If validpgpkeys is set in the PKGBUILD, signature checking fails if
the fingerprint of the key used to create the signature is not listed
in the array.
The key's trust value is ignored.
Signed-off-by: Allan McRae <allan@archlinux.org>
Instead of invoking grep multiple times, parse the status file once.
This refactoring also changes the behvaiour when signature verification
fails due to a missing public key: It is now an error instead of a
warning.
Signed-off-by: Allan McRae <allan@archlinux.org>
Provide pkgbase information for non-split packages with pkgbase set.
Also record the version of the "base" package. This is useful for
matching package files to source packages.
Signed-off-by: Allan McRae <allan@archlinux.org>
Packaging outside of fakeroot can result in incorrect permissions for
package files. It has been years since fakeroot issues during packaging
were common, so it is safe to enforce fakeroot usage. If using fakeroot
is impossible for some reason, a two line wrapper script will suffice to
fool makepkg.
Signed-off-by: Allan McRae <allan@archlinux.org>
The days of fakeroot being error ridden are long gone, so there is no
valid reason to run makepkg as root.
Signed-off-by: Allan McRae <allan@archlinux.org>
1. Packagers who want to test the package() function, i.e. to check the content
of the pkg/ folder.
2. Developers who want to check how the packaged version of a program looks, in
other words how the pkg/ folder looks.
3. For users of systems with no port tree, makepkg can ease package creation.
However the resulting archive of the whole makepkg process is often useless.
For all situations, makepkg will usually be called several times. But no archive
(the final package) is needed in any cases. The archive creation ends up being a
waste of time and resource, especially for big applications and slow machines.
Since this option aborts the process prematurely, it behaves like the
-o,--nobuild option, i.e. any other option acting on later stages in the process
will be automatically discarded. For --noarchive, it means that in
$ makepkg --noarchive --install
the '--install' option does not do anything.
Signed-off-by: Pierre Neidhardt <ambrevar@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Previously, install_package() return code was either used as exit code or
ignored. This was rather confusing. The return code is now always ignored and a
comment on install_package() has been added.
Signed-off-by: Pierre Neidhardt <ambrevar@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Files hosted on kernel.org only provide signatures for the uncompressed tarball.
Support this scheme by transparently uncompressing the archives and piping
the data into gpg.
Signed-off-by: Allan McRae <allan@archlinux.org>
I noticed when I built a kernel package with options 'strip' and 'debug' that
the debug package was missing the debug information for the kernel modules.
This patch adds kernel modules to the targets for 'strip' and is compatible
with the split-out debug information packages.
v2: Correct logic error -- did a 'continue' after the 2nd-level case statement
instead of in the default case.
v3: Oops, forgot to terminate outer case. Ran this version through the test
suite and all tests passed.
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
Signed-off-by: Allan McRae <allan@archlinux.org>
makepkg only aborts on errors during PKGBUILD functions so the remaining
"|| true" statements are unneeded.
Signed-off-by: Allan McRae <allan@archlinux.org>
It turns out that you should refer to variables by their actual name...
Introduced in commit a521cea9.
FS#38414.
Signed-off-by: Allan McRae <allan@archlinux.org>
FS#34240. This is useful for translators and has little cost to us since
we moved to transifex for translations.
Signed-off-by: Allan McRae <allan@archlinux.org>
If the user has "armor" in thier gpg.conf, makepkg will create an
ascii-armored signature. Use --no-armor in the gpg call to avoid.
FS#38503.
Signed-off-by: Allan McRae <allan@archlinux.org>
Forcing vim users to view files with a tabstop of 2 seems really
unnecessary when noet is set. I find it much easier to read code with
ts=4 and I dislike having to override the modeline by hand.
Command run:
find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} +
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
Running 'makepkg -g' or 'makepkg' to download source files results in
different permissions on the files if the user has a non-default umask.
Put the umask definition at the "beginning" of the makepkg script to
ensure all files generated by makepkg have a 0022 umask.
Signed-off-by: Allan McRae <allan@archlinux.org>
Unify the formatting of the --help switch for pacman utils, if it exists.
