Currently, pacman-key allows the user to import their keys using the --add
option. However, no similar functionality exists for importing ownertrust
values.
The --import-trustdb option takes a list of directories and imports ownertrust
values if the directories have a trustdb.gpg database.
The --import option takes a list of directories and imports keys from
pubring.gpg and ownertrust values from trustdb.gpg. Think of it as a combination
of --add and --import-trustdb
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allows the commands to safely handle any possible arguments
Signed-off-by: DJ Mills <danielmills1@gmail.com>
Allan: rebase patch
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move the source integrity checking into its own function as the code
was duplicated and is now more complicated with the separation of the
two checks types.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allows the skipping of all integrity checks (checksum and PGP) or
either the checksum or PGP checks individually.
Original-patch-by: Wieland Hoffman <theminew@googlemail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Many projects provide signature files along with the source code
archives. It's good to check these, too, when verifying the integrity
of source code archives.
Not everybody is using gpg so the verification can be disabled with
--skippgpcheck.
Additionally, only a warning is displayed when the key that signed the
source file is unknown.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
When epoch, pkgver and/or pkgrel were overridden in a split package
function, makepkg failed hard finding the real version for checking
if packages were already built or trying to install packages. Fix
the get_full_version function to deal with overrides and return the
actual package version.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We can override pkgver and pkgrel so it is only logical to add epoch
to that list
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Check any overrides of the "arch" variable contain the required
architecture.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Enforce syntax checking for pkgrel and pkgver overrides in package
functions.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
There is always someone who tries to break things (cough *Dave* cough...)
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a cleaner expression of the same information.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Makes sure that the pacman keyring is readable and that the user
has permissions to create a lock file if lock-never is not specified
in the gpg.conf file.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add an --init option that ensures that the pacman keyring has all
the necessary files and they have the correct permissions for being
read as a user.
Signed-off-by: Allan McRae <allan@archlinux.org>
This function had a variety of pitfalls, including the inability to
successfully find a key=value pair where no whitespace surrounded the
equals sign. Make it more robust by splitting the line on the equals
itself, and performing whitespace trimming on the resulting key/value
pair.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Follow the example of gpg and only allow a single operation to be
specified each time. Prevents having to deal with conflicting
variable names and potential issues due to the order in which the
operations are run.
Signed-off-by: Allan McRae <allan@archlinux.org>
This moves the processing of the --edit-key and --receive options
to functions, keeping the final option processing to be all single
line statements.
Also rework the --edit-key option to validate all input before
processing.
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit correctly redirects to /dev/null the output of several
commands that get executed on logic checks.
Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This keeps the naming of the option more consistent with what is
actually being called by gpg.
Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit adds quotes to several variable assignments. Unquoted values
can cause problems on several occasions if the value is empty. It is
safer to have every assignment quoted.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
The conversion to using parse_options causes this option to break.
It is preferable to remove the option rather than fix it as it is
simply a wrapper for "gpg --homedir @sysconfdir@/pacman.d/gnupg".
Any user using more advanced keyring management than provided by
pacman-key can manage to point gpg at the right place themselves...
How to manually edit the keyring with gpg will instead be documented
in the man page in a later commit.
Signed-off-by: Allan McRae <allan@archlinux.org>
The pacman-key script is complicated enough to warrent usage of the
parse_options script. This is especially helpful in dealing with
all the configuration file override flags as the no longer need to
be specified first. It also allows us to do the right thing early
with --help/--version and no option cases cleanly. This change also
makde the check for root privileges only occur on operations where
they are needed.
This patch is inspired by and supercedes some patches submitted by
Denis A. Altoé Falqueto and Ivan Kanakarakis who were altering the
previous option handling in an attempt to deal with the above issues.
Signed-off-by: Allan McRae <allan@archlinux.org>
Specifying a filename with spaces in a PKGBUILDs noextract array fails
due to a lack of quoting.
Fixes FS#25100.
Reported-by: Thomas Weißschuh <thomas_weissschuh@lavabit.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The full path to the signature file when it is created is in a temporary
directory so only print the filename.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This prevents a dangling symlink being left behind if the repo goes
from being signed to unsigned.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
There is no need for a writable PKGDEST when using the --nobuild or
--geninteg flags.
