[pacman-dev] [GIT] The official pacman repository branch, master, updated. v5.2.1-105-gb01bcc7d
Allan McRae
allan at archlinux.org
Tue Jul 7 11:46:51 UTC 2020
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The official pacman repository".
The branch, master has been updated
via b01bcc7d3d680856bd60c4ae03e4ba3f6d889cb2 (commit)
via f3dfba73d22b7eca3810a8114f2aab63da488b4c (commit)
via 78d6dcec6c49bd2fa830237a46fd14337bc9fd4c (commit)
via 34ba8d984d89393ab85ca67724b87af67ff004c3 (commit)
via f078c2d3bcb72bafda0dce5fe2c9418ca462bb1a (commit)
from 6b9c1b4d54225b4c2808b5fadc2b6e779ae1916a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b01bcc7d3d680856bd60c4ae03e4ba3f6d889cb2
Author: Anatol Pomozov <anatol.pomozov at gmail.com>
Date: Tue May 26 19:12:08 2020 -0700
Fallback to detached signatures during keyring check
Pacman has a 'key in keyring' verification step that makes sure the signatures
have a valid keyid. Currently pacman parses embedded package signatures only.
Add a fallback to detached signatures. If embedded signature is missing then it
tries to read corresponding *.sig file and get keyid from there.
Verification:
debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst
debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310
debug: found signature key: A5E9288C4FA415FA
debug: looking up key A5E9288C4FA415FA locally
debug: key lookup success, key exists
Signed-off-by: Anatol Pomozov <anatol.pomozov at gmail.com>
Signed-off-by: Allan McRae <allan at archlinux.org>
commit f3dfba73d22b7eca3810a8114f2aab63da488b4c
Author: Anatol Pomozov <anatol.pomozov at gmail.com>
Date: Mon May 18 14:30:04 2020 -0700
FS#33992: force download *.sig file if it does not exist in the cache
In case if *.pkg exists but *.sig file does not we still have to pass
the pkg to multi_download API.
To avoid redownloading *.pkg file we use CURLOPT_TIMECONDITION curl option.
Signed-off-by: Anatol Pomozov <anatol.pomozov at gmail.com>
Signed-off-by: Allan McRae <allan at archlinux.org>
commit 78d6dcec6c49bd2fa830237a46fd14337bc9fd4c
Author: Anatol Pomozov <anatol.pomozov at gmail.com>
Date: Thu Apr 23 17:28:43 2020 -0700
Add a utility function to check whether a file exists in the cache
It is similar to _alpm_filecache_find() but does not return a
dynamically allocated memory to user. Thus the user does not need to
free this resource.
Signed-off-by: Anatol Pomozov <anatol.pomozov at gmail.com>
Signed-off-by: Allan McRae <allan at archlinux.org>
commit 34ba8d984d89393ab85ca67724b87af67ff004c3
Author: Anatol Pomozov <anatol.pomozov at gmail.com>
Date: Mon May 18 14:13:11 2020 -0700
Do not use counter for error tracking
Current code uses an incrementing counter to check whether a function
returned error:
errors += some_function();
if(errors) { goto finish }
Replace with a more standard variable
errors = some_function();
if(errors) { goto finish }
Rename 'errors' variable to a more typical 'ret'.
Avoid reporting both ALPM_EVENT_PKG_RETRIEVE_FAILED and
ALPM_EVENT_PKG_RETRIEVE_DONE in the error path.
Signed-off-by: Anatol Pomozov <anatol.pomozov at gmail.com>
Signed-off-by: Allan McRae <allan at archlinux.org>
commit f078c2d3bcb72bafda0dce5fe2c9418ca462bb1a
Author: Anatol Pomozov <anatol.pomozov at gmail.com>
Date: Tue May 12 15:26:38 2020 -0700
Move signature payload creation to download engine
Until now callee of ALPM download functionality has been in charge of
payload creation both for the main file (e.g. *.pkg) and for the accompanied
*.sig file. One advantage of such solution is that all payloads are
independent and can be fetched in parallel thus exploiting the maximum
level of download parallelism.
To build *.sig file url we've been using a simple string concatenation:
$requested_url + ".sig". Unfortunately there are cases when it does not
work. For example an archlinux.org "Download From Mirror" link looks like
this https://www.archlinux.org/packages/core/x86_64/bash/download/ and
it gets redirected to some mirror. But if we append ".sig" to the end of
the link url and try to download it then archlinux.org returns 404 error.
To overcome this issue we need to follow redirects for the main payload
first, find the final url and only then append '.sig' suffix.
This implies 2 things:
- the signature payload initialization need to be moved to dload.c
as it is the place where we have access to the resolved url
- *.sig is downloaded serially with the main payload and this reduces
level of parallelism
Move *.sig payload creation to dload.c. Once the main payload is fetched
successfully we check if the callee asked to download the accompanied
signature. If yes - create a new payload and add it to mcurl.
*.sig payload does not use server list of the main payload and thus does
not support mirror failover. *.sig file comes from the same server as
the main payload.
Refactor event loop in curl_multi_download_internal() a bit. Instead of
relying on curl_multi_check_finished_download() to return number of new
payloads we simply rerun the loop iteration one more time to check if
there are any active downloads left.
Signed-off-by: Anatol Pomozov <anatol.pomozov at gmail.com>
Signed-off-by: Allan McRae <allan at archlinux.org>
-----------------------------------------------------------------------
Summary of changes:
lib/libalpm/alpm.h | 11 ++++++
lib/libalpm/be_sync.c | 34 ++++--------------
lib/libalpm/dload.c | 95 ++++++++++++++++++++++++++++++++-------------------
lib/libalpm/dload.h | 4 ++-
lib/libalpm/package.c | 40 ++++++++++++++++++++++
lib/libalpm/sync.c | 67 ++++++++++++++++++++++--------------
lib/libalpm/util.c | 51 +++++++++++++++++++++++++++
lib/libalpm/util.h | 3 ++
8 files changed, 215 insertions(+), 90 deletions(-)
hooks/post-receive
--
The official pacman repository
More information about the pacman-dev
mailing list