summaryrefslogtreecommitdiff
path: root/lib/libalpm/be_sync.c
AgeCommit message (Collapse)Author
2015-08-08libalpm: Force update when database is marked as corrupted.Sebastian Lackner
When a database and its signature is updated non-atomically on a server, there is a window where a user may update the database but grab the old signature. The database is marked as invalid by libalpm, which can be fixed by forcing a refresh (assuming the server has caught up and the user realizes what has happened) or with a future update of the repo. Work around this by forcing a repository refresh whenever a database is invalid. Signed-off-by: Sebastian Lackner <sebastian@fds-team.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15Read file lists from databasesAllan McRae
If a sync database contains a "files" file, the file list will be read. Currently, there is no known demand for the file list to be lazy loaded by any libalpm frontend, so these files are read whenever present. Lazy loading can be implemented when a demand exists. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-15Allow frontends to specify the sync database extensionAllan McRae
This allows frontends to select between the .db and .files databases currently supplied by repo-add or any other compatible database. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12libalpm: Do a sanity check before manipulating final DB URLDavid Macek
The change in commit 9d96bed9d6b57 causes download errors for the .db.sig file in case the final URL for the .db file contains query strings or other unexpected stuff. This commit isn't intended to be a total solution, but it should eliminate the problem in the most obvious cases. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-12Fix comment in alpm_db_updateDavid Macek
Fix comment to better explain the magic constant used when allocating a buffer for ".db.sig" URL. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-02-01Update copyright notices for 2015Allan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-01-21conf.c: use masks for siglevel inheritanceAndrew Gregory
This will allow pacman to parse its config file in a single pass and removes the need for the *_SET siglevels in alpm that were only required for pacman's siglevel inheritance. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2014-12-24libalpm: Parse and write PKGBASEsJohannes Löthberg
This commit adds support to libalpm to parse the pkgbase present in packages .PKGINFO files, writing the PKGBASE to the %BASE% section of the local DBs desc files and for parsing it again when loading the local DB Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-17Fix crash when using external downloaderAllan McRae
Commit 9d96bed9 attempts to use the same effective URL for the db and its signature download. However, this information is not available when we use an external downloader, resulting in a crash. Fall back to the old method when the effective URL is unavailable. Signed-off-by: Allan McRae <allan@archlinux.org>
2014-10-19dload: mark final_url as constChristian Hesse
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-10-16be_sync: use effective URL for db file signature downloadChristian Hesse
If download server is dynamic mirror chances are that db file download and db file signature download are redirected to different mirrors, resulting in invalid signature. This uses effective URL for db file signature download and makes the files always match. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-09-30libalpm: export alpm_splitdep as alpm_dep_from_depstring and alpm_dep_freeFlorian Pritz
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-08-04handle_unlock: log lock removal failureAndrew Gregory
Rather than have individual callers log failure, just do it directly in _alpm_handle_unlock. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-03-03Update the event callbackOlivier Brunel
Instead of using two void* arguments for all events, we now send one pointer to an alpm_event_t struct. This contains the type of event that was triggered. With this information, the pointer can then be typecasted to the event-specific struct in order to get additional arguments. Signed-off-by: Olivier Brunel <jjk@jjacky.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-28Remove ts and sw from vim modeline when noet is setFlorian Pritz
Forcing vim users to view files with a tabstop of 2 seems really unnecessary when noet is set. I find it much easier to read code with ts=4 and I dislike having to override the modeline by hand. Command run: find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} + Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-06Update copyright years for 2014Allan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-09-04libalpm: introduce a usage level for reposDave Reisner
This defines a level of interest a user has in a repository. These are described by the bitmask flags in the alpm_db_usage_t enum: ALPM_DB_USAGE_SEARCH: repo is valid for searching ALPM_DB_USAGE_INSTALL: repo is valid for installs (e.g. -S pkg) ALPM_DB_USAGE_UPGRADE: repo is valid for sysupgrades ALPM_DB_USAGE_ALL: all of the above are valid Explicitly listing the contents of a repo will always be valid, and the repo will always be refreshed appropriately on sync operations. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-07-22be_sync: avoid crashing on files in the root of a DBDave Reisner
If a sync DB is malformed and contains entries in the root of the archive, load_pkg_for_entry will leave the 'filename' variable empty, leading to a crash in the ensuing strcmp() calls which determine the DB fragment being examined. While this isn't a read error, this should be reported to the user so that it can be addressed by the creator of the DB. As seen: https://bbs.archlinux.org/viewtopic.php?pid=1297766 Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2013-07-22Add missing headerAllan McRae
Exposed when building with --without-libcurl Signed-off-by: Allan McRae <allan@archlinux.org>
2013-07-05do not check error from close(2)Dave Reisner
