Re: [pacman-dev] [arch-general] Privilege separation in the pacman downloader (Was: Pacman Database Signatures)
On 2/4/20 11:08 PM, Eli Schwartz wrote: > Since I'm unfamiliar with apt and other tools, what exactly do they do? > Given pacman/apt/your-choice-of-package-manager must somehow write to a > cachedir, e.g. /var/cache/pacman/pkg, it would need a dedicated download > user, which would then exclusively hold ownership of the cachedir. > > pacman is one big binary at the moment, it doesn't fork+exec to run > collections of binaries implementing different parts of the package > manager (which is actually a plus when it comes to speed), so this might > entail major re-architecturing of that part of pacman. Doing it for > external XferCommand programs could be a start. > > Is this a topic you're interested in exploring? I've opened a feature request for this: https://bugs.archlinux.org/task/65401 -- Eli Schwartz Bug Wrangler and Trusted User signature.asc Description: OpenPGP digital signature
[pacman-dev] [PATCH] makepkg: drop duplicate reporting of missing dependencies
When pacman fails to satisfy deps, we might see output like the following: ==> Making package: spiderfoot 3.0-1 (Thu 06 Feb 2020 12:45:10 PM CET) ==> Checking runtime dependencies... ==> Installing missing dependencies... error: target not found: python-pygexf ==> ERROR: 'pacman' failed to install missing dependencies. ==> Missing dependencies: -> python-dnspython -> python-exifread -> python-cherrypy -> python-beautifulsoup4 -> python-netaddr -> python-pysocks -> python-ipwhois -> python-ipaddress -> python-phonenumbers -> python-pypdf2 -> python-stem -> python-whois -> python-future -> python-pyopenssl -> python-docx -> python-pptx -> python-networkx -> python-cryptography -> python-secure -> python-pygexf -> python-adblockparser ==> Checking buildtime dependencies... ==> ERROR: Could not resolve all dependencies. This is misleading -- the only truly missing package is python-pygexf, but we fail to remove sync-able deps from our deplist and report everything as if it were missing. Simply drop this extra reporting because pacman already tells us exactly what couldn't be resolved. --- I thought about trying to make this accurate and diff the lists -- something like: mapfile -t deplist < <(printf '%s\n' "${deplist}" | grep -vxFf <(run_pacman -Ssq)) but I'm not convinced this is really the right thing to do... scripts/makepkg.sh.in | 6 -- 1 file changed, 6 deletions(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 7fa791e1..bfbf165b 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -316,12 +316,6 @@ resolve_deps() { [[ -z $deplist ]] && return $R_DEPS_SATISFIED fi - msg "$(gettext "Missing dependencies:")" - local dep - for dep in ${deplist[@]}; do - msg2 "$dep" - done - return $R_DEPS_MISSING } -- 2.25.0