1. 28 Jan, 2020 2 commits
    • Allan McRae's avatar
      makepkg: add CRC checksums and set these to be the default · 21af7986
      Allan McRae authored
      
      
      Checksums arrays should be filled with values provided by upstream.  We
      currently have md5 set as an unsecure default, and are constantly asked to
      change it to sha2.  However, just changing the default to a stronger checksum
      gives the user the impression that "makepkg -g" checksums are perfect.
      
      Instead, change the default checksum to a CRC, to make it clear that any
      checksum generated purely by "makepkg -g" is not ideal.
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      21af7986
    • Allan McRae's avatar
      Note that checksums from "makepkg -g" are not ideal · c3852ff4
      Allan McRae authored
      
      
      Generating checksums with "makepkg -g" only determines that the user of a
      PKGBUILD has the same file as the packager (assuming no collision).  This
      means an upstream source could be maliciously changed and passed on as valid
      by a PKGBUILD.  To avoid this, it is essential that any checksums used in
      a PKGBUILD are as provided by upstream.
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      c3852ff4
  2. 27 Jan, 2020 6 commits
    • Allan McRae's avatar
      Fix "pacman -U <url>" operations · e54617c7
      Allan McRae authored
      Commit e6a6d307
      
       detected complete part files by comparing a payload's
      max_size to initial_size.  However, these values are also equal when we
      use pacman -U on a URL as max_size is set to 0 in that case.  Add a further
      condition to avoid that.
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      e54617c7
    • Eli Schwartz's avatar
      makepkg: make per-package files containing '$pkgname' consistently work · d626a17e
      Eli Schwartz authored and Allan McRae's avatar Allan McRae committed
      
      
      Extracting function variables containing arbitrarily scoped variables of
      arbitrary nature is a disaster, but let's at least cover the common case
      of using the actual '$pkgname' in an install/changelog file. It's the
      odd case of actually being basically justified use of disambiguating
      between the same variable used in multiple different split packages...
      and also, --printsrcinfo already uses and overwrites the variable
      'pkgname' in pkgbuild_extract_to_srcinfo, so this "works" in .SRCINFO
      but doesn't work in .src.tar.gz
      
      It doesn't work in lint_pkgbuild either, but in that case the problem is
      being too permissive, not too restrictive -- we might end up checking
      the same file twice, and printing that it is missing twice.
      
      Fixes FS#64932
      Signed-off-by: Eli Schwartz's avatarEli Schwartz <eschwartz@archlinux.org>
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      d626a17e
    • Allan McRae's avatar
      Increase maximum database size · 2856a7de
      Allan McRae authored
      
      
      We previously has the maximum database size as 25MB.  This was set in the days
      before repos had as many packages as they do now, and before we started
      distributing files databases.  Increase this limit to 128MB.
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      2856a7de
    • Allan McRae's avatar
      Remove unneeded ltmain patch · 2e32d51a
      Allan McRae authored
      
      
      Many moons ago, libtool was bad - I mean worse than today!  It gobbled all
      --as-needed and we ended up with an overlinked libalpm.  This was annoying,
      particularly when dealing with soname bumps in libraries pacman/libalpm had
      no business linking to. Luckily we had a fix, stolen from GNOME I believe.
      And with that fix, we lived in harmony with libtool for many years.  Until one
      day, unbeknownst to us, libtool was "fixed".  We kept applying our patch,
      because it still applied, but it did worse than nothing.  It gobbled up our
      other LDFLAGS, and our libalpm started missing out on RELRO and BIND_NOW.
      This made the Arch Security Team unhappy. We will make them happy again by
      stopping the patch.
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      2e32d51a
    • Allan McRae's avatar
      Increase meson test timeout · 75bf8e88
      Allan McRae authored
      
      
      Running the testsuite using "PACTEST_VALGRIND=1 ninja test -C build", I ran
      into the following failure:
      
      161/332 smoke001.py                             TIMEOUT 30.02 s
      
      I figure an i7 @ 3.10GHz should be enough to run our testsuite... so boost
      the meson test timeout to 120 seconds (which should be enough time for
      anyone...).
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      75bf8e88
    • Allan McRae's avatar
      tests: Fix typo in test description · 0965023f
      Allan McRae authored
      0965023f
  3. 07 Jan, 2020 5 commits
  4. 11 Dec, 2019 1 commit
  5. 02 Dec, 2019 1 commit
  6. 26 Nov, 2019 5 commits
  7. 21 Nov, 2019 2 commits
  8. 16 Nov, 2019 1 commit
  9. 15 Nov, 2019 2 commits
    • Allan McRae's avatar
      Add Eli to current maintainers · 6fb233d0
      Allan McRae authored
      
      
      Also retire Dan into past major contributors.
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      6fb233d0
    • Allan McRae's avatar
      Handle .part files that are the size of the correct package · e6a6d307
      Allan McRae authored
      
      
      In rare cases, likely due to a well timed Ctrl+C, but possibly due to a
      broken mirror, a ".part" file may have size at least that of the correct
      package size.
      
      When encountering this issue, currently pacman fails in different ways
      depending on where the package falls in the list to download.  If last,
      "wrong or NULL argument passed" error is reported, or a "invalid or
      corrupt package" issue if not.
      
      Capture these .part files, and remove the extension. This lets pacman
      either use the package if valid, or offer to remove it if it fails checksum
      or signature verification.
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      e6a6d307
  10. 12 Nov, 2019 1 commit
    • Allan McRae's avatar
      pactest: set package tar format to GNU_FORMAT · b9faf652
      Allan McRae authored
      
      
      python-3.8 changed the default tar format to PAX_FORMAT. This caused
      issues in our testsuite with package extraction of files with UTF-8
      characters as we run the tests under the C locale.
      
      sycn600.py:
      error: error while reading package /tmp/pactest-xuhri4xa/var/cache/pacman/pkg/unicodechars-2.0-1.pkg.tar.gz: Pathname can't be converted from UTF-8 to current locale.
      
      Set format back to GNU_FORMAT.
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      b9faf652
  11. 11 Nov, 2019 1 commit
  12. 08 Nov, 2019 1 commit
  13. 07 Nov, 2019 2 commits
  14. 06 Nov, 2019 5 commits
  15. 05 Nov, 2019 4 commits
  16. 04 Nov, 2019 1 commit
    • Ethan Sommer's avatar
      libmakepkg: add optional argument support to parseopts · 7be75523
      Ethan Sommer authored and Allan McRae's avatar Allan McRae committed
      
      
      Adds a "?" suffix that can be used to indicate that an option's argument is
      optional.
      
      This allows options to have a default behaviour when the user doesn't
      specify one, e.g.: --color=[when] being able to behave like --color=auto
      when only --color is passed
      
      Options with optional arguments given on the command line will be returned
      in the form "--opt=optarg" and "-o=optarg". Despite that not being the
      syntax for passing an argument with a shortopt (trying to pass -o=foo
      would make -o's argument "=foo"), this is done to allow the caller to split
      the option and its optarg easily
      Signed-off-by: default avatarEthan Sommer <e5ten.arch@gmail.com>
      Reviewed-by: default avatarDave Reisner <dreisner@archlinux.org>
      Signed-off-by: Allan McRae's avatarAllan McRae <allan@archlinux.org>
      7be75523