On operating systems we support, the behavior is always such that the kernel will do the right thing as far as invalidating the file descriptor, regardless of the eventual return value. Therefore, potentially looping and calling close multiple times is wrong. At best, we call close again on an invalid FD and throw a spurious EBADF error. At worst, we might close an FD which doesn't belong to us when a multi-threaded application opens its own file descriptor between iterations of the loop. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-04validate %FILEPATH% when parsing repo dbsSimon Gomizelj
Currently we make no effort to validate the %FILENAME% field in the repo db. This allows for relative paths to be considered valid. A carefully crafted db entry with a malicious relative path, (e.g. `../../../../etc/passwd`) will cause pacman to to overwrite _any_ file on the target's machine. Add the following validation: - doesn't start with '.' - doesn't contain a '/' - won't overflow PATH_MAX Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-13Fix registering database with non-gpgme buildsAllan McRae
We record whether the default SigLevel is set in order to add upon it for the *FileSigLevel entries. When using the only valid value of "SigLevel = Never" with non-gpgme builds, we need to ignore the ALPM_SIG_PACKAGE_SET flag when determining if we have a valid value for the database SigLevel. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09Skip reading sync db deltas files if UseDelta is unsetAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-29Use libarchive compat header for relevant symbolsDave Reisner
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-29dload: pass back the effective URL to callers of _alpm_downloadDave Reisner
I suspect that eventually we're going to end up returning a pointer to an allocated struct to describe the download result, but that's for another patch when the need arises... Fixes FS#33508. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-03Update copyright year for 2013Allan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2012-12-14Do not warn about missing database if being downloadedAllan McRae
When a configured repo database is not already downloaded, a warning message such as "warning: database file for 'testing' does not exist" is printed. Disable this warning when the database is scheduled to be downloaded in the transaction. Signed-off-by: Allan McRae <allan@archlinux.org>
2012-07-10update comments referring to alpm_option_get_syncdbsDave Reisner
This function was renamed alpm_get_syncdbs as part of b488f229d. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-06-25repo-add: add checkdepends informationAllan McRae
Similar to the case for makedepends, it is useful to be able to access this information without parsing a PKGBUILD. Signed-off-by: Allan McRae <allan@archlinux.org>
2012-06-25add line length parameter to _alpm_strip_newlineDave Reisner
If known, callers can pass the line size to this function in order to avoid an strlen call. Otherwise, they simply pass 0 and _alpm_strip_newline will do the call instead. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-05-20repo-add: add makedepends informationAllan McRae
This is useful for tools that automatically rebuild packages and thus require to generate a build order. These entries are skipped by pacman. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-04-07Prefix alpm_pkgfrom_t members with ALPM_Allan McRae
Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-08Simplify package validation info output for sync packagesAllan McRae
Unify the output for local and sync packages by only printing a list of possible validation types for sync packages. This also has the advantage of not printing the very long sha256 checksum which line wrapped on a standard width terminal. Signed-off-by: Allan McRae <allan@archlinux.org>
2012-03-08Hook new optdepend structures upBenedikt Morbach
No new behaviour introduced, everything should work exactly as before. Dan: refactored to use the single alpm_depend_t structure. Signed-off-by: Benedikt Morbach <benedikt.morbach@googlemail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-20Update copyright yearsAllan McRae
Add 2012 to the copyright range for all libalpm and pacman source files. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-13use _alpm_access in a few more places for increased debugging infoFlorian Pritz
pacman -U <pkg> returns a bogus "could not find or read package" if the file is on a fuse file system that doesn't allow root access. Debug output isn't very helpful here either so we should log why the access check failed. The other 2 checks already log something when failing so logging a more specific error won't hurt either. Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-08Fix segfaults on opening invalid archive filesDan McGee
"invalid" in this case simply means files that may or may not be archives. Discovered via a `pacman -Sc` operation with delta files in the package cache directory, but can be triggered if any file is passed to `pacman -Ql` that isn't an archive, for instance, or if the sync database file is not an archive. Fix it up so we are more careful about calling archive_read_finish() only on archives that are valid and have not already been closed, and teach our archive open function to set the returned archive to NULL if we aren't going to be returning something valid anyway. Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-07Update sync database size estimation valuesDan McGee
As the comment states, this is more like a dartboard than science. Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-02pkghash improvements/modificationsDan McGee
