FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

LinkBack Thread Tools
Old 09-22-2011, 04:18 PM
Default The official pacman repository branch, master, updated. v4.0.0rc1-244-g1df9b2a

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The official pacman repository".

The branch, master has been updated
via 1df9b2aa79c5017d394e26619449ab0a49c65c16 (commit)
via 067721cbff9652d5c436d277f9be3f8fa2a71796 (commit)
via 33685b960d3f05841cfac5696a0946396c448a34 (commit)
via 595e1a437fab8d489736eff4811903aea4f5a38f (commit)
via 7d961c849bf4dab481e261bdb91304f6a4744d8c (commit)
via 6767de5380d97f6544ca3968b83b74120dfcbeca (commit)
via 213950afa370296b921230e6edc626e70a71b499 (commit)
via 491b656c548f13658c609784cf02af244ee97b23 (commit)
via 03e1b4caa9cf91ac3a3956b82e080dfc72b66a17 (commit)
via a7691ba6fd6f87cae6210c304235c709e4f9a60e (commit)
via 4b6a5ae1599807d60568bb617483ffe368745ac0 (commit)
via 765178c5bafe88e09f33ab67152b9bb3eabe7685 (commit)
via 0ef7129a4a7776db9d0c4dd52519e2ca21b428d5 (commit)
via 4849a4596d502376f66c327a48c5d78328acdfe0 (commit)
via 0a4a5cea97f75d5d38e9cb33d5f47f0c36c0dffb (commit)
via 3e4749fe3ec3f14e4107363a85b953b4a0a747f7 (commit)
via 361ed6a6001c41f08ee85a94d28ba5a7c79a6154 (commit)
via e4690232d61b8b7655df40feb417cf54c489d73c (commit)
via ca58e326dc8e7d347c8ce77cba58a8ea1a99fb49 (commit)
via 69694edd2cd282b513426cced5d885cec35f612e (commit)
via d36d70d2947b1c6a161f6bf55ddd19445f2c81cb (commit)
via 33f251853155fd1e04d03fbaffb3849ab8e953dc (commit)
via 01f5c9e79ab2e051349f941b7ecce80d9a251603 (commit)
via 5e7875ae6a42de40e3a7432ea758b27397a11aa7 (commit)
via 3a460a8be650437326507b5604243d8fccbcfe26 (commit)
via 47dd31560906fdd87f547940f5c7656d94d52b1b (commit)
from 8375ad214a2a8d6e01430f432aa7957688d8ec52 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1df9b2aa79c5017d394e26619449ab0a49c65c16
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 17:51:02 2011 -0500

pacman-key: add an additional plain text 'foo-trusted' file

This is similar to the 'foo-revoked' file we had. This will be used to
inform the user what keys in the shipped keyring need to be explicitly
trusted by the user.

A distro such as Arch will likely have 3-4 master keys listed in this
trusted file, but an additional 25 developer keys present in the keyring
that the user shouldn't have to directly sign.

We use this list to prompt the user to sign the keys locally. If the key
is already signed locally gpg will print a bit of junk but will continue
without pestering the user.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 067721cbff9652d5c436d277f9be3f8fa2a71796
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 16:35:07 2011 -0500

pacman-key: factor out validate_with_gpg() method

This was copy-pasted code for the most part once the filename was
factored out.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 33685b960d3f05841cfac5696a0946396c448a34
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 17:53:44 2011 -0500

pacman-key: remove holdkeys functionality

We're putting the cart ahead of the horse a bit here. Given that our
keyring is not one where everything is implicitly trusted (ala gpgv),
keeping or deleting a key has no bearing on its trusted status, only
whether we can actually verify things signed by said key.

If we need to address this down the road, we can find a solution that
works for the problem at hand rather than trying to solve it now before
signing is even widespread.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 595e1a437fab8d489736eff4811903aea4f5a38f
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 16:22:21 2011 -0500

pacman-key: implement promptless lsigning

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 7d961c849bf4dab481e261bdb91304f6a4744d8c
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 16:19:12 2011 -0500

pacman-key: disable, don't remove, revoked keys

Unlike our protégé apt-key, removing a key from our keyring is not
sufficient to prevent it from being trusted or used for verification. We
are better off flagging it as disabled and leaving it in the keyring so
it cannot be reimported or fetched at a later date from a keyserver and
continue to be used.

