| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
| |
Bash 5.2 has a new globskipdots option, which is enabled by default. The
check_dotfiles lint fails with globskipdots due to the assumption that
at least the "." and ".." paths will match. Disabling globskipdots would
be the usual solution, but that fails on bash<5.2. Instead, enable
nullglob for this check.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The trustdb is marked as dirty when a key is revoked[1] and GPG will
recheck it the next time. Checking the trustdb can take 300-500ms which
with 52 revoked keys (and counting) adds up.
This is very noticeable when initializing and populating pacman's
keyring like archiso is doing[2]. It is also unnecessary as the trustdb
is always checked as the last step when populating the keyring.
[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keyedit.c;h=1cb62de8a87a823e06b2ed74efdc9e7a4cd99e2b;hb=refs/heads/STABLE-BRANCH-2-2#l6509
[2] https://gitlab.archlinux.org/archlinux/archiso/-/issues/191
|
|
|
|
|
|
| |
Fixes FS#75838
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
| |
There are two "binaries" that are currently missing documentation,
pacman-db-upgrade and testpkg. This patch adds that documentation.
Signed-off-by: Ben Westover <kwestover.kw@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Ben Westover <kwestover.kw@gmail.com>
|
|
|
|
|
|
|
| |
Commit e017a5975cfe3e53670848bd45c982524d6745af introduced the GITFLAGS
environmental variable. While ensuring the default of "--mirror" was
kept, there was a capitalisation mistake made. Handle the default for
GITFLAGS directly in the git clone command.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default flag used to clone a git repository when using makepkg
is "--mirror". However, when working with huge repositories, the use
of different flags during cloning can allow an faster checkout. For
example, using "--filter=blob:none" allows for small checkouts, at
the expense of requiring downloads during the build stage if anything
but the HEAD commit is used for the build. In addition, this example
would serve as a replacement for the often requested (but broken)
addition of --depth=1.
Add support for the environment variable GITFLAG to pass flags for
the git clone command. Note that this overrides the default rather
than adding to it in order to prevent incompatibilities.
|
|
|
|
|
|
|
|
| |
On Debian, keyrings are stored in /usr/share/keyrings. To support
this, let's add a new --keyringdir option that allows configuring
the directory under datarootdir where the keyrings should be
imported from. We default to 'pacman/keyrings' for backwards
compatibility.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For some terminal widths, the "C"/"c" character does not alternate at
regular intervals, but may look like it is stuck at either lowercase or
uppercase.
The previous behavior toggled based on the character position, while this
new behavior toggles the chomp alternation based on the progress percentage value.
This leads to slightly improved chomping.
Signed-off-by: Alexander F. Rødseth <xyproto@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The fill_progress function is called from two locations,
and both locations pass in the same percentage value twice.
This patch modifies the function signature to to receive the
percentage value just once.
Signed-off-by: Alexander F. Rødseth <xyproto@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
| |
Apparently that function was deprecated in 0.56, so use the generic
getter introduced in 0.51 instead. This squashes a warning.
Signed-off-by: Joe Baldino <pedanticdm@gmx.us>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible that the cursor does not reappear after pressing ^C during
shutdown. In my case, I noticed this when pressing ^C after getting
results from `pacman -F` -- this can reasonably reliably be triggered by
issuing a file query and pressing ^C shortly after results are shown.
There are two reasons for this issue:
1. The graceful SIGINT handler is removed at the start of cleanup(), but
the window from entering cleanup() to reaching exit() is non trivial.
The main offender is FREELIST(pm_targets), which on my T14s takes
>0.1s to execute. This means that if you are unlucky enough to press
^C while there, the cursor isn't coming back, because we haven't
issued any command to show the cursor again yet, and the userspace
signal handler is already blown away.
2. Moving console_cursor_show() to earlier in cleanup() only half solves
the issue. While it's fine not to flush after _hiding_ the cursor,
since it will at least make itself apparent before any other text
reaches the screen, _showing_ the cursor must be followed by flushing
stdout, because once the graceful SIGINT handler is gone, if you
press ^C, no flush will be triggered (and thus there will be no
cursor).
This fixes the issue by always starting out by showing the cursor again
at cleanup() time. This means that no matter where we get caught at ^C,
we will not end up leaving the terminal without its beloved ensign.
Signed-off-by: Chris Down <chris@chrisdown.name>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
The last user of ABORT_SIGINT was removed in commit 84723cab5dfc
("Cleanup the old sequential download code"), and this isn't exported as
part of the public API.
Signed-off-by: Chris Down <chris@chrisdown.name>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
| |
Extend print-format with checkdepends, depends and makedepends.
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
| |
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
| |
alpm_pkg_get_builddate() and alpm_pkg_get_installdate() both return -1 on
error. Correctly handle the error condition in pacman.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
| |
Extend --print-format with all expac format strings which can be easily
added without conversions and through a simple C macro.
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
| |
Package type is not relevant to alpm or even exposed to front-ends in
any way.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
|
|
|
|
| |
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a mechanism for package builders to add arbitrary data to
packages that is not necessarily relevant enough to the package
installation process to gain first-class support in alpm. Currently
these fields have to be added to parsers with a "not actually used"
comment and can't be retrieved through the API.
