add --preremove option

Allows adding and removing packages within a single transaction. This is
particularly useful for complicated conflicts that ALPM cannot resolve
on its own, e.g.:

https://archlinux.org/news/linux-firmware-2025061312fe085f-5-upgrade-requires-manual-intervention/

Currently, dealing with these situations requires doing something
complicated like bypassing dependency checking to break and then repair
the database in two separate steps. By allowing installation and removal
within a single transaction no bypass is required:

 pacman -Syu --preremove linux-firmware linux-firmware

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>

doc/pacman.8.asciidoc

@@ -292,6 +292,9 @@ Upgrade Options (apply to '-S' and '-U')[[UO]]
 	exclamation mark. Subsequent matches will override previous ones. A leading
 	literal exclamation mark or backslash needs to be escaped.
 
+*\--preremove <package>::
+	Uninstall 'package' before performing the requested installation. Multiple
+	packages can be specified by separating them with commas.
 
 Query Options (apply to '-Q')[[QO]]
 -----------------------------------

doc/pacman.conf.5.asciidoc

@@ -318,12 +318,12 @@ When to Check::
 	*Never*;;
 		All signature checking is suppressed, even if signatures are present.
 
-	*Optional*;;
+	*Optional* (default);;
 		Signatures are checked if present; absence of a signature is not an
 		error. An invalid signature is a fatal error, as is a signature from a
 		key not in the keyring.
 
-	*Required* (default);;
+	*Required*;;
 		Signatures are required; absence of a signature or an invalid signature
 		is a fatal error, as is a signature from a key not in the keyring.
 
@@ -349,7 +349,7 @@ level signatures for packages.
 The built-in default is the following:
 
 --------
-SigLevel = Required TrustedOnly
+SigLevel = Optional TrustedOnly
 --------
 
 

doc/repo-add.8.asciidoc

@@ -75,9 +75,6 @@ repo-add Options
 	Only add packages that are not already in the database.  Warnings will be
 	printed upon detection of existing packages, but they will not be re-added.
 
-*-p, \--prevent-downgrade*::
-	Do not add package to database if a newer version is already present
-
 *\--include-sigs*::
 	Include package PGP signatures in the repository database (if available)
 

lib/libalpm/alpm.h

@@ -481,7 +481,7 @@ typedef struct _alpm_siglist_t {
  * Check the PGP signature for the given package file.
  * @param pkg the package to check
  * @param siglist a pointer to storage for signature results
- * @return 0 on success, -1 if an error occurred or signature is missing
+ * @return 0 if valid, -1 if an error occurred or signature is invalid
  */
 int alpm_pkg_check_pgp_signature(alpm_pkg_t *pkg, alpm_siglist_t *siglist);
 
@@ -489,7 +489,7 @@ int alpm_pkg_check_pgp_signature(alpm_pkg_t *pkg, alpm_siglist_t *siglist);
  * Check the PGP signature for the given database.
  * @param db the database to check
  * @param siglist a pointer to storage for signature results
- * @return 0 on success, -1 if an error occurred or signature is missing
+ * @return 0 if valid, -1 if an error occurred or signature is invalid
  */
 int alpm_db_check_pgp_signature(alpm_db_t *db, alpm_siglist_t *siglist);
 

lib/libalpm/dload.c

@@ -1118,34 +1118,31 @@ static int finalize_download_locations(alpm_list_t *payloads, const char *localp
 			filename = payload->tempfile_name;
 		}
 
-		if(filename) {
-			int ret = move_file(filename, localpath);
+		/* if neither file exists then the download failed and logged an error for us */
+		if(!filename) {
+			returnvalue = -1;
+			continue;
+		}
 
