1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-16 14:25:21 -05:00
Commit Graph

630 Commits

Author SHA1 Message Date
Dan McGee
0908533127 Merge branch 'gpg-build-tools' 2011-03-23 02:18:57 -05:00
Dan McGee
a31d091fb3 repo-add: add sha256sum values to repo database
Implements FS#23103. Also modify libalpm so it ignores this value
without any warning as we know it is likely to exist.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:18:48 -05:00
Dan McGee
964e8c5bf2 pacman-key help, round three
Make it actually like all our other tools rather than some homegrown
format. Also make it translator friendly by not wrapping messages across
lines in different strings.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 01:59:42 -05:00
Allan McRae
5a89a12aa0 pacman-key: improve usage output
Make the usage output display nicely on 80 character width terminals.

Also fix parsing of "-h" and "-v" options and avoid root check when
run with no commands.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 01:59:42 -05:00
Denis A. Altoé Falqueto
422925a65e pacman-key: remake of --reload command
The --reload command was refactored to allow a more flexible management.
There are two sets of keys that will be added, one that will be
removed and one that will be kept.

The set of keys to be kept are configured in pacman.conf, with the
option HoldKeys, with the same meaning of HoldPkgs. It can be repeated
and several values can be put in the same entry.

The new behavior allows a key to be marked for removal, but the user
can decide if that key must be kept. For example, if a developer has
a public repository, signed with his own key, that key must be added
to the HoldKeys option. If the key is marked for removal from pacman's
keyring, it will not be removed for the users that have configured
HoldKeys correctly.

There are other minor fixes, mainly in the handling of --add command
when there is no aditional parameter. In that case, pacman-key will
behave just like gpg, adding the contents of stdin into pacman's keyring.

Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
2011-03-23 01:59:42 -05:00
Denis A. Altoé Falqueto
ae20f88202 pacman-key: keyring management tool
The script pacman-key will manage pacman's keyring. It imports, exports,
fetches from keyservers, helps in the process of trusting and updates
the trust database.

Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 01:59:42 -05:00
Allan McRae
93591d428f repo-add: add symlink to signature file
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 00:26:54 -05:00
Dan McGee
f0f8319769 repo-add: Fix up usage with GPG options
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Dan McGee
38f94da47d repo-add: add -v/--verify option
This is intended to verify an existing signature on a database before
making further changes to it and performing updates. Rarely would you
use this without immediately resigning it via the -s/--sign option.
Instead, it is intended as a "chain of trust" operation where the
previous signature is verified to give you some sense that what you sign
off on is also safe.

Still todo: don't make changes unless the signature is not only good,
but also in the accepted list of keys.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Dan McGee
a4120f2015 repo-add: allow signing of the package database
In order to be fully secure, we can't only sign packages. We also need
to sign our repository metadata to prevent database falsification,
dependency injection, etc. Add an '-s/--sign' option that allows this
functionality, and will generate a .sig file side-by-side with the
package database.

While at it, fix the issue where a signature file would never be found
because of 'cd' madness (this needs fixing in another commit).

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Geoffroy Carrier
8fde399fe6 Add PGPSIG field in repo-add
Use base64 encoding to store the value in the database if a .sig file exists
for the package being added.

Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Allan McRae
2f2f53ddc9 makepkg: place signature symlink in build dir
Be consistent in package and signature placements when using
PKGDEST.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-22 23:52:00 -05:00
Dan McGee
82e22596d8 makepkg: allow signatures to work with split packages
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-22 23:52:00 -05:00
Geoffroy Carrier
ee34869e89 Add GPG signature support to makepkg
This is a rather simple patch to add signing support to makepkg. Add a
create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf,
and document the changes in the makepkg.conf manpage.

Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-22 23:52:00 -05:00
Allan McRae
b6cada3eed makepkg: Improve optdepends extraction
Prevents issues where optdepends descriptions contain a bracket.
Also, strip all comments from arrays before joining them.

Fixes FS#23307.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-20 11:15:34 -05:00
Dan McGee
09ce8b446c Fix some easy to find double translations
A lot of these were places that should have used the same message but
didn't, or were very easy to convert to using the same message and
letting some of the burden off of the translators.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-28 17:50:23 -06:00
Dan McGee
62fc966882 Ensure pkgbase/epoch are defined before doing anything
When generating integrity sums, we could get some weird output before due to
epoch being uninitialized:

    /usr/bin/makepkg: line 234: [[: 2.6.37: syntax error: invalid arithmetic operator (error token is ".6.37")

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-11 10:23:43 -06:00
Allan McRae
bb071f4eb2 makepkg: more bash-3.2 compatibility
Adding the "|| true" to the subshell prevents bash-3.2 setting off the
error_trap but requires changing the if statement.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-06 12:52:59 -06:00
Allan McRae
f892775366 makepkg: initialize local arrays to empty
Fixes bash-3.2 compatibility.

