Allan McRae pushed to branch release/6.0.x at Pacman / Pacman Commits: ec0bf17c by Andrew Gregory at 2022-10-02T11:14:00+10:00 remove YouCompleteMe config Added, seemingly by accident, with meson in 51db84750ece4de58923d4ce43cb0638ef150f5f Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> (cherry picked from commit 529e208f39a02f5e8347f8e97b4748ef4b69b004) - - - - - e56c7a3f by Carlo Teubner at 2022-10-02T11:14:31+10:00 "pacman -Q --changelog": fix writing uninit'd mem Previously, when printing a package changelog to stdout, we would write chunks of data that were not necessarily nul-terminated to stdout using a function (fputs) which requires the input string to be nul-terminated. On my system, this would result in occasional garbage characters showing up in the "pacman -Qc" output. Fix this by never nul-terminating the chunk, and using the fwrite() function which takes an explicit input size and does not require a nul-terminated string. Signed-off-by: Carlo Teubner <carlo@cteubner.net> (cherry picked from commit 806ccd90ede19a69a013206641e5c6e330950d07) - - - - - 53289acd by morganamilo at 2022-10-02T11:14:59+10:00 alpm: fix wrong access() being used When removing files we check _alpm_access() to see if we can write (delete) the file. If not, we check if the file exists because if the file does not exist then we don't actually need to remove it so there's no issue. However the second call uses acess() instead of _alpm_access() which does not the rootdir into account. (cherry picked from commit 5287cc7251759d619382d702161dae79fa121ded) - - - - - 0352053e by Allan McRae at 2022-10-02T11:15:37+10:00 LTO: Add -flto to LDFLAGS for clang GCC automatically detects when it is linking LTO objects, but clang does not. Add -flto to LDFLAGS to make this work for clang too. Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 26ee6ff6adbcd8560ec3a65cf219d2ab98edb804) - - - - - ff91a9d4 by morganamilo at 2022-10-02T11:16:22+10:00 alpm: return -1 for error in find_dl_candidates This is the error value generally used and the calling function explicitly checks for -1, later causing the error to be missed and the transaction to continue. > pacman -S xterm warning: xterm-369-1 is up to date -- reinstalling resolving dependencies... looking for conflicting packages... Package (1) Old Version New Version Net Change Download Size extra/xterm 369-1 369-1 0.00 MiB 0.42 MiB Total Download Size: 0.42 MiB Total Installed Size: 1.05 MiB Net Upgrade Size: 0.00 MiB :: Proceed with installation? [Y/n] error: no servers configured for repository: extra (1/1) checking keys in keyring [--------------------------------------------------------] 100% (1/1) checking package integrity [--------------------------------------------------------] 100% error: failed to commit transaction (wrong or NULL argument passed) Errors occurred, no packages were upgraded. (cherry picked from commit 58c81fa2139a1e928f2a0e673c76f9d6ea684a1b) - - - - - 95ef9899 by Xiretza at 2022-10-02T11:16:56+10:00 makepkg: use -ffile-prefix-map instead of -fdebug-prefix-map >From gcc(1): -ffile-prefix-map=old=new [...] Specifying this option is equivalent to specifying all the individual -f*-prefix-map options. This can be used to make reproducible builds that are location independent. Specifically, this additionally enables -fmacro-prefix-map=, which causes prefix mapping to be applied to expansions of __FILE__ and similar macros.. Without this option, if source files are compiled by passing the absolute file path to the compiler (as done by e.g. cmake), any expansions of __FILE__ (e.g. from uses of assert()) will contain $srcdir. Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit e37f7d8b6b4d2f9accf97eb96d0eacbddf2a1345) - - - - - 6c880acb by Morten Linderud at 2022-10-02T11:18:33+10:00 makepkg: Use pkgbase in pkgdesc for debug packages When trying to identify debug packages among other packages we discovered that it's pkgname used in pkgdesc. Since pkgname can sometimes be an array when building debug packages for a split package, this could potentially include a pkgname that might not make sense depending on the order of the array. This patch simply uses pkgbase as it seems more correct. Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 2fe1ba5d817d1e51188de1b63fcd61e7d7ad173a) - - - - - 23e337ba by Allan McRae at 2022-10-02T11:19:09+10:00 libmakepkg: add extra buildflags only when buildflags is not disabled This means options=('!buildflags') will disable the addition of CFLAG etc for LTO and debug building. Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 42fe4864a0c8e2846007ffee532fe0cf4b321cdd) - - - - - c4a21f33 by Morten Linderud at 2022-10-02T11:19:25+10:00 strip: Use debugedit instead of AWK to parse source files This moves us from the fairly ugly AWK parsing line to debugedit which originally comes out of the rpm project. The original code has issues parsing anything that was not straight C/C++ and languages like Rust or Go would return invalid source code files. debugedit handles all these cases better. Fixes FS#66755 Fixes FS#66888 Fixes FS#65677 Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit ae2f506ddfd11d9becda7216033fe1b159536982) - - - - - 51354b7d by Evangelos Foutras at 2022-10-02T11:20:32+10:00 Make link time optimization flags configurable We want to use -flto=auto in Arch Linux to speed up building, but we can't hardcode it in buildenv/lto.sh because other downstreams might have clang < 13.0.0 which did not recognize -flto=auto as equivalent to -flto=full. Introducing an LTOFLAGS variable to makepkg.conf seems the way to go. Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit e1ce2351f5c00dd90104e0f4ce3bf176da28af08) - - - - - c974d6d2 by Allan McRae at 2022-10-02T11:23:51+10:00 Ensure WKD key lookup returns the correct key Looking up a key using WKD just ensures you have a key with the same email address, it does not ensure that a key with the correct fingerprint has been downloaded. Check a key with the relevant fingerprint is available after a WKD import. (cherry picked from commit e1246baddd14ec6f4b6270b59bea0e1b639472a7) - - - - - 2c83cd08 by Allan McRae at 2022-10-02T11:23:51+10:00 Fix segfault when failing to import keys Avoid a segfault when a search of the keyserver returns that the key is found but returns no primary IDs. We are then likely going to fail the import, but attempt anyway because no-one know what a keyserver will do! Fixes FS#73534. Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 6b37d9943183f662cbd9be9031e5e7ba6fd6bea1) - - - - - b187daef by Allan McRae at 2022-10-02T11:23:51+10:00 Do not use WKD to import keys for package installs from a file In order to use WKD in pacman -U/--upgrade operations, we need to get the packager information from the .PKGINFO within the package. That has obvious security implications. e.g. something like this could convince a user to download a different key to what they expect: packager = foo bar <>^[[2K^[[0G:: Import PGP key DEADBEEF, "foo <bar> While downloading an untrusted key has little impact due to the web-of-trust model used by pacman, this could be bad in combination with an exploit that allowed trust of keys in the keyring to be altered. To be safe, do not use WKD when installing using -U. Fixes FS#73703. Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 632eb9739d23181996cc3f4fb069b81eb0e998c7) - - - - - 3bad9848 by Allan McRae at 2022-10-02T11:23:51+10:00 Avoid information leakage with badly formed download header Parsing of Content-Disposition relies on well formed headers. A malformed header such as: Content-Disposition=""; will result in a strnduppayload->content_disp_name, -1, ptr), which will copy memory until it hits a \0. Prevent this by only copying the value if it exists. Fixes FS#73704. Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 40583ebe892018587ef354993dee15cff9c808d6) - - - - - a1837fa5 by Jonas Witschel at 2022-10-02T11:23:51+10:00 makepkg: use bsdtar --no-read-sparse for archive creation if available bsdtar uses the "pax" TAR archive format by default, which has support for storing sparse file information in the archive. Unfortunately this is a source of unreproducibility because the sparse encoding is taken from the file system and different file systems handle sparse files differently: some file systems have no support for sparsely encoded files at all, and even file systems with sparse file support can report different file information for identical files due to differing implementations. As a real world example where this happens, consider the Arch Linux package "brotli-testdata 1.0.9-7", which contains a sparsely encoded