Jonathan Frazier [Thu, 18 Jul 2013 22:05:58 +0000 (18:05 -0400)]
pacdiff: provide an --output option to show any .pac* files
This is an option to just echo's the pacnews/pacsaves instead of merging
or removing them. This can be used to check the config status such as in
a cron job without modifying the system.
Signed-off-by: Jonathan Frazier <eyeswide@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Jonathan Frazier [Thu, 18 Jul 2013 21:12:32 +0000 (17:12 -0400)]
pacdiff: improve speed, accuracy finding active configs using pacmandb
This is a new search type, using -p or --pacmandb options. It reads
config file locations directly from the local pacman db. It will find
active configs anywhere they are defined in installed packages. It is
not dependant on outside configs such as updatedb.conf or scanning a
large set of directories for find.
This will find more pacnews than find when searching with the current
default of /etc, and it is faster than both find and updatedb when
searching the entire fs. When run directly after an update, the local db
is more likely to be cached than all files in /etc or / as other methods
read. This will increase performance further post upgrade.
After a package is removed and a pacsave is created, this method will
not find these pacsaves until the base config is added to the local db
again. These files have no influence in a working system and only take
up a few blocks of disk space.
Active configs need to be dealt with immediately to keep a system
working. pacsaves related to removed configs can remain for weeks or
months without problems. I would recommend occasionally running other
methods such as --locate to remove them.
Signed-off-by: Jonathan Frazier <eyeswide@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Jonathan Frazier [Tue, 16 Jul 2013 16:38:15 +0000 (12:38 -0400)]
pacdiff: rework search type handling, add --find option
Change cmd tests to if (( USE_FIND ))... as it is cleaner. All search
cmds have an option and a variable initialized to zero. The active option
should be set to 1. Add a switch to exclude multiple search options.
set the default when all are equal to zero.
Signed-off-by: Jonathan Frazier <eyeswide@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Allan McRae [Wed, 26 Jun 2013 04:37:53 +0000 (14:37 +1000)]
Patch ltmain on autoreconf
We used to carry a patched version of ltmain in our repos to fix libtools
issues with -Wl,-as-needed. Now that ltmain is "generated" by autoreconf,
we manually patch it afterwards.
Dave Reisner [Sun, 7 Jul 2013 23:52:13 +0000 (19:52 -0400)]
be_sync: avoid crashing on files in the root of a DB
If a sync DB is malformed and contains entries in the root of the
archive, load_pkg_for_entry will leave the 'filename' variable empty,
leading to a crash in the ensuing strcmp() calls which determine the DB
fragment being examined.
While this isn't a read error, this should be reported to the user so
that it can be addressed by the creator of the DB.
As seen: https://bbs.archlinux.org/viewtopic.php?pid=1297766
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Dave Reisner [Thu, 4 Jul 2013 00:33:19 +0000 (20:33 -0400)]
do not check error from close(2)
On operating systems we support, the behavior is always such that the
kernel will do the right thing as far as invalidating the file
descriptor, regardless of the eventual return value. Therefore,
potentially looping and calling close multiple times is wrong.
At best, we call close again on an invalid FD and throw a spurious EBADF
error. At worst, we might close an FD which doesn't belong to us when a
multi-threaded application opens its own file descriptor between
iterations of the loop.
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
Andrew Gregory [Wed, 19 Jun 2013 05:23:20 +0000 (01:23 -0400)]
query_fileowner: resolve trailing . or .. in paths
The full path needs to resolved any time it ends with "." or "..", not
just when those are the entire path. This allows strange-but-valid
paths such as: "/home/." to be queried.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Enable inverted patterns in NoExtract and NoUpgrade.
It is now possible to invert patterns in NoExtract and NoUpgrade.
This feature allows users to whitelist certain files that were
previously blacklisted by another entry.