Thanks-to: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-02 20:47:08 -06:00
Allan McRae
35a8cf134b makepkg: error on invalid optdepends
Missed in commit a88cb03a.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-02 18:46:47 -06:00
Cedric Staniewski
d8c4b12c66 makepkg: make SRCPKGDEST default to $startdir
The current behaviour, which is placing source packages in PKGDEST if
SRCPKGDEST is not set, is inconsistent with {SRC,PKG}DEST handling and
there is no real advantage in doing so.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-02 18:46:39 -06:00
Nezmer
332dd86912 makepkg: Fix the check for references to srcdir/pkgdir
At least in FreeBSD, find always returns 0 if it finds stuff
(imagine that). It doesn't care about the exit status of whatever is
passed to -exec.

This patch makes the checks compatible with this behaviour.

Using xargs and not using grep directly because packages with too many
files would cause grep to complain about argument list being too long.

This should also fix the false positive in packages with no files.

Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-02 18:46:23 -06:00
Cedric Staniewski
3444146b48 makepkg: fix indention to follow style guide
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-01 10:04:44 -06:00
Dan McGee
51175f31c4 Merge branch 'epoch-work' 2011-01-22 10:03:51 -06:00
Xavier Chantry
e277e838d7 Makefile: Use git describe --dirty for GIT VERSION
dirty indicates if the repo has uncommited changes or not when building,
so dont hardcode this info.

Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-01-22 10:02:57 -06:00
Allan McRae
b947db040c repo-add: only attempt to create deltas when asked
repo-add should only attempt to create the delta file when using the -d
option.

Also adjust a couple of tests to use the "double bracket" syntax.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-01-22 10:02:51 -06:00
Dan McGee
b8ab96a270 makepkg: encode epoch in version specifier if > 0
This makes things consistent with everywhere else we are incorporating the
new optional epoch field. Add a helper function that forms the version
string for you and use it in makepkg where I found 'pkgver.*-.*pkgrel'.

This exposes a few shortcomings in a previous "Override pkgver" patch
(2020e629) in the install package and check if built functions.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-01-22 10:02:09 -06:00
Dan McGee
bf46e04614 Remove epoch as an independent field
Instead, go the same route we have always taken with version-release in
libalpm and treat it all as one piece of information. Makepkg is the only
script that knows about epoch as a distinct value; from there on out we will
parse out the components as necessary.

This makes the code a lot simpler as far as epoch handling goes. The
downside here is that we are tossing some compatibility to the wind;
packages using force will have to be rebuilt with an incremented epoch to
keep their special status.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-01-21 19:30:45 -06:00
Dan McGee
a88cb03a58 makepkg: perform all sanity checks before erroring out
It is pretty annoying to get one, fix it, and then get another. We should be
able to continue on through most of the sanity checks in one go so the user
gets all the error messages at once.

Also ensure $pkgbase is defined by the time we call this function;
previously we printed nothing where a package name should have been due to
this oversight.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-01-14 00:25:16 -06:00
Dan McGee
665528d7ba repo-add: fix misguided conditional correction
I tried to move things around here when testing and did a bit too much; the
warning message always showed regardless of delta inclusion in the call. Fix
it so we only warn if we have a filename, but the file couldn't be located.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-01-13 23:43:58 -06:00
PyroPeter
eda4d9ec00 repo-add: Create/modify files databases
Implements FS#11302.

Dan: updated docs to not reference pkgfile.

Signed-off-by: PyroPeter <abi1789@googlemail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-01-11 20:30:27 -06:00
Dan McGee
7ce90bb135 repo-add: use pushd/popd
Rather than explicit cd calls, we can use the directory stack to our
advantage. This also removes the need to store and restore $startdir, so
kill the variable entirely.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-01-11 17:18:46 -06:00
Allan McRae
d288240426 Update copyright years for 2011
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-01-07 18:47:37 -06:00
Allan McRae
2052f29cdb makepkg: add option to clear buildflags
Add the "buildflags" option, which is useful in its negative form
for disabling CFLAGS, CXXFLAGS and LDFLAGS when building a package.
This is useful when determining of one of these flags is causing
an issue with a package.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-12-29 19:28:33 -06:00
Allan McRae
0c29eb431a makepkg: Add check() function for running test suites
A PKGBUILD can have an option check() function for running test suites
between the build() and package() stages.  This function is run by
default but can be disabled globally in with "!check" in BUILDENV in
makepkg.conf. This setting can be controlled on an individual package
basis using makepkg's --check and --nocheck flags. Addition dependencies
needed for running the test suite can be specified in the checkdepends
array and are only checked when running the check() function.

