The full path to the signature file when it is created is in a temporary
directory so only print the filename.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This prevents a dangling symlink being left behind if the repo goes
from being signed to unsigned.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This adds the '.tar.Z' option to both repo-add and makepkg for no other
reason than "why not", and because bsdtar supports it natively with the
'-Z' flag. Also update the documentation accordingly.
Signed-off-by: Dan McGee <dan@archlinux.org>
If you are keeping a copy of the old database, you probably want
to keep a copy of its signature too. Also, delete the previously
backed-up database signature if no new one is being copied.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
vim recognises what type of shell script it's dealing with by looking at
the shebang. If detection fails it falls back to sh which doesn't
support some bash features. Adding a normal, possibly broken, shebang
which gets fixed by the Makefile allows vim to detect bash syntax.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
Revert to the old behavior that 6f5a90 attempted to simplify and go with
the original proposed solution of using "ugly" bash to detect empty
directories.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We fubar-ed this pretty good.
1. The whole old/new move shuffle was totally busted if you used a
relative path to your database, as we would just build the database in
place.
2. Our prior temp directory layout had the database files extracted
directly into it. When we tried to create a xxx.db.tar.gz file in this
same directory, due to the fact that we were no longer using a shell
wildcard, we tried to include the db in ourself, which is a big failure.
Fix all this by extracting to tree/ so we can have a clean top-level
temp directory.
3. Fix the inclusion of the './' directory entry; ensure the regex
prunes both leading paths of '.' as well as './'.
Where is that test suite again?
Signed-off-by: Dan McGee <dan@archlinux.org>
Allow one of 4 archive extensions: .tar{,.gz,.xz,.bz2} for each of the 2
valid repo extensions: .db and .files. Check for this via
'verify_repo_extension' directly after option parsing to assert that
this extension is present, and again after files have been added to get
the proper archive option for bsdtar.
Signed-off-by: Dave Reisner <d@falconindy.com>
Dump the whole conditional and filter the contents of the directory to
create an empty or non-empty archive.
Signed-off-by: Dave Reisner <d@falconindy.com>
Fixes FS#24893.
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This ranks high on the code readability scale. The same function formats
all of our data and writes to the metadata file at once.
Signed-off-by: Dave Reisner <d@falconindy.com>
Fields like groups and depends should be stored as arrays. This requires
rewriting our write_list_entry function to accomodate our new data type.
This new function will not write to a file, but rather only format it.
Signed-off-by: Dave Reisner <d@falconindy.com>
grep and sed aren't needed here, and this removes the truly ugly
manipulation of IFS. The process substituion could just as well be a
herestring, but it breaks vim's syntax highlighting. Style over
substance, mang.
Signed-off-by: Dave Reisner <d@falconindy.com>
b899099 made path checking a bit more strict than I had intended, and
would actually forbid creation of a repo in $PWD if only the filename
was specified. readlink would be the fun and easy solution here, but
it's avoided due to portability issues, making the validation process a
bit more verbose.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is the first step at separating the pacman message catalog and the
scripts message catalog. Makefiles, configure.ac, and other such files
are adjusted accordingly, as well as renaming files. The TEXTDOMAIN of
scripts is also adjusted.
Note that no actual pot or po files get changed here; these will get
pruned in a future commit so each catalog contains only the necessary
messages.
Signed-off-by: Dan McGee <dan@archlinux.org>
Unify function braces to be top right opening, bottom left closing.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Previously, the error message when trying to add to a repo where a
parent directory didn't exist was:
==> ERROR: Failed to acquire lockfile: /path/to/noexist/repo.tar.gz.lck
This sucks. Make an explicit check to ensure that the path to the repo
really does exist, and throw a meaningful error message when it can't be
found.
Dan: reuse an existing (translated) error message.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
A plain '.tar' ending should be allowed. This corresponds to how we
handle this extension in makepkg. Also fix up the other extension
checks, which were missing a leading '.' character.
Signed-off-by: Dan McGee <dan@archlinux.org>
Move the common output formatting functions into a separate
library file and import that into each script. makepkg is
excluded due to its additional color formatting.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Fixes FS#24534. Dotfiles, such as /etc/skel/.bash_profile, were not
being included in generated files entries. bsdtar --exclude option
supports anchors on the pattern, so using "^.*" instead of ".*" solves
our problem and still excludes all root-level dotfiles (e.g. .PKGINFO).
