Fredrik Fornwall
9 years ago
5 changed files with 378 additions and 0 deletions
@ -0,0 +1,70 @@ |
|||
# HEAVILY adapted from archlinux PKGBUILD |
|||
pkgname=pacman |
|||
pkgver=4.2.1 |
|||
|
|||
TERMUX_PKG_HOMEPAGE=https://www.archlinux.org/pacman/ |
|||
TERMUX_PKG_DESCRIPTION="A library-based package manager with dependency support" |
|||
TERMUX_PKG_VERSION=$pkgver |
|||
|
|||
#FIXME: asciidoc, fakechroot/fakeroot |
|||
TERMUX_PKG_DEPENDS="bash, glib, libarchive, curl, gpgme, python2, libandroid-glob, libandroid-support" |
|||
|
|||
TERMUX_PKG_SRCURL="https://sources.archlinux.org/other/pacman/$pkgname-$pkgver.tar.gz" |
|||
TERMUX_PKG_BUILD_IN_SRC=yes |
|||
TERMUX_PKG_MAINTAINER="Francisco Demartino <demartino.francisco@gmail.com>" |
|||
|
|||
TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--prefix=$TERMUX_PREFIX --sysconfdir=$TERMUX_PREFIX/etc" |
|||
TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" --localstatedir=$TERMUX_PREFIX/var --enable-doc " |
|||
TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" --with-scriptlet-shell=/usr/bin/bash" |
|||
|
|||
|
|||
export LDFLAGS="$LDFLAGS -llog -landroid-glob" |
|||
|
|||
termux_step_make () { |
|||
make |
|||
make -C contrib |
|||
# make -C "$pkgname-$pkgver" check |
|||
} |
|||
|
|||
#package() { |
|||
termux_step_make_install () { |
|||
|
|||
make install |
|||
make -C contrib install |
|||
|
|||
# install Arch specific stuff |
|||
install -dm755 "$TERMUX_PREFIX/etc" |
|||
install -m644 "$TERMUX_PKG_BUILDER_DIR/pacman.conf" "$TERMUX_PREFIX/etc/pacman.conf" |
|||
|
|||
case $TERMUX_ARCH in |
|||
i686) |
|||
mycarch="i686" |
|||
mychost="i686-pc-linux-gnu" |
|||
myflags="-march=i686" |
|||
;; |
|||
arm) |
|||
mycarch="arm" |
|||
mychost="arm-unknown-linux-gnu" |
|||
myflags="-march=arm" |
|||
;; |
|||
esac |
|||
|
|||
# set things correctly in the default conf file |
|||
install -m644 "$TERMUX_PKG_BUILDER_DIR/makepkg.conf" "$TERMUX_PREFIX/etc" |
|||
sed -i "$TERMUX_PREFIX/etc/makepkg.conf" \ |
|||
-e "s|@CARCH[@]|$mycarch|g" \ |
|||
-e "s|@CHOST[@]|$mychost|g" \ |
|||
-e "s|@CARCHFLAGS[@]|$myflags|g" |
|||
|
|||
# FIXME bash_completion |
|||
# # put bash_completion in the right location |
|||
# install -dm755 "$TERMUX_PREFIX/share/bash-completion/completions" |
|||
# mv "$TERMUX_PREFIX/etc/bash_completion.d/pacman" "$TERMUX_PREFIX/share/bash-completion/completions" |
|||
# rmdir "$TERMUX_PREFIX/etc/bash_completion.d" |
|||
|
|||
# for f in makepkg pacman-key; do |
|||
# ln -s pacman "$TERMUX_PREFIX/share/bash-completion/completions/$f" |
|||
# done |
|||
|
|||
install -Dm644 contrib/PKGBUILD.vim "$TERMUX_PREFIX/share/vim/vimfiles/syntax/PKGBUILD.vim" |
|||
} |
@ -0,0 +1,60 @@ |
|||
From deac9731884a83ad91eab9f27b288f406f56c87b Mon Sep 17 00:00:00 2001 |
|||
From: Levente Polyak <anthraxx@archlinux.org> |
|||
Date: Sat, 18 Jul 2015 17:58:23 +0200 |
|||
Subject: [PATCH] ensure matching database and package version |
|||
|
|||
While loading each package ensure that the internal version matches the |
|||
expected database version to avoid the possibility to circumvent the |
|||
version check. |
|||
This issue can be used by an attacker to trick the software into |
|||
installing an older version. The behavior can be exploited by a |
|||
man-in-the-middle attack through specially crafted database tarball |
|||
containing a higher version, yet actually delivering an older and |
|||
vulnerable version, which was previously shipped. |
|||
|
|||
Signed-off-by: Levente Polyak <anthraxx@archlinux.org> |
|||
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org> |
|||
Signed-off-by: Allan McRae <allan@archlinux.org> |
|||
---
|
|||
lib/libalpm/sync.c | 18 ++++++++++++++++++ |
|||
1 file changed, 18 insertions(+) |
|||
|
|||
diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
|
|||
