summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-01-18extract default settings to separate functionAndrew Gregory
Default values for configuration settings were being set during alpm setup and in some cases were never saved back to the original config struct. Refactoring all default settings into a separate function and saving them onto the original config struct will allow pacman-conf to resolve the defaults without having to setup alpm. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-18extract raw config file parserAndrew Gregory
To allow pacman-conf to parse the configuration file without having to also setup alpm. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-11Support new OpenPGP format packets lengthsAllan McRae
RFC 4880 defines two packet formats for OpenPGP. Pacman aborted its key in keyring check with an error message if it encountered the new format. This was fine until some annoying Arch Trusted User generated a key using the new format! Implement the new format. This also required parsing the hashed sub packets. requiring the parsing code to moved to its own function. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-10Fix moving source files into debug packagesAllan McRae
Commit 8bec63bf92d8dd028aa88dbd5109c314cdb9ebea attempted to switch to using -fdebug-prefix-map to set file locations in debug packages. It make a few mistakes... 1) Adding debug C{,XX}FLAGS only worked if DBGSRCDIR was defined in makepkg.conf. Fix this by falling back to the default value. 2) Using -fdebug-prefix-map altered a lot of assumptions about file locations when copying source files into debug packages. This resulted in lots of messages of failed cp in packaging output. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-10add missing newline to debug messageAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-10detect pkghash allocation failureAndrew Gregory
If rehash ever failed with a full hash it would return the old hash that is already full. get_hash_position would then loop forever because it would never find an empty bucket. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-10Do not continuously try to open an invalid databaseAllan McRae
If you manage to download a bad database (e.g. an html file when behind a proxy or with a badly configured webserver), pacman makes sure you know about it. Here is some example output: error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format I don't know how many times that gets printed because it goes beyond my scrollback buffer. Flag a database that we can "open" and "fstat" but not read from as invalid to avoid this. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-09Handle empty string passed to query_ownerAllan McRae
Passing an empty string to pacman -Qo results in: error: No package owns <first directory in $PATH> Catch empty strings and report an error. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06do not rely on name hashes for matchingAndrew Gregory
6cfc4757b98e813428d261dbc185e20618ca83a6 was overzealous in attempting to optimize away a call to strcmp based on a comparison of hashes. The call can be skipped if the hashes are different, but different strings could have the same hash. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06vercmp: fix incorrect info in the manpageEli Schwartz
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06vercmp: remove --usage variant of the -help optionEli Schwartz
I think two ways to ask for this are enough for everyone, and we have never documented this anyway. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06dload: ensure callback is always initialized onceAndrew Gregory
Frontends rely on an initialization call for setup between downloads. Checking for intialization after checking for a completed download can skip initialization in cases where files are small enough to be downloaded all at once (FS#56408). Relying on previous download size can result in multiple initializations if there are multiple non-transfer events prior to the download starting (fS#56468). Introduce a new cb_initialized variable to the payload struct and use it to ensure that the callback is initialized exactly once prior to any actual events. Fixes FS#56408, FS#56468 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06avoid printing NULL stringAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06libmakepkg/integrity: fix git signatures not seen with multiple filesEli Schwartz
In eaa82b4d0775252856a4e54a6f2a9ea191cf0b8f source_has_signature() was modified to check if git repositories are marked as signed. However, due to a typo the unused variable $netfile was checked. This worked as long as the last source element was marked as signed, due to $netfile being mistakenly set as a global in check_vcs_software(), but usually failed with multiple sources. Break this more consistently by properly declaring $netfile as a local variable in check_vcs_software() which it should be regardless. Fix it again by completely moving over to $netfile in source_has_signature() as netfile is more descriptive of the current state. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06libmakepkg/integrity: fix regression that broke invalid file sigsEli Schwartz
In 42e7020281d3ae260e1e9693495f527b7f476625 creating the gpg statusfile for a source file was split into a separate function, which used the return code to indicate unsigned files and proto-specific errors. However, the fallback return code was set by the final gpg invocation, which would be 1 if the signature was somehow broken (for example, the key was not available in the gpg keyring). As a result makepkg thought that file did not have a signature and skipped over it rather than erroring out. Fix this by explicitly setting the return code for all verify_*_signature() functions. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07makepkg: tell the compiler to record debugging info for debug packagesEli Schwartz
In commit 8b0d59b83a60eb504567590346119fe4cd891cad support was added for storing the source files of binaries in debug packages. This made use of the debugedit program which is part of the RPM package manager, which is not very standalone. The same effect can be achieved using -fdebug-prefix-map, an option accepted by both the gcc and clang compilers which modifies how the compiler itself stores the references to the source files rather than requiring us to later edit the produced binaries. This also removes the dependency on external programs like debugedit. As a result of this change, source files will only be effectively added for programs which actually use the exported CFLAGS. This is a reasonable tradeoff as we expect our CFLAGS to be used rather than ignored. Upstream software which do not produce useful debug packages are expected to fix their build systems to respect the environment CFLAGS. As a result of this change, the routine for extracting source filenames from binaries had to be modified to derive the source file from the final debug location, rather than the other way around. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07makepkg: Add a config option to specify the location of debug sourcesEli Schwartz
In commit 8b0d59b83a60eb504567590346119fe4cd891cad support was added for storing the source files of binaries in debug packages. Allow the user to specify where those source files should be stored via makepkg.conf Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07makepkg: refactor archive compression for reusabilityEli Schwartz
This allows for more easily extending the list of allowed compression methods, as it has to be modified in only one place. Also allow the user to specify their own preferred command + options for source packages in addition to compiled packages. Currently, makepkg.conf(5) erroneously claims this is already possible.
