Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/lib/libalpm
AgeCommit message (Collapse)Author
2021-01-09libalpm: pass the number of packages being downloaded in totaldlcbmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2021-01-09libalpm: don't use curl's deprecated functionsmorganamilo
This bumps the minimun curl version from 7.32.0 to 7.55.0. Signed-off-by: Allan McRae <allan@archlinux.org>
2021-01-09libalpm: remove useless ifmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2021-01-03doc: fix typosmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-29Move hex_representation() to src/commonEmil Velikov
We'll reuse the function in pacman with a later commit. Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-29Remove pre libarchive 3.0 codeEmil Velikov
Pacman has required libarchive 3.0 or later for quite some time mow. Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: add extra documentation to the man pagemorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: rename alpm_api group to alpmmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: move top level items into groupsmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: move alpm_api group to top of filemorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document optionsmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document alpm_listmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document miscmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document transactionsmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document files and groupsmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document packagesmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document loggingmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document databasesmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document callbacksmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document dependsmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document signaturesmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document handlemorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: document errormorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: add doc header to alpm.hmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-21doc: remove stray doxygen commentmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-09Implement TotalDownload functionalityAnatol Pomozov
With the recent 'multibar' interface changes TotalDownload has been disabled. Now we have a new UI and we need to find another way to display this information. When 'TotalDownload' config option is enabled we are going to have an extra progress bar at the bottom of the screen that shows how much of the entire download has been completed. Closes FS#68202 Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-12-03libalpm: set ret in download filesmorganamilo
download_files never set ret on failiure, so even when downloading fails, the transaction goes on to commit and error out. :: Retrieving packages... python-packaging-20.4-4-any.pkg.tar.zst failed to download error: failed retrieving file 'python-packaging-20.4-4-any.pkg.tar.zst' from mirror.oldsql.cc : The requested URL returned error: 404 warning: failed to retrieve some files (1/1) checking keys in keyring (1/1) checking package integrity error: failed to commit transaction (wrong or NULL argument passed) Errors occurred, no packages were upgraded. Also make the ret checking more consistent. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libalpm: add alpm_option_get_parallel_downloadsmorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libalpm: set errno when setting parallel downloads with an invalid numbermorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libalpm: clarify alpm_download_event_completed_t statusmorganamilo
The comment makes it seem that the result itself is an error code. But all it does is simply return -1 to indicate an error occured; Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libalpm: don't call dlcb when not setmorganamilo
Fixes FS#68728: Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libalpm: set parallel_downloads to 1 when creating the handlemorganamilo
Fixes FS#68729 Signed-off-by: Allan McRae <allan@archlinux.org>
2020-09-23FS#66472: Remove *.sig file if package corruptedAnatol Pomozov
In case if a package corrupted (e.g. signature or hash is invalid) pacman tries to remove the package file to redownload it anew the next time. Remove *.sig file as well to make sure no data is left for the invalid package. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-09-03remove more autotools filesEli Schwartz
We forgot to remove m4/ in commit 454ea024383eab60295e4c4fdf2c329475887b2c and now it's tragically reminding me of autotools! Also take this opportunity to drop some symlinks in lib/libalpm/ for libcommon source files. In autotools these were built specifically for libalpm and needed to be available in that directory, but the meson setup just has libalpm depend on libcommon. So these pseudo source files aren't needed anymore. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-08-10Enable sha256/md5 hash verification if detached signatures are usedAnatol Pomozov
Pacman has multiple ways to verify package content integrity: - gpg signature - sha256 - md5 These verification mechanisms overlap each other. gpg signatures already contain hash value of the package content. So if a package signature is present then pacman ignored the other 2 hash values. This worked well with signtures embedded into pacman database. Recently pacman got an ability to handle detached signatures (*.sig files located next to the package files). If pacman verifies detached signature only then one can replace pkg+sig files with some other content and pacman still processes it as a valid package. To prevent it we need to verify database<->package integrity using hash values stored in the database. This commit fixes FS#67232 The new debug output is: checking package integrity... debug: found cached pkg: /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: sha256sum: 77baf61c62c5570b3a37cf0c3b16c5d9a97dde6fedd1a3528bf0cc5f96dd5e52 debug: checking sha256sum for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: sig data: <from .sig> debug: checking signature for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: 1 signatures returned debug: fingerprint: B5971F2C5C10A9A08C60030F786C63F330D7CB92 Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-08-10Fix error during keyring checkingAnatol Pomozov
With current master version the 'keyring checking' step produces an error: debug: returning error 6 from alpm_pkg_get_sig (../lib/libalpm/package.c: 274) : wrong or NULL argument passed The package signature is still checked later at the integrity verification step though. This commit fixes keyring checking and now the debug log looks like this: debug: found cached pkg: /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: found detached signature /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst.sig with size 566 debug: found signature key: 786C63F330D7CB92 debug: looking up key 786C63F330D7CB92 locally debug: key lookup success, key exists Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-14Check that destfile_name exists before using itAnatol Pomozov
