This allows a `make -j4 check` invocation to actually run in parallel,
even though 95% of our test suite time is currently dominated by
pactest. It also allows running something like `make test-vercmp`.
Also, add some targets to the .PHONY list that belong in it.
Signed-off-by: Dan McGee <dan@archlinux.org>
Loop through arguments passed to verify_sig and treat each as a
signature to be verified against a source file. Output each file as its
checked to avoid ambiguity.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This requires an ugly amount of reworking of how pacman-key handles
options. The change simply to avoid passing keys, files, and directories
as arguments to options, but to leave them as arguments to the overall
program. This is reasonable since pacman-key limits the user to
essentially one operation per invocation (like pacman).
Since we now pass around the positional parameters to the various
operations, we can add some better sanity checking. Each operation is
responsible for testing input and making sure it can operate properly,
otherwise it throws an error and exits.
The doc is updated to reflect this, and uses similar verbiage as pacman,
describing the non-option arguments now passed to pacman-key as targets.
Similar to the doc, --help is reorganized to separate operations and
options and remove argument tokens from operations.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Big deltas or deltas for very small packages are not needed so we should
check that and not generate any.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
This has outlived its usefulness and causes more problems than it
solves. It has historically only ever been used to install pacman first.
That should not be needed given we provide the vercmp utility (which has
no library dependencies) and so calling pacman in install scripts is a
sign of poor packaging.
Work-duplicated-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Adds the ability to override the commands used to compressing
compiled and source packages. This is useful for those wanting
to use alternative implementations of the compression tools or
non-default compression options.
Allan: documented options in man page
Signed-off-by: Allan McRae <allan@archlinux.org>
Verifing the keyring at this point is useless as a malicious package is already
installed and as such has several options to bypass this check anyway.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
This reverts commit f3fa77bcf1 along with
making other necessary changes to fully back this (mis)feature out until
we can do it correctly.
The quick summary here is this was not implemented correctly; provides
are not fully taken into account in this logic, and making that happen
exposes a lot of other flaws in this code that are covered up later on
in the dependency resolving process by several other pieces of
convoluted and conditional logic.
Tests have been adjusted accordingly. Some test EXISTS conditions have
been removed as we already know the package is installed locally, and we
also are checking the VERSION condition anyway.
With these two related revert commits, we do have some changes in test
pass/fail results:
* upgrade078.py: does not pass, this is due to --recursive getting
removed for -U/-S operations after this commit.
* sync302.py: the version checks have been disabled, so this test
continues to pass but has been scaled back in scope.
* sync303.py: now passes, was failing before.
* sync304.py: still failing, was failing before.
* sync305.py: now passes, was failing before.
* sync306.py: still passes, was passing before.
Signed-off-by: Dan McGee <dan@archlinux.org>
Rework the frontend and backend to allow passing a ratio value in for
UseDelta rather than having a hardcoded #define-d 0.7 value always used.
This is useful for those with fast connections, who would likely benefit
from tuning this ratio to lower values; it is also useful for general
testing purposes.
The libalpm API changes for this, but we do support the old config file
format with a no-value 'UseDelta' option; in this case we simply use the
old default of 0.7.
We clamp the ratio values to a sane range between 0.0 and 2.0, allowing
ratios above 1.0 for testing purposes.
Signed-off-by: Dan McGee <dan@archlinux.org>
This removes the hack I added to skip '*.sig' files earlier since there
are other files that also fall into the same bucket- source packages
from `makepkg --source`, delta files, etc. Rather than prompting for
each and every one, simply skip them. Doing '-Scc' rather than '-Sc'
will delete these files if that is really what you want to do.
Signed-off-by: Dan McGee <dan@archlinux.org>
Commit 43cad9c8 made the building of all docs depend on the Makefile.