Implement the logic to disable the key instead of delete it, figuring
out --command-fd in the process.

Note that the surefire way to disable a key involves including said key
in the keyring package, such that it is both in foobar.gpg and

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 6767de5380d97f6544ca3968b83b74120dfcbeca
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 15:30:12 2011 -0500

Add status and check for key being disabled

Because we aren't using gpgv and a dedicated keyring that is known to be
all safe, we should honor this flag being set on a given key in the
keyring to know to not honor it. This prevents a key from being
reimported that a user does not want to be used- instead of deleting,
one should mark it as disabled.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 213950afa370296b921230e6edc626e70a71b499
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 14:22:07 2011 -0500

pacman-key: simplify import in populate

This finishes the cleanup started in 710e83999bbf. We can do a straight
import from another keyring rather than all the funky parsing and piping
business we were doing.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 491b656c548f13658c609784cf02af244ee97b23
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 14:06:41 2011 -0500

pacman-key: don't hide --verify details in populate

Otherwise we're hiding extremely relevant bits like this one:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 03e1b4caa9cf91ac3a3956b82e080dfc72b66a17
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 14:04:07 2011 -0500

pacman-key: print message in populate if signature is missing

Rather than saying it was invalid, tell the user no signature exists.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit a7691ba6fd6f87cae6210c304235c709e4f9a60e
Author: Dan McGee <dan@archlinux.org>
Date: Tue Sep 20 19:36:14 2011 -0500

pacman-key: clean up populate output

* Ensure usage message is indented correctly
* Show short filenames for both the gpg keyring and revocation file

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 4b6a5ae1599807d60568bb617483ffe368745ac0
Author: Dan McGee <dan@archlinux.org>
Date: Tue Sep 20 19:35:11 2011 -0500

pacman-key: ensure array iterations are quoted

When doing something like `pacman-key --edit-key 'Dan McGee'`, one would
expect it to work, and not fail.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 765178c5bafe88e09f33ab67152b9bb3eabe7685
Author: Dan McGee <dan@archlinux.org>
Date: Tue Sep 20 16:54:08 2011 -0500

Implement PGP key search and import

Add two new static methods, key_search() and key_import(), to our
growing list of signing code.

If we come across a key we do not have, attempt to look it up remotely
and ask the user if they wish to import said key. If they do, flag the
validation process as a potential 'retry', meaning it might succeed the
next time it is ran.

These depend on you having a 'keyserver hkp://foo.example.com' line in
your gpg.conf file in your gnupg home directory to function.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 0ef7129a4a7776db9d0c4dd52519e2ca21b428d5
Author: Dan McGee <dan@archlinux.org>
Date: Thu Sep 22 11:02:58 2011 -0500

signing: document most undocumented functions

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 4849a4596d502376f66c327a48c5d78328acdfe0
Author: Dan McGee <dan@archlinux.org>
Date: Tue Sep 20 16:52:18 2011 -0500

Add _alpm_process_siglist() logic to failed package validation

This moves the result processing out of the validation check loop itself
and into a new loop. Errors will be presented to the user one-by-one
after we fully complete the validation loop, so they no longer overlap
the progress bar.

Unlike the database validation, we may have several errors to process in
sequence here, so we use a function-scoped struct to track all the
necessary information between seeing an error and asking the user about

The older prompt_to_delete() callback logic is still kept, but only for
checksum failures. It is debatable whether we should do this at all or
just delegate said actions to the user.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 0a4a5cea97f75d5d38e9cb33d5f47f0c36c0dffb
Author: Dan McGee <dan@archlinux.org>
Date: Tue Sep 20 16:49:50 2011 -0500

Add new import key question enum value and stub frontend function

This is for eventual use by the PGP key import code. Breaking this into
a separate commit now makes the following patches a bit easier to

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 3e4749fe3ec3f14e4107363a85b953b4a0a747f7
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 14:47:17 2011 -0500

Fix signature printing in package info

pm_asprintf() does not return a length as asprintf() does. Fail. Make
sure it is not -1 as that is the only failure condition.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 361ed6a6001c41f08ee85a94d28ba5a7c79a6154
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 13:31:18 2011 -0500

config parsing: add note if libcurl disabled and no XferCommand

Just a helpful warning for those users in this unenviable position.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit e4690232d61b8b7655df40feb417cf54c489d73c
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 13:20:13 2011 -0500

config parsing: include file and line number in more errors

$ pacman -Si pacman
error: invalid value for 'SigLevel' : 'FooValue'