In some cases (when trust_remote_name is used for a URL without a filename and no Content-Disposition is provided by the server) destfile_name will be NULL. In this case payload data will be stored in tempfile_name and no destfile_name is set. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-14Do not free payload fields in the middle of this structure useAnatol Pomozov
At the end of payload use it calls _alpm_dload_payload_reset() that will free() these and other fields anyway. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-14Build signature remote name based on the main payload nameAnatol Pomozov
The main payload final name might be affected by url redirects or Content-Disposition HTTP header value. We want to make sure that accompanion *.sig filename always matches the package filename. So ignore finalname/Content-Disposition for the *.sig file. It also helps to fix a corner case when the download URL does not contain a filename and server provides Content-Disposition for the main payload but not for the signature payload. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-07Fallback to detached signatures during keyring checkAnatol Pomozov
Pacman has a 'key in keyring' verification step that makes sure the signatures have a valid keyid. Currently pacman parses embedded package signatures only. Add a fallback to detached signatures. If embedded signature is missing then it tries to read corresponding *.sig file and get keyid from there. Verification: debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310 debug: found signature key: A5E9288C4FA415FA debug: looking up key A5E9288C4FA415FA locally debug: key lookup success, key exists Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-07FS#33992: force download *.sig file if it does not exist in the cacheAnatol Pomozov
In case if *.pkg exists but *.sig file does not we still have to pass the pkg to multi_download API. To avoid redownloading *.pkg file we use CURLOPT_TIMECONDITION curl option. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-07Add a utility function to check whether a file exists in the cacheAnatol Pomozov
It is similar to _alpm_filecache_find() but does not return a dynamically allocated memory to user. Thus the user does not need to free this resource. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-07Do not use counter for error trackingAnatol Pomozov
Current code uses an incrementing counter to check whether a function returned error: errors += some_function(); if(errors) { goto finish } Replace with a more standard variable errors = some_function(); if(errors) { goto finish } Rename 'errors' variable to a more typical 'ret'. Avoid reporting both ALPM_EVENT_PKG_RETRIEVE_FAILED and ALPM_EVENT_PKG_RETRIEVE_DONE in the error path. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-07-07Move signature payload creation to download engineAnatol Pomozov
Until now callee of ALPM download functionality has been in charge of payload creation both for the main file (e.g. *.pkg) and for the accompanied *.sig file. One advantage of such solution is that all payloads are independent and can be fetched in parallel thus exploiting the maximum level of download parallelism. To build *.sig file url we've been using a simple string concatenation: $requested_url + ".sig". Unfortunately there are cases when it does not work. For example an archlinux.org "Download From Mirror" link looks like this https://www.archlinux.org/packages/core/x86_64/bash/download/ and it gets redirected to some mirror. But if we append ".sig" to the end of the link url and try to download it then archlinux.org returns 404 error. To overcome this issue we need to follow redirects for the main payload first, find the final url and only then append '.sig' suffix. This implies 2 things: - the signature payload initialization need to be moved to dload.c as it is the place where we have access to the resolved url - *.sig is downloaded serially with the main payload and this reduces level of parallelism Move *.sig payload creation to dload.c. Once the main payload is fetched successfully we check if the callee asked to download the accompanied signature. If yes - create a new payload and add it to mcurl. *.sig payload does not use server list of the main payload and thus does not support mirror failover. *.sig file comes from the same server as the main payload. Refactor event loop in curl_multi_download_internal() a bit. Instead of relying on curl_multi_check_finished_download() to return number of new payloads we simply rerun the loop iteration one more time to check if there are any active downloads left. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-26Cleanup the old sequential download codeAnatol Pomozov
All users of _alpm_download() have been refactored to the new API. It is time to remove the old _alpm_download() functionality now. This change also removes obsolete SIGPIPE signal handler functionality (this is a leftover from libfetch days). Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
2020-06-26Convert '-U pkg1 pkg2' codepath to parallel downloadAnatol Pomozov
Installing remote packages using its URL is an interesting case for ALPM API. Unlike package sync ('pacman -S pkg1 pkg2') '-U' does not deal with server mirror list. Thus _alpm_multi_download() should be able to handle file download for payloads that either have 'fileurl' field or pair of fields ('servers' and 'filepath') set. Signature for alpm_fetch_pkgurl() has changed and it accepts an output list that is populated with filepaths to fetched packages. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
2020-06-11build: add libintl dependency to meson and the .pc fileEli Schwartz
In order to use gettext on systems where it is not part of libc, the correct linker flags are needed in libalpm.pc (for static compilation). This has never been the case. The new meson build system currently only checks for ngettext in libc, but does not fall back to searching for the existence of -lintl; add it to the libalpm dependencies. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-01libalpm/signing.c: Fix calculation of packet size in parse_subpacketAllan McRae
Given RFC 4880 provides the code to do this calculation, I am not sure how I managed to stuff that up! This bug was only exposed when a signature made with "include-key-block" was added to the Arch repos, which provided a subpacket with the required size to hit this issue. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-01Remove autotools supportAllan McRae
This removes support for autotools in favour of meson.
2020-05-09Swap alpm_db_update() implementation to multiplexed versionAnatol Pomozov
Now when all callers of the old alpm_db_update() function are gone we can remove this implementation. And then rename alpm_dbs_update() function to alpm_db_update(). Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>