Allan: added --geninteg
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Put a .gitignore entry at the right level and sort that file
alphabetically.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We nuke it from the completion file as well along with its longopt.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The '[[ -z' test in in_array() is redundant, so remove it.
Signed-off-by: DJ Mills <danielmills1@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Instead of hacking around the error trap, simply do an explicit
test for failure.
Signed-off-by: DJ Mills <danielmills1@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This adds the '.tar.Z' option to both repo-add and makepkg for no other
reason than "why not", and because bsdtar supports it natively with the
'-Z' flag. Also update the documentation accordingly.
Signed-off-by: Dan McGee <dan@archlinux.org>
If you are keeping a copy of the old database, you probably want
to keep a copy of its signature too. Also, delete the previously
backed-up database signature if no new one is being copied.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The lone quotation mark in "pacman's" causes issues for some syntax
highlighting. Change the printing of the nessage from echo to printf
so we can invisibly escape it.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allow command-line options to accept multiple arguments without
additional quoting by taking the list of arguments until one
starting with a "-" is reached.
The only current use of this is the --pkg option in makepkg. This
allows (e.g.)
makepkg --pkg foo bar
and packages "foo" and "bar" will be built.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows options specified with a trailing "::" to optionally
take arguments.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
vim recognises what type of shell script it's dealing with by looking at
the shebang. If detection fails it falls back to sh which doesn't
support some bash features. Adding a normal, possibly broken, shebang
which gets fixed by the Makefile allows vim to detect bash syntax.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
Revert to the old behavior that 6f5a90 attempted to simplify and go with
the original proposed solution of using "ugly" bash to detect empty
directories.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We fubar-ed this pretty good.
1. The whole old/new move shuffle was totally busted if you used a
relative path to your database, as we would just build the database in
place.
2. Our prior temp directory layout had the database files extracted
directly into it. When we tried to create a xxx.db.tar.gz file in this
same directory, due to the fact that we were no longer using a shell
wildcard, we tried to include the db in ourself, which is a big failure.
Fix all this by extracting to tree/ so we can have a clean top-level
temp directory.
3. Fix the inclusion of the './' directory entry; ensure the regex
prunes both leading paths of '.' as well as './'.
Where is that test suite again?
Signed-off-by: Dan McGee <dan@archlinux.org>
Otherwise there is no way to easily test or run with a standalone config
file without outside interference.
Signed-off-by: Dan McGee <dan@archlinux.org>
The path was not being stripped from $file before prefixing with
$srcdir resulting in the attempted removal of a very weird
filename.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We already use msg() and error() in here, might as well just use the
standard functions. In addition, fix one translated message that would
have printed ERROR twice if anyone ever saw it.
Signed-off-by: Dan McGee <dan@archlinux.org>
Allow one of 4 archive extensions: .tar{,.gz,.xz,.bz2} for each of the 2
valid repo extensions: .db and .files. Check for this via
'verify_repo_extension' directly after option parsing to assert that
this extension is present, and again after files have been added to get
the proper archive option for bsdtar.
Signed-off-by: Dave Reisner <d@falconindy.com>
Dump the whole conditional and filter the contents of the directory to
create an empty or non-empty archive.
Signed-off-by: Dave Reisner <d@falconindy.com>
Fixes FS#24893.
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This ranks high on the code readability scale. The same function formats
all of our data and writes to the metadata file at once.
Signed-off-by: Dave Reisner <d@falconindy.com>
Fields like groups and depends should be stored as arrays. This requires
rewriting our write_list_entry function to accomodate our new data type.
This new function will not write to a file, but rather only format it.
Signed-off-by: Dave Reisner <d@falconindy.com>
grep and sed aren't needed here, and this removes the truly ugly
manipulation of IFS. The process substituion could just as well be a
herestring, but it breaks vim's syntax highlighting. Style over
substance, mang.