-			if(ret == -1) {
-				if(payload->mtime_existing_file == 0) {
-					_alpm_log(payload->handle, ALPM_LOG_ERROR, _("could not move %s into %s (%s)\n"),
-							filename, localpath, strerror(errno));
-					returnvalue = -1;
-				}
+		int ret = move_file(filename, localpath);
+
+		if(ret == -1) {
+			/* ignore error if the file already existed - only signature file was downloaded */
+			if(payload->mtime_existing_file == 0) {
+				_alpm_log(payload->handle, ALPM_LOG_ERROR, _("could not move %s into %s (%s)\n"),
+						filename, localpath, strerror(errno));
+				returnvalue = -1;
 			}
 		}
 
 		if (payload->download_signature) {
-			char *sig_filename;
-			int ret;
-
-			filename = payload->destfile_name ? payload->destfile_name : payload->tempfile_name;
-			sig_filename = _alpm_get_fullpath("", filename, ".sig");
-			ASSERT(sig_filename, RET_ERR(payload->handle, ALPM_ERR_MEMORY, -1));
-			ret = move_file(sig_filename, localpath);
-			free(sig_filename);
-
-			if(ret == -1) {
-				sig_filename = _alpm_get_fullpath("", filename, ".sig.part");
-				ASSERT(sig_filename, RET_ERR(payload->handle, ALPM_ERR_MEMORY, -1));
-				move_file(sig_filename, localpath);
-				free(sig_filename);
-			}
+			const char sig_suffix[] = ".sig";
+			char *sig_filename = NULL;
+			size_t sig_filename_len = strlen(filename) + sizeof(sig_suffix);
+			MALLOC(sig_filename, sig_filename_len, continue);
+			snprintf(sig_filename, sig_filename_len, "%s%s", filename, sig_suffix);
+			move_file(sig_filename, localpath);
+			FREE(sig_filename);
 		}
 	}
 	return returnvalue;
@@ -1299,7 +1296,7 @@ download_signature:
 	return ret;
 }
 
-static const char *url_basename(const char *url)
+static char *filecache_find_url(alpm_handle_t *handle, const char *url)
 {
 	const char *filebase = strrchr(url, '/');
 
@@ -1312,7 +1309,7 @@ static const char *url_basename(const char *url)
 		return NULL;
 	}
 
-	return filebase;
+	return _alpm_filecache_find(handle, filebase);
 }
 
 int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
@@ -1322,7 +1319,7 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
 	char *temporary_cachedir = NULL;
 	alpm_list_t *payloads = NULL;
 	const alpm_list_t *i;
-	alpm_event_t event;
+	alpm_event_t event = {0};
 
 	CHECK_HANDLE(handle, return -1);
 	ASSERT(*fetched == NULL, RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1));
@@ -1334,26 +1331,9 @@ int SYMEXPORT alpm_fetch_pkgurl(alpm_handle_t *handle, const alpm_list_t *urls,
 
 	for(i = urls; i; i = i->next) {
 		char *url = i->data;
-		char *filepath = NULL;
-		const char *urlbase = url_basename(url);
-
-		if(urlbase) {
-			/* attempt to find the file in our pkgcache */
-			filepath = _alpm_filecache_find(handle, urlbase);
-
-			if(filepath && (handle->siglevel & ALPM_SIG_PACKAGE)) {
-				char *sig_filename = _alpm_get_fullpath("", urlbase, ".sig");
-
-				/* if there's no .sig file then forget about the pkg file and go for download */
-				if(!_alpm_filecache_exists(handle, sig_filename)) {
-					free(filepath);
-					filepath = NULL;
-				}
-
-				free(sig_filename);
-			}
-		}
 
