When ever pacman prints a conflict, it now prints pkgname-version,
instead of just pkgname.
alpm_conflict_t now carries *alpm_pkg_ts instead of just the
names of each package.
Fixes FS#12536 (point 2)
This also prevents a use-after-free issue where we free the list we
are interating over and the do i->next.
Signed-off-by: Allan McRae <allan@archlinux.org>
This is the error value generally used and the calling function
explicitly checks for -1, later causing the error to be missed
and the transaction to continue.
> pacman -S xterm
warning: xterm-369-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Package (1) Old Version New Version Net Change Download Size
extra/xterm 369-1 369-1 0.00 MiB 0.42 MiB
Total Download Size: 0.42 MiB
Total Installed Size: 1.05 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n]
error: no servers configured for repository: extra
(1/1) checking keys in keyring [--------------------------------------------------------] 100%
(1/1) checking package integrity [--------------------------------------------------------] 100%
error: failed to commit transaction (wrong or NULL argument passed)
Errors occurred, no packages were upgraded.
This partially fixes FS#67850
It fixes the case for -S'ing packages but not -U'ing urls.
pacman -S a/a b/b
resolving dependencies...
error: packages a and b have the same filename: a-1-1-any.pkg.tar.zst
error: failed to prepare transaction (duplicate filename)
Signed-off-by: Allan McRae <allan@archlinux.org>
With a repo using "SigLevel = Optional" and a package already downloaded
into the cache, download_files() returns 1 (via _alpm_download) to indicate
no files were downloaded. This causes installation of the package to
fail.
Explicitly check that download_files() returns -1 (error) rather than
non-zero.
Signed-off-by: Allan McRae <allan@archlinux.org>
Restore the prior indicator whether or not databases were up to date.
0 is used to indicate if *any* db was actually updated as callers are
more likely to care about that than if *all* dbs were updated.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Total download callback called right before packages start downloaded.
But we already have an event for such event (ALPM_EVENT_PKG_RETRIEVE_START)
and it is naturally to use the event to pass information about expected
download size.
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
When a package does not need to be downloaded but a signature does,
total download didn't count that towards the total.
Signed-off-by: Allan McRae <allan@archlinux.org>
With the recent 'multibar' interface changes TotalDownload has been disabled.
Now we have a new UI and we need to find another way to display this
information.
When 'TotalDownload' config option is enabled we are going to have an extra
progress bar at the bottom of the screen that shows how much of the entire
download has been completed.
Closes FS#68202
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
download_files never set ret on failiure, so even when downloading
fails, the transaction goes on to commit and error out.
:: Retrieving packages...
python-packaging-20.4-4-any.pkg.tar.zst failed to download
error: failed retrieving file 'python-packaging-20.4-4-any.pkg.tar.zst' from mirror.oldsql.cc : The requested URL returned error: 404
warning: failed to retrieve some files
(1/1) checking keys in keyring
(1/1) checking package integrity
error: failed to commit transaction (wrong or NULL argument passed)
Errors occurred, no packages were upgraded.
Also make the ret checking more consistent.
Signed-off-by: Allan McRae <allan@archlinux.org>
In case if a package corrupted (e.g. signature or hash is invalid)
pacman tries to remove the package file to redownload it anew the next time.
Remove *.sig file as well to make sure no data is left for the invalid
package.
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Pacman has a 'key in keyring' verification step that makes sure the signatures
have a valid keyid. Currently pacman parses embedded package signatures only.
Add a fallback to detached signatures. If embedded signature is missing then it
tries to read corresponding *.sig file and get keyid from there.
Verification:
debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst
debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310
debug: found signature key: A5E9288C4FA415FA
debug: looking up key A5E9288C4FA415FA locally
debug: key lookup success, key exists
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
In case if *.pkg exists but *.sig file does not we still have to pass
the pkg to multi_download API.
To avoid redownloading *.pkg file we use CURLOPT_TIMECONDITION curl option.
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Current code uses an incrementing counter to check whether a function
returned error:
errors += some_function();
if(errors) { goto finish }
Replace with a more standard variable
errors = some_function();
if(errors) { goto finish }
Rename 'errors' variable to a more typical 'ret'.
Avoid reporting both ALPM_EVENT_PKG_RETRIEVE_FAILED and
ALPM_EVENT_PKG_RETRIEVE_DONE in the error path.
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
All users of _alpm_download() have been refactored to the new API.
It is time to remove the old _alpm_download() functionality now.
This change also removes obsolete SIGPIPE signal handler functionality
(this is a leftover from libfetch days).
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Create a list of dload_payloads and pass it to the new _alpm_multi_*
interface.
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Multiplexed database/files downloads will use multiple progress bars.
The UI logic is quite complicated and printing error messages while
handling multiple progress bars is going to be challenging.
Instead we are going to save all ALPM error messages to a list and flush
it at the end of the download process. Use on_progress variable that
blocks error messages printing.
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The GOTO_ERR define was added in commit 80ae8014 for use in future commits.