2017-12-07libmakepkg: fix .gitignore to simply ignore all generated .sh filesEli Schwartz
Prior to commit aca153bfa6b1bcd828f0b35db453bb9fea6a08bf some .sh files were not generated and simply included directly, and it was necessary to explicitly iterate all ignored files to prevent git from ignoring the directly-included files. However, now all .sh files are in fact generated so it makes no sense to list each one separately in the .gitignore file. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07makepkg: reorganize the restoration of settings by precedenceEli Schwartz
The extra variables on the commandline were inconsistently applied. They should override anything else, instead, most were overridden by environment variables with the exception of BUILDDIR (and this was not sanity-checked to see if it had write permissions). e.g. given the commandline: `PKGDEST="$(pwd)"` BUILDDIR="$(pwd)" makepkg PKGDEST=/doesnt/exist BUILDDIR=/doesnt/exist` We would incorrectly use the current working directory for PKGDEST. Meanwhile, we checked the wrong directory for BUILDDIR, and later errored when we tried to create $srcdir inside the non-writable directory "/doesnt/exist". In order to fix this, use the preferred bash builtin for saving variable definitions, similar to how we restore traps etc. rather than tediously redefining each one by hand, and restore this immediately after makepkg.conf is sourced. Finally, the `make`-style commandline overrides are applied. Also canonicalize_path is applied only on the final paths we try to use. While it is unlikely the value in makepkg.conf will be a relative path, since we now properly respect commandline overrides, they should be canonicalized as well. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07Fix CVE-2016-5434 (DoS/loop and out of boundary read)Nils Freydank
This is a rewrite of Tobias Stoeckmann’s patch from June 2016[1] using functions instead of macros. (Thanks to Tobias for explanations of his patch.) A short question on Freenode IRC showed that macros are generally discouraged and functions should be used. The patch introduces a static size_t length_check() in libalpm/signing.c. [1] Original patch: https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html CVE request (and assignment): http://seclists.org/oss-sec/2016/q2/526 Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07makepkg.conf: correct the documentation on the default optionsEli Schwartz
The documentation for OPTIONS and BUILDENV listed some incorrect defaults for undefined options. The defaults are implementation-defined in the source code for makepkg itself (e.g. it depends whether we use `check_option "opt" "y"` or `check_option "opt" "n"`) but were erroneously declared to be "whatever we *define* in the default makepkg.conf". Fixes FS#55754 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07makepkg: implement error codesIvy Foster
For your convenience, makepkg now has 16 distinct ways to fail. Also closes FS#54204. Signed-off-by: Ivy Foster <iff@escondida.tk> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07makepkg: clarify error when user passes -FIvy Foster
Signed-off-by: Allan McRae <allan@archlinux.org>
2017-10-17libmakepkg: only output package file names when checking for build referencesAllan McRae
The leading directory is distraction from identifying the files containing build references. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-09-14Make the flags used for sed -i configurableAlastair Hughes
Not all sed implementations on linux accept the --follow-symlinks argument, so let the user configure the arguments passed to sed if required. Signed-off-by: Alastair Hughes <hobbitalastair@gmail.com> [Allan: fixed configure summary output] Signed-off-by: Allan McRae <allan@archlinux.org>
2017-09-14libmakepkg: grammar fixAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2017-09-13makepkg: respect $SOURCE_DATE_EPOCH to activate reproducible buildsEli Schwartz
If SOURCE_DATE_EPOCH is set, `touch` all source files between the (optional) prepare() and build() functions to unify the modification times. This works around build systems and compilers that embed the file modification times into the file contents of release artifacts. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-09-13libmakepkg: check for invalid tags in gitEli Schwartz
As per https://lists.archlinux.org/pipermail/arch-general/2017-July/043876.html git doesn't check that the tag name matches what an annotated tag object *thinks* it should be called. This is a bit of a theoretical attack and some would argue that we should always use commits since upstream can legitimately change a tag, but nevertheless this can result in a downgrade attack if the git download transport was manipulated or the upstream repository hacked. So, check the tag blob to make sure the tag actually matches the name we used for `git checkout`. This really should be fixed in git itself, rather than forcing all downstream users of git verify-tag to implement their own checks, but the git developers disagree, see the discussion surrounding https://public-inbox.org/git/xmqqk2hzldx8.fsf@gitster.mtv.corp.google.com/ Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-28Fix brace coding style issuesMichael Straube