$ ./src/pacman/pacman -Si pacman
error: config file /etc/pacman.conf, line 88: invalid value for 'SigLevel' : 'FooValue'

Signed-off-by: Dan McGee <dan@archlinux.org>

commit ca58e326dc8e7d347c8ce77cba58a8ea1a99fb49
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 13:06:19 2011 -0500

Pull option names out of messages in config parsing

This allows some message reuse, as well as making it clear to
translators what *not* to translate.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 69694edd2cd282b513426cced5d885cec35f612e
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 12:59:04 2011 -0500

Check capabilities in SigLevel option parsing

Only allow turning it on if the backend library has support for it.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit d36d70d2947b1c6a161f6bf55ddd19445f2c81cb
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 10:31:30 2011 -0500

Add alpm_capabilities() method and enumeration

This allows a frontend program to query, at runtime, what the library
supports. This can be useful for sanity checking during config-
requiring a downloader or disallowing signature settings, for example.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 33f251853155fd1e04d03fbaffb3849ab8e953dc
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 10:14:51 2011 -0500

Move default siglevel value from backend to frontend

This takes the libraries hidden default out of the equation: hidden in
the sense that we can't even find out what it is until we create a
handle. This is a chicken-and-egg problem where we have probably already
parsed the config, so it is hard to get the bitmask value right.

Move it to the frontend so the caller can do whatever the heck they
want. This also exposes a shortcoming where the frontend doesn't know if
the library even supports signatures, so we should probably add a
alpm_capabilities() method which exposes things like HAS_DOWNLOADER,

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 01f5c9e79ab2e051349f941b7ecce80d9a251603
Author: Dan McGee <dan@archlinux.org>
Date: Tue Sep 20 15:23:21 2011 -0500

validate_deltas: split verify/check errors loops

This allows us to do all delta verification up front, followed by
whatever needs to be done with any found errors. In this case, we call
prompt_to_delete() for each error.

accidentally got removed in commit 062c391919e93f1d6.

Remove use of *data; we never even look at the stuff in this array for
the error code we were returning and this would be much better handled
by one callback per error anyway, or at least some strongly typed return

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 5e7875ae6a42de40e3a7432ea758b27397a11aa7
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 19:13:43 2011 -0500

Fix possible segfault if siglist was empty

If siglist->results wasn't a NULL pointer, we would try to free it
anyway, even if siglist->count was zero. Only attempt to free this
pointer if we had results and the pointer is valid.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 3a460a8be650437326507b5604243d8fccbcfe26
Author: Dan McGee <dan@archlinux.org>
Date: Wed Sep 21 09:44:29 2011 -0500

Remove noisy debug logger

This one can be overwhelming when reading debug output from a very large
package. We already have the output of each extracted file so we
probably can do without this in 99.9% of cases.

Signed-off-by: Dan McGee <dan@archlinux.org>

commit 47dd31560906fdd87f547940f5c7656d94d52b1b
Author: Dan McGee <dan@archlinux.org>
Date: Tue Sep 20 15:56:20 2011 -0500

Fix int/size_t type in alpm_list_count() call

alpm_list_count() returns size_t, which we should use to store the
result since it is easy enough to format for printing.

Signed-off-by: Dan McGee <dan@archlinux.org>


Summary of changes:
doc/pacman-key.8.txt | 31 ++++---
lib/libalpm/add.c | 3 -
lib/libalpm/alpm.c | 25 +++++-
lib/libalpm/alpm.h | 10 ++
lib/libalpm/be_package.c | 1 +
lib/libalpm/handle.c | 7 +-
lib/libalpm/signing.c | 229 ++++++++++++++++++++++++++++++++++++++++++++--
lib/libalpm/sync.c | 106 +++++++++++++++-------
scripts/pacman-key.sh.in | 120 +++++++++++++-----------
src/pacman/callback.c | 13 ++-
src/pacman/conf.c | 53 +++++++----
src/pacman/util.c | 5 +-
12 files changed, 463 insertions(+), 140 deletions(-)

The official pacman repository

Thread Tools

All times are GMT. The time now is 05:08 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org