GNU su supports the -c option to specify a command to execute.
However, other flavours of su may have a different interpretation
of the '-c' flag (e.g. FreeBSD and OpenBSD).
The behaviour is correct when '-c' follows an explicit username.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
A non-GNU version of awk may not support the (|...) syntax for
an optional group and require '()' to match an empty string.
The (...)? syntax is more appropriate for this usage.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Trailing backslahses can lead to additional spaces at the front
of extracted entries. See FS#23524. Strip these while parsing
the PKGBUILD entries.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The use of "tr" only leads to trouble. Remove unnecessary usage
of it from within makepkg.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
to quote dan:
"turkish will FUCK YOU UP. this is not the first or the last time"
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Three new command line options were added:
--sign: forces the generation of a signature for the resulting package,
taking precedence over the value in makepkg.conf
--nosign: do not sign the resulting package
--key <key>: use a different key than the user's default for signing
the package.
A check is performed to ensure the user has (provided) a valid gpg key
for signing.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Use mode 755, so non-root users can see inside.
Add "--no-permission-warning" to GPG_PACMAN to suppress the noise that
otherwise comes of not using mode 700 - this is not private data.
GPGme turns out not to issue this warning itself, so no problem there.
TODO: should non-root users be allowed to use the read-only operations
(--list, --export, --finger)?
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This now includes -s and -v, tailors itself to the current command,
and is formatted more like that of other pacman commands.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move the create_signature() call outside the case of non-empty
databases, so it will be called regardless.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
My main motivation was to remove the "sync", which can stall for
minutes on a busy machine (FS#23378). I also cleaned up the redirection.
Signed-off-by: Jan Steffens <jan.steffens@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move checksum and pgpsig calcluation before changing into the
tmpdir, otherwise we can't find the files if a relative path
was used.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Implements FS#23103. Also modify libalpm so it ignores this value
without any warning as we know it is likely to exist.
Signed-off-by: Dan McGee <dan@archlinux.org>
Make it actually like all our other tools rather than some homegrown
format. Also make it translator friendly by not wrapping messages across
lines in different strings.
Signed-off-by: Dan McGee <dan@archlinux.org>
Make the usage output display nicely on 80 character width terminals.
Also fix parsing of "-h" and "-v" options and avoid root check when
run with no commands.
Signed-off-by: Allan McRae <allan@archlinux.org>
The --reload command was refactored to allow a more flexible management.
There are two sets of keys that will be added, one that will be
removed and one that will be kept.
The set of keys to be kept are configured in pacman.conf, with the
option HoldKeys, with the same meaning of HoldPkgs. It can be repeated
and several values can be put in the same entry.
The new behavior allows a key to be marked for removal, but the user
can decide if that key must be kept. For example, if a developer has
a public repository, signed with his own key, that key must be added
to the HoldKeys option. If the key is marked for removal from pacman's
keyring, it will not be removed for the users that have configured
HoldKeys correctly.
There are other minor fixes, mainly in the handling of --add command
when there is no aditional parameter. In that case, pacman-key will
behave just like gpg, adding the contents of stdin into pacman's keyring.
Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
The script pacman-key will manage pacman's keyring. It imports, exports,
fetches from keyservers, helps in the process of trusting and updates
the trust database.
Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This is intended to verify an existing signature on a database before
making further changes to it and performing updates. Rarely would you
use this without immediately resigning it via the -s/--sign option.
Instead, it is intended as a "chain of trust" operation where the
previous signature is verified to give you some sense that what you sign
off on is also safe.
Still todo: don't make changes unless the signature is not only good,
but also in the accepted list of keys.
Signed-off-by: Dan McGee <dan@archlinux.org>
In order to be fully secure, we can't only sign packages. We also need
to sign our repository metadata to prevent database falsification,
dependency injection, etc. Add an '-s/--sign' option that allows this
functionality, and will generate a .sig file side-by-side with the
package database.
While at it, fix the issue where a signature file would never be found
because of 'cd' madness (this needs fixing in another commit).
Signed-off-by: Dan McGee <dan@archlinux.org>
Use base64 encoding to store the value in the database if a .sig file exists
for the package being added.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a rather simple patch to add signing support to makepkg. Add a
create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf,
and document the changes in the makepkg.conf manpage.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
Prevents issues where optdepends descriptions contain a bracket.
Also, strip all comments from arrays before joining them.
Fixes FS#23307.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
A lot of these were places that should have used the same message but
didn't, or were very easy to convert to using the same message and
letting some of the burden off of the translators.
Signed-off-by: Dan McGee <dan@archlinux.org>
When generating integrity sums, we could get some weird output before due to
epoch being uninitialized:
/usr/bin/makepkg: line 234: [[: 2.6.37: syntax error: invalid arithmetic operator (error token is ".6.37")
Signed-off-by: Dan McGee <dan@archlinux.org>
Adding the "|| true" to the subshell prevents bash-3.2 setting off the
error_trap but requires changing the if statement.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Fixes bash-3.2 compatibility.
