1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-12-22 15:58:50 -05:00

Merge branch 'gpg-build-tools'

This commit is contained in:
Dan McGee 2011-03-23 02:18:57 -05:00
commit 0908533127
6 changed files with 118 additions and 10 deletions

View File

@ -70,7 +70,7 @@ Options
This is often used to set the number of jobs used, for example, `-j2`. This is often used to set the number of jobs used, for example, `-j2`.
Other flags that make accepts can also be passed. Other flags that make accepts can also be passed.
**BUILDENV=(**fakeroot !distcc color !ccache**)**:: **BUILDENV=(**fakeroot !distcc color !ccache !sign**)**::
This array contains options that affect the build environment, the defaults This array contains options that affect the build environment, the defaults
are shown here. All options should always be left in the array; to enable are shown here. All options should always be left in the array; to enable
or disable an option simply remove or place an ``!'' at the front of the or disable an option simply remove or place an ``!'' at the front of the
@ -98,6 +98,13 @@ Options
enabled or disabled for individual packages through the use of enabled or disabled for individual packages through the use of
makepkg's `--check` and `--nocheck` options respectively. makepkg's `--check` and `--nocheck` options respectively.
*sign*;;
Generate a PGP signature file using GnuPG. This will execute `gpg
--detach-sign --use-agent` on the built package to generate a detached
signature file, using the GPG agent if it is available. The signature
file will be the entire filename of the package with a ``.sig''
extension.
**DISTCC_HOSTS=**"host1 ...":: **DISTCC_HOSTS=**"host1 ..."::
If using DistCC, this is used to specify a space-delimited list of hosts If using DistCC, this is used to specify a space-delimited list of hosts
running in the DistCC cluster. In addition, you will want to modify your running in the DistCC cluster. In addition, you will want to modify your

View File

@ -43,6 +43,13 @@ Options
Force this program to keep quiet and run silent except for warning and Force this program to keep quiet and run silent except for warning and
error messages. error messages.
*-s, \--sign*::
Generate a PGP signature file using GnuPG. This will execute `gpg
--detach-sign --use-agent` on the generated database to generate a detached
signature file, using the GPG agent if it is available. The signature file
will be the entire filename of the database with a ``.sig'' extension.
See Also See Also
-------- --------
linkman:makepkg[8], linkman:pacman[8] linkman:makepkg[8], linkman:pacman[8]

View File

@ -39,7 +39,7 @@ CXXFLAGS="@CARCHFLAGS@-mtune=generic -O2 -pipe"
# BUILD ENVIRONMENT # BUILD ENVIRONMENT
######################################################################### #########################################################################
# #
# Defaults: BUILDENV=(fakeroot !distcc color !ccache check) # Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
# A negated environment option will do the opposite of the comments below. # A negated environment option will do the opposite of the comments below.
# #
#-- fakeroot: Allow building packages as a non-root user #-- fakeroot: Allow building packages as a non-root user
@ -47,8 +47,9 @@ CXXFLAGS="@CARCHFLAGS@-mtune=generic -O2 -pipe"
#-- color: Colorize output messages #-- color: Colorize output messages
#-- ccache: Use ccache to cache compilation #-- ccache: Use ccache to cache compilation
#-- check: Run the check() function if present in the PKGBUILD #-- check: Run the check() function if present in the PKGBUILD
#-- sign: Generate PGP signature file
# #
BUILDENV=(fakeroot !distcc color !ccache check) BUILDENV=(fakeroot !distcc color !ccache check !sign)
# #
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition, #-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
#-- specify a space-delimited list of hosts running in the DistCC cluster. #-- specify a space-delimited list of hosts running in the DistCC cluster.