all-zeros file "usr/share/brotli/testdata/zeros". Building this package on a btrfs file system yields a different package than building it on tmpfs or ext4 solely due to different sparse file information that gets recorded in the package tarball. To improve the reproducibility of archives containing sparsely encoded files, libarchive version 3.6.0 introduces a new --no-read-sparse option. This skips reading sparse file information from disk entirely and therefore stores files "expanded" in the archive, which is the only way to make them reliably reproducible across file systems. makepkg will use this option if libarchive is recent enough to support it, which is detected at build time. Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit f5f9e0f4ea30503657944b5c34690bd36069b07e) - - - - - ce40629b by Allan McRae at 2022-10-02T11:24:15+10:00 libmakepkg: Do not "strip" files when the format is not recognised We use a multi step process during stripping to ensure permissions do not get changed. However, if the initial objcopy fails, the subsequent cat results in a blank file. Abandon early if objcopy fails. Fixes FS#74486 Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 18152a211aeee07e655c2cc4438c25e558e3b8aa) - - - - - d55924db by Morten Linderud at 2022-10-02T11:24:47+10:00 debugflags: Ensure we have unique source paths In some cases packages are built outside of a directory which contains pkgname-pkgver, this results in source listing in debug packages having a conflicting path like `/usr/src/debug/build/` which is not ideal. This patch ensures we always include the pkgbase to ensure the paths are unique. Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 776b7c1e75f24b9cab86b797c1acf549c7da2c46) - - - - - 4b21c60e by Allan McRae at 2022-10-02T11:25:22+10:00 Correctly handle failure in getting build or install dates alpm_pkg_get_builddate() and alpm_pkg_get_installdate() both return -1 on error. Correctly handle the error condition in pacman. Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 7bcc2d9b233dea3d7ed3824cc33d635d024d0784) - - - - - 958475a7 by Kristian Klausen at 2022-10-02T11:26:04+10:00 pacman-key: Don't check gpg's trustdb after each key revocation The trustdb is marked as dirty when a key is revoked[1] and GPG will recheck it the next time. Checking the trustdb can take 300-500ms which with 52 revoked keys (and counting) adds up. This is very noticeable when initializing and populating pacman's keyring like archiso is doing[2]. It is also unnecessary as the trustdb is always checked as the last step when populating the keyring. [1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/keyedit.c;... [2] https://gitlab.archlinux.org/archlinux/archiso/-/issues/191 (cherry picked from commit 673ce1ab10a652948f4f62bbbe8d12c5f4932cb0) - - - - - 1daabff0 by Allan McRae at 2022-10-02T11:26:26+10:00 Gitlab CI: Install glibc-debug valgrind test Currently our gitlab CI is failing due to valgrind breakage. With Arch stripping glibc, valgrind now requires debuginfod to be active. However the gitlab CI system combined without our testsuite does not retrieve these symbols, even when the appropriate environmental variable is set. Work around this by installing the glibc-debug package directly using a slight kludge... All blame for this approach is assigned to foutrelis! Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit d1e95c4e540283ff5d2a108459582ce2fa05c6ff) - - - - - 20 changed files: - .gitlab-ci.yml - − .ycm_extra_conf.py - build-aux/edit-script.sh.in - doc/makepkg.conf.5.asciidoc - etc/makepkg.conf.in - lib/libalpm/be_package.c - lib/libalpm/dload.c - lib/libalpm/remove.c - lib/libalpm/signing.c - lib/libalpm/sync.c - meson.build - scripts/libmakepkg/buildenv/buildflags.sh.in - scripts/libmakepkg/buildenv/debugflags.sh.in - scripts/libmakepkg/buildenv/lto.sh.in - + scripts/libmakepkg/executable/debugedit.sh.in - scripts/libmakepkg/lint_config/variable.sh.in - scripts/libmakepkg/tidy/strip.sh.in - scripts/makepkg.sh.in - scripts/pacman-key.sh.in - src/pacman/package.c View it on GitLab: https://gitlab.archlinux.org/pacman/pacman/-/compare/77420fe5001e0fdde9e68d7... -- View it on GitLab: https://gitlab.archlinux.org/pacman/pacman/-/compare/77420fe5001e0fdde9e68d7... You're receiving this email because of your account on gitlab.archlinux.org.