For example, with landlock ABI < 3, LANDLOCK_ACCESS_FS_TRUNCATE is not
set in ruleset_attr.handled_access_fs, so it should not be set in
path_beneath.allowed_access either. Otherwise, landlock_add_rule fails
with -EINVAL, and pacman complains:
> error: restricting filesystem access failed because the landlock rule for the temporary download directory could not be added!
The change is tested on Debian Bookworm kernel
linux-image-6.1.0-25-cloud-amd64 6.1.106-3.
Some libaplm utilities sync databases as a non-root user for use in
actvities other than system updates. The ability to download as a
non-root user was broken as part of the download sandboxing.
Applying a minimial fix by preventing the chown of the downloaded file
if the user is non-root. A larger change increasing the robustness
and error checking of this path is warranted in the future.
Signed-off-by: Allan McRae <allan@archlinux.org>
Sorting modifies the list in place, causing any existing pointers to the
list to point to a random element.
Fixes#165
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Git commands can fail in bare repositories when global git config contains safe.bareRepository=explicit.
Some users set this option for increased security.
To be compatible with this configuration, explicitly set safe.bareRepository=all when invoking git in a bare repository.
In f91fa546 (repo-add: do not recreate the database if nothing was changed),
repo-add was made to skip database write-out if there were no changes to
the database. However, this breaks the usage of repo-add to create a new
empty database: `repo-add /path/to/mydb/mydb.db.tar.xz`.
Bring back support for this use-case by always writing the database if
it is missing.
Original-patch-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Allan McRae <allan@archlinux.org>
The Arch sharutils package was spewing messages about "Permission denied" when
copying source files into the debug package. This is due to the source files
having 444 permissions and being used in multiple binaries. Only copy each
source file into the debug package onces to avoid this error.
Signed-off-by: Allan McRae <allan@archlinux.org>
If a package was already downloaded but its signature file was not,
pacman would download the signature then error out despite all files
being present.
Also fixes a similar error when some, but not all, package databases
were updated with -Sy.
Fixes#156
Signed-off-by: Allan McRae <allan@archlinux.org>
The calculation used the size of the package rather than the amount
remaining to download for partially downloaded packages.
Signed-off-by: Allan McRae <allan@archlinux.org>
On Windows based systems (e.g. msys), running PKGBUILD linting is very
slow due to time taken spawning bash subshells. Additionally, some packages
have extreme amounts of (usually procedurally generated) splitting, which
also causes linting to be extremely slow. Provide an environment variable
to disable PKGBUILD linting.
Signed-off-by: Allan McRae <allan@archlinux.org>
Supporting git source fragments (branch, commit, tag) is difficult in
conjunction with GITFLAGS usage - particularly with the most common
use cases that reduce the amount of data cloned from the upstream repo.
Leaving GITFLAGS in place an documenting that various git source features
are not supported when GITFLAGS are in used is not an ideal 'solution'.
Instead, remove GITFLAGS support.
Signed-off-by: Allan McRae <allan@archlinux.org>
This causes issues when repeatedly building a package using the same
git checkout. There is also ambiguity of the default checkout when
trying to build from HEAD. See #142 and #143.
This reverts commit 85c421f1cb.
Add the -k parameter to the sudo call to prevent caching of credientials.
This would (potentailly) stop a rogue sudo use within a PKGBUILD.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add a new error code to expose the 'not a clone of' error state of some source
providers (git and fossil). This allows other tools integrating further and
handle this specific error state.
One usecase evolves around frequently changing source locations in PKGBUILDs
of packages in the AUR.
It's extremely hard to figure out what's going from when bsdtar fails
here when we expect it to succeed. Stop tunneling stderr to /dev/null
to help users figure out what's going on when this fails.
Let meson deal with the system differences instead of handling
it manually.
The custom dependency was added in meson 0.59, then gained
static support with 0.60, and static support for cygwin with 0.61,
which is why the meson requirement is bumped to 0.61.
Debian bullseye ships meson 0.56, so switch to bookworm which
has 1.0.1
Work around the final line not being parsed in .PKGINFO if there was a lack
of newline at the end of the file. This could occur due to utilising a tool
other than makepkg to create packages.
The missed line created a difference in the parsing of .PKGINFO between
repo-add and pacman, causing packages to be seen as invalidwith pacman-6.1.
Signed-off-by: Allan McRae <allan@archlinux.org>
