Restrict use of DownloadUser to during download

This removes the requirement for the DownloadUser to own DBPath/sync and
CacheDir.  Instead, files to be downloaded to are touched before switching
user, and then moved into place at the end of downloading.

Signed-off-by: Allan McRae <allan@archlinux.org>

.gitlab-ci.yml

@@ -16,6 +16,10 @@ default:
       python
       fakeroot fakechroot
       meson
+  artifacts:
+      when: always
+      paths:
+        - build/meson-logs/meson-log.txt
 
 arch:
   extends: .arch-test

build-aux/script-wrapper.sh.in

@@ -3,4 +3,4 @@
 # This script serves as a trampoline for running scripts which depend on
 # libmakepkg with the libmakepkg within the build tree.
 
-LIBRARY=@BUILDDIR@/libmakepkg exec @BASH@ -$- @REAL_PROGPATH@ "$@"
+MAKEPKG_LIBRARY=@BUILDDIR@/libmakepkg exec @BASH@ -$- @REAL_PROGPATH@ "$@"

doc/Doxyfile.in

@@ -169,7 +169,6 @@ HTML_EXTRA_FILES       =
 HTML_COLORSTYLE_HUE    = 220
 HTML_COLORSTYLE_SAT    = 100
 HTML_COLORSTYLE_GAMMA  = 80
-HTML_TIMESTAMP         = YES
 HTML_DYNAMIC_MENUS     = YES
 HTML_DYNAMIC_SECTIONS  = NO
 HTML_INDEX_NUM_ENTRIES = 100
@@ -239,7 +238,6 @@ USE_PDFLATEX           = NO
 LATEX_BATCHMODE        = NO
 LATEX_HIDE_INDICES     = NO
 LATEX_BIB_STYLE        = plain
-LATEX_TIMESTAMP        = NO
 LATEX_EMOJI_DIRECTORY  =
 #---------------------------------------------------------------------------
 # Configuration options related to the RTF output

doc/PKGBUILD-example.txt

@@ -12,8 +12,8 @@ depends=('glibc')
 makedepends=('ed')
 optdepends=('ed: for "patch -e" functionality')
 source=("ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig})
-md5sums=('e9ae5393426d3ad783a300a338c09b72'
-         'SKIP')
+sha256sums=('9124ba46db0abd873d0995c2ca880e81252676bb6c03e0a37dfc5f608a9b0ceb'
+            'SKIP')
 
 build() {
 	cd "$srcdir/$pkgname-$pkgver"

doc/PKGBUILD.5.asciidoc

@@ -336,6 +336,13 @@ function.
 	the optional functions listed below. The packaging stage is run using
 	fakeroot to ensure correct file permissions in the resulting package.
 	All other functions will be run as the user calling makepkg.
+	This function is run inside `$srcdir`.
+
+*verify() Function*::
+	An optional `verify()` function can be specified to implement arbitrary
+	source authentication. The function should return a non-zero exit code when
+	verification fails. This function is run before sources are extracted.
+	This function is run inside `$startdir`.
 
 *prepare() Function*::
 	An optional `prepare()` function can be specified in which operations to
@@ -343,16 +350,19 @@ function.
 	function is run after the source extraction and before the `build()`
 	function. The `prepare()` function is skipped when source extraction
 	is skipped.
+	This function is run inside `$srcdir`.
 
 *build() Function*::
 	The optional `build()` function is used to compile and/or adjust the source
 	files in preparation to be installed by the `package()` function.
+	This function is run inside `$srcdir`.
 
 *check() Function*::
 	An optional `check()` function can be specified in which a package's
 	test-suite may be run. This function is run between the `build()` and
 	`package()` functions. Be sure any exotic commands used are covered by the
 	`checkdepends` array.
+	This function is run inside `$srcdir`.
 
 All of the above variables such as `$pkgname` and `$pkgver` are available for
 use in the packaging functions. In addition, makepkg defines the following
@@ -362,7 +372,6 @@ variables:
 	This contains the directory where makepkg extracts, or copies, all source
 	files.
 +
-All of the packaging functions defined above are run starting inside `$srcdir`
 
 *pkgdir*::
 	This contains the directory where makepkg bundles the installed package.
@@ -464,6 +473,9 @@ Currently makepkg supports the Bazaar, Git, Subversion, Fossil and Mercurial
 version control systems. For other version control systems, manual cloning of
 upstream repositories must be done in the `prepare()` function.
 
+Some <<VCS,VCS Sources>> like Git support pinning the checkout by a checksum of
+its content using deterministic export functionality like ``git archive''.
+
 The source URL is divided into four components:
 
 *directory*::

doc/footer.asciidoc

@@ -18,7 +18,6 @@ Current maintainers:
 
 * Allan McRae <allan@archlinux.org>
 * Andrew Gregory <andrew.gregory.8@gmail.com>
-* Eli Schwartz <eschwartz@archlinux.org>
 * Morgan Adamiec <morganamilo@archlinux.org>
 
 Past major contributors:
@@ -30,6 +29,7 @@ Past major contributors:
 * Xavier Chantry <shiningxc@gmail.com>
 * Nagy Gabor <ngaba@bibl.u-szeged.hu>
 * Dave Reisner <dreisner@archlinux.org>
+* Eli Schwartz <eschwartz@archlinux.org>
 
 For additional contributors, use `git shortlog -s` on the pacman.git
 repository.

doc/makepkg-template.1.asciidoc

@@ -85,7 +85,7 @@ Example PKGBUILD
 	license=('PerlArtistic' 'GPL')
 	depends=('perl')
 	source=("http://search.cpan.org/CPAN/authors/id/S/SH/SHERZODR/Config-Simple-${pkgver}.tar.gz")
-	md5sums=('f014aec54f0a1e2e880d317180fce502')
+	sha256sums=('dd9995706f0f9384a15ccffe116c3b6e22f42ba2e58d8f24ed03c4a0e386edb4')
 	_distname="Config-Simple"
 
 	# template start; name=perl-module; version=1.0;

doc/makepkg.8.asciidoc

@@ -146,6 +146,9 @@ Options
 *-C, \--cleanbuild*::
 	Remove the $srcdir before building the package.
 
+*-D* <dir>, *\--dir* <dir> ::
+	Change to directory <dir> before reading the PKGBUILD or doing anything else.
+	
 *\--allsource*::
 	Do not actually build the package, but build a source-only tarball that
 	includes all sources, including those that are normally downloaded via
@@ -168,6 +171,9 @@ Options
 *\--noprepare*::
 	Do not run the prepare() function in the PKGBUILD.
 
+*\--noverify*::
+	Do not run the verify() function in the PKGBUILD.
+
 *\--sign*::
 	Sign the resulting package with gpg, overriding the setting in
 	linkman:makepkg.conf[5].
@@ -227,6 +233,9 @@ before building.
 
 Environment Variables
 ---------------------
+**MAKEPKG_LIBRARY**="/path/to/directory"::
+	Use an alternative libmakepkg path instead of the {libmakepkgdir} default.
+
 **PACMAN**::
 	The command that will be used to check for missing dependencies and to
 	install and remove packages. Pacman's '-Qq', '-Rns', '-S', '-T', and '-U'

doc/meson.build

@@ -35,6 +35,7 @@ asciidoc_opts = [
  '-a', 'sysconfdir=@0@'.format(SYSCONFDIR),
  '-a', 'datarootdir=@0@'.format(DATAROOTDIR),
  '-a', 'rootdir=@0@'.format(ROOTDIR),
+ '-a', 'libmakepkgdir=@0@'.format(LIBMAKEPKGDIR),
 ]
 
 html_targets = []

doc/pacman.8.asciidoc

@@ -237,10 +237,12 @@ Transaction Options (apply to '-S', '-R' and '-U')
 	Specify a printf-like format to control the output of the '\--print'
 	operation. The possible attributes are: "%a" for arch, "%b" for
 	builddate, "%d" for description, "%e" for pkgbase, "%f" for filename,
-	"%g" for base64 encoded PGP signature, "%h" for sha256sum, "%n" for
-	pkgname, "%p" for packager, "%v" for pkgver, "%l" for location, "%r"
-	for repository, "%s" for size, "%C" for checkdepends, "%D" for depends
-	and "%M" for makedepends.
+	"%g" for base64 encoded PGP signature, "%h" for sha256sum, "%m" for
+	md5sum, "%n" for pkgname, "%p" for packager, "%v" for pkgver, "%l" for
+	location, "%r" for repository, "%s" for size, "%C" for checkdepends,
+	"%D" for depends, "%G" for groups, "%H" for conflicts, "%L" for
+	licenses, "%M" for makedepends, "%O" for optional depends, "%P" for
+	provides and "%R" for replaces.
 	Implies '\--print'.
 
 
@@ -454,11 +456,11 @@ Additional targets can also be specified manually, so that '-Su foo' will do a
 system upgrade and install/upgrade the "foo" package in the same operation.
 
 *-y, \--refresh*::
-	Download a fresh copy of the master package database from the server(s)
-	defined in linkman:pacman.conf[5]. This should typically be used each time
-	you use	'\--sysupgrade' or '-u'. Passing two '\--refresh' or '-y' flags
-	will force a refresh of all package databases, even if they appear to be
-	up-to-date.
+	Download a fresh copy of the master package databases '(repo.db)' from the
+	server(s) defined in linkman:pacman.conf[5]. This should typically be used
+	each time you use '\--sysupgrade' or '-u'. Passing two '\--refresh' or '-y'
+	flags will force a refresh of all package databases, even if they appear to
+	be up-to-date.
 
 
 Database Options (apply to '-D')[[QO]]
@@ -487,8 +489,8 @@ Database Options (apply to '-D')[[QO]]
 File Options (apply to '-F')[[FO]]
 ----------------------------------
 *-y, --refresh*::
-	Download fresh package databases from the server. Use twice to force a
-	refresh even if databases are up to date.
+	Download fresh package file databases '(repo.files)' from the server.
+	Use twice to force a refresh even if databases are up to date.
 
 *-l, \--list*::
 	List the files owned by the queried package.

doc/pacman.conf.5.asciidoc

@@ -207,6 +207,10 @@ Options
 	positive integer. If this config option is not set then only one download
 	stream is used (i.e. downloads happen sequentially).
 
+*DownloadUser =* username::
+	Specifies the user to switch to for downloading files. If this config
+	option is not set then the downloads are done as the user running pacman.
+
 
 Repository Sections
 -------------------
@@ -240,6 +244,12 @@ number.
 	general configuration options. Wildcards in the specified paths will get
 	expanded based on linkman:glob[7] rules.
 
+*CacheServer =* url::
+	A full URL to a location where the packages, and signatures (if
+	available) for this repository can be found.  Cache servers will be tried
+	before any non-cache servers, will not be removed from the server pool for
+	404 download errors, and will not be used for database files.
+
 *Server =* url::
 	A full URL to a location where the database, packages, and signatures (if
 	available) for this repository can be found.

etc/makepkg.conf.in

@@ -23,7 +23,7 @@ DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
 
 #-- The package required by makepkg to download VCS sources
 #  Format: 'protocol::package'
-VCSCLIENTS=('bzr::bzr'
+VCSCLIENTS=('bzr::breezy'
             'fossil::fossil'
             'git::git'
             'hg::mercurial'

lib/libalpm/add.c

@@ -262,7 +262,7 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive,
 					"filesystem: %o  package: %o\n"), filename, lsbuf.st_mode & mask,
 					entrymode & mask);
 			alpm_logaction(handle, ALPM_CALLER_PREFIX,
-					"warning: directory permissions differ on %s\n"
+					"warning: directory permissions differ on %s, "
 					"filesystem: %o  package: %o\n", filename, lsbuf.st_mode & mask,
 					entrymode & mask);
 		}
@@ -277,7 +277,7 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive,
 					"filesystem: %u:%u  package: %u:%u\n"), filename,
 					lsbuf.st_uid, lsbuf.st_gid, entryuid, entrygid);
 			alpm_logaction(handle, ALPM_CALLER_PREFIX,
-					"warning: directory ownership differs on %s\n"
+					"warning: directory ownership differs on %s, "
 					"filesystem: %u:%u  package: %u:%u\n", filename,
 					lsbuf.st_uid, lsbuf.st_gid, entryuid, entrygid);
 		}
@@ -415,7 +415,7 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive,
 static int commit_single_pkg(alpm_handle_t *handle, alpm_pkg_t *newpkg,
 		size_t pkg_current, size_t pkg_count)
 {
-	int i, ret = 0, errors = 0;
+	int ret = 0, errors = 0;
 	int is_upgrade = 0;
 	alpm_pkg_t *oldpkg = NULL;
 	alpm_db_t *db = handle->db_local;
@@ -538,7 +538,7 @@ static int commit_single_pkg(alpm_handle_t *handle, alpm_pkg_t *newpkg,
 		/* call PROGRESS once with 0 percent, as we sort-of skip that here */
 		PROGRESS(handle, progress, newpkg->name, 0, pkg_count, pkg_current);
 
-		for(i = 0; archive_read_next_header(archive, &entry) == ARCHIVE_OK; i++) {
+		while(archive_read_next_header(archive, &entry) == ARCHIVE_OK) {
 			int percent;
 
 			if(newpkg->size != 0) {

lib/libalpm/alpm.c

@@ -93,34 +93,16 @@ cleanup:
 	return NULL;
 }
 
+/* check current state and free all resources including storage locks */
 int SYMEXPORT alpm_release(alpm_handle_t *myhandle)
 {
-	int ret = 0;
-	alpm_db_t *db;
-
 	CHECK_HANDLE(myhandle, return -1);
-
-	/* close local database */
-	db = myhandle->db_local;
-	if(db) {
-		db->ops->unregister(db);
-		myhandle->db_local = NULL;
-	}
-
-	if(alpm_unregister_all_syncdbs(myhandle) == -1) {
-		ret = -1;
-	}
-
-#ifdef HAVE_LIBCURL
-	curl_multi_cleanup(myhandle->curlm);
-	curl_global_cleanup();
-	FREELIST(myhandle->server_errors);
-#endif
+	ASSERT(myhandle->trans == NULL, RET_ERR(myhandle, ALPM_ERR_TRANS_NOT_NULL, -1));
 
 	_alpm_handle_unlock(myhandle);
 	_alpm_handle_free(myhandle);
 
-	return ret;
+	return 0;
 }
 
 const char SYMEXPORT *alpm_version(void)

lib/libalpm/alpm.h

@@ -488,7 +488,7 @@ typedef struct _alpm_siglist_t {
  * Check the PGP signature for the given package file.
  * @param pkg the package to check
  * @param siglist a pointer to storage for signature results
- * @return a int value : 0 (valid), 1 (invalid), -1 (an error occurred)
+ * @return 0 if valid, -1 if an error occurred or signature is invalid
  */
 int alpm_pkg_check_pgp_signature(alpm_pkg_t *pkg, alpm_siglist_t *siglist);
 
@@ -496,7 +496,7 @@ int alpm_pkg_check_pgp_signature(alpm_pkg_t *pkg, alpm_siglist_t *siglist);
  * Check the PGP signature for the given database.
  * @param db the database to check
  * @param siglist a pointer to storage for signature results
- * @return a int value : 0 (valid), 1 (invalid), -1 (an error occurred)
+ * @return 0 if valid, -1 if an error occurred or signature is invalid
  */
 int alpm_db_check_pgp_signature(alpm_db_t *db, alpm_siglist_t *siglist);
 