+		/* attempt to find the file in our pkgcache */
+		char *filepath = filecache_find_url(handle, url);
 		if(filepath) {
 			/* the file is locally cached so add it to the output right away */
 			alpm_list_append(fetched, filepath);

lib/libalpm/sync.c

@@ -776,7 +776,7 @@ static int download_files(alpm_handle_t *handle)
 	char * temporary_cachedir = NULL;
 	alpm_list_t *i, *files = NULL;
 	int ret = 0;
-	alpm_event_t event;
+	alpm_event_t event = {0};
 	alpm_list_t *payloads = NULL;
 
 	cachedir = _alpm_filecache_setup(handle);

lib/libalpm/trans.c

@@ -270,6 +270,7 @@ int SYMEXPORT alpm_trans_release(alpm_handle_t *handle)
 
 	trans = handle->trans;
 	ASSERT(trans != NULL, RET_ERR(handle, ALPM_ERR_TRANS_NULL, -1));
+	ASSERT(trans->state != STATE_IDLE, RET_ERR(handle, ALPM_ERR_TRANS_NULL, -1));
 
 	int nolock_flag = trans->flags & ALPM_TRANS_FLAG_NOLOCK;
 

lib/libalpm/trans.h

@@ -26,7 +26,8 @@
 #include "alpm.h"
 
 typedef enum _alpm_transstate_t {
-	STATE_INITIALIZED = 0,
+	STATE_IDLE = 0,
+	STATE_INITIALIZED,
 	STATE_PREPARED,
 	STATE_DOWNLOADING,
 	STATE_COMMITTING,

scripts/libmakepkg/lint_config/buildenv.sh.in

@@ -1,57 +0,0 @@
-#!/bin/bash
-#
-#   buildenv.sh - Check that the BUILDENV and OPTIONS arrays are valid
-#
-#   Copyright (c) 2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
-#
-#   This program is free software; you can redistribute it and/or modify
-#   it under the terms of the GNU General Public License as published by
-#   the Free Software Foundation; either version 2 of the License, or
-#   (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be useful,
-#   but WITHOUT ANY WARRANTY; without even the implied warranty of
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#   GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-[[ -n $LIBMAKEPKG_LINT_CONFIG_BUILDENV_SH ]] && return
-LIBMAKEPKG_LINT_CONFIG_BUILDENV_SH=1
-
-MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
-
-source "$MAKEPKG_LIBRARY/util/message.sh"
-
-lint_config_functions+=('lint_buildenv')
-
-
-lint_buildenv() {
-	local ret=0 kopt 
-	local known_buildenv=(ccache check color distcc sign)
-	local known_option=(autodeps debug docs emptydirs libtool lto purge staticlibs strip zipman)
-
-	for i in "${BUILDENV[@]}"; do
-		for kopt in "${known_buildenv[@]}"; do
-			if [[ $i = "$kopt" || $i = "!$kopt" ]]; then
-				continue 2
-			fi
-		done
-
-		error "$(gettext "%s array contains unknown option '%s'")" "BUILDENV" "$i"
-		ret=1
-	done
-
-	for i in "${OPTIONS[@]}"; do
-		for kopt in "${known_option[@]}"; do
-			if [[ $i = "$kopt" || $i = "!$kopt" ]]; then
-				continue 2
-			fi
-		done
-
-		error "$(gettext "%s array contains unknown option '%s'")" "OPTIONS" "$i"
-		ret=1
-	done
-}

scripts/libmakepkg/lint_config/meson.build

@@ -1,7 +1,6 @@
 libmakepkg_module = 'lint_config'
 
 sources = [
-  'buildenv.sh.in',
   'ext.sh.in',
   'nproc.sh.in',
   'packager.sh.in',

scripts/libmakepkg/lint_pkgbuild/meson.build

@@ -17,6 +17,7 @@ sources = [
   'package_function.sh.in',
   'package_function_variable.sh.in',
   'pkgbase.sh.in',
+  'pkglist.sh.in',
   'pkgname.sh.in',
   'pkgrel.sh.in',
   'pkgver.sh.in',

