Age | Commit message (Collapse) | Author |
|
This allows local signing of a given key to help establish the web of
trust rooted at the generated (or imported) master key.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This enables pacman-key, during --init, to generate a single secret key
for the pacman keyring if one is not present. This will be used as the
root of the web of trust for those that do not wish to manage it with
their own key, as will be the default.
This does not preclude later adding other secret keys to the keyring, or
removing this one- we simply ensure you have at least one secret key
available.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This upgrades the simple 15/17 scaling by package number we used before
to package sized based scaling, which is much more accurate. Addresses
some of the issues raised in FS#25817.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
When the database is locked, sync operations involving transactions, such as
pacman -Syy, show the following:
:: Synchronizing package databases...
error: failed to update core (unable to lock database)
error: failed to update extra (unable to lock database)
error: failed to update community (unable to lock database)
error: failed to update multilib (unable to lock database)
error: failed to synchronize any databases
Whereas pacman -U <pkg> shows:
error: failed to init transaction (unable to lock database)
if you're sure a package manager is not already
running, you can remove /var/lib/pacman/db.lck
Which is much more meaningful, since the presence of db.lck may indicate an
erroneous lockfile instead of an ongoing transaction.
Improve the error messages for sync operations by advising the user to remove
db.lck if he is sure that no package manager is running.
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
We were using atol(), which on 32 bit, cannot handle values greater than
2GiB, which is fail.
Switch to a strtoull() wrapper function tailored toward parsing off_t
values. This allows parsing of very large positive integer values. off_t
is a signed type, but in our usages, we never parse or have a need for
negative values, so the function will return -1 on error.
Before:
$ pacman -Si flightgear-data | grep Size
Download Size : 2097152.00 K
Installed Size : 2097152.00 K
After:
$ ./src/pacman/pacman -Si flightgear-data | grep Size
Download Size : 2312592.52 KiB
Installed Size : 5402896.00 KiB
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Helder Martins <heldermartins89@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
We only updated if the percentage incremented and enough time had
elapsed, even though the numerator of the current/howmany fraction may
have changed. Ensure we proceed with the progress bar update in these
cases so as to not mislead the user.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Any option that flips UPDATEDB=1 doesn't work right now due to what we
thought was a good idea in commit cab1379a1ab14. Fix this by not
including the update operation in the option count and special casing
it where necessary.
Also, bring back the helpful "Updating trust database" message.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Running the pacman test-suite in a non-English locale results in a few
failures. Force the test-suite to run with LC_ALL=C.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This reduces from 5 to 3 the number of searches needed on the string
looking for a comparison operator, since we can so a second quick
comparison looking for '=' if we find '<' or '>'. It also makes every
search doable with strchr() or memchr() rather than the slower strstr()
method.
In testing, only 10% of splitdep calls (~1600 / 16000) during an -Ss
database load found a version comparison operator, so optimizing the not
found path to be require less work makes sense.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This actually does something in a scriptlet we can check with our normal
set of rules, rather than relying on pacman debug output.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
If we fell through to the ALPM_DEP_MOD_ANY case, ptr would be NULL, and
we would pass (0 - <str>), which is a rather large negative number or
bogus positive number, depending on signed/unsigned. Just use strdup in
the case where we don't have a ptr available.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Hard to believe there was still more room to improve on this, but I
found an easily correctable oversight tonight. Our databases (both sync
and local) contain many blank lines, and we were not moving onto the
next line right away in these cases; instead we would proceed through
our strcmp() conditional checks as normal.
Some local numbers follow to show the effects of this patch:
Sync `-Ss foobarbaz`:
71,709 blank lines skipped early
~1,505,889 strcmp() calls avoided (21 per line)
~15% speed improvement (.210 --> .179 sec)
Local `-Qs foobarbaz`:
6,823 blank lines skipped early
115,991 strcmp() calls avoided (17 per line)
~6% speed improvement (.080 -> .071 sec)
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Add new alpm_pkg_get_origin() method, use it in the front end now that
the enum constants are publicly available.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
libalpm now exports type alpm_pkgfrom_t in alpm.h, which may be used
by frontends.
Pacman now uses alpm_pkgfrom_t instead of replicating that type (pkg_from
as was in src/pacman/package.h)
Updated API change in README.
Signed-off-by: Diogo Sousa <diogogsousa@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This adds a add_gpg_conf_option() helper function which tries to be
intelligent and only add not found options, and those which have not
been explicitly commented out.
The new options added are 'no-greeting', 'no-permission-warning', and a
default 'keyserver'.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
* secring.gpg can be 600, readable by root user only
* ensure grep for lock-never option in check_keyring doesn't catch comments
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
The HoldKey option was undocumented and was not suited for pacman.conf.
Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list
of keys not to be removed from the pacman keyring with the --populate
option.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
After most operations that touch the keyring, it is a good idea to
always run a check on the trustdb as this prevents gpg complaining
on later operations.
Inspiration-from: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The optimization of only importing keys that were not to be later
revoked was a not smart enough. For example, if a key was
in both a repos keyring and its revoke list, alternate runs of
pacman-key --populate would add then remove the key from the pacman
keyring. This problem is made worse when considering the possibility
of multiple keyrings being imported.