@@ -600,16 +600,10 @@ typedef struct _alpm_depmissing_t {
 
 /** A conflict that has occurred between two packages. */
 typedef struct _alpm_conflict_t {
-	/** Hash of the first package name
-	 * (used internally to speed up conflict checks) */
-	unsigned long package1_hash;
-	/** Hash of the second package name
-	 * (used internally to speed up conflict checks) */
-	unsigned long package2_hash;
-	/** Name of the first package */
-	char *package1;
-	/** Name of the second package */
-	char *package2;
+	/** The first package */
+	alpm_pkg_t *package1;
+	/** The second package */
+	alpm_pkg_t *package2;
 	/** The conflict */
 	alpm_depend_t *reason;
 } alpm_conflict_t;
@@ -1349,6 +1343,34 @@ int alpm_db_add_server(alpm_db_t *db, const char *url);
  */
 int alpm_db_remove_server(alpm_db_t *db, const char *url);
 
+/** Get the list of cache servers assigned to this db.
+ * @param db pointer to the database to get the servers from
+ * @return a char* list of servers
+ */
+alpm_list_t *alpm_db_get_cache_servers(const alpm_db_t *db);
+
+/** Sets the list of cache servers for the database to use.
+ * @param db the database to set the servers. The list will be duped and
+ * the original will still need to be freed by the caller.
+ * @param servers a char* list of servers.
+ */
+int alpm_db_set_cache_servers(alpm_db_t *db, alpm_list_t *servers);
+
+/** Add a download cache server to a database.
+ * @param db database pointer
+ * @param url url of the server
+ * @return 0 on success, -1 on error (pm_errno is set accordingly)
+ */
+int alpm_db_add_cache_server(alpm_db_t *db, const char *url);
+
+/** Remove a download cache server from a database.
+ * @param db database pointer
+ * @param url url of the server
+ * @return 0 on success, 1 on server not present,
+ * -1 on error (pm_errno is set accordingly)
+ */
+int alpm_db_remove_cache_server(alpm_db_t *db, const char *url);
+
 /* End of server accessors */
 /** @} */
 
@@ -1848,6 +1870,28 @@ int alpm_option_set_gpgdir(alpm_handle_t *handle, const char *gpgdir);
 /** @} */
 
 
+/** @name Accessors for use sandboxuser
+ *
+ *  This controls the user that libalpm will use for sensitive operations like
+ *  downloading files.
+ * @{
+ */
+
+/** Returns the user to switch to for sensitive operations.
+ * @return the user name
+ */
+const char *alpm_option_get_sandboxuser(alpm_handle_t *handle);
+
+/** Sets the user to switch to for sensitive operations.
+ * @param handle the context handle
+ * @param sandboxuser the user to set
+ */
+int alpm_option_set_sandboxuser(alpm_handle_t *handle, const char *sandboxuser);
+
+/* End of sandboxuser accessors */
+/** @} */
+
+
 /** @name Accessors for use syslog
  *
  * This controls whether libalpm will also use the syslog. Even if this option
@@ -2907,6 +2951,12 @@ const char *alpm_version(void);
  * */
 int alpm_capabilities(void);
 
+/** Drop privileges by switching to a different user.
+ * @param sandboxuser the user to switch to
+ * @return 0 on success, -1 on failure
+ */
+int alpm_sandbox_setup_child(const char *sandboxuser);
+
 /* End of libalpm_misc */
 /** @} */
 

lib/libalpm/alpm_list.c

@@ -417,6 +417,7 @@ alpm_list_t SYMEXPORT *alpm_list_reverse(alpm_list_t *list)
 	while(lp) {
 		if(alpm_list_append(&newlist, lp->data) == NULL) {
 			alpm_list_free(newlist);
+			list->prev = backup;
 			return NULL;
 		}
 		lp = lp->prev;

lib/libalpm/be_local.c

@@ -250,7 +250,6 @@ static int _cache_changelog_close(const alpm_pkg_t UNUSED *pkg, void *fp)
  */
 static struct archive *_cache_mtree_open(alpm_pkg_t *pkg)
 {
-	int r;
 	struct archive *mtree;
 
 	alpm_db_t *db = alpm_pkg_get_db(pkg);
@@ -268,7 +267,7 @@ static struct archive *_cache_mtree_open(alpm_pkg_t *pkg)
 	_alpm_archive_read_support_filter_all(mtree);
 	archive_read_support_format_mtree(mtree);
 
-	if((r = _alpm_archive_read_open_file(mtree, mtfile, ALPM_BUFFER_SIZE))) {
+	if(_alpm_archive_read_open_file(mtree, mtfile, ALPM_BUFFER_SIZE)) {
 		_alpm_log(pkg->handle, ALPM_LOG_ERROR, _("error while reading file %s: %s\n"),
 					mtfile, archive_error_string(mtree));
 		_alpm_archive_read_free(mtree);

lib/libalpm/be_package.c

@@ -683,9 +683,7 @@ pkg_invalid:
 error:
 	_alpm_pkg_free(newpkg);
 	_alpm_archive_read_free(archive);
-	if(fd >= 0) {
-		close(fd);
-	}
+	close(fd);
 
 	return NULL;
 }

lib/libalpm/be_sync.c

@@ -189,6 +189,18 @@ int SYMEXPORT alpm_db_update(alpm_handle_t *handle, alpm_list_t *dbs, int force)
 		MALLOC(payload->filepath, len,
 			FREE(payload); GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
 		snprintf(payload->filepath, len, "%s%s", db->treename, dbext);
+
+		STRDUP(payload->remote_name, payload->filepath,
+			_alpm_dload_payload_reset(payload); FREE(payload);
+			GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
+		payload->destfile_name = _alpm_get_fullpath(syncpath, payload->remote_name, "");
+		payload->tempfile_name = _alpm_get_fullpath(syncpath, payload->remote_name, ".part");
+		if(!payload->destfile_name || !payload->tempfile_name) {
+			_alpm_dload_payload_reset(payload);
+			FREE(payload);
+			GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup);
+		}
+
 		payload->handle = handle;
 		payload->force = dbforce;
 		payload->unlink_on_fail = 1;

lib/libalpm/conflict.c

@@ -50,10 +50,8 @@ static alpm_conflict_t *conflict_new(alpm_pkg_t *pkg1, alpm_pkg_t *pkg2,
 
 	CALLOC(conflict, 1, sizeof(alpm_conflict_t), return NULL);
 
-	conflict->package1_hash = pkg1->name_hash;
-	conflict->package2_hash = pkg2->name_hash;
-	STRDUP(conflict->package1, pkg1->name, goto error);
-	STRDUP(conflict->package2, pkg2->name, goto error);
+	ASSERT(_alpm_pkg_dup(pkg1, &conflict->package1) == 0, goto error);
+	ASSERT(_alpm_pkg_dup(pkg2, &conflict->package2) == 0, goto error);
 	conflict->reason = reason;
 
 	return conflict;
@@ -66,8 +64,9 @@ error:
 void SYMEXPORT alpm_conflict_free(alpm_conflict_t *conflict)
 {
 	ASSERT(conflict != NULL, return);
-	FREE(conflict->package2);
-	FREE(conflict->package1);
+	_alpm_pkg_free(conflict->package1);
+	_alpm_pkg_free(conflict->package2);
+
 	FREE(conflict);
 }
 
@@ -79,10 +78,8 @@ alpm_conflict_t *_alpm_conflict_dup(const alpm_conflict_t *conflict)
 	alpm_conflict_t *newconflict;
 	CALLOC(newconflict, 1, sizeof(alpm_conflict_t), return NULL);
 
-	newconflict->package1_hash = conflict->package1_hash;
-	newconflict->package2_hash = conflict->package2_hash;
-	STRDUP(newconflict->package1, conflict->package1, goto error);
-	STRDUP(newconflict->package2, conflict->package2, goto error);
+	ASSERT(_alpm_pkg_dup(conflict->package1, &newconflict->package1) == 0, goto error);
+	ASSERT(_alpm_pkg_dup(conflict->package2, &newconflict->package2) == 0, goto error);
 	newconflict->reason = conflict->reason;
 
 	return newconflict;
@@ -105,10 +102,10 @@ static int conflict_isin(alpm_conflict_t *needle, alpm_list_t *haystack)
 	alpm_list_t *i;
 	for(i = haystack; i; i = i->next) {
 		alpm_conflict_t *conflict = i->data;
-		if(needle->package1_hash == conflict->package1_hash
-				&& needle->package2_hash == conflict->package2_hash
-				&& strcmp(needle->package1, conflict->package1) == 0
-				&& strcmp(needle->package2, conflict->package2) == 0) {
+		if(needle->package1->name_hash == conflict->package1->name_hash
+				&& needle->package2->name_hash == conflict->package2->name_hash
+				&& strcmp(needle->package1->name, conflict->package1->name) == 0
+				&& strcmp(needle->package2->name, conflict->package2->name) == 0) {
 			return 1;
 		}
 	}

lib/libalpm/db.c

@@ -131,6 +131,26 @@ int SYMEXPORT alpm_db_unregister(alpm_db_t *db)
 	return 0;
 }
 
+alpm_list_t SYMEXPORT *alpm_db_get_cache_servers(const alpm_db_t *db)
+{
+	ASSERT(db != NULL, return NULL);
+	return db->cache_servers;
+}
+
+int SYMEXPORT alpm_db_set_cache_servers(alpm_db_t *db, alpm_list_t *cache_servers)
+{
+	alpm_list_t *i;
+	ASSERT(db != NULL, return -1);
+	FREELIST(db->cache_servers);
+	for(i = cache_servers; i; i = i->next) {
+		char *url = i->data;
+		if(alpm_db_add_cache_server(db, url) != 0) {
+			return -1;
+		}
+	}
+	return 0;
+}
+
 alpm_list_t SYMEXPORT *alpm_db_get_servers(const alpm_db_t *db)
 {
 	ASSERT(db != NULL, return NULL);
@@ -164,6 +184,25 @@ static char *sanitize_url(const char *url)
 	return newurl;
 }
 
+int SYMEXPORT alpm_db_add_cache_server(alpm_db_t *db, const char *url)
+{
+	char *newurl;
+
+	/* Sanity checks */
+	ASSERT(db != NULL, return -1);
+	db->handle->pm_errno = ALPM_ERR_OK;
+	ASSERT(url != NULL && strlen(url) != 0, RET_ERR(db->handle, ALPM_ERR_WRONG_ARGS, -1));
+
+	newurl = sanitize_url(url);
+	ASSERT(newurl != NULL, RET_ERR(db->handle, ALPM_ERR_MEMORY, -1));
+
+	db->cache_servers = alpm_list_add(db->cache_servers, newurl);
+	_alpm_log(db->handle, ALPM_LOG_DEBUG, "adding new cache server URL to database '%s': %s\n",
+			db->treename, newurl);
+
+	return 0;
+}
+
 int SYMEXPORT alpm_db_add_server(alpm_db_t *db, const char *url)
 {
 	char *newurl;
@@ -174,9 +213,8 @@ int SYMEXPORT alpm_db_add_server(alpm_db_t *db, const char *url)
 	ASSERT(url != NULL && strlen(url) != 0, RET_ERR(db->handle, ALPM_ERR_WRONG_ARGS, -1));
 
 	newurl = sanitize_url(url);
-	if(!newurl) {
-		return -1;
-	}
+	ASSERT(newurl != NULL, RET_ERR(db->handle, ALPM_ERR_MEMORY, -1));
+
 	db->servers = alpm_list_add(db->servers, newurl);
 	_alpm_log(db->handle, ALPM_LOG_DEBUG, "adding new server URL to database '%s': %s\n",
 			db->treename, newurl);
@@ -184,6 +222,32 @@ int SYMEXPORT alpm_db_add_server(alpm_db_t *db, const char *url)
 	return 0;
 }
 
+int SYMEXPORT alpm_db_remove_cache_server(alpm_db_t *db, const char *url)
+{
+	char *newurl, *vdata = NULL;
+	int ret = 1;
+
+	/* Sanity checks */
+	ASSERT(db != NULL, return -1);
+	db->handle->pm_errno = ALPM_ERR_OK;
+	ASSERT(url != NULL && strlen(url) != 0, RET_ERR(db->handle, ALPM_ERR_WRONG_ARGS, -1));
+
+	newurl = sanitize_url(url);
+	ASSERT(newurl != NULL, RET_ERR(db->handle, ALPM_ERR_MEMORY, -1));
+
+	db->cache_servers = alpm_list_remove_str(db->cache_servers, newurl, &vdata);
+
+	if(vdata) {
+		_alpm_log(db->handle, ALPM_LOG_DEBUG, "removed cache server URL from database '%s': %s\n",
+				db->treename, newurl);
+		free(vdata);
+		ret = 0;
+	}
+
+	free(newurl);
+	return ret;
+}
+
 int SYMEXPORT alpm_db_remove_server(alpm_db_t *db, const char *url)
 {
 	char *newurl, *vdata = NULL;
@@ -195,9 +259,7 @@ int SYMEXPORT alpm_db_remove_server(alpm_db_t *db, const char *url)
 	ASSERT(url != NULL && strlen(url) != 0, RET_ERR(db->handle, ALPM_ERR_WRONG_ARGS, -1));
 
 	newurl = sanitize_url(url);
-	if(!newurl) {
-		return -1;
-	}
+	ASSERT(newurl != NULL, RET_ERR(db->handle, ALPM_ERR_MEMORY, -1));
 
 	db->servers = alpm_list_remove_str(db->servers, newurl, &vdata);
 
@@ -328,6 +390,7 @@ void _alpm_db_free(alpm_db_t *db)
 	/* cleanup pkgcache */
 	_alpm_db_free_pkgcache(db);
 	/* cleanup server list */
+	FREELIST(db->cache_servers);
 	FREELIST(db->servers);
 	FREE(db->_path);
 	FREE(db->treename);

lib/libalpm/db.h

@@ -69,6 +69,7 @@ struct _alpm_db_t {
 	char *_path;
 	alpm_pkghash_t *pkgcache;
 	alpm_list_t *grpcache;
+	alpm_list_t *cache_servers;
 	alpm_list_t *servers;
 	const struct db_operations *ops;
 

lib/libalpm/diskspace.c

@@ -111,6 +111,10 @@ static alpm_list_t *mount_point_list(alpm_handle_t *handle)
 	}
 
 	while((mnt = getmntent(fp))) {
+		if(mnt->mnt_dir == NULL) {
+			continue;
+		}
+
 		CALLOC(mp, 1, sizeof(alpm_mountpoint_t), RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		STRDUP(mp->mount_dir, mnt->mnt_dir, free(mp); RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		mp->mount_dir_len = strlen(mp->mount_dir);
@@ -134,6 +138,10 @@ static alpm_list_t *mount_point_list(alpm_handle_t *handle)
 	}
 
 	while((ret = getmntent(fp, &mnt)) == 0) {
+		if(mnt->mnt_mountp == NULL) {
+			continue;
+		}
+
 		CALLOC(mp, 1, sizeof(alpm_mountpoint_t), RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		STRDUP(mp->mount_dir, mnt->mnt_mountp,  free(mp); RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		mp->mount_dir_len = strlen(mp->mount_dir);
@@ -161,6 +169,10 @@ static alpm_list_t *mount_point_list(alpm_handle_t *handle)
 	}
 
 	for(; entries-- > 0; fsp++) {
+		if(fsp->f_mntonname == NULL) {
+			continue;
+		}
+
 		CALLOC(mp, 1, sizeof(alpm_mountpoint_t), RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		STRDUP(mp->mount_dir, fsp->f_mntonname, free(mp); RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		mp->mount_dir_len = strlen(mp->mount_dir);

lib/libalpm/dload.c

@@ -28,7 +28,9 @@
 #include <sys/time.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/wait.h>
 #include <signal.h>
+#include <pwd.h>
 
