1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-17 14:55:07 -05:00
Commit Graph

1098 Commits

Author SHA1 Message Date
Allan McRae
44de3183ff makepkg: prevent issues with files starting with a hyphen
Most places in makepkg deal with full file paths, but a few use the
file name only.  Protect from potential issues when a file name
starts with a hyphen.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-16 12:01:15 -05:00
Allan McRae
03465ad6b6 makepkg: append pkgbase to BUILDDIR if specified
This means multiple packages can be build using the same BUILDDIR
without their source files all ending up extracted in the same
directory.  Fixes FS#28417.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-16 12:00:42 -05:00
Dan McGee
8de0631edb Merge branch 'maint'
Conflicts:
	lib/libalpm/be_package.c
2012-03-08 18:08:15 -06:00
Dave Reisner
1a8c3e52d7 makepkg: exit via default signal handler in trap_exit
Similar to how we manage receipt of SIGINT in pacman's internal
downloader, catch the signal and invoke our own trap handler before
unsetting it and calling the default. This requires a slight
modification to the arguments passed to trap_exit so we can pass the
raised signal to trap_exit (note that we substitue USR1 for ERR since
the latter is unique to bash).

Fixes FS#28491.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-08 18:01:53 -06:00
Dave Reisner
bc311a24ce makepkg: use array instead of string
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-03-08 17:30:25 -06:00
Dave Reisner
8d26df5ee5 makepkg: avoid use of eval in run_pacman
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-03-08 17:30:15 -06:00
Dave Reisner
708a227578 makepkg: enforce decimal format for pkgrel
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-03-08 17:29:27 -06:00
Christian Hesse
09a93b2e0e makepkg: allow specifying compression options
Adds the ability to override the commands used to compressing
compiled and source packages.  This is useful for those wanting
to use alternative implementations of the compression tools or
non-default compression options.

Allan: documented options in man page

Signed-off-by: Allan McRae <allan@archlinux.org>
2012-03-08 17:28:36 -06:00
Dan McGee
6a636b2b6e pacman-optimize: standardize on openssl usage, only touch local/
The rest of our scripts have been using `openssl dgst` rather than tools
like `md5sum` for some time, so convert this one too. We also make the
following other adjustments:

* Use a `find -print0 | xargs -0` pipeline so paths with spaces and or
  newlines don't totally kill us.
* Ensure the files we write out contain only paths relative to the
  database root, where we know the filenames should all be sane.
* Remove use of `diff`, this was the only time we used it in scripts and
  we can get a cheap substitute by comparing file checksums instead.
* Only touch the local/ part of the database. It makes little sense to
  do anything to the sync/ directory anymore as they are compressed
  single files that should be regularly written out in full and won't be
  fragmented on any sane filesystem.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-08 17:26:23 -06:00
Pierre Schmitz
1fe6cabc4d pacman-key: Remove useless signature verification in --populate command
Verifing the keyring at this point is useless as a malicious package is already
installed and as such has several options to bypass this check anyway.

Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-05 11:57:30 -06:00
Dan McGee
4ffa0401d2 Translation updates from Transifex
* it updates to all translations
* minor fr, pt_BR, de, lt, sk and uk updates
* add new strings in pacman translation catalog

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-05 11:45:23 -06:00
Allan McRae
cb64fbeac4 Do not dereference symlinks when calculating size
Passing the "-L" flag to stat means we get the size of the file
being pointed to for symlinks instead of the size of the symlink.

Keep "-L" usage in repo-add as we want the actual size of the
package/delta/signature there.

Signed-off-by: Allan McRae <allan@archlinux.org>
2012-03-05 11:44:34 -06:00
Florian Pritz
ea7fc8962a makepkg: fix false error with multiple libdeps
With multiple items in $libdepends this check only worked for the first
one, everything after this returned an error. This was probably an issue
with \s being treated wrong.

Fix-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-03-05 11:44:34 -06:00
Florian Pritz
fbfcd86650 makepkg: fix extraction of soname in find_libdepends
libperl.so results in soname="libperl.so.so" which is wrong.

This returns the correct string: "libperl.so"

Fix-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-03-05 11:44:34 -06:00
Dan McGee
3849c3aec1 Merge branch 'maint'
Conflicts:
	contrib/pacsysclean.in
	src/pacman/conf.h
2012-02-20 17:00:26 -06:00
Allan McRae
5bbe342932 makepkg: rework libprovides
This reworks the implmentation of libprovides for the following
benefits:
 - Moves functionality from write_pkginfo() to find_libprovides()
 - Only calculates the version for libraries specifically requested
   and not all libraries. This has the disadvantage of running find
   over the $pkgdir for as many libraries as needed, but is unlikely
   to be an issue due to caching.
 - The order of the provides array in the PKGBUILD is kept in the
   package
 - There are more warning messages when things fail and those that
   were there are no longer errors (as I do not think failure of
   libprovides should result in complete packaging failure)
 - It is now modular so can be easy extended to other library types
   other than ELF *.so.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-20 16:54:19 -06:00
Dave Reisner
ca41427141 parseopts: normalize options into an array
Modify parse_options logic to fill an array instead of printing parsed
options. Avoid eval like the plague. Because it is the plague.

Fixes bugs such as FS#28445.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-16 17:31:16 -06:00
Christoph Vigano
edd81f3e8b makepkg: fix syntax error in remove_deps
This fixes a problem that occurs if you tell makepkg to remove installed
dependencies (just to be sure) but there are none. As the $ was missing
in front of deplist, the check never happened and 'pacman -Rn' was
called which obviously failed.

Dan: later reported as FS#28448.

Signed-off-by: Christoph Vigano <mail@cvigano.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-15 15:12:59 -06:00
Dan McGee
13a1d5883c scripts: unset CDPATH if cd is used
This wonderful/awful little bash shell variable wrecks havoc on `cd`
calls in shell scripts. Unset CDPATH in makepkg where we use `cd` quite
heavily. In pacman-optimize, we can move the change directory logic into
the bsdtar call so we are left with no usages of `cd` in the script.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-14 10:11:43 -06:00
Dan McGee
c7321a7b80 Merge branch 'maint'
Conflicts:
	lib/libalpm/sync.c
	src/util/pactree.c
2012-02-13 10:14:06 -06:00
Dan McGee
f8ae60bc28 Final pre-release Transifex updates
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-11 15:01:35 -06:00
Allan McRae
31432edcbe makepkg: disable extglob when sourcing BUILDSCRIPT
PKGBUILDs are advertised as being pure bash so it would be expected
that the default bash options are in effect when sourcing it.