All of the pacman utils will now output help text using the following
format:
util-name (pacman) v<pacman version>
one line description of util's purpose
Usage: util-name [options]
-b, --bar whatever --bar does
-f, --foo whatever --foo does
-h, --help display this help message
Reported-by: Karol Błażewicz <karol.blazewicz at gmail.com>
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
This commit:
-- replaces space-based indents with tabs per the coding standards
-- removes extraneous whitespace (e.g. extra spaces between function args)
-- adds missing braces for a one-line if statement
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
The call to bsdtar to check if a file needs extracted returns 1 if it does
not. We then propegate this return value accidentally which can cause
makepkg to report an error later on. Explicitly return 0 in this case.
Signed-off-by: Allan McRae <allan@archlinux.org>
It is fairly common that packages contain static libraries with no
shared counterpart. These should not be removed with !staticlibs.
Signed-off-by: Allan McRae <allan@archlinux.org>
It appears there are a lot of packages with arch=('i686 x86_64')
floating around. Quote the arch array when passing as a parameter
to detect such things.
Signed-off-by: Allan McRae <allan@archlinux.org>
Validate the new pkgver efore blindly ramming it into the PKGBUILD.
This gives us good feedback and prevents corrupting the PKGBUILD, e.g.
==> Starting pkgver()...
==> ERROR: pkgver is not allowed to contain colons, hyphens or whitespace.
==> ERROR: pkgver() generated an invalid version: a horse is not a pkgver
As an additional failsafe, exchange a valid for invalid character as
command separator in @SEDINPLACE@ expressions. For even more paranoia,
exit if sed fails for any reason.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This points makepkg to where is library is located. Can be
overridden by value in the environment.
Signed-off-by: Allan McRae <allan@archlinux.org>
[Ashley: Rebased]
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk>
Build makepkg to scripts/.lib/makepkg and add a wrapper script to
call it. This is not useful at the moment, but is the first step
to allowing makepkg to be split into smaller pieces.
Signed-off-by: Allan McRae <allan@archlinux.org>
[Ashley: rebased]
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk>
The separation between downloading and extracting for non-vsc sources
was incomplete due to symlinks being made in $srcdir during the download
stage. Have download_{local,file} just ensure the presence of the files
in $startdir or $SRCDEST (downloading if needed) and then have
extract_file symlink these files into $srcdir.
Also replace "continue" with "return" in extract_file to make it clearer
what is happening.
Signed-off-by: Allan McRae <allan@archlinux.org>
These loops already maintain an independent loop counter, so cut out
the middle man. While this change doesn't necessarily require that we
drop support for sparse arrays, we do via this patch. A new lint check
is added in check_sanity to abort when a sparse array is encountered.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
These are all cases where we're reading filenames -- any backslashes
are intentional and should not be interpreted.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
With some simple math and printf formatting tokens, we can create the
whitespace necessary for this without the need for a loop and string
concatentation.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Unifying this list makes adding new algorithms easier. There's also
some menial cleanup in this patch to avoid use of eval and properly
treat lists of data as array instead of simple strings.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows for VAR=value and VAR+=value variable declarations.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
These references to bug numbers assume we will forever be using that bug
tracker. It is better to properly comment the code instead (which was
done in almost all cases anyway).
Signed-off-by: Allan McRae <allan@archlinux.org>
Replace spaces with tabs in one instance.
Remove extra spaces.
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
Signed-off-by: Allan McRae <allan@archlinux.org>
When maintaining a custom repo, often it is undesirable to retain older
versions of packages. This patch adds the --remove option to remove the
current package file and it's signature from disk before adding the new
one to the database. Documentation is also updated. This is an optional
flag and default behaviour (leaving ondisk files alone) is not changed.
Signed-off-by: Phillip Smith <fukawi2@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Given a revoked keyring containing only:
BC1FBE4D2826A0B51E47ED62E2539214C6C11350
We should only disable this specific keyid. This change enforces that the
contents of the -revoked keyring file are full fingerprints which can uniquely
identify a key.
Before:
# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
-> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
-> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
-> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
-> Disabling key 1390420191...
-> Disabling key E2539214C6C11350...
