termux · fornwall · Dec 28, 2015 · Dec 23, 2015 · Dec 24, 2015 · Dec 24, 2015
@@ -0,0 +1,70 @@
+# HEAVILY adapted from archlinux PKGBUILD
+pkgname=pacman
+pkgver=4.2.1
+
+TERMUX_PKG_HOMEPAGE=https://www.archlinux.org/pacman/
+TERMUX_PKG_DESCRIPTION="A library-based package manager with dependency support"
+TERMUX_PKG_VERSION=$pkgver
+
+#FIXME: asciidoc, fakechroot/fakeroot
+TERMUX_PKG_DEPENDS="bash, glib, libarchive, curl, gpgme, python2, libandroid-glob, libandroid-support"
+
+TERMUX_PKG_SRCURL="https://sources.archlinux.org/other/pacman/$pkgname-$pkgver.tar.gz"
+TERMUX_PKG_BUILD_IN_SRC=yes
+TERMUX_PKG_MAINTAINER="Francisco Demartino <[email protected]>"
+
+TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--prefix=$TERMUX_PREFIX --sysconfdir=$TERMUX_PREFIX/etc"
+TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" --localstatedir=$TERMUX_PREFIX/var --enable-doc "
+TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" --with-scriptlet-shell=/usr/bin/bash"
+
+
+export LDFLAGS="$LDFLAGS -llog -landroid-glob"
+
+termux_step_make () {
+  make
+  make -C contrib
+  # make -C "$pkgname-$pkgver" check
+}
+
+#package() {
+termux_step_make_install () {
+
+  make install
+  make -C contrib install
+
+  # install Arch specific stuff
+  install -dm755 "$TERMUX_PREFIX/etc"
+  install -m644 "$TERMUX_PKG_BUILDER_DIR/pacman.conf" "$TERMUX_PREFIX/etc/pacman.conf"
+
+  case $TERMUX_ARCH in
+    i686)
+      mycarch="i686"
+      mychost="i686-pc-linux-gnu"
+      myflags="-march=i686"
+      ;;
+    arm)
+      mycarch="arm"
+      mychost="arm-unknown-linux-gnu"
+      myflags="-march=arm"
+      ;;
+  esac
+
+  # set things correctly in the default conf file
+  install -m644 "$TERMUX_PKG_BUILDER_DIR/makepkg.conf" "$TERMUX_PREFIX/etc"
+  sed -i "$TERMUX_PREFIX/etc/makepkg.conf" \
+    -e "s|@CARCH[@]|$mycarch|g" \
+    -e "s|@CHOST[@]|$mychost|g" \
+    -e "s|@CARCHFLAGS[@]|$myflags|g"
+
+  # FIXME bash_completion
+  # # put bash_completion in the right location
+  # install -dm755 "$TERMUX_PREFIX/share/bash-completion/completions"
+  # mv "$TERMUX_PREFIX/etc/bash_completion.d/pacman" "$TERMUX_PREFIX/share/bash-completion/completions"
+  # rmdir "$TERMUX_PREFIX/etc/bash_completion.d"
+
+  # for f in makepkg pacman-key; do
+  #   ln -s pacman "$TERMUX_PREFIX/share/bash-completion/completions/$f"
+  # done
+
+  install -Dm644 contrib/PKGBUILD.vim "$TERMUX_PREFIX/share/vim/vimfiles/syntax/PKGBUILD.vim"
+}
@@ -0,0 +1,60 @@
+From deac9731884a83ad91eab9f27b288f406f56c87b Mon Sep 17 00:00:00 2001
+From: Levente Polyak <[email protected]>
+Date: Sat, 18 Jul 2015 17:58:23 +0200
+Subject: [PATCH] ensure matching database and package version
+
+While loading each package ensure that the internal version matches the
+expected database version to avoid the possibility to circumvent the
+version check.
+This issue can be used by an attacker to trick the software into
+installing an older version. The behavior can be  exploited by a
+man-in-the-middle attack through specially crafted  database tarball
+containing a higher version, yet actually delivering an  older and
+vulnerable version, which was previously shipped.