This inadvertantly "fixes" FS#27780 where enabling extglob causes
the bash parser to error on non-valid bash function names like
package_libxml++(). Note that these function names are unsupported
in bash and could break again even with this "fix" in future bash
releases.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-11 14:53:33 -06:00
Allan McRae
9b1ab3d767 makepkg: deal with mercurial exit codes
From mercurial-2.1, "hg pull" returns 1 when there are no updates.
Catch the return code and either pull the update or return an
error as appropriate.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-11 14:52:54 -06:00
Dan McGee
5945241469 Translation updates from Transifex, mostly scripts
This is after some manual massaging to fix issues with newlines in some
translations of the script catalogs.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-06 21:59:12 -06:00
Dan McGee
f55be48977 Merge branch 'maint'
Conflicts:
	lib/libalpm/alpm_list.c
2012-02-06 05:50:48 -06:00
Andrew Gregory
b7c06d6d67 makepkg.sh.in - if both -r and -i are provided, only remove makedeps
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-06 05:50:27 -06:00
Andrew Gregory
0fdf0b19ce makepkg.sh.in - fix remove_deps test for deps to be removed
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-06 05:34:55 -06:00
Mantas Mikulėnas
17e71fc908 makepkg: add forgotten newline in help output
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-06 05:34:46 -06:00
Allan McRae
47313acee4 makepkg: Fix non-writable SRCPKGDEST error message
Provide a helpful error message for when creating a source tarball
and SRCPKGDEST is not writable.

Fixes FS#28197.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-31 11:22:50 -06:00
Dan McGee
4f54bde439 Merge branch 'maint'
Conflicts:
	scripts/makepkg.sh.in
2012-01-30 22:00:26 -06:00
Dave Reisner
9aa4d9a7b9 pacman-key: call gpg fewer times for revocation keys
Instead of iterating over the revocation keyfile and calling gpg once
for each key, map the file into an array and call gpg once, iterating
over this output to mark each key as revoked.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-30 21:59:41 -06:00
Dave Reisner
2a73f4e994 pacman-key: simplify trusted keyring iteration
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-30 21:59:34 -06:00
Dan McGee
9d1e8084df Update translations
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-30 21:56:53 -06:00
Dan McGee
7b2f600d71 Update pot translation catalogs
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-30 21:49:34 -06:00
Dan McGee
5c2928aa25 Make a few more copyright date tweaks
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-30 21:43:23 -06:00
Dave Reisner
9e9835f464 scripts: always use printf with embedded gettext
This addresses two problems:

1) echo's behavior is inconsistent when dealing with flags, and can
potentially be problematic.

  $ echo -n
  $ echo -- -n
  -- -n

2) Always using the end of options markers prevents translated strings
from throwing errors, as shown in FS#28069.

The remaining "inconsistencies" are because printf is being used in a
guaranteed safe manner, e.g.

  printf '%s\n' "$(gettext "--this can never break")"

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-30 21:31:38 -06:00
Allan McRae
7ff1b945f6 makepkg: workaround for zipman issues
This "fixes" two issues:

1) MAN_DIRS contains a glob by default so should not be quoted.  It is
not quoted anywhere else so this should not cause breakage...

2) the find statement returns 1 when some of MAN_DIRS are missing. This
appears to only be exposed when running makepkg as root (which it appears
some wrappers do...).

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-30 21:18:28 -06:00
Dave Reisner
41db62b77a makepkg: check for license when creating srcpackage
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-01-23 13:34:28 -05:00
Dave Reisner
225ee71cae makepkg: abstract license check into separate function
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-01-23 13:34:28 -05:00
Dan McGee
e50c4a8837 Merge branch 'maint'
Conflicts:
	lib/libalpm/diskspace.c
	src/pacman/util.h
2012-01-23 12:20:52 -06:00
Allan McRae
edd4276bbf makepkg: restrict usage of flags passed to pacman
With pacman-4.0, using --noconfirm or --noprogressbar with -Q or -T
results in pacman reporting an "invalid option" error. Restrict the
passing of these options to pacman. Fixes FS#28012.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-23 09:23:21 -06:00
Allan McRae
df47136bcf makepkg: fix error on unnecessary -r
The grep statement used to check for a difference between the
installed package list before and after resolving dependencies
returns 1 if there is no difference.  This sets of the error
trap when "-r" is used "unnecessarily".

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-23 09:23:15 -06:00
Dan McGee
562109c0e8 Update copyright on changed files since beginning of year
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-18 22:25:27 -06:00
canyonknight
c231c9af97 Improve exit statuses and error messages in pacman-key
Return codes from gpg commands are currently lost. This adds the functionality
of taking non-zero exit statuses from gpg. This includes error reporting for all
gpg commands that are run individually, run in a loop, and run through a pipe.

Includes the check_keyids_exist function which verifies a key exists locally
prior to attempted local manipulation of the key.

If a gpg command has a non-zero status, pacman-key will now exit with a non-zero
status. It will print a gettext error message of gpg's failure.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-18 22:01:12 -06:00
canyonknight
24ca6ce1f9 Turn gpg commands into functions in pacman-key
Adds functions for every gpg command. By pulling out the gpg commands from the
"program start" section, additional commands can be run before or after a
specific gpg command without adding additional clutter to the function call
section.

Adds an explicit exit status of 0 to prevent arithmetic expansions from
returning non-zero, thereby falsely causing pacman-key to have a non-zero exit
status.

This change creates the framework for additional error messages and better
exit statuses being added to every pacman-key gpg call.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-18 22:01:00 -06:00
Dan McGee
430b0df779 repo-add: clean up help messages
Use consistent blank lines across all commands, get rid of the
translated double newlines which only serve to confuse translators, and
fix -h/--help for that extra special third command this script offers.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-18 22:00:13 -06:00
Dan McGee
4f02b98338 Merge branch 'maint'
Conflicts:
	lib/libalpm/signing.c

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-08 12:14:04 -06:00
Allan McRae
73d0d743bd makepkg: abort on missing download agent
makepkg would not abort on a missing download agent due to the
output variable being declared local on the same line as the
function call in the assignment. That would result in strange output
such as:

==> Retrieving Sources...
==> ERROR: There is no agent set up to handle foo URLs. Check /etc/makepkg.conf.
    Aborting...
  -> Downloading foobaz...
/home/arch/code/pacman/scripts/makepkg: line 401: foo://foobaz: No such file or directory
==> ERROR: Failure while downloading foobaz
    Aborting...

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-08 12:13:32 -06:00
Allan McRae
2b38f4eab7 makepkg: fix missing source file detection
Declaring the variable as local on the same line as the assignment
results in result of the assignment being returned rather than the
result of the function on the righthand side of the assignment.

