Merge pull request #116 from franciscod/pacman
pacman: add to disabled-packages
This commit is contained in:
commit
24e316d045
|
@ -0,0 +1,70 @@
|
||||||
|
# HEAVILY adapted from archlinux PKGBUILD
|
||||||
|
pkgname=pacman
|
||||||
|
pkgver=4.2.1
|
||||||
|
|
||||||
|
TERMUX_PKG_HOMEPAGE=https://www.archlinux.org/pacman/
|
||||||
|
TERMUX_PKG_DESCRIPTION="A library-based package manager with dependency support"
|
||||||
|
TERMUX_PKG_VERSION=$pkgver
|
||||||
|
|
||||||
|
#FIXME: asciidoc, fakechroot/fakeroot
|
||||||
|
TERMUX_PKG_DEPENDS="bash, glib, libarchive, curl, gpgme, python2, libandroid-glob, libandroid-support"
|
||||||
|
|
||||||
|
TERMUX_PKG_SRCURL="https://sources.archlinux.org/other/pacman/$pkgname-$pkgver.tar.gz"
|
||||||
|
TERMUX_PKG_BUILD_IN_SRC=yes
|
||||||
|
TERMUX_PKG_MAINTAINER="Francisco Demartino <demartino.francisco@gmail.com>"
|
||||||
|
|
||||||
|
TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--prefix=$TERMUX_PREFIX --sysconfdir=$TERMUX_PREFIX/etc"
|
||||||
|
TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" --localstatedir=$TERMUX_PREFIX/var --enable-doc "
|
||||||
|
TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" --with-scriptlet-shell=/usr/bin/bash"
|
||||||
|
|
||||||
|
|
||||||
|
export LDFLAGS="$LDFLAGS -llog -landroid-glob"
|
||||||
|
|
||||||
|
termux_step_make () {
|
||||||
|
make
|
||||||
|
make -C contrib
|
||||||
|
# make -C "$pkgname-$pkgver" check
|
||||||
|
}
|
||||||
|
|
||||||
|
#package() {
|
||||||
|
termux_step_make_install () {
|
||||||
|
|
||||||
|
make install
|
||||||
|
make -C contrib install
|
||||||
|
|
||||||
|
# install Arch specific stuff
|
||||||
|
install -dm755 "$TERMUX_PREFIX/etc"
|
||||||
|
install -m644 "$TERMUX_PKG_BUILDER_DIR/pacman.conf" "$TERMUX_PREFIX/etc/pacman.conf"
|
||||||
|
|
||||||
|
case $TERMUX_ARCH in
|
||||||
|
i686)
|
||||||
|
mycarch="i686"
|
||||||
|
mychost="i686-pc-linux-gnu"
|
||||||
|
myflags="-march=i686"
|
||||||
|
;;
|
||||||
|
arm)
|
||||||
|
mycarch="arm"
|
||||||
|
mychost="arm-unknown-linux-gnu"
|
||||||
|
myflags="-march=arm"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# set things correctly in the default conf file
|
||||||
|
install -m644 "$TERMUX_PKG_BUILDER_DIR/makepkg.conf" "$TERMUX_PREFIX/etc"
|
||||||
|
sed -i "$TERMUX_PREFIX/etc/makepkg.conf" \
|
||||||
|
-e "s|@CARCH[@]|$mycarch|g" \
|
||||||
|
-e "s|@CHOST[@]|$mychost|g" \
|
||||||
|
-e "s|@CARCHFLAGS[@]|$myflags|g"
|
||||||
|
|
||||||
|
# FIXME bash_completion
|
||||||
|
# # put bash_completion in the right location
|
||||||
|
# install -dm755 "$TERMUX_PREFIX/share/bash-completion/completions"
|
||||||
|
# mv "$TERMUX_PREFIX/etc/bash_completion.d/pacman" "$TERMUX_PREFIX/share/bash-completion/completions"
|
||||||
|
# rmdir "$TERMUX_PREFIX/etc/bash_completion.d"
|
||||||
|
|
||||||
|
# for f in makepkg pacman-key; do
|
||||||
|
# ln -s pacman "$TERMUX_PREFIX/share/bash-completion/completions/$f"
|
||||||
|
# done
|
||||||
|
|
||||||
|
install -Dm644 contrib/PKGBUILD.vim "$TERMUX_PREFIX/share/vim/vimfiles/syntax/PKGBUILD.vim"
|
||||||
|
}
|
|
@ -0,0 +1,60 @@
|
||||||
|
From deac9731884a83ad91eab9f27b288f406f56c87b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Levente Polyak <anthraxx@archlinux.org>
|
||||||
|
Date: Sat, 18 Jul 2015 17:58:23 +0200
|
||||||
|
Subject: [PATCH] ensure matching database and package version
|
||||||
|
|
||||||
|
While loading each package ensure that the internal version matches the
|
||||||
|
expected database version to avoid the possibility to circumvent the
|
||||||
|
version check.