index 888ae15..e843b07 100644
|
|||
--- a/lib/libalpm/sync.c
|
|||
+++ b/lib/libalpm/sync.c
|
|||
@@ -1212,6 +1212,7 @@ static int load_packages(alpm_handle_t *handle, alpm_list_t **data,
|
|||
EVENT(handle, &event); |
|||
|
|||
for(i = handle->trans->add; i; i = i->next, current++) { |
|||
+ int error = 0;
|
|||
alpm_pkg_t *spkg = i->data; |
|||
char *filepath; |
|||
int percent = (int)(((double)current_bytes / total_bytes) * 100); |
|||
@@ -1232,6 +1233,23 @@ static int load_packages(alpm_handle_t *handle, alpm_list_t **data,
|
|||
spkg->name); |
|||
alpm_pkg_t *pkgfile =_alpm_pkg_load_internal(handle, filepath, 1); |
|||
if(!pkgfile) { |
|||
+ _alpm_log(handle, ALPM_LOG_DEBUG, "failed to load pkgfile internal\n");
|
|||
+ error = 1;
|
|||
+ } else {
|
|||
+ if(strcmp(spkg->name, pkgfile->name) != 0) {
|
|||
+ _alpm_log(handle, ALPM_LOG_DEBUG,
|
|||
+ "internal package name mismatch, expected: '%s', actual: '%s'\n",
|
|||
+ spkg->name, pkgfile->name);
|
|||
+ error = 1;
|
|||
+ }
|
|||
+ if(strcmp(spkg->version, pkgfile->version) != 0) {
|
|||
+ _alpm_log(handle, ALPM_LOG_DEBUG,
|
|||
+ "internal package version mismatch, expected: '%s', actual: '%s'\n",
|
|||
+ spkg->version, pkgfile->version);
|
|||
+ error = 1;
|
|||
+ }
|
|||
+ }
|
|||
+ if(error != 0) {
|
|||
errors++; |
|||
*data = alpm_list_add(*data, strdup(spkg->filename)); |
|||
free(filepath); |
|||
--
|
|||
2.4.6 |
|||
|
@ -0,0 +1,146 @@ |
|||
# |
|||
# /etc/makepkg.conf |
|||
# |
|||
|
|||
######################################################################### |
|||
# SOURCE ACQUISITION |
|||
######################################################################### |
|||
# |
|||
#-- The download utilities that makepkg should use to acquire sources |
|||
# Format: 'protocol::agent' |
|||
DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u' |
|||
'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u' |
|||
'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u' |
|||
'rsync::/usr/bin/rsync --no-motd -z %u %o' |
|||
'scp::/usr/bin/scp -C %u %o') |
|||
|
|||
# Other common tools: |
|||
# /usr/bin/snarf |
|||
# /usr/bin/lftpget -c |
|||
# /usr/bin/wget |
|||
|
|||
#-- The package required by makepkg to download VCS sources |
|||
# Format: 'protocol::package' |
|||
VCSCLIENTS=('bzr::bzr' |
|||
'git::git' |
|||
'hg::mercurial' |
|||
'svn::subversion') |
|||
|
|||
######################################################################### |
|||
# ARCHITECTURE, COMPILE FLAGS |
|||
######################################################################### |
|||
# |
|||
CARCH="@CARCH@" |
|||
CHOST="@CHOST@" |
|||
|
|||
#-- Compiler and Linker Flags |
|||
# -march (or -mcpu) builds exclusively for an architecture |
|||
# -mtune optimizes for an architecture, but builds for whole processor family |
|||
CPPFLAGS="-D_FORTIFY_SOURCE=2" |
|||
CFLAGS="@CARCHFLAGS@ -mtune=generic -O2 -pipe -fstack-protector-strong" |
|||
CXXFLAGS="@CARCHFLAGS@ -mtune=generic -O2 -pipe -fstack-protector-strong" |
|||
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro" |
|||
#-- Make Flags: change this for DistCC/SMP systems |
|||
#MAKEFLAGS="-j2" |
|||
#-- Debugging flags |
|||
DEBUG_CFLAGS="-g -fvar-tracking-assignments" |
|||
DEBUG_CXXFLAGS="-g -fvar-tracking-assignments" |
|||
|
|||
######################################################################### |
|||
# BUILD ENVIRONMENT |
|||
######################################################################### |
|||
# |
|||
# Defaults: BUILDENV=(!distcc color !ccache check !sign) |
|||
# A negated environment option will do the opposite of the comments below. |
|||
# |
|||
#-- distcc: Use the Distributed C/C++/ObjC compiler |
|||
#-- color: Colorize output messages |
|||
#-- ccache: Use ccache to cache compilation |
|||
#-- check: Run the check() function if present in the PKGBUILD |