Declaring the variable as local on a separate line means the result
of the function on the r.h.s. is returned and our error function
will be invoked if necessary  (although it is practically impossible
to ever trigger it...).

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-08 12:03:56 -06:00
Allan McRae
36413aa856 makepkg: simplify source archive generation
Simplify the source tarball generation by unifying the handling of
local and remote files.  This also allows local files to be found
in $SRCDEST (FS#26580) and makepkg will abort on missing local source
files (only possible to trigger in combination with --skipinteg).

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-08 12:03:48 -06:00
Dan McGee
a857b9c8e0 Update translations from Transifex
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-05 17:04:42 -06:00
Dan McGee
c6e1d4ddde Update scripts translation catalog
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-05 17:02:10 -06:00
Allan McRae
b264fb9e9d makepkg: calculate exact total file size
The current calculation of the total file size for a package using "du"
suffers from issues in portability and correctness.  Especially on btrfs,
this can result in clearly wrong package information such as:

Download Size  : 14684.29 KiB
Installed Size : 7628.00 KiB

Use an approach based on "stat" to calculate total file size.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-28 22:32:22 -06:00
Allan McRae
1b46137426 makepkg: Use SKIP in checksum to skip integrity check
Using the value of "SKIP" in the checksum array will cause that
integrity check to be skipped.  This makes building packages that
rely on user configurable sources less painful.

Based-on-patch-by: Dan McGee <dan@archlinux.org>
Based-on-patch-by: David Campbell <davekong@archlinux.us>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-28 22:27:02 -06:00
Dan McGee
38143770a9 Merge branch 'maint' 2011-12-23 14:40:59 -06:00
Timothy Redaelli
5b749eeee9 pacman-key: Add missing quotes
Signed-off-by: Timothy Redaelli <timothy.redaelli@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-23 14:39:12 -06:00
Dave Reisner
5f0df42303 makepkg: split source elements when looking for sigs
Allows renamed .asc/.sig files to be still discovered by makepkg. This
is needed for a package such as PuTTY, which provides abnormally named
sig files (.DSA and .RSA) which are valid input for gpg --verify.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-12 12:47:46 -06:00
Dan McGee
781af8f91b Use automake verbose helpers in custom make rules
This converts our script generation to use the built-in AM_V_GEN macro,
which honors the V= setting passed to make and allows one to see the
full command if they truly desire. The AM_V_at macro is also used in
place of an explicit @ so verbose-mode compiles show all commands being
run.

We can also use these two macros in doc generation to quiet it down to
the level we expect.

Other minor changes:
* a pointless test call is removed in test/pacman/tests/
* sed is used instead of dos2unix as we depend on it anyway
* consecutive chmod calls are reduced to a single call (e.g., '+x,a-x')

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-08 09:17:39 -06:00
Lukas Fleischer
0e4946d559 scripts/*: Declare several constant variables read-only
Be more semantically accurate and avoid accidental overwriting of some
configuration variables that are considered to be constant.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-07 10:02:11 -06:00
Dan McGee
a3a75e0a41 Merge branch 'maint' 2011-12-07 10:00:20 -06:00
Dan McGee
17e0be9e6a repo-add: enforce maximum .sig file size
This prevents user error in adding a file generated via `gpg --sign`
rather than `--detach-sign`, for example. The same 16KiB limit is used
we use in our pacman download code.

The section is moved above the checksum generation to avoid presenting
info messages to the user if the signature isn't valid.

Addresses a shortcoming pointed out in FS#27453.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-05 10:48:47 -06:00
Dan McGee
1d98c6347c Merge branch 'maint' 2011-11-30 22:34:25 -06:00
Dave Reisner
a521cea96f makepkg: avoid using comm for diff'ing package lists
Whereas comm will check inputs to see if they're sorted (and warn when
they aren't), grep doesn't even care about ordering. In this particular
instance -- neither do we. We're only interested that the two lists are
equivalent.

Fixes FS#26580.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-30 22:28:13 -06:00
Dan McGee
f5820c8bd6 Miscellaneous post-4.0.1 updates
Some late-arriving translation updates and add the correct dates to the
index.txt releases table.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-30 22:28:13 -06:00
Dan McGee
96b3ba3470 Merge branch 'maint' 2011-11-20 21:40:50 -06:00
Phillip Smith
5ba8b83b8b makepkg: add support for PACKAGER environment var
Add support for overriding configuration in /etc/makepkg.conf and
~/.makepkg.conf by setting the environment variable PACKAGER similar to
how SRCDEST and PKGDEST behave.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-11-20 21:36:30 -06:00
Allan McRae
cb898be887 repo-add: Remove .tmp. prefix from output
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-11-20 21:36:30 -06:00
Dan McGee
80868b0da6 repo-add: ensure database and signature files are always viewed in whole
This addresses a short but sweet race condition currently existing in
repo-add and repo-remove. We do the smart thing and zip the database to
a location in a temporary directory and not over the original database
directly. However, we then proceed to move this file directly from the
temporary directory to our final location, which is more than likely a
cross-filesystem move (/tmp on tmpfs) and thus non-atomic.

Instead, zip the file to the same directory, prefixing the filename with
'.tmp.'. We then move the file into place. This move is guaranteed to be
atomic, so any reader of the database file will get either the old
version, the new version, or ENOENT.

We also perform a hardlink if possible instead of a move when shifting
the old database out of the way to '.old'; this ensures there is no
chance of a database file not existing during the whole process.

Only one small race condition should now be present- when the database
has been fully moved into place and the signature has not, you may see a
mismatch. There seems to be no good way to address this, and it existed
before this patch.

A final note- if someone had locked-down permissions on the directory
that the database files are in (e.g., could only write to foo.db.tar.gz,
foo.db, foo.db.tar.gz.old, foo.db.old, and the lock file), this would
break.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-20 21:36:30 -06:00
Dan McGee
6a9ed33055 repo-add: ensure path to LOCKFILE is always absolute
Given our semi-frequent use of pushd/popd, if we are in any directory
but the original and the database path given was relative, we won't
unlock the database file when cleaning up after an error.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-20 21:36:30 -06:00
Dan McGee
507a2d15e6 Final changes before 4.0.1 release
* Add last-minute changes to NEWS
* Don't treat '_' or '_n' special in scripts when finding translatable
  strings; this breaks with one use of `read` and a dummy _ variable

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-20 21:29:46 -06:00
Dave Reisner
b8ef22312b makepkg: trim trailing space from whitespace sensitive vars
This applies to pkgver, pkgrel, and epoch and ensures that any trailing
whitespace outside of the context of the variable declaration itself is
properly trimmed. The Bash parser will ignore this, and so should we.

