- May 12, 2024
-
-
Allan McRae authored
Fixes #45. Signed-off-by: Allan McRae <allan@archlinux.org>
-
Allan McRae authored
Add the -k parameter to the sudo call to prevent caching of credientials. This would (potentailly) stop a rogue sudo use within a PKGBUILD. Signed-off-by: Allan McRae <allan@archlinux.org>
-
Allan McRae authored
Signed-off-by: Allan McRae <allan@archlinux.org>
-
- May 05, 2024
-
-
Add a new error code to expose the 'not a clone of' error state of some source providers (git and fossil). This allows other tools integrating further and handle this specific error state. One usecase evolves around frequently changing source locations in PKGBUILDs of packages in the AUR.
-
It's extremely hard to figure out what's going from when bsdtar fails here when we expect it to succeed. Stop tunneling stderr to /dev/null to help users figure out what's going on when this fails.
-
- May 04, 2024
-
-
-
Allan McRae authored
Signed-off-by: Allan McRae <allan@archlinux.org>
-
Allan McRae authored
Signed-off-by: Allan McRae <allan@archlinux.org>
-
-
Let meson deal with the system differences instead of handling it manually. The custom dependency was added in meson 0.59, then gained static support with 0.60, and static support for cygwin with 0.61, which is why the meson requirement is bumped to 0.61. Debian bullseye ships meson 0.56, so switch to bookworm which has 1.0.1
-
Closes #131
-
Allan McRae authored
Fixes #132. Signed-off-by: Allan McRae <allan@archlinux.org>
-
- Apr 22, 2024
-
-
-
Allan McRae authored
Work around the final line not being parsed in .PKGINFO if there was a lack of newline at the end of the file. This could occur due to utilising a tool other than makepkg to create packages. The missed line created a difference in the parsing of .PKGINFO between repo-add and pacman, causing packages to be seen as invalidwith pacman-6.1. Signed-off-by: Allan McRae <allan@archlinux.org>
-
- Apr 20, 2024
-
-
Allan McRae authored
Also ensure CHOST and MAKEFLAGS are exported. Signed-off-by: Allan McRae <allan@archlinux.org>
-
- Apr 08, 2024
-
-
Allan McRae authored
Bailing early when there are 0 blocks remaining means that we do not call memchr on a NULL string (although with a 0 size parameter). Fixes issues reported using -fsanitise=address,undefined Signed-off-by: Allan McRae <allan@archlinux.org>
-
- Apr 05, 2024
-
-
Allan McRae authored
Signed-off-by: Allan McRae <allan@archlinux.org>
-
Allan McRae authored
The dir_is_mountpoint() function has the explicit requirement that the trailing slash of the directory is present. We strip the trailing slash in unlink_file() to handle directories replaced with symlinks, but that then affects the dir_is_mountpoint() check. Add the trailing slash when we have established we are dealing with a directory. Note this may fail in the case of a file managed by pacmane with name length of PATH_MAX that has been replaced by a directory on the file system. Bail on this unlikely scenario. In addtion, be less fancy with adjusting length of the file char array. Signed-off-by: Allan McRae <allan@archlinux.org>
-
Allan McRae authored
Removing lock-never from the default gpg.conf file exposed a couple of bugs in the permission checks in pacman-key. Signed-off-by: Allan McRae <allan@archlinux.org>
-
Allan McRae authored
MAKEFLAGS should not be cleared by options=(!buildenv). Regression introduced in commit 09e82f01 Signed-off-by: Allan McRae <allan@archlinux.org>
-
Allan McRae authored
Signed-off-by: Allan McRae <allan@archlinux.org>
-
Allan McRae authored
A filelist can be non-NULL but empty (particularly with a lot of NoExtract entries). Handle this in alpm_filelist_contains() Identified using the undefined behaviour sanitizer. Signed-off-by: Allan McRae <allan@archlinux.org>
-
- Apr 02, 2024
-
-
Allan McRae authored
Introduced in 74deada5. Signed-off-by: Allan McRae <allan@archlinux.org>
-
- Apr 01, 2024
-
-
This allows downloads to be continued. Signed-off-by: Allan McRae <allan@archlinux.org>
-
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
-
Signed-off-by: Allan McRae <allan@archlinux.org>
-
Signed-off-by: Allan McRae <allan@archlinux.org>
-
-
Allan McRae authored
It is not used any more due to filling the payload structure earlier. Signed-off-by: Allan McRae <allan@archlinux.org>
-
Allan McRae authored
Filling in more of the payload fields before passing to the downloader ensures that the these fields do not get lost during sandboxed operations. It also fixes the use of -U with XferCommand, but testsuite still fails due to "404" page being downloaded for the signature. Given we can not identify this as being a non-signature download with the XferCommand, we can just turn off signature checking in this test. Signed-off-by: Allan McRae <allan@archlinux.org>
-
Signed-off-by: Allan McRae <allan@archlinux.org>
-
Signed-off-by: Allan McRae <allan@archlinux.org>
-
If the SandboxUser configure option is set, the internal downloader will fork of a child process and drop to the specified user to download the files. Signed-off-by: Remi Gacogne <rgacogne@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
-
Allan McRae authored
Signed-off-by: Allan McRae <allan@archlinux.org>
-
Add log and download callbacks to use within a sandbox. These are designed to be passed from the sandbox to the parent through a file descriptor and then processed into alpm callbacks to be passed to the frontend. Note, only callbacks used in libalpm are added. Other callbacks should be set to NULL in the child process.
-
Add alpm_sandbox_child() function that will be used for switching to a less priviledged user to run child processes. Signed-off-by: Allan McRae <allan@archlinux.org>
-
The DownloadUser option will be used to drop privledges to the specified user when downloading files. The intention is for this to be extended in the future to a more general sandbox configuration to cover operating on package and database files prior to verification. Add this option to pacman configuration and the various accessors into the libalpm backend. Signed-off-by: Allan McRae <allan@archlinux.org>
-
- Mar 25, 2024
-
-
sprintf does not check for buffer overflows (CWE-120) modified: src/pacman/callback.c
-
- Mar 20, 2024
-
-
Allan McRae authored
Signed-off-by: Allan McRae <allan@archlinux.org>
-
- Mar 19, 2024
-
-
bartus authored
-