View File

@ -418,6 +418,9 @@ static int sync_db_read(pmdb_t *db, struct archive *archive,
pkg->isize = atol(line); pkg->isize = atol(line);
} else if(strcmp(line, "%MD5SUM%") == 0) { } else if(strcmp(line, "%MD5SUM%") == 0) {
READ_AND_STORE(pkg->md5sum); READ_AND_STORE(pkg->md5sum);
} else if(strcmp(line, "%SHA256SUM%") == 0) {
/* we don't do anything with this value right now */
READ_NEXT(line);
} else if(strcmp(line, "%REPLACES%") == 0) { } else if(strcmp(line, "%REPLACES%") == 0) {
READ_AND_STORE_ALL(pkg->replaces); READ_AND_STORE_ALL(pkg->replaces);
} else if(strcmp(line, "%DEPENDS%") == 0) { } else if(strcmp(line, "%DEPENDS%") == 0) {

View File

@ -1068,6 +1068,9 @@ create_package() {
local pkg_file="$PKGDEST/${nameofpkg}-${fullver}-${PKGARCH}${PKGEXT}" local pkg_file="$PKGDEST/${nameofpkg}-${fullver}-${PKGARCH}${PKGEXT}"
local ret=0 local ret=0
[[ -f $pkg_file ]] && rm -f "$pkg_file"
[[ -f $pkg_file.sig ]] && rm -f "$pkg_file.sig"
# when fileglobbing, we want * in an empty directory to expand to # when fileglobbing, we want * in an empty directory to expand to
# the null string rather than itself # the null string rather than itself
shopt -s nullglob shopt -s nullglob
@ -1089,9 +1092,12 @@ create_package() {
exit 1 # TODO: error code exit 1 # TODO: error code
fi fi
create_signature "$pkg_file"
if (( ! ret )) && [[ ! "$PKGDEST" -ef "${startdir}" ]]; then if (( ! ret )) && [[ ! "$PKGDEST" -ef "${startdir}" ]]; then
ln -sf "${pkg_file}" "${pkg_file/$PKGDEST/$startdir}" ln -sf "${pkg_file}" "${pkg_file/$PKGDEST/$startdir}"
ret=$? ret=$?
[[ -f $pkg_file.sig ]] && ln -sf "$pkg_file.sig" "${pkg_file/$PKGDEST/$startdir}.sig"
fi fi
if (( ret )); then if (( ret )); then
@ -1099,6 +1105,25 @@ create_package() {
fi fi
} }
create_signature() {
if [[ $(check_buildenv sign) != "y" ]]; then
return
fi
local ret=0
local filename="$1"
msg "$(gettext "Signing package...")"
if [ ! $(type -p "gpg") ]; then
error "$(gettext "Cannot find the gpg binary! Is gnupg installed?")"
exit 1 # $E_MISSING_PROGRAM
fi
gpg --detach-sign --use-agent "$filename" || ret=$?
if (( ! ret )); then
msg2 "$(gettext "Created signature file %s.")" "$filename.sig"
else
warning "$(gettext "Failed to sign package file.")"
fi
}
create_srcpackage() { create_srcpackage() {
cd "$startdir" cd "$startdir"

