- 21 Oct, 2019 2 commits
-
-
Allan McRae authored
Signed-off-by:Allan McRae <allan@archlinux.org>
-
Allan McRae authored
Signed-off-by:
-
- 17 Oct, 2019 1 commit
-
-
Eli Schwartz authoredSigned-off-by:
Eli Schwartz <eschwartz@archlinux.org>
-
- 15 Oct, 2019 3 commits
-
-
Allan McRae authored
This is the first major release without any additions to the libalpm API! Signed-off-by: -
This allows pacman to print the correct error message when checking keys and libalpm has been compiled without gpgme support. Signed-off-by: -
The dummy checksigs function never sets count to 0, leaving it unitialized. This caused the siglist cleanup to try and free the empty list. Signed-off-by:
-
- 13 Oct, 2019 3 commits
-
-
Allan McRae authored
Pull all translations with >75% completion. Signed-off-by: -
This message was clarified for sync operations in 2b1b7b70 . Signed-off-by:
Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by:
-
Signed-off-by:
-
- 12 Oct, 2019 3 commits
-
-
Andrew Gregory authored
system() runs the provided command via a shell, which is subject to command injection. Even though pacman already provides a mechanism to sign and verify the databases containing the urls, certain distributions have yet to get their act together and start signing databases, leaving them vulnerable to MITM attacks. Replacing the system call with an almost equivalent exec call removes the possibility of a shell-injection attack for those users. Signed-off-by: -
Andrew Gregory authored
Converts an argc/argv pair to a string for presentation to the user. Signed-off-by: -
Andrew Gregory authored
Signed-off-by:
-
- 09 Oct, 2019 3 commits
-
-
Saving fflages breaks reproducible builds due to encoding information specific to the filesystem that was used to build the package. This information is not needed for packaging purposes anyway. Including fflags also means that attempting to extract a package file as root (or fakeroot) might result in angry warnings being printed to the console by bsdtar, followed by a non-zero exit code, unless the user remembers to use --no-fflags during extraction. This is unpleasant UI, even if pacman itself won't care about these. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
With unknown uid pacman crashed. Return with error from email_from_uid() if uid is NULL. Signed-off-by:
Christian Hesse <mail@eworm.de> Signed-off-by:
-
If the key's uid is unknown (for example with db signatures) the question was: :: Import PGP key 02FD1C7A934E614545849F19A6234074498E9CEE, "(null)"? [Y/n] Let's display a modified question for unknown uid. Signed-off-by:
-
- 07 Oct, 2019 23 commits
-
-
If an email address is specified, we use --locate-key to look up the key using WKD and keyserver as a fallback. If the key is specified as a key ID, this doesn't work, so we use the normal keyserver-based --recv-keys. Note that --refresh-keys still uses the keyservers exclusively for refreshing, though the situation might potentially be improved in a new version of GnuPG: https://lists.gnupg.org/pipermail/gnupg-users/2019-July/062169.html Signed-off-by:
Jonas Witschel <diabonas@archlinux.org>
Signed-off-by: -
Allan McRae authored
Signed-off-by: -
remove_deps is called once, at the end of clean_up() before makepkg exit. If remove_deps returns >0 (e.g. when pressing "n" in the resulting prompt), the error is caught by the ERR signal handler. This in turns sends SIGUSR1 to the process group, with resulting exit code 138. In case remove_deps fails, this patch exits makepkg with E_REMOVE_DEPS if there was no previous error (that is, EXIT_CODE equals E_OK). Otherwise, makepkg exits with EXIT_CODE. Signed-off-by: -
When running `makepkg -i` it may be necessary to first remove make- and checkdepends before installing the built package - for example if they conflict each other. This is the case for wireguard-arch which makedepends and conflicts wireguard-dkms. Signed-off-by:
Erich Eckner <git@eckner.net> Signed-off-by:
-
Allan McRae authored
Without the -f option to wait, we might move on and try to delete the logpipe before the process is completed. Signed-off-by: -
The logpipe fifo can remain when exiting on a non-error condition such as recieving signals INT and USR1. This can be seen by doing either a manual CTRL-C to interrupt the build or by sending a signal such as: $ makepkg & sleep 5 ; kill -USR1 $! Remove the fifo in all cases on script exit if it still exists. Signed-off-by:
Austin Lund <austin.lund@gmail.com> Signed-off-by:
-
Try and find an exact match via pkgcache before iterating the entire localdb. Gives a noticeable speed up for exact matches e.g. `pacman -T zlib` Signed-off-by: -
when a satisfying package is already installed, we always pick it instead of prompting the user. So we can return that package as soon as we find it, instead of waiting until we've iterated through all the databases. Signed-off-by: -
Signed-off-by: -
In addition to the general issue of staticlibs linkage, linking a static lib to a library() does not seem to generate the needed Libs.private. Rework how we handle this entirely. Instead of relying on convenience libraries, we will *sigh* go extract a boatload of .o files again, then relink those to the installable libalpm, while mentioning our dependencies again. We still have our guaranteed static library for linking arbitrary programs with (e.g. vercmp), and we still only generate one identical copy of the .o files, but now we potentially `ar` it up twice, which isn't so bad. And linking still works, and pkg-config files also still work. One alternative would be to explicitly list our dependencies to pkgconfig.generate with requires_private, but since gpgme might be an elevated config-tool dependency, this can fail with: meson.build:341:10: ERROR: requires argument not a string, library with pkgconfig-generated file or pkgconfig-dependency object, got <GpgmeDependency gpgme: True> Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
