- 26 Jun, 2020 1 commit
-
-
Andrew Gregory authored
Signed-off-by:Andrew Gregory <andrew@archlinux.org>
-
- 22 Jun, 2020 3 commits
-
-
Andrew Gregory authored
Signed-off-by: -
Forbid the AX_COMPARE_VERSION macro from being found in the output configure script. If autoconf-archive is not installed when autoreconf is run, the following error message is emitted: configure.ac:231: error: possibly undefined macro: AX_COMPARE_VERSION If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. autoreconf: /usr/bin/autoconf failed with exit status: 1 Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 435f5fc2)
-
RSA2048 may have been fine when this was written many moons ago, but time this has a bump. Signed-off-by:
-
- 21 Jun, 2020 1 commit
-
-
Fixes FS#67000 Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by:
-
- 18 Jun, 2020 21 commits
-
-
Allan McRae authored
Signed-off-by: -
If it's not listed by --list-secret-key we don't care if it has been imported into your keyring, it's unusable. And you might not have a private key at all in the no-keyid-specified case. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
We pass this to gpg -u and this gpg option can accept a number of different formats, not just the historical hexadecimal fingerprint we assumed. We should not barf hard if a format is used which happens to contain spaces. This also fixes a validation bug. When we initially check if the desired key is available, we don't quote spaces, so gpg goes ahead and treats each space-separated string as a *different key* to search for, returning partial matches, and returning success if at least one key is found. But gpg --detach-sign -u will certainly not accept multiple keys! Fixes FS#66949 Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
In commit 882e707e we changed message output to go to stdout by default, unless it was an error. The plain() function doesn't *look* like an error function, but in practice it was -- it's used to continue multiline messages, and all in-tree uses were for warning/error. This is a problem both because we're sending output to the wrong place, and because in some cases, we were performing error logging from a function which would otherwise return a value to be captured in a variable using command substution. Fix this and straighten out the API by providing two functions: one for continuing msg output, and one which wraps this by sending output to stderr, for continuing error output. Change all callers to use the second function. (cherry picked from commit bf458cce)
-
This was broken in commit 882e707e , which changed 'plain()' messages to go to stdout, which was then captured as the download client in question: cmdline=("Aborting..."). The result was a very confusing error message e.g. /usr/share/makepkg/source/file.sh: line 72: $'\E[1m': command not found or with makepkg --nocolor: /usr/share/makepkg/source/file.sh: line 72: Aborting...: command not found The problem here is that we checked to see if an asynchronous subshell, in our case <(...), failed, by checking if its captured stdout is non-empty. Which is terrible, and also a limitation of old bash. But bash 4.4 can use wait $! to retrieve the return value of an asynchronous subshell. Now we target that as our minimum, we can sanely handle errors in such functions. Losing error messages on stdout by capturing them in a variable instead of printing them, continues to be a problem, but this will be fixed systematically in a later commit. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
If something like source=(..."#commit=") is used, e.g. due to failed variable expansion, we try to check out an empty refspec as nothing at all, and end up just running "git checkout". This happens because we fail at variable expansion too -- so let's quote our variables properly and make sure git sees this as an empty refspec, so it can error out. Also make sure it is interpreted as a ref instead of a path. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
Given RFC 4880 provides the code to do this calculation, I am not sure how I managed to stuff that up! This bug was only exposed when a signature made with "include-key-block" was added to the Arch repos, which provided a subpacket with the required size to hit this issue. Signed-off-by:
-
It's either a waste of work, or triggers edge cases in some packages (like coreutils-8.31) where the source file is readonly and cp gets a permission denied error trying to overwrite it with an identical copy of itself. Also while we are at it, make the variable names be something readable, because I could barely tell what this was doing while editing it. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
While iterating over the provides array, the find call for locating a shared library may result in listing multiple entries which by itself does not produce a stable deterministic order and may vary depending on the underlying filesystem. To provide a stable listing and a reproducible .PKGINFO file the result of find is piped to sort with a static LC_ALL=C localisation. Signed-off-by:
Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: -
This is not a warning, _parse_options() returns failure without even parsing further lines and the attempted pacman/pacman-conf program execution immediately aborts. Warnings are for when e.g. later on if we don't recognize a setting at all, we skip over it and have enough confidence in this to continue executing the program. The current implementation results in pacman-conf aborting with: warning: config file /etc/pacman.conf, line 60: invalid value for 'ParallelDownloads' : '2.5' error parsing '/etc/pacman.conf' or pacman -Syu aborting with the entirely more cryptic: warning: config file /etc/pacman.conf, line 59: invalid value for 'ParallelDownloads' : '2.5' and this isn't just a problem for the newly added ParallelDownloads setting, either, you could get the same problem if you specified a broken XferCommand, but that's harder as it's more accepting of input and you probably don't hit this except with unbalanced quotes. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
This was only partially implemented in the original implementation. `pacman-conf | grep ILoveCandy` would tell you if it was set, but querying directly by name would not. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
Signed-off-by:
-
Current code accidently uses noupgrade for the NoExtract directive. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
Signed-off-by:
-
