Document that final hook match wins

Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 8ebdccd4d6)
docs: remove PM_ERR_TRANS_COMMITTING
2025-11-22 09:54:39 +01:00 · 2025-11-21 11:33:42 +10:00 · 2025-11-21 11:33:21 +10:00 · 2025-11-21 11:33:08 +10:00 · 2025-11-21 11:32:58 +10:00 · 2025-11-02 11:36:19 +10:00
7 changed files with 41 additions and 5 deletions
--- a/4
+++ b/4
@@ -765,7 +765,7 @@ Fine-grained sandbox controls:
 - ALPM_ERR_RETRUEVE_PREPARE

 [CHANGED]
- error codes:
-    PM_ERR_TRANS_COMMITING renamed to PM_ERR_TRANS_COMMITTING
 - alpm_pubkey_t - removed pubkey_algo member
 - alpm_sandbox_setup_child() - added parameter to restrict syscalls
+- alpm_option_get_disable_standbox() - returns 1 if any component is
+  disabled, 2 if all components are disabled.
--- a/doc/alpm-hooks.5.asciidoc
+++ b/doc/alpm-hooks.5.asciidoc
@@ -63,7 +63,8 @@ defined the hook will run if the transaction matches *any* of the triggers.
 	Paths refer to the files in the package archive; the installation root
 	should *not* be included in the path.  Shell-style glob patterns are
 	allowed. It is possible to invert matches by prepending a target with an
-	exclamation mark. May be specified multiple times. Required.
+	exclamation mark. May be specified multiple times, with subsequent
+	matches overriding previous ones. Required.

 ACTIONS
 -------
--- a/lib/libalpm/alpm.h
+++ b/lib/libalpm/alpm.h
@@ -2307,6 +2307,19 @@ int alpm_option_set_parallel_downloads(alpm_handle_t *handle, unsigned int num_s
 * @{
 */

+/** Get the state of the sandbox
+ * @param handle the context handle
+ * @return 0 for enabled, 1 if any component is disabled, 2 if completely disabled
+ */
+int alpm_option_get_disable_sandbox(alpm_handle_t *handle);
+
+/** Enables/disables all components of the sandbox.
+ * @param handle the context handle
+ * @param disable_sandbox 0 for enabled, 1 for disabled
+ * @return 0 on success, -1 on error (pm_errno is set accordingly)
+ */
+int alpm_option_set_disable_sandbox(alpm_handle_t *handle, unsigned short disable_sandbox);
+
 /** Get the state of the filesystem part of the sandbox
 * @param handle the context handle
 * @return 0 for enabled, 1 for disabled
--- a/lib/libalpm/handle.c
+++ b/lib/libalpm/handle.c
@@ -968,6 +968,26 @@ int SYMEXPORT alpm_option_set_parallel_downloads(alpm_handle_t *handle,
 	return 0;
 }

+int alpm_option_get_disable_sandbox(alpm_handle_t *handle)
+{
+	CHECK_HANDLE(handle, return -1);
+
+	if(handle->disable_sandbox_filesystem && handle->disable_sandbox_syscalls) {
+		return 2;
+	} else if (handle->disable_sandbox_filesystem || handle->disable_sandbox_syscalls) {
+		return 1;
+	}
+
+	return 0;
+}
+
+int alpm_option_set_disable_sandbox(alpm_handle_t *handle, unsigned short disable_sandbox) {
+	CHECK_HANDLE(handle, return -1);
+	handle->disable_sandbox_filesystem = disable_sandbox;
+	handle->disable_sandbox_syscalls = disable_sandbox;
+	return 0;
+}
+
 int SYMEXPORT alpm_option_get_disable_sandbox_filesystem(alpm_handle_t *handle)
 {
 	CHECK_HANDLE(handle, return -1);
--- a/meson.build
+++ b/meson.build
@@ -10,7 +10,7 @@ project('pacman',
        ],
        meson_version : '>= 0.61')

-libalpm_version = '16.0.0'
+libalpm_version = '16.0.1'

 cc = meson.get_compiler('c')

--- a/scripts/libmakepkg/lint_pkgbuild/arch.sh.in
+++ b/scripts/libmakepkg/lint_pkgbuild/arch.sh.in
@@ -88,7 +88,7 @@ validate_arch_override() {

 	for o in "${override[@]}"; do
 		if ! in_array "$o" "${arch[@]}"; then
-			error "$(gettext "Overriden %s in package_%s() contains value not in global directive: '%s'")" "arch" "$package" "$o"
+			error "$(gettext "Overridden %s in package_%s() contains value not in global directive: '%s'")" "arch" "$package" "$o"
 			ret=1
 		fi
 	done
--- a/src/pacman/pacman.c
+++ b/src/pacman/pacman.c
@@ -1035,6 +1035,8 @@ static int parseargs(int argc, char *argv[])
 		{"color",      required_argument, 0, OP_COLOR},
 		{"disable-download-timeout", no_argument, 0, OP_DISABLEDLTIMEOUT},
 		{"disable-sandbox", no_argument, 0, OP_DISABLESANDBOX},
+		{"disable-sandbox-filesystem", no_argument, 0, OP_DISABLESANDBOXFILESYSTEM},
+		{"disable-sandbox-syscalls", no_argument, 0, OP_DISABLESANDBOXSYSCALLS},
 		{0, 0, 0, 0}
 	};
Author	SHA1	Message	Date
Allan McRae	2d0d5d7b31	Document that final hook match wins Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit `8ebdccd4d6`)	2025-11-21 11:33:42 +10:00
Diego Viola	883cd747d3	docs: remove PM_ERR_TRANS_COMMITTING This constant is no longer defined in the source code. Removing its reference cleans up the API documentation to match the actual code. Signed-off-by: Diego Viola <diego.viola@gmail.com> (cherry picked from commit `a16d482b61`)	2025-11-21 11:33:21 +10:00
Diego Viola	fcdf7408e9	libmakepkg: fix spelling of Overridden Overriden -> Overridden Signed-off-by: Diego Viola <diego.viola@gmail.com> (cherry picked from commit `a0282cbfea`)	2025-11-21 11:33:08 +10:00
Allan McRae	63bfb53afc	Provide generic sandbox status functions The function alpm_option_set_disable_sandbox() was removed in favour of the vairants that can enable/disable specific parts of the sandbox. This removal was undocumented in the release notes, and the continued inclusion of the more generic sandbox control functions is still useful. Readd alpm_option_set_disable_sandbox() which now is a shortcut for doing the combined alpm_option_set_disable_sandbox-{filesystem,syscalls}. The alpm_option_get_disable_sandbox() function was readded, but adjusted to return 0 if the sandbox is fully enabled, 1 if any component of the sandbox is disabled, and 2 if all components are disabled. Give the libalpm soname a minor level bump to indicated these interfaces have been added since release, as this commit will be backorted to the release branch. Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit `8a57308571`)	2025-11-21 11:32:58 +10:00
Allan McRae	2df7c407e8	Add disable-sandbox-* options to parseargs Signed-off-by: Allan McRae <allan@archlinux.org>	2025-11-02 11:36:19 +10:00