In order to be fully secure, we can't only sign packages. We also need
to sign our repository metadata to prevent database falsification,
dependency injection, etc. Add an '-s/--sign' option that allows this
functionality, and will generate a .sig file side-by-side with the
package database.
While at it, fix the issue where a signature file would never be found
because of 'cd' madness (this needs fixing in another commit).
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a rather simple patch to add signing support to makepkg. Add a
create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf,
and document the changes in the makepkg.conf manpage.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
Change the term 'packages' to 'targets' in the synopsis as well, since
command line parameters could just as well be groups, repos, or URLs.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
The current behaviour, which is placing source packages in PKGDEST if
SRCPKGDEST is not set, is inconsistent with {SRC,PKG}DEST handling and
there is no real advantage in doing so.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
-d skips checking the version of a dependency.
-dd skips the whole dependency check.
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
Signed-off-by: Dan McGee <dan@archlinux.org>
No reason to disallow this- it allows keeping even more packages around in
the cache. Test cases included for this case and to ensure the default
behavior is preserved.
Signed-off-by: Dan McGee <dan@archlinux.org>
dirty indicates if the repo has uncommited changes or not when building,
so dont hardcode this info.
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allan, I had no idea you were not listed here. I think you count as an
active developer at the moment. Also, move Aaron to the past contributors
section.
Signed-off-by: Dan McGee <dan@archlinux.org>
This includes info on version comparison that is very similar to the stuff
in the pacman manpage, but also a few vercmp examples, the return values,
and other fun stuff.
Also update the version comparison stuff in the pacman manpage.
Signed-off-by: Dan McGee <dan@archlinux.org>
Instead, go the same route we have always taken with version-release in
libalpm and treat it all as one piece of information. Makepkg is the only
script that knows about epoch as a distinct value; from there on out we will
parse out the components as necessary.
This makes the code a lot simpler as far as epoch handling goes. The
downside here is that we are tossing some compatibility to the wind;
packages using force will have to be rebuilt with an incremented epoch to
keep their special status.
Signed-off-by: Dan McGee <dan@archlinux.org>
Add the "buildflags" option, which is useful in its negative form
for disabling CFLAGS, CXXFLAGS and LDFLAGS when building a package.
This is useful when determining of one of these flags is causing
an issue with a package.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
A PKGBUILD can have an option check() function for running test suites
between the build() and package() stages. This function is run by
default but can be disabled globally in with "!check" in BUILDENV in
makepkg.conf. This setting can be controlled on an individual package
basis using makepkg's --check and --nocheck flags. Addition dependencies
needed for running the test suite can be specified in the checkdepends
array and are only checked when running the check() function.
Original-work-by: Jeff C <jeff@kcaccess.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add some basic documentation for the PKGEXT and SRCEXT options in
makepkg.conf. Fixes FS#21302.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Disk space checking is likely to be an unnecessary bottleneck to
people with reasonable partition sizes so add a configuration option
to allow it to be disabled/enabled as wanted.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
When a -Sk or -Uk operation induced a removal of an existing local
package, --dbonly was not in effect and the files were all removed.
Fixing this behavior was already marked as TODO in database012 pactest
------------
TODO: I honestly think the above should NOT delete the original les, it
hould upgrade the DB entry without touching anything on the file stem.
E.g. this test should be the same as:
pacman -R --dbonly dummy && pacman -U --dbonly dummy.pkg.tar.gz
------------
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
[Dan: small coding style touchup]
Signed-off-by: Dan McGee <dan@archlinux.org>
The three parts (help, manpage and code) are now organized in the same
way and much easier to compare :
- specific options
- install/upgrade options for -S and -U
- transaction options for -S -R and -U
- global options
After this re-organization, it was easy to update and sync the three
components together. Duplication is also avoided.
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
In the following, the letters SRUDQ refer to the corresponding pacman
operations.
Most of the work in this commit is about removing as many options as
possible from the global section and moving them to where they actually
belong.
Additionally, --ignore{,group} are added to U and --dbonly is added
to S.
--dbonly added to S
--asdeps moved to S/U/D
--asexplicit moved to S/U/D
--print-format moved to S/U/R
--noprogressbar moved to S/U/R
--noscriptlet moved to S/U/R
--ignorepkg added to U
--ignoregrp added to U
-d moved to S/U/R (--nodeps) and Q (--deps)
-p moved to S/U/R (--print) and Q (--file)
-f moved to S/U
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This applies to contrib/ files, our scripts, and the documentation.
Dan: fix 'make clean' in contrib/ directory.
Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Dan McGee <dan@archlinux.org>
For binary packages, the majority of the time used in the debugs symbol
stripping process is the actual stripping of the binaries/libraries and
not the testing of which files to strip. This allows more complete
stripping of packages that install to "non-standard" paths that would
not be generally included in makepkg.conf.
