[pacman-dev] [PATCH] doc/makepkg.8: Added punctuations.

[foxboron]

From: Morten Linderud 

Signed-off-by: Morten Linderud 
---
 doc/makepkg.8.asciidoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/makepkg.8.asciidoc b/doc/makepkg.8.asciidoc
index 544659fc..3b5e61b3 100644
--- a/doc/makepkg.8.asciidoc
+++ b/doc/makepkg.8.asciidoc
@@ -274,7 +274,7 @@ Environment Variables
 
 **GPGKEY=**"keyid"::
Specify a key to use when signing packages, overriding the GPGKEY 
setting
-   in linkman:makepkg.conf[5]
+   in linkman:makepkg.conf[5].
 
 **SOURCE_DATE_EPOCH=**""::
Used for link:https://reproducible-builds.org/docs/[Reproducible 
Builds].
@@ -299,7 +299,7 @@ On exit, makepkg will return one of the following error 
codes.
Error in configuration file.
 
 3::
-   User specified an invalid option
+   User specified an invalid option.
 
 4::
Error in user-supplied function in PKGBUILD.
-- 
2.27.0

Re: [pacman-dev] [PATCH] Check that destfile_name exists before using it

[Anatol Pomozov]

Hi

This and the "Build signature remote name based" patches are needed to
fix corner cases discovered by Andrew's test cases.

[pacman-dev] [PATCH] Check that destfile_name exists before using it

[Anatol Pomozov]

In some cases (when trust_remote_name is used for a URL without a filename and
no Content-Disposition is provided by the server) destfile_name will be
NULL. In this case payload data will be stored in tempfile_name and no
destfile_name is set.

Signed-off-by: Anatol Pomozov 
---
 lib/libalpm/dload.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index 343f5c78..673e769f 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -897,15 +897,18 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, 
const alpm_list_t *urls,
 
for(i = payloads; i; i = i->next) {
struct dload_payload *payload = i->data;
-   const char *filename;
char *filepath;
 
if(payload->signature) {
continue;
}
 
-   filename = mbasename(payload->destfile_name);
-   filepath = _alpm_filecache_find(handle, filename);
+   if(payload->destfile_name) {
+   const char *filename = 
mbasename(payload->destfile_name);
+   filepath = _alpm_filecache_find(handle, 
filename);
+   } else {
+   STRDUP(filepath, payload->tempfile_name, 
GOTO_ERR(handle, ALPM_ERR_MEMORY, err));
+   }
if(filepath) {
alpm_list_append(fetched, filepath);
} else {
-- 
2.27.0

[pacman-dev] [PATCH] Do not free payload fields in the middle of this structure use

[Anatol Pomozov]

At the end of payload use it calls _alpm_dload_payload_reset()
that will free() these and other fields anyway.

Signed-off-by: Anatol Pomozov 
---
 lib/libalpm/dload.c | 4 
 1 file changed, 4 deletions(-)

diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index 1785dd6a..343f5c78 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -698,10 +698,6 @@ static int curl_add_payload(alpm_handle_t *handle, CURLM 
*curlm,
return 0;
 
 cleanup:
-   FREE(payload->fileurl);
-   FREE(payload->tempfile_name);
-   FREE(payload->destfile_name);
-   FREE(payload->content_disp_name);
curl_easy_cleanup(curl);
return ret;
 }
-- 
2.27.0

[pacman-dev] [PATCH] Build signature remote name based on the main payload name

[Anatol Pomozov]

The main payload final name might be affected by url redirects or
Content-Disposition HTTP header value.

We want to make sure that accompanion *.sig filename always matches the
package filename. So ignore finalname/Content-Disposition for the *.sig file.

It also helps to fix a corner case when the download URL does not contain
a filename and server provides Content-Disposition for the main payload
but not for the signature payload.

Signed-off-by: Anatol Pomozov 
---
 lib/libalpm/dload.c | 61 +++--
 1 file changed, 37 insertions(+), 24 deletions(-)

diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index 78808eb3..1785dd6a 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -481,6 +481,31 @@ static int curl_check_finished_download(CURLM *curlm, 
CURLMsg *msg,
curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, &timecond);
curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &effective_url);
 
+   if(payload->trust_remote_name) {
+   if(payload->content_disp_name) {
+   /* content-disposition header has a better name for our 
file */
+   free(payload->destfile_name);
+   payload->destfile_name = get_fullpath(localpath,
+   get_filename(payload->content_disp_name), "");
+   } else {
+   const char *effective_filename = strrchr(effective_url, 
'/');
+
+   if(effective_filename && strlen(effective_filename) > 
2) {
+   effective_filename++;
+
+   /* if destfile was never set, we wrote to a 
tempfile. even if destfile is
+* set, we may have followed some redirects and 
the effective url may
+* have a better suggestion as to what to name 
our file. in either case,
+* refactor destfile to this newly derived 
name. */
+   if(!payload->destfile_name || 
strcmp(effective_filename,
+   
strrchr(payload->destfile_name, '/') + 1) != 0) {
+   free(payload->destfile_name);
+   payload->destfile_name = 
get_fullpath(localpath, effective_filename, "");
+   }
+   }
+   }
+   }
+
/* Let's check if client requested downloading accompanion *.sig file */
if(!payload->signature && payload->download_signature && curlerr == 
CURLE_OK && payload->respcode < 400) {
struct dload_payload *sig = NULL;
@@ -489,6 +514,18 @@ static int curl_check_finished_download(CURLM *curlm, 
CURLMsg *msg,
CALLOC(sig, 1, sizeof(*sig), GOTO_ERR(handle, ALPM_ERR_MEMORY, 
cleanup));
MALLOC(sig->fileurl, len, FREE(sig); GOTO_ERR(handle, 
ALPM_ERR_MEMORY, cleanup));
snprintf(sig->fileurl, len, "%s.sig", effective_url);
+
+   if(payload->trust_remote_name) {
+   /* In this case server might provide a new name for the 
main payload.
+* Choose *.sig filename based on this new name.
+*/
+   const char* realname = payload->destfile_name ? 
payload->destfile_name : payload->tempfile_name;
+   const char *final_file = get_filename(realname);
+   int remote_name_len = strlen(final_file) + 5;
+   MALLOC(sig->remote_name, remote_name_len, 
FREE(sig->fileurl); FREE(sig); GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
+   snprintf(sig->remote_name, remote_name_len, "%s.sig", 
final_file);
+   }
+
sig->signature = 1;
sig->handle = handle;
sig->force = payload->force;
@@ -520,30 +557,6 @@ static int curl_check_finished_download(CURLM *curlm, 
CURLMsg *msg,
GOTO_ERR(handle, ALPM_ERR_RETRIEVE, cleanup);
}
 
-   if(payload->trust_remote_name) {
-   if(payload->content_disp_name) {
-   /* content-disposition header has a better name for our 
file */
-   free(payload->destfile_name);
-   payload->destfile_name = get_fullpath(localpath,
-   get_filename(payload->content_disp_name), "");
-   } else {
-   const char *effective_filename = strrchr(effective_url, 
'/');
-   if(effective_filename && strlen(effective_filename) > 
2) {
-   effective_filename++;
-
-   /* if destfile was never set, we wrote to a 
tempfile. even if destfile is
-* set, we may have followed some redirects and 
the effective url may
-