scripts/libmakepkg/lint_pkgbuild/pkglist.sh.in

@@ -0,0 +1,44 @@
+#!/bin/bash
+#
+#   pkglist.sh - Check the packages selected to build exist.
+#
+#   Copyright (c) 2014-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+[[ -n "$LIBMAKEPKG_LINT_PKGBUILD_PKGLIST_SH" ]] && return
+LIBMAKEPKG_LINT_PKGBUILD_PKGLIST_SH=1
+
+MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
+
+source "$MAKEPKG_LIBRARY/util/message.sh"
+source "$MAKEPKG_LIBRARY/util/util.sh"
+
+
+lint_pkgbuild_functions+=('lint_pkglist')
+
+
+lint_pkglist() {
+	local i ret=0
+
+	for i in "${PKGLIST[@]}"; do
+		if ! in_array "$i" "${pkgname[@]}"; then
+			error "$(gettext "Requested package %s is not provided in %s")" "$i" "$BUILDFILE"
+			ret=1
+		fi
+	done
+
+	return $ret
+}

scripts/repo-add.sh.in

@@ -68,7 +68,6 @@ Multiple packages to add can be specified on the command line.\n")"
 		printf -- "$(gettext "Options:\n")"
 		printf -- "$(gettext "  -n, --new         only add packages that are not already in the database\n")"
 		printf -- "$(gettext "  -p, --prevent-downgrade  do not add package to database if a newer version is already present\n")"
-		printf -- "$(gettext "  --include-sigs    Include package PGP signatures in the repository database (if available)")
 	elif [[ $cmd == "repo-remove" ]] ; then
 		printf -- "$(gettext "Usage: repo-remove [options] <path-to-db> <packagename> ...\n")"
 		printf -- "\n"

src/pacman/conf.c

@@ -109,7 +109,8 @@ config_t *config_new(void)
 	newconfig->logmask = ALPM_LOG_ERROR | ALPM_LOG_WARNING;
 	newconfig->configfile = strdup(CONFFILE);
 	if(alpm_capabilities() & ALPM_CAPABILITY_SIGNATURES) {
-		newconfig->siglevel = ALPM_SIG_PACKAGE | ALPM_SIG_DATABASE;
+		newconfig->siglevel = ALPM_SIG_PACKAGE | ALPM_SIG_PACKAGE_OPTIONAL |
+			ALPM_SIG_DATABASE | ALPM_SIG_DATABASE_OPTIONAL;
 		newconfig->localfilesiglevel = ALPM_SIG_USE_DEFAULT;
 		newconfig->remotefilesiglevel = ALPM_SIG_USE_DEFAULT;
 	}
@@ -149,6 +150,7 @@ int config_free(config_t *oldconfig)
 	FREELIST(oldconfig->noupgrade);
 	FREELIST(oldconfig->noextract);
 	FREELIST(oldconfig->overwrite_files);
+	FREELIST(oldconfig->preremove);
 	free(oldconfig->configfile);
 	free(oldconfig->sysroot);
 	free(oldconfig->rootdir);

src/pacman/conf.h

@@ -134,6 +134,8 @@ typedef struct __config_t {
 	/* our connection to libalpm */
 	alpm_handle_t *handle;
 
+	alpm_list_t *preremove;
+
 	alpm_list_t *explicit_adds;
 	alpm_list_t *explicit_removes;
 
@@ -214,7 +216,8 @@ enum {
 	OP_REFRESH,
 	OP_ASSUMEINSTALLED,
 	OP_DISABLEDLTIMEOUT,
-	OP_DISABLESANDBOX
+	OP_DISABLESANDBOX,
+	OP_PREREMOVE,
 };
 