- Add missing braces to one-line if blocks - Move opening brace to line end Signed-off-by: Michael Straube <straubem@gmx.de>
2017-07-28Fix coding style issue in pacman/util.cMichael Straube
Add missing braces to some one-line if blocks. Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-11test/pacman: fix spelling of distribution name and another typoMichael Straube
Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-11clarify broken dependency error messagesAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-11provide command for downloading missing databasesAndrew Gregory
This is primarily to help users who are not aware that -F operations use a separate set of databases that need to be separately downloaded. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06alpm_list: abort on memory allocation failureAndrew Gregory
This makes it possible to detect a failure in several alpm_list functions. Previously these functions would continue after a failure, returning partial results and potentially leaking memory. Unfortunately, NULL is a valid return value for the affected functions if the input list is empty, so they still do not have a dedicated error value. Callers can at least detect an error by checking if the input list was empty. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06makepkg: add more information to .BUILDINFOLevente Polyak
The .BUILDINFO file should retain all the information needed to reproducibly build a package. Add some extra information to the file and also provide a version number to keep track of future changes. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06makepkg: set default value for PACKAGERAllan McRae
In write_pkginfo, we checked if $PACKAGER was undefined, and gave a default value if not. Just do this upfront to simplify this function. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06makepkg: always write pkgbaseAllan McRae
There is little savings in only writing pkgbase when different to pkgname, and it makes determining the pkgbase by parsing .PKGINFO slightly easier. Lets just write it... Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06makepkg: do not write baseverAllan McRae
Since 8a02abcf19, this attribute will never exist. Remove check to write it. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg: Fix improperly spelled local variable declarationEli Schwartz
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg/integrity: Fix error message not sent to stderrEli Schwartz
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg: fix unsanitized source filenamesEli Schwartz
There were a couple places where filenames beginning with "-" were not properly guarded against by passing them after "--". Some PKGBUILD authors are crazy, but we still take those into account. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06fix typo in libalpm commentChristian Hesse
contatenate -> concatenate Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-16makepkg: introduce SOURCE_DATE_EPOCHAllan McRae
This patch introduces the SOURCE_DATE_EPOCH environmental variable. All files in a package are adjusted to have their modification dates set to the value of SOURCE_DATE_EPOCH, which defaults to "date +%s". Setting this variable allows a package that is built twice in the same environment to be (potentially) reproducible in that the checksum of the generated package file will be the same. Also adjust the compression of the mtree file to avoid gzip embedding a timestamp. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2017-05-16makepkg: remove build date from .PKGINFO headerAllan McRae
This information is duplicated (in less friendly format) in the "builddate" entry and removing it improves reproducible packaging. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2017-05-16remove unused byte from user agent bufferAndrew Gregory
snprintf prints at most n bytes including the terminating '\0'. The extra reserved byte was never being used. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-16check for overflow when setting HTTP_USER_AGENTAndrew Gregory
gcc7 issues a warning about a potential overflow if left unchecked. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-16query_fileowner: avoid buffer overflowAndrew Gregory
Copying a string into a buffer that has just been determined to not be able to hold it is obviously incorrect. The actual error handling appears to have been unintentionally removed in 47762ab687959e48acc2de8592fcf3ba3cfa502b. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-16alpm_unlock: check handle before dereferencingAndrew Gregory
Prevents SIGSEGV if we catch SIGINT or SIGHUP before initializing alpm. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-08pacman.8: fix typo in query optionsMichael Straube
Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Allan McRae <allan@archlinux.org>