Do not chown downloads when DownloadUser is unset

On NFS caches, using chown to change file permissions to the UID 0 user
will fail due to root_squash.  When DownloadUser is unset, or set to
the UID 0 user (root), avoid the unneeded chown calls providing a
workaround.

Fixes #194

Signed-off-by: Allan McRae <allan@archlinux.org>

README

@@ -6,7 +6,7 @@ Package Management) library. This document, while not exhaustive, also
 indicates some limitations (on purpose, or sometimes due to its poor design) of
 the library at the present time.
 
-There is one special file, "alpm.h", which is the public interface that
+There is one special file,"alpm.h", which is the public interface that
 should be distributed and installed on systems with the library. Only
 structures, data and functions declared within this file are made available to
 the frontend. Lots of structures are of an opaque type and their fields are
@@ -239,7 +239,7 @@ API CHANGES BETWEEN 3.1 AND 3.2
 - alpm_checkdbconflicts()
 - alpm_sync_newversion()
 - alpm_deptest()
-- error codes:
+- error codes :
     PM_ERR_DLT_INVALID, PM_ERR_LIBARCHIVE, PM_ERR_LIBDOWNLOAD and
     PM_ERR_EXTERNAL_DOWNLOAD
 - flags:
@@ -362,11 +362,11 @@ API CHANGES BETWEEN 3.4 AND 3.5
 - alpm_find_grp_pkgs()
 - alpm_trans_get_flags()
 - error codes:
-    PM_ERR_DISK_SPACE, PM_ERR_WRITE
-- flags:
-    PM_TRANS_FLAG_NODEPVERSION, PM_TRANS_EVT_DISKSPACE_START,
-    PM_TRANS_EVT_DISKSPACE_DONE, PM_TRANS_CONV_SELECT_PROVIDER,
-    PM_TRANS_PROGRESS_DISKSPACE_START, PM_TRANS_PROGRESS_INTEGRITY_START
+   PM_ERR_DISK_SPACE, PM_ERR_WRITE
+- flags
+   PM_TRANS_FLAG_NODEPVERSION, PM_TRANS_EVT_DISKSPACE_START,
+   PM_TRANS_EVT_DISKSPACE_DONE, PM_TRANS_CONV_SELECT_PROVIDER,
+   PM_TRANS_PROGRESS_DISKSPACE_START, PM_TRANS_PROGRESS_INTEGRITY_START
 
 
 API CHANGES BETWEEN 3.5 AND 4.0
@@ -419,7 +419,7 @@ API CHANGES BETWEEN 3.5 AND 4.0
   - alpm_release
   - alpm_remove_pkg
   - alpm_sync_sysupgrade
-- several structs are no longer opaque:
+- several structs are no longer opaque
   - alpm_conflict_t
   - alpm_delta_t
   - alpm_depend_t
@@ -431,33 +431,19 @@ API CHANGES BETWEEN 3.5 AND 4.0
 
 [ADDED]
 - option functions:
-  - alpm_{get,set}_eventcb()
-  - alpm_option_{get,set}_convcb()
-  - alpm_option_{get,set}_progresscb()
+    alpm_{get,set}_eventcb(), alpm_option_{get,set}_convcb(),
+	alpm_option_{get,set}_progresscb()
 - package signing functions:
-  - alpm_option_get_default_siglevel()
-  - alpm_option_set_default_siglevel()
-  - alpm_option_get_gpgdir()
-  - alpm_option_set_gpgdir()
-  - alpm_db_get_siglevel()
-  - alpm_siglist_cleanup()
-  - alpm_db_check_pgp_signature()
-  - alpm_pkg_check_pgp_signature()
-  - alpm_pkg_get_origin()
-  - alpm_pkg_get_sha256sum()
-  - alpm_pkg_get_base64_sig()
+    alpm_option_get_default_siglevel(), alpm_option_set_default_siglevel(),
+    alpm_option_get_gpgdir(), alpm_option_set_gpgdir(), alpm_db_get_siglevel(),
+    alpm_siglist_cleanup(), alpm_db_check_pgp_signature(), alpm_pkg_check_pgp_signature(),
+    alpm_pkg_get_origin(), alpm_pkg_get_sha256sum(), alpm_pkg_get_base64_sig()
 - list functions:
-  - alpm_list_to_array()
-  - alpm_list_previous()
+    alpm_list_to_array(), alpm_list_previous()
 - structs:
-  - alpm_backup_t
-  - alpm_file_t
-  - alpm_filelist_t
+    alpm_backup_t, alpm_file_t, alpm_filelist_t
 - enums:
-  - alpm_siglevel_t
-  - alpm_sigstatus_t
-  - alpm_sigvalidity_t
-  - alpm_pkgfrom_t
+    alpm_siglevel_t, alpm_sigstatus_t, alpm_sigvalidity_t, alpm_pkgfrom_t
 - error codes:
     ALPM_ERR_DB_INVALID, ALPM_ERR_DB_INVALID_SIG, ALPM_ERR_GPGME,
     ALPM_ERR_PKG_INVALID_CHECKSUM, ALPM_ERR_PKG_INVALID_SIG, ALPM_ERR_SIG_INVALID,
@@ -484,10 +470,10 @@ API CHANGES BETWEEN 4.0 AND 4.1
   - alpm_db_unregister_all -> alpm_unregister_all_syncdbs
   - alpm_db_readgroup -> alpm_db_get_group
   - alpm_db_set_pkgreason -> alpm_pkg_set_reason (handle parameter removed)
-- alpm_time_t typedef used for all times:
+- alpm_time_t typedef used for all times
   - members of alpm_pgpkey_t
   - return types of alpm_pkg_get_builddate and alpm_pkg_get_installdate
-- delta options now use required ratio rather than on/off:
+- delta options now use required ratio rather than on/off
   - alpm_option_get_usedelta -> alpm_option_get_deltaratio
   - alpm_option_set_usedelta -> alpm_option_set_deltaratio
 
