1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-18 23:35:01 -05:00
Commit Graph

4612 Commits

Author SHA1 Message Date
Denis A. Altoé Falqueto
e8069cfc3d makepkg: command line options for signing packages
Three new command line options were added:

--sign: forces the generation of a signature for the resulting package,
taking precedence over the value in makepkg.conf

--nosign: do not sign the resulting package

--key <key>: use a different key than the user's default for signing
the package.

A check is performed to ensure the user has (provided) a valid gpg key
for signing.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-28 09:03:28 -05:00
Ray Kohler
4ef664f485 Create pacman keyring directory if missing
Use mode 755, so non-root users can see inside.
Add "--no-permission-warning" to GPG_PACMAN to suppress the noise that
otherwise comes of not using mode 700 - this is not private data.

GPGme turns out not to issue this warning itself, so no problem there.

TODO: should non-root users be allowed to use the read-only operations
(--list, --export, --finger)?

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 21:50:52 -05:00
Dan McGee
7a9b0e0f06 Update pacman.pot with changed strings
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 21:39:16 -05:00
Dan McGee
c3ae209246 Documentation formatting updates
Be consistent in the Synopsis and Description sections with the use of
quotes around command names.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 21:27:15 -05:00
Ray Kohler
f6c8532fd0 Add manpage for pkgdelta
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 21:26:52 -05:00
Ray Kohler
c0190798e1 Update repo-add manpage
Add -v, mention delta support (other than -d), and split
repo-add-specific options out from those common to repo-add and
repo-remove.

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 21:20:20 -05:00
Ray Kohler
86ff381ac2 Clean up repo-add usage message
This now includes -s and -v, tailors itself to the current command,
and is formatted more like that of other pacman commands.

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 21:13:52 -05:00
Dan McGee
4a3cd364d0 Temporary fix for new warnings from gcc 4.6
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:48:26 -05:00
Dan McGee
3f269503d5 Merge branch 'maint'
Conflicts:
	lib/libalpm/deps.c
2011-03-27 20:41:23 -05:00
Ray Kohler
630b7b94c3 Sign database even if empty
Move the create_signature() call outside the case of non-empty
databases, so it will be called regardless.

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:35:43 -05:00
Ray Kohler
43dacceb6b makepkg: allow PKGEXT and SRCEXT to be overridden by env variables
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:15:52 -05:00
Dave Reisner
c02556e290 Rely on the return value of type instead of its output
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:15:20 -05:00
Dave Reisner
a9fb4d9d5b lib/dload: abstract out helper function to set utimes
This greatly simplifies the cleanup fallthrough in our download function
and we'll be able to reuse this for signatures.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:14:47 -05:00
Dave Reisner
98c8ab18ff lib/dload: remove proxy debug output
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:14:20 -05:00
Dave Reisner
33c08ac91e lib/dload: code simplification
Based on the fact that localf always points to the same file, there's no
need to code in multiple fopen calls with varying results. Instead,
track the desired file open mode and make a single call to fopen.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:14:10 -05:00
Dave Reisner
fd64988c80 lib/dload: merge get_{destfile,tempfile} into get_fullpath
Create a more general function that allows appending a suffix to a
filepath.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:12:51 -05:00
Dave Reisner
55f790ebe4 pacman/pacman.c: fix setting of useragent string
libcurl doesn't natively honor the HTTP_USER_AGENT environment variable.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:12:29 -05:00
Dave Reisner
283bf7e87c lib/dload: pass a struct with filename and size to curl_progress
This lets us determine the real size of the file on disk so that we can
properly bump the progress bar when we're resuming a download.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:12:17 -05:00
Dan McGee
ea216d3f5a Clarify error message in pacman-db-upgrade
Addresses FS#23451.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:03:08 -05:00
Dan McGee
68701a98af Ensure reported missing dependencies show correct version comparison
This addresses FS#23424. The -dd backend code was introduced in commit
b6ec9019d7, and unfortunately the munged depend used for comparison did
not carry through to the eventual display of this version. To fix this,
we undo some of the depcmp_tolerant() business introduced, and instead
make a new pmdepend_t object if necessary when the no dependency version
flag is set. This results in the correct depend being copied to the
missing depend passed onto the frontend.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-25 15:43:08 -05:00
Dan McGee
3bc3999bd2 Mark various functions in deps.c static
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-25 15:40:12 -05:00
Dan McGee
5a9a570dda Move alpm_find_dbs_satisfier() function down in deps.c
This will make sense for a later commit when static/non-static
properties of other functions are changed.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-25 15:40:12 -05:00
Dan McGee
c40fc6b80d Rework find_requiredby() to not use _alpm_dep_edge()
And move the sort after the final loop; we don't need to sort once for
each database we look at.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-25 15:40:12 -05:00
Dan McGee
7f480ccc0d Don't include version in dep string if mod == ANY
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-25 15:40:12 -05:00
Dan McGee
e214b260ef Update usage instruction strings
* Address FS#23433 by documenting -d vs. -dd
* Drop the useless "as well", "also", "too", and "that won't break
  packages" strings from -R usage
* Fix alignment of multiline strings in source (no string change)

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-25 13:47:27 -05:00
Dan McGee
86e7f60756 Merge branch 'maint' 2011-03-24 21:18:09 -05:00
Ray Kohler
c37c9c5dca Add -T, --deptest to usage message
Fixes FS #23369

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24 21:16:11 -05:00
Jan Steffens
14474a32c9 Make log redirection saner
My main motivation was to remove the "sync", which can stall for
minutes on a busy machine (FS#23378). I also cleaned up the redirection.