Signed-off-by: Dan McGee <dan@archlinux.org>
Check for the presence of gpg as soon as we know we need it.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add -k/--key option to specify a non-default key for signing
a package database.
Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Listing every option on the usage line becomes unweildly as more
options get added so simplify it. Also, provide a standard package
name in the repo-add example.
Dan: just use 'options' as we use elsewhere, not 'option(s)'.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This now includes -s and -v, tailors itself to the current command,
and is formatted more like that of other pacman commands.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move the create_signature() call outside the case of non-empty
databases, so it will be called regardless.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move checksum and pgpsig calcluation before changing into the
tmpdir, otherwise we can't find the files if a relative path
was used.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Implements FS#23103. Also modify libalpm so it ignores this value
without any warning as we know it is likely to exist.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is intended to verify an existing signature on a database before
making further changes to it and performing updates. Rarely would you
use this without immediately resigning it via the -s/--sign option.
Instead, it is intended as a "chain of trust" operation where the
previous signature is verified to give you some sense that what you sign
off on is also safe.
Still todo: don't make changes unless the signature is not only good,
but also in the accepted list of keys.
Signed-off-by: Dan McGee <dan@archlinux.org>
In order to be fully secure, we can't only sign packages. We also need
to sign our repository metadata to prevent database falsification,
dependency injection, etc. Add an '-s/--sign' option that allows this
functionality, and will generate a .sig file side-by-side with the
package database.
While at it, fix the issue where a signature file would never be found
because of 'cd' madness (this needs fixing in another commit).
Signed-off-by: Dan McGee <dan@archlinux.org>
Use base64 encoding to store the value in the database if a .sig file exists
for the package being added.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
A lot of these were places that should have used the same message but
didn't, or were very easy to convert to using the same message and
letting some of the burden off of the translators.
Signed-off-by: Dan McGee <dan@archlinux.org>
repo-add should only attempt to create the delta file when using the -d
option.
Also adjust a couple of tests to use the "double bracket" syntax.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Instead, go the same route we have always taken with version-release in
libalpm and treat it all as one piece of information. Makepkg is the only
script that knows about epoch as a distinct value; from there on out we will
parse out the components as necessary.
This makes the code a lot simpler as far as epoch handling goes. The
downside here is that we are tossing some compatibility to the wind;
packages using force will have to be rebuilt with an incremented epoch to
keep their special status.
Signed-off-by: Dan McGee <dan@archlinux.org>
I tried to move things around here when testing and did a bit too much; the
warning message always showed regardless of delta inclusion in the call. Fix
it so we only warn if we have a filename, but the file couldn't be located.
Signed-off-by: Dan McGee <dan@archlinux.org>
Rather than explicit cd calls, we can use the directory stack to our
advantage. This also removes the need to store and restore $startdir, so
kill the variable entirely.
Signed-off-by: Dan McGee <dan@archlinux.org>
Allow it to be a variable in the PKGBUILD as well as propagating it through
to the built package and the package database. We leave some backward
compatibility in place by placing the '%FORCE%' option in the database if
the package contains an epoch; this will be used by older versions of pacman
and more or less ignored by versions that use epoch.
Signed-off-by: Dan McGee <dan@archlinux.org>
BASH is defined when you are actually using bash during configure, which
sucks because it ends up being '/bin/sh', messing up all of our scripts.
Change the name of the variable we use in configure, and also ensure we get
a full path to the executable by using AC_PATH_PROGS rather than
AC_CHECK_PROGS. Finally, change the variable name everywhere we use it.
Signed-off-by: Dan McGee <dan@archlinux.org>
This applies to contrib/ files, our scripts, and the documentation.
Dan: fix 'make clean' in contrib/ directory.
Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Dan McGee <dan@archlinux.org>
- Print an error if database entry was not found and delta entry cannot
be added
- More informative line when delta entry is added (oldfile -> newfile)
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows deltas to be generated at repo-add invocation time as opposed to
just added to the database. It will generate the delta from the package
version currently in the database.
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
As noted in FS#20498, if an absolute path is used for specifying the
database when invoking repo-add, the symlink generated will point to the
absolute path instead of being relative to the directory. Fix this for
the two linking cases, but leave the copy untouched so that will still
work.
Signed-off-by: Dan McGee <dan@archlinux.org>
We were seeing some issues when trying to create our new database alias
using symlinks on certain filesystems (see FS#19907). Have a fallback method
in place where we first try a symlink, then a hard link, then just copy the
database if all else fails.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a small step towards allowing pacman to handle databases
with variable compression types.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
FS#16623 suggested this change for makepkg; this patch applies it to the
remaining files in the scripts directory.