+
+Signed-off-by: Levente Polyak <[email protected]>
+Signed-off-by: Remi Gacogne <[email protected]>
+Signed-off-by: Allan McRae <[email protected]>
+---
+ lib/libalpm/sync.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
+index 888ae15..e843b07 100644
+--- a/lib/libalpm/sync.c
++++ b/lib/libalpm/sync.c
+@@ -1212,6 +1212,7 @@ static int load_packages(alpm_handle_t *handle, alpm_list_t **data,
+ 	EVENT(handle, &event);
+
+ 	for(i = handle->trans->add; i; i = i->next, current++) {
++		int error = 0;
+ 		alpm_pkg_t *spkg = i->data;
+ 		char *filepath;
+ 		int percent = (int)(((double)current_bytes / total_bytes) * 100);
+@@ -1232,6 +1233,23 @@ static int load_packages(alpm_handle_t *handle, alpm_list_t **data,
+ 				spkg->name);
+ 		alpm_pkg_t *pkgfile =_alpm_pkg_load_internal(handle, filepath, 1);
+ 		if(!pkgfile) {
++			_alpm_log(handle, ALPM_LOG_DEBUG, "failed to load pkgfile internal\n");
++			error = 1;
++		} else {
++			if(strcmp(spkg->name, pkgfile->name) != 0) {
++				_alpm_log(handle, ALPM_LOG_DEBUG,
++						"internal package name mismatch, expected: '%s', actual: '%s'\n",
++						spkg->name, pkgfile->name);
++				error = 1;
++			}
++			if(strcmp(spkg->version, pkgfile->version) != 0) {
++				_alpm_log(handle, ALPM_LOG_DEBUG,
++						"internal package version mismatch, expected: '%s', actual: '%s'\n",
++						spkg->version, pkgfile->version);
++				error = 1;
++			}
++		}
++		if(error != 0) {
+ 			errors++;
+ 			*data = alpm_list_add(*data, strdup(spkg->filename));
+ 			free(filepath);
+-- 
+2.4.6
+
@@ -0,0 +1,146 @@
+#
+# /etc/makepkg.conf
+#
+
+#########################################################################
+# SOURCE ACQUISITION
+#########################################################################
+#
+#-- The download utilities that makepkg should use to acquire sources
+#  Format: 'protocol::agent'
+DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+          'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'rsync::/usr/bin/rsync --no-motd -z %u %o'
+          'scp::/usr/bin/scp -C %u %o')
+
+# Other common tools:
+# /usr/bin/snarf
+# /usr/bin/lftpget -c
+# /usr/bin/wget
+
+#-- The package required by makepkg to download VCS sources
+#  Format: 'protocol::package'
+VCSCLIENTS=('bzr::bzr'
+            'git::git'
+            'hg::mercurial'
+            'svn::subversion')
+
+#########################################################################
+# ARCHITECTURE, COMPILE FLAGS
+#########################################################################
+#
+CARCH="@CARCH@"
+CHOST="@CHOST@"
+
+#-- Compiler and Linker Flags
+# -march (or -mcpu) builds exclusively for an architecture
+# -mtune optimizes for an architecture, but builds for whole processor family
+CPPFLAGS="-D_FORTIFY_SOURCE=2"
+CFLAGS="@CARCHFLAGS@ -mtune=generic -O2 -pipe -fstack-protector-strong"
+CXXFLAGS="@CARCHFLAGS@ -mtune=generic -O2 -pipe -fstack-protector-strong"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
+#-- Make Flags: change this for DistCC/SMP systems
+#MAKEFLAGS="-j2"
+#-- Debugging flags
+DEBUG_CFLAGS="-g -fvar-tracking-assignments"
+DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
+
+#########################################################################
+# BUILD ENVIRONMENT
+#########################################################################
+#
+# Defaults: BUILDENV=(!distcc color !ccache check !sign)
+#  A negated environment option will do the opposite of the comments below.
