Compare commits

..

7 commits

Author SHA1 Message Date
Allan McRae
1f38429b1c Initialise callback event fields
While the event is already globally initialised, initialising the fields
prevents a valgrind warning (since the gcc-15 update).

Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 0d37c1daa0)
2025-06-04 09:18:37 +10:00
Guillaume
c685ae6412 fix a segfault in sandbox.c if handle->dlcb is null
(cherry picked from commit a2d029388c)
2024-11-16 13:17:39 +10:00
Chih-Hsuan Yen
e3aedfb7aa Correctly configure landlock for older ABIs
For example, with landlock ABI < 3, LANDLOCK_ACCESS_FS_TRUNCATE is not
set in ruleset_attr.handled_access_fs, so it should not be set in
path_beneath.allowed_access either. Otherwise, landlock_add_rule fails
with -EINVAL, and pacman complains:

> error: restricting filesystem access failed because the landlock rule for the temporary download directory could not be added!

The change is tested on Debian Bookworm kernel
linux-image-6.1.0-25-cloud-amd64 6.1.106-3.

(cherry picked from commit e80569f5da)
2024-11-16 13:17:29 +10:00
Rafael Fontenelle
2a147eb7bb Add double colon for newline after MAKEPKG_LINT_PKGBUILD in makepkg.8.asciidoc
(cherry picked from commit 60ec268458)
2024-11-16 13:17:19 +10:00
Allan McRae
77361331ae libalpm: only chown downloaded files when running as root
Some libaplm utilities sync databases as a non-root user for use in
actvities other than system updates.  The ability to download as a
non-root user was broken as part of the download sandboxing.

Applying a minimial fix by preventing the chown of the downloaded file
if the user is non-root.  A larger change increasing the robustness
and error checking of this path is warranted in the future.

Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 7bc5d55b56)
2024-09-08 12:18:38 +10:00
KaranveerB
6270dd81a3 pacman/util.c: fix segfault when replace in strreplace is NULL
(cherry picked from commit 4c18204938)
2024-08-18 22:42:54 +10:00
Allan McRae
7cf2b0186d Fix typo in git source handling
Fixes #171

Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit c3aa1bc123)
2024-08-02 11:24:47 +10:00
7 changed files with 20 additions and 5 deletions

View file

@ -297,7 +297,7 @@ Environment Variables
**BUILDTOOLVER=**"<version>":: **BUILDTOOLVER=**"<version>"::
The version of the '$BUILDTOOL' used. The version of the '$BUILDTOOL' used.
**MAKEPKG_LINT_PKGBUILD=**0 **MAKEPKG_LINT_PKGBUILD=**0::
Setting to 0 disables PKGBUILD linting within makepkg. Useful on systems Setting to 0 disables PKGBUILD linting within makepkg. Useful on systems
with slow bash subshell operations, or on PKGBUILDs with extreme amounts of with slow bash subshell operations, or on PKGBUILDs with extreme amounts of
package splitting. package splitting.

View file

@ -76,13 +76,16 @@ static mode_t _getumask(void)
static int finalize_download_file(const char *filename) static int finalize_download_file(const char *filename)
{ {
struct stat st; struct stat st;
uid_t myuid = getuid();
ASSERT(filename != NULL, return -1); ASSERT(filename != NULL, return -1);
ASSERT(stat(filename, &st) == 0, return -1); ASSERT(stat(filename, &st) == 0, return -1);
if(st.st_size == 0) { if(st.st_size == 0) {
unlink(filename); unlink(filename);
return 1; return 1;
} }
ASSERT(chown(filename, 0, 0) != -1, return -1); if(myuid == 0) {
ASSERT(chown(filename, 0, 0) != -1, return -1);
}
ASSERT(chmod(filename, ~(_getumask()) & 0666) != -1, return -1); ASSERT(chmod(filename, ~(_getumask()) & 0666) != -1, return -1);
return 0; return 0;
} }
@ -1356,6 +1359,7 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
if(payloads) { if(payloads) {
event.type = ALPM_EVENT_PKG_RETRIEVE_START; event.type = ALPM_EVENT_PKG_RETRIEVE_START;
event.pkg_retrieve.num = alpm_list_count(payloads); event.pkg_retrieve.num = alpm_list_count(payloads);
event.pkg_retrieve.total_size = 0;
EVENT(handle, &event); EVENT(handle, &event);
if(_alpm_download(handle, payloads, cachedir, temporary_cachedir) == -1) { if(_alpm_download(handle, payloads, cachedir, temporary_cachedir) == -1) {
_alpm_log(handle, ALPM_LOG_WARNING, _("failed to retrieve some files\n")); _alpm_log(handle, ALPM_LOG_WARNING, _("failed to retrieve some files\n"));

