpm_list: use malloc instead of callocDan McGee2011-09-27
| | | | | | | | | | | | In every case we were calling calloc, the struct we allocated (or the memory to be used) is fully specified later in the method. For alpm_list_t allocations, we always set all of data, next, and prev. For list copying and transforming to an array, we always copy the entire data element, so no need to zero it first. Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix compilation using --without-gpgmeDan McGee2011-09-27
| | | | | | | I'm really good at breaking this on a regular basis. If only we had some sort of automated testing for this... Signed-off-by: Dan McGee <dan@archlinux.org>
* Remove unnecessary loggerDan McGee2011-09-27
| | | | | | | This is just a wrapper function; the real function we call logs an almost identical line. Signed-off-by: Dan McGee <dan@archlinux.org>
* Delay check for repository servers until we need themDan McGee2011-09-27
| | | | | | | | | | In the sync download code, we added an early check in 6731d0a9407e for sync download server existence so we wouldn't show the same error over and over for each file to be downloaded. Move this check into the download block so we only run it if there are actually files that need to be downloaded for this repository. Signed-off-by: Dan McGee <dan@archlinux.org>
* Ensure fileconflict value is actually a stringDan McGee2011-09-26
| | | | | | | | | | When we switched to a file object and not just a simple string, we missed an update along the way here in target-target conflicts. This patch looks large, but it really comes down to one errant (char *) cast before that has been reworked to explicitly point to the alpm_file_t object. The rest is simply code cleanup. Signed-off-by: Dan McGee <dan@archlinux.org>
* Update Doxyfile and fix some documentation errors caught by DoxygenDan McGee2011-09-22
| | | | | | | A few parameters were outdated or wrongly named, and a few things were explicitly linked that Doxygen wasn't able to resolve. Signed-off-by: Dan McGee <dan@archlinux.org>
* Ensure database validity flags are set in invalid signature caseDan McGee2011-09-22
| | | | | | | We returned the right error code but never set the flags accordingly. Also, now that we can bail early, ensure we set the error code. Signed-off-by: Dan McGee <dan@archlinux.org>
* Handle key import errors correctly and with good error messagesDan McGee2011-09-22
| | | | | | | | | This adds calls to gpgme_op_import_result() which we were not looking at before to ensure the key was actually imported. Additionally, we do some preemptive checks to ensure the keyring is even writable if we are going to prompt the user to add things to it. Signed-off-by: Dan McGee <dan@archlinux.org>
* signing: be consistent with returning -1 for error casesDan McGee2011-09-22
| | | | | | | | This also fixes a segfault found by dave when key_search is unsuccessful; the key_search return code documentation has also been updated to reflect reality. Signed-off-by: Dan McGee <dan@archlinux.org>