Given a revoked keyring containing only:
BC1FBE4D2826A0B51E47ED62E2539214C6C11350
We should only disable this specific keyid. This change enforces that the
contents of the -revoked keyring file are full fingerprints which can uniquely
identify a key.
Before:
# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
-> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
-> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
-> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
-> Disabling key 1390420191...
-> Disabling key E2539214C6C11350...
-> Disabling key 8544EA82113502DE...
==> Updating trust database...
gpg: next trustdb check due at 2014-01-22
After:
# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
-> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
-> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
-> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
-> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
==> Updating trust database...
gpg: next trustdb check due at 2014-01-22
Partially addresses FS#35478. This does nothing to confirm whether or not the
key was successfully disabled -- a ridiculously simple request which appears to
be far too difficult for gpg to manage.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Adding this restriction means we can filter any FILENAME entry from
starting with a "/" or a ".". Use the term "dot" as it is more
computing relevant compared to "full stop" or "period" which vary
depending on English locale.
Signed-off-by: Allan McRae <allan@archlinux.org>
If LOGDEST is set, we may not check that $startdir is writable. Store
the log pipe in LOGDEST instead.
Signed-off-by: Allan McRae <allan@archlinux.org>
bzr support "worked", but didn't handle any of the actual features we
wanted with makepkg. This moves the revision specification to the proper
place (extraction, rather than download), and fixes an additional broken
reference to $repo which was never set.
Fixes FS#35281.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
If stdout is already redirected, redirecting stderr to stdout can lead
to undesirable results.
Fixes FS#34974.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Copy SVN repos rather than using "svn export" to keep all anotation
files in the repo for build scripts that use (e.g.) "svin info".
Signed-off-by: Allan McRae <allan@archlinux.org>
Using the checkout directory for the SVN config can result in clashes
between config files and files from the SVN checkout. Instead, use
a ".makepkg" directory within the checkout.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add support for all bzr URLs, including "lp:" URLs, in the source array.
This, however, requires an internet connection and will fall back to the
current behavior for offline builds. In that case, only the URL reported
by 'bzr config parent_location' run inside the local repo can be used,
and is outputted.
Signed-off-by: Maxime Gauduin <alucryd@gmail.com>
remove_deps already has a check and won't run unless -r is specified, so
if this was meant to remove dependencies of a failure no matter what,
then it's not doing it, and with -r it is run twice on a failure for no
real reason.
Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Bug exposed by a6291858cc
popd doesn't run in the for loop in download_sources() if the continue
in download_files is executed. Causing the extract_files to extract
everything into $SRCDEST instead of $srcdir
Signed-off-by: Allan McRae <allan@archlinux.org>
grep allows options to be set from the environment with GREP_OPTIONS.
Many of these options will alter grep's output, breaking makepkg.
GREP_OPTIONS=--line-number breaks installed dependency removal, for
instance.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
When VCS sources were updated, we changed into their root directory.
Any following source was then downloaded to an incorrect place causing
a failure in makepkg. Ensure we are always in the $SRCDEST directory
before starting any download.
Fixes FS#34488.
Signed-off-by: Allan McRae <allan@archlinux.org>
I imported this translation from transifex without realising that there
was no strings translated despite being "acitve" on transifex for quite
some time. Remove it until translation begins...
Signed-off-by: Allan McRae <allan@archlinux.org>
This reverts commit 8b03b1a877.
It is much better to download the submodules using separate source entries
and adjust the submodule configs to point at these versions in the
prepare() function.
See https://mailman.archlinux.org/pipermail/pacman-dev/2013-March/016771.html
for an example.
Signed-off-by: Allan McRae <allan@archlinux.org>
Looks like I hosed this pretty hard in 5a5e712c74.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Because --noextract also implies to not download/verify source files, it wasn't
possible to simply do that, without either extracting and/or building.
(Note: --verifysource takes precedence over --noextract)
Signed-off-by: Olivier Brunel <i.am.jack.mail@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Make all VCS download functions uses get_filename to get the repo name.
In addition, creating a working directory from a Bazaar repository now shows
the short-name of the repository, not the full path on disk.
I'm not sure if the name of the variable that holds the basename of the local
clone should still be `repo`, but I have left the variable name for simplicity.
Signed-off-by: Neer Sighted <neersighted@myopera.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Previously makepkg would clone vcs sources in the download function,
regardless of the noextract settings. Now the download_* functions only
download or update the vcs sources, and the new extract_* functions just
create working copies using the specified protocols. The extract_sources
function will call the needed extract function for the protocol
specified. The tarball extraction has also been moved into its own
extract_file function to keep things consistent.
Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Added an `ask` message function that emulates pacman's appearance.
Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Color enabled by default, use --nocolor to disable colored output.
Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Use --nocolor to suppress colored output from pacman-key, otherwise
output will be in color.
Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Color enabled by default, use --nocolor to turn off colors.
Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Use the same colors as makepkg in messages. Add in the 'plain' function
as well.
To use the colors, you need to include the term_colors.sh file, or add
definitions for the colors explicitly.
Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Make makepkg use a recursive clone when creating the working directory.
This will initialize submodules
Signed-off-by: Allan McRae <allan@archlinux.org>
Supported by libarchive as of version 3.1.0 when compiled against lzo2
or in the presence of the lzop binary.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
In makepkg, passing -sr --needed causes there to be a conflict when
pacman goes to remove the dependencies, as the --needed flag is not an
option for pacman -R. This patch makes --needed not get added to the
PACMAN_OPTS array, but it acts like ASDEPS, and is only added to an
install function.
Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The idea of having separate build() and package() functions is that
build() is run as a normal uses and package() as (fake)root. Any
files placed in $pkgdir during build() can have the wrong permissions.
Restrict access to $pkgdir during build() - unless there is no package()
function.
Also, set $pkgdir to something "useful" during build(). For split
packages, this uses "<path>/pkg/$pkgbase" because it is not obvious
which $pkgdir is being referred to.
Signed-off-by: Allan McRae <allan@archlinux.org>
Rearrange tidy_install so we first remove docs, unwanted files,
libtool files, and empty directories. Then check for missing backup
files and references to $srcdir and $pkgdir. Finally compress manpages,
strip debug symbols, and compress executables with upx.
Fixes FS33318
Signed-off-by: Chirantan Ekbote <chirantan.ekbote@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The difference between the echo and the printf's in write_pkginfo seemed
to be somewhat sporadic. Also, the INFAKEROOT check was doing the same
exact thing as the SPLITPKG check, but formatted much differently and
consuming two extra lines. I think this makes it more readable than it
was previously, if nothing else.
Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>