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h> /* IPPROTO_TCP */
@@ -48,6 +50,145 @@
 #include "log.h"
 #include "util.h"
 #include "handle.h"
+#include "sandbox.h"
+
+
+static const char *get_filename(const char *url)
+{
+	char *filename = strrchr(url, '/');
+	if(filename != NULL) {
+		return filename + 1;
+	}
+
+	/* no slash found, it's a filename */
+	return url;
+}
+
+/* prefix to avoid possible future clash with getumask(3) */
+static mode_t _getumask(void)
+{
+	mode_t mask = umask(0);
+	umask(mask);
+	return mask;
+}
+
+static int touch_and_own_file(const char *filename, const char *user)
+{
+	int fd;
+	struct passwd const *pw = NULL;
+
+	ASSERT(filename != NULL, return -1);
+	ASSERT(user != NULL, return -1);
+
+	ASSERT((fd = open(filename, O_CREAT | O_WRONLY, 0644)) != -1, return -1);
+	close(fd);
+
+	ASSERT((pw = getpwnam(user)) != NULL, return -1);
+	ASSERT(chown(filename, pw->pw_uid, pw->pw_gid) != -1, return -1);
+
+	return 0;
+}
+
+static int intialize_download_file(struct dload_payload *p)
+{
+	int ret = 0;
+
+	ret = touch_and_own_file(p->tempfile_name, p->handle->sandboxuser);
+
+	if(ret == 0 && p->download_signature) {
+		int len = strlen(p->destfile_name) + strlen(".sig") + strlen(".part") + 1;
+		char * sig;
+		MALLOC(sig, len, FREE(sig); RET_ERR(p->handle, ALPM_ERR_MEMORY, -1));
+		snprintf(sig, len, "%s.sig.part", p->destfile_name);
+		ret = touch_and_own_file(sig, p->handle->sandboxuser);
+		free(sig);
+	}
+
+	return ret;
+}
+
+static int unlink_or_move(const char *file, const char* dest) {
+	struct stat st;
+
+	ASSERT(stat(file, &st) == 0, return -1);
+
+	if(st.st_size == 0) {
+		unlink(file);
+	} else {
+		ASSERT(chown(file, 0, 0) != -1, return -1);
+		if(rename(file, dest)) {
+				return -1;
+		}
+	}
+
+	return 0;
+}
+
+static int finalize_download_file(struct dload_payload *p)
+{
+	int ret = 0;
+
+	ret = unlink_or_move(p->tempfile_name, p->destfile_name);
+
+	if(ret == -1) {
+		_alpm_log(p->handle, ALPM_LOG_ERROR, _("could not rename %s to %s (%s)\n"),
+			p->tempfile_name, p->destfile_name, strerror(errno));
+		return -1;
+	}
+
+	if(p->download_signature) {
+		char *sig_temp, *sig_dest;
+		int len = strlen(p->destfile_name) + strlen(".sig") + 1;
+		MALLOC(sig_dest, len, RET_ERR(p->handle, ALPM_ERR_MEMORY, -1));
+		snprintf(sig_dest, len, "%s.sig", p->destfile_name);
+		len = len + 5;
+		MALLOC(sig_temp, len, FREE(sig_dest); RET_ERR(p->handle, ALPM_ERR_MEMORY, -1));
+		snprintf(sig_temp, len, "%s.sig.part", p->destfile_name);
+
+		ret = unlink_or_move(sig_temp, sig_dest);
+		if(ret == -1) {
+			_alpm_log(p->handle, ALPM_LOG_ERROR, _("could not rename %s to %s (%s)\n"),
+				sig_temp, sig_dest, strerror(errno));
+		}
+
+		free(sig_dest);
+		free(sig_temp);
+	}
+
+	return ret;
+}
+
+static FILE *create_tempfile(struct dload_payload *payload, const char *localpath)
+{
+	int fd;
+	FILE *fp;
+	char *randpath;
+	size_t len;
+
+	/* create a random filename, which is opened with O_EXCL */
+	len = strlen(localpath) + 14 + 1;
+	MALLOC(randpath, len, RET_ERR(payload->handle, ALPM_ERR_MEMORY, NULL));
+	snprintf(randpath, len, "%salpmtmp.XXXXXX", localpath);
+	if((fd = mkstemp(randpath)) == -1 ||
+			fchmod(fd, ~(_getumask()) & 0666) ||
+			!(fp = fdopen(fd, payload->tempfile_openmode))) {
+		unlink(randpath);
+		close(fd);
+		_alpm_log(payload->handle, ALPM_LOG_ERROR,
+				_("failed to create temporary file for download\n"));
+		free(randpath);
+		return NULL;
+	}
+	/* fp now points to our alpmtmp.XXXXXX */
+	free(payload->tempfile_name);
+	payload->tempfile_name = randpath;
+	free(payload->remote_name);
+	STRDUP(payload->remote_name, strrchr(randpath, '/') + 1,
+			fclose(fp); RET_ERR(payload->handle, ALPM_ERR_MEMORY, NULL));
+
+	return fp;
+}
+
 
 #ifdef HAVE_LIBCURL
 
@@ -55,16 +196,16 @@
 #define HOSTNAME_SIZE 256
 
 static int curl_add_payload(alpm_handle_t *handle, CURLM *curlm,
-	struct dload_payload *payload, const char *localpath);
+	struct dload_payload *payload);
 static int curl_gethost(const char *url, char *buffer, size_t buf_len);
 
 /* number of "soft" errors required to blacklist a server, set to 0 to disable
  * server blacklisting */
-const unsigned int server_error_limit = 3;
+const int server_error_limit = 3;
 
 struct server_error_count {
 	char server[HOSTNAME_SIZE];
-	unsigned int errors;
+	int errors;
 };
 
 static struct server_error_count *find_server_errors(alpm_handle_t *handle, const char *server)
@@ -94,22 +235,34 @@ static struct server_error_count *find_server_errors(alpm_handle_t *handle, cons
 	}
 }
 
+/* skip for hard errors or too many soft errors */
 static int should_skip_server(alpm_handle_t *handle, const char *server)
 {
 	struct server_error_count *h;
 	if(server_error_limit && (h = find_server_errors(handle, server)) ) {
-		return h->errors >= server_error_limit;
+		return h->errors < 0 || h->errors >= server_error_limit;
 	}
 	return 0;
 }
 
-static void server_increment_error(alpm_handle_t *handle, const char *server, int count)
+/* only skip for hard errors */
+static int should_skip_cache_server(alpm_handle_t *handle, const char *server)
+{
+	struct server_error_count *h;
+	if(server_error_limit && (h = find_server_errors(handle, server)) ) {
+		return h->errors < 0;
+	}
+	return 0;
+}
+
+/* block normal servers after too many errors */
+static void server_soft_error(alpm_handle_t *handle, const char *server)
 {
 	struct server_error_count *h;
 	if(server_error_limit
 			&& (h = find_server_errors(handle, server))
 			&& !should_skip_server(handle, server) ) {
-		h->errors += count;
+		h->errors++;
 
 		if(should_skip_server(handle, server)) {
 			_alpm_log(handle, ALPM_LOG_WARNING,
@@ -119,37 +272,46 @@ static void server_increment_error(alpm_handle_t *handle, const char *server, in
 	}
 }
 
-static void server_soft_error(alpm_handle_t *handle, const char *server)
-{
-	server_increment_error(handle, server, 1);
-}
-
+/* immediate block for both servers and cache servers */
 static void server_hard_error(alpm_handle_t *handle, const char *server)
 {
-	server_increment_error(handle, server, server_error_limit);
-}
+	struct server_error_count *h;
+	if(server_error_limit && (h = find_server_errors(handle, server))) {
+		if(h->errors != -1) {
+			/* always set even if already skipped for soft errors
+			 * to disable cache servers too */
+			h->errors = -1;
 
-static const char *get_filename(const char *url)
-{
-	char *filename = strrchr(url, '/');
-	if(filename != NULL) {
-		return filename + 1;
+			_alpm_log(handle, ALPM_LOG_WARNING,
+					_("fatal error from %s, skipping for the remainder of this transaction\n"),
+					h->server);
+		}
 	}
-
-	/* no slash found, it's a filename */
-	return url;
 }
 
-static char *get_fullpath(const char *path, const char *filename,
-		const char *suffix)
+static const char *payload_next_server(struct dload_payload *payload)
 {
-	char *filepath;
-	/* len = localpath len + filename len + suffix len + null */
-	size_t len = strlen(path) + strlen(filename) + strlen(suffix) + 1;
-	MALLOC(filepath, len, return NULL);
-	snprintf(filepath, len, "%s%s%s", path, filename, suffix);
-
-	return filepath;
+	while(payload->cache_servers
+			&& should_skip_cache_server(payload->handle, payload->cache_servers->data)) {
+		payload->cache_servers = payload->cache_servers->next;
+	}
+	if(payload->cache_servers) {
+		const char *server = payload->cache_servers->data;
+		payload->cache_servers = payload->cache_servers->next;
+		payload->request_errors_ok = 1;
+		return server;
+	}
+	while(payload->servers
+			&& should_skip_server(payload->handle, payload->servers->data)) {
+		payload->servers = payload->servers->next;
+	}
+	if(payload->servers) {
+		const char *server = payload->servers->data;
+		payload->servers = payload->servers->next;
+		payload->request_errors_ok = payload->errors_ok;
+		return server;
+	}
+	return NULL;
 }
 
 enum {
@@ -262,45 +424,12 @@ static int utimes_long(const char *path, long seconds)
 	return 0;
 }
 
-/* prefix to avoid possible future clash with getumask(3) */
-static mode_t _getumask(void)
-{
-	mode_t mask = umask(0);
-	umask(mask);
-	return mask;
-}
-
 static size_t dload_parseheader_cb(void *ptr, size_t size, size_t nmemb, void *user)
 {
 	size_t realsize = size * nmemb;
-	const char *fptr, *endptr = NULL;
-	const char * const cd_header = "Content-Disposition:";
-	const char * const fn_key = "filename=";
 	struct dload_payload *payload = (struct dload_payload *)user;
 	long respcode;
-
-	if(_alpm_raw_ncmp(cd_header, ptr, strlen(cd_header)) == 0) {
-		if((fptr = strstr(ptr, fn_key))) {
-			fptr += strlen(fn_key);
-
-			/* find the end of the field, which is either a semi-colon, or the end of
-			 * the data. As per curl_easy_setopt(3), we cannot count on headers being
-			 * null terminated, so we look for the closing \r\n */
-			endptr = fptr + strcspn(fptr, ";\r\n") - 1;
-
-			/* remove quotes */
-			if(*fptr == '"' && *endptr == '"') {
-				fptr++;
-				endptr--;
-			}
-
-			/* avoid information leakage with badly formed headers */
-			if(endptr > fptr) {
-				STRNDUP(payload->content_disp_name, fptr, endptr - fptr + 1,
-						RET_ERR(payload->handle, ALPM_ERR_MEMORY, realsize));
-			}
-		}
-	}
+	(void) ptr;
 
 	curl_easy_getinfo(payload->curl, CURLINFO_RESPONSE_CODE, &respcode);
 	if(payload->respcode != respcode) {
@@ -374,55 +503,19 @@ static void curl_set_handle_opts(CURL *curl, struct dload_payload *payload)
 	}
 }
 
-static FILE *create_tempfile(struct dload_payload *payload, const char *localpath)
-{
-	int fd;
-	FILE *fp;
-	char *randpath;
-	size_t len;
-
-	/* create a random filename, which is opened with O_EXCL */
-	len = strlen(localpath) + 14 + 1;
-	MALLOC(randpath, len, RET_ERR(payload->handle, ALPM_ERR_MEMORY, NULL));
-	snprintf(randpath, len, "%salpmtmp.XXXXXX", localpath);
-	if((fd = mkstemp(randpath)) == -1 ||
-			fchmod(fd, ~(_getumask()) & 0666) ||
-			!(fp = fdopen(fd, payload->tempfile_openmode))) {
-		unlink(randpath);
-		close(fd);
-		_alpm_log(payload->handle, ALPM_LOG_ERROR,
-				_("failed to create temporary file for download\n"));
-		free(randpath);
-		return NULL;
-	}
-	/* fp now points to our alpmtmp.XXXXXX */
-	free(payload->tempfile_name);
-	payload->tempfile_name = randpath;
-	free(payload->remote_name);
-	STRDUP(payload->remote_name, strrchr(randpath, '/') + 1,
-			fclose(fp); RET_ERR(payload->handle, ALPM_ERR_MEMORY, NULL));
-
-	return fp;
-}
-
 /* Return 0 if retry was successful, -1 otherwise */
 static int curl_retry_next_server(CURLM *curlm, CURL *curl, struct dload_payload *payload)
 {
-	const char *server;
+	const char *server = NULL;
 	size_t len;
 	struct stat st;
 	alpm_handle_t *handle = payload->handle;
 
-	while(payload->servers && should_skip_server(handle, payload->servers->data)) {
-		payload->servers = payload->servers->next;
-	}
-	if(!payload->servers) {
+	if((server = payload_next_server(payload)) == NULL) {
 		_alpm_log(payload->handle, ALPM_LOG_DEBUG,
 				"%s: no more servers to retry\n", payload->remote_name);
 		return -1;
 	}
-	server = payload->servers->data;
-	payload->servers = payload->servers->next;
 
 	/* regenerate a new fileurl */
 	FREE(payload->fileurl);
@@ -433,7 +526,6 @@ static int curl_retry_next_server(CURLM *curlm, CURL *curl, struct dload_payload
 			"%s: retrying from %s\n",
 			payload->remote_name, payload->fileurl);
 
-
 	fflush(payload->localf);
 
 	if(payload->allow_resume && stat(payload->tempfile_name, &st) == 0) {
@@ -474,7 +566,7 @@ static int curl_retry_next_server(CURLM *curlm, CURL *curl, struct dload_payload
  * Returns -2 if an error happened for an optional file
  */
 static int curl_check_finished_download(alpm_handle_t *handle, CURLM *curlm, CURLMsg *msg,
-		const char *localpath, int *active_downloads_num)
+		int *active_downloads_num)
 {
 	struct dload_payload *payload = NULL;
 	CURL *curl = msg->easy_handle;
@@ -503,7 +595,7 @@ static int curl_check_finished_download(alpm_handle_t *handle, CURLM *curlm, CUR
 			_alpm_log(handle, ALPM_LOG_DEBUG, "%s: response code %ld\n",
 					payload->remote_name, payload->respcode);
 			if(payload->respcode >= 400) {
-				if(!payload->errors_ok) {
+				if(!payload->request_errors_ok) {
 					handle->pm_errno = ALPM_ERR_RETRIEVE;
 					/* non-translated message is same as libcurl */
 					snprintf(payload->error_buffer, sizeof(payload->error_buffer),
@@ -558,7 +650,7 @@ static int curl_check_finished_download(alpm_handle_t *handle, CURLM *curlm, CUR
 				goto cleanup;
 			}
 		default:
-			if(!payload->errors_ok) {
+			if(!payload->request_errors_ok) {
 				handle->pm_errno = ALPM_ERR_LIBCURL;
 				_alpm_log(handle, ALPM_LOG_ERROR,
 						_("failed retrieving file '%s' from %s : %s\n"),
@@ -588,31 +680,6 @@ static int curl_check_finished_download(alpm_handle_t *handle, CURLM *curlm, CUR
 	curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, &timecond);
 	curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &effective_url);
 
