Using the value of "SKIP" in the checksum array will cause that
integrity check to be skipped. This makes building packages that
rely on user configurable sources less painful.
Based-on-patch-by: Dan McGee <dan@archlinux.org>
Based-on-patch-by: David Campbell <davekong@archlinux.us>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This converts our script generation to use the built-in AM_V_GEN macro,
which honors the V= setting passed to make and allows one to see the
full command if they truly desire. The AM_V_at macro is also used in
place of an explicit @ so verbose-mode compiles show all commands being
run.
We can also use these two macros in doc generation to quiet it down to
the level we expect.
Other minor changes:
* a pointless test call is removed in test/pacman/tests/
* sed is used instead of dos2unix as we depend on it anyway
* consecutive chmod calls are reduced to a single call (e.g., '+x,a-x')
Signed-off-by: Dan McGee <dan@archlinux.org>
Add support for overriding configuration in /etc/makepkg.conf and
~/.makepkg.conf by setting the environment variable PACKAGER similar to
how SRCDEST and PKGDEST behave.
Signed-off-by: Allan McRae <allan@archlinux.org>
Commit e7b56f48 allowed makepkg to handle pgp signatures with the
.sign extension. Update the man page to reflect this.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is work originally provided by Sascha Kruse on FS#20360 with only
minor adjustments to the implementation. It's been expanded to cover:
NoUpgrade, NoExtract, IgnorePkg, IgnoreGroup.
Adds tests ignore008, sync139, sync502, and sync503.
Also satisfies FS#18988.
Original-work-by: Sascha Kruse <knopwob@googlemail.com>
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This is not something that should be used on a frequent basis, and
giving it a short option encourages use without making the drawbacks
obvious. For the 1% of situations that require it, the 5 extra
keystrokes are a fair price to pay.
Signed-off-by: Dan McGee <dan@archlinux.org>
* Make all docs depend on Makefile; if we change flags here we want them
rebuilt.
* Add explicit filenames to .gitignore so we can add our own CSS
override file, and add an asciidoc-override.css resource.
* Adjust a few asciidoc options when generating HTML.
* Remove asciidoc-manpage.css; apparantly this doesn't exist anymore.
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows it to serve double-duty. In order to allow users to base
verification decisions off of both a valid signature and a trusted
signature, we need to assign some level of owner trust to the keys we
designate as trusted on import.
Signed-off-by: Dan McGee <dan@archlinux.org>
* --import now only imports keys from pubkey.gpg and does not import
owner trust; if you want to have both simply run the operations in
sequence.
* --import-trustdb has been simplified; it will overwrite existing
values in the trust database as before, but there is no need to export
it first as those values are safe if left untouched.
* Fix the manpage referring to a non-existent option.
Signed-off-by: Dan McGee <dan@archlinux.org>
A few parameters were outdated or wrongly named, and a few things were
explicitly linked that Doxygen wasn't able to resolve.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is similar to the 'foo-revoked' file we had. This will be used to
inform the user what keys in the shipped keyring need to be explicitly
trusted by the user.
A distro such as Arch will likely have 3-4 master keys listed in this
trusted file, but an additional 25 developer keys present in the keyring
that the user shouldn't have to directly sign.
We use this list to prompt the user to sign the keys locally. If the key
is already signed locally gpg will print a bit of junk but will continue
without pestering the user.
Signed-off-by: Dan McGee <dan@archlinux.org>
We're putting the cart ahead of the horse a bit here. Given that our
keyring is not one where everything is implicitly trusted (ala gpgv),
keeping or deleting a key has no bearing on its trusted status, only
whether we can actually verify things signed by said key.
If we need to address this down the road, we can find a solution that
works for the problem at hand rather than trying to solve it now before
signing is even widespread.
Signed-off-by: Dan McGee <dan@archlinux.org>
This fixes build errors when performing a manual install straight to a
filesystem where the files already exist.
Reported-by: Sergej Pupykin <ml@sergej.pp.ru>
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This also renames '--receive' to '-recv-keys' to match the wrapped gpg
option name, rather than invent a new one, now that the calling
convention is the same.
