| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add code to conf.c that parses the new SigLevel directive. An
overwhelming number of options are presented, but most users will still
be fine with the Never/Optional/Required trio. More advanced users can
combine these or any of the other options on a 'SigLevel = ' line, which
is parsed in a left-to-right fashion and flags turned on and off
accordingly. For example, all three of these will net the same config:
SigLevel = Required PackageOptional
SigLevel = Optional DatabaseRequired
SigLevel = DatabaseRequired PackageOptional
Additionally, database-specific lines assume you wish to start with any
global default that has been set. For example, if any of the above lines
were in the [options] section, something such as:
SigLevel = PackageRequired PackageAllowMarginal
Would continue to enforce required database signatures.
Inspiration-by: Kerrick Staley <mail@kerrickstaley.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures we are actually making correct use of the information gpgme
is returning to us. Marginal being allowed was obvious before, but
Unknown should deal with trust level, and not the presence or lack
thereof of a public key to validate the signature with.
Return status and validity information in two separate values so check
methods and the frontend can use them independently. For now, we treat
expired keys as valid, while expired signatures are invalid.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
Pacman did a great job of having almost (but not quite) duplicate code
paths through the sync and upgrade code. We can use the same logic in
both upgrade in sync once the targets are resolved, so extract a
function and delete a bunch of code.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This accomplishes quite a few things with one rather invasive change.
1. Iteration is much more performant, due to a reduction in pointer
chasing and linear item access.
2. Data structures are smaller- we no longer have the overhead of the
linked list as the file struts are now laid out consecutively in
memory.
3. Memory allocation has been massively reworked. Before, we would
allocate three different pieces of memory per file item- the list
struct, the file struct, and the copied filename. What this resulted
in was massive fragmentation of memory when loading filelists since
the memory allocator had to leave holes all over the place. The new
situation here now removes the need for any list item allocation;
allocates the file structs in contiguous memory (and reallocs as
necessary), leaving only the strings as individually allocated. Tests
using valgrind (massif) show some pretty significant memory
reductions on the worst case `pacman -Ql > /dev/null` (366387 files
on my machine):
Before:
Peak heap: 54,416,024 B
Useful heap: 36,840,692 B
Extra heap: 17,575,332 B
After:
Peak heap: 38,004,352 B
Useful heap: 28,101,347 B
Extra heap: 9,903,005 B
Several small helper methods have been introduced, including a list to
array conversion helper as well as a filelist merge sort that works
directly on arrays.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
| |
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
This can only ever operate on the local database, and a local package at
that. Change the function signature to take a handle and package object,
add the relevant asserts, and ensure the frontend can detect the package
not found condition when finding packages to pass to this method.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We did some funny stuff here before to allow specifying fully-qualified
package names, such as 'testing/gcc' or 'core/gcc'. However, it was done
by duplicating code, not to mention an early escape if a repository
could not be found for an early target. Something like `pacman -Si
foo/bar core/gcc' would not give expected results, although `pacman -Si
bar gcc' would.
Clean up the code, remove strncpy() usage, and clarify the error
messages a bit.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
| |
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The supposed safety blanket of this function is better handled by
explicit length checking and usages of strlen() on known NULL-terminated
strings rather than hoping things fit in a buffer. We also have no need
to fully fill a PATH_MAX length variable with NULLs every time as long
as a single terminating byte is there. Remove usages of it by using
strcpy() or memcpy() as appropriate, after doing length checks via
strlen().
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
The only thing this accessor did was remove the const qualifier
given our entire list implementation requires passing around the
head anyway.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They are placeholders, but important for things like trying to re-sync a
database missing a signature. By using the alpm_db_validity() method at
the right time, a client can take the appropriate action with these
invalid databases as necessary.