Andrew Gregory [Sat, 18 May 2013 19:53:32 +0000 (15:53 -0400)]
deps.c: check for indirect deps when ordering
On upgrades, indirect dependencies were not being detected if there was
a dependency in between them that was not part of the transaction. For
example, with the dependency chain: pkg1 -> pkg2 -> pkg3, if pkg1 and
pkg3 are being upgraded but not pkg2 pacman would not order pkg1 and
pkg3 properly.
This was particularly problematic when replacements were involved
because the replaced package(s) would be removed at the start of the
transaction. If an install script required the replacer and lacked
a direct dependency, it could fail.
Fixes FS#32764.
Partially fixes FS#23011.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Karol Blazewicz [Mon, 17 Jun 2013 21:48:38 +0000 (23:48 +0200)]
pacscripts: don't read the whole package from cache
'-q' means "Exit as soon as each specified pattern or filename has
been matched." There is no reason to keep reading the whole package
from the cache when the install script has already been printed to
stdout.
Signed-off-by: Karol Błażewicz <karol.blazewicz at gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Phillip Smith [Mon, 3 Jun 2013 05:05:10 +0000 (15:05 +1000)]
repo-add; add option to remove existing package files from disk
When maintaining a custom repo, often it is undesirable to retain older
versions of packages. This patch adds the --remove option to remove the
current package file and it's signature from disk before adding the new
one to the database. Documentation is also updated. This is an optional
flag and default behaviour (leaving ondisk files alone) is not changed.
Signed-off-by: Phillip Smith <fukawi2@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Andrew Gregory [Mon, 3 Jun 2013 03:45:05 +0000 (23:45 -0400)]
die if '-' is given with empty stdin
Several operations default to all packages/repos/etc if no targets are
provided. If a user provides '-' they almost certainly expect there to
be targets on stdin and will be surprised if pacman falls back to the
default because there are none.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
We should only disable this specific keyid. This change enforces that the
contents of the -revoked keyring file are full fingerprints which can uniquely
identify a key.
Partially addresses FS#35478. This does nothing to confirm whether or not the
key was successfully disabled -- a ridiculously simple request which appears to
be far too difficult for gpg to manage.
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
Simon Gomizelj [Wed, 22 May 2013 04:43:11 +0000 (00:43 -0400)]
validate %FILEPATH% when parsing repo dbs
Currently we make no effort to validate the %FILENAME% field in the
repo db. This allows for relative paths to be considered valid.
A carefully crafted db entry with a malicious relative path,
(e.g. `../../../../etc/passwd`) will cause pacman to to
overwrite _any_ file on the target's machine.
Add the following validation:
- doesn't start with '.'
- doesn't contain a '/'
- won't overflow PATH_MAX
Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Allan McRae [Tue, 4 Jun 2013 03:38:48 +0000 (13:38 +1000)]
Restrict pkgname from starting with a dot.
Adding this restriction means we can filter any FILENAME entry from
starting with a "/" or a ".". Use the term "dot" as it is more
computing relevant compared to "full stop" or "period" which vary
depending on English locale.
Andrew Gregory [Sat, 13 Apr 2013 02:26:14 +0000 (22:26 -0400)]
improve dir->file transition conflict resolution
Packages removed due to conflicts are always removed at the beginning of
the transaction and as such can be included in the check for whether all
owners of a directory will be removed in a transaction. Installed
versions of packages being upgraded, other than the one with the
conflict, cannot be used because our transaction ordering is not
intelligent enough to ensure that they are removed prior to the
installation of the conflicted package.
Also, return false from dir_belongsto_pkgs on errors. Previously, we
simply continued which could return true even if we were unable to
actually establish that the package owned the entire tree.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Andrew Gregory [Fri, 10 May 2013 20:44:33 +0000 (16:44 -0400)]
conflict.c: exclude trailing slash from file path
After the initial checks, we either use the path as a directory and have
to append the trailing slash anyway or use it as a file in which case
the trailing slash should be excluded.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Jason St. John [Wed, 29 May 2013 12:03:29 +0000 (14:03 +0200)]
Revise pacman(8)
Resolve several grammatical errors and minor formatting consistency issues
in pacman(8). Generalize the "FTP servers" and package file extension
information.
