Re: [pacman-dev] [arch-general] Privilege separation in the pacman downloader (Was: Pacman Database Signatures)
On 2/4/20 11:08 PM, Eli Schwartz wrote: > Since I'm unfamiliar with apt and other tools, what exactly do they do? > Given pacman/apt/your-choice-of-package-manager must somehow write to a > cachedir, e.g. /var/cache/pacman/pkg, it would need a dedicated download > user, which would then exclusively hold ownership of the cachedir. > > pacman is one big binary at the moment, it doesn't fork+exec to run > collections of binaries implementing different parts of the package > manager (which is actually a plus when it comes to speed), so this might > entail major re-architecturing of that part of pacman. Doing it for > external XferCommand programs could be a start. > > Is this a topic you're interested in exploring? I've opened a feature request for this: https://bugs.archlinux.org/task/65401 -- Eli Schwartz Bug Wrangler and Trusted User signature.asc Description: OpenPGP digital signature
[pacman-dev] [PATCH] makepkg: drop duplicate reporting of missing dependencies
When pacman fails to satisfy deps, we might see output like the
following:
==> Making package: spiderfoot 3.0-1 (Thu 06 Feb 2020 12:45:10 PM CET)
==> Checking runtime dependencies...
==> Installing missing dependencies...
error: target not found: python-pygexf
==> ERROR: 'pacman' failed to install missing dependencies.
==> Missing dependencies:
-> python-dnspython
-> python-exifread
-> python-cherrypy
-> python-beautifulsoup4
-> python-netaddr
-> python-pysocks
-> python-ipwhois
-> python-ipaddress
-> python-phonenumbers
-> python-pypdf2
-> python-stem
-> python-whois
-> python-future
-> python-pyopenssl
-> python-docx
-> python-pptx
-> python-networkx
-> python-cryptography
-> python-secure
-> python-pygexf
-> python-adblockparser
==> Checking buildtime dependencies...
==> ERROR: Could not resolve all dependencies.
This is misleading -- the only truly missing package is python-pygexf,
but we fail to remove sync-able deps from our deplist and report
everything as if it were missing. Simply drop this extra reporting
because pacman already tells us exactly what couldn't be resolved.
---
I thought about trying to make this accurate and diff the lists --
something like:
mapfile -t deplist < <(printf '%s\n' "${deplist}" | grep -vxFf <(run_pacman
-Ssq))
but I'm not convinced this is really the right thing to do...
scripts/makepkg.sh.in | 6 --
1 file changed, 6 deletions(-)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 7fa791e1..bfbf165b 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -316,12 +316,6 @@ resolve_deps() {
[[ -z $deplist ]] && return $R_DEPS_SATISFIED
fi
- msg "$(gettext "Missing dependencies:")"
- local dep
- for dep in ${deplist[@]}; do
- msg2 "$dep"
- done
-
return $R_DEPS_MISSING
}
--
2.25.0