Signed-off-by: Jan Steffens <jan.steffens@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24 20:27:56 -05:00
Dave Reisner
e68e994eb2 alpm/db: do not close local DB in alpm_db_unregister_all
pacman 3.5.0 removed alpm_db_register_local, so calling
alpm_db_unregister_all leaves the front end in a position where there's
no local db, and no way to re-register it.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24 17:18:24 -05:00
Ray Kohler
cfa2eebdaf Fix use of relative paths for packages in repo-add
Move checksum and pgpsig calcluation before changing into the
tmpdir, otherwise we can't find the files if a relative path
was used.

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24 17:15:35 -05:00
Allan McRae
a8b22e16ef Do not reuse old signature
After updating a database, remove the old signature to prevent it
being used in validation if the new signature fails to download.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 22:58:32 -05:00
Allan McRae
38da050f31 Download and verify package database signatures
If signature verification is needed, attempt to download a signature
file for a repo when it is updated. Return an error if unable to
download signature only when checking is mandatory, or if signature is
invalid.

TODO: At the moment the database signature is only checked on download.
Should we do anything with a database if it fails to be verified to prevent
its future usage?

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 22:58:00 -05:00
Dan McGee
9a3325a56d Refactor signature loading code into common function
We can use this for both standalone package signatures as well as
standalone database signatures.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 22:56:54 -05:00
Allan McRae
ed6fda2f98 Add functions for verifying database signature
Add a pmpgpsig_t struct to the database entry struct and functions for
the lazy loading of database signatures.  Add a function for checking
database signatures, reusing (and generalizing) the code currently used
for checking package signatures.

TODO: The code for reading in signature files from the filesystem is
duplicated for local packages and database and needs refactoring.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 22:22:33 -05:00
Dave Reisner
ef26c44524 etc/makepkg.conf: use curl in place of wget as a DLAGENT
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 20:37:20 -05:00
Dave Reisner
b9263fb4e1 lib/dload.c: Check for dlcb == NULL earlier
Our curl callback does a whole lot of work for nothing if the front end
never defined a callback to receive the data we'd calculate for it.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 11:04:42 -05:00
Dan McGee
351942c71b Update doc/index.txt with 3.5.1 release date
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 11:03:35 -05:00
Dave Reisner
47e41b2023 lib/dload.c: don't use deprecated curl symbols
CURLINFO_HTTP_CODE is deprecated in favor of CURLINFO_RESPONSE_CODE.
Both yield the same values.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:44:16 -05:00
Dave Reisner
e29301954c lib/dload.c: don't request compressed transport
The files we transfer are generally compressed already, so this just
adds unnecessary overhead.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:44:10 -05:00
Dave Reisner
82fb7a0202 lib/dload.c: Fix progress callback issues on download
Use a static variable to effectively track the initialization state of
the progress callback via the last byte amount reported as downloaded by
libcurl.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:43:58 -05:00
Dave Reisner
768451c5e3 lib/dload.c: fix compiler warnings generated by -Wfloat-equal
* introduces new macro in util.h (DOUBLE_EQ) for properly comparing
  floating point values

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:43:53 -05:00
Dave Reisner
db49c4a7f0 buildsys: use libcurl's m4 macro for buildtime detection
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:43:17 -05:00
Allan McRae
2f060dec6a Report output from signature checking to debug log
Move the (possibly still temporary) output generated during signature
checking into the --debug output.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:36:48 -05:00
Xavier Chantry
f9505063f8 Added gpg verification options per repo to the config file.
Once we do this, add support for VerifySig to pactest. We just check if
the repo name contains Always, Never or Optional to determine the value
of VerifySig. The default is Never. pacman uses Always by default but
this is not suitable for pactest.

Original-work-by: shankar <jatheendra@gmail.com>
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:35:50 -05:00
Dan McGee
18c6946961 Remove unnecessary sanity check on db->setserver
We pass in a db object, so no need to go looking for it in the list on
the handle. This is a remnant of when we passed in a treename, more than
likely.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:33:31 -05:00
Chris Brannon
ac88e90557 Let pacman specify GnuPG's home directory.
GnuPG looks for configuration files and keyrings in its home directory.
For a user, that is typically ~/.gnupg.
This patch causes pacman to use /etc/pacman.d/gnupg/ as the default
GnuPG home.  One may override the default using --gpgdir on the command-line
or GPGDir in pacman's configuration file.

Signed-off-by: Chris Brannon <cmbrannon@cox.net>
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:22:36 -05:00
Dan McGee
5b962f0d1c Add a pactest showing failed GPG verification
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:16:29 -05:00
Dan McGee
39c75c7000 Integrate GPGME into libalpm
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:16:29 -05:00
Dan McGee
061948597d Add some error codes for signature verification
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:16:29 -05:00
Dan McGee
4ae902ec5f Add signature directory as option on libalpm handle
This will serve as the home directory we pass to GPGME when making calls so
we can have a libalpm-utilized keyring.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:16:29 -05:00