1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-05 17:15:02 -05:00
Commit Graph

396 Commits

Author SHA1 Message Date
Dan McGee
484d5ec624 pacman-key: treat foo-trusted as an ownertrust export file
This allows it to serve double-duty. In order to allow users to base
verification decisions off of both a valid signature and a trusted
signature, we need to assign some level of owner trust to the keys we
designate as trusted on import.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-05 22:00:52 -05:00
Dan McGee
ab7d2890a4 pacman-key: refine and clarify import/import-trustdb behavior
* --import now only imports keys from pubkey.gpg and does not import
  owner trust; if you want to have both simply run the operations in
  sequence.
* --import-trustdb has been simplified; it will overwrite existing
  values in the trust database as before, but there is no need to export
  it first as those values are safe if left untouched.
* Fix the manpage referring to a non-existent option.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-05 21:55:53 -05:00
Dan McGee
2517ba3303 Update Doxyfile and fix some documentation errors caught by Doxygen
A few parameters were outdated or wrongly named, and a few things were
explicitly linked that Doxygen wasn't able to resolve.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 16:37:36 -05:00
Dan McGee
1df9b2aa79 pacman-key: add an additional plain text 'foo-trusted' file
This is similar to the 'foo-revoked' file we had. This will be used to
inform the user what keys in the shipped keyring need to be explicitly
trusted by the user.

A distro such as Arch will likely have 3-4 master keys listed in this
trusted file, but an additional 25 developer keys present in the keyring
that the user shouldn't have to directly sign.

We use this list to prompt the user to sign the keys locally. If the key
is already signed locally gpg will print a bit of junk but will continue
without pestering the user.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:15:45 -05:00
Dan McGee
33685b960d pacman-key: remove holdkeys functionality
We're putting the cart ahead of the horse a bit here. Given that our
keyring is not one where everything is implicitly trusted (ala gpgv),
keeping or deleting a key has no bearing on its trusted status, only
whether we can actually verify things signed by said key.

If we need to address this down the road, we can find a solution that
works for the problem at hand rather than trying to solve it now before
signing is even widespread.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:15:45 -05:00
Dave Reisner
68856755c4 buildsys: remove existing symlinks before installing
This fixes build errors when performing a manual install straight to a
filesystem where the files already exist.

Reported-by: Sergej Pupykin <ml@sergej.pp.ru>
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-14 17:18:07 -05:00
Dan McGee
16fd66f879 pacman-key: add --refresh-keys operation
This allows new signatures to be pulled, revocations to be found, etc.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02 21:44:04 -05:00
Dan McGee
d9545103b9 pacman-key: split keyserver to a separate option
This also renames '--receive' to '-recv-keys' to match the wrapped gpg
option name, rather than invent a new one, now that the calling
convention is the same.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02 21:43:03 -05:00
Dan McGee
5a9b07b0e7 pacman-key help and documentation cleanup
We were using the mystical [<foobar>] options which is some sort of
cross between a <required> argument and an [optional] one. Remove this
madness and do some other general cleanup/consistency work in the
manpage.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02 21:41:40 -05:00
Dan McGee
24f4f9822f doc: consistency when referencing other options
Use '\--option' rather than `--option` everywhere.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02 21:41:40 -05:00
Dan McGee
3c3ee6796a pacman-key: document --lsign-key
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02 21:41:40 -05:00
Allan McRae
e1b9f7b300 pacman-key: rework and document holding keys in keyring
The HoldKey option was undocumented and was not suited for pacman.conf.
Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list
of keys not to be removed from the pacman keyring with the --populate
option.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29 11:55:23 +10:00
Allan McRae
29dede2eb7 pacman-key: Improve documentation for --populate
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29 11:55:23 +10:00
Allan McRae
d1240f67ea pacman-key: rework importing distro/repo provided keyrings
The current --reload option, apart from being non-clear in its naming,
is very limited in that only one keyring can be provided.  A distribution
may want to provide multiple keyrings for various subsets of its
organisation or custom repo providers may also want to provide a keyring.

This patch adds a --populate option that reads keyrings from (by default)
/usr/share/pacman/keyrings.  A keyring is named foo.gpg, with optional
foo-revoked file providing a list of revoked key ids.  These files are
required to be signed (detached) by a key trusted by pacman-key, in
practice probably by the key that signed the package providing these
files. The --populate flag either updates the pacman keyring using all
keyrings in the directory or individual keyrings can be specified.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29 11:55:22 +10:00
Dan McGee
30d978a966 vercmp: ensure 2.0a and 2.0.a do not compare equal
We had this interesting set of facts conundrum, according to vercmp
return values:
    2.0a <  2.0
    2.0  <  2.0.a
    2.0a == 2.0.a

This introduces a code change that ensures '2.0a < 2.0.a' as would be
expected by the first two comparisons. Unfortunately this stays us a bit
further from upstream RPM code, but those are the breaks (in RPM, the
versions involving 'a' do in fact compare the same, but they are both
greater than the bare '2.0').

