Fixes: 3f8029af

 ("pacman-key: Use ngettext for plurals")
Signed-off-by: Stefan Weil <sw@weilnetz.de>

There are two strings that may be singular or plural in pacman-key.
Use ngettext to handle these strings correctly, and provide a fallback
function if it is not available.

Fixes FS#70556.

Signed-off-by: Allan McRae <allan@archlinux.org>

The function _keys is a bit generic and can result in clashes.  Change
other functions starting with _key_ to be _pacman_key_ as well.

Fixes FS#74507.

Signed-off-by: Allan McRae <allan@archlinux.org>

Morgan Adamiec authored Dec 17, 2022 and Allan McRae committed Dec 19, 2022

Commit 4f43ce3e broke repo-add by
switching to parseopts without accounting for the added "--". This caused
the dbname to always be read as "--".

Accounts for "--" and makes repo-add respect "--" as end of opts.

Mention valid suffixes should start with .pkg or .src

Fixes FS#64749.

Signed-off-by: Allan McRae <allan@archlinux.org>

Ziemowit Laski authored Dec 13, 2022 and Allan McRae committed Dec 13, 2022

GPGME_KEYLIST_MODE_LOCATE was introduced in 1.12.0

Signed-off-by: Allan McRae <allan@archlinux.org>

Avoids a warning from meson.

Signed-off-by: Allan McRae <allan@archlinux.org>

When package software with debug symbols without stripping, we should
still process the files with debugedit and include the needed source
files in the package.

Signed-off-by: Allan McRae <allan@archlinux.org>

We have not set handle in the function at this stage, so we can not
assign an error to it.  Pass the handle to the function to avoid
waiting until the payload is retrieved.

Signed-off-by: Allan McRae <allan@archlinux.org>

The memory assigned in _alpm_pkg_load_internal was not freed on
error.

Signed-off-by: Allan McRae <allan@archlinux.org>

Move closing of the file descriptor until the end of the function, as
any following error will lead to a "goto error" that attempts to close
it again.

Signed-off-by: Allan McRae <allan@archlinux.org>

Prevents a null deference on error.

Signed-off-by: Allan McRae <allan@archlinux.org>

Signed-off-by: Allan McRae <allan@archlinux.org>

This also prevents a use-after-free issue where we free the list we
are interating over and the do i->next.

Signed-off-by: Allan McRae <allan@archlinux.org>

Bash-5.2 introduced the patsub_replacement shell option, which is enabled
by default.  Apparently is it supposed to handle a sed-like idiom, but
what it does achieve is making any substitution involving a "&" requiring
special care.

For makepkg's DLAGENTS, we replace "%o" and "%u" if present.  Any "&" in
the replacement fields triggers patsub_replacement unless quoted.  This is
particularly important for the URL field.

Add relevant quotes to avoid issues.

Signed-off-by: Allan McRae <allan@archlinux.org>

md5sums are cryptographically broken and we supply sha256sums to verify
files on a users system have not been modified from the packaged version.

Signed-off-by: Allan McRae <allan@archlinux.org>

Keeping md5sums in the repo databases no longer serves a real purpose.
md5sums are no longer considered  secure, and we already have sha256sums
in the repos (along with PGP verification).

Signed-off-by: Allan McRae <allan@archlinux.org>

Signed-off-by: Allan McRae <allan@archlinux.org>

The example makepkg.conf.in suggests using "PKGDEST=/home/packages". It makes
sense to use the same path for the custom repo example in pacman.conf.in.

Fixes FS#48497.

Signed-off-by: Allan McRae <allan@archlinux.org>

Signed-off-by: Allan McRae <allan@archlinux.org>

Also more definitions to more relevant areas in alpm.h.

Signed-off-by: Allan McRae <allan@archlinux.org>

Signed-off-by: Allan McRae <allan@archlinux.org>

The currently used openssl interfaces for calculating checksums have been
deprecated in openssl-3.0.  Move to the modern interfaces to avoid build
warnings.

Signed-off-by: Allan McRae <allan@archlinux.org>

Signed-off-by: Morten Linderud <morten@linderud.pw>

Bash sources user configuration files under a number of conditions that
can cause issues with scripts when bash is used as the scriptlet shell.

Bash assumes it's being run under rsh/ssh if stdin is connected to a
socket and sources the user bashrc unless the environment variable
$SHLVL is >= 2.  Commit 6a4c6a02
switched from pipes to sockets when communicating with child processes
to work around SIGPIPE issues.  Normally $SHLVL would be inherited from
the shell running pacman, but operations involving scriptlets are
generally run with sudo which does not let the $SHLVL variable through
unless specifically configured to.