Signed-off-by: Dan McGee <dan@archlinux.org>
We were using the mystical [<foobar>] options which is some sort of
cross between a <required> argument and an [optional] one. Remove this
madness and do some other general cleanup/consistency work in the
manpage.
Signed-off-by: Dan McGee <dan@archlinux.org>
The HoldKey option was undocumented and was not suited for pacman.conf.
Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list
of keys not to be removed from the pacman keyring with the --populate
option.
Signed-off-by: Allan McRae <allan@archlinux.org>
The current --reload option, apart from being non-clear in its naming,
is very limited in that only one keyring can be provided. A distribution
may want to provide multiple keyrings for various subsets of its
organisation or custom repo providers may also want to provide a keyring.
This patch adds a --populate option that reads keyrings from (by default)
/usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional
foo-revoked file providing a list of revoked key ids. These files are
required to be signed (detached) by a key trusted by pacman-key, in
practice probably by the key that signed the package providing these
files. The --populate flag either updates the pacman keyring using all
keyrings in the directory or individual keyrings can be specified.
Signed-off-by: Allan McRae <allan@archlinux.org>
We had this interesting set of facts conundrum, according to vercmp
return values:
2.0a < 2.0
2.0 < 2.0.a
2.0a == 2.0.a
This introduces a code change that ensures '2.0a < 2.0.a' as would be
expected by the first two comparisons. Unfortunately this stays us a bit
further from upstream RPM code, but those are the breaks (in RPM, the
versions involving 'a' do in fact compare the same, but they are both
greater than the bare '2.0').
Signed-off-by: Dan McGee <dan@archlinux.org>
Add the info that versioned replaces are now supported, as well as
beefing up some of the other places touching on versioned fields.
Signed-off-by: Dan McGee <dan@archlinux.org>
makepkg --source is a often used go make source package like for AUR.
Have a -S shortcut will save the world.
Signed-off-by: Sebastien Luttringer <seblu@seblu.net>
Signed-off-by: Dan McGee <dan@archlinux.org>
We had this gem:
⇐ (less than or equal to)
Due to not ensuring we did literal printing of things like this. Fix it
and a few other problems noticed scanning through both the HTML and
manpage generated files.
Signed-off-by: Dan McGee <dan@archlinux.org>
* .mailmap: add mapping for Dave's two email addresses.
* AUTHORS: clear out file, tell people to use `git shortlog -s` instead.
* doc/footer.txt: "promote" Dave, put Xavier and Nagy in past contributors.
Signed-off-by: Dan McGee <dan@archlinux.org>
These are equivalent. Use the autoconf macro for consistency.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This applies to the repo-remove man page as well as the script itself.
Yes Dan, I ran distcheck afterwards.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is somewhat of a dangerous option with limited use cases. Don't
advertise it as an easily accessibly option.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Trivial to implement as the same backend machinery is used anyway.
Document it and add it to the accepted options.
Signed-off-by: Dan McGee <dan@archlinux.org>
This closely matches what we had before for -R --recursive. Basically,
when specifying a target (e.g., pacman), we can now recursively pull all
dependencies, regardless of version specifiers and whether they are
already satisfied in the local database. This could be used to update
pacman on a system with an old glibc, for example, as both pacman and
glibc would get pulled into the transaction.
This is most useful with --needed to prevent needless reinstalls as
described in the man page changes.
The end goal of this change is to wire it into SyncFirst and have it be
the default mode of operation there, but that belongs in a separate
changeset.
Signed-off-by: Dan McGee <dan@archlinux.org>
The format required for selection of packages within the group selection
dialog is not entirely obvious, so provide some documentation.
Fixes FS#24134.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 94d22f9309)
This adds docs for SigLevel, which can exist in both [options] and
[repository] sections. It also does a bit of reworking of the structure
of this manpage and adds a labeled list under the repo sections where we
didn't have one before.
Signed-off-by: Dan McGee <dan@archlinux.org>
The current --list option outputed the keys and all their signatures
which can be overly verbose. It also did not take a list of keys on
the command line to limit its output (although the code suggests that
was intended).
That patch brings consistency with gpg, providing --list-keys and
--list-sigs options that function equivalently to those provided by
gpg.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>