-	if(payload->trust_remote_name) {
-		if(payload->content_disp_name) {
-			/* content-disposition header has a better name for our file */
-			free(payload->destfile_name);
-			payload->destfile_name = get_fullpath(localpath,
-				get_filename(payload->content_disp_name), "");
-		} else {
-			const char *effective_filename = strrchr(effective_url, '/');
-
-			if(effective_filename && strlen(effective_filename) > 2) {
-				effective_filename++;
-
-				/* if destfile was never set, we wrote to a tempfile. even if destfile is
-				 * set, we may have followed some redirects and the effective url may
-				 * have a better suggestion as to what to name our file. in either case,
-				 * refactor destfile to this newly derived name. */
-				if(!payload->destfile_name || strcmp(effective_filename,
-							strrchr(payload->destfile_name, '/') + 1) != 0) {
-					free(payload->destfile_name);
-					payload->destfile_name = get_fullpath(localpath, effective_filename, "");
-				}
-			}
-		}
-	}
-
 	/* Let's check if client requested downloading accompanion *.sig file */
 	if(!payload->signature && payload->download_signature && curlerr == CURLE_OK && payload->respcode < 400) {
 		struct dload_payload *sig = NULL;
@@ -644,22 +711,23 @@ static int curl_check_finished_download(alpm_handle_t *handle, CURLM *curlm, CUR
 		MALLOC(sig->fileurl, len, FREE(sig); GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
 		snprintf(sig->fileurl, len, "%s.sig", url);
 
-		if(payload->trust_remote_name) {
-			/* In this case server might provide a new name for the main payload.
-			 * Choose *.sig filename based on this new name.
-			 */
-			const char *final_file = get_filename(realname);
-			int remote_name_len = strlen(final_file) + 5;
-			MALLOC(sig->remote_name, remote_name_len, FREE(sig->fileurl); FREE(sig); GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
-			snprintf(sig->remote_name, remote_name_len, "%s.sig", final_file);
-		}
+		int remote_name_len = strlen(payload->remote_name) + 5;
+		MALLOC(sig->remote_name, remote_name_len, _alpm_dload_payload_reset(sig);
+			FREE(sig); GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
+		snprintf(sig->remote_name, remote_name_len, "%s.sig", payload->remote_name);
 
 		/* force the filename to be realname + ".sig" */
 		int destfile_name_len = strlen(realname) + 5;
-		MALLOC(sig->destfile_name, destfile_name_len, FREE(sig->remote_name);
-				FREE(sig->fileurl); FREE(sig); GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
+		MALLOC(sig->destfile_name, destfile_name_len, _alpm_dload_payload_reset(sig);
+				FREE(sig); GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
 		snprintf(sig->destfile_name, destfile_name_len, "%s.sig", realname);
 
+		int tempfile_name_len = strlen(realname) + 10;
+		MALLOC(sig->tempfile_name, tempfile_name_len, _alpm_dload_payload_reset(sig);
+				FREE(sig); GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
+		snprintf(sig->tempfile_name, tempfile_name_len, "%s.sig.part", realname);
+
+
 		sig->signature = 1;
 		sig->handle = handle;
 		sig->force = payload->force;
@@ -668,7 +736,7 @@ static int curl_check_finished_download(alpm_handle_t *handle, CURLM *curlm, CUR
 		/* set hard upper limit of 16KiB */
 		sig->max_size = 16 * 1024;
 
-		curl_add_payload(handle, curlm, sig, localpath);
+		curl_add_payload(handle, curlm, sig);
 		(*active_downloads_num)++;
 	}
 
@@ -707,7 +775,7 @@ cleanup:
 	}
 
 	if(ret == 0) {
-		if(payload->destfile_name) {
+		if(payload->destfile_name && handle->sandboxuser == NULL) {
 			if(rename(payload->tempfile_name, payload->destfile_name)) {
 				_alpm_log(handle, ALPM_LOG_ERROR, _("could not rename %s to %s (%s)\n"),
 						payload->tempfile_name, payload->destfile_name, strerror(errno));
@@ -751,7 +819,7 @@ cleanup:
  * Returns -1 if am error happened while starting a new download
  */
 static int curl_add_payload(alpm_handle_t *handle, CURLM *curlm,
-		struct dload_payload *payload, const char *localpath)
+		struct dload_payload *payload)
 {
 	size_t len;
 	CURL *curl = NULL;
@@ -764,53 +832,24 @@ static int curl_add_payload(alpm_handle_t *handle, CURLM *curlm,
 	if(payload->fileurl) {
 		ASSERT(!payload->servers, GOTO_ERR(handle, ALPM_ERR_WRONG_ARGS, cleanup));
 		ASSERT(!payload->filepath, GOTO_ERR(handle, ALPM_ERR_WRONG_ARGS, cleanup));
+		payload->request_errors_ok = payload->errors_ok;
 	} else {
-		const char *server;
-		while(payload->servers && should_skip_server(handle, payload->servers->data)) {
-			payload->servers = payload->servers->next;
-		}
+		const char *server = payload_next_server(payload);
 
-		ASSERT(payload->servers, GOTO_ERR(handle, ALPM_ERR_SERVER_NONE, cleanup));
+		ASSERT(server, GOTO_ERR(handle, ALPM_ERR_SERVER_NONE, cleanup));
 		ASSERT(payload->filepath, GOTO_ERR(handle, ALPM_ERR_WRONG_ARGS, cleanup));
 
-		server = payload->servers->data;
-		payload->servers = payload->servers->next;
-
 		len = strlen(server) + strlen(payload->filepath) + 2;
 		MALLOC(payload->fileurl, len, GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
 		snprintf(payload->fileurl, len, "%s/%s", server, payload->filepath);
 	}
 
 	payload->tempfile_openmode = "wb";
-	if(!payload->remote_name) {
-		STRDUP(payload->remote_name, get_filename(payload->fileurl),
-			GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
-	}
 	if(curl_gethost(payload->fileurl, hostname, sizeof(hostname)) != 0) {
 		_alpm_log(handle, ALPM_LOG_ERROR, _("url '%s' is invalid\n"), payload->fileurl);
 		GOTO_ERR(handle, ALPM_ERR_SERVER_BAD_URL, cleanup);
 	}
 
-	if(!payload->random_partfile && payload->remote_name && strlen(payload->remote_name) > 0) {
-		if(!payload->destfile_name) {
-			payload->destfile_name = get_fullpath(localpath, payload->remote_name, "");
-		}
-		payload->tempfile_name = get_fullpath(localpath, payload->remote_name, ".part");
-		if(!payload->destfile_name || !payload->tempfile_name) {
-			goto cleanup;
-		}
-	} else {
-		/* We want a random filename or the URL does not contain a filename, so download to a
-		 * temporary location. We can not support resuming this kind of download; any partial
-		 * transfers will be destroyed */
-		payload->unlink_on_fail = 1;
-
-		payload->localf = create_tempfile(payload, localpath);
-		if(payload->localf == NULL) {
-			goto cleanup;
-		}
-	}
-
 	curl_set_handle_opts(curl, payload);
 
 	if(payload->max_size == payload->initial_size && payload->max_size != 0) {
@@ -868,8 +907,7 @@ static int compare_dload_payload_sizes(const void *left_ptr, const void *right_p
  * Returns 1 if no files were downloaded and all errors were non-fatal
  */
 static int curl_download_internal(alpm_handle_t *handle,
-		alpm_list_t *payloads /* struct dload_payload */,
-		const char *localpath)
+		alpm_list_t *payloads /* struct dload_payload */)
 {
 	int active_downloads_num = 0;
 	int err = 0;
@@ -887,7 +925,7 @@ static int curl_download_internal(alpm_handle_t *handle,
 		for(; active_downloads_num < max_streams && payloads; active_downloads_num++) {
 			struct dload_payload *payload = payloads->data;
 
-			if(curl_add_payload(handle, curlm, payload, localpath) == 0) {
+			if(curl_add_payload(handle, curlm, payload) == 0) {
 				payloads = payloads->next;
 			} else {
 				/* The payload failed to start. Do not start any new downloads.
@@ -918,7 +956,7 @@ static int curl_download_internal(alpm_handle_t *handle,
 			}
 			if(msg->msg == CURLMSG_DONE) {
 				int ret = curl_check_finished_download(handle, curlm, msg,
-						localpath, &active_downloads_num);
+						&active_downloads_num);
 				if(ret == -1) {
 					/* if current payload failed to download then stop adding new payloads but wait for the
 					 * current ones
@@ -938,8 +976,177 @@ static int curl_download_internal(alpm_handle_t *handle,
 	return err ? -1 : updated ? 0 : 1;
 }
 
+/* Download the requested files by launching a process inside a sandbox.
+ * Returns -1 if an error happened for a required file
+ * Returns 0 if a payload was actually downloaded
+ * Returns 1 if no files were downloaded and all errors were non-fatal
+ */
+static int curl_download_internal_sandboxed(alpm_handle_t *handle,
+		alpm_list_t *payloads /* struct dload_payload */,
+		const char *localpath)
+{
+	int pid, err = 0, ret = -1, callbacks_fd[2];
+	sigset_t oldblock;
+	struct sigaction sa_ign, oldint, oldquit;
+	_alpm_sandbox_callback_context callbacks_ctx;
+
+	sigemptyset(&sa_ign.sa_mask);
+	sa_ign.sa_handler = SIG_IGN;
+	sa_ign.sa_flags=0;
+
+	if(pipe(callbacks_fd) != 0) {
+		return -1;
+	}
+
+	sigaction(SIGINT, &sa_ign, &oldint);
+	sigaction(SIGQUIT, &sa_ign, &oldquit);
+	sigaddset(&sa_ign.sa_mask, SIGCHLD);
+	sigprocmask(SIG_BLOCK, &sa_ign.sa_mask, &oldblock);
+
+	pid = fork();
+	if(pid == -1) {
+		/* fork failed, make sure errno is preserved after cleanup */
+		err = errno;
+	}
+
+	/* child */
+	if(pid == 0) {
+		close(callbacks_fd[0]);
+		fcntl(callbacks_fd[1], F_SETFD, FD_CLOEXEC);
+		callbacks_ctx.callback_pipe = callbacks_fd[1];
+		alpm_option_set_logcb(handle, _alpm_sandbox_cb_log, &callbacks_ctx);
+		alpm_option_set_dlcb(handle, _alpm_sandbox_cb_dl, &callbacks_ctx);
+		alpm_option_set_fetchcb(handle, NULL, NULL);
+		alpm_option_set_eventcb(handle, NULL, NULL);
+		alpm_option_set_questioncb(handle, NULL, NULL);
+		alpm_option_set_progresscb(handle, NULL, NULL);
+
+		/* restore default signal handling in the child */
+		_alpm_reset_signals();
+
+		/* cwd to the download directory */
+		ret = chdir(localpath);
+		if(ret != 0) {
+			handle->pm_errno = errno;
+			_alpm_log(handle, ALPM_LOG_ERROR, _("could not chdir to download directory %s\n"), localpath);
+			ret = -1;
+		} else {
+			ret = alpm_sandbox_setup_child(handle->sandboxuser);
+			if (ret != 0) {
+				_alpm_log(handle, ALPM_LOG_ERROR, _("switching to sandbox user '%s' failed!\n"), handle->sandboxuser);
+				_Exit(ret | 128);
+			}
+
+			ret = curl_download_internal(handle, payloads);
+		}
+
+		/* pass the result back to the parent */
+		if(ret == 0) {
+			/* a payload was actually downloaded */
+			_Exit(0);
+		}
+		else if(ret == 1) {
+			/* no files were downloaded and all errors were non-fatal */
+			_Exit(handle->pm_errno);
+		}
+		else {
+			/* an error happened for a required file */
+			_Exit(handle->pm_errno | 128);
+		}
+	}
+
+	/* parent */
+	close(callbacks_fd[1]);
+
+	if(pid != -1)  {
+		bool had_error = false;
+		while(true) {
+			_alpm_sandbox_callback_t callback_type;
+			ssize_t got = read(callbacks_fd[0], &callback_type, sizeof(callback_type));
+			if(got < 0 || (size_t)got != sizeof(callback_type)) {
+				had_error = true;
+				break;
+			}
+
+			if(callback_type == ALPM_SANDBOX_CB_DOWNLOAD) {
+				if(!_alpm_sandbox_process_cb_download(handle, callbacks_fd[0])) {
+					had_error = true;
+					break;
+				}
+			}
+			else if(callback_type == ALPM_SANDBOX_CB_LOG) {
+				if(!_alpm_sandbox_process_cb_log(handle, callbacks_fd[0])) {
+					had_error = true;
+					break;
+				}
+			}
+		}
+
+
+		if(had_error) {
+			kill(pid, SIGTERM);
+		}
+
+		int wret;
+		while((wret = waitpid(pid, &ret, 0)) == -1 && errno == EINTR);
+		if(wret > 0) {
+			if(!WIFEXITED(ret)) {
+				/* the child did not terminate normally */
+				ret = -1;
+			}
+			else {
+				ret = WEXITSTATUS(ret);
+				if(ret != 0) {
+					if(ret & 128) {
+						/* an error happened for a required file, or unexpected exit status */
+						handle->pm_errno = ret & ~128;
+						ret = -1;
+					}
+					else {
+						handle->pm_errno = ret;
+						ret = 1;
+					}
+				}
+			}
+		}
+		else {
+			/* waitpid failed */
+			err = errno;
+		}
+	}
+
+	close(callbacks_fd[0]);
+
+	sigaction(SIGINT, &oldint, NULL);
+	sigaction(SIGQUIT, &oldquit, NULL);
+	sigprocmask(SIG_SETMASK, &oldblock, NULL);
+
+	if(err) {
+		errno = err;
+		ret = -1;
+	}
+  return ret;
+}
+
 #endif
 