|
||||||
|
This issue can be used by an attacker to trick the software into
|
||||||
|
installing an older version. The behavior can be exploited by a
|
||||||
|
man-in-the-middle attack through specially crafted database tarball
|
||||||
|
containing a higher version, yet actually delivering an older and
|
||||||
|
vulnerable version, which was previously shipped.
|
||||||
|
|
||||||
|
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
||||||
|
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
|
||||||
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
||||||
|
---
|
||||||
|
lib/libalpm/sync.c | 18 ++++++++++++++++++
|
||||||
|
1 file changed, 18 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
|
||||||
|
index 888ae15..e843b07 100644
|
||||||
|
--- a/lib/libalpm/sync.c
|
||||||
|
+++ b/lib/libalpm/sync.c
|
||||||
|
@@ -1212,6 +1212,7 @@ static int load_packages(alpm_handle_t *handle, alpm_list_t **data,
|
||||||
|
EVENT(handle, &event);
|
||||||
|
|
||||||
|
for(i = handle->trans->add; i; i = i->next, current++) {
|
||||||
|
+ int error = 0;
|
||||||
|
alpm_pkg_t *spkg = i->data;
|
||||||
|
char *filepath;
|
||||||
|
int percent = (int)(((double)current_bytes / total_bytes) * 100);
|
||||||
|
@@ -1232,6 +1233,23 @@ static int load_packages(alpm_handle_t *handle, alpm_list_t **data,
|
||||||
|
spkg->name);
|
||||||
|
alpm_pkg_t *pkgfile =_alpm_pkg_load_internal(handle, filepath, 1);
|
||||||
|
if(!pkgfile) {
|
||||||
|
+ _alpm_log(handle, ALPM_LOG_DEBUG, "failed to load pkgfile internal\n");
|
||||||
|
+ error = 1;
|
||||||
|
+ } else {
|
||||||
|
+ if(strcmp(spkg->name, pkgfile->name) != 0) {
|
||||||
|
+ _alpm_log(handle, ALPM_LOG_DEBUG,
|
||||||
|
+ "internal package name mismatch, expected: '%s', actual: '%s'\n",
|
||||||
|
+ spkg->name, pkgfile->name);
|
||||||
|
+ error = 1;
|
||||||
|
+ }
|
||||||
|
+ if(strcmp(spkg->version, pkgfile->version) != 0) {
|
||||||
|
+ _alpm_log(handle, ALPM_LOG_DEBUG,
|
||||||
|
+ "internal package version mismatch, expected: '%s', actual: '%s'\n",
|
||||||
|
+ spkg->version, pkgfile->version);
|
||||||
|
+ error = 1;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if(error != 0) {
|
||||||
|
errors++;
|
||||||
|
*data = alpm_list_add(*data, strdup(spkg->filename));
|
||||||
|
free(filepath);
|
||||||
|
--
|
||||||
|
2.4.6
|
||||||
|
|
|
@ -0,0 +1,146 @@
|
||||||
|
#
|
||||||
|
# /etc/makepkg.conf
|
||||||
|
#
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# SOURCE ACQUISITION
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
#-- The download utilities that makepkg should use to acquire sources
|
||||||
|
# Format: 'protocol::agent'
|
||||||
|
DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
|
||||||
|
'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
|
||||||
|
'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
|
||||||
|
'rsync::/usr/bin/rsync --no-motd -z %u %o'
|
||||||
|
'scp::/usr/bin/scp -C %u %o')
|
||||||
|
|
||||||
|
# Other common tools:
|
||||||
|
# /usr/bin/snarf
|
||||||
|
# /usr/bin/lftpget -c
|
||||||
|
# /usr/bin/wget
|
||||||
|
|
||||||
|
#-- The package required by makepkg to download VCS sources
|