Signed-off-by: Dave Reisner <d@falconindy.com>
* 'master' of git://projects.archlinux.org/pacman:
pactree: carry a list of databases for dep resolution
makepkg: Remove a lone quotation mark
makepkg: remove the cleancache option
Don't require a transaction for sync DB updates
Move locking functions to handle
Add a 'valid' flag to the database object
Move database 'version' check to registration time
Do database signature checking at load time
This is a fairly useless feature given all it does is an "rm" on a
directory. It is also unlikely that you would want to remove the
entire SRCDEST anyway, but rather just the old files.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
There was a lot of inconsistency in how strings that should not be
translated (program names, option flags, PKGBUILD directives, etc) were
handled. This patch moves them all outside the gettext invocation for
consistency and to prevent accidental translation.
Note that some of these may need reverted if they cause difficulties in
translation due to gettext usage in bash not taking positional parameters
for arguments. A quick survey of current translations indicates that this
issue will be rare. Also, we should be able to catch these before a full
string freeze given we are going to probably need a "developer preview"
release before the next release series.
Signed-off-by: Allan McRae <allan@archlinux.org>
b899099 made path checking a bit more strict than I had intended, and
would actually forbid creation of a repo in $PWD if only the filename
was specified. readlink would be the fun and easy solution here, but
it's avoided due to portability issues, making the validation process a
bit more verbose.
Signed-off-by: Dan McGee <dan@archlinux.org>
This has gettext strings, but wasn't added to the list of files in
POTFILES.in just yet. Add it and update the catalogs.
Signed-off-by: Dan McGee <dan@archlinux.org>
Now that we have performed the split, prune the catalogs of all
pacman-only messages.
All old messages were pruned from the files using the following command:
sed -i -e '/^#\~/,' *.po
Note: the diff on this commit looks much less insane if the --patience
option is used.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is the first step at separating the pacman message catalog and the
scripts message catalog. Makefiles, configure.ac, and other such files
are adjusted accordingly, as well as renaming files. The TEXTDOMAIN of
scripts is also adjusted.
Note that no actual pot or po files get changed here; these will get
pruned in a future commit so each catalog contains only the necessary
messages.
Signed-off-by: Dan McGee <dan@archlinux.org>
Way back in c94bfbaba when refactoring makepkg options handling, I added
these lines to unset MAKEFLAGS if '!distcc' was set in a PKGBUILD (not
taking into account makepkg.conf settings). This was an attempt to say
"if it is broken in distcc, it is probably broken even more". However,
this is silly as one should be using '!makeflags' as well. Remove the
linkage.
Signed-off-by: Dan McGee <dan@archlinux.org>
Unify function braces to be top right opening, bottom left closing.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add a function that checks for the software needed by makepkg to
process a PKGBUILD with the requested options. This allows makepkg
to bail early in the packaging process.
Many other checks can be added to this function...
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Contractions are less clear for non-native speakers so should be
avoided (and cause syntax highlighting issues). Also, the 'provides'
and 'depends' strings are not to be translated.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add a BUILDDIR variable (which can be overridden in the environment)
to specify an alternative location for building the package. This is
useful for people who want to build on a different filesystem for
improved performance (e.g. tmpfs).
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This patch enables the automatic compression of executable binaries
using UPX when the 'upx' options is specified in makepkg.conf or the
PKGBUILD. Additional arguments can be passed to UPX by specifying
the UPXFLAGS variable.
Original-patch-by: Bryce Gibson <bryce@gibson-consulting.com.au>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Previously, the error message when trying to add to a repo where a
parent directory didn't exist was:
==> ERROR: Failed to acquire lockfile: /path/to/noexist/repo.tar.gz.lck
This sucks. Make an explicit check to ensure that the path to the repo
really does exist, and throw a meaningful error message when it can't be
found.
Dan: reuse an existing (translated) error message.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
A plain '.tar' ending should be allowed. This corresponds to how we
handle this extension in makepkg. Also fix up the other extension
checks, which were missing a leading '.' character.
Signed-off-by: Dan McGee <dan@archlinux.org>
Create source package files inside the fakeroot environment to
ensure reasonable ownership of files within the archive.
Fixes FS#24330.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>