Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/lib/libalpm/sync.c
AgeCommit message (Collapse)Author
2011-07-05lib/dload: prevent large file attacksDave Reisner
This means creating a new struct which can pass more descriptive data from the back end sync functions to the downloader. In particular, we're interested in the download size read from the sync DB. When the remote server reports a size larger than this (via a content-length header), abort the transfer. In cases where the size is unknown, we set a hard upper limit of: * 25MiB for a sync DB * 16KiB for a signature For reference, 25MiB is more than twice the size of all of the current binary repos (with files) combined, and 16KiB is a truly gargantuan signature. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-05dload: handle irregular URLsDave Reisner
URLs might end with a slash and follow redirects, or could be a generated by a script such as /getpkg.php?id=12345. In both cases, we may have a better filename that we can write to, taken from either content-disposition header, or the effective URL. Specific to the first case, we write to a temporary file of the format 'alpmtmp.XXXXXX', where XXXXXX is randomized by mkstemp(3). Since this is a randomly generated file, we cannot support resuming and the file is unlinked in the event of an interrupt. We also run into the possibility of changing out the filename from under alpm on a -U operation, so callers of _alpm_download can optionally pass a pointer to a *char to be filled in by curl_download_internal with the actual filename we wrote to. Any sync operation will pass a NULL pointer here, as we rely on specific names for packages from a mirror. Fixes FS#22645. Signed-off-by: Dave Reisner <d@falconindy.com>
2011-07-05Allow invalid sync DBs to be returned by the libraryDan McGee
They are placeholders, but important for things like trying to re-sync a database missing a signature. By using the alpm_db_validity() method at the right time, a client can take the appropriate action with these invalid databases as necessary. In pacman's case, we disallow just about anything that involves looking at a sync database outside of an '-Sy' operation (although we do check the validity immediately after). A few operations are still permitted- '-Q' ops that don't touch sync databases as well as '-R'. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-05signing: move to new signing verification and return schemeDan McGee
This gives us more granularity than the former Never/Optional/Always trifecta. The frontend still uses these values temporarily but that will be changed in a future patch. * Use 'siglevel' consistenly in method names, 'level' as variable name * The level becomes an enum bitmask value for flexibility * Signature check methods now return a array of status codes rather than a simple integer success/failure value. This allows callers to determine whether things such as an unknown signature are valid. * Specific signature error codes mostly disappear in favor of the above returned status code; pm_errno is now set only to PKG_INVALID_SIG or DB_INVALID_SIG as appropriate. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-02Prefix _alpm_errno_t members with ALPMAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02Prefix alpm_transprog_t members with ALPMAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02Prefix alpm_transconv_t members with ALPMAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02Prefix alpm_transevt_t members with ALPMAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02Prefix alpm_transflag_t members with ALPMAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02Prefix alpm_loglevel_t members with ALPMAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-02Prefix alpm_pkgreason_t members with ALPMAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-30Make alpm_db_get_sigverify_level() publicDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-29Rename public functions with grp in their nameAllan McRae
Using grp instead of group is a small saving at the cost of clarity. Rename the following functions: alpm_option_get_ignoregrps -> alpm_option_get_ignoregroups alpm_option_add_ignoregrp -> alpm_option_add_ignoregroup alpm_option_set_ignoregrps -> alpm_option_set_ignoregroups alpm_option_remove_ignoregrp -> alpm_option_remove_ignoregroup alpm_db_readgrp -> alpm_db_readgroup alpm_db_get_grpcache -> alpm_db_get_groupcache alpm_find_grp_pkgs -> alpm_find_group_pkgs Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28Rename pmdelta_t to alpm_delta_tAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28Rename pmgrp_t to alpm_group_tAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28Rename pmconflict_t to alpm_conflict_tAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28Rename pmdepend_t to alpm_depend_tAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28Rename pmtrans_t to alpm_trans_tAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28Rename pmpkg_t to alpm_pkg_tAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28Rename pmdb_t to alpm_db_tAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28Rename pmhandle_t to alpm_handle_tAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-16Make pmgrp_t publicDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-16Make pmdelta_t publicDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-14Ensure handle is valid and pm_errno is reset when calling into APIDan McGee
We didn't do due diligence before and ensure prior pm_errno values weren't influencing what happened in further ALPM calls. I observed one case of early setup code setting pm_errno to PM_ERR_WRONG_ARGS and that flag persisting the entire time we were calling library code. Add a new CHECK_HANDLE() macro that does two things: 1) ensures the handle variable passed to it is non-NULL and 2) clears any existing pm_errno flag set on the handle. This macro can replace many places we used the ASSERT(handle != NULL, ...) pattern before. Several other other places only need a simple 'set to zero' of the pm_errno field. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-14Small handle related cleanupsDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-14Add handle argument to _alpm_pkg_should_ignore()Dan McGee
This allows callers to retrieve it from wherever is convenient, which may or may not be on the package object itself. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13Switch all logging to use handle directlyDan McGee
