Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/lib/libalpm/be_package.c
AgeCommit message (Collapse)Author
2020-08-10Enable sha256/md5 hash verification if detached signatures are usedAnatol Pomozov
Pacman has multiple ways to verify package content integrity: - gpg signature - sha256 - md5 These verification mechanisms overlap each other. gpg signatures already contain hash value of the package content. So if a package signature is present then pacman ignored the other 2 hash values. This worked well with signtures embedded into pacman database. Recently pacman got an ability to handle detached signatures (*.sig files located next to the package files). If pacman verifies detached signature only then one can replace pkg+sig files with some other content and pacman still processes it as a valid package. To prevent it we need to verify database<->package integrity using hash values stored in the database. This commit fixes FS#67232 The new debug output is: checking package integrity... debug: found cached pkg: /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: sha256sum: 77baf61c62c5570b3a37cf0c3b16c5d9a97dde6fedd1a3528bf0cc5f96dd5e52 debug: checking sha256sum for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: sig data: <from .sig> debug: checking signature for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: 1 signatures returned debug: fingerprint: B5971F2C5C10A9A08C60030F786C63F330D7CB92 Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-04-13Use GOTO_ERR throughoutAllan McRae
The GOTO_ERR define was added in commit 80ae8014 for use in future commits. There are plenty of places in the code base it can be used, so convert them. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-04-13Use STRDUP for error checking in more placesAllan McRae
Use STRDUP() over strdup() to catch memory allocation errors. There are still some instances of strdup left, but these are in functions that currently have no error path and would require a larger rework. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-04-13Add REALLOC macro to simplify realloc error handlingRikard Falkeborn
realloc can fail just like the other memory allocation functions. Add a macro to simplify handling of realloc failures, similar to the already existing MALLOC, CALLOC, etc. Replace the existing realloc uses with the new macro, allowing us to move tedious error handling to the macro. Also, in be_package and be_sync, this fixes hypothetical memory leaks (and thereafter null pointer dereferences) in case realloc fails to shrink the allocated memory. Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-02-10build-aux/update-copyright 2019 2020Allan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-01-07Use c99 struct initialization to avoid memset callsDave Reisner
This is guaranteed less error prone than calling memset and hoping the human gets the argument order correct.
2019-10-27Fix segfault importing PGP key for pacman -U operationsAllan McRae
Use after free. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-23Update copyright yearsAllan McRae
make update-copyright OLD=2018 NEW=2019 Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07signing: move key import confirmation before key_searchJonas Witschel
Ask the user whether they want to import a missing key before even doing a search on the keyserver. This will be useful for getting Web Key Directory support in place: for a WKD, looking up and importing a key are a single action, so the current key_search -> QUESTION -> key_import workflow does not apply. Since only the ID of the package signing key is available before key_search, we display the packager variable in addition to the key ID for user convenience. Signed-off-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-14Remove all modelines from the projectEli Schwartz
Many of these are pointless (e.g. there is no need to explicitly turn on spellchecking and language dictionaries for the manpages by default). The only useful modelines are the ones enforcing the project coding standards for indentation style (and "maybe" filetype/syntax, but everything except the asciidoc manpages and makepkg.conf is already autodetected), and indent style can be applied more easily with .editorconfig Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-14Update coyrights for 2018Allan McRae
make update-copyright OLD=2017 NEW=201 Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Add alpm_pkg_get_makedepends and alpm_pkg_get_checkdependsMark Weiman
makepkg adds makedepends and checkdepends to a package's .PKGINFO file. Add functions that allow use of these from libalpm. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04add _alpm_filelist_sortAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Update copyright yearsAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Represent bitfields as ints, not enumsIvy Foster
Many bitfield variables are declared to be enums, because they are generated using bitwise operations on enums such. However, their actual values aren't necessary members of their parent enum, so declaring them 'int' is more accurate. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Add ALPM_ERR_OK to _alpm_errno_tIvy Foster
This allows functions which return an _alpm_errno_t to always return a genuine _alpm_errno_t for consistency, even in cases where there are no errors. Since ALPM_ERR_OK = 0, their callers can still simply check 'err = some_fn(); if (!err) { ... }'. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Reject files larger than 16384 bytes in read_sigfile.Tobias Stoeckmann
If signature files are larger than SIZE_MAX, not enough memory could be allocated for this file. The script repo-add rejects files which are larger than 16384 bytes, therefore handle these as errors here, too. While at it, I also rearranged the code to avoid a quite harmless TOCTOU race condition between stat() and fopen(). Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Release resources on error paths.Tobias Stoeckmann
Some resources (memory or file descriptors) are not released on all error paths. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05fix spelling mistakesEric Engestrom
Signed-off-by: Eric Engestrom <eric@engestrom.ch> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-01-04Update copyright years for 2016Allan McRae
make update-copyright OLD=2015 NEW=2016 Signed-off-by: Allan McRae <allan@archlinux.org>
2015-03-26be_package: fallback to standard filelist loadingAndrew Gregory
In order to work properly, loading the filelist from an mtree file requires a libarchive patch that has not yet been included in an official release.[1] Under certain circumstances, an unpatched libarchive may refuse to read the mtree file due to inconsistencies between it and the user's file system. In order to allow alpm to recover in this situation, read the mtree data into a temporary filelist that is only copied over to the package if the entire read is successful. [1] https://github.com/libarchive/libarchive/commit/661684170b970ef7d6eff135b57e58a537e8bc53 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-03-26add_entry_to_files_list: pass filelist directlyAndrew Gregory