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-23 01:49:29 -05:00
Jakob Gruber
dddd6a46a0 Fix formatting in pacman-key manpage
Signed-off-by: Jakob Gruber <jakob.gruber@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22 13:15:15 -05:00
Dan McGee
2a466c2abc doc/PKGBUILD: update regarding versioned package fields
Add the info that versioned replaces are now supported, as well as
beefing up some of the other places touching on versioned fields.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Sebastien Luttringer
4a7f3bbc46 Add makepkg -S which is an alias to makepkg --source
makepkg --source is a often used go make source package like for AUR.
Have a -S shortcut will save the world.

Signed-off-by: Sebastien Luttringer <seblu@seblu.net>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Sebastien Luttringer
b2688e9559 Update PKGBUILD manpage about startdir deprecation
Signed-off-by: Sebastien Luttringer <seblu@seblu.net>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-17 16:54:53 -05:00
Dan McGee
cea6d7eb13 doc/PKGBUILD: fix Asciidoc formatting issues
We had this gem:
    ⇐ (less than or equal to)

Due to not ensuring we did literal printing of things like this. Fix it
and a few other problems noticed scanning through both the HTML and
manpage generated files.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-16 11:47:53 -05:00
Dan McGee
70db027204 Update authors and contributors
* .mailmap: add mapping for Dave's two email addresses.
* AUTHORS: clear out file, tell people to use `git shortlog -s` instead.
* doc/footer.txt: "promote" Dave, put Xavier and Nagy in past contributors.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-16 11:46:44 -05:00
Dave Reisner
82ffe2cbfd build-sys: always use $(RM) instead of rm -f
These are equivalent. Use the autoconf macro for consistency.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15 13:05:27 -05:00
Dave Reisner
1741b5cc30 dist: preserve symlinks on installation
This applies to the repo-remove man page as well as the script itself.

Yes Dan, I ran distcheck afterwards.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15 13:05:17 -05:00
Dan McGee
dd865d2981 Merge branch 'maint'
Conflicts:
	scripts/repo-add.sh.in
2011-08-11 11:35:29 -05:00
Dave Reisner
6e4f695a0f pacman: remove --dbonly shortopt
This is somewhat of a dangerous option with limited use cases. Don't
advertise it as an easily accessibly option.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-11 11:29:49 -05:00
Dan McGee
857357f940 Allow --needed and --recursive on -U operations
Trivial to implement as the same backend machinery is used anyway.
Document it and add it to the accepted options.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-11 11:29:46 -05:00
Dan McGee
f3fa77bcf1 Add -S --recursive operation
This closely matches what we had before for -R --recursive. Basically,
when specifying a target (e.g., pacman), we can now recursively pull all
dependencies, regardless of version specifiers and whether they are
already satisfied in the local database. This could be used to update
pacman on a system with an old glibc, for example, as both pacman and
glibc would get pulled into the transaction.

This is most useful with --needed to prevent needless reinstalls as
described in the man page changes.

The end goal of this change is to wire it into SyncFirst and have it be
the default mode of operation there, but that belongs in a separate
changeset.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-11 11:19:04 -05:00
Dan McGee
e0f41e0fb4 3.5.4 release preparation
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-09 19:16:19 -05:00
Allan McRae
07996bfac7 Document group and providers selection
The format required for selection of packages within the group selection
dialog is not entirely obvious, so provide some documentation.

Fixes FS#24134.

Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 94d22f9309)
2011-08-09 18:55:16 -05:00
Dan McGee
a42e52a09f doc/pacman.conf: make SigLevel overview an unordered list
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-09 15:41:07 -05:00
Dan McGee
8fa330335f Merge branch 'maint'
Conflicts:
	lib/libalpm/dload.c
	lib/libalpm/po/fi.po
	lib/libalpm/po/libalpm.pot
	po/de.po
	po/fi.po
	src/pacman/po/pacman.pot
	src/pacman/util.c
2011-08-08 17:05:25 -05:00
Florian Pritz
4c37d74ae5 doc/PKGBUILD: fix pkgver for -git packages
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-08 13:28:40 -05:00
Dan McGee
f10aea73e4 docs/pacman.conf: Document SigLevel option
This adds docs for SigLevel, which can exist in both [options] and
[repository] sections. It also does a bit of reworking of the structure
of this manpage and adds a labeled list under the repo sections where we
didn't have one before.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-02 08:25:23 -04:00
Allan McRae
c55cbfbd5f pacman-key: follow gpg options for listing keys
The current --list option outputed the keys and all their signatures
which can be overly verbose.  It also did not take a list of keys on
the command line to limit its output (although the code suggests that
was intended).