Any performance hit that may be apparent for (_large_) "arch=('any')"
packages can readily be avoided by disabling stripping in the PKGBUILD
options array.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This will allow me to be not quite as lazy in getting website changes out
to the Arch Linux server by making it trivial to get everything packaged up
and working correctly.
Signed-off-by: Dan McGee <dan@archlinux.org>
Commit 5fe41df8 broke `make distcheck` pretty badly for the doc directory.
Looking at what this commit was trying to accomplish, it make sense to
revert a lot of the build system changes and just simplify what we are
showing in the man page anyway- an example, not exactly how it is configured
on your system.
Signed-off-by: Dan McGee <dan@archlinux.org>
As Allan pointed out, this actually ships with pacman (at least with Arch)
and not necessarily with ABS or any other package. Also fix the language
dealing with the prototype install files.
Signed-off-by: Dan McGee <dan@archlinux.org>
The current --skipinteg is a bit weird. It does not skip integrity
checks, but instead does them and prints a warning. Change this
behaviour to actually skipping the checks.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Compare a list of packages on the system before and after dependency
resolution in order to get a complete list of packages to remove. This
allows makepkg to remove packages installed due to provides.
Bail in cases where packages that were on the system originally have been
removed as there is a risk of breaking the system when removing the new
packages.
Fixes FS#15144.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We had the long option wrong in some places and its behavior wasn't
documented at all with regards to -U/--upgrade.
Signed-off-by: Dan McGee <dan@archlinux.org>
The request of FS#12950 is implemented.
On the backend side, I introduced a new function, alpm_db_set_pkgreason(),
to modify the install reason of a package in the local database. On the
front-end side, I introduced a new main operation, -D/--database, which has
two options, --asdeps and --asexplicit. I documented this in pacman manual.
I've created two pactests to test -D: database001.py and database002.py.
Signed-off-by: Nagy Gabor <ngaba@bibl.u-szeged.hu>
Signed-off-by: Dan McGee <dan@archlinux.org>
And a new --print-format option to configure the output.
This implements FS#14208
Example usage :
pacman -Sp --print-format "%r/%n-%v : %l [%s]" kdelibs
extra/kdelibs-4.3.2-4 : ftp://mir2.archlinuxfr.org/archlinux/extra/os/i686/kdelibs-4.3.2-4-i686.pkg.tar.gz [0,00]
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
The newly added variables STRIP_BINARIES, STRIP_SHARED and STRIP_STATIC,
that are set in makepkg.conf, specify the strip options used on binaries
and shared and static libraries.
In addition, files are now stripped more aggressively by default.
Implements FS#13592 the way it was suggested by Allan in the comments.
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
If PACMAN environment variable is set, makepkg will try to use this
command to check for installed dependencies and to install or remove
packages. Otherwise, makepkg will fall back to pacman.
Implements FS#13028.
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Signed-off-by: Allan McRae <allan@archlinux.org>
[Dan: move envvar section in manpage]
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows makepkg to only build a specified subset of packages
from a split PKGBUILD. This is very useful in combination with the
-R flag or when bumping the pkgrel of a single package.
Fixes FS#15956.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
For some packages, generally the 'any' arch ones, a build step is not
required and therefore can be skipped. In these cases, a package()
function without a build() one is sufficient.
As a side effect, this commit makes meta packages without any function
at all in the PKGBUILD possible.
Fixes FS#15147.
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows building a mixture of binary and arch=any packages.
Fixes FS#15955.
The value of CARCH is no longer overridden to "any" in when arch=any
is used and the assigning of the "any" arch is delayed to during the
packaging stage. Adjustments were required to fix installing and
checking for pre-built packages of varing arches.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Fixing a single package within a split package requires the overriding
or pkgrel. In very rare (but existing) cases, it is useful to
override pkgver. Partial fix for FS#15955.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Currently, a changelog is added to a package if a specific file with a
hardcoded name exists in the PKGBUILD's directory. This approach is not
pretty and also inconsistent with the handling of install files, but it
works.
With the introduction of split PKGBUILDs, however, a drawback in this
old behavior has arisen: you only have the possibility to include one
specific changelog file in either every package defined in the PKGBUILD
or in none.
The use of an additional variable, `changelog`, works around this issue
and makes it possible to include a changelog in only some of the
packages, and besides, each package of the PKGBUILD can have its own
changelog file.
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
When a SyncFirst transaction kicks in, no flags like '--force' are honored.
This is for good reason, as honoring something like '--asdeps' could be
quite unintentional. Document this fact and a possible workaround.
Signed-off-by: Dan McGee <dan@archlinux.org>
This patch utilizes the power of sync.c to fix FS#3492 and FS#5798.