View File

@ -30,6 +30,8 @@ confdir='@sysconfdir@'
QUIET=0 QUIET=0
DELTA=0 DELTA=0
WITHFILES=0 WITHFILES=0
SIGN=0
VERIFY=0
REPO_DB_FILE= REPO_DB_FILE=
LOCKFILE= LOCKFILE=
CLEAN_LOCK=0 CLEAN_LOCK=0
@ -62,7 +64,7 @@ error() {
# print usage instructions # print usage instructions
usage() { usage() {
printf "repo-add, repo-remove (pacman) %s\n\n" "$myver" printf "repo-add, repo-remove (pacman) %s\n\n" "$myver"
printf "$(gettext "Usage: repo-add [-d] [-f] [-q] <path-to-db> <package|delta> ...\n")" printf "$(gettext "Usage: repo-add [-d] [-f] [-q] [-s] [-v] <path-to-db> <package|delta> ...\n")"
printf "$(gettext "Usage: repo-remove [-q] <path-to-db> <packagename|delta> ...\n\n")" printf "$(gettext "Usage: repo-remove [-q] <path-to-db> <packagename|delta> ...\n\n")"
printf "$(gettext "\ printf "$(gettext "\
repo-add will update a package database by reading a package file.\n\ repo-add will update a package database by reading a package file.\n\
@ -79,7 +81,8 @@ Use the -d/--delta flag to automatically generate and add a delta file\n\
between the old entry and the new one, if the old package file is found\n\ between the old entry and the new one, if the old package file is found\n\
next to the new one.\n\n")" next to the new one.\n\n")"
printf "$(gettext "\ printf "$(gettext "\
Use the -f/--files flag to update a database including file entries.\n\n")" Use the -f/--files flag to update a database including file entries.\n\n
See repo-add(8) for more details and descriptions of the available options.\n\n")"
echo "$(gettext "Example: repo-add /path/to/repo.db.tar.gz pacman-3.0.0.pkg.tar.gz")" echo "$(gettext "Example: repo-add /path/to/repo.db.tar.gz pacman-3.0.0.pkg.tar.gz")"
echo "$(gettext "Example: repo-remove /path/to/repo.db.tar.gz kernel26")" echo "$(gettext "Example: repo-remove /path/to/repo.db.tar.gz kernel26")"
} }
@ -184,6 +187,47 @@ db_remove_delta()
return 1 return 1
} # end db_remove_delta } # end db_remove_delta
# sign the package database once repackaged
create_signature() {
(( ! SIGN )) && return
local dbfile="$1"
local ret=0
msg "$(gettext "Signing database...")"
if [ ! $(type -p "gpg") ]; then
error "$(gettext "Cannot find the gpg binary! Is gnupg installed?")"
exit 1 # $E_MISSING_PROGRAM
fi
gpg --detach-sign --use-agent "$dbfile" || ret=$?
if (( ! ret )); then
msg2 "$(gettext "Created signature file %s.")" "$dbfile.sig"
else
warning "$(gettext "Failed to sign package database.")"
fi
}
# verify the existing package database signature
verify_signature() {
(( ! VERIFY )) && return
local dbfile="$1"
local ret=0
msg "$(gettext "Verifying database signature...")"
if [ ! $(type -p "gpg") ]; then
error "$(gettext "Cannot find the gpg binary! Is gnupg installed?")"
exit 1 # $E_MISSING_PROGRAM
fi
if [[ ! -f $dbfile.sig ]]; then
warning "$(gettext "No existing signature found, skipping verification.")"
return
fi
gpg --verify "$dbfile.sig" || ret=$?
if (( ! ret )); then
msg2 "$(gettext "Database signature file verified.")"
else
error "$(gettext "Database signature was NOT valid!")"
exit 1
fi
}
# write an entry to the pacman database # write an entry to the pacman database
# arg1 - path to package # arg1 - path to package
db_write_entry() db_write_entry()
@ -219,9 +263,6 @@ db_write_entry()
IFS=$OLDIFS IFS=$OLDIFS
# get md5sum and compressed size of package
md5sum="$(openssl dgst -md5 "$pkgfile")"
md5sum="${md5sum##* }"
csize=$(@SIZECMD@ "$pkgfile") csize=$(@SIZECMD@ "$pkgfile")
# ensure $pkgname and $pkgver variables were found # ensure $pkgname and $pkgver variables were found
@ -243,6 +284,13 @@ db_write_entry()
