1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-15 22:05:02 -05:00
Commit Graph

665 Commits

Author SHA1 Message Date
Dan McGee
8c6a636cd9 Merge branch 'maint'
Conflicts:
	lib/libalpm/add.c
2011-06-07 11:43:12 -05:00
Allan McRae
c750114894 pacman-key: update copyright
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-07 11:39:18 -05:00
Allan McRae
3df88a1a01 makepkg: fix creation of source package with -p
When creating a source package using an non-local buildscript via
the -p option, the inclusion of changelog and install files would
fail. Fixes FS#24567.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-07 10:49:28 -05:00
Dan McGee
9d73b261cf Merge branch 'maint'
Conflicts:
	src/pacman/callback.c
2011-06-02 17:34:12 -05:00
Dan McGee
d63599719a repo-add: anchor exclusion pattern when generating filelist
Fixes FS#24534. Dotfiles, such as /etc/skel/.bash_profile, were not
being included in generated files entries. bsdtar --exclude option
supports anchors on the pattern, so using "^.*" instead of ".*" solves
our problem and still excludes all root-level dotfiles (e.g. .PKGINFO).

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-02 08:04:06 -05:00
Pang Yan Han
5842dad7e7 pacman-key: print default gpgdir in usage
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-01 12:27:03 -05:00
Dan McGee
991bfb7cbf Merge branch 'maint' 2011-05-04 15:54:42 -05:00
Allan McRae
8fd9037cfd makepkg: quote variable that may contain spaces
Prevents failures when $PKGDEST contains spaces (FS#24002)

Patch-by: Sebastien Duthil
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-05-02 10:04:36 -05:00
Allan McRae
a7d33d0c36 repo-add: update copyright message
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:44:52 -05:00
Allan McRae
036f98575c repo-add: check for gpg early
Check for the presence of gpg as soon as we know we need it.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:43:43 -05:00
Allan McRae
fade60088e repo-add: check for valid key when signing is requested
Follow the example of makepkg

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:43:25 -05:00
Denis A. Altoé Falqueto
59da64146d repo-add: add option to specify a different key to sign with
Add -k/--key option to specify a non-default key for signing
a package database.

Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:43:01 -05:00
Allan McRae
2eab4ab033 repo-add: simplify usage message
Listing every option on the usage line becomes unweildly as more
options get added so simplify it. Also, provide a standard package
name in the repo-add example.

Dan: just use 'options' as we use elsewhere, not 'option(s)'.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:41:52 -05:00
Ivan Kanakarakis
908e9f41ed pacman-key: improved reading of the configuration file
This commit replaces the find_config() function with the get_from()
function. get_from expects two arguments, the first is the file to
read and the second is the key to look for in the given file.
get_from returns the first matching value for the given key. The
file is expected to be in the format:
key = value
Each of 'key' 'equal sign' 'value' can be surrounded be random
whitespace.

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21 12:10:31 -05:00
Ivan Kanakarakis
fdbcc9847d pacman-key: display the unsupported command to the user
If the user provides an unsupported command, inform the user that this
switch is unknown, display usage and exit.

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21 12:09:23 -05:00
Ivan Kanakarakis
6f19a8c9f7 makepkg, pacman-key: unify help message with other scripts
The help message changed to match the one rankmirrors script has.
It's clearer as to what the --help switch does.

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21 12:09:18 -05:00
Allan McRae
4c31bc6e3f Add configure option to specify package signing key
Add the "GPGKEY" option to makepkg.conf for specifying signing packages
with the non-default key from the keyring.  Is overridded by makepkg's
--key option.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20 18:58:55 -05:00
Dan McGee
efd8ae483f Merge branch 'maint'
Conflicts:
	lib/libalpm/alpm.h
	lib/libalpm/trans.c

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-15 18:41:49 -05:00
Rémy Oudompheng
a93e058b68 makepkg.sh.in: fix a GNU-ism in su invocation
GNU su supports the -c option to specify a command to execute.
However, other flavours of su may have a different interpretation
of the '-c' flag (e.g. FreeBSD and OpenBSD).