Now an upgrade transaction is just a sync transaction internally (in alpm),
so all sync features are available with -U as well:
* conflict resolving
* sync dependencies from sync repos
* remove unresolvable targets
See http://www.archlinux.org/pipermail/pacman-dev/2009-June/008725.html
for the concept.
We use "mixed" target list, where PKG_FROM_FILE origin indicates local
package file, PKG_FROM_CACHE indicates sync package. The front-end can add
only one type of packages (depending on transaction type) atm, but if alpm
resolves dependencies for -U, we may get a real mixed trans->packages list.
_alpm_pkg_free_trans() was modified so that it can handle both target types
_alpm_add_prepare() was removed, we use _alpm_sync_prepare() instead
_alpm_add_commit() was renamed to _alpm_upgrade_targets()
sync.c (and deps.c) was modified slightly to handle mixed target lists,
the modifications are straightforward. There is one notable change here: We
don't create new upgrade trans in sync.c, we replace the pkgcache entries
with the loaded package files in the target list (this is a bit hackish) and
call _alpm_upgrade_targets(). This implies a TODO (pkg->origin_data.db is
not accessible anymore), but it doesn't hurt anything with pacman front-end,
so it will be fixed later (otherwise this patch would be huge).
I updated the documentation of -U and I added a new pactest, upgrade090.py,
to test the syncdeps feature of -U.
Signed-off-by: Nagy Gabor <ngaba@bibl.u-szeged.hu>
Signed-off-by: Dan McGee <dan@archlinux.org>
This implements FS#15581
'-Su foo' should be more or less equivalent do '-Su ; -S foo'
Note : I moved a block of code to a new process_target function
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
See FS#15984
After commit 02acf65, the --source behavior changed.
Thanks to Dan for actually writing the new sentence :)
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
only allow optdepends like:
pkgname: description
some (real) examples of invalid optdepends:
'tcl, python and/or ruby: to use corresponding binding'
'xorg-fonts-75dpi : X bitmap fonts needed for the interface'
'ruby-htmlentities (AUR): for one provider named Deastore'
'xpdf - for pdf'
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
[Allan: rebase off de39a1f6 and adjust man page]
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
similarly to the $repo variable, Server can now contain $arch, which will be
automatically replaced by the appropriate architecture.
This allows us to have one universal mirrorlist file, for both i686 and x86_64,
woohoo!
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Implements FS#15830
This option allows to build a PKGBUILD with no checksums
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
- fix one memleak if get_filename failed
- cleanup according to Joerg's feedback:
"url_for_string: If fetchParseURL returned successful, you should always
have a scheme set. The logic for anonftp should only be needed for very
broken server -- do you know of any such?
download_internal:
Specifying 'p' is now a nop -- it is tried by default first with
fall-back to active FTP."
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
[Dan: remove from pacman.conf and pacman.conf.5]
Signed-off-by: Dan McGee <dan@archlinux.org>
If the user switches from unstable repo to a stable one, it is quite hard to
sync its system with the new repo (the user will see many "Local is newer
than stable" messages, nothing more). That's why I introduced -Suu, which
treats a sync package like an upgrade, iff the package version doesn't match
with the local one's.
I added a new pactest (sync104.py) to test this, and I updated the
documentation of -Su.
Signed-off-by: Nagy Gabor <ngaba@bibl.u-szeged.hu>
[Dan: slight doc reword]
Signed-off-by: Dan McGee <dan@archlinux.org>
This implements FS#13877. Add a new option "-Qk" which checks if all of the
files for a given package (or packages) are really on the system (i.e. not
accidentally deleted). This can be combined with filters and other display
options. It also respects both the --quiet and --verbose flags to give
varying levels of output.
Based on the original patch by Charly Coste <changaco@laposte.net>, thanks
for your work!
Signed-off-by: Dan McGee <dan@archlinux.org>
It was undocumented that multiple regexps are interpreted using logical AND.
Thanks to Recursive@#archlinux for his help.
Signed-off-by: Nagy Gabor <ngaba@bibl.u-szeged.hu>
Signed-off-by: Dan McGee <dan@archlinux.org>
The pacman --help pages and the manual suggested that only one package can
be upgraded/removed per transaction.
Signed-off-by: Nagy Gabor <ngaba@bibl.u-szeged.hu>
Signed-off-by: Dan McGee <dan@archlinux.org>
The old documentation didn't emphasize our filtering options at all, and it
was a bit misleading. ("List ALL...")
I also clarified the description of -Qu.
Signed-off-by: Nagy Gabor <ngaba@bibl.u-szeged.hu>
Signed-off-by: Dan McGee <dan@archlinux.org>
repo-remove.8 is generated with Makefile but is not removed on clean.
This patch add it to list of untracked autoconf files.
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Signed-off-by: Dan McGee <dan@archlinux.org>