-> Disabling key 8544EA82113502DE...
==> Updating trust database...
gpg: next trustdb check due at 2014-01-22
After:
# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
-> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
-> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
-> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
-> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
==> Updating trust database...
gpg: next trustdb check due at 2014-01-22
Partially addresses FS#35478. This does nothing to confirm whether or not the
key was successfully disabled -- a ridiculously simple request which appears to
be far too difficult for gpg to manage.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Adding this restriction means we can filter any FILENAME entry from
starting with a "/" or a ".". Use the term "dot" as it is more
computing relevant compared to "full stop" or "period" which vary
depending on English locale.
Signed-off-by: Allan McRae <allan@archlinux.org>
given/when has been marked experimental in perl 5.18 because it will
change it 5.20. if/else is ugly, but hiding the generated warning is no
good solution either, so we us if/else for now.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
This also slighty changes the word order in the description for
--newest.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows for somewhat easy templating for PKGBUILDs.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
Add support for overriding configuration in /etc/makepkg.conf and
~/.makepkg.conf by setting the environment variable CARCH similar to
how SRCDEST and PKGDEST behave.
Fixes FS#35030.
Signed-off-by: Allan McRae <allan@archlinux.org>
Not having a package() function means all building occurs as root
and repackaging can lose permissions. Given the use of package()
functions has been around for years and we deprecated not having
one in pacman-4.1, we can remove support for PKGBUILDs without
package() functions altogether. However, keep PKGBUILDs that have
neither a build() or package() function working.
Signed-off-by: Allan McRae <allan@archlinux.org>
Using PKGBUILDs from stdin means that we can not use pkgver() in
packages. Given we have the "-p" option to pass any file to
makepkg and passing a PKGBUILD in the form "cat foo | makepkg"
does not work, this feature is unneeded.
Signed-off-by: Allan McRae <allan@archlinux.org>
If LOGDEST is set, we may not check that $startdir is writable. Store
the log pipe in LOGDEST instead.
Signed-off-by: Allan McRae <allan@archlinux.org>
bzr support "worked", but didn't handle any of the actual features we
wanted with makepkg. This moves the revision specification to the proper
place (extraction, rather than download), and fixes an additional broken
reference to $repo which was never set.
Fixes FS#35281.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This new option disables the prepare function. Useful in combination
with -o to get an unpatched copy of the sources for testing purpose.
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
If stdout is already redirected, redirecting stderr to stdout can lead
to undesirable results.
Fixes FS#34974.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Copy SVN repos rather than using "svn export" to keep all anotation
files in the repo for build scripts that use (e.g.) "svin info".
Signed-off-by: Allan McRae <allan@archlinux.org>
Using the checkout directory for the SVN config can result in clashes
between config files and files from the SVN checkout. Instead, use
a ".makepkg" directory within the checkout.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add support for all bzr URLs, including "lp:" URLs, in the source array.
This, however, requires an internet connection and will fall back to the
current behavior for offline builds. In that case, only the URL reported
by 'bzr config parent_location' run inside the local repo can be used,
and is outputted.
Signed-off-by: Maxime Gauduin <alucryd@gmail.com>
remove_deps already has a check and won't run unless -r is specified, so
if this was meant to remove dependencies of a failure no matter what,
then it's not doing it, and with -r it is run twice on a failure for no
real reason.
Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
All those extra '\e[1;'s were just setting bold redundantly or
immediately being cancelled.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Bug exposed by a6291858cc
popd doesn't run in the for loop in download_sources() if the continue
in download_files is executed. Causing the extract_files to extract
everything into $SRCDEST instead of $srcdir
Signed-off-by: Allan McRae <allan@archlinux.org>
grep allows options to be set from the environment with GREP_OPTIONS.
Many of these options will alter grep's output, breaking makepkg.
GREP_OPTIONS=--line-number breaks installed dependency removal, for
instance.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
When VCS sources were updated, we changed into their root directory.
Any following source was then downloaded to an incorrect place causing
a failure in makepkg. Ensure we are always in the $SRCDEST directory
before starting any download.
Fixes FS#34488.
Signed-off-by: Allan McRae <allan@archlinux.org>