We don't need to worry about leading space because it would force a
syntax error, or fail validation.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-20 21:17:43 -06:00
Dan McGee
919b604c29 Merge branch 'maint' 2011-11-16 14:51:17 -06:00
Dan McGee
c79c068fe9 Update translations from Transifex
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-16 14:45:25 -06:00
Dan McGee
c0ce10397a Update translations from Transifex
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-13 22:21:02 -06:00
Dan McGee
fcf0a8b203 Updates in preparation for 4.0.1 release
Bump the version, update the translation template files, and fill in
NEWS with relevant commits and changes since 4.0.0.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-13 21:55:52 -06:00
Dan McGee
1de5070bb3 Merge branch 'maint' 2011-11-13 13:38:57 -06:00
Dave Reisner
42e2f8bfbf makepkg: check for value before using eval'd var
This prevent bsdtar from exploding when install= or changelog= are
present without a value.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-10 09:22:17 -06:00
Dan McGee
1a994bf180 Merge branch 'maint' 2011-11-07 09:16:10 -06:00
Allan McRae
e7b56f48d7 makepkg: handle pgp signatures with .sign extension
Detached sgnature files with extension .sign are accepted by gnupg.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-07 09:14:09 -06:00
Dan McGee
90ddcbe71d Merge branch 'maint'
Conflicts:
	src/pacman/package.c

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-21 19:29:47 -05:00
Dan McGee
4bada45464 pacman-key: add a default keyserver timeout value on --init
The default is supposidely 30 seconds from the gpg manpage, but that
sure wasn't what I was seeing- it was somewhere closer to two minutes of
silence. Add a more reasonable 10 second timeout value which should be
good enough for any keyserver that doesn't totally stink at it's job.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-17 09:42:46 -05:00
Dan McGee
a33424f879 Merge branch 'maint' 2011-10-14 08:16:18 -05:00
Dan McGee
020bdb4298 makepkg: don't attach traps until after argument parsing
Nothing we do in our traps is necessary this early in the script. This
fixes FS#26196.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-14 08:16:06 -05:00
Dan McGee
ff87046354 Merge branch 'maint'
Conflicts:
	src/pacman/util.c
2011-10-13 11:25:50 -05:00
Lukas Fleischer
35e6136f4b scripts/*.sh.in: Honor TMPDIR environment variable
Replace "/tmp" with "${TMPDIR:-/tmp}" to allow for overriding the
hardcoded path.

Since we only use "/tmp" in conjunction with mktemp(1), we could also
have used "--tmpdir", which is GNU-ish, however (and the BSD counterpart
"-t" has been deprecated in GNU mktemp).

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-13 11:21:05 -05:00
Lukas Fleischer
241946ccea scripts/*.sh.in: Fix signal handler error messages
This includes some fixes to the messages that are displayed when a
signal is caught in makepkg or repo-add:

* Instead of always showing "==> ERROR: TERM signal caught. Exiting...",
  replace "TERM" by whatever signal is actually caught.

* Fix a typo in the SIGERR error message in repo-add ("occurred" instead
  of "occured"). Francois already fixed this for makepkg in 1e51b81c.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-13 11:20:12 -05:00
Lukas Fleischer
d4c97ea2f6 repo-add: Avoid race condition in signal handlers
There is a small chance that a user sends SIGINT (or any other signal
that is trapped) when we're already in clean_up() which used to lead to
trap_exit() being executed and the remaining code in clean_up() being
skipped due to the bash signal/trap handler blocking EXIT (since its
handler is already being executed, even if it's interrupted).

In practice, this behaviour caused unexpected results (primarily because
pressing ^C at the wrong time left a lock file behind):

    $ ./repo-add extra.db.tar.gz foobar
    ==> Extracting database to a temporary location...
    ^C
    ==> ERROR: Aborted by user! Exiting...
    $ ./repo-add extra.db.tar.gz foobar
    ==> Extracting database to a temporary location...
    ==> ERROR: File 'foobar' not found.
    ==> No packages modified, nothing to do.
    ^C
    ==> ERROR: Aborted by user! Exiting...
    $ ./repo-add extra.db.tar.gz foobar
    ==> ERROR: Failed to acquire lockfile: extra.db.tar.gz.lck.
    ==> ERROR: Held by process 18522

Fix this and reduce the chance of race conditions in signal handlers by:

* Unhooking all traps in both clean_up() and trap_exit().

* Call clean_up() explicitly in trap_exit() to make sure we remove the
  lock file and the temporary directory even if we send SIGINT when
  clean_up() is already being executed but didn't reach the unhook code
  yet.

Also, add an optional parameter to clean_up() to allow for setting an
explicit exit code when we call clean_up() from trap_exit().

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-13 11:20:03 -05:00
Dan McGee
a0d0f3f47f Final Transifex update before 4.0
We have a few incomplete translations, but these should be addressable
before the 4.0.1 maint release that is surely not that far in the
future.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-12 13:42:12 -05:00
Dan McGee
5a39172835 pacman-key: don't escape single quote in usage message
This screws up gettext and causes the message to display always
untranslated.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-11 09:07:20 -05:00
Dan McGee
8cc4ed0d63 Update translations from Transifex
In prep for the 4.0.0 release.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-11 09:07:19 -05:00
Allan McRae
36f31dd133 makepkg: strip comments after pkgver/pkgrel when checking value
Inline comments after pkgver or pkgrel would cause the sanity
checks to fail so remove them before checking the value.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-10 19:05:22 -05:00
Dan McGee
a8ca9b93f8 Update translation message catalogs in prep for 4.0 release
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-05 22:39:05 -05:00
Dan McGee
dc7d691b20 Update translations from Transifex
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-05 22:30:14 -05:00
Dan McGee
484d5ec624 pacman-key: treat foo-trusted as an ownertrust export file
This allows it to serve double-duty. In order to allow users to base
verification decisions off of both a valid signature and a trusted
signature, we need to assign some level of owner trust to the keys we
designate as trusted on import.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-05 22:00:52 -05:00
Dan McGee
ab7d2890a4 pacman-key: refine and clarify import/import-trustdb behavior
* --import now only imports keys from pubkey.gpg and does not import
  owner trust; if you want to have both simply run the operations in
  sequence.
* --import-trustdb has been simplified; it will overwrite existing
  values in the trust database as before, but there is no need to export
  it first as those values are safe if left untouched.
* Fix the manpage referring to a non-existent option.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-05 21:55:53 -05:00
lolilolicon
94bc64ae1b makepkg: create tar file for bogus PKGEXT
If PKGEXT is not one of the recognized tar*'s, create_package() would
create an empty package file and fail, since bsdtar on the left side of
the pipe returns 141 on SIGPIPE (broken pipe).