@@ -504,21 +490,21 @@ API CHANGES BETWEEN 4.0 AND 4.1
   - alpm_db_usage_t
   - alpm_db_set_usage()
   - alpm_db_get_usage()
-- wrapper functions for reading mtree files:
+- wrapper functions for reading mtree files
   - alpm_pkg_mtree_open()
   - alpm_pkg_mtree_next()
   - alpm_pkg_mtree_close()
-- utility functions:
+- utility functions
   - alpm_pkg_find()
   - alpm_pkg_compute_optionalfor()
   - alpm_filelist_contains()
-- types:
+- types
   - alpm_time_t
   - alpm_errno_t
-- flags:
-    ALPM_EVENT_OPTDEP_REQUIRED, ALPM_EVENT_DATABASE_MISSING,
-    ALPM_EVENT_KEYRING_START, ALPM_EVENT_KEYRING_DONE, ALPM_EVENT_KEY_DOWNLOAD_START,
-    ALPM_EVENT_KEY_DOWNLOAD_DONE, ALPM_PROGRESS_KEYRING_START
+- flags
+   ALPM_EVENT_OPTDEP_REQUIRED, ALPM_EVENT_DATABASE_MISSING,
+   ALPM_EVENT_KEYRING_START, ALPM_EVENT_KEYRING_DONE, ALPM_EVENT_KEY_DOWNLOAD_START,
+   ALPM_EVENT_KEY_DOWNLOAD_DONE, ALPM_PROGRESS_KEYRING_START
 
 
 API CHANGES BETWEEN 4.1 AND 4.2
@@ -527,49 +513,49 @@ API CHANGES BETWEEN 4.1 AND 4.2
 [CHANGED]
 - alpm_filelist_t - removed member resolved_path
 - alpm_filelist_contains - now returns alpm_file_t
-- event callback:
-  - alpm_event_t renamed to alpm_event_type_t
-  - alpm_event_t union added
-  - alpm_event_cb now takes only an alpm_event_t parameter
-  - alpm_event_any_t, alpm_package_operation_t, alpm_event_package_operation_t,
-    alpm_event_optdep_removal_t, alpm_event_delta_patch_t, alpm_event_scriptlet_info_t,
-    alpm_event_database_missing_t, alpm_event_pkgdownload_t, alpm_event_pacnew_created_t,
-    alpm_event_pacsave_created_t, alpm_event_pacorig_created_t added
-  - ALPM_EVENT_*_START -> ALPM_EVENT_PACKAGE_OPERATION_START
-  - ALPM_EVENT_*_DONE -> ALPM_EVENT_PACKAGE_OPERATION_DONE
-- question callback:
-  - alpm_question_t renamed to alpm_question_type_t
-  - alpm_question_t union added
-  - alpm_cb_question now takes only an alpm_question_t parameter
-  - alpm_question_any_t, alpm_question_install_ignorepkg_t, alpm_question_replace_t
-    alpm_question_conflict_t, alpm_question_corrupted_t, alpm_question_remove_pkgs_t,
-    alpm_question_select_provider_t, alpm_question_import_key_t added
+- event callback
+   - alpm_event_t renamed to alpm_event_type_t
+   - alpm_event_t union added
+   - alpm_event_cb now takes only an alpm_event_t parameter
+   - alpm_event_any_t, alpm_package_operation_t, alpm_event_package_operation_t,
+     alpm_event_optdep_removal_t, alpm_event_delta_patch_t, alpm_event_scriptlet_info_t,
+     alpm_event_database_missing_t, alpm_event_pkgdownload_t, alpm_event_pacnew_created_t,
+     alpm_event_pacsave_created_t, alpm_event_pacorig_created_t added
+   - ALPM_EVENT_*_START -> ALPM_EVENT_PACKAGE_OPERATION_START
+   - ALPM_EVENT_*_DONE -> ALPM_EVENT_PACKAGE_OPERATION_DONE
+- question callback
+   - alpm_question_t renamed to alpm_question_type_t
+   - alpm_question_t union added
+   - alpm_cb_question now takes only an alpm_question_t parameter
+   - alpm_question_any_t, alpm_question_install_ignorepkg_t, alpm_question_replace_t
+     alpm_question_conflict_t, alpm_question_corrupted_t, alpm_question_remove_pkgs_t,
+     alpm_question_select_provider_t, alpm_question_import_key_t added
 
