Age | Commit message (Collapse) | Author |
|
Pacman has multiple ways to verify package content integrity:
- gpg signature
- sha256
- md5
These verification mechanisms overlap each other. gpg signatures already contain
hash value of the package content. So if a package signature is present then
pacman ignored the other 2 hash values. This worked well with signtures
embedded into pacman database.
Recently pacman got an ability to handle detached signatures (*.sig files
located next to the package files). If pacman verifies detached signature only
then one can replace pkg+sig files with some other content and pacman still
processes it as a valid package. To prevent it we need to verify
database<->package integrity using hash values stored in the database.
This commit fixes FS#67232
The new debug output is:
checking package integrity...
debug: found cached pkg: /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst
debug: sha256sum: 77baf61c62c5570b3a37cf0c3b16c5d9a97dde6fedd1a3528bf0cc5f96dd5e52
debug: checking sha256sum for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst
debug: sig data: <from .sig>
debug: checking signature for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst
debug: 1 signatures returned
debug: fingerprint: B5971F2C5C10A9A08C60030F786C63F330D7CB92
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The GOTO_ERR define was added in commit 80ae8014 for use in future commits.
There are plenty of places in the code base it can be used, so convert them.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Use STRDUP() over strdup() to catch memory allocation errors.
There are still some instances of strdup left, but these are in functions
that currently have no error path and would require a larger rework.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
realloc can fail just like the other memory allocation functions. Add a
macro to simplify handling of realloc failures, similar to the already
existing MALLOC, CALLOC, etc.
Replace the existing realloc uses with the new macro, allowing us to
move tedious error handling to the macro. Also, in be_package and
be_sync, this fixes hypothetical memory leaks (and thereafter null
pointer dereferences) in case realloc fails to shrink the allocated
memory.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This is guaranteed less error prone than calling memset and hoping the
human gets the argument order correct.
|
|
Use after free.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
make update-copyright OLD=2018 NEW=2019
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Ask the user whether they want to import a missing key before even doing
a search on the keyserver. This will be useful for getting Web Key
Directory support in place: for a WKD, looking up and importing a key
are a single action, so the current key_search -> QUESTION -> key_import
workflow does not apply.
Since only the ID of the package signing key is available before
key_search, we display the packager variable in addition to the key ID
for user convenience.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Many of these are pointless (e.g. there is no need to explicitly turn on
spellchecking and language dictionaries for the manpages by default).
The only useful modelines are the ones enforcing the project coding
standards for indentation style (and "maybe" filetype/syntax, but
everything except the asciidoc manpages and makepkg.conf is already
autodetected), and indent style can be applied more easily with
.editorconfig
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
make update-copyright OLD=2017 NEW=201
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
makepkg adds makedepends and checkdepends to a package's .PKGINFO file.
Add functions that allow use of these from libalpm.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Many bitfield variables are declared to be enums, because they are
generated using bitwise operations on enums such. However, their
actual values aren't necessary members of their parent enum, so
declaring them 'int' is more accurate.
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This allows functions which return an _alpm_errno_t to always return a
genuine _alpm_errno_t for consistency, even in cases where there are
no errors. Since ALPM_ERR_OK = 0, their callers can still simply check
'err = some_fn(); if (!err) { ... }'.
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
If signature files are larger than SIZE_MAX, not enough memory could
be allocated for this file. The script repo-add rejects files which
are larger than 16384 bytes, therefore handle these as errors here,
too.
While at it, I also rearranged the code to avoid a quite harmless
TOCTOU race condition between stat() and fopen().
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Some resources (memory or file descriptors) are not released on all
error paths.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Eric Engestrom <eric@engestrom.ch>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
make update-copyright OLD=2015 NEW=2016
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In order to work properly, loading the filelist from an mtree file
requires a libarchive patch that has not yet been included in an
official release.[1] Under certain circumstances, an unpatched
libarchive may refuse to read the mtree file due to inconsistencies
between it and the user's file system. In order to allow alpm to
recover in this situation, read the mtree data into a temporary filelist
that is only copied over to the package if the entire read is
successful.
[1] https://github.com/libarchive/libarchive/commit/661684170b970ef7d6eff135b57e58a537e8bc53
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Allows entries to be added to arbitrary filelists not connected to
a package.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This commit adds support to libalpm to parse the pkgbase present in
packages .PKGINFO files, writing the PKGBASE to the %BASE% section of
the local DBs desc files and for parsing it again when loading the local
DB
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
In 5acfa65f when adding a new variable (hit_mtree), the initialization of a
variable (config) was dropped, which could lead to loading invalid package
files, i.e. files that aren't archive (no metadata loaded) would return a new
alpm_pkg_t with everything set to 0/NULL.
Depending on the operation/use of the package, this could lead to segfault.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Provide pkgbase information for non-split packages with pkgbase set.
Also record the version of the "base" package. This is useful for
matching package files to source packages.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Use MALLOC instead of malloc for safety in libalpm. Some changes are pure
refactoring, but for others this provides a success check for memory
allocation.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This greatly speeds up file list generation times by avoiding
uncompressing the whole package.
pacman -S base with a deliberate file conflict:
before: 9.1 seconds
after: 2.2 seconds
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This is used to deduplicate code when using the mtree as the file list
source.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Forcing vim users to view files with a tabstop of 2 seems really
unnecessary when noet is set. I find it much easier to read code with
ts=4 and I dislike having to override the modeline by hand.
Command run:
find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} +
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This commit:
-- replaces space-based indents with tabs per the coding standards
-- removes extraneous whitespace (e.g. extra spaces between function args)
-- adds missing braces for a one-line if statement
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
These are useful for frontends.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Currently you can manually create and then install a package with a
version not containing a pkgrel. The created local database entry is
invalid as the directory name can not be split by _alpm_splitname due
to the assumtion of hyphens separating name-pkgver-pkgrel.
Ensure the package has a valid version when it is loaded. Fixes FS#35514.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
On operating systems we support, the behavior is always such that the
kernel will do the right thing as far as invalidating the file
descriptor, regardless of the eventual return value. Therefore,
potentially looping and calling close multiple times is wrong.
At best, we call close again on an invalid FD and throw a spurious EBADF
error. At worst, we might close an FD which doesn't belong to us when a
multi-threaded application opens its own file descriptor between
iterations of the loop.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
When attempting to install a package (either via -S or -U) and the
signature is missing, the current error message "invalid or corrupted
package (PGP signature)" is very unclear. Instead inform the user
that the package is missing the required signature.
Partial fix for FS#34741.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
When installing a package with "pacman -U" that has a detached
signature, check if the needed key is in the keyring and download
if necessary.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We have a few of these and might as well gather them together. This also
cleans up the code a bit by using an enum instead of integer values, as
well as makes a "search for file in filelist" function public so
frontends can do better than straight linear search of the filelists.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
On the assumption that these arrays are already mostly sorted, use the
standard quicksort method to sort the files arrays. The files_msort
function name is tweaked to give it a more general name to reflect this
change.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
If known, callers can pass the line size to this function in order to
avoid an strlen call. Otherwise, they simply pass 0 and
_alpm_strip_newline will do the call instead.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|