This patch changes the behavior for an invalid PKGEXT. A warning is
printed on stderr, and a tar file is created. Also retire the obsolete
$EXT variable.

Add the obligatory comment why we don't use bsdtar's compression.
Finally, fix mixed-tab-space indentation.

Signed-off-by: lolilolicon <lolilolicon@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-10-03 10:59:10 -05:00
lolilolicon
b0543440ca makepkg: support .tar.Z source packages creation
SRCEXT should allow whatever PKGEXT does.
Also address an uninitialized use of $ret.

Signed-off-by: lolilolicon <lolilolicon@gmail.com>
2011-09-30 10:57:44 -05:00
Dave Reisner
938fb2c878 pacman-key: remove errexit flag from shebang
We're ill equipped to be using this flag as we don't trap and respond to
the ERR signal. The result is that if is ever tripped, pacman-key will
instantly exit with no indication of why. At the same time, we're
already fairly good about doing our own error checking and verbalizing
it before dying.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-30 10:48:28 -05:00
Allan McRae
07ecd40a1a pacman-key: return 0 from get_from if default value used
This prevents the error trap being set off when GPGDir is commented
in pacman.conf.  Bug introduced in 507b01b9.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-30 10:48:19 -05:00
lolilolicon
775b94e649 pkgdelta: proper quoting in [[ expression ]]
Always quote the right-hand side of expression when the == or != operator
is used, unless intended as a pattern.

Signed-off-by: lolilolicon <lolilolicon@gmail.com>
2011-09-28 14:09:01 -05:00
lolilolicon
497501d1c7 makepkg: proper quoting in [[ expression ]]
Always quote the righthand side of expression when the == or != operator
is used, unless intended as a pattern.  Quoting bash(1):

When the == and != operators are used, the string to the right of the
operator is considered a pattern.  Any part of the pattern may be quoted
to force it to be matched as a string.

Signed-off-by: lolilolicon <lolilolicon@gmail.com>
2011-09-28 13:06:03 -05:00
Dave Reisner
619c3629ca makepkg: ensure '-' is last in a character glob
If '-' isn't the last item, it's interpreted as a range and not
literally, causing problematic behavior in parsing optdepends.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-27 11:35:17 -04:00
Dan McGee
e70d540501 pacman-key: use consistent punctuation in error messages
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-27 09:17:11 -05:00
Dave Reisner
507b01b912 pacman-key: allow get_from to return a default value
Keep the non-zero return val to let the caller know that the key wasn't
found.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26 16:02:19 -05:00
Dave Reisner
b6ccae2d18 pacman-key: simplify writing to config file
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26 16:02:19 -05:00
Allan McRae
dd82b8d09f makepkg: normalize whitespace for optdepends in .PKGINFO
Many PKGBUILDs use formatting whitespace when specifying optdepends.
This is removed when adding a package to a repo-database so the
output of "pacman -Si <package>" and "pacman -Qip <package file>"
becomes inconsistent.  Instead, do the adjustment when creating
the .PKGINFO file.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26 16:02:19 -05:00
Allan McRae
6adf502f0d makepkg: allow versioned optdepends with epoch
Allow the specification of versioned optdepends with an epoch.
This also (partially) enforces a whitespace between ":" and the
description which is required for the future optdepends parsing
code.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26 16:02:19 -05:00
Dan McGee
43787d0067 Regenerate message catalogs and translations
We've had a bit of churn since the last time this was done.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:36:09 -05:00
Dan McGee
a78e3e3a23 Translation file updates from Transifex
Pick up any updates before I push new source messages out to the
service.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:35:31 -05:00
Dan McGee
1df9b2aa79 pacman-key: add an additional plain text 'foo-trusted' file
This is similar to the 'foo-revoked' file we had. This will be used to
inform the user what keys in the shipped keyring need to be explicitly
trusted by the user.

A distro such as Arch will likely have 3-4 master keys listed in this
trusted file, but an additional 25 developer keys present in the keyring
that the user shouldn't have to directly sign.

We use this list to prompt the user to sign the keys locally. If the key
is already signed locally gpg will print a bit of junk but will continue
without pestering the user.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:15:45 -05:00
Dan McGee
067721cbff pacman-key: factor out validate_with_gpg() method
This was copy-pasted code for the most part once the filename was
factored out.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:15:45 -05:00
Dan McGee
33685b960d pacman-key: remove holdkeys functionality
We're putting the cart ahead of the horse a bit here. Given that our
keyring is not one where everything is implicitly trusted (ala gpgv),
keeping or deleting a key has no bearing on its trusted status, only
whether we can actually verify things signed by said key.

If we need to address this down the road, we can find a solution that
works for the problem at hand rather than trying to solve it now before
signing is even widespread.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:15:45 -05:00
Dan McGee
595e1a437f pacman-key: implement promptless lsigning
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:15:45 -05:00
Dan McGee
7d961c849b pacman-key: disable, don't remove, revoked keys
Unlike our protégé apt-key, removing a key from our keyring is not
sufficient to prevent it from being trusted or used for verification. We
are better off flagging it as disabled and leaving it in the keyring so
it cannot be reimported or fetched at a later date from a keyserver and
continue to be used.

Implement the logic to disable the key instead of delete it, figuring
out --command-fd in the process.

Note that the surefire way to disable a key involves including said key
in the keyring package, such that it is both in foobar.gpg and
foobar-revoked.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:15:39 -05:00
Dan McGee
213950afa3 pacman-key: simplify import in populate
This finishes the cleanup started in 710e83999b. We can do a straight
import from another keyring rather than all the funky parsing and piping
business we were doing.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:14:35 -05:00
Dan McGee
491b656c54 pacman-key: don't hide --verify details in populate
Otherwise we're hiding extremely relevant bits like this one:
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:14:35 -05:00
Dan McGee
03e1b4caa9 pacman-key: print message in populate if signature is missing
Rather than saying it was invalid, tell the user no signature exists.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:14:35 -05:00
Dan McGee
a7691ba6fd pacman-key: clean up populate output
* Ensure usage message is indented correctly
* Show short filenames for both the gpg keyring and revocation file

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:14:35 -05:00
Dan McGee
4b6a5ae159 pacman-key: ensure array iterations are quoted
When doing something like `pacman-key --edit-key 'Dan McGee'`, one would
expect it to work, and not fail.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:14:34 -05:00
Dave Reisner
68856755c4 buildsys: remove existing symlinks before installing
This fixes build errors when performing a manual install straight to a
filesystem where the files already exist.