+static int payload_download_fetchcb(struct dload_payload *payload,
+		const char *server, const char *localpath)
+{
+	int ret;
+	char *fileurl;
+	alpm_handle_t *handle = payload->handle;
+
+	size_t len = strlen(server) + strlen(payload->filepath) + 2;
+	MALLOC(fileurl, len, RET_ERR(handle, ALPM_ERR_MEMORY, -1));
+	snprintf(fileurl, len, "%s/%s", server, payload->filepath);
+
+	ret = handle->fetchcb(handle->fetchcb_ctx, fileurl, localpath, payload->force);
+	free(fileurl);
+
+	return ret;
+}
+
 /* Returns -1 if an error happened for a required file
  * Returns 0 if a payload was actually downloaded
  * Returns 1 if no files were downloaded and all errors were non-fatal
@@ -950,7 +1157,26 @@ int _alpm_download(alpm_handle_t *handle,
 {
 	if(handle->fetchcb == NULL) {
 #ifdef HAVE_LIBCURL
-		return curl_download_internal(handle, payloads, localpath);
+		if(handle->sandboxuser) {
+			int ret = 0;
+			alpm_list_t *i;
+
+			for(i = payloads; i; i = i->next) {
+				struct dload_payload *p = i->data;
+				intialize_download_file(p);
+			}
+
+			ret = curl_download_internal_sandboxed(handle, payloads, localpath);
+
+			for(i = payloads; i; i = i->next) {
+				struct dload_payload *p = i->data;
+				finalize_download_file(p);
+			}
+
+			return ret;
+		} else {
+			return curl_download_internal(handle, payloads);
+		}
 #else
 		RET_ERR(handle, ALPM_ERR_EXTERNAL_DOWNLOAD, -1);
 #endif
@@ -965,16 +1191,11 @@ int _alpm_download(alpm_handle_t *handle,
 			if(payload->fileurl) {
 				ret = handle->fetchcb(handle->fetchcb_ctx, payload->fileurl, localpath, payload->force);
 			} else {
+				for(s = payload->cache_servers; s && ret == -1; s = s->next) {
+					ret = payload_download_fetchcb(payload, s->data, localpath);
+				}
 				for(s = payload->servers; s && ret == -1; s = s->next) {
-					const char *server = s->data;
-					char *fileurl;
-
-					size_t len = strlen(server) + strlen(payload->filepath) + 2;
-					MALLOC(fileurl, len, RET_ERR(handle, ALPM_ERR_MEMORY, -1));
-					snprintf(fileurl, len, "%s/%s", server, payload->filepath);
-
-					ret = handle->fetchcb(handle->fetchcb_ctx, fileurl, localpath, payload->force);
-					free(fileurl);
+					ret = payload_download_fetchcb(payload, s->data, localpath);
 				}
 			}
 
@@ -1034,16 +1255,34 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
 			CALLOC(payload, 1, sizeof(*payload), GOTO_ERR(handle, ALPM_ERR_MEMORY, err));
 			STRDUP(payload->fileurl, url, FREE(payload); GOTO_ERR(handle, ALPM_ERR_MEMORY, err));
 
+			STRDUP(payload->remote_name, get_filename(payload->fileurl),
+				GOTO_ERR(handle, ALPM_ERR_MEMORY, err));
+
 			c = strrchr(url, '/');
-			if(strstr(c, ".pkg")) {
+			if(payload->remote_name && strlen(payload->remote_name) > 0 && strstr(c, ".pkg")) {
 				/* we probably have a usable package filename to download to */
+				payload->destfile_name = _alpm_get_fullpath(cachedir, payload->remote_name, "");
+				payload->tempfile_name = _alpm_get_fullpath(cachedir, payload->remote_name, ".part");
 				payload->allow_resume = 1;
+
+				if(!payload->destfile_name || !payload->tempfile_name) {
+					goto err;
+				}
+
 			} else {
-				payload->random_partfile = 1;
+				/* The URL does not contain a filename, so download to a temporary location.
+				 * We can not support resuming this kind of download; any partial transfers
+				 * will be destroyed */
+				payload->unlink_on_fail = 1;
+
+				payload->tempfile_openmode = "wb";
+				payload->localf = create_tempfile(payload, cachedir);
+				if(payload->localf == NULL) {
+					goto err;
+				}
 			}
 
 			payload->handle = handle;
-			payload->trust_remote_name = 1;
 			payload->download_signature = (handle->siglevel & ALPM_SIG_PACKAGE);
 			payload->signature_optional = (handle->siglevel & ALPM_SIG_PACKAGE_OPTIONAL);
 			payloads = alpm_list_add(payloads, payload);
@@ -1104,7 +1343,6 @@ void _alpm_dload_payload_reset(struct dload_payload *payload)
 	FREE(payload->remote_name);
 	FREE(payload->tempfile_name);
 	FREE(payload->destfile_name);
-	FREE(payload->content_disp_name);
 	FREE(payload->fileurl);
 	FREE(payload->filepath);
 	*payload = (struct dload_payload){0};

lib/libalpm/dload.h

@@ -26,10 +26,12 @@
 struct dload_payload {
 	alpm_handle_t *handle;
 	const char *tempfile_openmode;
+	/* name of the remote file */
 	char *remote_name;
+	/* temporary file name, to which the payload is downloaded */
 	char *tempfile_name;
+	/* name to which the downloaded file will be renamed */
 	char *destfile_name;
-	char *content_disp_name;
 	/* client has to provide either
 	 *  1) fileurl - full URL to the file
 	 *  2) pair of (servers, filepath), in this case ALPM iterates over the
@@ -37,6 +39,7 @@ struct dload_payload {
 	 */
 	char *fileurl;
 	char *filepath; /* download URL path */
+	alpm_list_t *cache_servers;
 	alpm_list_t *servers;
 	long respcode;
 	off_t initial_size;
@@ -44,18 +47,17 @@ struct dload_payload {
 	off_t prevprogress;
 	int force;
 	int allow_resume;
-	int random_partfile;
 	int errors_ok;
 	int unlink_on_fail;
-	int trust_remote_name;
 	int download_signature; /* specifies if an accompanion *.sig file need to be downloaded*/
 	int signature_optional; /* *.sig file is optional */
 #ifdef HAVE_LIBCURL
 	CURL *curl;
 	char error_buffer[CURL_ERROR_SIZE];
-	FILE *localf; /* temp download file */
 	int signature; /* specifies if this payload is for a signature file */
+	int request_errors_ok; /* per-request errors-ok */
 #endif
+	FILE *localf; /* temp download file */
 };
 
 void _alpm_dload_payload_reset(struct dload_payload *payload);

lib/libalpm/handle.c

@@ -48,12 +48,28 @@ alpm_handle_t *_alpm_handle_new(void)
 	return handle;
 }
 
+/* free all in-memory resources */
 void _alpm_handle_free(alpm_handle_t *handle)
 {
+	alpm_list_t *i;
+	alpm_db_t *db;
+
 	if(handle == NULL) {
 		return;
 	}
 
+	/* close local database */
+	if((db = handle->db_local)) {
+		db->ops->unregister(db);
+	}
+
+	/* unregister all sync dbs */
+	for(i = handle->dbs_sync; i; i = i->next) {
+		db = i->data;
+		db->ops->unregister(db);
+	}
+	alpm_list_free(handle->dbs_sync);
+
 	/* close logfile */
 	if(handle->logstream) {
 		fclose(handle->logstream);
@@ -68,6 +84,12 @@ void _alpm_handle_free(alpm_handle_t *handle)
 	FREELIST(handle->known_keys);
 #endif
 
+#ifdef HAVE_LIBCURL
+	curl_multi_cleanup(handle->curlm);
+	curl_global_cleanup();
+	FREELIST(handle->server_errors);
+#endif
+
 	/* free memory */
 	_alpm_trans_free(handle->trans);
 	FREE(handle->root);
@@ -79,6 +101,7 @@ void _alpm_handle_free(alpm_handle_t *handle)
 	FREE(handle->lockfile);
 	FREELIST(handle->architectures);
 	FREE(handle->gpgdir);
+	FREE(handle->sandboxuser);
 	FREELIST(handle->noupgrade);
 	FREELIST(handle->noextract);
 	FREELIST(handle->ignorepkg);
@@ -270,6 +293,12 @@ const char SYMEXPORT *alpm_option_get_gpgdir(alpm_handle_t *handle)
 	return handle->gpgdir;
 }
 
+const char SYMEXPORT *alpm_option_get_sandboxuser(alpm_handle_t *handle)
+{
+	CHECK_HANDLE(handle, return NULL);
+	return handle->sandboxuser;
+}
+
 int SYMEXPORT alpm_option_get_usesyslog(alpm_handle_t *handle)
 {
 	CHECK_HANDLE(handle, return -1);
@@ -573,6 +602,19 @@ int SYMEXPORT alpm_option_set_gpgdir(alpm_handle_t *handle, const char *gpgdir)
 	return 0;
 }
 
+int SYMEXPORT alpm_option_set_sandboxuser(alpm_handle_t *handle, const char *sandboxuser)
+{
+	CHECK_HANDLE(handle, return -1);
+	if(handle->sandboxuser) {
+		FREE(handle->sandboxuser);
+	}
+
+	STRDUP(handle->sandboxuser, sandboxuser, RET_ERR(handle, ALPM_ERR_MEMORY, -1));
+
+	_alpm_log(handle, ALPM_LOG_DEBUG, "option 'sandboxuser' = %s\n", handle->sandboxuser);
+	return 0;
+}
+
 int SYMEXPORT alpm_option_set_usesyslog(alpm_handle_t *handle, int usesyslog)
 {
 	CHECK_HANDLE(handle, return -1);

lib/libalpm/handle.h

@@ -91,6 +91,7 @@ struct _alpm_handle_t {
 	char *logfile;           /* Name of the log file */
 	char *lockfile;          /* Name of the lock file */
 	char *gpgdir;            /* Directory where GnuPG files are stored */
+	char *sandboxuser;       /* User to switch to for sensitive operations */
 	alpm_list_t *cachedirs;  /* Paths to pacman cache directories */
 	alpm_list_t *hookdirs;   /* Paths to hook directories */
 	alpm_list_t *overwrite_files; /* Paths that may be overwritten */

lib/libalpm/libalpm.pc.in

@@ -1,13 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-
-Name: libalpm
-Description: Arch Linux package management library
-URL: http://archlinux.org/pacman/
-Version: @LIB_VERSION@
-Requires.private: libarchive @pc_crypto@ @pc_libcurl@ @pc_gpgme@
-Cflags: -I${includedir} @LFS_CFLAGS@
-Libs: -L${libdir} -lalpm
-Libs.private: @LIBS@ @pc_gpgme_libs@ @LIBINTL@

lib/libalpm/meson.build

@@ -24,6 +24,7 @@ libalpm_sources = files('''
   pkghash.h pkghash.c
   rawstr.c
   remove.h remove.c
+  sandbox.h sandbox.c
   signing.c signing.h
   sync.h sync.c
   trans.h trans.c

lib/libalpm/remove.c

@@ -420,7 +420,9 @@ static void shift_pacsave(alpm_handle_t *handle, const char *file)
 
 cleanup:
 	free(dirname);
-	closedir(dir);
+	if(dir != NULL) {
+		closedir(dir);
+	}
 }
 
 

lib/libalpm/sandbox.c

@@ -0,0 +1,224 @@
+/*
+ *  sandbox.c
+ *
+ *  Copyright (c) 2021-2022 Pacman Development Team <pacman-dev@lists.archlinux.org>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <errno.h>
+#include <grp.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "alpm.h"
+#include "log.h"
+#include "sandbox.h"
+#include "util.h"
+
+int SYMEXPORT alpm_sandbox_setup_child(const char* sandboxuser)
+{
+	struct passwd const *pw = NULL;
+
+	ASSERT(sandboxuser != NULL, return EINVAL);
+	ASSERT(getuid() == 0, return EPERM);
+	ASSERT((pw = getpwnam(sandboxuser)), return errno);
+	ASSERT(setgid(pw->pw_gid) == 0, return errno);
+	ASSERT(setgroups(0, NULL) == 0, return errno);
+	ASSERT(setuid(pw->pw_uid) == 0, return errno);
+
+	return 0;
+}
+
+static int should_retry(int errnum)
+{
+	return errnum == EINTR;
+}
+
+static int read_from_pipe(int fd, void *buf, size_t count)
+{
+	size_t nread = 0;
+
+	ASSERT(count > 0, return -1);
+
+	while(nread < count) {
+		ssize_t r = read(fd, (char *)buf + nread, count-nread);
+		if(r < 0) {
+			if(!should_retry(errno)) {
+				return -1;
+			}
+			continue;
+		}
+		if(r == 0) {
+			/* we hit EOF unexpectedly - bail */
+			return -1;
+		}
+		nread += r;
+	}
+
+	return 0;
+}
+
+static int write_to_pipe(int fd, const void *buf, size_t count)
+{
+	size_t nwrite = 0;
+
+	ASSERT(count > 0, return -1);
+
+	while(nwrite < count) {
+		ssize_t r = write(fd, (char *)buf + nwrite, count-nwrite);
+		if(r < 0) {
+			if(!should_retry(errno)) {
+				return -1;
+			}
+			continue;
+		}
+		nwrite += r;
+	}
+
+	return 0;
+}
+
+void _alpm_sandbox_cb_log(void *ctx, alpm_loglevel_t level, const char *fmt, va_list args)
+{
+	_alpm_sandbox_callback_t type = ALPM_SANDBOX_CB_LOG;
+	_alpm_sandbox_callback_context *context = ctx;
+	char *string = NULL;
+	int string_size = 0;
+
+	if(!context || context->callback_pipe == -1) {
+		return;
+	}
+
+	/* compute the required size, as allowed by POSIX.1-2001 and C99 */
+	/* first we need to copy the va_list as it will be consumed by the first call */
+	va_list copy;
+	va_copy(copy, args);
+	string_size = vsnprintf(NULL, 0, fmt, copy);
+	if(string_size <= 0) {
+		va_end(copy);
+		return;
+	}
+	MALLOC(string, string_size + 1, return);
+	string_size = vsnprintf(string, string_size + 1, fmt, args);
+	if(string_size > 0) {
+		write_to_pipe(context->callback_pipe, &type, sizeof(type));
+		write_to_pipe(context->callback_pipe, &level, sizeof(level));
+		write_to_pipe(context->callback_pipe, &string_size, sizeof(string_size));
+		write_to_pipe(context->callback_pipe, string, string_size);
+	}
+	va_end(copy);
+	FREE(string);
+}
+
+void _alpm_sandbox_cb_dl(void *ctx, const char *filename, alpm_download_event_type_t event, void *data)
+{
+	_alpm_sandbox_callback_t type = ALPM_SANDBOX_CB_DOWNLOAD;
+	_alpm_sandbox_callback_context *context = ctx;
+	size_t filename_len;
+
+	if(!context || context->callback_pipe == -1) {
+		return;
+	}
+
+	ASSERT(filename != NULL, return);
+	ASSERT(event == ALPM_DOWNLOAD_INIT || event == ALPM_DOWNLOAD_PROGRESS || event == ALPM_DOWNLOAD_RETRY || event == ALPM_DOWNLOAD_COMPLETED, return);
+
+	filename_len = strlen(filename);
+
+	write_to_pipe(context->callback_pipe, &type, sizeof(type));
+	write_to_pipe(context->callback_pipe, &event, sizeof(event));
+	switch(event) {
+		case ALPM_DOWNLOAD_INIT:
+			write_to_pipe(context->callback_pipe, data, sizeof(alpm_download_event_init_t));
+			break;
+		case ALPM_DOWNLOAD_PROGRESS:
+			write_to_pipe(context->callback_pipe, data, sizeof(alpm_download_event_progress_t));
+			break;
+		case ALPM_DOWNLOAD_RETRY:
+			write_to_pipe(context->callback_pipe, data, sizeof(alpm_download_event_retry_t));
+			break;
+		case ALPM_DOWNLOAD_COMPLETED:
+			write_to_pipe(context->callback_pipe, data, sizeof(alpm_download_event_completed_t));
+			break;
+	}
+	write_to_pipe(context->callback_pipe, &filename_len, sizeof(filename_len));
+	write_to_pipe(context->callback_pipe, filename, filename_len);
+}
+
+
+bool _alpm_sandbox_process_cb_log(alpm_handle_t *handle, int callback_pipe) {
+	alpm_loglevel_t level;
+	char *string = NULL;
+	int string_size = 0;
+
+	ASSERT(read_from_pipe(callback_pipe, &level, sizeof(level)) != -1, return false);
+	ASSERT(read_from_pipe(callback_pipe, &string_size, sizeof(string_size)) != -1, return false);
+
+	MALLOC(string, string_size + 1, return false);
+
+	ASSERT(read_from_pipe(callback_pipe, string, string_size) != -1, FREE(string); return false);
+	string[string_size] = '\0';
+
+	_alpm_log(handle, level, "%s", string);
+	FREE(string);
+	return true;
+}
+
+bool _alpm_sandbox_process_cb_download(alpm_handle_t *handle, int callback_pipe) {
+	alpm_download_event_type_t type;
+	char *filename = NULL;
+	size_t filename_size, cb_data_size;
+	union {
+		alpm_download_event_init_t init;
+		alpm_download_event_progress_t progress;
+		alpm_download_event_retry_t retry;
+		alpm_download_event_completed_t completed;
+	} cb_data;
+
+	ASSERT(read_from_pipe(callback_pipe, &type, sizeof(type)) != -1, return false);
+
+	switch (type) {
+		case ALPM_DOWNLOAD_INIT:
+			cb_data_size = sizeof(alpm_download_event_init_t);
+			ASSERT(read_from_pipe(callback_pipe, &cb_data.init, cb_data_size) != -1, return false);
+			break;
+		case ALPM_DOWNLOAD_PROGRESS:
+			cb_data_size = sizeof(alpm_download_event_progress_t);
+			ASSERT(read_from_pipe(callback_pipe, &cb_data.progress, cb_data_size) != -1, return false);
+			break;
+		case ALPM_DOWNLOAD_RETRY:
+			cb_data_size = sizeof(alpm_download_event_retry_t);
+			ASSERT(read_from_pipe(callback_pipe, &cb_data.retry, cb_data_size) != -1, return false);
+			break;
+		case ALPM_DOWNLOAD_COMPLETED:
+			cb_data_size = sizeof(alpm_download_event_completed_t);
+			ASSERT(read_from_pipe(callback_pipe, &cb_data.completed, cb_data_size) != -1, return false);
+			break;
+		default:
+			return false;
+	}
+
+	ASSERT(read_from_pipe(callback_pipe, &filename_size, sizeof(filename_size)) != -1, return false);;
+
+	MALLOC(filename, filename_size + 1, return false);
+
+	ASSERT(read_from_pipe(callback_pipe, filename, filename_size) != -1, FREE(filename); return false);
+	filename[filename_size] = '\0';
+
+	handle->dlcb(handle->dlcb_ctx, filename, type, &cb_data);
+	FREE(filename);
+	return true;
+}