Allows entries to be added to arbitrary filelists not connected to a package. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-03-03parse_descfile: fix memory leak in error caseAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-02-01Update copyright notices for 2015Allan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-01-02be_package.c: fix style violationAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-12-24libalpm: Parse and write PKGBASEsJohannes Löthberg
This commit adds support to libalpm to parse the pkgbase present in packages .PKGINFO files, writing the PKGBASE to the %BASE% section of the local DBs desc files and for parsing it again when loading the local DB Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-09-30libalpm: export alpm_splitdep as alpm_dep_from_depstring and alpm_dep_freeFlorian Pritz
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-08-09Fix loading invalid packageOlivier Brunel
In 5acfa65f when adding a new variable (hit_mtree), the initialization of a variable (config) was dropped, which could lead to loading invalid package files, i.e. files that aren't archive (no metadata loaded) would return a new alpm_pkg_t with everything set to 0/NULL. Depending on the operation/use of the package, this could lead to segfault. Signed-off-by: Olivier Brunel <jjk@jjacky.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-03-27Always supply base name and version info in .PKGFILE if neededAllan McRae
Provide pkgbase information for non-split packages with pkgbase set. Also record the version of the "base" package. This is useful for matching package files to source packages. Signed-off-by: Allan McRae <allan@archlinux.org>
2014-03-08Use MALLOC throughtout libalpmAllan McRae
Use MALLOC instead of malloc for safety in libalpm. Some changes are pure refactoring, but for others this provides a success check for memory allocation. Signed-off-by: Allan McRae <allan@archlinux.org>
2014-03-03be_package: Build the file list from MTREE if possibleFlorian Pritz
This greatly speeds up file list generation times by avoiding uncompressing the whole package. pacman -S base with a deliberate file conflict: before: 9.1 seconds after: 2.2 seconds Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-03-03be_package: Refactor code adding a file to the files listFlorian Pritz
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-03-03be_package: Refactor handling of simple path checksFlorian Pritz
This is used to deduplicate code when using the mtree as the file list source. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2014-01-28Remove ts and sw from vim modeline when noet is setFlorian Pritz
Forcing vim users to view files with a tabstop of 2 seems really unnecessary when noet is set. I find it much easier to read code with ts=4 and I dislike having to override the modeline by hand. Command run: find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} + Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-06Update copyright years for 2014Allan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-11-15Fix whitespace and other formatting issuesJason St. John
This commit: -- replaces space-based indents with tabs per the coding standards -- removes extraneous whitespace (e.g. extra spaces between function args) -- adds missing braces for a one-line if statement Signed-off-by: Jason St. John <jstjohn@purdue.edu>
2013-11-15Ignore makedepend and checkdepend entries when parsing .PKGINFO fileAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-10-31Make functions to decode a signature and extract keyid publicAllan McRae
These are useful for frontends. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-10-15Ensure packages have a valid versionAllan McRae
Currently you can manually create and then install a package with a version not containing a pkgrel. The created local database entry is invalid as the directory name can not be split by _alpm_splitname due to the assumtion of hyphens separating name-pkgver-pkgrel. Ensure the package has a valid version when it is loaded. Fixes FS#35514. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-07-05do not check error from close(2)Dave Reisner
On operating systems we support, the behavior is always such that the kernel will do the right thing as far as invalidating the file descriptor, regardless of the eventual return value. Therefore, potentially looping and calling close multiple times is wrong. At best, we call close again on an invalid FD and throw a spurious EBADF error. At worst, we might close an FD which doesn't belong to us when a multi-threaded application opens its own file descriptor between iterations of the loop. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-29Improve error message when package is missing required signatureAllan McRae
When attempting to install a package (either via -S or -U) and the signature is missing, the current error message "invalid or corrupted package (PGP signature)" is very unclear. Instead inform the user that the package is missing the required signature. Partial fix for FS#34741. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-18Fix spelling errors using 'codespell' toolAnatol Pomozov
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-16fix style violationsAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09Import key if needed when installing package from fileAllan McRae
When installing a package with "pacman -U" that has a detached signature, check if the needed key is in the keyring and download if necessary. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-29Use libarchive compat header for relevant symbolsDave Reisner
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-04Fix space between control structure and open parensGerardo Exequiel Pozzi
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-03Update copyright year for 2013Allan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2012-08-02Move filelist functions into separate source fileDan McGee
We have a few of these and might as well gather them together. This also cleans up the code a bit by using an enum instead of integer values, as well as makes a "search for file in filelist" function public so frontends can do better than straight linear search of the filelists. Signed-off-by: Dan McGee <dan@archlinux.org>
2012-08-01lib/be_package: use qsort instead of our own msortDave Reisner
On the assumption that these arrays are already mostly sorted, use the standard quicksort method to sort the files arrays. The files_msort function name is tweaked to give it a more general name to reflect this change. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-06-25add line length parameter to _alpm_strip_newlineDave Reisner
If known, callers can pass the line size to this function in order to avoid an strlen call. Otherwise, they simply pass 0 and _alpm_strip_newline will do the call instead. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>