Reported-by: Sergej Pupykin <ml@sergej.pp.ru>
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-14 17:18:07 -05:00
Dave Reisner
4a02350ded makepkg: fix recreation of hardlinks to .gz manpages
4ed12ae tightened up the logic to use only find, but ignored the fact
that since the manpage hard link names were no longer captured. They
were created as separate compressed manpages, rather than as hardlinks.

This also introduces a minor efficiency of deleting all hardlinks at
once and using proper iteration over an array rather than a string.

Note to anyone else touching this code: e2fsprogs and libpcap are useful
for testing this. If that changes in the future, you can use the below
bash to locate others:

  IFS=$'\n' read -rd '' -a a < <(find /usr/share/man -type f \! -links 1)
  pacman -Qqo "${a[@]}" | sort -u

I broke it!

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-14 17:25:29 -04:00
Dave Reisner
d1e04c1b67 makepkg: add missing newline on passing gpg sourcecheck
When a sourceball passes this check without any warnings, a newline is
omitted. Similar to the if clause of this else block, print a single new
line at the end of the clause instead of accounting for each output.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-14 14:19:18 -04:00
Dave Reisner
0f69e2ec0b makepkg: check for var existance before file existance
This prevents makepkg from aborting with 'file not found' when
changelog= or install= are declared in a PKGBUILD, but empty.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-12 08:27:13 -04:00
Dave Reisner
c736a12e86 makepkg: unset errexit when sourcing /etc/profile
This is a fix for a bash3 specific bug, where a file sourced by
/etc/profile would exit non-zero and make its way back up to makepkg,
forcing it to exit after package installation. Along with unsetting the
ERR handler, temporarily unset errexit to avoid this.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-11 13:47:07 +10:00
Dave Reisner
905ae640cf makepkg: use more awk'ish syntax in sanity checks
This simplifies the flow a bit, making the pipeline a little easier to
grok.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-07 21:05:05 -05:00
Dave Reisner
4ed12aec30 makepkg: avoid for loop in deleting manpage hardlinks
find can do this all on its own and remain portable.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-07 21:05:04 -05:00
Dave Reisner
17c3de3e4f makepkg: act on function return value, not output
Correcting a typo, as this function will never output anything.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-07 21:05:04 -05:00
Dave Reisner
3d9f961d13 makepkg: refactor check_pgpsigs output
- display associated warnings on same line as pass/fail msg, to be more
  consistent with checksum verification output
- properly error on a revoked key (matching pacman's behavior)

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-07 21:05:04 -05:00
Dave Reisner
0e79802c0a makepkg: use globs in place of regex
We seem to enjoy using bash regex capabilities, but never referencing
the result with BASH_REMATCH. Replace almost all regexes with equivalent
globs which are faster and functionally equivalent in these cases.

This enables the extglob shopt.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-06 11:46:01 -05:00
Dave Reisner
29ad9e0a0a makepkg: unset variables as per !{make,build}flags
Don't just set the flag variables to zero length strings, actually unset
them from the environment. This fixes issues with broken gnu Makefies
that use ?= for assigment, where the presence of a var is enough to make
this condition avoid assignment.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-06 08:45:44 -05:00
Dave Reisner
7ed54a9940 rankmirrors: properly sort resulting times
- Properly read each sorted line into a new array, instead of breaking
  on every word.
- LC_COLLATE should apply to the sort portion of the pipeline, not the
  printing.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-06 08:44:34 -05:00
Dan McGee
16fd66f879 pacman-key: add --refresh-keys operation
This allows new signatures to be pulled, revocations to be found, etc.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02 21:44:04 -05:00
Dan McGee
d9545103b9 pacman-key: split keyserver to a separate option
This also renames '--receive' to '-recv-keys' to match the wrapped gpg
option name, rather than invent a new one, now that the calling
convention is the same.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02 21:43:03 -05:00
Dan McGee
5a9b07b0e7 pacman-key help and documentation cleanup
We were using the mystical [<foobar>] options which is some sort of
cross between a <required> argument and an [optional] one. Remove this
madness and do some other general cleanup/consistency work in the
manpage.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02 21:41:40 -05:00
Dan McGee
3c3ee6796a pacman-key: document --lsign-key
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02 21:41:40 -05:00
Dan McGee
11873b70ae makepkg: fix overzealous PGP signature file matching
The regex wasn't rooted at the end of the filename, nor was it matching
a period/dot before the file extension. The end result was this matched a
file named '07_all_sig.patch' which is totally broken.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-01 11:42:55 -05:00
Dave Reisner
cf1f014393 makepkg: fix sanity checking in versioning
Read the entire variable, respecting escapes, which are necessary to
retain for the successive eval.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-01 11:32:26 -05:00
Dave Reisner
5bb2d2e0a0 makepkg: read filenames in a while loop
Further improvments on 2ca27ab which will allow the changelog and
install script files to contain whitespace.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-01 11:32:20 -05:00
Dave Reisner
35d8cc8bc8 makepkg: fix breakage in eval'ing quoted strings
Broken in 2ca27a by me, trying to fix another problem.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-01 11:32:14 -05:00
Dan McGee
50f53b293c pacman-key: add --lsign-key operation
This allows local signing of a given key to help establish the web of
trust rooted at the generated (or imported) master key.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-30 08:39:26 -05:00
Dan McGee
7479bf21e8 pacman-key master key generation
This enables pacman-key, during --init, to generate a single secret key
for the pacman keyring if one is not present. This will be used as the
root of the web of trust for those that do not wish to manage it with
their own key, as will be the default.

This does not preclude later adding other secret keys to the keyring, or
removing this one- we simply ensure you have at least one secret key
available.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-30 08:23:46 -05:00
Dan McGee
8129b93afe pacman-key: fix broken logic around updating trust database
Any option that flips UPDATEDB=1 doesn't work right now due to what we
thought was a good idea in commit cab1379a1a. Fix this by not
including the update operation in the option count and special casing
it where necessary.

Also, bring back the helpful "Updating trust database" message.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-29 19:55:28 -05:00
Dan McGee
12a6c77fdd pacman-key: have --init add more options to default gpg.conf
This adds a add_gpg_conf_option() helper function which tries to be
intelligent and only add not found options, and those which have not
been explicitly commented out.

The new options added are 'no-greeting', 'no-permission-warning', and a
default 'keyserver'.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-29 11:55:23 +10:00
Dan McGee
7ceeebf150 pacman-key: refine permission and locking checks
* secring.gpg can be 600, readable by root user only
* ensure grep for lock-never option in check_keyring doesn't catch comments

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-29 11:55:23 +10:00
Allan McRae
e1b9f7b300 pacman-key: rework and document holding keys in keyring
The HoldKey option was undocumented and was not suited for pacman.conf.
Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list
of keys not to be removed from the pacman keyring with the --populate
option.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29 11:55:23 +10:00
Allan McRae
cab1379a1a pacman-key: update trust database for relevant operations
After most operations that touch the keyring, it is a good idea to
always run a check on the trustdb as this prevents gpg complaining
on later operations.

