Frontends rely on an initialization call for setup between downloads.
Checking for intialization after checking for a completed download can
skip initialization in cases where files are small enough to be
downloaded all at once (FS#56408). Relying on previous download size
can result in multiple initializations if there are multiple
non-transfer events prior to the download starting (fS#56468).
Introduce a new cb_initialized variable to the payload struct and use it
to ensure that the callback is initialized exactly once prior to any
actual events.
Fixes FS#56408, FS#56468
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
In eaa82b4d07 source_has_signature() was
modified to check if git repositories are marked as signed. However, due
to a typo the unused variable $netfile was checked. This worked as long
as the last source element was marked as signed, due to $netfile being
mistakenly set as a global in check_vcs_software(), but usually failed
with multiple sources.
Break this more consistently by properly declaring $netfile as a local
variable in check_vcs_software() which it should be regardless. Fix it
again by completely moving over to $netfile in source_has_signature()
as netfile is more descriptive of the current state.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
In 42e7020281 creating the gpg statusfile
for a source file was split into a separate function, which used the
return code to indicate unsigned files and proto-specific errors.
However, the fallback return code was set by the final gpg invocation,
which would be 1 if the signature was somehow broken (for example, the
key was not available in the gpg keyring). As a result makepkg thought
that file did not have a signature and skipped over it rather than
erroring out.
Fix this by explicitly setting the return code for all
verify_*_signature() functions.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
In commit 8b0d59b83a support was added for
storing the source files of binaries in debug packages. This made use of
the debugedit program which is part of the RPM package manager, which is
not very standalone.
The same effect can be achieved using -fdebug-prefix-map, an option
accepted by both the gcc and clang compilers which modifies how the
compiler itself stores the references to the source files rather than
requiring us to later edit the produced binaries. This also removes the
dependency on external programs like debugedit.
As a result of this change, source files will only be effectively added
for programs which actually use the exported CFLAGS. This is a reasonable
tradeoff as we expect our CFLAGS to be used rather than ignored. Upstream
software which do not produce useful debug packages are expected to fix
their build systems to respect the environment CFLAGS.
As a result of this change, the routine for extracting source filenames
from binaries had to be modified to derive the source file from the
final debug location, rather than the other way around.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
In commit 8b0d59b83a support was added for
storing the source files of binaries in debug packages. Allow the user
to specify where those source files should be stored via makepkg.conf
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows for more easily extending the list of allowed compression
methods, as it has to be modified in only one place.
Also allow the user to specify their own preferred command + options for
source packages in addition to compiled packages. Currently,
makepkg.conf(5) erroneously claims this is already possible.
Prior to commit aca153bfa6 some .sh files
were not generated and simply included directly, and it was necessary to
explicitly iterate all ignored files to prevent git from ignoring the
directly-included files. However, now all .sh files are in fact
generated so it makes no sense to list each one separately in the
.gitignore file.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
The extra variables on the commandline were inconsistently applied. They
should override anything else, instead, most were overridden by
environment variables with the exception of BUILDDIR (and this was not
sanity-checked to see if it had write permissions).
e.g. given the commandline:
`PKGDEST="$(pwd)"` BUILDDIR="$(pwd)" makepkg PKGDEST=/doesnt/exist BUILDDIR=/doesnt/exist`
We would incorrectly use the current working directory for PKGDEST.
Meanwhile, we checked the wrong directory for BUILDDIR, and later
errored when we tried to create $srcdir inside the non-writable
directory "/doesnt/exist".
In order to fix this, use the preferred bash builtin for saving variable
definitions, similar to how we restore traps etc. rather than tediously
redefining each one by hand, and restore this immediately after
makepkg.conf is sourced. Finally, the `make`-style commandline overrides
are applied.
Also canonicalize_path is applied only on the final paths we try to use.
While it is unlikely the value in makepkg.conf will be a relative path,
since we now properly respect commandline overrides, they should be
canonicalized as well.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This is a rewrite of Tobias Stoeckmann’s patch from June 2016[1] using
functions instead of macros. (Thanks to Tobias for explanations of his patch.)
A short question on Freenode IRC showed that macros are generally discouraged
and functions should be used.
The patch introduces a static size_t length_check() in libalpm/signing.c.
[1] Original patch:
https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html
CVE request (and assignment):
http://seclists.org/oss-sec/2016/q2/526
Signed-off-by: Allan McRae <allan@archlinux.org>
The documentation for OPTIONS and BUILDENV listed some incorrect
defaults for undefined options. The defaults are implementation-defined
in the source code for makepkg itself (e.g. it depends whether we use
`check_option "opt" "y"` or `check_option "opt" "n"`) but were
erroneously declared to be "whatever we *define* in the default
makepkg.conf".
Fixes FS#55754
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
For your convenience, makepkg now has 16 distinct ways to fail.
Also closes FS#54204.
Signed-off-by: Ivy Foster <iff@escondida.tk>
Signed-off-by: Allan McRae <allan@archlinux.org>
Not all sed implementations on linux accept the --follow-symlinks
argument, so let the user configure the arguments passed to sed if
required.