Thanks-to: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The current behaviour, which is placing source packages in PKGDEST if
SRCPKGDEST is not set, is inconsistent with {SRC,PKG}DEST handling and
there is no real advantage in doing so.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
At least in FreeBSD, find always returns 0 if it finds stuff
(imagine that). It doesn't care about the exit status of whatever is
passed to -exec.
This patch makes the checks compatible with this behaviour.
Using xargs and not using grep directly because packages with too many
files would cause grep to complain about argument list being too long.
This should also fix the false positive in packages with no files.
Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
dirty indicates if the repo has uncommited changes or not when building,
so dont hardcode this info.
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
repo-add should only attempt to create the delta file when using the -d
option.
Also adjust a couple of tests to use the "double bracket" syntax.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This makes things consistent with everywhere else we are incorporating the
new optional epoch field. Add a helper function that forms the version
string for you and use it in makepkg where I found 'pkgver.*-.*pkgrel'.
This exposes a few shortcomings in a previous "Override pkgver" patch
(2020e629) in the install package and check if built functions.
Signed-off-by: Dan McGee <dan@archlinux.org>
Instead, go the same route we have always taken with version-release in
libalpm and treat it all as one piece of information. Makepkg is the only
script that knows about epoch as a distinct value; from there on out we will
parse out the components as necessary.
This makes the code a lot simpler as far as epoch handling goes. The
downside here is that we are tossing some compatibility to the wind;
packages using force will have to be rebuilt with an incremented epoch to
keep their special status.
Signed-off-by: Dan McGee <dan@archlinux.org>
It is pretty annoying to get one, fix it, and then get another. We should be
able to continue on through most of the sanity checks in one go so the user
gets all the error messages at once.
Also ensure $pkgbase is defined by the time we call this function;
previously we printed nothing where a package name should have been due to
this oversight.
Signed-off-by: Dan McGee <dan@archlinux.org>
I tried to move things around here when testing and did a bit too much; the
warning message always showed regardless of delta inclusion in the call. Fix
it so we only warn if we have a filename, but the file couldn't be located.
Signed-off-by: Dan McGee <dan@archlinux.org>
Rather than explicit cd calls, we can use the directory stack to our
advantage. This also removes the need to store and restore $startdir, so
kill the variable entirely.
Signed-off-by: Dan McGee <dan@archlinux.org>
Add the "buildflags" option, which is useful in its negative form
for disabling CFLAGS, CXXFLAGS and LDFLAGS when building a package.
This is useful when determining of one of these flags is causing
an issue with a package.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
A PKGBUILD can have an option check() function for running test suites
between the build() and package() stages. This function is run by
default but can be disabled globally in with "!check" in BUILDENV in
makepkg.conf. This setting can be controlled on an individual package
basis using makepkg's --check and --nocheck flags. Addition dependencies
needed for running the test suite can be specified in the checkdepends
array and are only checked when running the check() function.
Original-work-by: Jeff C <jeff@kcaccess.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The closing parenthesis of bash arrays needs to be escaped in the ending
address of awk expressions in order to play nicely with implementations
of awk other than gawk. This change provides compatibility with gawk,
nawk and mawk.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Currently, using $pkgname in a split package package_*() function
always returns the first value in the pkgname array rather than the
name of tha package being packaged. Fix this so $pkgname gives the
expected value.
Fixes FS#22174
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We should always use $BUILDSCRIPT instead of PKGBUILD. The only
remaining uses of PKGBUILD in makekg are in comments.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The pacman-db-upgrade script was added to detect old pacman database
formats and upgrade them.
Currently performs the merging of depends files into desc files in
the local database.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Check the over-ridden entries for provides, backup, optdepends and
options for illegal entries. Partially fixes FS#16004.
Signed-off-by: Allan McRae <allan@archlinux.org>
The error message that has been removed never gets to print because, given the
same condition, handle_deps throws the same error and then immediately exits
makepkg.
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
As check_deps is run in a subshell, exit had the same meaning as return.
Since the intention is to halt makepkg when pacman throws an error other than
127, the enclosing function has to handle error control instead.
Fixes FS#19840
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The escape string isn't necesarily \033; it's determined by what the
particular termcap/info entry for that terminal contains.
Bash uses ncurses functions to expand \e to the _correct_ terminal
escape.
Signed-off-by: Carlos Diaz <839273@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allow it to be a variable in the PKGBUILD as well as propagating it through
to the built package and the package database. We leave some backward
compatibility in place by placing the '%FORCE%' option in the database if
the package contains an epoch; this will be used by older versions of pacman
and more or less ignored by versions that use epoch.
Signed-off-by: Dan McGee <dan@archlinux.org>
BASH is defined when you are actually using bash during configure, which
sucks because it ends up being '/bin/sh', messing up all of our scripts.
Change the name of the variable we use in configure, and also ensure we get
a full path to the executable by using AC_PATH_PROGS rather than
AC_CHECK_PROGS. Finally, change the variable name everywhere we use it.
Signed-off-by: Dan McGee <dan@archlinux.org>
This applies to contrib/ files, our scripts, and the documentation.