lib/libalpm/sandbox.h

@@ -0,0 +1,51 @@
+/*
+ *  sandbox.h
+ *
+ *  Copyright (c) 2021-2022 Pacman Development Team <pacman-dev@lists.archlinux.org>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ALPM_SANDBOX_H
+#define ALPM_SANDBOX_H
+
+#include <stdbool.h>
+
+
+/* The type of callbacks that can happen during a sandboxed operation */
+typedef enum {
+	ALPM_SANDBOX_CB_LOG,
+	ALPM_SANDBOX_CB_DOWNLOAD
+} _alpm_sandbox_callback_t;
+
+typedef struct {
+	int callback_pipe;
+} _alpm_sandbox_callback_context;
+
+
+/* Sandbox callbacks */
+
+__attribute__((format(printf, 3, 0)))
+void _alpm_sandbox_cb_log(void *ctx, alpm_loglevel_t level, const char *fmt, va_list args);
+
+void _alpm_sandbox_cb_dl(void *ctx, const char *filename, alpm_download_event_type_t event, void *data);
+
+
+/* Functions to capture sandbox callbacks and convert them to alpm callbacks */
+
+bool _alpm_sandbox_process_cb_log(alpm_handle_t *handle, int callback_pipe);
+bool _alpm_sandbox_process_cb_download(alpm_handle_t *handle, int callback_pipe);
+
+
+#endif /* ALPM_SANDBOX_H */

lib/libalpm/signing.c

@@ -1044,7 +1044,7 @@ int SYMEXPORT alpm_siglist_cleanup(alpm_siglist_t *siglist)
 static size_t length_check(size_t length, size_t position, size_t a,
 		alpm_handle_t *handle, const char *identifier)
 {
-	if( a == 0 || length - position <= a) {
+	if( a == 0 || position > length || length - position <= a) {
 		_alpm_log(handle, ALPM_LOG_ERROR,
 				_("%s: signature format error\n"), identifier);
 		return -1;

lib/libalpm/sync.c

@@ -517,21 +517,23 @@ int _alpm_sync_prepare(alpm_handle_t *handle, alpm_list_t **data)
 
 		for(i = deps; i; i = i->next) {
 			alpm_conflict_t *conflict = i->data;
+			const char *name1 = conflict->package1->name;
+			const char *name2 = conflict->package2->name;
 			alpm_pkg_t *rsync, *sync, *sync1, *sync2;
 
 			/* have we already removed one of the conflicting targets? */
-			sync1 = alpm_pkg_find(trans->add, conflict->package1);
-			sync2 = alpm_pkg_find(trans->add, conflict->package2);
+			sync1 = alpm_pkg_find(trans->add, name1);
+			sync2 = alpm_pkg_find(trans->add, name2);
 			if(!sync1 || !sync2) {
 				continue;
 			}
 
 			_alpm_log(handle, ALPM_LOG_DEBUG, "conflicting packages in the sync list: '%s' <-> '%s'\n",
-					conflict->package1, conflict->package2);
+					name1, name2);
 
 			/* if sync1 provides sync2, we remove sync2 from the targets, and vice versa */
-			alpm_depend_t *dep1 = alpm_dep_from_string(conflict->package1);
-			alpm_depend_t *dep2 = alpm_dep_from_string(conflict->package2);
+			alpm_depend_t *dep1 = alpm_dep_from_string(name1);
+			alpm_depend_t *dep2 = alpm_dep_from_string(name2);
 			if(_alpm_depcmp(sync1, dep2)) {
 				rsync = sync2;
 				sync = sync1;
@@ -559,8 +561,8 @@ int _alpm_sync_prepare(alpm_handle_t *handle, alpm_list_t **data)
 
 			/* Prints warning */
 			_alpm_log(handle, ALPM_LOG_WARNING,
-					_("removing '%s' from target list because it conflicts with '%s'\n"),
-					rsync->name, sync->name);
+					_("removing '%s-%s' from target list because it conflicts with '%s-%s'\n"),
+					rsync->name, rsync->version, sync->name, sync->version);
 			trans->add = alpm_list_remove(trans->add, rsync, _alpm_pkg_cmp, NULL);
 			/* rsync is not a transaction target anymore */
 			trans->unresolvable = alpm_list_add(trans->unresolvable, rsync);
@@ -581,16 +583,18 @@ int _alpm_sync_prepare(alpm_handle_t *handle, alpm_list_t **data)
 				.conflict = i->data
 			};
 			alpm_conflict_t *conflict = i->data;
+			const char *name1 = conflict->package1->name;
+			const char *name2 = conflict->package2->name;
 			int found = 0;
 
-			/* if conflict->package2 (the local package) is not elected for removal,
+			/* if name2 (the local package) is not elected for removal,
 			   we ask the user */
-			if(alpm_pkg_find(trans->remove, conflict->package2)) {
+			if(alpm_pkg_find(trans->remove, name2)) {
 				found = 1;
 			}
 			for(j = trans->add; j && !found; j = j->next) {
 				alpm_pkg_t *spkg = j->data;
-				if(alpm_pkg_find(spkg->removes, conflict->package2)) {
+				if(alpm_pkg_find(spkg->removes, name2)) {
 					found = 1;
 				}
 			}
@@ -598,15 +602,15 @@ int _alpm_sync_prepare(alpm_handle_t *handle, alpm_list_t **data)
 				continue;
 			}
 
-			_alpm_log(handle, ALPM_LOG_DEBUG, "package '%s' conflicts with '%s'\n",
-					conflict->package1, conflict->package2);
+			_alpm_log(handle, ALPM_LOG_DEBUG, "package '%s-%s' conflicts with '%s-%s'\n",
+					name1, conflict->package1->version, name2,conflict->package2->version);
 
 			QUESTION(handle, &question);
 			if(question.remove) {
 				/* append to the removes list */
-				alpm_pkg_t *sync = alpm_pkg_find(trans->add, conflict->package1);
-				alpm_pkg_t *local = _alpm_db_get_pkgfromcache(handle->db_local, conflict->package2);
-				_alpm_log(handle, ALPM_LOG_DEBUG, "electing '%s' for removal\n", conflict->package2);
+				alpm_pkg_t *sync = alpm_pkg_find(trans->add, name1);
+				alpm_pkg_t *local = _alpm_db_get_pkgfromcache(handle->db_local, name2);
+				_alpm_log(handle, ALPM_LOG_DEBUG, "electing '%s' for removal\n", name2);
 				sync->removes = alpm_list_add(sync->removes, local);
 			} else { /* abort */
 				_alpm_log(handle, ALPM_LOG_ERROR, _("unresolvable package conflicts detected\n"));
@@ -763,6 +767,7 @@ static int find_dl_candidates(alpm_handle_t *handle, alpm_list_t **files)
 	return 0;
 }
 
+
 static int download_files(alpm_handle_t *handle)
 {
 	const char *cachedir;
@@ -821,9 +826,17 @@ static int download_files(alpm_handle_t *handle)
 			CALLOC(payload, 1, sizeof(*payload), GOTO_ERR(handle, ALPM_ERR_MEMORY, finish));
 			STRDUP(payload->remote_name, pkg->filename, FREE(payload); GOTO_ERR(handle, ALPM_ERR_MEMORY, finish));
 			STRDUP(payload->filepath, pkg->filename,
-				FREE(payload->remote_name); FREE(payload);
+				_alpm_dload_payload_reset(payload); FREE(payload);
 				GOTO_ERR(handle, ALPM_ERR_MEMORY, finish));
+			payload->destfile_name = _alpm_get_fullpath(cachedir, payload->remote_name, "");
+			payload->tempfile_name = _alpm_get_fullpath(cachedir, payload->remote_name, ".part");
+			if(!payload->destfile_name || !payload->tempfile_name) {
+				_alpm_dload_payload_reset(payload);
+				FREE(payload);
+				GOTO_ERR(handle, ALPM_ERR_MEMORY, finish);
+			}
 			payload->max_size = pkg->size;
+			payload->cache_servers = pkg->origin_data.db->cache_servers;
 			payload->servers = pkg->origin_data.db->servers;
 			payload->handle = handle;
 			payload->allow_resume = 1;
@@ -991,6 +1004,13 @@ static int check_validity(alpm_handle_t *handle,
 
 		current_bytes += v.pkg->size;
 		v.path = _alpm_filecache_find(handle, v.pkg->filename);
+
+		if(!v.path) {
+			_alpm_log(handle, ALPM_LOG_ERROR,
+					_("%s: could not find package in cache\n"), v.pkg->name);
+			RET_ERR(handle, ALPM_ERR_PKG_NOT_FOUND, -1);
+		}
+
 		v.siglevel = alpm_db_get_siglevel(alpm_pkg_get_db(v.pkg));
 
 		if(_alpm_pkg_validate_internal(handle, v.path, v.pkg,
@@ -1082,6 +1102,12 @@ static int load_packages(alpm_handle_t *handle, alpm_list_t **data,
 		current_bytes += spkg->size;
 		filepath = _alpm_filecache_find(handle, spkg->filename);
 
+		if(!filepath) {
+			_alpm_log(handle, ALPM_LOG_ERROR,
+					_("%s: could not find package in cache\n"), spkg->name);
+			RET_ERR(handle, ALPM_ERR_PKG_NOT_FOUND, -1);
+		}
+
 		/* load the package file and replace pkgcache entry with it in the target list */
 		/* TODO: alpm_pkg_get_db() will not work on this target anymore */
 		_alpm_log(handle, ALPM_LOG_DEBUG,

lib/libalpm/util.c

@@ -31,6 +31,7 @@
 #include <limits.h>
 #include <sys/wait.h>
 #include <sys/socket.h>
+#include <fcntl.h>
 #include <fnmatch.h>
 #include <poll.h>
 #include <signal.h>
@@ -196,6 +197,23 @@ cleanup:
 	return ret;
 }
 
+/** Combines a directory, filename and suffix to provide full path of a file
+ * @param path directory path
+ * @param filename file name
+ * @param suffix suffix
+ * @return file path
+*/
+char *_alpm_get_fullpath(const char *path, const char *filename, const char *suffix)
+{
+	char *filepath;
+	/* len = localpath len + filename len + suffix len + null */
+	size_t len = strlen(path) + strlen(filename) + strlen(suffix) + 1;
+	MALLOC(filepath, len, return NULL);
+	snprintf(filepath, len, "%s%s%s", path, filename, suffix);
+
+	return filepath;
+}
+
 /** Trim trailing newlines from a string (if any exist).
  * @param str a single line of text
  * @param len size of str, if known, else 0
@@ -554,7 +572,7 @@ static int _alpm_chroot_read_from_child(alpm_handle_t *handle, int fd,
 	return 0;
 }
 
-static void _alpm_reset_signals(void)
+void _alpm_reset_signals(void)
 {
 	/* reset POSIX defined signals (see signal.h) */
 	/* there are likely more but there is no easy way
@@ -654,7 +672,9 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
 		}
 
 		/* use fprintf instead of _alpm_log to send output through the parent */
-		if(chroot(handle->root) != 0) {
+		/* don't chroot() to "/": this allows running with less caps when the
+		 * caller puts us in the right root */
+		if(strcmp(handle->root, "/") != 0 && chroot(handle->root) != 0) {
 			fprintf(stderr, _("could not change the root directory (%s)\n"), strerror(errno));
 			exit(1);
 		}
@@ -672,6 +692,7 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
 		unsetenv("BASH_ENV");
 		umask(0022);
 		_alpm_reset_signals();
+		_alpm_handle_free(handle);
 		execv(cmd, argv);
 		/* execv only returns if there was an error */
 		fprintf(stderr, _("call to execv failed (%s)\n"), strerror(errno));
@@ -842,10 +863,17 @@ char *_alpm_filecache_find(alpm_handle_t *handle, const char *filename)
 	for(i = handle->cachedirs; i; i = i->next) {
 		snprintf(path, PATH_MAX, "%s%s", (char *)i->data,
 				filename);
-		if(stat(path, &buf) == 0 && S_ISREG(buf.st_mode)) {
-			retpath = strdup(path);
-			_alpm_log(handle, ALPM_LOG_DEBUG, "found cached pkg: %s\n", retpath);
-			return retpath;
+		if(stat(path, &buf) == 0) {
+			if(S_ISREG(buf.st_mode)) {
+				retpath = strdup(path);
+				_alpm_log(handle, ALPM_LOG_DEBUG, "found cached pkg: %s\n", retpath);
+				return retpath;
+			} else {
+				_alpm_log(handle, ALPM_LOG_WARNING,
+						"cached pkg '%s' is not a regular file: mode=%i\n", path, buf.st_mode);
+			}
+		} else if(errno != ENOENT) {
+			_alpm_log(handle, ALPM_LOG_WARNING, "could not open '%s'\n: %s", path, strerror(errno));
 		}
 	}
 	/* package wasn't found in any cachedir */
@@ -1352,6 +1380,11 @@ int _alpm_access(alpm_handle_t *handle, const char *dir, const char *file, int a
 	size_t len = 0;
 	int ret = 0;
 