This is the last user of our global handle object. Once again the diff is large but the functional changes are not. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13Move pm_errno onto the handleDan McGee
This involves some serious changes and a very messy diff, unfortunately. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13Add handle argument to two more alpm methodsDan McGee
This takes care of alpm_checkdeps() and alpm_find_dbs_satisfier(). Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13Require handle for alpm_checkconflicts()Dan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-13Require handle for alpm_pkg_load()Dan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-09Require handle for alpm_sync_sysupgrade()Dan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-09Require handle argument to all alpm_option_(get|set)_*() methodsDan McGee
This requires a lot of line changes, but not many functional changes as more often than not our handle variable is already available in some fashion. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-03Remove global handle dependencies from sync/upgrade pathsDan McGee
This kills a lot more global handle business off. sync.c still requires the handle declaration for one reference that can't be changed yet; it will be removed in a future patch which isolates all of the necesary API changes. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-03Remove global handle from remove.cDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-03Remove global handle from diskspace.cDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-03Push down extern handle variable to files that need itDan McGee
This will make the patching process less invasive as we start to remove this variable from all source files. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-03Remove ALPM_LOG_FUNC macroDan McGee
The usefulness of this is rather limited due to it not being compiled into production builds. When you do choose to see the output, it is often overwhelming and not helpful. The best bet is to use a debugger and/or well-placed fprintf() statements. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-05-05dload: ensure we return success if we found files on any mirrorDan McGee
We were erroring out in the case where a first (possibly bogus) mirror would cause the download process to return a failure code, even though subsequent servers had the file. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24Perform package verification at package load timeDan McGee
Both md5sum verification and PGP verification can and should be done at package load time. This allows verification to happen as early as possible for packages provided by filename and loaded in the frontend, and moves more stuff out of sync_commit that doesn't really belong there. This should also set the stage for simplified parallel loading of packages later down the road. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24sync_commit: refactor out validate_deltasDan McGee
More stuff going on in the pre-committing stage that can be in a static method to make things a bit more clear. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24sync_commit: refactor out file downloadsDan McGee
This part is almost completely self-contained, except building the list of delta filenames that we use later to check their md5sums. Refactor it into a static method so we can bring most of the code in sync_commit closer to the method name. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24Rein in the complexity of the signature typeDan McGee
Given that we offer no transparency into the pmpgpsig_t type, we don't really need to expose it outside of the library, and at this point, we don't need it at all. Don't decode anything except when checking signatures. For packages/files not from a sync database, we now just read the signature file directly anyway. Also push the decoding logic down further into the check method so we don't need this hanging out in a less than ideal place. This will make it easier to conditionally compile things down the road. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-22libalpm/dload: major refactor of signature downloadingDan McGee
There's a lot of related moving parts here: * Iteration through mirrors is moved back to the calling functions. This allows removal of _alpm_download_single_file and _alpm_download_files. * The download function gets a few more arguments to influence behavior. This allows several different scenarios to customize behavior: - database - database signature (req'd and optional) - package - package via direct URL - package signature via direct URL (req'd and optional) * For databases, we need signatures from the same mirror, so structure the code accordingly. Some-inspiration-from: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21sync.c: remove unnecessary check for PM_PGP_VERIFY_UNKNOWNRémy Oudompheng
The value PM_PGP_VERIFY_UNKNOWN is reserved to error cases, now that the signature verification level defaults to the globally set level. The only error case is when handle == NULL, which is false in the context of _alpm_sync_commit(). Signed-off-by: Rémy Oudompheng <remy@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21alpm.h: add/improve function documentationRémy Oudompheng
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
2011-04-20Header inclusion cleanupDan McGee
This does touch a lot of things, and hopefully doesn't break things on other platforms, but allows us to also clean up a bunch of crud that no longer needs to be there. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20syntax: if/while statements should have no trailing spaceDan McGee
This is the standard, and we have had a few of these introduced lately that should not be here. Done with: find -name '*.c' | xargs sed -i -e 's#if (#if(#g' find -name '*.c' | xargs sed -i -e 's#while (#while(#g' Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20Allow VerifySig to act as a default verification in [options]Dave Reisner
* add _alpm_db_get_sigverify_level * add alpm_option_{get,set}_default_sigverify And set the default verification level to OPTIONAL if not set otherwise. Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20style cleanup: cast as (type *) not (type*)Dave Reisner
Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>