+#
+#-- distcc:   Use the Distributed C/C++/ObjC compiler
+#-- color:    Colorize output messages
+#-- ccache:   Use ccache to cache compilation
+#-- check:    Run the check() function if present in the PKGBUILD
+#-- sign:     Generate PGP signature file
+#
+BUILDENV=(!distcc color !ccache check !sign)
+#
+#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
+#-- specify a space-delimited list of hosts running in the DistCC cluster.
+#DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
+
+#########################################################################
+# GLOBAL PACKAGE OPTIONS
+#   These are default values for the options=() settings
+#########################################################################
+#
+# Default: OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
+#  A negated option will do the opposite of the comments below.
+#
+#-- strip:      Strip symbols from binaries/libraries
+#-- docs:       Save doc directories specified by DOC_DIRS
+#-- libtool:    Leave libtool (.la) files in packages
+#-- staticlibs: Leave static library (.a) files in packages
+#-- emptydirs:  Leave empty directories in packages
+#-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
+#-- purge:      Remove files specified by PURGE_TARGETS
+#-- upx:        Compress binary executable files using UPX
+#-- debug:      Add debugging flags as specified in DEBUG_* variables
+#
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
+
+#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
+INTEGRITY_CHECK=(md5)
+#-- Options to be used when stripping binaries. See `man strip' for details.
+STRIP_BINARIES="--strip-all"
+#-- Options to be used when stripping shared libraries. See `man strip' for details.
+STRIP_SHARED="--strip-unneeded"
+#-- Options to be used when stripping static libraries. See `man strip' for details.
+STRIP_STATIC="--strip-debug"
+#-- Manual (man and info) directories to compress (if zipman is specified)
+MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
+#-- Doc directories to remove (if !docs is specified)
+DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
+#-- Files to be removed from all packages (if purge is specified)
+PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
+
+#########################################################################
+# PACKAGE OUTPUT
+#########################################################################
+#
+# Default: put built package and cached source in build directory
+#
+#-- Destination: specify a fixed directory where all packages will be placed
+#PKGDEST=/home/packages
+#-- Source cache: specify a fixed directory where source files will be cached
+#SRCDEST=/home/sources
+#-- Source packages: specify a fixed directory where all src packages will be placed
+#SRCPKGDEST=/home/srcpackages
+#-- Log files: specify a fixed directory where all log files will be placed
+#LOGDEST=/home/makepkglogs
+#-- Packager: name/email of the person or organization building packages
+#PACKAGER="John Doe <[email protected]>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
+
+#########################################################################
+# COMPRESSION DEFAULTS
+#########################################################################
+#
+COMPRESSGZ=(gzip -c -f -n)
+COMPRESSBZ2=(bzip2 -c -f)
+COMPRESSXZ=(xz -c -z -)
+COMPRESSLRZ=(lrzip -q)
+COMPRESSLZO=(lzop -q)
+COMPRESSZ=(compress -c -f)
+
+#########################################################################
+# EXTENSION DEFAULTS
+#########################################################################
+#
+# WARNING: Do NOT modify these variables unless you know what you are
+#          doing.
+#
+PKGEXT='.pkg.tar.xz'
+SRCEXT='.src.tar.gz'
+
+# vim: set ft=sh ts=2 sw=2 et:
@@ -0,0 +1,90 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+#UseDelta    = 0.7
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+#TotalDownload
+CheckSpace
+#VerbosePkgLists
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+#[community-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs
@@ -0,0 +1,12 @@
+--- ./src/pacman/pacman.c	2015-12-23 19:50:37.093132801 -0300
++++ ./src/pacman/pacman.c	2015-12-23 23:30:17.986469980 -0300
+@@ -1128,7 +1128,8 @@
+ 			} while(c != EOF);
+
+ 			free(line);
+-			if(!freopen(ctermid(NULL), "r", stdin)) {
++			//if(!freopen(ctermid(NULL), "r", stdin)) {
++			if(!freopen("/dev/tty", "r", stdin)) { // HACK termux doesn't have ctermid()
+ 				pm_printf(ALPM_LOG_ERROR, _("failed to reopen stdin for reading: (%s)\n"),
+ 						strerror(errno));
+ 			}