On Windows based systems (e.g. msys), running PKGBUILD linting is very
slow due to time taken spawning bash subshells. Additionally, some packages
have extreme amounts of (usually procedurally generated) splitting, which
also causes linting to be extremely slow. Provide an environment variable
to disable PKGBUILD linting.
Signed-off-by: Allan McRae <allan@archlinux.org>
Supporting git source fragments (branch, commit, tag) is difficult in
conjunction with GITFLAGS usage - particularly with the most common
use cases that reduce the amount of data cloned from the upstream repo.
Leaving GITFLAGS in place an documenting that various git source features
are not supported when GITFLAGS are in used is not an ideal 'solution'.
Instead, remove GITFLAGS support.
Signed-off-by: Allan McRae <allan@archlinux.org>
This causes issues when repeatedly building a package using the same
git checkout. There is also ambiguity of the default checkout when
trying to build from HEAD. See #142 and #143.
This reverts commit 85c421f1cb.
Add the -k parameter to the sudo call to prevent caching of credientials.
This would (potentailly) stop a rogue sudo use within a PKGBUILD.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add a new error code to expose the 'not a clone of' error state of some source
providers (git and fossil). This allows other tools integrating further and
handle this specific error state.
One usecase evolves around frequently changing source locations in PKGBUILDs
of packages in the AUR.
It's extremely hard to figure out what's going from when bsdtar fails
here when we expect it to succeed. Stop tunneling stderr to /dev/null
to help users figure out what's going on when this fails.
Let meson deal with the system differences instead of handling
it manually.
The custom dependency was added in meson 0.59, then gained
static support with 0.60, and static support for cygwin with 0.61,
which is why the meson requirement is bumped to 0.61.
Debian bullseye ships meson 0.56, so switch to bookworm which
has 1.0.1
Work around the final line not being parsed in .PKGINFO if there was a lack
of newline at the end of the file. This could occur due to utilising a tool
other than makepkg to create packages.
The missed line created a difference in the parsing of .PKGINFO between
repo-add and pacman, causing packages to be seen as invalidwith pacman-6.1.
Signed-off-by: Allan McRae <allan@archlinux.org>
Bailing early when there are 0 blocks remaining means that we do not call
memchr on a NULL string (although with a 0 size parameter). Fixes issues
reported using -fsanitise=address,undefined
Signed-off-by: Allan McRae <allan@archlinux.org>
The dir_is_mountpoint() function has the explicit requirement that the
trailing slash of the directory is present. We strip the trailing slash
in unlink_file() to handle directories replaced with symlinks, but that
then affects the dir_is_mountpoint() check.
Add the trailing slash when we have established we are dealing with a
directory. Note this may fail in the case of a file managed by pacmane
with name length of PATH_MAX that has been replaced by a directory on the
file system. Bail on this unlikely scenario.
In addtion, be less fancy with adjusting length of the file char array.
Signed-off-by: Allan McRae <allan@archlinux.org>
Removing lock-never from the default gpg.conf file exposed a couple of bugs
in the permission checks in pacman-key.
Signed-off-by: Allan McRae <allan@archlinux.org>
A filelist can be non-NULL but empty (particularly with a lot of
NoExtract entries). Handle this in alpm_filelist_contains()
Identified using the undefined behaviour sanitizer.
Signed-off-by: Allan McRae <allan@archlinux.org>
Filling in more of the payload fields before passing to the downloader ensures
that the these fields do not get lost during sandboxed operations.
It also fixes the use of -U with XferCommand, but testsuite still fails due to
"404" page being downloaded for the signature. Given we can not identify this
as being a non-signature download with the XferCommand, we can just turn off
signature checking in this test.
Signed-off-by: Allan McRae <allan@archlinux.org>
If the SandboxUser configure option is set, the internal downloader
will fork of a child process and drop to the specified user to download
the files.
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Add log and download callbacks to use within a sandbox. These are
designed to be passed from the sandbox to the parent through a file
descriptor and then processed into alpm callbacks to be passed to the
frontend.
Note, only callbacks used in libalpm are added. Other callbacks should
be set to NULL in the child process.
Add alpm_sandbox_child() function that will be used for switching to a
less priviledged user to run child processes.
Signed-off-by: Allan McRae <allan@archlinux.org>
The DownloadUser option will be used to drop privledges to the
specified user when downloading files.
The intention is for this to be extended in the future to a more
general sandbox configuration to cover operating on package and
database files prior to verification.
Add this option to pacman configuration and the various accessors into
the libalpm backend.
Signed-off-by: Allan McRae <allan@archlinux.org>
Previously, the for loops on lines 1035 and 1037 would advance to the
next element in the server list, even if downloading the URL succeeded.
If there are no more servers in the list, `s` would be NULL, causing
a NULL pointer dereference on line 1046. If there were servers left
in the list, the signature would be downloaded from a wrong URL.
1. Fetching of database signatures is enabled.
2. There is only one enabled remote repository URL, or fetching from
all but the last one fails and fetching from the last one succeeds.
3. An XferCommand is used.
Qubes OS Arch templates satisfy all of these conditions and trigger the bug.