+	int flag = 0;
+#ifdef AT_SYMLINK_NOFOLLOW
+	flag |= AT_SYMLINK_NOFOLLOW;
+#endif
+
 	if(dir) {
 		char *check_path;
 
@@ -1359,11 +1392,11 @@ int _alpm_access(alpm_handle_t *handle, const char *dir, const char *file, int a
 		CALLOC(check_path, len, sizeof(char), RET_ERR(handle, ALPM_ERR_MEMORY, -1));
 		snprintf(check_path, len, "%s%s", dir, file);
 
-		ret = access(check_path, amode);
+		ret = faccessat(AT_FDCWD, check_path, amode, flag);
 		free(check_path);
 	} else {
 		dir = "";
-		ret = access(file, amode);
+		ret = faccessat(AT_FDCWD, file, amode, flag);
 	}
 
 	if(ret != 0) {

lib/libalpm/util.h

@@ -116,6 +116,7 @@ struct archive_read_buffer {
 int _alpm_makepath(const char *path);
 int _alpm_makepath_mode(const char *path, mode_t mode);
 int _alpm_copyfile(const char *src, const char *dest);
+char *_alpm_get_fullpath(const char *path, const char *filename, const char *suffix);
 size_t _alpm_strip_newline(char *str, size_t len);
 
 int _alpm_open_archive(alpm_handle_t *handle, const char *path,
@@ -129,6 +130,7 @@ ssize_t _alpm_files_in_directory(alpm_handle_t *handle, const char *path, int fu
 
 typedef ssize_t (*_alpm_cb_io)(void *buf, ssize_t len, void *ctx);
 
+void _alpm_reset_signals(void);
 int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
 		_alpm_cb_io in_cb, void *in_ctx);
 int _alpm_ldconfig(alpm_handle_t *handle);

meson.build

@@ -182,7 +182,22 @@ foreach type : [
   endif
 endforeach
 
-if conf.has('HAVE_STRUCT_STATVFS_F_FLAG')
+
+if conf.has('HAVE_GETMNTINFO')
+  if cc.compiles('''
+      #include <sys/types.h>
+      #include <sys/statvfs.h>
+
+      void func() {
+        struct statvfs *buf;
+        getmntinfo(&buf, 0);
+      }
+      ''')
+      conf.set('FSSTATSTYPE', 'struct statvfs')
+  else
+      conf.set('FSSTATSTYPE', 'struct statfs')
+  endif
+elif conf.has('HAVE_STRUCT_STATVFS_F_FLAG')
   conf.set('FSSTATSTYPE', 'struct statvfs')
 elif conf.has('HAVE_STRUCT_STATFS_F_FLAGS')
   conf.set('FSSTATSTYPE', 'struct statfs')
@@ -218,6 +233,7 @@ if get_option('debug')
     '-Wuninitialized',
     '-Wunused-but-set-parameter',
     '-Wunused-parameter',
+    '-Wunused-result',
     '-Wwrite-strings',
   ]
   add_project_arguments(cc.get_supported_arguments(extra_cflags), language : 'c')
@@ -344,7 +360,9 @@ pkgconfig.generate(
   name : 'libalpm',
   description : 'Arch Linux package management library',
   version : libalpm_version,
-  url : 'http://archlinux.org/pacman/')
+  url : 'http://archlinux.org/pacman/',
+  extra_cflags: [ '-D_FILE_OFFSET_BITS=64' ],
+)
 
 pacman_bin = executable(
   'pacman',

proto/PKGBUILD-split.proto

@@ -28,7 +28,7 @@ changelog=
 source=("$pkgbase-$pkgver.tar.gz"
         "$pkgname-$pkgver.patch")
 noextract=()
-md5sums=()
+sha256sums=()
 validpgpkeys=()
 
 prepare() {

proto/PKGBUILD-vcs.proto

@@ -25,7 +25,7 @@ options=()
 install=
 source=('FOLDER::VCS+URL#FRAGMENT')
 noextract=()
-md5sums=('SKIP')
+sha256sums=('SKIP')
 
 # Please refer to the 'USING VCS SOURCES' section of the PKGBUILD man page for
 # a description of each element in the source array.

proto/PKGBUILD.proto

@@ -27,7 +27,7 @@ changelog=
 source=("$pkgname-$pkgver.tar.gz"
         "$pkgname-$pkgver.patch")
 noextract=()
-md5sums=()
+sha256sums=()
 validpgpkeys=()
 
 prepare() {

scripts/completion/zsh_completion.in

@@ -553,7 +553,7 @@ _pacman_conf_directive() {
 
 _pacman_conf_commands=(
 	{-l,--repo-list}'[List configured repositories]:*: :->repo_list'
-	{-h,--help}'[Output systax and command line options]:*: :->complete'
+	{-h,--help}'[Output syntax and command line options]:*: :->complete'
 	{-V,--version}'[Display version and exit]:*: :->complete'
 )
 
@@ -564,7 +564,7 @@ _pacman_conf_options=(
 
 _pacman_conf_options_common=(
 	'*'{-c,--config=}'[Specify an alternate configuration file]: :_files'
-	'*'{-R,--rootdir=}'[Specify an alternate insallation root]: :_files'
+	'*'{-R,--rootdir=}'[Specify an alternate installation root]: :_files'
 )
 
 _pacman_conf() {

scripts/libmakepkg/autodep.sh.in

@@ -21,11 +21,11 @@
 [[ -n "$LIBMAKEPKG_AUTODEP_SH" ]] && return
 LIBMAKEPKG_AUTODEP_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
 declare -a autodep_functions
 
-for lib in "$LIBRARY/autodep/"*.sh; do
+for lib in "$MAKEPKG_LIBRARY/autodep/"*.sh; do
 	source "$lib"
 done
 

scripts/libmakepkg/autodep/library_depends.sh.in

@@ -21,7 +21,7 @@
 [[ -n "$LIBMAKEPKG_AUTODEP_LIBRARY_DEPENDS_SH" ]] && return
 LIBMAKEPKG_AUTODEP_LIBRARY_DEPENDS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
 autodep_functions+=('library_depends')
 

scripts/libmakepkg/autodep/library_provides.sh.in

@@ -21,7 +21,7 @@
 [[ -n "$LIBMAKEPKG_AUTODEP_LIBRARY_PROVIDES_SH" ]] && return
 LIBMAKEPKG_AUTODEP_LIBRARY_PROVIDES_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
 autodep_functions+=('library_provides')
 

scripts/libmakepkg/buildenv.sh.in

@@ -22,12 +22,12 @@
 [[ -n "$LIBMAKEPKG_BUILDENV_SH" ]] && return
 LIBMAKEPKG_BUILDENV_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
 declare -a buildenv_functions build_options
 buildenv_vars=('CPPFLAGS' 'CFLAGS' 'CXXFLAGS' 'LDFLAGS' 'MAKEFLAGS' 'CHOST')
 
-for lib in "$LIBRARY/buildenv/"*.sh; do
+for lib in "$MAKEPKG_LIBRARY/buildenv/"*.sh; do
 	source "$lib"
 done
 

scripts/libmakepkg/buildenv/buildflags.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_BUILDENV_BUILDFLAGS_SH" ]] && return
 LIBMAKEPKG_BUILDENV_BUILDFLAGS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
 
 build_options+=('buildflags')
 

scripts/libmakepkg/buildenv/compiler.sh.in

@@ -23,9 +23,9 @@
 [[ -n "$LIBMAKEPKG_BUILDENV_COMPILER_SH" ]] && return
 LIBMAKEPKG_BUILDENV_COMPILER_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
 
 build_options+=('ccache' 'distcc')
 buildenv_functions+=('buildenv_ccache' 'buildenv_distcc')

scripts/libmakepkg/buildenv/debugflags.sh.in

@@ -22,17 +22,18 @@
 [[ -n "$LIBMAKEPKG_BUILDENV_DEBUGFLAGS_SH" ]] && return
 LIBMAKEPKG_BUILDENV_DEBUGFLAGS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/util.sh"
 
 buildenv_functions+=('buildenv_debugflags')
 
 buildenv_debugflags() {
 	if check_option "debug" "y" && ! check_option "buildflags" "n"; then
-		DEBUG_CFLAGS+=" -ffile-prefix-map=$srcdir=${DBGSRCDIR:-/usr/src/debug}/${pkgbase}"
-		DEBUG_CXXFLAGS+=" -ffile-prefix-map=$srcdir=${DBGSRCDIR:-/usr/src/debug}/${pkgbase}"
-		CFLAGS+=" $DEBUG_CFLAGS"
-		CXXFLAGS+=" $DEBUG_CXXFLAGS"
+		append_once DEBUG_CFLAGS "-ffile-prefix-map=$srcdir=${DBGSRCDIR:-/usr/src/debug}/${pkgbase}"
+		append_once DEBUG_CXXFLAGS "-ffile-prefix-map=$srcdir=${DBGSRCDIR:-/usr/src/debug}/${pkgbase}"
+		append_once CFLAGS "$DEBUG_CFLAGS"
+		append_once CXXFLAGS "$DEBUG_CXXFLAGS"
 	fi
 }

scripts/libmakepkg/buildenv/lto.sh.in

@@ -22,17 +22,18 @@
 [[ -n "$LIBMAKEPKG_BUILDENV_LTO_SH" ]] && return
 LIBMAKEPKG_BUILDENV_LTO_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/util.sh"
 
 build_options+=('lto')
 buildenv_functions+=('buildenv_lto')
 
 buildenv_lto() {
 	if check_option "lto" "y" && ! check_option "buildflags" "n"; then
-		CFLAGS+=" ${LTOFLAGS:--flto}"
-		CXXFLAGS+=" ${LTOFLAGS:--flto}"
-		LDFLAGS+=" ${LTOFLAGS:--flto}"
+		append_once CFLAGS "${LTOFLAGS:--flto}"
+		append_once CXXFLAGS "${LTOFLAGS:--flto}"
+		append_once LDFLAGS "${LTOFLAGS:--flto}"
 	fi
 }

scripts/libmakepkg/buildenv/makeflags.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_BUILDENV_MAKEFLAGS_SH" ]] && return
 LIBMAKEPKG_BUILDENV_MAKEFLAGS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
 
 build_options+=('makeflags')
 buildenv_functions+=('buildenv_makeflags')

scripts/libmakepkg/buildenv/rust.sh.in

@@ -21,16 +21,17 @@
 [[ -n "$LIBMAKEPKG_BUILDENV_RUST_SH" ]] && return
 LIBMAKEPKG_BUILDENV_RUST_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/util.sh"
 
-buildenv_var+=('RUSTFLAGS' 'DEBUG_RUSTFLAGS')
+buildenv_vars+=('RUSTFLAGS' 'DEBUG_RUSTFLAGS')
 buildenv_functions+=('buildenv_rust')
 
 buildenv_rust() {
 	if check_option "debug" "y" && ! check_option "buildflags" "n"; then
-		DEBUG_RUSTFLAGS+=" --remap-path-prefix=$srcdir=${DBGSRCDIR:-/usr/src/debug}/${pkgbase}"
-		RUSTFLAGS+=" $DEBUG_RUSTFLAGS"
+		append_once DEBUG_RUSTFLAGS "--remap-path-prefix=$srcdir=${DBGSRCDIR:-/usr/src/debug}/${pkgbase}"
+		append_once RUSTFLAGS "$DEBUG_RUSTFLAGS"
 	fi
 }

scripts/libmakepkg/executable.sh.in

@@ -21,11 +21,11 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
 declare -a executable_functions
 
-for lib in "$LIBRARY/executable/"*.sh; do
+for lib in "$MAKEPKG_LIBRARY/executable/"*.sh; do
 	source "$lib"
 done
 

scripts/libmakepkg/executable/ccache.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_CCACHE_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_CCACHE_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
 
 executable_functions+=('executable_ccache')
 

scripts/libmakepkg/executable/checksum.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_CHECKSUM_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_CHECKSUM_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 executable_functions+=('executable_checksum')
 

scripts/libmakepkg/executable/debugedit.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_DEBUGEDIT_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_DEBUGEDIT_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
 
 executable_functions+=('executable_debugedit')
 

scripts/libmakepkg/executable/distcc.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_DISTCC_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_DISTCC_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
 
 executable_functions+=('executable_distcc')
 

scripts/libmakepkg/executable/fakeroot.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_FAKEROOT_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_FAKEROOT_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 executable_functions+=('executable_fakeroot')
 

scripts/libmakepkg/executable/gpg.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_GPG_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_GPG_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
 
 executable_functions+=('executable_gpg')
 

scripts/libmakepkg/executable/gzip.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_GZIP_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_GZIP_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
 
 executable_functions+=('executable_gzip')
 

scripts/libmakepkg/executable/pacman.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_PACMAN_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_PACMAN_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 executable_functions+=('executable_pacman')
 

scripts/libmakepkg/executable/strip.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_STRIP_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_STRIP_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/option.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/option.sh"
 
 executable_functions+=('executable_strip')
 

scripts/libmakepkg/executable/sudo.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_SUDO_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_SUDO_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 executable_functions+=('executable_sudo')
 

scripts/libmakepkg/executable/vcs.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_EXECUTABLE_VCS_SH" ]] && return
 LIBMAKEPKG_EXECUTABLE_VCS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/error.sh"
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/error.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 executable_functions+=('executable_vcs')
 

scripts/libmakepkg/integrity.sh.in

@@ -21,11 +21,11 @@
 [[ -n "$LIBMAKEPKG_INTEGRITY_SH" ]] && return
 LIBMAKEPKG_INTEGRITY_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
-for lib in "$LIBRARY/integrity/"*.sh; do
+for lib in "$MAKEPKG_LIBRARY/integrity/"*.sh; do
 	source "$lib"
 done
 
@@ -42,4 +42,7 @@ check_source_integrity() {
 		check_checksums "$@"
 		check_pgpsigs "$@"
 	fi
+	if (( VERIFYFUNC )); then
+		run_verify
+	fi
 }

scripts/libmakepkg/integrity/generate_checksum.sh.in

@@ -21,11 +21,11 @@
 [[ -n "$LIBMAKEPKG_INTEGRITY_GENERATE_CHECKSUM_SH" ]] && return
 LIBMAKEPKG_INTEGRITY_GENERATE_CHECKSUM_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
-source "$LIBRARY/util/schema.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/util/schema.sh"
 
 generate_one_checksum() {
 	local integ=$1 arch=$2 sources numsrc indentsz idx
@@ -54,7 +54,17 @@ generate_one_checksum() {
 
 		case $proto in
 			bzr|git|hg|svn)
-				sum="SKIP"
+				if declare -f "calc_checksum_$proto" > /dev/null; then
+					if ! sum=$("calc_checksum_$proto" "$netfile" "$integ"); then
+						local name
+						name=$(get_filename "$netfile")
+						error "$(gettext "Failure while calculating %s %s checksum")" "${name}" "${proto}"
+						plainerr "$(gettext "Aborting...")"
+						exit 1
+					fi
+				else
+					sum="SKIP"
+				fi
 				;;
 			*)
 				if [[ ${netfile%%::*} != *.@(sig?(n)|asc) ]]; then

scripts/libmakepkg/integrity/generate_signature.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_INTEGRITY_GENERATE_SIGNATURE_SH" ]] && return
 LIBMAKEPKG_INTEGRITY_GENERATE_SIGNATURE_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 create_signature() {
 	local ret=0

scripts/libmakepkg/integrity/verify_checksum.sh.in

@@ -21,11 +21,12 @@
 [[ -n "$LIBMAKEPKG_INTEGRITY_VERIFY_CHECKSUM_SH" ]] && return
 LIBMAKEPKG_INTEGRITY_CHECKSUM_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
-source "$LIBRARY/util/schema.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/util/schema.sh"
+source "$MAKEPKG_LIBRARY/source.sh"
 
 check_checksums() {
 	local integ a
@@ -68,9 +69,9 @@ check_checksums() {
 }
 
 verify_integrity_one() {
-	local source_name=$1 integ=$2 expectedsum=$3
+	local source_name=$1 integ=$2 expectedsum=$3 file proto realsum
 