Signed-off-by: Jason St. John <jstjohn@purdue.edu> Signed-off-by: Allan McRae <allan@archlinux.org>
Florian Pritz [Wed, 22 May 2013 14:35:23 +0000 (16:35 +0200)]
makepkg-template: Stop using given/when
given/when has been marked experimental in perl 5.18 because it will
change it 5.20. if/else is ugly, but hiding the generated warning is no
good solution either, so we us if/else for now.
Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Allan McRae <allan@archlinux.org>
Allan McRae [Sun, 19 May 2013 12:41:01 +0000 (22:41 +1000)]
Improve error message when package is missing required signature
When attempting to install a package (either via -S or -U) and the
signature is missing, the current error message "invalid or corrupted
package (PGP signature)" is very unclear. Instead inform the user
that the package is missing the required signature.
Andrew Gregory [Sat, 18 May 2013 23:37:59 +0000 (19:37 -0400)]
add.c: refactor backup file modification checks
The previous implementation was overly complex with unnecessary checks
and nested conditionals. By reordering the tests and changing them to
all be checks for positive hash matches rather than non-matches, we can
collapse several cases and make the process much more linear. This
removes the need to set hash_orig = "" just to reach some of the checks
and corrects a faulty assumption that files are equivalent when the
hashing process fails.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Phillip Smith [Mon, 29 Apr 2013 23:10:08 +0000 (09:10 +1000)]
makepkg: add support for CARCH environment var
Add support for overriding configuration in /etc/makepkg.conf and
~/.makepkg.conf by setting the environment variable CARCH similar to
how SRCDEST and PKGDEST behave.
Allan McRae [Sat, 18 May 2013 14:03:36 +0000 (00:03 +1000)]
makepkg: remove support for PKGBUILDs without a package() function
Not having a package() function means all building occurs as root
and repackaging can lose permissions. Given the use of package()
functions has been around for years and we deprecated not having
one in pacman-4.1, we can remove support for PKGBUILDs without
package() functions altogether. However, keep PKGBUILDs that have
neither a build() or package() function working.
Allan McRae [Sat, 18 May 2013 12:47:35 +0000 (22:47 +1000)]
makepkg: remove sourcing PKGBUILD from stdin
Using PKGBUILDs from stdin means that we can not use pkgver() in
packages. Given we have the "-p" option to pass any file to
makepkg and passing a PKGBUILD in the form "cat foo | makepkg"
does not work, this feature is unneeded.
Andrew Gregory [Fri, 10 May 2013 18:19:05 +0000 (14:19 -0400)]
pmtest: set LC_ALL=C in subprocess.call
LC_ALL=C is required to force pacman's output to English for tests that
rely on that output, but setting it in Makefile.am results in those
tests breaking under different locales when pactest.py is run directly.
This will also ease an eventual transition to python3 which LC_ALL=C
causes to default to ascii encoded strings, creating problems for tests
with unicode strings.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Dave Reisner [Wed, 15 May 2013 13:58:43 +0000 (09:58 -0400)]
Revert "paccache: avoid subshell in calling runcmd"
su is terribad. In addition to reverting, this also removes support for
privilege escalation via su. If you want to use paccache as root and
fail to comprehend how much better sudo is than su, then run paccache
directly via su.
Dave Reisner [Wed, 15 May 2013 13:58:42 +0000 (09:58 -0400)]
makepkg: fixup broken revision and repo references
bzr support "worked", but didn't handle any of the actual features we
wanted with makepkg. This moves the revision specification to the proper
place (extraction, rather than download), and fixes an additional broken
reference to $repo which was never set.
Fixes FS#35281.
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>