summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-03-24Merge branch 'maint'Dan McGee
2011-03-24Add -T, --deptest to usage messageRay Kohler
Fixes FS #23369 Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24Make log redirection sanerJan Steffens
My main motivation was to remove the "sync", which can stall for minutes on a busy machine (FS#23378). I also cleaned up the redirection. Signed-off-by: Jan Steffens <jan.steffens@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24alpm/db: do not close local DB in alpm_db_unregister_allDave Reisner
pacman 3.5.0 removed alpm_db_register_local, so calling alpm_db_unregister_all leaves the front end in a position where there's no local db, and no way to re-register it. Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24Fix use of relative paths for packages in repo-addRay Kohler
Move checksum and pgpsig calcluation before changing into the tmpdir, otherwise we can't find the files if a relative path was used. Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Do not reuse old signatureAllan McRae
After updating a database, remove the old signature to prevent it being used in validation if the new signature fails to download. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23Download and verify package database signaturesAllan McRae
If signature verification is needed, attempt to download a signature file for a repo when it is updated. Return an error if unable to download signature only when checking is mandatory, or if signature is invalid. TODO: At the moment the database signature is only checked on download. Should we do anything with a database if it fails to be verified to prevent its future usage? Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23Refactor signature loading code into common functionDan McGee
We can use this for both standalone package signatures as well as standalone database signatures. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add functions for verifying database signatureAllan McRae
Add a pmpgpsig_t struct to the database entry struct and functions for the lazy loading of database signatures. Add a function for checking database signatures, reusing (and generalizing) the code currently used for checking package signatures. TODO: The code for reading in signature files from the filesystem is duplicated for local packages and database and needs refactoring. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23etc/makepkg.conf: use curl in place of wget as a DLAGENTDave Reisner
Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23lib/dload.c: Check for dlcb == NULL earlierDave Reisner
Our curl callback does a whole lot of work for nothing if the front end never defined a callback to receive the data we'd calculate for it. Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Update doc/index.txt with 3.5.1 release datev3.5.1Dan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23lib/dload.c: don't use deprecated curl symbolsDave Reisner
CURLINFO_HTTP_CODE is deprecated in favor of CURLINFO_RESPONSE_CODE. Both yield the same values. Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23lib/dload.c: don't request compressed transportDave Reisner
The files we transfer are generally compressed already, so this just adds unnecessary overhead. Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23lib/dload.c: Fix progress callback issues on downloadDave Reisner
Use a static variable to effectively track the initialization state of the progress callback via the last byte amount reported as downloaded by libcurl. Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23lib/dload.c: fix compiler warnings generated by -Wfloat-equalDave Reisner
* introduces new macro in util.h (DOUBLE_EQ) for properly comparing floating point values Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23buildsys: use libcurl's m4 macro for buildtime detectionDave Reisner
Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Report output from signature checking to debug logAllan McRae
Move the (possibly still temporary) output generated during signature checking into the --debug output. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Added gpg verification options per repo to the config file.Xavier Chantry
Once we do this, add support for VerifySig to pactest. We just check if the repo name contains Always, Never or Optional to determine the value of VerifySig. The default is Never. pacman uses Always by default but this is not suitable for pactest. Original-work-by: shankar <jatheendra@gmail.com> Signed-off-by: Xavier Chantry <shiningxc@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Remove unnecessary sanity check on db->setserverDan McGee
We pass in a db object, so no need to go looking for it in the list on the handle. This is a remnant of when we passed in a treename, more than likely. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Let pacman specify GnuPG's home directory.Chris Brannon
GnuPG looks for configuration files and keyrings in its home directory. For a user, that is typically ~/.gnupg. This patch causes pacman to use /etc/pacman.d/gnupg/ as the default GnuPG home. One may override the default using --gpgdir on the command-line or GPGDir in pacman's configuration file. Signed-off-by: Chris Brannon <cmbrannon@cox.net> Signed-off-by: Xavier Chantry <shiningxc@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add a pactest showing failed GPG verificationDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Integrate GPGME into libalpmDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add some error codes for signature verificationDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add signature directory as option on libalpm handleDan McGee
This will serve as the home directory we pass to GPGME when making calls so we can have a libalpm-utilized keyring. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Actually read PGPSIG field in sync DB codeDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Merge branch 'gpg-libalpm-basics'Dan McGee
2011-03-23Add a few pactests for PGP integrationDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Remove libfetch error codeDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Read in .sig files when opening a package fileDan McGee
If a .sig file sits side-by-side on the filesystem with a package archive, read it in during the package struct creation process so we can verify it at a later time if necessary. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23Add PGP signature support to pactestDan McGee
Allow pkg.pgpsig to end up in the created sync databases. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Allow PGP signature to be read from sync databaseDan McGee
Add a new field to the package struct to hold PGP information and instruct db_read to pick it up from the database. It is currently unused internally but this is the first step. Due to the fact that we store the PGP sig as binary data, we need to store both the data and the length so we have a small utility struct to assist us. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23Add base64 algorithms from PolarSSL to libalpmDan McGee
We will need these for GPG functionality (decoding the base64 encoded signature stored in the databases). Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23Merge branch 'gpg-build-tools'Dan McGee
2011-03-23repo-add: add sha256sum values to repo databaseDan McGee
Implements FS#23103. Also modify libalpm so it ignores this value without any warning as we know it is likely to exist. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Merge branch 'gpg-pacman-key'Dan McGee
2011-03-23Merge branch 'maint'Dan McGee
2011-03-23Bump version to 3.5.1Dan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Updated 3.5.1 translations from TransifexDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add new Serbian translation from TransifexSlobodan Terzić
Thanks! Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-233.5.1 NEWS updatesDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Documentation consistency fixesDan McGee
Fix the way we were referring to paths (use ``), .pac* extensions (use ''), and other general things across our main manpages. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Fix documentation typo in makepkg.8Dan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23pacman-key manpage updatesDan McGee
Make consistent in formatting, syntax, and prose with the rest of our documentation. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23pacman-key help, round threeDan McGee
Make it actually like all our other tools rather than some homegrown format. Also make it translator friendly by not wrapping messages across lines in different strings. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add man-page for pacman-keyGuillaume Alaux
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23pacman-key: improve usage outputAllan McRae
Make the usage output display nicely on 80 character width terminals. Also fix parsing of "-h" and "-v" options and avoid root check when run with no commands. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23pacman-key: remake of --reload commandDenis A. Altoé Falqueto
The --reload command was refactored to allow a more flexible management. There are two sets of keys that will be added, one that will be removed and one that will be kept. The set of keys to be kept are configured in pacman.conf, with the option HoldKeys, with the same meaning of HoldPkgs. It can be repeated and several values can be put in the same entry. The new behavior allows a key to be marked for removal, but the user can decide if that key must be kept. For example, if a developer has a public repository, signed with his own key, that key must be added to the HoldKeys option. If the key is marked for removal from pacman's keyring, it will not be removed for the users that have configured HoldKeys correctly. There are other minor fixes, mainly in the handling of --add command when there is no aditional parameter. In that case, pacman-key will behave just like gpg, adding the contents of stdin into pacman's keyring. Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
2011-03-23pacman-key: keyring management toolDenis A. Altoé Falqueto
The script pacman-key will manage pacman's keyring. It imports, exports, fetches from keyservers, helps in the process of trusting and updates the trust database. Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23repo-add: add symlink to signature fileAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>