Extended data is stored in "name=value" format in the xdata field
(%XDATA% in desc files):
xdata = pkgtype=debug
or
%XDATA%
pkgtype=debug
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
|
|
|
|
|
|
| |
One instance was missed in b0a2fd75b2f4ba12075646f0f3f18911d71a42c7.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
This allows for parsing the output of:
pacman --upgrade --print-format '<format>' pkg.zst
without having to remove info messages from it.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases packages are built outside of a directory which contains
pkgname-pkgver, this results in source listing in debug packages having
a conflicting path like `/usr/src/debug/build/` which is not ideal.
This patch ensures we always include the pkgbase to ensure the paths are
unique.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
| |
The feature has been introduced in commit a33cdac10bf1a682
The buildinfo version has been bumped in commit 0428f6213bcb5586
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently our gitlab CI is failing due to valgrind breakage. With
Arch stripping glibc, valgrind now requires debuginfod to be active.
However the gitlab CI system combined without our testsuite does not
retrieve these symbols, even when the appropriate environmental
variable is set.
Work around this by installing the glibc-debug package directly
using a slight kludge... All blame for this approach is assigned
to foutrelis!
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Arch Linux is adding source signing PGP keys to their package source
tree alongside PKGBUILDs in the form keys/pgp/$fingerprint.asc. As the
PGP keyserver infrastructure is a mess, this helps other people validate
sources in a PKGBUILD.
Add the keys to source packages if found alongside the PKGBUILD.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
| |
The documentation for the license array was specific to Arch Linux.
Remove it and some minor other Arch Linux specific references.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
| |
We use a multi step process during stripping to ensure permissions do
not get changed. However, if the initial objcopy fails, the subsequent cat
results in a blank file. Abandon early if objcopy fails.
Fixes FS#74486
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bsdtar uses the "pax" TAR archive format by default, which has support for
storing sparse file information in the archive. Unfortunately this is a source
of unreproducibility because the sparse encoding is taken from the file system
and different file systems handle sparse files differently: some file systems
have no support for sparsely encoded files at all, and even file systems with
sparse file support can report different file information for identical files
due to differing implementations.
As a real world example where this happens, consider the Arch Linux package
"brotli-testdata 1.0.9-7", which contains a sparsely encoded all-zeros file
"usr/share/brotli/testdata/zeros". Building this package on a btrfs file system
yields a different package than building it on tmpfs or ext4 solely due to
different sparse file information that gets recorded in the package tarball.
To improve the reproducibility of archives containing sparsely encoded files,
libarchive version 3.6.0 introduces a new --no-read-sparse option. This skips
reading sparse file information from disk entirely and therefore stores files
"expanded" in the archive, which is the only way to make them reliably
reproducible across file systems.
makepkg will use this option if libarchive is recent enough to support it,
which is detected at build time.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
db and pkg store a pointer to the handle for internal use but don't
actually provide a way for a user to get it.
Making this accessible is more convenient for front ends and FFI
wrappers.
For example, in other languages it's common to return the error value
directly. To achieve this the python and rust wrappers also store their
own pointer to the handle inside their own pkg/db wrappers.
Exposing this would allow the wrappers to forgo the extra pointer and
just return `pkg.get_handle().last_error()`.
|
|
|
|
|
| |
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
| |
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Parsing of Content-Disposition relies on well formed headers.
A malformed header such as:
Content-Disposition="";
will result in a strnduppayload->content_disp_name, -1, ptr),
which will copy memory until it hits a \0.
Prevent this by only copying the value if it exists.
Fixes FS#73704.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to use WKD in pacman -U/--upgrade operations, we need to
get the packager information from the .PKGINFO within the package.
That has obvious security implications. e.g. something like this
could convince a user to download a different key to what they
expect:
packager = foo bar <>^[[2K^[[0G:: Import PGP key DEADBEEF, "foo <bar>
While downloading an untrusted key has little impact due to the
web-of-trust model used by pacman, this could be bad in combination
with an exploit that allowed trust of keys in the keyring to be
altered.
To be safe, do not use WKD when installing using -U.
Fixes FS#73703.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid a segfault when a search of the keyserver returns that the
key is found but returns no primary IDs. We are then likely going
to fail the import, but attempt anyway because no-one know what
a keyserver will do!
Fixes FS#73534.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
Looking up a key using WKD just ensures you have a key with the
same email address, it does not ensure that a key with the correct
fingerprint has been downloaded.
Check a key with the relevant fingerprint is available after a
WKD import.
|
|
|
|
|
|
|
| |
This is useful for bindings as it guarantees the value will not be
changed.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
| |
Using meson.source_root() and meson.build_root() are deprectated in
meson-0.56. Using current_source_dir() or current_build_dir() (which
have been available in all Meson versions) would require manually
adding "../" in some places. Instead, use project_source_root() and
project_build_root() and require meson-0.56.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
| |
Removes "Future-deprecated features used", but reuires meson-0.55
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
| |
Upstream is changing the default from false to true. This makes
no difference to us, so just set as the future default.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
| |
Upsteam is warning about future change in the run_command check
argument. Ref: https://github.com/mesonbuild/meson/issues/9300
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
| |
We want to use -flto=auto in Arch Linux to speed up building, but we
can't hardcode it in buildenv/lto.sh because other downstreams might
have clang < 13.0.0 which did not recognize -flto=auto as equivalent
to -flto=full.
Introducing an LTOFLAGS variable to makepkg.conf seems the way to go.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Allan McRae <allan@archlinux.org>
|