 [ADDED]
-- memory management:
+- memory management
   - alpm_fileconflict_free()
   - alpm_depmissing_free()
   - alpm_conflict_free()
   - alpm_dep_free()
-- database usage:
+- database usage
   - alpm_db_usage_t
   - alpm_db_set_usage()
   - alpm_db_get_usage()
-- assume installed:
+- assume installed
   - alpm_option_get_assumeinstalled()
   - alpm_option_add_assumeinstalled()
   - alpm_option_set_assumeinstalled()
   - alpm_option_remove_assumeinstalled()
-- using noupgrade/noextract:
+- using noupgrade/noextract
   - alpm_option_match_noupgrade()
   - alpm_option_match_noextract()
-- utility functions:
+- utility functions
   - alpm_dep_from_string()
   - alpm_pkg_should_ignore()
   - alpm_decode_signature()
   - alpm_extract_keyid()
-- flags:
-    ALPM_EVENT_RETRIEVE_DONE, ALPM_EVENT_RETRIEVE_FAILED, ALPM_EVENT_PKGDOWNLOAD_START,
+- flags
+  - ALPM_EVENT_RETRIEVE_DONE, ALPM_EVENT_RETRIEVE_FAILED, ALPM_EVENT_PKGDOWNLOAD_START,
     ALPM_EVENT_PKGDOWNLOAD_DONE, ALPM_EVENT_PKGDOWNLOAD_FAILED, ALPM_EVENT_OPTDEP_REMOVAL,
     ALPM_EVENT_PACNEW_CREATED, ALPM_EVENT_PACSVAE_CREATED, ALPM_EVENT_PACORIG_CREATED
 
@@ -579,13 +565,13 @@ API CHANGES BETWEEN 4.2 AND 5.0
 
 [REMOVED]
 - alpm_siglevel_t - removed members ALPM_SIG_PACKAGE_SET, ALPM_SIG_PACKAGE_TRUST_SET
-- removed .pacorig generation:
+- removed .pacorig generation
   - ALPM_EVENT_PACORIG_CREATED
   - alpm_event_pacorig_created_t
   - alpm_event_t.pacorig_created
 
 [ADDED]
-- hook support:
+- hook support
   - alpm_option_get_hookdirs()
   - alpm_option_set_hookdirs()
   - alpm_option_add_hookdir()
@@ -595,14 +581,14 @@ API CHANGES BETWEEN 4.2 AND 5.0
   - ALPM_EVENT_HOOK_START, ALPM_EVENT_HOOK_DONE
   - ALPM_EVENT_HOOK_RUN_START, ALPM_EVENT_HOOK_RUN_DONE
   - ALPM_ERR_TRANS_HOOK_FAILED
-- different database extension support:
+- different database extension support
   - alpm_option_get_dbext()
   - alpm_option_set_dbext()
-- pkgbase accessor:
+- pkgbase accessor
   - alpm_pkg_get_base()
-- transaction events:
+- transaction events
   - ALPM_EVENT_TRANSACTION_START, ALPM_EVENT_TRANSACTION_DONE
-- database unlocking:
+- database unlocking
   - alpm_unlock()
 
 
@@ -612,7 +598,7 @@ API CHANGES BETWEEN 5.0 AND 5.1
 [CHANGED]
 - alpm_errno_t - added member ALPM_ERR_OK
 - alpm_siglevel_t - value of ALPM_SIG_USE_DEFAULT changed
-- functions using bitfields return/pass an int instead of an enum:
+- functions using bitfields return/pass an int instead of an enum
   - alpm_option_get_default_siglevel()
   - alpm_option_set_default_siglevel()
   - alpm_option_get_remote_file_siglevel()
@@ -629,19 +615,19 @@ API CHANGES BETWEEN 5.0 AND 5.1
   - alpm_option_set_local_file_siglevel()
 
 [ADDED]
-- overwrite support:
+- overwrite support
   - alpm_option_get_overwrite_files()
   - alpm_option_set_overwrite_files()
   - alpm_option_add_overwrite_file()
   - alpm_option_remove_overwrite_file()
-- download timeout control:
+- download timeout control
   - alpm_option_set_disable_dl_timeout()
-- access make/checkdepends info:
+- access make/checkdepends info
   - alpm_pkg_get_checkdepends()
   - alpm_pkg_get_makedepends()
-- check pacman capabilities:
+- check pacman capabilities
   - alpm_capabilities()
-- duplicate and add to list:
+- duplicate and add to list
   - alpm_list_append_strdup()
 
 
@@ -649,7 +635,7 @@ API CHANGES BETWEEN 5.1 AND 5.2
 ===============================
 
 [REMOVED]
-- package delta support:
+- package delta support
   - alpm_delta_t
   - alpm_event_delta_patch_t
   - alpm_event_t union - removed alpm_event_delta_patch_t
@@ -676,10 +662,10 @@ API CHANGES BETWEEN 5.2 AND 6.0
 [REMOVED]
 - ALPM_EVENT_PKGDOWNLOAD_START, ALPM_EVENT_PKGDOWNLOAD_DONE, ALPM_EVENT_PKGDOWNLOAD_FAILED
 - ALPM_ERR_PKG_REPO_NOT_FOUND
-- old TotalDownload implementation:
-  - alpm_cb_totaldl
-  - alpm_option_get_totaldlcb()
-  - alpm_option_set_totaldlcb()
+- old TotalDownload implementation
+ - alpm_cb_totaldl
+ - alpm_option_get_totaldlcb()
+ - alpm_option_set_totaldlcb()
 