Original-work-by: Jeff C <jeff@kcaccess.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-12-29 19:28:00 -06:00
Dave Reisner
bd98b93a6e makepkg: escape closing bash array paren for awk
The closing parenthesis of bash arrays needs to be escaped in the ending
address of awk expressions in order to play nicely with implementations
of awk other than gawk. This change provides compatibility with gawk,
nawk and mawk.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-12-29 18:44:46 -06:00
Allan McRae
eb93955477 makepkg: allow pkgname usage in split package functions
Currently, using $pkgname in a split package package_*() function
always returns the first value in the pkgname array rather than the
name of tha package being packaged.  Fix this so $pkgname gives the
expected value.

Fixes FS#22174

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-12-29 18:44:32 -06:00
Allan McRae
5776090055 makepkg: remove last inappropriate PKGBUILD usage
We should always use $BUILDSCRIPT instead of PKGBUILD.  The only
remaining uses of PKGBUILD in makekg are in comments.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-12-20 18:03:01 -06:00
Dan McGee
ed367fe96d Update scripts/ .gitignore
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-12-12 22:42:22 -06:00
Dan McGee
13a2847aa1 pacman-optimize: ensure database directory contains local/
And also default dbpath to the one we may find in pacman.conf.

Signed-off-by: Dan McGee <dan@archlinux.org>
2010-12-12 21:42:54 -06:00
Allan McRae
d98bacd4ec Add script to update pacman database format
The pacman-db-upgrade script was added to detect old pacman database
formats and upgrade them.

Currently performs the merging of depends files into desc files in
the local database.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-12-12 21:42:41 -06:00
Allan McRae
ef977865a1 makepkg: perform sanity checks on variables in package functions
Check the over-ridden entries for provides, backup, optdepends and
options for illegal entries.  Partially fixes FS#16004.

Signed-off-by: Allan McRae <allan@archlinux.org>
2010-12-12 20:32:13 -06:00
Andres P
889c260cbf makepkg: remove dead code from handle_deps
The error message that has been removed never gets to print because, given the
same condition, handle_deps throws the same error and then immediately exits
makepkg.

Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-12-12 20:25:09 -06:00
Andres P
579533d1a0 makepkg: do not ignore errors from pacman when checking deps
As check_deps is run in a subshell, exit had the same meaning as return.
Since the intention is to halt makepkg when pacman throws an error other than
127, the enclosing function has to handle error control instead.

Fixes FS#19840

Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-12-12 20:24:59 -06:00
Carlos Diaz
330951200c makepkg: use portable escape sequence for terminal escapes
The escape string isn't necesarily \033; it's determined by what the
particular termcap/info entry for that terminal contains.

Bash uses ncurses functions to expand \e to the _correct_ terminal
escape.

Signed-off-by: Carlos Diaz <839273@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-12-12 20:24:46 -06:00
Dan McGee
93718046d7 Add epoch verification to makepkg
If defined, it must be an integer.

Signed-off-by: Dan McGee <dan@archlinux.org>
2010-10-13 23:29:27 -05:00
Dan McGee
6f37ba61ed Make repo-add and makepkg epoch-aware
Allow it to be a variable in the PKGBUILD as well as propagating it through
to the built package and the package database. We leave some backward
compatibility in place by placing the '%FORCE%' option in the database if
the package contains an epoch; this will be used by older versions of pacman
and more or less ignored by versions that use epoch.

Signed-off-by: Dan McGee <dan@archlinux.org>
2010-10-13 23:29:26 -05:00
Dan McGee
6eedf06fcc Fix bash shell location check
BASH is defined when you are actually using bash during configure, which
sucks because it ends up being '/bin/sh', messing up all of our scripts.
Change the name of the variable we use in configure, and also ensure we get
a full path to the executable by using AC_PATH_PROGS rather than
AC_CHECK_PROGS. Finally, change the variable name everywhere we use it.

Signed-off-by: Dan McGee <dan@archlinux.org>
2010-10-13 17:50:54 -05:00
Nezmer
05f0a28932 Use sysconfdir, localstatedir, BASH instead of hardcoded values
This applies to contrib/ files, our scripts, and the documentation.

Dan: fix 'make clean' in contrib/ directory.

Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-10-11 20:29:22 -05:00
Xavier Chantry
7d93777231 repo-add: more informative delta messages
- Print an error if database entry was not found and delta entry cannot
  be added
- More informative line when delta entry is added (oldfile -> newfile)

Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2010-10-11 20:29:22 -05:00