Starting the download process, even if there is nothing to actually
download, causes an error when pacman is built without curl and has no
XferCommand defined (like our test suite).
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Download-related config options are currently limited to builds with
curl. This causes compilation errors when those options are used
without an appropriate guard which often goes unnoticed because we all
use curl. Front-ends providing their own download callback may also
want to use these settings.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Also change the group's title to point to the group's man page.
This makes generated man pages be named libalpm_* which is more
consistent with what library man pages are usually called.
Signed-off-by: Allan McRae <allan@archlinux.org>
Currently default_pkg_ops is accessed in two different ways.
There is get_file_pkg_ops (in be_package.c) creating a local once-off
'tweaked' copy. As well as load_pkg_for_entry (be_sync.c) which modifies
in-place and uses default_pkg_ops.
This seems rather misleading and fragile approach. Introduce a helper
for the second use-case so that default_pkg_ops is handled consistently
and essentially remains unchanged throughout.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The macro hasn't been used since 2007 with commit
7f7da2b5fc. Although it was still copied
over into alpm_list.c an year or so later with commit ca1a1871 ("More
cleanup to alpm_list")
Just remove all instances of it.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
We'll reuse the function in pacman with a later commit.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Pacman has required libarchive 3.0 or later for quite some time mow.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
With the recent 'multibar' interface changes TotalDownload has been disabled.
Now we have a new UI and we need to find another way to display this
information.
When 'TotalDownload' config option is enabled we are going to have an extra
progress bar at the bottom of the screen that shows how much of the entire
download has been completed.
Closes FS#68202
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
download_files never set ret on failiure, so even when downloading
fails, the transaction goes on to commit and error out.
:: Retrieving packages...
python-packaging-20.4-4-any.pkg.tar.zst failed to download
error: failed retrieving file 'python-packaging-20.4-4-any.pkg.tar.zst' from mirror.oldsql.cc : The requested URL returned error: 404
warning: failed to retrieve some files
(1/1) checking keys in keyring
(1/1) checking package integrity
error: failed to commit transaction (wrong or NULL argument passed)
Errors occurred, no packages were upgraded.
Also make the ret checking more consistent.
Signed-off-by: Allan McRae <allan@archlinux.org>
The comment makes it seem that the result itself is an error code. But
all it does is simply return -1 to indicate an error occured;
Signed-off-by: Allan McRae <allan@archlinux.org>
In case if a package corrupted (e.g. signature or hash is invalid)
pacman tries to remove the package file to redownload it anew the next time.
Remove *.sig file as well to make sure no data is left for the invalid
package.
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
We forgot to remove m4/ in commit 454ea02438
and now it's tragically reminding me of autotools!
Also take this opportunity to drop some symlinks in lib/libalpm/ for
libcommon source files. In autotools these were built specifically for
libalpm and needed to be available in that directory, but the meson
setup just has libalpm depend on libcommon. So these pseudo source files
aren't needed anymore.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Pacman has multiple ways to verify package content integrity:
- gpg signature
- sha256
- md5
These verification mechanisms overlap each other. gpg signatures already contain
hash value of the package content. So if a package signature is present then
pacman ignored the other 2 hash values. This worked well with signtures
embedded into pacman database.
Recently pacman got an ability to handle detached signatures (*.sig files
located next to the package files). If pacman verifies detached signature only
then one can replace pkg+sig files with some other content and pacman still
processes it as a valid package. To prevent it we need to verify
database<->package integrity using hash values stored in the database.
This commit fixes FS#67232
The new debug output is:
checking package integrity...
debug: found cached pkg: /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst
debug: sha256sum: 77baf61c62c5570b3a37cf0c3b16c5d9a97dde6fedd1a3528bf0cc5f96dd5e52
debug: checking sha256sum for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst
debug: sig data: <from .sig>
debug: checking signature for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst
debug: 1 signatures returned
debug: fingerprint: B5971F2C5C10A9A08C60030F786C63F330D7CB92
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
With current master version the 'keyring checking' step produces an error:
debug: returning error 6 from alpm_pkg_get_sig (../lib/libalpm/package.c: 274) : wrong or NULL argument passed
The package signature is still checked later at the integrity verification step though.
This commit fixes keyring checking and now the debug log looks like this:
debug: found cached pkg: /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst
debug: found detached signature /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst.sig with size 566
debug: found signature key: 786C63F330D7CB92
debug: looking up key 786C63F330D7CB92 locally
debug: key lookup success, key exists
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