LIB_VERSION is supposed to be something like 11.0.1, not simply reiterate the project version. As a result, we ended up with this: $ pacman -V [...] Pacman v5.1.0 - libalpm v5.1.0 [...] Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
libcommon isn't even installed, so that means libalpm.a (if installed) is fatally broken as it misses objects. The problem is that meson doesn't handle this case correctly: https://github.com/mesonbuild/meson/issues/3934 https://github.com/mesonbuild/meson/issues/3937 https://github.com/mesonbuild/meson/pull/3939 Work around this by manually extracting libcommon's .o files into the list of objects used to create libalpm. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
Not all compression types can be detected in the seccomp sandbox, so we need to disable it. This requires either configuring makepkg to know the sandbox is available, or checking for file >= 5.38 in which the sandbox option is a no-op even when seccomp is disabled. - Requires autoconf-archive for autotools version compare macro. - meson version comparison could be made a lot simpler using meson-git. Fixes FS#58626 Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
There is no good reason to bloat the keyring by importing tons of signatures we cannot use; drop any signatures that don't validate against another available key (probably the master keys). If any desired signatures get cleaned, the key can be refreshed after importing the new signing public key. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
By default, the latest versions of GnuPG disable the Web of Trust and refuse to import signatures from public keyservers. This is to prevent denial of service attacks, because refusing to import signatures only if the key size is too big, is apparently too silly to consider. Either way, pacman needs the WoT. If pacman imports a key at all, it means everything failed and we are in fallback mode, trying to overcome a shortcoming in the availability of keys in the keyring package. (This commonly means the user needs to acquire a new key during the same transaction that updates archlinux-keyring.) In order for that new key to be usable, it *must* also import signatures from the Master Keys. I don't give credence to this supposed DoS, since the worst case scenario is nothing happening and needing to CTRL+C in order to exit the program. In the case of pacman, this is better than being unable to install anything at all (which is gnupg doing a much more harmful DoS to pacman), and in the already unusual case where something like --refresh-keys is being used directly instead of depending on the keyring package itself, gnupg supports WKD out of the box and will prefer that for people whose keys are marketed as being non-DOSable. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
If an option is a two-part option, we print both (separated by IFS=' '), but when grepping to see if it already exists, we only checked the first component. This means that something like keyserver-options could only check if there were existing keyserver options of any sort, but not which ones. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
Added gettext macro to warnings, helps, and errors for translation. Signed-off-by:
Matthew Sexton <wsdmatty@gmail.com> Signed-off-by:
-
Using the macro got in the way of _() macro for translation All the macro did was make it so the writer didn't have to type \n", stream); at the end of every line. Signed-off-by: -
If we failed to get the pkg from pkgcache then we know no satisfying package exists by name. So only compare provides. Signed-off-by: -
The rust language supports $RUSTFLAGS to be used automatically in all rustc invocations. Allow setting this in makepkg.conf (e.g. for optimization or debuginfo support), and teach debug+strip to pass the rustc command line argument necessary to rewrite source file paths in the debugging symbols. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
Currently pacman relies on the SKS keyserver network to fetch unknown PGP keys. These keyservers are vulnerable to signature spamming attacks, potentionally making it impossible to import the required keys. An alternative to keyservers is a so-called Web Key Directory (WKD), a well-known, trusted location on a server from where the keys can be fetched. This commit adds the ability to retrieve keys from a WKD. Due to the mentioned vulnerabilities, the WKD is tried first, falling back to the keyservers only if no appropriate key is found there. In contrast to keyservers, keys in a WKD are not looked up using their fingerprint, but by email address. Since the email address of the signing key is usually not included in the signature, we will use the packager email address to perform the lookup. Also see FS#63171. Signed-off-by:
Jonas Witschel <diabonas@archlinux.org>
Signed-off-by: -
Ask the user whether they want to import a missing key before even doing a search on the keyserver. This will be useful for getting Web Key Directory support in place: for a WKD, looking up and importing a key are a single action, so the current key_search -> QUESTION -> key_import workflow does not apply. Since only the ID of the package signing key is available before key_search, we display the packager variable in addition to the key ID for user convenience. Signed-off-by:
Jonas Witschel <diabonas@archlinux.org>
Signed-off-by: -
Downloads with a Content-Disposition header will typically not include slashes. When they do, we should most certainly only take the basename, but when they don't, we should treat the header value as the filename. Crash introduced in d197d8ab when we started using get_filename in order to rightfully avoid an arbitrary file overwrite vulnerability. Signed-off-by:
-
- 04 Oct, 2019 2 commits
-
-
Allan McRae authored
Signed-off-by: -
pacman should be able to extract an email address from PACKAGER for WKD lookup, so issue a warning if it is not of the form "Example Name <email@address.invalid>". Neither the name nor the email address must contain additional angle brackets. Signed-off-by:
Jonas Witschel <diabonas@archlinux.org>
Signed-off-by:
-