 [CHANGED]
 - alpm_db_update() now accepts a list of databases rather than a single database.
@@ -687,29 +673,29 @@ API CHANGES BETWEEN 5.2 AND 6.0
 - alpm_db_search() now has an additional parameter and returns success status
 - ALPM_EVENT_RETRIEVE_* -> ALPM_EVENT_DB_RETRIEVE_* and ALPM_EVENT_PKG_RETRIEVE_*
 - alpm_cb_download pass event and data
-- multi architecture support:
-  - alpm_option_get_arch() -> alpm_option_get_architectures()
-  - alpm_option_set_arch() -> alpm_option_set_architectures()
+- multi architecture support
+ - alpm_option_get_arch() -> alpm_option_get_architectures()
+ - alpm_option_set_arch() -> alpm_option_set_architectures()
 - alpm_db_get_servers() copies parameter data
 
 [ADDED]
-- parallel download support:
-  - alpm_option_set_parallel_downloads()
-  - alpm_option_get_parallel_downloads()
-- file download events:
-  - alpm_download_event_type_t
-  - alpm_download_event_init_t
-  - alpm_download_event_progress_t
-  - alpm_download_event_completed_t
-- download misc:
-  - ALPM_DOWNLOAD_RETRY
-  - alpm_download_event_retry_t
-  - alpm_event_pkg_retrieve_t
-- multiarchitecture support:
-  - alpm_option_add_architecture()
-  - alpm_option_remove_architecture()
-- misc:
-  - alpm_pkg_get_sig()
+- parallel download support
+ - alpm_option_set_parallel_downloads()
+ - alpm_option_get_parallel_downloads()
+- file download events
+ - alpm_download_event_type_t
+ - alpm_download_event_init_t
+ - alpm_download_event_progress_t
+ - alpm_download_event_completed_t
+- download misc
+ - ALPM_DOWNLOAD_RETRY
+ - alpm_download_event_retry_t
+ - alpm_event_pkg_retrieve_t
+- multiarchitecture support
+ - alpm_option_add_architecture()
+ - alpm_option_remove_architecture()
+- misc
+ - alpm_pkg_get_sig()
 - callbacks add front-end provided context
 
 
@@ -727,27 +713,27 @@ API CHANGES BETWEEN 6.0 AND 6.1
 - alpm_transflag_t - added ALPM_TRANS_FLAG_NOHOOKS
 
 [ADDED]
-- extensible package data type:
-  - alpm_pkg_xdata_t
-  - alpm_pkg_get_xdata()
-- accessor functions:
-  - alpm_db_get_handle()
-  - alpm_pkg_get_handle()
-- cache server support:
-  - alpm_db_get_cache_servers()
-  - alpm_db_set_cache_servers()
-  - alpm_db_add_cache_server()
+- extensible package data type
+ - alpm_pkg_xdata_t
+ - alpm_pkg_get_xdata()
+- accessor functions
+ - alpm_db_get_handle()
+ - alpm_pkg_get_handle()
+- cache server support
+ - alpm_db_get_cache_servers()
+ - alpm_db_set_cache_servers()
+ - alpm_db_add_cache_server()
 
 
 API CHANGES BETWEEN 6.1 AND 7.0
 ===============================
 
 [ADDED]
-- sandbox functions:
-  - alpm_option_get_sandboxuser()
-  - alpm_option_set_sandboxuser()
-  - alpm_option_set_disable_sandbox()
-  - alpm_sandbox_setup_child()
+- sandbox functions
+ - alpm_option_get_sandboxuser()
+ - alpm_option_set_sandboxuser()
+ - alpm_option_set_disable_sandbox()
+ - alpm_sandbox_setup_child()
 
 
 API CHANGES BETWEEN 7.0 AND 7.1

doc/PKGBUILD.5.asciidoc

@@ -313,15 +313,6 @@ underscore and the architecture name e.g., 'replaces_x86_64=()'.
 		Enable building packages using link time optimization. Adds '-flto'
 		to both CFLAGS and CXXFLAGS.
 
-*xdata (array)*::
-	This array allows you to add additional metadata to the package.
-	This data is neither used by pacman nor by makepkg;
-	It has purely informational purpose, or may be interpreted by third-party tools.
-+
-All entries in that array must have the form 'key=value', where
-'key' is an arbitrary non-empty string and 'value' must not contain an equal sign.
-Furthermore, the key ``pkgtype'' is reserved for the makepkg program.
-
 
 Packaging Functions
 -------------------

doc/pacman.8.asciidoc

@@ -151,8 +151,7 @@ Options
 	+{localstatedir}/cache/pacman/pkg+). Multiple cache directories can be
 	specified, and they are tried in the order they are passed to pacman.
 	*NOTE*: This is an absolute path, and the root path is not automatically
-	prepended. If DownloadUser is set in linkman:pacman.conf[5], then the
-	specified user must have permission to access the cache directory.
+	prepended.
 
 *\--color* <when>::
 	Specify when to enable coloring. Valid options are 'always', 'never', or

doc/repo-add.8.asciidoc

@@ -60,10 +60,6 @@ Common Options
 *\--nocolor*::
 	Remove color from 'repo-add' and 'repo-remove' output.
 