That patch brings consistency with gpg, providing --list-keys and
--list-sigs options that function equivalently to those provided by
gpg.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-02 08:20:42 -04:00
Dan McGee
cd8747ba6d Unify modelines in Asciidoc files
This gets us close to using the same modeline in all files we run
through Asciidoc, as well as adding the spell and spelllang
declarations, just as we had in NEWS already.

The choice of 'en_us' is mainly for consistency and because the body of
work already uses these spellings.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-28 11:42:08 -05:00
Pang Yan Han
804e2505cf pacman-key: Add --import and --import-trustdb
Currently, pacman-key allows the user to import their keys using the --add
option. However, no similar functionality exists for importing ownertrust
values.

The --import-trustdb option takes a list of directories and imports ownertrust
values if the directories have a trustdb.gpg database.

The --import option takes a list of directories and imports keys from
pubring.gpg and ownertrust values from trustdb.gpg. Think of it as a combination
of --add and --import-trustdb

Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:53 -05:00
Allan McRae
2b3405e01b makepkg: more control of skipping integrity checks
Allows the skipping of all integrity checks (checksum and PGP) or
either the checksum or PGP checks individually.

Original-patch-by: Wieland Hoffman <theminew@googlemail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:13 -05:00
Wieland Hoffmann
94f61c5b29 makepkg: Add support for verifying pgp signatures
Many projects provide signature files along with the source code
archives. It's good to check these, too, when verifying the integrity
of source code archives.
Not everybody is using gpg so the verification can be disabled with
--skippgpcheck.
Additionally, only a warning is displayed when the key that signed the
source file is unknown.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:06 -05:00
Allan McRae
03447ce39c makepkg: allow epoch to be overridden
We can override pkgver and pkgrel so it is only logical to add epoch
to that list

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:45:18 -05:00
Allan McRae
0c9e86bab1 pacman-key: add --init option
Add an --init option that ensures that the pacman keyring has all
the necessary files and they have the correct permissions for being
read as a user.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
0e85c4989b pacman-key: add --verify option
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
7963c5d000 pacman-key: update man page
Update man page to reflect current options.  Also add a description
on how to manually interact with the pacman keyring with gpg.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00
Dan McGee
e209955606 doc/PKGBUILD: clarify scriptlet version arguments
It was a bit unclear that both pkgver and pkgrel were included in the
passed version strings; clarify this fact in the manpage. Also include
epoch in the mix now that it exists.

Also make two other minor consistency touchups to code-print variables
in text.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-14 16:12:15 -05:00
Dan McGee
36e48573ce Add 'compress' compression format as an available option
This adds the '.tar.Z' option to both repo-add and makepkg for no other
reason than "why not", and because bsdtar supports it natively with the
'-Z' flag. Also update the documentation accordingly.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-14 14:58:46 -05:00
Allan McRae
dfc532668d makepkg: update --pkg desciption in man page
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-05 10:22:45 -05:00
Dave Reisner
112858ae61 repo-add.8.txt: document valid DB file extensions
Signed-off-by: Dave Reisner <d@falconindy.com>
2011-06-24 14:55:49 -04:00
Allan McRae
c45cfb1741 makepkg: remove the cleancache option
This is a fairly useless feature given all it does is an "rm" on a
directory.  It is also unlikely that you would want to remove the
entire SRCDEST anyway, but rather just the old files.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-24 13:36:38 -05:00
Allan McRae
94d22f9309 Document group and providers selection
The format required for selection of packages within the group selection
dialog is not entirely obvious, so provide some documentation.

Fixes FS#24134.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-24 02:02:40 -05:00
Allan McRae
508b360c24 makepkg: allow specifying alternative build directory
Add a BUILDDIR variable (which can be overridden in the environment)
to specify an alternative location for building the package. This is
useful for people who want to build on a different filesystem for
improved performance (e.g. tmpfs).

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-22 10:45:55 -05:00
Allan McRae
b803a33a8f makepkg: Add UPX compression support
This patch enables the automatic compression of executable binaries
using UPX when the 'upx' options is specified in makepkg.conf or the
PKGBUILD.  Additional arguments can be passed to UPX by specifying
the UPXFLAGS variable.

Original-patch-by: Bryce Gibson <bryce@gibson-consulting.com.au>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-22 10:45:18 -05:00