This patch changes a variety of small things related to our pkghash implementation with an eye toward performance, especially on native 32-bit systems. * Use `unsigned int` rather than `size_t` for hash sizes. We already return ERANGE for any attempted creation of a hash greater than 1 million elements, so unsigned int is more than large enough for our purposes. Switching to this type allows 32 bit systems to do native math without helper functions from libgcc. * _alpm_pkghash_create() now internally adds extra padding for additional array elements, rather than that being the responsibility of the caller. * #define values are moved into static const values in pkghash.c; a new `stride` value is also extracted (but remains set at 1). * Division and modulus operators are removed from the normal find and add paths if possible. We store the upper limit of the number of elements in the hash so we no longer need to calculate this every element addition. When doing wraparound position calculations, we only apply the modulus operator if the value is greater than the number of buckets. Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-02Minor optimization on likely sync package lookupDan McGee
We have a name_hash value here, so add a cheap compare of it before falling to the strcmp() call. Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-02Only compile delta regex onceDan McGee
This reduces the number of regcomp() calls when parsing delta entries in the database from once per entry to once for the entire context handle by storing the compiled regex data on the handle itself. Just as we do with the cURL handle, we initialize it the first time it is needed and free it when releasing the handle. A few other small tweaks to the parsing function also take place, including using the stack to store the transient and short file size string while parsing it. When parsing a sync database with 1378 delta entries, this reduces the time of a `pacman -Sl deltas` operation by 50% from 0.22s to 0.12s. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-21include config.h via MakefilesDave Reisner
Ensures that config.h is always ordered correctly (first) in the includes. Also means that new source files get this for free without having to remember to add it. We opt for -imacros over -include as its more portable, and the added constraint by -imacros doesn't bother us for config.h. This also touches the HACKING file to remove the explicit mention of config.h as part of the includes. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-16Add helper method for creating and opening archive objectDan McGee
This moves the common setup code of about 5 different callers into one method. Error messages will now be common and shared in all places; several paths did not have any messages at all before. In addition, we now pick an ideal block size for the archive read based off the larger value of our default buffer size or the st.st_blksize field. For a filesystem such as NFS, this is often much larger than the default 8192- values such as 32768 and 131072 are common. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-01Convert package and database archive reads to use file descriptorsDan McGee
This gives us a bit more control and over the archive reading process, and a bit less is done behind the scenes. It also allows us to use fstat() in preference to stat(), which should avoid some potential race conditions. Some reorganization is necessary to move the stat calls after the open() calls. Error handling and cleanup in general is also improved, as we had several potential memory and file handle leaks before in some error paths. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-27Introduce ALPM_BUFFER_SIZE constantDan McGee
This takes the place of three previously used constants: ARCHIVE_DEFAULT_BYTES_PER_BLOCK, BUFFER_SIZE, and CPBUFSIZE. In libarchive 3.0, the first constant will be no more, so we can ensure we are forward-compatible by removing our usage of it now. The rest are unified for consistency. By default, we will use the value of BUFSIZ provided by <stdio.h>, which is 8192 on Linux. If that is undefined, a default value is provided. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-28Refactor download payload reset and freeDan McGee
This was done to squash a memory leak in the sync database download code. When we downloaded a database and then reused the payload struct, we could find ourselves calling get_fullpath() for the signatures and overwriting non-freed values we had left over from the database download. Refactor the payload_free function into a payload_reset function that we can call that does NOT free the payload itself, so we can reuse payload structs. This also allows us to move the payload to the stack in some call paths, relieving us of the need to alloc space. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-27be_sync: fetch only entry mode, not full stat structDan McGee
This saves a lot of unnecessary work since we don't need any of the other fields in the stat struct. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22Ensure database validity flags are set in invalid signature caseDan McGee
We returned the right error code but never set the flags accordingly. Also, now that we can bail early, ensure we set the error code. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-20signing: add a process and retry loop for database signaturesDan McGee
In reality, there is no retrying that happens as of now because we don't have any import or changing of the keyring going on, but the code is set up so we can drop this in our new _alpm_process_siglist() function. Wire up the basics to the sync database validation code, so we see something like the following: $ pacman -Ss unknowntrust error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust error: database 'core' is not valid (invalid or corrupted database (PGP signature)) $ pacman -Ss missingsig error: core: missing required signature error: core: missing required signature error: database 'core' is not valid (invalid or corrupted database (PGP signature)) Yes, there is some double output, but this should be fixable in the future. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-20Allow our PGP helper method to pass back the signature resultsDan McGee
This will make its way up the call chain eventually to allow trusting and importing of keys as necessary. Signed-off-by: Dan McGee <dan@archlinux.org>