|||
#-- sign: Generate PGP signature file |
|||
# |
|||
BUILDENV=(!distcc color !ccache check !sign) |
|||
# |
|||
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition, |
|||
#-- specify a space-delimited list of hosts running in the DistCC cluster. |
|||
#DISTCC_HOSTS="" |
|||
# |
|||
#-- Specify a directory for package building. |
|||
#BUILDDIR=/tmp/makepkg |
|||
|
|||
######################################################################### |
|||
# GLOBAL PACKAGE OPTIONS |
|||
# These are default values for the options=() settings |
|||
######################################################################### |
|||
# |
|||
# Default: OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug) |
|||
# A negated option will do the opposite of the comments below. |
|||
# |
|||
#-- strip: Strip symbols from binaries/libraries |
|||
#-- docs: Save doc directories specified by DOC_DIRS |
|||
#-- libtool: Leave libtool (.la) files in packages |
|||
#-- staticlibs: Leave static library (.a) files in packages |
|||
#-- emptydirs: Leave empty directories in packages |
|||
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip |
|||
#-- purge: Remove files specified by PURGE_TARGETS |
|||
#-- upx: Compress binary executable files using UPX |
|||
#-- debug: Add debugging flags as specified in DEBUG_* variables |
|||
# |
|||
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug) |
|||
|
|||
#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512 |
|||
INTEGRITY_CHECK=(md5) |
|||
#-- Options to be used when stripping binaries. See `man strip' for details. |
|||
STRIP_BINARIES="--strip-all" |
|||
#-- Options to be used when stripping shared libraries. See `man strip' for details. |
|||
STRIP_SHARED="--strip-unneeded" |
|||
#-- Options to be used when stripping static libraries. See `man strip' for details. |
|||
STRIP_STATIC="--strip-debug" |
|||
#-- Manual (man and info) directories to compress (if zipman is specified) |
|||
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info}) |
|||
#-- Doc directories to remove (if !docs is specified) |
|||
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc}) |
|||
#-- Files to be removed from all packages (if purge is specified) |
|||
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod) |
|||
|
|||
######################################################################### |
|||
# PACKAGE OUTPUT |
|||
######################################################################### |
|||
# |
|||
# Default: put built package and cached source in build directory |
|||
# |
|||
#-- Destination: specify a fixed directory where all packages will be placed |
|||
#PKGDEST=/home/packages |
|||
#-- Source cache: specify a fixed directory where source files will be cached |
|||
#SRCDEST=/home/sources |
|||
#-- Source packages: specify a fixed directory where all src packages will be placed |
|||
#SRCPKGDEST=/home/srcpackages |
|||
#-- Log files: specify a fixed directory where all log files will be placed |
|||
#LOGDEST=/home/makepkglogs |
|||
#-- Packager: name/email of the person or organization building packages |
|||
#PACKAGER="John Doe <john@doe.com>" |
|||
#-- Specify a key to use for package signing |
|||
#GPGKEY="" |
|||
|
|||
######################################################################### |
|||
# COMPRESSION DEFAULTS |
|||
######################################################################### |
|||
# |
|||
COMPRESSGZ=(gzip -c -f -n) |
|||
COMPRESSBZ2=(bzip2 -c -f) |
|||
COMPRESSXZ=(xz -c -z -) |
|||
COMPRESSLRZ=(lrzip -q) |
|||
COMPRESSLZO=(lzop -q) |
|||
COMPRESSZ=(compress -c -f) |
|||
|
|||
######################################################################### |
|||
# EXTENSION DEFAULTS |
|||
######################################################################### |
|||
# |
|||