Inspiration-from: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29 11:55:22 +10:00
Allan McRae
710e83999b pacman-key: import everything then revoke on --populate
The optimization of only importing keys that were not to be later
revoked was a not smart enough.  For example, if a key was
in both a repos keyring and its revoke list, alternate runs of
pacman-key --populate would add then remove the key from the pacman
keyring.  This problem is made worse when considering the possibility
of multiple keyrings being imported.

Instead, import all keys followed by the revoking of all keys.  This
may result in a key being added then revoked, but that is not much of
an issue given that is a very fast operation.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29 11:55:22 +10:00
Allan McRae
d1240f67ea pacman-key: rework importing distro/repo provided keyrings
The current --reload option, apart from being non-clear in its naming,
is very limited in that only one keyring can be provided.  A distribution
may want to provide multiple keyrings for various subsets of its
organisation or custom repo providers may also want to provide a keyring.

This patch adds a --populate option that reads keyrings from (by default)
/usr/share/pacman/keyrings.  A keyring is named foo.gpg, with optional
foo-revoked file providing a list of revoked key ids.  These files are
required to be signed (detached) by a key trusted by pacman-key, in
practice probably by the key that signed the package providing these
files. The --populate flag either updates the pacman keyring using all
keyrings in the directory or individual keyrings can be specified.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-08-29 11:55:22 +10:00
Dan McGee
f0357e415c Add new 'lt' and 'zh_TW' translations from transifex
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 16:04:41 -05:00
Dan McGee
5c48ca3239 Update existing translations from Transifex
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 16:04:41 -05:00
Dave Reisner
2ca27ab3a1 makepkg: quote re-evaluation of simple vars
This is a safety measure to prevent simple code injection.

$ i="foo bar"
$ eval i="$i"
bash: bar: command not found
$ eval i=\"$i\"
$ echo "|$i|"
|foo bar|

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 09:42:41 -05:00
Allan McRae
c28052e45b makepkg: deal with variable substitution when checking sanity
If any of pkgver, pkgrel or epoch contained a variable substitution,
then it needed to be evaluated before checking its value conformed
to the rules.

[Dan: add quotes around RHS]

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:50:17 -05:00
Sebastien Luttringer
4a7f3bbc46 Add makepkg -S which is an alias to makepkg --source
makepkg --source is a often used go make source package like for AUR.
Have a -S shortcut will save the world.

Signed-off-by: Sebastien Luttringer <seblu@seblu.net>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Dan McGee
3ceef97799 Fix trailing whitespace in whole codebase
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-17 17:03:19 -05:00
Allan McRae
f41dc7e8fa repo-add: fix creation of signature symlink
When creating a repo outside the current directory, the signature
symlink was not created.

Reported-by: Gaetan Bisson <bisson@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-16 09:25:10 -05:00
Dan McGee
1175702828 Update message catalogs
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15 16:09:45 -05:00
Dan McGee
d4a92cacc6 Update translations from Transifex
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15 16:09:11 -05:00
Dan McGee
11b9bc443d repo-add: reorganize output messages for clarity
The use of warning once we had already started adding a package was
confusing as it broke the standard indent pattern. It was especially bad
if adding multiple packages as it wasn't clear what sub-messages applied
to which package being added. This should be an output change only from:

    ==> Adding package '/tmp/sync/netcfg-2.6.7-1-any.pkg.tar.xz'
      -> Computing checksums...
      -> Adding package signature...
    ==> WARNING: An entry for 'netcfg-2.6.7-1' already existed
      -> Removing existing entry 'netcfg-2.6.7-1'...
      -> Creating 'desc' db entry...
      -> Creating 'depends' db entry...

to:

    ==> Adding package '/tmp/sync/netcfg-2.6.7-1-any.pkg.tar.xz'
    ==> WARNING: An entry for 'netcfg-2.6.7-1' already existed
      -> Computing checksums...
      -> Adding package signature...
      -> Removing existing entry 'netcfg-2.6.7-1'...
      -> Creating 'desc' db entry...
      -> Creating 'depends' db entry...

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15 15:15:11 -05:00
Dave Reisner
82ffe2cbfd build-sys: always use $(RM) instead of rm -f
These are equivalent. Use the autoconf macro for consistency.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15 13:05:27 -05:00
Dave Reisner
1741b5cc30 dist: preserve symlinks on installation
This applies to the repo-remove man page as well as the script itself.

Yes Dan, I ran distcheck afterwards.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15 13:05:17 -05:00
Allan McRae
31a7b150b0 repo-add: indicate whether package signature is found
When adding a package to a repo, it is useful to be able to see
that repo-add has indeed found the signature file.

[Dan: update text to be more in line with other messages]

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15 07:07:13 -05:00
Dave Reisner
71f854dde8 makepkg: don't hardcode path to strip
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15 06:33:01 -05:00
Dan McGee
fffaba50fb scripts/pkgdelta: fix make distcheck
--help and --version are required by the sanity checks performed by
`make distcheck`.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-11 11:56:47 -05:00
Dan McGee
76dfea6e83 Update string catalogs after string tweaks
This also pulls in some early translations we had entered in Transifex
in the last day so those would not be lost. The diffstat is huge and not
very telling as usual, as all sorts of fuzzyness switches happened this
time around for some reason.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-09 16:00:48 -05:00
Dan McGee
1d16875db7 Update several translation strings
* Fix typos/capitalization
* Make sure large blocks of text are translated in one unit

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-08 19:01:26 -05:00
Dan McGee
9a40927533 Update all translation files
This moves us toward staring translations for the 4.0.0 release,
although this should not be interpreted as a string freeze by any means.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-08 17:17:15 -05:00
Dan McGee
8fa330335f Merge branch 'maint'
Conflicts:
	lib/libalpm/dload.c
	lib/libalpm/po/fi.po
	lib/libalpm/po/libalpm.pot
	po/de.po
	po/fi.po
	src/pacman/po/pacman.pot
	src/pacman/util.c
2011-08-08 17:05:25 -05:00
Dave Reisner
1a919a11b8 makepkg: ignore epoch when undeclared
In this case, we skip the epoch versioning entirely, as if it were
declared as 0.

