Add the "GPGKEY" option to makepkg.conf for specifying signing packages
with the non-default key from the keyring. Is overridded by makepkg's
--key option.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
GNU su supports the -c option to specify a command to execute.
However, other flavours of su may have a different interpretation
of the '-c' flag (e.g. FreeBSD and OpenBSD).
The behaviour is correct when '-c' follows an explicit username.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
A non-GNU version of awk may not support the (|...) syntax for
an optional group and require '()' to match an empty string.
The (...)? syntax is more appropriate for this usage.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Trailing backslahses can lead to additional spaces at the front
of extracted entries. See FS#23524. Strip these while parsing
the PKGBUILD entries.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The use of "tr" only leads to trouble. Remove unnecessary usage
of it from within makepkg.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
to quote dan:
"turkish will FUCK YOU UP. this is not the first or the last time"
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Three new command line options were added:
--sign: forces the generation of a signature for the resulting package,
taking precedence over the value in makepkg.conf
--nosign: do not sign the resulting package
--key <key>: use a different key than the user's default for signing
the package.
A check is performed to ensure the user has (provided) a valid gpg key
for signing.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Use mode 755, so non-root users can see inside.
Add "--no-permission-warning" to GPG_PACMAN to suppress the noise that
otherwise comes of not using mode 700 - this is not private data.
GPGme turns out not to issue this warning itself, so no problem there.
TODO: should non-root users be allowed to use the read-only operations
(--list, --export, --finger)?
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This now includes -s and -v, tailors itself to the current command,
and is formatted more like that of other pacman commands.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move the create_signature() call outside the case of non-empty
databases, so it will be called regardless.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
My main motivation was to remove the "sync", which can stall for
minutes on a busy machine (FS#23378). I also cleaned up the redirection.
Signed-off-by: Jan Steffens <jan.steffens@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move checksum and pgpsig calcluation before changing into the
tmpdir, otherwise we can't find the files if a relative path
was used.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Implements FS#23103. Also modify libalpm so it ignores this value
without any warning as we know it is likely to exist.
Signed-off-by: Dan McGee <dan@archlinux.org>
Make it actually like all our other tools rather than some homegrown
format. Also make it translator friendly by not wrapping messages across
lines in different strings.
Signed-off-by: Dan McGee <dan@archlinux.org>
Make the usage output display nicely on 80 character width terminals.
Also fix parsing of "-h" and "-v" options and avoid root check when
run with no commands.
Signed-off-by: Allan McRae <allan@archlinux.org>
The --reload command was refactored to allow a more flexible management.
There are two sets of keys that will be added, one that will be
removed and one that will be kept.
The set of keys to be kept are configured in pacman.conf, with the
option HoldKeys, with the same meaning of HoldPkgs. It can be repeated
and several values can be put in the same entry.
The new behavior allows a key to be marked for removal, but the user
can decide if that key must be kept. For example, if a developer has
a public repository, signed with his own key, that key must be added
to the HoldKeys option. If the key is marked for removal from pacman's
keyring, it will not be removed for the users that have configured
HoldKeys correctly.
There are other minor fixes, mainly in the handling of --add command
when there is no aditional parameter. In that case, pacman-key will
behave just like gpg, adding the contents of stdin into pacman's keyring.
Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
The script pacman-key will manage pacman's keyring. It imports, exports,
fetches from keyservers, helps in the process of trusting and updates
the trust database.
Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This is intended to verify an existing signature on a database before
making further changes to it and performing updates. Rarely would you
use this without immediately resigning it via the -s/--sign option.
Instead, it is intended as a "chain of trust" operation where the
previous signature is verified to give you some sense that what you sign
off on is also safe.
Still todo: don't make changes unless the signature is not only good,
but also in the accepted list of keys.
Signed-off-by: Dan McGee <dan@archlinux.org>
In order to be fully secure, we can't only sign packages. We also need
to sign our repository metadata to prevent database falsification,
dependency injection, etc. Add an '-s/--sign' option that allows this
functionality, and will generate a .sig file side-by-side with the
package database.
While at it, fix the issue where a signature file would never be found
because of 'cd' madness (this needs fixing in another commit).
Signed-off-by: Dan McGee <dan@archlinux.org>
Use base64 encoding to store the value in the database if a .sig file exists
for the package being added.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a rather simple patch to add signing support to makepkg. Add a
create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf,
and document the changes in the makepkg.conf manpage.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
Prevents issues where optdepends descriptions contain a bracket.
Also, strip all comments from arrays before joining them.
Fixes FS#23307.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
A lot of these were places that should have used the same message but
didn't, or were very easy to convert to using the same message and
letting some of the burden off of the translators.
Signed-off-by: Dan McGee <dan@archlinux.org>
When generating integrity sums, we could get some weird output before due to
epoch being uninitialized:
/usr/bin/makepkg: line 234: [[: 2.6.37: syntax error: invalid arithmetic operator (error token is ".6.37")
Signed-off-by: Dan McGee <dan@archlinux.org>
Adding the "|| true" to the subshell prevents bash-3.2 setting off the
error_trap but requires changing the if statement.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Fixes bash-3.2 compatibility.
Thanks-to: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The current behaviour, which is placing source packages in PKGDEST if
SRCPKGDEST is not set, is inconsistent with {SRC,PKG}DEST handling and
there is no real advantage in doing so.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
At least in FreeBSD, find always returns 0 if it finds stuff
(imagine that). It doesn't care about the exit status of whatever is
passed to -exec.
This patch makes the checks compatible with this behaviour.
Using xargs and not using grep directly because packages with too many
files would cause grep to complain about argument list being too long.
This should also fix the false positive in packages with no files.
Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
dirty indicates if the repo has uncommited changes or not when building,
so dont hardcode this info.
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
repo-add should only attempt to create the delta file when using the -d
option.
Also adjust a couple of tests to use the "double bracket" syntax.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This makes things consistent with everywhere else we are incorporating the
new optional epoch field. Add a helper function that forms the version
string for you and use it in makepkg where I found 'pkgver.*-.*pkgrel'.
This exposes a few shortcomings in a previous "Override pkgver" patch
(2020e629) in the install package and check if built functions.
Signed-off-by: Dan McGee <dan@archlinux.org>
Instead, go the same route we have always taken with version-release in
libalpm and treat it all as one piece of information. Makepkg is the only
script that knows about epoch as a distinct value; from there on out we will
parse out the components as necessary.
This makes the code a lot simpler as far as epoch handling goes. The
downside here is that we are tossing some compatibility to the wind;
packages using force will have to be rebuilt with an incremented epoch to
keep their special status.
Signed-off-by: Dan McGee <dan@archlinux.org>
It is pretty annoying to get one, fix it, and then get another. We should be
able to continue on through most of the sanity checks in one go so the user
gets all the error messages at once.
Also ensure $pkgbase is defined by the time we call this function;
previously we printed nothing where a package name should have been due to
this oversight.
Signed-off-by: Dan McGee <dan@archlinux.org>
I tried to move things around here when testing and did a bit too much; the
warning message always showed regardless of delta inclusion in the call. Fix
it so we only warn if we have a filename, but the file couldn't be located.
Signed-off-by: Dan McGee <dan@archlinux.org>