-*-R, \--remove*::
-	Remove old package files from the disk when updating or removing their
-	entry in the database.
-
 *-w, \--wait-for-lock*::
 	Wait for the lock file to be acquired. If unset, command will fail with
 	exit code 2 if acquiring the lock fails. If set, it will retry to acquire
@@ -75,6 +71,10 @@ repo-add Options
 	Only add packages that are not already in the database.  Warnings will be
 	printed upon detection of existing packages, but they will not be re-added.
 
+*-R, \--remove*::
+	Remove old package files from the disk when updating their entry in the
+	database.
+
 *\--include-sigs*::
 	Include package PGP signatures in the repository database (if available)
 

lib/libalpm/be_sync.c

@@ -268,6 +268,7 @@ cleanup:
 		alpm_list_free_inner(payloads, (alpm_list_fn_free)_alpm_dload_payload_reset);
 		FREELIST(payloads);
 	}
+	_alpm_remove_temporary_download_dir(temporary_syncpath);
 	FREE(temporary_syncpath);
 	FREE(syncpath);
 	umask(oldmask);

lib/libalpm/dload.c

@@ -73,17 +73,21 @@ static mode_t _getumask(void)
 	return mask;
 }
 
-static int finalize_download_file(const char *filename)
+static int finalize_download_file(const char *filename, const char *user)
 {
 	struct stat st;
 	uid_t myuid = getuid();
+	struct passwd const *pw = NULL;
+
 	ASSERT(filename != NULL, return -1);
 	ASSERT(stat(filename, &st) == 0, return -1);
+	ASSERT((pw = getpwuid(0)) != NULL, return -1);
+
 	if(st.st_size == 0) {
 		unlink(filename);
                 return 1;
 	}
-	if(myuid == 0) {
+	if(myuid == 0 && strcmp(user, pw->pw_name) != 0) {
 		ASSERT(chown(filename, 0, 0) != -1, return -1);
 	}
 	ASSERT(chmod(filename, ~(_getumask()) & 0666) != -1, return -1);
@@ -698,9 +702,9 @@ cleanup:
 	 * only applies to FTP transfers. */
 	curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
 	curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, (char *)NULL);
+
 	if(payload->localf != NULL) {
 		fclose(payload->localf);
-		payload->localf = NULL;
 		utimes_long(payload->tempfile_name, remote_time);
 	}
 
@@ -880,6 +884,7 @@ static int curl_download_internal(alpm_handle_t *handle,
 			p = NULL;
 			err = -1;
 		}
+
 		while(true) {
 			int msgs_left = 0;
 			CURLMsg *msg = curl_multi_info_read(curlm, &msgs_left);
@@ -903,6 +908,7 @@ static int curl_download_internal(alpm_handle_t *handle,
 			}
 		}
 	}
+
 	int ret = err ? -1 : updated ? 0 : 1;
 	_alpm_log(handle, ALPM_LOG_DEBUG, "curl_download_internal return code is %d\n", ret);
 	alpm_list_free(payloads);
@@ -916,8 +922,7 @@ static int curl_download_internal(alpm_handle_t *handle,
  */
 static int curl_download_internal_sandboxed(alpm_handle_t *handle,
 		alpm_list_t *payloads /* struct dload_payload */,
-		const char *localpath,
-		int *childsig)
+		const char *localpath)
 {
 	int pid, err = 0, ret = -1, callbacks_fd[2];
 	sigset_t oldblock;
@@ -1022,12 +1027,8 @@ static int curl_download_internal_sandboxed(alpm_handle_t *handle,
 		int wret;
 		while((wret = waitpid(pid, &ret, 0)) == -1 && errno == EINTR);
 		if(wret > 0) {
-			if(WIFSIGNALED(ret)) {
-				*childsig = WTERMSIG(ret);
-			}
 			if(!WIFEXITED(ret)) {
 				/* the child did not terminate normally */
-				handle->pm_errno = ALPM_ERR_RETRIEVE;
 				ret = -1;
 			}
 			else {
@@ -1083,11 +1084,11 @@ static int payload_download_fetchcb(struct dload_payload *payload,
 	return ret;
 }
 
-static int move_file(const char *filepath, const char *directory)
+static int move_file(const char *filepath, const char *directory, const char *user)
 {
 	ASSERT(filepath != NULL, return -1);
 	ASSERT(directory != NULL, return -1);
-	int ret = finalize_download_file(filepath);
+	int ret = finalize_download_file(filepath, user);
 	if(ret != 0) {
 		return ret;
 	}
@@ -1101,50 +1102,37 @@ static int move_file(const char *filepath, const char *directory)
 	return 0;
 }
 