Similarly $BASH_ENV can cause bash to source user-specified configuration
files if set.

https://lists.gnu.org/archive/html/help-bash/2022-02/msg00082.html



Note: the list discussion and bash source all reference SHLVL >= 2, this
is the SHLVL value *after* bash has incremented it on startup.  Setting
it to 1 in pacman is sufficient to disable the unwanted behavior.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>

Signed-off-by: Allan McRae <allan@archlinux.org>

Frederik Schwan authored Oct 05, 2022 and Allan McRae committed Oct 09, 2022

`.o` objects used to be omitted by strip.sh due to a missing match in
the `Relocatable file` section. This patch fixes the issue by handling
`.o` objects similar to kernel modules.

fixes FS#74941

Signed-off-by: Allan McRae <allan@archlinux.org>

Morten Linderud authored Oct 06, 2022 and Allan McRae committed Oct 09, 2022

`${pkgbase}` was added to the wrong invocation. This ensures we are
producing correct debug packages.

Example from the package:

    /usr/src/debug/pacman/pacman-6.0.2/src/pacman/callback.c
    /usr/src/debug/pacman/pacman-6.0.2/src/pacman/callback.h
    /usr/src/debug/pacman/pacman-6.0.2/src/pacman/check.c
    /usr/src/debug/pacman/pacman-6.0.2/src/pacman/check.h

Fixes: 776b7c1e

 ("debugflags: Ensure we have unique source paths")
Signed-off-by: Morten Linderud <morten@linderud.pw>
Signed-off-by: Allan McRae <allan@archlinux.org>

The debugedit call to list all source files may include things like
build/<...>.  We have been filtering out these <> files, but they can
point to the build directory which is important to be available for
relative source paths stored in the .debug files.

Signed-off-by: Allan McRae <allan@archlinux.org>

Bash 5.2 has a new globskipdots option, which is enabled by default. The
check_dotfiles lint fails with globskipdots due to the assumption that
at least the "." and ".." paths will match. Disabling globskipdots would
be the usual solution, but that fails on bash<5.2.  Instead, enable
nullglob for this check.

Signed-off-by: Allan McRae <allan@archlinux.org>

Signed-off-by: Allan McRae <allan@archlinux.org>

Signed-off-by: Allan McRae <allan@archlinux.org>

Kristian Klausen authored Sep 10, 2022 and Allan McRae committed Sep 26, 2022

The trustdb is marked as dirty when a key is revoked[1] and GPG will
recheck it the next time. Checking the trustdb can take 300-500ms which
with 52 revoked keys (and counting) adds up.

This is very noticeable when initializing and populating pacman's
keyring like archiso is doing[2]. It is also unnecessary as the trustdb
is always checked as the last step when populating the keyring.

[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keyedit.c;h=1cb62de8a87a823e06b2ed74efdc9e7a4cd99e2b;hb=refs/heads/STABLE-BRANCH-2-2#l6509
[2] archlinux/archiso#191

Fixes FS#75838

Signed-off-by: Allan McRae <allan@archlinux.org>

Ben Westover authored Aug 03, 2022 and Allan McRae committed Aug 04, 2022

There are two "binaries" that are currently missing documentation,
pacman-db-upgrade and testpkg. This patch adds that documentation.

Signed-off-by: Ben Westover <kwestover.kw@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>

Ben Westover authored Jul 29, 2022 and Allan McRae committed Aug 02, 2022

Signed-off-by: Ben Westover <kwestover.kw@gmail.com>

solo turn authored Aug 01, 2022 and Allan McRae committed Aug 02, 2022

Commit e017a597 introduced the GITFLAGS
environmental variable. While ensuring the default of "--mirror" was
kept, there was a capitalisation mistake made. Handle the default for
GITFLAGS directly in the git clone command.

solo turn authored Mar 20, 2022 and Allan McRae committed Jul 29, 2022

The default flag used to clone a git repository when using makepkg
is "--mirror". However, when working with huge repositories, the use
of different flags during cloning can allow an faster checkout. For
example, using "--filter=blob:none" allows for small checkouts, at
the expense of requiring downloads during the build stage if anything
but the HEAD commit is used for the build. In addition, this example
would serve as a replacement for the often requested (but broken)
addition of --depth=1.

Add support for the environment variable GITFLAG to pass flags for
the git clone command. Note that this overrides the default rather
than adding to it in order to prevent incompatibilities.

Daan De Meyer authored Jul 27, 2022 and Allan McRae committed Jul 29, 2022

On Debian, keyrings are stored in /usr/share/keyrings. To support
this, let's add a new --keyringdir option that allows configuring
the directory under datarootdir where the keyrings should be
imported from. We default to 'pacman/keyrings' for backwards
compatibility.

Alexander Rødseth authored Jul 22, 2022 and Allan McRae committed Jul 29, 2022

For some terminal widths, the "C"/"c" character does not alternate at
regular intervals, but may look like it is stuck at either lowercase or
uppercase.

The previous behavior toggled based on the character position, while this
new behavior toggles the chomp alternation based on the progress percentage value.

This leads to slightly improved chomping.

Signed-off-by: Alexander F. Rødseth <xyproto@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>