||||||
|
# Format: 'protocol::package'
|
||||||
|
VCSCLIENTS=('bzr::bzr'
|
||||||
|
'git::git'
|
||||||
|
'hg::mercurial'
|
||||||
|
'svn::subversion')
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# ARCHITECTURE, COMPILE FLAGS
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
CARCH="@CARCH@"
|
||||||
|
CHOST="@CHOST@"
|
||||||
|
|
||||||
|
#-- Compiler and Linker Flags
|
||||||
|
# -march (or -mcpu) builds exclusively for an architecture
|
||||||
|
# -mtune optimizes for an architecture, but builds for whole processor family
|
||||||
|
CPPFLAGS="-D_FORTIFY_SOURCE=2"
|
||||||
|
CFLAGS="@CARCHFLAGS@ -mtune=generic -O2 -pipe -fstack-protector-strong"
|
||||||
|
CXXFLAGS="@CARCHFLAGS@ -mtune=generic -O2 -pipe -fstack-protector-strong"
|
||||||
|
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
|
||||||
|
#-- Make Flags: change this for DistCC/SMP systems
|
||||||
|
#MAKEFLAGS="-j2"
|
||||||
|
#-- Debugging flags
|
||||||
|
DEBUG_CFLAGS="-g -fvar-tracking-assignments"
|
||||||
|
DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# BUILD ENVIRONMENT
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
# Defaults: BUILDENV=(!distcc color !ccache check !sign)
|
||||||
|
# A negated environment option will do the opposite of the comments below.
|
||||||
|
#
|
||||||
|
#-- distcc: Use the Distributed C/C++/ObjC compiler
|
||||||
|
#-- color: Colorize output messages
|
||||||
|
#-- ccache: Use ccache to cache compilation
|
||||||
|
#-- check: Run the check() function if present in the PKGBUILD
|
||||||
|
#-- sign: Generate PGP signature file
|
||||||
|
#
|
||||||
|
BUILDENV=(!distcc color !ccache check !sign)
|
||||||
|
#
|
||||||
|
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
|
||||||
|
#-- specify a space-delimited list of hosts running in the DistCC cluster.
|
||||||
|
#DISTCC_HOSTS=""
|
||||||
|
#
|
||||||
|
#-- Specify a directory for package building.
|
||||||
|
#BUILDDIR=/tmp/makepkg
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# GLOBAL PACKAGE OPTIONS
|
||||||
|
# These are default values for the options=() settings
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
# Default: OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
|
||||||
|
# A negated option will do the opposite of the comments below.
|
||||||
|
#
|
||||||
|
#-- strip: Strip symbols from binaries/libraries
|
||||||
|
#-- docs: Save doc directories specified by DOC_DIRS
|
||||||
|
#-- libtool: Leave libtool (.la) files in packages
|
||||||
|
#-- staticlibs: Leave static library (.a) files in packages
|
||||||
|
#-- emptydirs: Leave empty directories in packages
|
||||||
|
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
|
||||||
|
#-- purge: Remove files specified by PURGE_TARGETS
|
||||||
|
#-- upx: Compress binary executable files using UPX
|
||||||
|
#-- debug: Add debugging flags as specified in DEBUG_* variables
|
||||||
|
#
|
||||||
|
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
|
||||||
|
|
||||||
|
#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
|
||||||
|
INTEGRITY_CHECK=(md5)
|
||||||
|
#-- Options to be used when stripping binaries. See `man strip' for details.