-static int finalize_download_locations(alpm_list_t *payloads, const char *localpath)
+static int finalize_download_locations(alpm_list_t *payloads, const char *localpath, const char *user)
 {
 	ASSERT(payloads != NULL, return -1);
 	ASSERT(localpath != NULL, return -1);
 	alpm_list_t *p;
-	struct stat st;
 	int returnvalue = 0;
 	for(p = payloads; p; p = p->next) {
 		struct dload_payload *payload = p->data;
-		const char *filename = NULL;
-
-		if(payload->destfile_name && stat(payload->destfile_name, &st) == 0) {
-			filename = payload->destfile_name;
-		} else if(stat(payload->tempfile_name, &st) == 0) {
-			filename = payload->tempfile_name;
+		if(payload->tempfile_name) {
+			move_file(payload->tempfile_name, localpath, user);
 		}
-
-		if(filename) {
-			int ret = move_file(filename, localpath);
+		if(payload->destfile_name) {
+			int ret = move_file(payload->destfile_name, localpath, user);
 
 			if(ret == -1) {
+				/* ignore error if the file already existed - only signature file was downloaded */
 				if(payload->mtime_existing_file == 0) {
 					_alpm_log(payload->handle, ALPM_LOG_ERROR, _("could not move %s into %s (%s)\n"),
-							filename, localpath, strerror(errno));
+							payload->destfile_name, localpath, strerror(errno));
 					returnvalue = -1;
 				}
 			}
-		}
 
-		if (payload->download_signature) {
-			char *sig_filename;
-			int ret;
-
-			filename = payload->destfile_name ? payload->destfile_name : payload->tempfile_name;
-			sig_filename = _alpm_get_fullpath("", filename, ".sig");
-			ASSERT(sig_filename, RET_ERR(payload->handle, ALPM_ERR_MEMORY, -1));
-			ret = move_file(sig_filename, localpath);
-			free(sig_filename);
-
-			if(ret == -1) {
-				sig_filename = _alpm_get_fullpath("", filename, ".sig.part");
-				ASSERT(sig_filename, RET_ERR(payload->handle, ALPM_ERR_MEMORY, -1));
-				move_file(sig_filename, localpath);
-				free(sig_filename);
+			if (payload->download_signature) {
+				const char sig_suffix[] = ".sig";
+				char *sig_filename = NULL;
+				size_t sig_filename_len = strlen(payload->destfile_name) + sizeof(sig_suffix);
+				MALLOC(sig_filename, sig_filename_len, continue);
+				snprintf(sig_filename, sig_filename_len, "%s%s", payload->destfile_name, sig_suffix);
+				move_file(sig_filename, localpath, user);
+				FREE(sig_filename);
 			}
 		}
 	}
@@ -1186,7 +1174,7 @@ static void prepare_resumable_downloads(alpm_list_t *payloads, const char *local
 			FREE(src);
 			continue;
 		}
-		if(pw != NULL) {
+		if(pw != NULL && pw->pw_uid != 0) {
 			ASSERT(chown(payload->tempfile_name, pw->pw_uid, pw->pw_gid), return);
 		}
 		FREE(src);
@@ -1203,14 +1191,12 @@ int _alpm_download(alpm_handle_t *handle,
 		const char *temporary_localpath)
 {
 	int ret;
-	int finalize_ret;
-	int childsig = 0;
 	prepare_resumable_downloads(payloads, localpath, handle->sandboxuser);
 
 	if(handle->fetchcb == NULL) {
 #ifdef HAVE_LIBCURL
 		if(handle->sandboxuser) {
-			ret = curl_download_internal_sandboxed(handle, payloads, temporary_localpath, &childsig);
+			ret = curl_download_internal_sandboxed(handle, payloads, temporary_localpath);
 		} else {
 			ret = curl_download_internal(handle, payloads);
 		}
@@ -1285,21 +1271,13 @@ download_signature:
 		ret = updated ? 0 : 1;
 	}
 
-	finalize_ret = finalize_download_locations(payloads, localpath);
-	_alpm_remove_temporary_download_dir(temporary_localpath);
-
-	/* propagate after finalizing so .part files get copied over */
-	if(childsig != 0) {
-		kill(getpid(), childsig);
-	}
-	if(finalize_ret != 0 && ret == 0) {
+	if (finalize_download_locations(payloads, localpath, handle->sandboxuser) != 0 && ret == 0) {
 		RET_ERR(handle, ALPM_ERR_RETRIEVE, -1);
 	}
-
 	return ret;
 }
 
-static const char *url_basename(const char *url)
+static char *filecache_find_url(alpm_handle_t *handle, const char *url)
 {
 	const char *filebase = strrchr(url, '/');
 
@@ -1312,7 +1290,7 @@ static const char *url_basename(const char *url)
 		return NULL;
 	}
 
-	return filebase;
+	return _alpm_filecache_find(handle, filebase);
 }
 
 int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
@@ -1334,26 +1312,9 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
 
 	for(i = urls; i; i = i->next) {
 		char *url = i->data;
-		char *filepath = NULL;
-		const char *urlbase = url_basename(url);
-
-		if(urlbase) {
-			/* attempt to find the file in our pkgcache */
-			filepath = _alpm_filecache_find(handle, urlbase);
-
-			if(filepath && (handle->siglevel & ALPM_SIG_PACKAGE)) {
-				char *sig_filename = _alpm_get_fullpath("", urlbase, ".sig");
-
-				/* if there's no .sig file then forget about the pkg file and go for download */
-				if(!_alpm_filecache_exists(handle, sig_filename)) {
-					free(filepath);
-					filepath = NULL;
-				}
-
-				free(sig_filename);
-			}
-		}
 