 /* clean method */

src/pacman/pacman.c

@@ -196,6 +196,8 @@ static void usage(int op, const char * const myname)
 				addlist(_("      --ignore <pkg>   ignore a package upgrade (can be used more than once)\n"));
 				addlist(_("      --ignoregroup <grp>\n"
 				          "                       ignore a group upgrade (can be used more than once)\n"));
+				addlist(_("      --preremove <pkg>\n"));
+				addlist(_("                       uninstall <pkg> before performing installation\n"));
 				__attribute__((fallthrough));
 			case PM_OP_REMOVE:
 				addlist(_("  -d, --nodeps         skip dependency version checks (-dd to skip all checks)\n"));
@@ -770,6 +772,9 @@ static int parsearg_upgrade(int opt)
 		case OP_IGNOREGROUP:
 			parsearg_util_addlist(&(config->ignoregrp));
 			break;
+		case OP_PREREMOVE:
+			parsearg_util_addlist(&(config->preremove));
+			break;
 		case OP_DOWNLOADONLY:
 		case 'w':
 			config->op_s_downloadonly = 1;
@@ -982,6 +987,7 @@ static int parseargs(int argc, char *argv[])
 		{"color",      required_argument, 0, OP_COLOR},
 		{"disable-download-timeout", no_argument, 0, OP_DISABLEDLTIMEOUT},
 		{"disable-sandbox", no_argument, 0, OP_DISABLESANDBOX},
+		{"preremove", required_argument, 0, OP_PREREMOVE},
 		{0, 0, 0, 0}
 	};
 

src/pacman/sync.c

@@ -84,7 +84,7 @@ static int sync_cleandb(const char *dbpath)
 
 		/* build the full path */
 		len = snprintf(path, PATH_MAX, "%s%s", dbpath, dname);
-		if(len >= PATH_MAX) {
+		if(len > PATH_MAX) {
 			pm_printf(ALPM_LOG_ERROR, _("could not remove %s%s: path exceeds PATH_MAX\n"),
 					dbpath, dname);
 		}
@@ -245,7 +245,7 @@ static int sync_cleancache(int level)
 
 			/* build the full filepath */
 			len=snprintf(path, PATH_MAX, "%s%s", cachedir, ent->d_name);
-			if(len >= PATH_MAX) {
+			if(len > PATH_MAX) {
 				pm_printf(ALPM_LOG_ERROR, _("skipping %s%s: path exceeds PATH_MAX\n"),
 						cachedir, ent->d_name);
 				continue;
@@ -364,8 +364,6 @@ static int sync_group(int level, alpm_list_t *syncs, alpm_list_t *targets)
 				}
 			}
 			if(!found) {
-				pm_printf(ALPM_LOG_ERROR,
-					_("package group '%s' was not found\n"), grpname);
 				ret = 1;
 			}
 		}
@@ -719,6 +717,21 @@ static int sync_trans(alpm_list_t *targets)
 		}
 	}
 
+	for(i = config->preremove; i; i = i->next) {
+		alpm_pkg_t *pkg;
+		const char *pname = i->data;
+		alpm_db_t *db_local = alpm_get_localdb(config->handle);
+
+		if((pkg = alpm_db_get_pkg(db_local, pname)) != NULL) {
+			if(alpm_remove_pkg(config->handle, pkg) == -1) {
+				alpm_errno_t err = alpm_errno(config->handle);
+				pm_printf(ALPM_LOG_ERROR, "'%s': %s\n", pname, alpm_strerror(err));
+				retval = 1;
+			}
+			config->explicit_removes = alpm_list_add(config->explicit_removes, pkg);
+		}
+	}
+
 	if(retval) {
 		trans_release();
 		return retval;

test/pacman/tests/upgrade-download-pkg-and-sig-with-filename.py

@@ -1,7 +1,6 @@
 self.description = 'download remote packages with -U with a URL filename'
 self.require_capability("gpg")
 self.require_capability("curl")
-self.option['SigLevel'] = ['Required']
 
 url = self.add_simple_http_server({
     # simple

test/pacman/util.py

@@ -115,8 +115,6 @@ def mkcfgfile(filename, root, option, db):
     data = ["[options]"]
     for key, value in option.items():
         data.extend(["%s = %s" % (key, j) for j in value])
-    if "SigLevel" not in option:
-        data.append("SigLevel = Never\n")
 
     # Repositories
     # sort by repo name so tests can predict repo order, rather than be