Signed-off-by: Alastair Hughes <hobbitalastair@gmail.com>
[Allan: fixed configure summary output]
Signed-off-by: Allan McRae <allan@archlinux.org>
If SOURCE_DATE_EPOCH is set, `touch` all source files between the (optional)
prepare() and build() functions to unify the modification times. This works
around build systems and compilers that embed the file modification times
into the file contents of release artifacts.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
As per https://lists.archlinux.org/pipermail/arch-general/2017-July/043876.html
git doesn't check that the tag name matches what an annotated tag object
*thinks* it should be called. This is a bit of a theoretical attack and
some would argue that we should always use commits since upstream can
legitimately change a tag, but nevertheless this can result in a
downgrade attack if the git download transport was manipulated or the
upstream repository hacked.
So, check the tag blob to make sure the tag actually matches the name we
used for `git checkout`.
This really should be fixed in git itself, rather than forcing all
downstream users of git verify-tag to implement their own checks, but
the git developers disagree, see the discussion surrounding
https://public-inbox.org/git/xmqqk2hzldx8.fsf@gitster.mtv.corp.google.com/
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This is primarily to help users who are not aware that -F operations use
a separate set of databases that need to be separately downloaded.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This makes it possible to detect a failure in several alpm_list
functions. Previously these functions would continue after a failure,
returning partial results and potentially leaking memory.
Unfortunately, NULL is a valid return value for the affected functions
if the input list is empty, so they still do not have a dedicated error
value. Callers can at least detect an error by checking if the input
list was empty.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The .BUILDINFO file should retain all the information needed to reproducibly
build a package. Add some extra information to the file and also provide a
version number to keep track of future changes.
Signed-off-by: Allan McRae <allan@archlinux.org>
In write_pkginfo, we checked if $PACKAGER was undefined, and gave a default
value if not. Just do this upfront to simplify this function.
Signed-off-by: Allan McRae <allan@archlinux.org>
There is little savings in only writing pkgbase when different to pkgname, and
it makes determining the pkgbase by parsing .PKGINFO slightly easier. Lets just
write it...
Signed-off-by: Allan McRae <allan@archlinux.org>
There were a couple places where filenames beginning with "-" were not
properly guarded against by passing them after "--". Some PKGBUILD
authors are crazy, but we still take those into account.
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This patch introduces the SOURCE_DATE_EPOCH environmental variable. All files
in a package are adjusted to have their modification dates set to the value
of SOURCE_DATE_EPOCH, which defaults to "date +%s".
Setting this variable allows a package that is built twice in the same
environment to be (potentially) reproducible in that the checksum of the
generated package file will be the same.
Also adjust the compression of the mtree file to avoid gzip embedding a
timestamp.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This information is duplicated (in less friendly format) in the "builddate"
entry and removing it improves reproducible packaging.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
snprintf prints at most n bytes including the terminating '\0'. The
extra reserved byte was never being used.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
gcc7 issues a warning about a potential overflow if left unchecked.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Copying a string into a buffer that has just been determined to not be
able to hold it is obviously incorrect. The actual error handling
appears to have been unintentionally removed in
47762ab687.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Prevents SIGSEGV if we catch SIGINT or SIGHUP before initializing alpm.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
With recent version of gpg, signing within fakeroot works on the first
invocation, but fails on later runs. Sign all packages outside of fakeroot
to avoid this issue.
Fixes FS#49946.
Signed-off-by: Allan McRae <allan@archlinux.org>
Setting PKGDEST and friends enables us to keep all built packages in a single
location. Symlinking these files into the build directory creates unnecessary
clutter and requires clean-up in multiple places when removing old version.
Signed-off-by: Allan McRae <allan@archlinux.org>
Delete log files for the pkgver and prepare functions if -c,--clean is
passed.
Fixes FS#51039 and FS#51075
Includes patch submitted by Christian Braun.
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
--root is not sufficient to properly operate on a mounted guest system.
Using --root still uses the host system's configuration and there is no
way to correctly use the guest configuration without manually modifying
any Include directives. --sysroot provides an easier way to operate on
a guest system by chrooting immediately after option parsing before
configuration parsing or performing any operations. It is currently
limited to the root user, but that's enough for restoring a guest system
to a working state, which is the primary intended use case.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
If a scriptlet/hook dies at the wrong moment it can trigger SIGPIPE,
terminating the process. For pipes, there is no way to prevent SIGPIPE
other than ignoring it process-wide. This can have unintended
consequences in a multi-threaded process. Using send(2) with sockets,
however, allows ignoring SIGPIPE on a per-call basis, leaving other
threads able to make use of SIGPIPE.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
If the user replaces a directory with a symlink, libalpm would get
confused because the trailing slash causes system calls to resolve the
symlink. This leads to errors and a misleading message during upgrades.
Even though libalpm does not support this, it should not be giving
misleading errors.
Also adds an overflow check.
Fixes FS#51377
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