|
||||||
|
STRIP_BINARIES="--strip-all"
|
||||||
|
#-- Options to be used when stripping shared libraries. See `man strip' for details.
|
||||||
|
STRIP_SHARED="--strip-unneeded"
|
||||||
|
#-- Options to be used when stripping static libraries. See `man strip' for details.
|
||||||
|
STRIP_STATIC="--strip-debug"
|
||||||
|
#-- Manual (man and info) directories to compress (if zipman is specified)
|
||||||
|
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
|
||||||
|
#-- Doc directories to remove (if !docs is specified)
|
||||||
|
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
|
||||||
|
#-- Files to be removed from all packages (if purge is specified)
|
||||||
|
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# PACKAGE OUTPUT
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
# Default: put built package and cached source in build directory
|
||||||
|
#
|
||||||
|
#-- Destination: specify a fixed directory where all packages will be placed
|
||||||
|
#PKGDEST=/home/packages
|
||||||
|
#-- Source cache: specify a fixed directory where source files will be cached
|
||||||
|
#SRCDEST=/home/sources
|
||||||
|
#-- Source packages: specify a fixed directory where all src packages will be placed
|
||||||
|
#SRCPKGDEST=/home/srcpackages
|
||||||
|
#-- Log files: specify a fixed directory where all log files will be placed
|
||||||
|
#LOGDEST=/home/makepkglogs
|
||||||
|
#-- Packager: name/email of the person or organization building packages
|
||||||
|
#PACKAGER="John Doe <john@doe.com>"
|
||||||
|
#-- Specify a key to use for package signing
|
||||||
|
#GPGKEY=""
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# COMPRESSION DEFAULTS
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
COMPRESSGZ=(gzip -c -f -n)
|
||||||
|
COMPRESSBZ2=(bzip2 -c -f)
|
||||||
|
COMPRESSXZ=(xz -c -z -)
|
||||||
|
COMPRESSLRZ=(lrzip -q)
|
||||||
|
COMPRESSLZO=(lzop -q)
|
||||||
|
COMPRESSZ=(compress -c -f)
|
||||||
|
|
||||||
|
#########################################################################
|
||||||
|
# EXTENSION DEFAULTS
|
||||||
|
#########################################################################
|
||||||
|
#
|
||||||
|
# WARNING: Do NOT modify these variables unless you know what you are
|
||||||
|
# doing.
|
||||||
|
#
|
||||||
|
PKGEXT='.pkg.tar.xz'
|
||||||
|
SRCEXT='.src.tar.gz'
|
||||||
|
|
||||||
|
# vim: set ft=sh ts=2 sw=2 et:
|
|
@ -0,0 +1,90 @@
|
||||||
|
#
|
||||||
|
# /etc/pacman.conf
|
||||||
|
#
|
||||||
|
# See the pacman.conf(5) manpage for option and repository directives
|
||||||
|
|
||||||
|
#
|
||||||
|
# GENERAL OPTIONS
|
||||||
|
#
|
||||||
|
[options]