In pacman's case, we disallow just about anything that involves looking
at a sync database outside of an '-Sy' operation (although we do check
the validity immediately after). A few operations are still permitted-
'-Q' ops that don't touch sync databases as well as '-R'.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Show output in -Qip for each package signature, which includes the UID
string from the key ("Joe User <joe@example.com>") and the validity of
said key. Example output:
Signatures : Valid signature from "Dan McGee <dpmcgee@gmail.com>"
Unknown signature from "<Key Unknown>"
Invalid signature from "Dan McGee <dpmcgee@gmail.com>"
Also add a backend alpm_sigresult_cleanup() function since memory
allocation took place on this object, and we need some way of freeing
it.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This gives us more granularity than the former Never/Optional/Always
trifecta. The frontend still uses these values temporarily but that will
be changed in a future patch.
* Use 'siglevel' consistenly in method names, 'level' as variable name
* The level becomes an enum bitmask value for flexibility
* Signature check methods now return a array of status codes rather than
a simple integer success/failure value. This allows callers to
determine whether things such as an unknown signature are valid.
* Specific signature error codes mostly disappear in favor of the above
returned status code; pm_errno is now set only to PKG_INVALID_SIG or
DB_INVALID_SIG as appropriate.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/libalpm/be_local.c
lib/libalpm/be_package.c
lib/libalpm/conflict.c
lib/libalpm/diskspace.c
lib/libalpm/dload.c
lib/libalpm/remove.c
|
| |
| |
| |
| | |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
| |
| |
| |
| | |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|/
|
|
|
|
|
|
| |
This allows us to capture size and mode data when building filelists
from package files. Future patches will take advantage of this newly
available information, and frontends can use it as well.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
| |
This is a convention that is widely followed in *nix and posix-ish
environments. We should follow it, too.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
Some of these are legit (the backup hash NULL checks), while others are
either extemely unlikely or just impossible for the static code
analysis to prove, but are worth adding anyway because they have little
overhead.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using grp instead of group is a small saving at the cost of clarity.
Rename the following functions:
alpm_option_get_ignoregrps -> alpm_option_get_ignoregroups
alpm_option_add_ignoregrp -> alpm_option_add_ignoregroup
alpm_option_set_ignoregrps -> alpm_option_set_ignoregroups
alpm_option_remove_ignoregrp -> alpm_option_remove_ignoregroup
alpm_db_readgrp -> alpm_db_readgroup
alpm_db_get_grpcache -> alpm_db_get_groupcache
alpm_find_grp_pkgs -> alpm_find_group_pkgs
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
| |
Only one of these looked like a real red flag, in find_requiredby(), but
it doesn't hurt to fix several of them up anyway.
Unfortunately, we can't turn this on universally due to things like the
sync(), remove(), etc. builtins which we often use as variable names.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a whole lot of bloat to parse pacman.conf and only a few lines to
use the list of sync DBs instead of the local DB.
Dan: I fully plan on this being temporary and us finding a better way in
the future to parse pacman.conf from multiple binaries. Adding a
standalone config parser is probably not the right way of going about
things, but for now it is by far the easiest.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Declare an alpm_list which, for now, only holds our local database.
walk_deps and walk_reverse_deps are refactored to account for this, and
a helper function is added to wrap alpm_db_get_pkg for traversing a
list.
This is groundwork for letting pactree walk the sync DBs.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
| |
Instead, just do the required locking directly in the backend in calls
to alpm_db_update().
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Start by converting all of our flags to a 'status' bitmask (pkgcache
status, grpcache status). Add a new 'valid' flag as well. This will let
us keep track if the database itself has been marked valid in whatever
fashion.
For local databases at the moment we ensure there are no depends files;
for sync databases we ensure the PGP signature is valid if
required/requested. The loading of the pkgcache is prohibited if the
database is invalid.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
| |
This is another step toward doing both local database validation
(ensuring we don't have depends files) and sync database validation (via
signatures if present) when the database is registered.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the ideal place to do it as all clients should be checking the
return value and ensuring there are no errors. This is similar to
pkg_load().
We also add an additional step of validation after we download a new
database; a subsequent '-y' operation can potentially invalidate the
original check at registration time.
Note that this implementation is still a bit naive; if a signature is
invalid it is currently impossible to refresh and re-download the file
without manually deleting it first. Similarly, if one downloads a
database and the check fails, the database object is still there and can
be used. These shortcomings will be addressed in a future commit.
Signed-off-by: Dan McGee <dan@archlinux.org>
|