# WARNING: Do NOT modify these variables unless you know what you are |
|||
# doing. |
|||
# |
|||
PKGEXT='.pkg.tar.xz' |
|||
SRCEXT='.src.tar.gz' |
|||
|
|||
# vim: set ft=sh ts=2 sw=2 et: |
@ -0,0 +1,90 @@ |
|||
# |
|||
# /etc/pacman.conf |
|||
# |
|||
# See the pacman.conf(5) manpage for option and repository directives |
|||
|
|||
# |
|||
# GENERAL OPTIONS |
|||
# |
|||
[options] |
|||
# The following paths are commented out with their default values listed. |
|||
# If you wish to use different paths, uncomment and update the paths. |
|||
#RootDir = / |
|||
#DBPath = /var/lib/pacman/ |
|||
#CacheDir = /var/cache/pacman/pkg/ |
|||
#LogFile = /var/log/pacman.log |
|||
#GPGDir = /etc/pacman.d/gnupg/ |
|||
HoldPkg = pacman glibc |
|||
#XferCommand = /usr/bin/curl -C - -f %u > %o |
|||
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u |
|||
#CleanMethod = KeepInstalled |
|||
#UseDelta = 0.7 |
|||
Architecture = auto |
|||
|
|||
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup |
|||
#IgnorePkg = |
|||
#IgnoreGroup = |
|||
|
|||
#NoUpgrade = |
|||
#NoExtract = |
|||
|
|||
# Misc options |
|||
#UseSyslog |
|||
#Color |
|||
#TotalDownload |
|||
CheckSpace |
|||
#VerbosePkgLists |
|||
|
|||
# By default, pacman accepts packages signed by keys that its local keyring |
|||
# trusts (see pacman-key and its man page), as well as unsigned packages. |
|||
SigLevel = Required DatabaseOptional |
|||
LocalFileSigLevel = Optional |
|||
#RemoteFileSigLevel = Required |
|||
|
|||
# NOTE: You must run `pacman-key --init` before first using pacman; the local |
|||
# keyring can then be populated with the keys of all official Arch Linux |
|||
# packagers with `pacman-key --populate archlinux`. |
|||
|
|||
# |
|||
# REPOSITORIES |
|||
# - can be defined here or included from another file |
|||
# - pacman will search repositories in the order defined here |
|||
# - local/custom mirrors can be added here or in separate files |
|||
# - repositories listed first will take precedence when packages |
|||
# have identical names, regardless of version number |
|||
# - URLs will have $repo replaced by the name of the current repo |
|||
# - URLs will have $arch replaced by the name of the architecture |
|||
# |
|||
# Repository entries are of the format: |
|||
# [repo-name] |
|||
# Server = ServerName |
|||
# Include = IncludePath |
|||
# |
|||
# The header [repo-name] is crucial - it must be present and |
|||
# uncommented to enable the repo. |
|||
# |
|||
|
|||
# The testing repositories are disabled by default. To enable, uncomment the |
|||
# repo name header and Include lines. You can add preferred servers immediately |
|||
# after the header, and they will be used before the default mirrors. |
|||
|
|||
#[testing] |
|||
#Include = /etc/pacman.d/mirrorlist |
|||
|
|||
[core] |
|||
Include = /etc/pacman.d/mirrorlist |
|||
|
|||
[extra] |
|||
Include = /etc/pacman.d/mirrorlist |
|||
|
|||
#[community-testing] |
|||
#Include = /etc/pacman.d/mirrorlist |
|||
|
|||
[community] |
|||
Include = /etc/pacman.d/mirrorlist |
|||
|
|||
# An example of a custom package repository. See the pacman manpage for |
|||
# tips on creating your own repositories. |
|||
#[custom] |
|||
#SigLevel = Optional TrustAll |
|||
#Server = file:///home/custompkgs |
@ -0,0 +1,12 @@ |
|||
--- ./src/pacman/pacman.c 2015-12-23 19:50:37.093132801 -0300
|
|||
+++ ./src/pacman/pacman.c 2015-12-23 23:30:17.986469980 -0300
|
|||
@@ -1128,7 +1128,8 @@
|
|||
} while(c != EOF); |
|||
|
|||
free(line); |
|||
- if(!freopen(ctermid(NULL), "r", stdin)) {
|
|||
+ //if(!freopen(ctermid(NULL), "r", stdin)) {
|
|||
+ if(!freopen("/dev/tty", "r", stdin)) { // HACK termux doesn't have ctermid()
|
|||
pm_printf(ALPM_LOG_ERROR, _("failed to reopen stdin for reading: (%s)\n"), |
|||
strerror(errno)); |
|||
} |
Loading…
Reference in new issue