The behaviour is correct when '-c' follows an explicit username.

Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-13 10:33:22 -05:00
Dan McGee
c5addd94e3 Merge branch 'maint'
Conflicts:
	lib/libalpm/be_sync.c
	lib/libalpm/db.c
	src/pacman/util.c
2011-04-05 00:49:30 -05:00
Rémy Oudompheng
40fd8123a2 makepkg: fix a GNU-ism in awk usage
A non-GNU version of awk may not support the (|...) syntax for
an optional group and require '()' to match an empty string.
The (...)? syntax is more appropriate for this usage.

Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-04 19:03:49 -05:00
Allan McRae
37df0d4f4f makepkg: improve parsing for sanity checks
Trailing backslahses can lead to additional spaces at the front
of extracted entries.  See FS#23524.  Strip these while parsing
the PKGBUILD entries.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-04 19:03:40 -05:00
Allan McRae
a164c8405a makepkg: remove unnecessary tr usage
The use of "tr" only leads to trouble.  Remove unnecessary usage
of it from within makepkg.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-30 20:43:36 -05:00
Dave Reisner
541c2470b8 makepkg: avoid usage of tr to sidestep locale issues
to quote dan:
  "turkish will FUCK YOU UP. this is not the first or the last time"

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-30 20:43:11 -05:00
Denis A. Altoé Falqueto
e8069cfc3d makepkg: command line options for signing packages
Three new command line options were added:

--sign: forces the generation of a signature for the resulting package,
taking precedence over the value in makepkg.conf

--nosign: do not sign the resulting package

--key <key>: use a different key than the user's default for signing
the package.

A check is performed to ensure the user has (provided) a valid gpg key
for signing.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-28 09:03:28 -05:00
Ray Kohler
4ef664f485 Create pacman keyring directory if missing
Use mode 755, so non-root users can see inside.
Add "--no-permission-warning" to GPG_PACMAN to suppress the noise that
otherwise comes of not using mode 700 - this is not private data.

GPGme turns out not to issue this warning itself, so no problem there.

TODO: should non-root users be allowed to use the read-only operations
(--list, --export, --finger)?

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 21:50:52 -05:00
Ray Kohler
86ff381ac2 Clean up repo-add usage message
This now includes -s and -v, tailors itself to the current command,
and is formatted more like that of other pacman commands.

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 21:13:52 -05:00
Dan McGee
3f269503d5 Merge branch 'maint'
Conflicts:
	lib/libalpm/deps.c
2011-03-27 20:41:23 -05:00
Ray Kohler
630b7b94c3 Sign database even if empty
Move the create_signature() call outside the case of non-empty
databases, so it will be called regardless.

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:35:43 -05:00
Ray Kohler
43dacceb6b makepkg: allow PKGEXT and SRCEXT to be overridden by env variables
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:15:52 -05:00
Dave Reisner
c02556e290 Rely on the return value of type instead of its output
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:15:20 -05:00
Dan McGee
ea216d3f5a Clarify error message in pacman-db-upgrade
Addresses FS#23451.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-27 20:03:08 -05:00
Dan McGee
86e7f60756 Merge branch 'maint' 2011-03-24 21:18:09 -05:00
Jan Steffens
14474a32c9 Make log redirection saner
My main motivation was to remove the "sync", which can stall for
minutes on a busy machine (FS#23378). I also cleaned up the redirection.

Signed-off-by: Jan Steffens <jan.steffens@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24 20:27:56 -05:00
Ray Kohler
cfa2eebdaf Fix use of relative paths for packages in repo-add
Move checksum and pgpsig calcluation before changing into the
tmpdir, otherwise we can't find the files if a relative path
was used.

Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24 17:15:35 -05:00
Dan McGee
0908533127 Merge branch 'gpg-build-tools' 2011-03-23 02:18:57 -05:00
Dan McGee
a31d091fb3 repo-add: add sha256sum values to repo database
Implements FS#23103. Also modify libalpm so it ignores this value
without any warning as we know it is likely to exist.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:18:48 -05:00
Dan McGee
964e8c5bf2 pacman-key help, round three
Make it actually like all our other tools rather than some homegrown
format. Also make it translator friendly by not wrapping messages across
lines in different strings.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 01:59:42 -05:00
Allan McRae
5a89a12aa0 pacman-key: improve usage output
Make the usage output display nicely on 80 character width terminals.

Also fix parsing of "-h" and "-v" options and avoid root check when
run with no commands.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 01:59:42 -05:00
Denis A. Altoé Falqueto
422925a65e pacman-key: remake of --reload command
The --reload command was refactored to allow a more flexible management.
There are two sets of keys that will be added, one that will be
removed and one that will be kept.

The set of keys to be kept are configured in pacman.conf, with the
option HoldKeys, with the same meaning of HoldPkgs. It can be repeated
and several values can be put in the same entry.

The new behavior allows a key to be marked for removal, but the user
can decide if that key must be kept. For example, if a developer has
a public repository, signed with his own key, that key must be added
to the HoldKeys option. If the key is marked for removal from pacman's
keyring, it will not be removed for the users that have configured
HoldKeys correctly.

There are other minor fixes, mainly in the handling of --add command
when there is no aditional parameter. In that case, pacman-key will
behave just like gpg, adding the contents of stdin into pacman's keyring.

Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
2011-03-23 01:59:42 -05:00
Denis A. Altoé Falqueto
ae20f88202 pacman-key: keyring management tool
The script pacman-key will manage pacman's keyring. It imports, exports,
fetches from keyservers, helps in the process of trusting and updates
the trust database.

Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 01:59:42 -05:00
Allan McRae
93591d428f repo-add: add symlink to signature file
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 00:26:54 -05:00
Dan McGee
f0f8319769 repo-add: Fix up usage with GPG options
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Dan McGee
38f94da47d repo-add: add -v/--verify option
This is intended to verify an existing signature on a database before
making further changes to it and performing updates. Rarely would you
use this without immediately resigning it via the -s/--sign option.
Instead, it is intended as a "chain of trust" operation where the
previous signature is verified to give you some sense that what you sign
off on is also safe.

Still todo: don't make changes unless the signature is not only good,
but also in the accepted list of keys.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Dan McGee
a4120f2015 repo-add: allow signing of the package database
In order to be fully secure, we can't only sign packages. We also need
to sign our repository metadata to prevent database falsification,
dependency injection, etc. Add an '-s/--sign' option that allows this
functionality, and will generate a .sig file side-by-side with the
package database.

While at it, fix the issue where a signature file would never be found
because of 'cd' madness (this needs fixing in another commit).

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Geoffroy Carrier
8fde399fe6 Add PGPSIG field in repo-add
Use base64 encoding to store the value in the database if a .sig file exists
for the package being added.

Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Allan McRae
2f2f53ddc9 makepkg: place signature symlink in build dir
Be consistent in package and signature placements when using
PKGDEST.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-22 23:52:00 -05:00
Dan McGee
82e22596d8 makepkg: allow signatures to work with split packages
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-22 23:52:00 -05:00
Geoffroy Carrier
ee34869e89 Add GPG signature support to makepkg
This is a rather simple patch to add signing support to makepkg. Add a
create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf,
and document the changes in the makepkg.conf manpage.

Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-22 23:52:00 -05:00
Allan McRae
b6cada3eed makepkg: Improve optdepends extraction
Prevents issues where optdepends descriptions contain a bracket.
Also, strip all comments from arrays before joining them.

Fixes FS#23307.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-20 11:15:34 -05:00