-	local file="$(get_filename "$source_name")"
+	file="$(get_filename "$source_name")"
 	printf '    %s ... ' "$file" >&2
 
 	if [[ $expectedsum = 'SKIP' ]]; then
@@ -78,20 +79,18 @@ verify_integrity_one() {
 		return
 	fi
 
-	if ! file="$(get_filepath "$file")"; then
-		printf '%s\n' "$(gettext "NOT FOUND")" >&2
-		return 1
+	proto="$(get_protocol "$source_name")"
+	if declare -f "calc_checksum_${proto}" > /dev/null; then
+		realsum=$("calc_checksum_${proto}" "$source_name" "$integ") || return 1
+	else
+		realsum=$(calc_checksum_file "$source_name" "$integ") || return 1
 	fi
 
-	local realsum="$("${integ}sum" "$file")"
-	realsum="${realsum%% *}"
-	if [[ ${expectedsum,,} = "$realsum" ]]; then
-		printf '%s\n' "$(gettext "Passed")" >&2
-	else
+	if [[ ${expectedsum,,} != "$realsum" ]]; then
 		printf '%s\n' "$(gettext "FAILED")" >&2
 		return 1
 	fi
-
+	printf '%s\n' "$(gettext "Passed")" >&2
 	return 0
 }
 

scripts/libmakepkg/integrity/verify_signature.sh.in

@@ -21,10 +21,16 @@
 [[ -n "$LIBMAKEPKG_INTEGRITY_VERIFY_SIGNATURE_SH" ]] && return
 LIBMAKEPKG_INTEGRITY_VERIFY_SIGNATURE_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
+
+# Filter the contents of a GnuPG statusfile to only contain understood terms to narrow the file's scope and circumvent
+# the use of terms (e.g. NOTATION_DATA) that may contain unescaped binary data
+filter_gnupg_statusfile() {
+	grep -E "(.*SIG| TRUST_.*)"
+}
 
 check_pgpsigs() {
 	(( SKIPPGPCHECK )) && return 0
@@ -35,6 +41,7 @@ check_pgpsigs() {
 	local netfile proto pubkey success status fingerprint trusted
 	local warnings=0
 	local errors=0
+	local statusfile_raw="$(mktemp)"
 	local statusfile=$(mktemp)
 	local all_sources
 
@@ -103,7 +110,7 @@ check_pgpsigs() {
 		printf '\n' >&2
 	done
 
-	rm -f "$statusfile"
+	rm -f "$statusfile" "$statusfile_raw"
 
 	if (( errors )); then
 		error "$(gettext "One or more PGP signatures could not be verified!")"
@@ -157,7 +164,20 @@ verify_file_signature() {
 		"")  decompress="cat" ;;
 	esac
 
-	$decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null
+	# verify the signature and write metadata to a status file
+	if ! $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile_raw" --verify "$file" - 2> /dev/null; then
+		printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "gpg" >&2
+		errors=1
+		return 1
+	fi
+
+	# create a statusfile that contains only understood terms
+	if ! filter_gnupg_statusfile > "$statusfile" < "$statusfile_raw"; then
+		printf '%s\n' "$(gettext "unable to extract signature metadata.")" >&2
+		errors=1
+		return 1
+	fi
+
 	return 0
 }
 
@@ -189,18 +209,33 @@ verify_git_signature() {
 
 	printf "    %s git repo ... " "${dir##*/}" >&2
 
-	git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile" 2>&1
-	if ! grep -qs NEWSIG "$statusfile"; then
-		printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
+	# verify the signature and write metadata to a status file
+	if ! git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile_raw" 2>&1; then
+		printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "git" >&2
 		errors=1
 		return 1
 	fi
+
+	# create a statusfile that contains only understood terms
+	if ! filter_gnupg_statusfile > "$statusfile" < "$statusfile_raw"; then
+		printf '%s\n' "$(gettext "unable to extract signature metadata.")" >&2
+		errors=1
+		return 1
+	fi
+
 	return 0
 }
 
 parse_gpg_statusfile() {
 	local type arg1 arg6 arg10
 
+	# ensure the NEWSIG keyword is part of the metadata
+	if ! grep -qs NEWSIG "$statusfile"; then
+		printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
+		errors=1
+		return 1
+	fi
+
 	while read -r _ type arg1 _ _ _ _ arg6 _ _ _ arg10 _; do
 		case "$type" in
 			GOODSIG)

scripts/libmakepkg/lint_config.sh.in

@@ -21,15 +21,15 @@
 [[ -n "$LIBMAKEPKG_LINT_CONFIG_SH" ]] && return
 LIBMAKEPKG_LINT_CONFIG_SH=1
 
-LIBRARY=${LIBRARY:-'/usr/share/makepkg'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'/usr/share/makepkg'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/util.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/util.sh"
 
 
 declare -a lint_config_functions
 
-for lib in "$LIBRARY/lint_config/"*.sh; do
+for lib in "$MAKEPKG_LIBRARY/lint_config/"*.sh; do
 	source "$lib"
 done
 

scripts/libmakepkg/lint_config/ext.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_LINT_CONFIG_EXT_SH" ]] && return
 LIBMAKEPKG_LINT_CONFIG_EXT_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 lint_config_functions+=('lint_ext')
 

scripts/libmakepkg/lint_config/paths.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_LINT_CONFIG_PATHS_SH" ]] && return
 LIBMAKEPKG_LINT_CONFIG_PATHS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
 
 lint_config_functions+=('lint_paths')
 

scripts/libmakepkg/lint_config/source_date_epoch.sh.in

@@ -21,9 +21,9 @@
 [[ -n $LIBMAKEPKG_LINT_CONFIG_SOURCE_DATE_EPOCH_SH ]] && return
 LIBMAKEPKG_LINT_CONFIG_SOURCE_DATE_EPOCH_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 lint_config_functions+=('lint_source_date_epoch')
 

scripts/libmakepkg/lint_config/variable.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_LINT_CONFIG_VARIABLE_SH" ]] && return
 LIBMAKEPKG_LINT_CONFIG_VARIABLE_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 lint_config_functions+=('lint_config_variables')
 

scripts/libmakepkg/lint_package.sh.in

@@ -21,15 +21,15 @@
 [[ -n "$LIBMAKEPKG_LINT_PACKAGE_SH" ]] && return
 LIBMAKEPKG_LINT_PACKAGE_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/util.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/util.sh"
 
 
 declare -a lint_package_functions
 
-for lib in "$LIBRARY/lint_package/"*.sh; do
+for lib in "$MAKEPKG_LIBRARY/lint_package/"*.sh; do
 	source "$lib"
 done
 

scripts/libmakepkg/lint_package/build_references.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_LINT_PACKAGE_BUILD_REFERENCES_SH" ]] && return
 LIBMAKEPKG_LINT_PACKAGE_BUILD_REFERENCES_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 lint_package_functions+=('warn_build_references')
 

scripts/libmakepkg/lint_package/dotfiles.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_LINT_PACKAGE_DOTFILES_SH" ]] && return
 LIBMAKEPKG_LINT_PACKAGE_DOTFILES_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 lint_package_functions+=('check_dotfiles')
 

scripts/libmakepkg/lint_package/file_names.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_LINT_PACKAGE_FILE_NAMES_SH" ]] && return
 LIBMAKEPKG_LINT_PACKAGE_FILE_NAMES_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 lint_package_functions+=('lint_file_names')
 

scripts/libmakepkg/lint_package/missing_backup.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_LINT_PACKAGE_MISSING_BACKUP_SH" ]] && return
 LIBMAKEPKG_LINT_PACKAGE_MISSING_BACKUP_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 
 lint_package_functions+=('warn_missing_backup')

scripts/libmakepkg/lint_pkgbuild.sh.in

@@ -21,14 +21,14 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 
 declare -a lint_pkgbuild_functions
 
-for lib in "$LIBRARY/lint_pkgbuild/"*.sh; do
+for lib in "$MAKEPKG_LIBRARY/lint_pkgbuild/"*.sh; do
 	source "$lib"
 done
 

scripts/libmakepkg/lint_pkgbuild/arch.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_ARCH_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_ARCH_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
 
 
 lint_pkgbuild_functions+=('lint_arch')

scripts/libmakepkg/lint_pkgbuild/arch_specific.sh.in

@@ -21,12 +21,12 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_ARCH_SPECIFIC_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_ARCH_SPECIFIC_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
-source "$LIBRARY/util/schema.sh"
-source "$LIBRARY/util/util.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/util/schema.sh"
+source "$MAKEPKG_LIBRARY/util/util.sh"
 
 
 lint_pkgbuild_functions+=('lint_arch_specific')

scripts/libmakepkg/lint_pkgbuild/backup.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_BACKUP_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_BACKUP_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
 
 
 lint_pkgbuild_functions+=('lint_backup')

scripts/libmakepkg/lint_pkgbuild/changelog.sh.in

@@ -21,11 +21,11 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_CHANGELOG_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_CHANGELOG_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
-source "$LIBRARY/lint_pkgbuild/util.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/util.sh"
 
 
 lint_pkgbuild_functions+=('lint_changelog')

scripts/libmakepkg/lint_pkgbuild/checkdepends.sh.in

@@ -21,12 +21,12 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_CHECKDEPENDS_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_CHECKDEPENDS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/lint_pkgbuild/fullpkgver.sh"
-source "$LIBRARY/lint_pkgbuild/pkgname.sh"
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/fullpkgver.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/pkgname.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
 
 
 lint_pkgbuild_functions+=('lint_checkdepends')

scripts/libmakepkg/lint_pkgbuild/conflicts.sh.in

@@ -21,12 +21,12 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_CONFLICTS_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_CONFLICTS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/lint_pkgbuild/fullpkgver.sh"
-source "$LIBRARY/lint_pkgbuild/pkgname.sh"
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/fullpkgver.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/pkgname.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
 
 
 lint_pkgbuild_functions+=('lint_conflicts')

scripts/libmakepkg/lint_pkgbuild/depends.sh.in

@@ -21,12 +21,12 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_DEPENDS_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_DEPENDS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/lint_pkgbuild/fullpkgver.sh"
-source "$LIBRARY/lint_pkgbuild/pkgname.sh"
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/fullpkgver.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/pkgname.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
 
 
 lint_pkgbuild_functions+=('lint_depends')

scripts/libmakepkg/lint_pkgbuild/epoch.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_EPOCH_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_EPOCH_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 
 lint_pkgbuild_functions+=('lint_epoch')

scripts/libmakepkg/lint_pkgbuild/fullpkgver.sh.in

@@ -21,11 +21,11 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_FULLPKGVER_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_FULLPKGVER_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/lint_pkgbuild/epoch.sh"
-source "$LIBRARY/lint_pkgbuild/pkgrel.sh"
-source "$LIBRARY/lint_pkgbuild/pkgver.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/epoch.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/pkgrel.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/pkgver.sh"
 
 
 check_fullpkgver() {

scripts/libmakepkg/lint_pkgbuild/install.sh.in

@@ -21,11 +21,11 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_INSTALL_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_INSTALL_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
-source "$LIBRARY/lint_pkgbuild/util.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/util.sh"
 
 
 lint_pkgbuild_functions+=('lint_install')

scripts/libmakepkg/lint_pkgbuild/makedepends.sh.in

@@ -21,12 +21,12 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_MAKEDEPENDS_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_MAKEDEPENDS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/lint_pkgbuild/fullpkgver.sh"
-source "$LIBRARY/lint_pkgbuild/pkgname.sh"
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/fullpkgver.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/pkgname.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
 
 
 lint_pkgbuild_functions+=('lint_makedepends')

scripts/libmakepkg/lint_pkgbuild/optdepends.sh.in

@@ -21,12 +21,12 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_OPTDEPENDS_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_OPTDEPENDS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/lint_pkgbuild/fullpkgver.sh"
-source "$LIBRARY/lint_pkgbuild/pkgname.sh"
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/fullpkgver.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/pkgname.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
 
 
 lint_pkgbuild_functions+=('lint_optdepends')

scripts/libmakepkg/lint_pkgbuild/options.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_OPTIONS_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_OPTIONS_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
 
 
 lint_pkgbuild_functions+=('lint_options')

scripts/libmakepkg/lint_pkgbuild/package_function.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_PACKAGE_FUNCTION_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_PACKAGE_FUNCTION_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
 
 
 lint_pkgbuild_functions+=('lint_package_function')

scripts/libmakepkg/lint_pkgbuild/package_function_variable.sh.in

@@ -21,12 +21,12 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_PACKAGE_FUNCTION_VARIABLE_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_PACKAGE_FUNCTION_VARIABLE_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
-source "$LIBRARY/util/schema.sh"
-source "$LIBRARY/util/util.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/util/schema.sh"
+source "$MAKEPKG_LIBRARY/util/util.sh"
 
 
 lint_pkgbuild_functions+=('lint_package_function_variable')

scripts/libmakepkg/lint_pkgbuild/pkgbase.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_PKGBASE_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_PKGBASE_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/lint_pkgbuild/pkgname.sh"
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/pkgname.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 
 lint_pkgbuild_functions+=('lint_pkgbase')

scripts/libmakepkg/lint_pkgbuild/pkglist.sh.in

@@ -21,10 +21,10 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_PKGLIST_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_PKGLIST_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/util.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/util.sh"
 
 
 lint_pkgbuild_functions+=('lint_pkglist')

scripts/libmakepkg/lint_pkgbuild/pkgname.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_PKGNAME_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_PKGNAME_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 
 lint_pkgbuild_functions+=('lint_pkgname')

scripts/libmakepkg/lint_pkgbuild/pkgrel.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_PKGREL_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_PKGREL_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 
 lint_pkgbuild_functions+=('lint_pkgrel')

scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in

@@ -21,9 +21,9 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_PKGVER_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_PKGVER_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
 
 
 lint_pkgbuild_functions+=('lint_pkgver')

scripts/libmakepkg/lint_pkgbuild/provides.sh.in

@@ -21,12 +21,12 @@
 [[ -n "$LIBMAKEPKG_LINT_PKGBUILD_PROVIDES_SH" ]] && return
 LIBMAKEPKG_LINT_PKGBUILD_PROVIDES_SH=1
 
-LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
 
-source "$LIBRARY/lint_pkgbuild/fullpkgver.sh"
-source "$LIBRARY/lint_pkgbuild/pkgname.sh"
-source "$LIBRARY/util/message.sh"
-source "$LIBRARY/util/pkgbuild.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/fullpkgver.sh"
+source "$MAKEPKG_LIBRARY/lint_pkgbuild/pkgname.sh"
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
 
 
 lint_pkgbuild_functions+=('lint_provides')