fi fi
fi fi
# compute checksums
msg2 "$(gettext "Computing checksums...")"
md5sum="$(openssl dgst -md5 "$pkgfile")"
md5sum="${md5sum##* }"
sha256sum="$(openssl dgst -sha256 "$pkgfile")"
sha256sum="${sha256sum##* }"
# remove an existing entry if it exists, ignore failures # remove an existing entry if it exists, ignore failures
db_remove_entry "$pkgname" db_remove_entry "$pkgname"
@ -264,9 +312,15 @@ db_write_entry()
[[ -n $csize ]] && echo -e "%CSIZE%\n$csize\n" >>desc [[ -n $csize ]] && echo -e "%CSIZE%\n$csize\n" >>desc
[[ -n $size ]] && echo -e "%ISIZE%\n$size\n" >>desc [[ -n $size ]] && echo -e "%ISIZE%\n$size\n" >>desc
# compute checksums # add checksums
msg2 "$(gettext "Computing md5 checksums...")"
echo -e "%MD5SUM%\n$md5sum\n" >>desc echo -e "%MD5SUM%\n$md5sum\n" >>desc
echo -e "%SHA256SUM%\n$sha256sum\n" >>desc
# add base64'd PGP signature
if [[ -f $startdir/$pkgfile.sig ]]; then
pgpsig=$(openssl base64 -in "$startdir/$pkgfile.sig" | tr -d '\n')
echo -e "%PGPSIG%\n$pgpsig\n" >>desc
fi
[[ -n $url ]] && echo -e "%URL%\n$url\n" >>desc [[ -n $url ]] && echo -e "%URL%\n$url\n" >>desc
write_list_entry "LICENSE" "$_licenses" "desc" write_list_entry "LICENSE" "$_licenses" "desc"
@ -352,6 +406,7 @@ check_repo_db()
exit 1 exit 1
fi fi
fi fi
verify_signature "$REPO_DB_FILE"
msg "$(gettext "Extracting database to a temporary location...")" msg "$(gettext "Extracting database to a temporary location...")"
bsdtar -xf "$REPO_DB_FILE" -C "$tmpdir" bsdtar -xf "$REPO_DB_FILE" -C "$tmpdir"
else else
@ -482,6 +537,8 @@ for arg in "$@"; do
-q|--quiet) QUIET=1;; -q|--quiet) QUIET=1;;
-d|--delta) DELTA=1;; -d|--delta) DELTA=1;;
-f|--files) WITHFILES=1;; -f|--files) WITHFILES=1;;
-s|--sign) SIGN=1;;
-v|--verify) VERIFY=1;;
*) *)
if [[ -z $REPO_DB_FILE ]]; then if [[ -z $REPO_DB_FILE ]]; then
REPO_DB_FILE="$arg" REPO_DB_FILE="$arg"
@ -514,6 +571,7 @@ if (( success )); then
pushd "$tmpdir" >/dev/null pushd "$tmpdir" >/dev/null
if [[ -n $(ls) ]]; then if [[ -n $(ls) ]]; then
bsdtar -c${TAR_OPT}f "$filename" * bsdtar -c${TAR_OPT}f "$filename" *
create_signature "$filename"
else else
# we have no packages remaining? zip up some emptyness # we have no packages remaining? zip up some emptyness
warning "$(gettext "No packages remain, creating empty database.")" warning "$(gettext "No packages remain, creating empty database.")"
@ -522,12 +580,19 @@ if (( success )); then
popd >/dev/null popd >/dev/null
[[ -f $REPO_DB_FILE ]] && mv -f "$REPO_DB_FILE" "${REPO_DB_FILE}.old" [[ -f $REPO_DB_FILE ]] && mv -f "$REPO_DB_FILE" "${REPO_DB_FILE}.old"
[[ -f $REPO_DB_FILE.sig ]] && rm -f "$REPO_DB_FILE.sig"
[[ -f $tmpdir/$filename ]] && mv "$tmpdir/$filename" "$REPO_DB_FILE" [[ -f $tmpdir/$filename ]] && mv "$tmpdir/$filename" "$REPO_DB_FILE"
[[ -f $tmpdir/$filename.sig ]] && mv "$tmpdir/$filename.sig" "$REPO_DB_FILE.sig"
dblink="${REPO_DB_FILE%.tar.*}" dblink="${REPO_DB_FILE%.tar.*}"
target=${REPO_DB_FILE##*/} target=${REPO_DB_FILE##*/}
ln -sf "$target" "$dblink" 2>/dev/null || \ ln -sf "$target" "$dblink" 2>/dev/null || \
ln -f "$target" "$dblink" 2>/dev/null || \ ln -f "$target" "$dblink" 2>/dev/null || \
cp "$REPO_DB_FILE" "$dblink" cp "$REPO_DB_FILE" "$dblink"
if [[ -f "$target.sig" ]]; then
ln -sf "$target.sig" "$dblink.sig" 2>/dev/null || \
ln -f "$target.sig" "$dblink.sig" 2>/dev/null || \
cp "$REPO_DB_FILE.sig" "$dblink.sig"
fi
else else
msg "$(gettext "No packages modified, nothing to do.")" msg "$(gettext "No packages modified, nothing to do.")"
exit 1 exit 1