Dan: fix 'make clean' in contrib/ directory.
Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Dan McGee <dan@archlinux.org>
- Print an error if database entry was not found and delta entry cannot
be added
- More informative line when delta entry is added (oldfile -> newfile)
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows deltas to be generated at repo-add invocation time as opposed to
just added to the database. It will generate the delta from the package
version currently in the database.
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
'mknod <file> p' is apparently GNU-only. Looking at coreutils' source
code, It just calls mkfifo.
This one line patch should fix makepkg logging in non-GNU systems.
Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Dan McGee <dan@archlinux.org>
This prevents circular symlinks and weird final package locations
when using commands like 'PKGDEST="." makepkg'.
Fixes FS#20922.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Compare paths using bash's "-ef" rather than by string tests as this
takes symlinks into account. This will prevent issues similar to those
in FS#20922 if (e.g.) $PKGDEST is a symlink to $startdir.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The checking of the package for $srcdir references was overly
sensitive and gave a lot of what appear to be false positives with
binary files (in particular with debugging symbols kept).
Restrict the search for $srcdir to non-binary files as this should
still catch the majority of configuration issues the check was
initially designed to catch. Also, add a similar check for $pkgdir.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
For binary packages, the majority of the time used in the debugs symbol
stripping process is the actual stripping of the binaries/libraries and
not the testing of which files to strip. This allows more complete
stripping of packages that install to "non-standard" paths that would
not be generally included in makepkg.conf.
Any performance hit that may be apparent for (_large_) "arch=('any')"
packages can readily be avoided by disabling stripping in the PKGBUILD
options array.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
After a8dcfeccfc, Allan noted that one more regular exprssion inside makepkg
also contained quotes; these should not be there for the same reason as that
commit.
Signed-off-by: Dan McGee <dan@archlinux.org>
A pipe between tar and compression command is used. This improves
performance by running tar and the compression command simultaneously.
Using a pipe also reduces IO by not writing an intermediate tar file
to disk.
Signed-off-by: Juergen Hoetzel <juergen@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Regular expressions in bash should not be quoted. Glad this was in the
documentation and I didn't have to go to #bash to ask...
Signed-off-by: Dan McGee <dan@archlinux.org>
If optdepends was defined with empty members, then makepkg would
abort late in the package building process. Detect such cases
in the check_sanity() function.
Fix-provided-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Instead of declaring a new local variable for each loop in the
check_sanity() function, just reuse $i.
Signed-off-by: Allan McRae <allan@archlinux.org>
It is unnecessary to check for a variables existence before
looping over it.
Extracted from patch supplied by Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
"Invalid backup entry" was not a particular helpful error message,
especially when it was due to the file not being in the final package.
Clarify these two messages.
Signed-off-by: Allan McRae <allan@archlinux.org>
Combine changelog and install file creation in create_package().
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Eases maintanence if we need to add further options in the future.
Extracted from a patch supplied by Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
As noted in FS#20498, if an absolute path is used for specifying the
database when invoking repo-add, the symlink generated will point to the
absolute path instead of being relative to the directory. Fix this for
the two linking cases, but leave the copy untouched so that will still
work.
Signed-off-by: Dan McGee <dan@archlinux.org>
Prevent makepkg aborting whe colors are enabled and the terminal
does not support setting colors by tput.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
When performing local testing, it may be useful to add PKGEXT='.pkg.tar'
to the PKGBUILD to save time, especially with big packages.
Signed-off-by: Dan McGee <dan@archlinux.org>
Fixes repackaging issues when multiple package names are passed to the
--pkg option.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
With commit 5dffef78, the repo database always has a symlink
of the form reponame.db. Use that filename and let libarchive
determine the compression type.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Variables that are only meaningful within the function they are declared in are
now prefixed by "local".
Signed-off-by: Andres P <aepd87@gmail.com>
[Allan: fix whitespace]
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This fixes two issues:
1) using "sudo -l" results in excess password asking under certian
configurations. Revert to the pre 3.4 behaviour of always using
sudo if it is installed.
2) Properly escape the command so that that versioned dependencies,
such as "foo>4", do not get treated as output redirection when using
su. This also unifies the generation of the pacman line and its
privilege escalation.
Based on patches supplied by Andres P <aepd87@gmail.com> with minor
adjustments for suitability for the maint branch.
Original-work-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
When makepkg catches a command failure it currently prints "Aborting..."
and exits. Clarify the reason for aborting from packaging is a failure
during one of the PKGBUILDs functions.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Attempt to find "du" from coreutils in the standard paths and if
not revert to the version in the users PATH. Using the full path
prevents issues such as FS#19932, where a different and incompatible
version of du is put earlier in the users path.
Signed-off-by: Allan McRae <allan@archlinux.org>
The 'grep -R' in the $srcdir check would not only grep regular files,
but also devices, symlinks (that might potentially point outside of
$pkgdir), pipes and so on. Use find to ensure only regular files are
examined.
This should fix https://bugs.archlinux.org/task/19975
Signed-off-by: Allan McRae <allan@archlinux.org>