There are plenty of places in the code base it can be used, so convert them.
Signed-off-by: Allan McRae <allan@archlinux.org>
One reason why the function returns an error is some repo
does not have any servers.
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Currently, download_files() creates payloads for all packages then
iterates over them, calling download_single_file. This can be
simplified by looping over packages and constructing the payload as needed.
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Current flow looks like
loop dbs_sync {
loop pkgs {
if pkg.db == db then process(pkg, db)
}
}
Package sync transaction always has a counterpart in the dbs_sync list
(I cannot come up with a use-case when it is not true). So the loop can
be simplified to:
loop pkgs {
process(pkg, pkg.db)
}
Tested: 'ninja test' & manually by using pacman with this patch for a
week
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
In rare cases, likely due to a well timed Ctrl+C, but possibly due to a
broken mirror, a ".part" file may have size at least that of the correct
package size.
When encountering this issue, currently pacman fails in different ways
depending on where the package falls in the list to download. If last,
"wrong or NULL argument passed" error is reported, or a "invalid or
corrupt package" issue if not.
Capture these .part files, and remove the extension. This lets pacman
either use the package if valid, or offer to remove it if it fails checksum
or signature verification.
Signed-off-by: Allan McRae <allan@archlinux.org>
We now store key structs of our missing key info, so can not search the list
for string matches. This caused missing keys to be downloaded once for every
package they signed.
Signed-off-by: Allan McRae <allan@archlinux.org>
Ask the user whether they want to import a missing key before even doing
a search on the keyserver. This will be useful for getting Web Key
Directory support in place: for a WKD, looking up and importing a key
are a single action, so the current key_search -> QUESTION -> key_import
workflow does not apply.
Since only the ID of the package signing key is available before
key_search, we display the packager variable in addition to the key ID
for user convenience.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
The behaviour of "pacman -Qu" was very strange... It would only consider
packages from repos with Usage = Search (or All), and ignore those with
Usage = Sync, Install or Upgrade.
This is because the function alpm_sync_newversion() used ALPM_DB_USAGE_SEARCH
for its filtering. Given this function is documented (at least in the source)
to "Check for new version of pkg in sync repos", I would expect that to look at
all repos. However, just changing this parameter, would result in a fairly
silent change in behaviour of this function. Instead, rename the function
and remove this filtering altogether. Users of this function can filter
the dbs passed to this function to achieve their desired output.
Signed-off-by: Allan McRae <allan@archlinux.org>
When --needed is used, up to date packages are now filtered out
before showing the group select.
Fixes FS#22870.
Signed-off-by: morganamilo <morganamilo@gmail.com>
Currently, if checking the validity of packages fails due to an access
error on one or more packages, the user must sift through debug output
in order to find the culprit package(s). This patch adds a call to
_alpm_log in such a case to make the culprits more easily visible.
Signed-off-by: Allan McRae <allan@archlinux.org>
Many of these are pointless (e.g. there is no need to explicitly turn on
spellchecking and language dictionaries for the manpages by default).
The only useful modelines are the ones enforcing the project coding
standards for indentation style (and "maybe" filetype/syntax, but
everything except the asciidoc manpages and makepkg.conf is already
autodetected), and indent style can be applied more easily with
.editorconfig
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
In FS#43434, Downloads which fail and are restarted on a different server
will resume and may display a negative download speed. The payload's progress
in libalpm was not properly reset which ultimately caused terminal noise
because the line width calculation assumes positive download speeds.
This patch fixes the incomplete reset of the payload by mimicing what
be_sync.c:alpm_db_update() does over in sync.c:download_single_file().
The new dload.c:_alpm_dload_payload_reset_for_retry() extends beyond the
current behavior by updating initial_size and prevprogress for this case.
This makes pacman reset the progress properly in the next invocation of the
callback and display positive download speeds.
Fixes FS#43434.
Signed-off-by: Martin Kühne <mysatyre@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Many bitfield variables are declared to be enums, because they are
generated using bitwise operations on enums such. However, their
actual values aren't necessary members of their parent enum, so
declaring them 'int' is more accurate.
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows functions which return an _alpm_errno_t to always return a
genuine _alpm_errno_t for consistency, even in cases where there are
no errors. Since ALPM_ERR_OK = 0, their callers can still simply check
'err = some_fn(); if (!err) { ... }'.
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Relying on localdb to determine which trigger operations should match is
completely broken for PostTransaction hooks because the localdb has
already been updated. Store a copy of the old version of any packages
being updated to use instead.
Fixes FS#47996
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This is necessary in order to be able to run PreTransaction hooks as
close to the actual commit as possible so that we don't prematurely run
hooks for a transaction that ultimately never happens.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
While loading each package ensure that the internal version matches the
expected database version to avoid the possibility to circumvent the
version check.
This issue can be used by an attacker to trick the software into
installing an older version. The behavior can be exploited by a
man-in-the-middle attack through specially crafted database tarball
containing a higher version, yet actually delivering an older and
vulnerable version, which was previously shipped.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