+		/* attempt to find the file in our pkgcache */
+		char *filepath = filecache_find_url(handle, url);
 		if(filepath) {
 			/* the file is locally cached so add it to the output right away */
 			alpm_list_append(fetched, filepath);
@@ -1408,6 +1369,7 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
 			_alpm_log(handle, ALPM_LOG_WARNING, _("failed to retrieve some files\n"));
 			event.type = ALPM_EVENT_PKG_RETRIEVE_FAILED;
 			EVENT(handle, &event);
+
 			GOTO_ERR(handle, ALPM_ERR_RETRIEVE, err);
 		} else {
 			event.type = ALPM_EVENT_PKG_RETRIEVE_DONE;
@@ -1422,8 +1384,7 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
 				const char *filename = mbasename(payload->destfile_name);
 				filepath = _alpm_filecache_find(handle, filename);
 			} else {
-				const char *filename = mbasename(payload->tempfile_name);
-				filepath = _alpm_filecache_find(handle, filename);
+				STRDUP(filepath, payload->tempfile_name, GOTO_ERR(handle, ALPM_ERR_MEMORY, err));
 			}
 			if(filepath) {
 				alpm_list_append(fetched, filepath);
@@ -1437,11 +1398,13 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
 		FREELIST(payloads);
 	}
 
+	_alpm_remove_temporary_download_dir(temporary_cachedir);
 	FREE(temporary_cachedir);
 	return 0;
 
 err:
 	alpm_list_free_inner(payloads, (alpm_list_fn_free)_alpm_dload_payload_reset);
+	_alpm_remove_temporary_download_dir(temporary_cachedir);
 	FREE(temporary_cachedir);
 	FREELIST(payloads);
 	FREELIST(*fetched);
@@ -1453,11 +1416,6 @@ void _alpm_dload_payload_reset(struct dload_payload *payload)
 {
 	ASSERT(payload, return);
 
-	if(payload->localf != NULL) {
-		fclose(payload->localf);
-		payload->localf = NULL;
-	}
-
 	FREE(payload->remote_name);
 	FREE(payload->tempfile_name);
 	FREE(payload->destfile_name);

lib/libalpm/sync.c

@@ -882,6 +882,7 @@ finish:
 		pkg->infolevel &= ~INFRQ_DSIZE;
 		pkg->download_size = 0;
 	}
+	_alpm_remove_temporary_download_dir(temporary_cachedir);
 	FREE(temporary_cachedir);
 
 	return ret;

scripts/libmakepkg/lint_pkgbuild/meson.build

@@ -17,6 +17,7 @@ sources = [
   'package_function.sh.in',
   'package_function_variable.sh.in',
   'pkgbase.sh.in',
+  'pkglist.sh.in',
   'pkgname.sh.in',
   'pkgrel.sh.in',
   'pkgver.sh.in',
@@ -24,7 +25,6 @@ sources = [
   'source.sh.in',
   'util.sh.in',
   'variable.sh.in',
-  'xdata.sh.in',
 ]
 
 foreach src : sources

scripts/libmakepkg/lint_pkgbuild/pkglist.sh.in

@@ -0,0 +1,44 @@
+#!/bin/bash
+#
+#   pkglist.sh - Check the packages selected to build exist.
+#
+#   Copyright (c) 2014-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+[[ -n "$LIBMAKEPKG_LINT_PKGBUILD_PKGLIST_SH" ]] && return
+LIBMAKEPKG_LINT_PKGBUILD_PKGLIST_SH=1
+
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
+
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/util.sh"
+
+
+lint_pkgbuild_functions+=('lint_pkglist')
+
+
+lint_pkglist() {
+	local i ret=0
+
+	for i in "${PKGLIST[@]}"; do
+		if ! in_array "$i" "${pkgname[@]}"; then
+			error "$(gettext "Requested package %s is not provided in %s")" "$i" "$BUILDFILE"
+			ret=1
+		fi
+	done
+
+	return $ret
+}

scripts/libmakepkg/lint_pkgbuild/xdata.sh.in

@@ -1,58 +0,0 @@
-#!/bin/bash
-#
-#   xdata.sh - Check the 'xdata' array conforms to requirements.
-#
-#   Copyright (c) 2014-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
-#
-#   This program is free software; you can redistribute it and/or modify
-#   it under the terms of the GNU General Public License as published by
-#   the Free Software Foundation; either version 2 of the License, or
-#   (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be useful,
-#   but WITHOUT ANY WARRANTY; without even the implied warranty of
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#   GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-[[ -n "$LIBMAKEPKG_LINT_PKGBUILD_XDATA_SH" ]] && return
-LIBMAKEPKG_LINT_PKGBUILD_XDATA_SH=1
-
-MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
-
-source "$MAKEPKG_LIBRARY/util/message.sh"
-source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
-
-
-lint_pkgbuild_functions+=('lint_xdata')
-
-
-lint_xdata() {
-	local xdata_list entry key value ret=0
-
-	get_pkgbuild_all_split_attributes xdata xdata_list
-
-	for entry in "${xdata_list[@]}"; do
-		key="${entry%%=*}"
-		value="${entry##*=}"
-
-		if [[ "${entry}" == "${key}=${value}" ]]; then
-			# Entries must contain exactly one equal sign.
-			error "$(gettext "%s array: Entries must contain exactly one equal sign, e.g. key=value.")" "xdata"
-			ret=1
-		elif [[ "${key}" == '' ]]; then
-			# Do not allow keys without values.
-			error "$(gettext "%s array: The key part of an entry must not be empty.")" "xdata"
-			ret=1
-		elif [[ "${key}" == "pkgtype" ]]; then
-			# The key "pkgtype" is reserved for makepkg.
-			error "$(gettext "%s array: The key 'pkgtype' is reserved for makepkg.")" "xdata"
-			ret=1
-		fi
-	done
-
-	return $ret
-}