Instead, import all keys followed by the revoking of all keys. This
may result in a key being added then revoked, but that is not much of
an issue given that is a very fast operation.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The current --reload option, apart from being non-clear in its naming,
is very limited in that only one keyring can be provided. A distribution
may want to provide multiple keyrings for various subsets of its
organisation or custom repo providers may also want to provide a keyring.
This patch adds a --populate option that reads keyrings from (by default)
/usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional
foo-revoked file providing a list of revoked key ids. These files are
required to be signed (detached) by a key trusted by pacman-key, in
practice probably by the key that signed the package providing these
files. The --populate flag either updates the pacman keyring using all
keyrings in the directory or individual keyrings can be specified.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
There are many other ways to fail a package load other than "file not
found". We should also use the correct error code in this case. Clean it
up a bit in the various callers.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Just pass the entire sync package in if we have it; that way we can do
any necessary operations involving it rather than have a parameter list
growing endlessly.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
I was trying to take a shortcut and not introduce a wrapper struct for
the signature results, so packed it all into alpm_sigresult_t in the
first iteration. However, this is painful when one wants to add new
fields or only return information regarding a single signature.
Refactor the type into a few components which are exposed to the end
user, and will allow a lot more future flexibility. This also exposes
more information regarding the key to the frontend than was previously
available.
The "private" void *data pointer is used by the library to store the
actual key object returned by gpgme; it is typed this way so the
frontend has no expectations of what is there, and so we don't have any
hard gpgme requirement in our public API.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Diogo Sousa <diogogsousa@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Free "md5sum" if md5_file() fails in alpm_compute_md5sum(). Free
"sha256sum" if sha2_file() fails in alpm_compute_sha256sum().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Do all the checks at once; this also avoids the 'return' call after we
have allocated memory for "pkgpath" as well as tweaked the umask.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Free "syncpath" and restore umask if we fail to grab a lock.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
config_set_arch() already calls strdup(). Remove strdup() from the
config_set_arch() invocation to avoid a memory leak.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
We had two issues here. One is a file with an absolute path passed to -S
results in a cryptic error message due to the database name being '\0'.
The second is not realizing you should be doing -U instead of -S. Fix
both of these to transform this:
$ sudo pacman -S /tmp/binutils-2.21.1-2-i686.pkg.tar.xz
error: database not found:
to this:
$ sudo pacman -S /tmp/binutils-2.21.1-2-i686.pkg.tar.xz
error: target not found: /tmp/binutils-2.21.1-2-i686.pkg.tar.xz
warning: '/tmp/binutils-2.21.1-2-i686.pkg.tar.xz' is a file, did you mean -U/--upgrade instead of -S/--sync?
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
After commit 2e7d0023150664, we use off_t rather than long variables.
Use the _LARGE variants of the methods to indicate we are passing off_t
sized variables, and cast using (curl_off_t) accordingly.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Don't force 'never'; you should be checking both the status and validity
anyway.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
There were many cases where the string coming in was a blank line, e.g.
"\n\0", length 1. The trim routine starts by trimming leading spaces,
thus trimming everything. We would then proceed to do a memmove of the
NULL byte, which is completely worthless as we can just assign it
instead.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This one wasn't all that necessary as we only used it in one place in
the function, which can be checked easily enough at the call site.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
trans cannot (and better not) be NULL at any point when these are being
called.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
We only used short labels in one place, and the short label is always
the first character of the long label anyway.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This cleans up some of the mess we have here.
* switch to long units for the download size
* omit the .0 decimal part from the download rate
* omit the almost always zero HH: from estimated time if eta_h == 0
* Display --:-- if eta_h > 99; formatting was screwed up before
The net result of this is we usually have 1 more character to use for
filename display.
Before:
extra 500.9K 1242.4K/s 00:00:00 [######################] 100%
community-testing 947.0B 28.2M/s 00:00:00 [######################] 100%
multilib 26.5K 405.1K/s 00:00:00 [######################] 100%
community 450.6K 1238.3K/s 00:00:00 [######################] 100%
After:
extra 500.9 KiB 1118K/s 00:00 [######################] 100%
community-testing 947.0 B 23M/s 00:00 [######################] 100%
multilib 26.5 KiB 255K/s 00:00 [######################] 100%
community 450.6 KiB 1211K/s 00:00 [######################] 100%
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Because why the hell not? Exbibyte, zebibyte, and yobibyte are going in,
even though nothing bigger than the 2^60 exbibyte can be represented
using an off_t variable anyway.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This handles the no Content-Length header problem as stated in the
comments of FS#23413. We add a quick check to the callback that will
force an abort if the downloaded data exceeds the payload size, and then
check for this error in the post-download cleanup code.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Beautiful of libcurl to use floating point types for what are never
fractional values. We can do better, and we usually want these values in
their integer form anyway.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Improved alpm_list_mmerge() performance by removing an extra
pass to obtain the tail node.
This was actually suggested by a TODO comment.
Signed-off-by: Diogo Sousa <diogogsousa@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
We had this interesting set of facts conundrum, according to vercmp
return values:
2.0a < 2.0
2.0 < 2.0.a
2.0a == 2.0.a
This introduces a code change that ensures '2.0a < 2.0.a' as would be
expected by the first two comparisons. Unfortunately this stays us a bit
further from upstream RPM code, but those are the breaks (in RPM, the
versions involving 'a' do in fact compare the same, but they are both
greater than the bare '2.0').
Signed-off-by: Dan McGee <dan@archlinux.org>
|