|
||||||
|
# The following paths are commented out with their default values listed.
|
||||||
|
# If you wish to use different paths, uncomment and update the paths.
|
||||||
|
#RootDir = /
|
||||||
|
#DBPath = /var/lib/pacman/
|
||||||
|
#CacheDir = /var/cache/pacman/pkg/
|
||||||
|
#LogFile = /var/log/pacman.log
|
||||||
|
#GPGDir = /etc/pacman.d/gnupg/
|
||||||
|
HoldPkg = pacman glibc
|
||||||
|
#XferCommand = /usr/bin/curl -C - -f %u > %o
|
||||||
|
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
|
||||||
|
#CleanMethod = KeepInstalled
|
||||||
|
#UseDelta = 0.7
|
||||||
|
Architecture = auto
|
||||||
|
|
||||||
|
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
|
||||||
|
#IgnorePkg =
|
||||||
|
#IgnoreGroup =
|
||||||
|
|
||||||
|
#NoUpgrade =
|
||||||
|
#NoExtract =
|
||||||
|
|
||||||
|
# Misc options
|
||||||
|
#UseSyslog
|
||||||
|
#Color
|
||||||
|
#TotalDownload
|
||||||
|
CheckSpace
|
||||||
|
#VerbosePkgLists
|
||||||
|
|
||||||
|
# By default, pacman accepts packages signed by keys that its local keyring
|
||||||
|
# trusts (see pacman-key and its man page), as well as unsigned packages.
|
||||||
|
SigLevel = Required DatabaseOptional
|
||||||
|
LocalFileSigLevel = Optional
|
||||||
|
#RemoteFileSigLevel = Required
|
||||||
|
|
||||||
|
# NOTE: You must run `pacman-key --init` before first using pacman; the local
|
||||||
|
# keyring can then be populated with the keys of all official Arch Linux
|
||||||
|
# packagers with `pacman-key --populate archlinux`.
|
||||||
|
|
||||||
|
#
|
||||||
|
# REPOSITORIES
|
||||||
|
# - can be defined here or included from another file
|
||||||
|
# - pacman will search repositories in the order defined here
|
||||||
|
# - local/custom mirrors can be added here or in separate files
|
||||||
|
# - repositories listed first will take precedence when packages
|
||||||
|
# have identical names, regardless of version number
|
||||||
|
# - URLs will have $repo replaced by the name of the current repo
|
||||||
|
# - URLs will have $arch replaced by the name of the architecture
|
||||||
|
#
|
||||||
|
# Repository entries are of the format:
|
||||||
|
# [repo-name]
|
||||||
|
# Server = ServerName
|
||||||
|
# Include = IncludePath
|
||||||
|
#
|
||||||
|
# The header [repo-name] is crucial - it must be present and
|
||||||
|
# uncommented to enable the repo.
|
||||||
|
#
|
||||||
|
|
||||||
|
# The testing repositories are disabled by default. To enable, uncomment the
|
||||||
|
# repo name header and Include lines. You can add preferred servers immediately
|
||||||
|
# after the header, and they will be used before the default mirrors.
|
||||||
|
|
||||||
|
#[testing]
|
||||||
|
#Include = /etc/pacman.d/mirrorlist
|
||||||
|
|
||||||
|
[core]
|
||||||
|
Include = /etc/pacman.d/mirrorlist
|
||||||
|
|
||||||
|
[extra]
|
||||||
|
Include = /etc/pacman.d/mirrorlist
|
||||||
|
|
||||||
|
#[community-testing]
|
||||||
|
#Include = /etc/pacman.d/mirrorlist
|
||||||
|
|
||||||
|
[community]
|
||||||
|
Include = /etc/pacman.d/mirrorlist
|
||||||
|
|
||||||
|
# An example of a custom package repository. See the pacman manpage for
|
||||||
|
# tips on creating your own repositories.
|
||||||
|
#[custom]
|
||||||
|
#SigLevel = Optional TrustAll
|
||||||
|
#Server = file:///home/custompkgs
|
|
@ -0,0 +1,12 @@
|
||||||
|
--- ./src/pacman/pacman.c 2015-12-23 19:50:37.093132801 -0300
|
||||||
|
+++ ./src/pacman/pacman.c 2015-12-23 23:30:17.986469980 -0300
|
||||||
|
@@ -1128,7 +1128,8 @@
|
||||||
|
} while(c != EOF);
|
||||||
|
|
||||||
|
free(line);
|
||||||
|
- if(!freopen(ctermid(NULL), "r", stdin)) {
|
||||||
|
+ //if(!freopen(ctermid(NULL), "r", stdin)) {
|
||||||
|
+ if(!freopen("/dev/tty", "r", stdin)) { // HACK termux doesn't have ctermid()
|
||||||
|
pm_printf(ALPM_LOG_ERROR, _("failed to reopen stdin for reading: (%s)\n"),
|
||||||
|
strerror(errno));
|
||||||
|
}
|
Loading…
Reference in New Issue