View file

@ -222,7 +222,9 @@ bool _alpm_sandbox_process_cb_download(alpm_handle_t *handle, int callback_pipe)
ASSERT(read_from_pipe(callback_pipe, filename, filename_size) != -1, FREE(filename); return false); ASSERT(read_from_pipe(callback_pipe, filename, filename_size) != -1, FREE(filename); return false);
filename[filename_size] = '\0'; filename[filename_size] = '\0';
handle->dlcb(handle->dlcb_ctx, filename, type, &cb_data); if(handle->dlcb) {
handle->dlcb(handle->dlcb_ctx, filename, type, &cb_data);
}
FREE(filename); FREE(filename);
return true; return true;
} }

View file

@ -150,6 +150,9 @@ bool _alpm_sandbox_fs_restrict_writes_to(alpm_handle_t *handle, const char *path
path_beneath.parent_fd = open(path, O_PATH | O_CLOEXEC | O_DIRECTORY); path_beneath.parent_fd = open(path, O_PATH | O_CLOEXEC | O_DIRECTORY);
path_beneath.allowed_access = _LANDLOCK_ACCESS_FS_READ | _LANDLOCK_ACCESS_FS_WRITE | _LANDLOCK_ACCESS_FS_TRUNCATE; path_beneath.allowed_access = _LANDLOCK_ACCESS_FS_READ | _LANDLOCK_ACCESS_FS_WRITE | _LANDLOCK_ACCESS_FS_TRUNCATE;
/* make sure allowed_access is a subset of handled_access_fs, which may change for older landlock ABI */
path_beneath.allowed_access &= ruleset_attr.handled_access_fs;
if(landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, &path_beneath, 0) == 0) { if(landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, &path_beneath, 0) == 0) {
if(landlock_restrict_self(ruleset_fd, 0)) { if(landlock_restrict_self(ruleset_fd, 0)) {
_alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because the landlock ruleset could not be applied!\n")); _alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because the landlock ruleset could not be applied!\n"));

View file

@ -817,6 +817,8 @@ static int download_files(alpm_handle_t *handle)
} }
event.type = ALPM_EVENT_PKG_RETRIEVE_START; event.type = ALPM_EVENT_PKG_RETRIEVE_START;
event.pkg_retrieve.total_size = 0;
event.pkg_retrieve.num = 0;
/* sum up the number of packages to download and its total size */ /* sum up the number of packages to download and its total size */
for(i = files; i; i = i->next) { for(i = files; i; i = i->next) {

View file

@ -49,7 +49,7 @@ download_git() {
if [[ ! -d "$dir" ]] || dir_is_empty "$dir" ; then if [[ ! -d "$dir" ]] || dir_is_empty "$dir" ; then
msg2 "$(gettext "Cloning %s %s repo...")" "${repo}" "git" msg2 "$(gettext "Cloning %s %s repo...")" "${repo}" "git"
if ! git clone --origin=origin ---mirror "$url" "$dir"; then if ! git clone --origin=origin --mirror "$url" "$dir"; then
error "$(gettext "Failure while downloading %s %s repo")" "${repo}" "git" error "$(gettext "Failure while downloading %s %s repo")" "${repo}" "git"
plainerr "$(gettext "Aborting...")" plainerr "$(gettext "Aborting...")"
exit 1 exit 1

View file

@ -363,12 +363,16 @@ char *strreplace(const char *str, const char *needle, const char *replace)
const char *p = NULL, *q = NULL; const char *p = NULL, *q = NULL;
char *newstr = NULL, *newp = NULL; char *newstr = NULL, *newp = NULL;
alpm_list_t *i = NULL, *list = NULL; alpm_list_t *i = NULL, *list = NULL;
size_t needlesz = strlen(needle), replacesz = strlen(replace); size_t needlesz = strlen(needle), replacesz;
size_t newsz; size_t newsz;
if(!str) { if(!str) {
return NULL; return NULL;
} }
if(!replace) {
replace = "";
}
replacesz = strlen(replace);
p = str; p = str;
q = strstr(p, needle); q = strstr(p, needle);