It looks like this function has never actually worked. The current list is never set to NULL after being freed. So the new deps were just appended to the already freed list, leading to a segfault. Signed-off-by:
-
Extracting function variables containing arbitrarily scoped variables of arbitrary nature is a disaster, but let's at least cover the common case of using the actual '$pkgname' in an install/changelog file. It's the odd case of actually being basically justified use of disambiguating between the same variable used in multiple different split packages... and also, --printsrcinfo already uses and overwrites the variable 'pkgname' in pkgbuild_extract_to_srcinfo, so this "works" in .SRCINFO but doesn't work in .src.tar.gz It doesn't work in lint_pkgbuild either, but in that case the problem is being too permissive, not too restrictive -- we might end up checking the same file twice, and printing that it is missing twice. Fixes FS#64932 Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
Commit e6a6d307 detected complete part files by comparing a payload's max_size to initial_size. However, these values are also equal when we use pacman -U on a URL as max_size is set to 0 in that case. Add a further condition to avoid that. Signed-off-by:
-
We previously has the maximum database size as 25MB. This was set in the days before repos had as many packages as they do now, and before we started distributing files databases. Increase this limit to 128MB. Signed-off-by:
-
Many moons ago, libtool was bad - I mean worse than today! It gobbled all --as-needed and we ended up with an overlinked libalpm. This was annoying, particularly when dealing with soname bumps in libraries pacman/libalpm had no business linking to. Luckily we had a fix, stolen from GNOME I believe. And with that fix, we lived in harmony with libtool for many years. Until one day, unbeknownst to us, libtool was "fixed". We kept applying our patch, because it still applied, but it did worse than nothing. It gobbled up our other LDFLAGS, and our libalpm started missing out on RELRO and BIND_NOW. This made the Arch Security Team unhappy. We will make them happy again by stopping the patch. Signed-off-by:
-
In rare cases, likely due to a well timed Ctrl+C, but possibly due to a broken mirror, a ".part" file may have size at least that of the correct package size. When encountering this issue, currently pacman fails in different ways depending on where the package falls in the list to download. If last, "wrong or NULL argument passed" error is reported, or a "invalid or corrupt package" issue if not. Capture these .part files, and remove the extension. This lets pacman either use the package if valid, or offer to remove it if it fails checksum or signature verification. Signed-off-by:
-
We now store key structs of our missing key info, so can not search the list for string matches. This caused missing keys to be downloaded once for every package they signed. Signed-off-by:
-
- 14 Jan, 2020 2 commits
-
-
In commit 9c817b65 we made these sources extendable, and heuristically determined the correct extraction functions to use. But our fallback for protos that didn't have an exact extract_* function didn't take into account that 'extract_file' matches an actual proto... so we passed the netfile in while the function expected a file. Solution: the function should expect a netfile too, thereby allowing us to delay an attempted resolution of netfile -> file, to the one case where it is actually used. This makes us slightly more efficient in the non-file case, makes our functions a bit more consistent, and makes file:// extraction work again. Fixes FS#64648 Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
Daniel T. Borelli <danieltborelli@gmail.com> Signed-off-by:
-
- 10 Jan, 2020 2 commits
-
-
When file is called via fakeroot, it doesn't matter whether you use -z or not, it is still incompatible with seccomp. Fix by configuring it with FILECMD when used in the fakeroot 'tidy' run. Fixes FS#65100 Signed-off-by:Eli Schwartz <eschwartz@archlinux.org> -
python-3.8 changed the default tar format to PAX_FORMAT. This caused issues in our testsuite with package extraction of files with UTF-8 characters as we run the tests under the C locale. sycn600.py: error: error while reading package /tmp/pactest-xuhri4xa/var/cache/pacman/pkg/unicodechars-2.0-1.pkg.tar.gz: Pathname can't be converted from UTF-8 to current locale. Set format back to GNU_FORMAT. Signed-off-by:
-
- 01 Nov, 2019 2 commits
-
-
Allan McRae authored
Signed-off-by: -
Allan McRae authored
Signed-off-by:
-
- 31 Oct, 2019 1 commit
-
-
Allan McRae authored
Signed-off-by:
-
- 30 Oct, 2019 4 commits
-
-
Allan McRae authored
-
Distribute asciidoc sources for all manpages instead of remembering to add files to both variables. Fixes regression in 377d4714 which broke building the website from a dist tarball: make: *** No rule to make target 'pacman-conf.8.html', needed by 'html'. Stop. (Technically this regression is already fixed by commit 942b9098 , but this is just going to keep happening, I suspect, so we should fix the root cause.) Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
Fixes issue where users were allowed to run cleanup while running --geninteg or --printsrcinfo or --packagelist, thus mixing invalid responses into stdout. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
Exclude files with hardlinks when cat'ing all the files, and do a second run to look at each file with hardlinks, keep track of the ones we've already operated on, and only cat each inode once. Then use "wc -c" to get the size of all (deduplicated) files the same way we were already doing. Original-patch-by:
Ronan Pigott <rpigott@berkeley.edu> Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by:
-
- 29 Oct, 2019 2 commits
-
-
zipman: read -r protects against those evil manpages whose filenames contain backslash escapes, (muahahaha?) IFS= read protects against filenames with: - leading whitespace (but no one is actually stupid enough to configure their MAN_DIRS=() in makepkg.conf with such silly directories, *right*?) - trailing whitespace (but likewise, no one should be stupid enough to write an uncompressed manpage for section '1 ' or something) Also fix several other cases where we read filenames without protecting against surrounding whitespace, or without using null-delimited filenames when we could trivially do so. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: -
The BSD stat command uses %N, not %n, and was incorrectly ported to meson. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by:
-
- 27 Oct, 2019 1 commit
-
-
Allan McRae authored
Use after free. Signed-off-by:
-