However, the Makefile is generated after running ./configure so is
always newer than any pregenerated docs. This means that people
building from released pacman tarballs are forced to rebuild the
docs (and thus have asciidoc installed). That defeats the purpose
of prebuilding the documentation. Have the documentatin depends on
Makefile.am instead as this is probably what was intended.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Using the value of "SKIP" in the checksum array will cause that
integrity check to be skipped. This makes building packages that
rely on user configurable sources less painful.
Based-on-patch-by: Dan McGee <dan@archlinux.org>
Based-on-patch-by: David Campbell <davekong@archlinux.us>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This converts our script generation to use the built-in AM_V_GEN macro,
which honors the V= setting passed to make and allows one to see the
full command if they truly desire. The AM_V_at macro is also used in
place of an explicit @ so verbose-mode compiles show all commands being
run.
We can also use these two macros in doc generation to quiet it down to
the level we expect.
Other minor changes:
* a pointless test call is removed in test/pacman/tests/
* sed is used instead of dos2unix as we depend on it anyway
* consecutive chmod calls are reduced to a single call (e.g., '+x,a-x')
Signed-off-by: Dan McGee <dan@archlinux.org>
Add support for overriding configuration in /etc/makepkg.conf and
~/.makepkg.conf by setting the environment variable PACKAGER similar to
how SRCDEST and PKGDEST behave.
Signed-off-by: Allan McRae <allan@archlinux.org>
Commit e7b56f48 allowed makepkg to handle pgp signatures with the
.sign extension. Update the man page to reflect this.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is work originally provided by Sascha Kruse on FS#20360 with only
minor adjustments to the implementation. It's been expanded to cover:
NoUpgrade, NoExtract, IgnorePkg, IgnoreGroup.
Adds tests ignore008, sync139, sync502, and sync503.
Also satisfies FS#18988.
Original-work-by: Sascha Kruse <knopwob@googlemail.com>
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This is not something that should be used on a frequent basis, and
giving it a short option encourages use without making the drawbacks
obvious. For the 1% of situations that require it, the 5 extra
keystrokes are a fair price to pay.
Signed-off-by: Dan McGee <dan@archlinux.org>
* Make all docs depend on Makefile; if we change flags here we want them
rebuilt.
* Add explicit filenames to .gitignore so we can add our own CSS
override file, and add an asciidoc-override.css resource.
* Adjust a few asciidoc options when generating HTML.
* Remove asciidoc-manpage.css; apparantly this doesn't exist anymore.
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows it to serve double-duty. In order to allow users to base
verification decisions off of both a valid signature and a trusted
signature, we need to assign some level of owner trust to the keys we
designate as trusted on import.
Signed-off-by: Dan McGee <dan@archlinux.org>
* --import now only imports keys from pubkey.gpg and does not import
owner trust; if you want to have both simply run the operations in
sequence.
* --import-trustdb has been simplified; it will overwrite existing
values in the trust database as before, but there is no need to export
it first as those values are safe if left untouched.
* Fix the manpage referring to a non-existent option.
Signed-off-by: Dan McGee <dan@archlinux.org>
A few parameters were outdated or wrongly named, and a few things were
explicitly linked that Doxygen wasn't able to resolve.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is similar to the 'foo-revoked' file we had. This will be used to
inform the user what keys in the shipped keyring need to be explicitly
trusted by the user.
A distro such as Arch will likely have 3-4 master keys listed in this
trusted file, but an additional 25 developer keys present in the keyring
that the user shouldn't have to directly sign.
We use this list to prompt the user to sign the keys locally. If the key
is already signed locally gpg will print a bit of junk but will continue
without pestering the user.
Signed-off-by: Dan McGee <dan@archlinux.org>
We're putting the cart ahead of the horse a bit here. Given that our
keyring is not one where everything is implicitly trusted (ala gpgv),
keeping or deleting a key has no bearing on its trusted status, only
whether we can actually verify things signed by said key.
If we need to address this down the road, we can find a solution that
works for the problem at hand rather than trying to solve it now before
signing is even widespread.
Signed-off-by: Dan McGee <dan@archlinux.org>