Prevents errors such as:

/usr/bin/makepkg: line 244: ((: !  : syntax error: operand expected
(error token is " ")
==> Finished making: cower-git :20110808-1 (Mon Aug  8 17:17:27 EDT
2011)

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-08 16:47:47 -05:00
Allan McRae
c55cbfbd5f pacman-key: follow gpg options for listing keys
The current --list option outputed the keys and all their signatures
which can be overly verbose.  It also did not take a list of keys on
the command line to limit its output (although the code suggests that
was intended).

That patch brings consistency with gpg, providing --list-keys and
--list-sigs options that function equivalently to those provided by
gpg.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-02 08:20:42 -04:00
Dave Reisner
e42d97b737 scripts/pkgdelta: exit properly on missing args
Removes usage of 'nounset' which, when combined with 'errexit' can cause
undesirable early exits.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-28 13:10:10 -04:00
Dave Reisner
e99b6a131e scripts/repo-add: show usage when no DB file specified
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-07-28 13:07:25 -04:00
Pang Yan Han
804e2505cf pacman-key: Add --import and --import-trustdb
Currently, pacman-key allows the user to import their keys using the --add
option. However, no similar functionality exists for importing ownertrust
values.

The --import-trustdb option takes a list of directories and imports ownertrust
values if the directories have a trustdb.gpg database.

The --import option takes a list of directories and imports keys from
pubring.gpg and ownertrust values from trustdb.gpg. Think of it as a combination
of --add and --import-trustdb

Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:53 -05:00
DJ Mills
c5d4c92ad4 pacman-key: change GPG_PACMAN and GPG_NOKEYRING to arrays
Allows the commands to safely handle any possible arguments

Signed-off-by: DJ Mills <danielmills1@gmail.com>
Allan: rebase patch
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:46 -05:00
Allan McRae
d9875c5e6c pacman-key: fix syntax error in -r arg parsing
Previous fix did not work...

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:37 -05:00
Allan McRae
49d9426b6a makepkg: refactor checking source integrity
Move the source integrity checking into its own function as the code
was duplicated and is now more complicated with the separation of the
two checks types.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:23 -05:00
Allan McRae
2b3405e01b makepkg: more control of skipping integrity checks
Allows the skipping of all integrity checks (checksum and PGP) or
either the checksum or PGP checks individually.

Original-patch-by: Wieland Hoffman <theminew@googlemail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:13 -05:00
Wieland Hoffmann
94f61c5b29 makepkg: Add support for verifying pgp signatures
Many projects provide signature files along with the source code
archives. It's good to check these, too, when verifying the integrity
of source code archives.
Not everybody is using gpg so the verification can be disabled with
--skippgpcheck.
Additionally, only a warning is displayed when the key that signed the
source file is unknown.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:47:06 -05:00
Allan McRae
ccdb2fa800 makepkg: get package version with overrides
When epoch, pkgver and/or pkgrel were overridden in a split package
function, makepkg failed hard finding the real version for checking
if packages were already built or trying to install packages. Fix
the get_full_version function to deal with overrides and return the
actual package version.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:45:25 -05:00
Allan McRae
03447ce39c makepkg: allow epoch to be overridden
We can override pkgver and pkgrel so it is only logical to add epoch
to that list

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:45:18 -05:00
Allan McRae
a7940e7419 makepkg: check arch overrides for required architecture
Check any overrides of the "arch" variable contain the required
architecture.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:45:12 -05:00
Allan McRae
819f675004 makepkg: check overrides for pkgrel and pkgver
Enforce syntax checking for pkgrel and pkgver overrides in package
functions.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:45:06 -05:00
Allan McRae
00949db191 makepkg: pkgver and pkgrel can not have whitespace
There is always someone who tries to break things (cough *Dave* cough...)

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-27 12:44:59 -05:00
Dave Reisner
98073afe55 pacman-key: refactor post parse opt check into a case
This is a cleaner expression of the same information.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21 15:05:52 -05:00
Dave Reisner
768d3589a3 pacman-key: s/UPDATEBD/UPDATEDB/
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21 15:05:39 -05:00
Dave Reisner
2bd1687f51 pacman-key: fix syntax error in -r arg parsing
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21 15:05:30 -05:00
Dave Reisner
9f500f684d pacman-key: return $ret, not errors
fixes: /usr/bin/pacman-key: line 286: return: errors: numeric argument required

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-21 15:04:49 -05:00
Pang Yan Han
333269482a pacman-key: --init: correct creation of gpg.conf
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Pang Yan Han
fa3aaa41e3 pacman-key: correct spelling mistake
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
7e5dea5d32 pacman-key: add dependency on parse_options to Makefile
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
31c9a521b4 pacman-key: check required permissions on keyring
Makes sure that the pacman keyring is readable and that the user
has permissions to create a lock file if lock-never is not specified
in the gpg.conf file.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
0c9e86bab1 pacman-key: add --init option
Add an --init option that ensures that the pacman keyring has all
the necessary files and they have the correct permissions for being
read as a user.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Dave Reisner
0be9e4a4cd pacman-key: tidy up logic for finding pacman keyring directory
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Dave Reisner
df7b390514 pacman-key: refactor get_from
This function had a variety of pitfalls, including the inability to
successfully find a key=value pair where no whitespace surrounded the
equals sign. Make it more robust by splitting the line on the equals
itself, and performing whitespace trimming on the resulting key/value
pair.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
0e85c4989b pacman-key: add --verify option
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:54 +10:00
Allan McRae
fec10d4a65 pacman-key: check only a single operation has been specified
Follow the example of gpg and only allow a single operation to be
specified each time.  Prevents having to deal with conflicting
variable names and potential issues due to the order in which the
operations are run.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00
Allan McRae
74f6d717a3 pacman-key: move verifying keyring files to own function
Also check all files before bailing on errors.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00
Allan McRae
74e5a494b0 pacman-key: move --edit-key and --receive processing to functions
This moves the processing of the --edit-key and --receive options
to functions, keeping the final option processing to be all single
line statements.

Also rework the --edit-key option to validate all input before
processing.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00
Ivan Kanakarakis
e37adcd664 pacman-key: hide output of executed commands on logic checks
This commit correctly redirects to /dev/null the output of several
commands that get executed on logic checks.

Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00
Allan McRae
e458606ad2 pacman-key: rename --trust to --edit-key
This keeps the naming of the option more consistent with what is
actually being called by gpg.

Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-07-19 10:27:53 +10:00
Ivan Kanakarakis
15ca6dca5c pacman-key: fix quotation on several variable assignments
This commit adds quotes to several variable assignments. Unquoted values
can cause problems on several occasions if the value is empty. It is
safer to have every assignment quoted.

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
2011-07-19 10:27:53 +10:00