Filling in more of the payload fields before passing to the downloader ensures
that the these fields do not get lost during sandboxed operations.
It also fixes the use of -U with XferCommand, but testsuite still fails due to
"404" page being downloaded for the signature. Given we can not identify this
as being a non-signature download with the XferCommand, we can just turn off
signature checking in this test.
Signed-off-by: Allan McRae <allan@archlinux.org>
The primary purpose of this is to allow cleanup of file descriptors
allocated by curl that were left open in the child. I am not aware of
any issues caused by the open file descriptors, but think it better to
not leave random open fd's lying around.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
chroot() requires CAP_SYS_CHROOT. If the caller has put us in the
right root directory already, don't call chroot(). This allows
running pacman in a containerized environment without CAP_SYS_CHROOT.
Some user had erros while updating their system.
:: Proceed with installation? [Y/n]
:: Retrieving packages...
checking keyring...
checking package integrity...
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
The issue was filecache_find returning null and alpm passing that null
path to check validity. How this happened I have no idea. It may be
something to do with the user's cachedir being a network drive.
Also warn when the file exists but it is not a regular file or can not
be opened.
The currently used openssl interfaces for calculating checksums have been
deprecated in openssl-3.0. Move to the modern interfaces to avoid build
warnings.
Signed-off-by: Allan McRae <allan@archlinux.org>
Bash sources user configuration files under a number of conditions that
can cause issues with scripts when bash is used as the scriptlet shell.
Bash assumes it's being run under rsh/ssh if stdin is connected to a
socket and sources the user bashrc unless the environment variable
$SHLVL is >= 2. Commit 6a4c6a02de
switched from pipes to sockets when communicating with child processes
to work around SIGPIPE issues. Normally $SHLVL would be inherited from
the shell running pacman, but operations involving scriptlets are
generally run with sudo which does not let the $SHLVL variable through
unless specifically configured to.
Similarly $BASH_ENV can cause bash to source user-specified configuration
files if set.
https://lists.gnu.org/archive/html/help-bash/2022-02/msg00082.html
Note: the list discussion and bash source all reference SHLVL >= 2, this
is the SHLVL value *after* bash has incremented it on startup. Setting
it to 1 in pacman is sufficient to disable the unwanted behavior.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
On Linux, SIGPOLL is a valid signal, but on systems like FreeBSD, it is
not. This patch does a preprocessor check to see if SIGPOLL is available
or not.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
On Linux, signal.h is not required to have access to the signal
constants. On FreeBSD, this is not the case and requires signal.h to be
explicitly included.
This patch adds an include for signal.h in any source file that uses it.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
We'll reuse the function in pacman with a later commit.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Pacman has a 'key in keyring' verification step that makes sure the signatures
have a valid keyid. Currently pacman parses embedded package signatures only.
Add a fallback to detached signatures. If embedded signature is missing then it
tries to read corresponding *.sig file and get keyid from there.
Verification:
debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst
debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310
debug: found signature key: A5E9288C4FA415FA
debug: looking up key A5E9288C4FA415FA locally
debug: key lookup success, key exists
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
It is similar to _alpm_filecache_find() but does not return a
dynamically allocated memory to user. Thus the user does not need to
free this resource.
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Use STRDUP() over strdup() to catch memory allocation errors.
There are still some instances of strdup left, but these are in functions
that currently have no error path and would require a larger rework.
Signed-off-by: Allan McRae <allan@archlinux.org>
realloc can fail just like the other memory allocation functions. Add a
macro to simplify handling of realloc failures, similar to the already
existing MALLOC, CALLOC, etc.
Replace the existing realloc uses with the new macro, allowing us to
move tedious error handling to the macro. Also, in be_package and
be_sync, this fixes hypothetical memory leaks (and thereafter null
pointer dereferences) in case realloc fails to shrink the allocated
memory.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
If poll() is interrupted by a signal, alpm was closing the socket it
uses for listening to script/hook output. This would drop script output
at the least and kill the script at the worst.
Fixes FS#60396
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Front-ends or libraries may set signals to be ignored, which gets
inherited across fork and exec. This can cause scripts to malfunction
if they expect the signal. To make matters worse, scripts written in
bash can't reset signals that were ignored when bash was started.
Fixes FS#56756
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Many of these are pointless (e.g. there is no need to explicitly turn on
spellchecking and language dictionaries for the manpages by default).
The only useful modelines are the ones enforcing the project coding
standards for indentation style (and "maybe" filetype/syntax, but
everything except the asciidoc manpages and makepkg.conf is already
autodetected), and indent style can be applied more easily with
.editorconfig
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
If a scriptlet/hook dies at the wrong moment it can trigger SIGPIPE,
terminating the process. For pipes, there is no way to prevent SIGPIPE
other than ignoring it process-wide. This can have unintended
consequences in a multi-threaded process. Using send(2) with sockets,
however, allows ignoring SIGPIPE on a per-call basis, leaving other
threads able to make use of SIGPIPE.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Add a --with-nettle configure option that directs pacman to use the libnettle
hashing functions. Only one of the --with-libssl and --with-nettle configure
options can be specified.
[Allan: rewrote configure check]
Signed-off-by: Allan McRae <allan@archlinux.org>
This was included due to use of PolarSSL's implementation for our internal
SHA2 support. As our internal checksum calculations are now removed, we
can also remove this unused code path.
Signed-off-by: Allan McRae <allan@archlinux.org>
The internal implementations for md5 and sha256 checksums have not been merged
from upstream sources for a long time. Instead of us carrying copies of code
from other projects, we should just support building against multiple libraries
that provide such functionality.
This patch removes the md5 and sha2 code (originally obtained from PolarSSL)
from our repository. The configure script will now error unless at least one
library supporting checksum generation is present, with the only library
currently supported being openssl. It will be relatively simple for other
such libraries (e.g. nettle) to be supported if anyone wishes to add them.
Signed-off-by: Allan McRae <allan@archlinux.org>
The value EAGAIN is allowed by POSIX to be the same as EWOULDBLOCK, but this is
not guaranteed. Thus on some systems (e.g. glibc Linux), we get a warning that
the logical OR is being performed on two expressions of the same type. We can
not get rid of this test in case any system defines these as unique values.
Suggested-by: Dave Reisner
Signed-off-by: Allan McRae <allan@archlinux.org>
Commit e374e6829c closed stdin before
running scripts/hooks. This left the exec'd process with no file
descriptor 0. If the process subsequently opened a file it would be
assigned fd 0, and could potentially be confused for stdin. Connecting
and immediately closing the parent2child pipe ensures that the child has
an fd 0 and that it is empty.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Removes a leftover error message from when fdopen and fgets were used to
read from the pipe.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
If the script output does not end in a newline there could still be data
in the buffer after the poll loop.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
libalpm does not guarantee that script output will be presented to the
user or that stdin will be connected to a terminal. Close stdin so that
scripts do not attempt to use it for user interaction.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
It was allocating the required size rather than the calculated new size,
resulting in pathological incremental reallocations.
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