scripts/libmakepkg/tidy/meson.build

@@ -1,13 +1,13 @@
 libmakepkg_module = 'tidy'
 
 sources = [
-  '10-docs.sh.in',
-  '10-libtool.sh.in',
-  '10-staticlibs.sh.in',
-  '50-purge.sh.in',
-  '50-strip.sh.in',
-  '50-zipman.sh.in',
-  '90-emptydirs.sh.in',
+  'docs.sh.in',
+  'emptydirs.sh.in',
+  'libtool.sh.in',
+  'purge.sh.in',
+  'staticlibs.sh.in',
+  'strip.sh.in',
+  'zipman.sh.in',
 ]
 
 foreach src : sources

scripts/libmakepkg/util/schema.sh.in

@@ -30,7 +30,7 @@ known_hash_algos=({ck,md5,sha{1,224,256,384,512},b2})
 
 pkgbuild_schema_arrays=(arch backup checkdepends conflicts depends groups
                         license makedepends noextract optdepends options
-                        provides replaces source validpgpkeys xdata
+                        provides replaces source validpgpkeys
                         "${known_hash_algos[@]/%/sums}")
 
 pkgbuild_schema_strings=(changelog epoch install pkgbase pkgdesc pkgrel pkgver

scripts/makepkg.sh.in

@@ -493,7 +493,7 @@ write_pkginfo() {
 
 	write_kv_pair "pkgname" "$pkgname"
 	write_kv_pair "pkgbase" "$pkgbase"
-	write_kv_pair "xdata" "pkgtype=$pkgtype" "${xdata[@]}"
+	write_kv_pair "xdata" "pkgtype=$pkgtype"
 
 	local fullver=$(get_full_version)
 	write_kv_pair "pkgver" "$fullver"
@@ -1319,13 +1319,11 @@ else
 		original_pkglist=($(run_pacman -Qq))    # required by remove_dep
 	fi
 
-	if (( ! deperr )); then
-		msg "$(gettext "Checking buildtime dependencies...")"
-		if (( CHECKFUNC )); then
-			resolve_deps "${makedepends[@]}" "${checkdepends[@]}" || deperr=1
-		else
-			resolve_deps "${makedepends[@]}" || deperr=1
-		fi
+	msg "$(gettext "Checking buildtime dependencies...")"
+	if (( CHECKFUNC )); then
+		resolve_deps "${makedepends[@]}" "${checkdepends[@]}" || deperr=1
+	else
+		resolve_deps "${makedepends[@]}" || deperr=1
 	fi
 
 	if (( RMDEPS )); then

scripts/repo-add.sh.in

@@ -67,6 +67,7 @@ Multiple packages to add can be specified on the command line.\n")"
 		printf -- "\n"
 		printf -- "$(gettext "Options:\n")"
 		printf -- "$(gettext "  -n, --new         only add packages that are not already in the database\n")"
+		printf -- "$(gettext "  -R, --remove      remove old package file from disk after updating database\n")"
 		printf -- "$(gettext "  -p, --prevent-downgrade  do not add package to database if a newer version is already present\n")"
 	elif [[ $cmd == "repo-remove" ]] ; then
 		printf -- "$(gettext "Usage: repo-remove [options] <path-to-db> <packagename> ...\n")"
@@ -86,7 +87,6 @@ packages to remove can be specified on the command line.\n")"
 	printf -- "$(gettext "  -s, --sign        sign database with GnuPG after update\n")"
 	printf -- "$(gettext "  -k, --key <key>   use the specified key to sign the database\n")"
 	printf -- "$(gettext "  -v, --verify      verify database's signature before update\n")"
-	printf -- "$(gettext "  -R, --remove      remove old package file from disk after updating database\n")"
 	printf -- "$(gettext "  -w, --wait-for-lock  retry to acquire lock file until success\n")"
 	printf -- "$(gettext "\n\
 See %s(8) for more details and descriptions of the available options.\n")" $cmd
@@ -355,21 +355,11 @@ db_remove_entry() {
 	local pkgname=$1
 	local notfound=1
 	local pkgentry=$(find_pkgentry "$pkgname")
-	local repodir=${LOCKFILE%/*}/
 	while [[ -n $pkgentry ]]; do
 		notfound=0
 
 		msg2 "$(gettext "Removing existing entry '%s'...")" \
 		"${pkgentry##*/}"
-
-		if (( RMEXISTING )); then
-			local oldfilename="$(sed -n '/^%FILENAME%$/ {n;p;q;}' "$pkgentry/desc")"
-			local oldfile="$repodir/$oldfilename"
-
-			msg2 "$(gettext "Removing old package file '%s'")" "$oldfilename"
-			rm -f ${oldfile} ${oldfile}.sig
-		fi
-
 		rm -rf "$pkgentry"
 
 		# remove entries in "files" database