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Signed-off-by: Dan McGee <dan@archlinux.org>
This also removes the awk dependency from makepkg and repo-add.
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
When redirecting both stderr and stdout and using the 2>&1 construct,
you have to redirect stdout first. Otherwise stderr will be redirected to
the 'old' stdout and not to the new resource.
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Signed-off-by: Dan McGee <dan@archlinux.org>
-f/--force has been dead for a while, so kill it off. In addition, the
check for > 2 args is pretty useless when you do something like:
repo-add -q -q
or a more legit:
repo-add -q /path/to/mine.db.tar.gz
So instead make repo-add just return 1 when it doesn't do anything with
the database which seems to make more sense.
Signed-off-by: Dan McGee <dan@archlinux.org>
Rather than creating no database at all, create an empty zipped tar archive
in its place. This keeps the download side of repositories a bit more sane
as a DB will always exist, and pacman handles this empty case just fine.
For this to be fully transparent, we also need to make sure repo-add and
repo-remove accept an empty "DB" as an argument, which in reality is a
completely void of files .tar.{gz,bz2,xz} archive.
Signed-off-by: Dan McGee <dan@archlinux.org>
With split packages, the pkgbase variable provides a useful way to
find out which packages were build from the same PKGBUILD. Add it
to the packages .PKGINFO file and the repo database only when
package splitting is used.
Original-patch-by: Pierre Schmitz <pierre@archlinux.de>
[Allan: restrict to including only with spilt packages
and include after pkgname]
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
When unzipping packages and the database archives, we don't need to look
through the entire archive to do what we need to do. For packages, .PKGINFO
should only be found once and should be the first file in the package. For
the database check, we only really need to look for one desc file.
The bsdtar -q option is very similar to the GNU tar --occurrence=1 option.
Example of speedup:
$ time repo-add junkdb.db.tar.gz *.pkg.tar.gz >/dev/null
real 0m16.159s
user 0m14.836s
sys 0m2.277s
$ time ./scripts/repo-add junkdb.db.tar.gz *.pkg.tar.gz >/dev/null
real 0m4.949s
user 0m3.730s
sys 0m2.093s
Signed-off-by: Dan McGee <dan@archlinux.org>
Before this commit, the repo creation could fail after all packages have
been added to the database. Now this will be detected before adding
anything.
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This simple patch adds support for the xz archive format to makepkg and repo-
add.
Xz can be used as source, package and package db file type.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
[Dan: fixed a few alignment issues]
Signed-off-by: Dan McGee <dan@archlinux.org>
The modification time on depends and desc file were changed to match the
modification time of the package file. I don't see why and we are actualling
losing information here. If we want to know the date of the package file, we
can just look inside the depends file. If we want to know when the entry was
created, we should not alter the modification time of depends and desc.
Besides, this had the non-obvious and undocumented side effect that the
depends file was always created, even if it was empty. And pacman actually
does require that. So I added a "touch depends" to always create the file.
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Weird things could happen if several repo-add were run concurrently on the
same database. The introduced locking system will prevent this to happen.
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
- arch was missing
- backup is not used by repo-add. However makepkg still needs to put it in
PKGINFO because pacman uses it
- startdir is no longer used after the new delta implementation
- the declaration of group, depend, backup, etc is not needed because these
variables are always declared before being used :
declare $var="$val"
case "$var" in
group) _groups="$_groups$group\n" ;;
- reorder the variables declaration to follow the same order than they are
written to the depends and desc file, for making future checks easier
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Use the correct database format
Use xdelta3 to get the source and destination files from the delta itself
Allow delta files to be added with repo-add just like package files. delta
files can also be removed with repo-remove. This is simply done by looking
for a .delta extension in the arguments, and calling the appropriate
db_write_delta or db_remove_delta functions.
Example usage:
repo-add repo/test.db.tar.gz repo/libx11-1.1.99.2-2-x86_64.pkg.tar.gz
repo-add repo/test.db.tar.gz repo/libx11-1.1.5-2_to_1.1.99.2-2-x86_64.delta
repo-remove repo/test.db.tar.gz libx11-1.1.5-2_to_1.1.99.2-2-x86_64.delta
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
The current implementation has several problems :
Wrong database format
All the info is taken from the filename, which is a bit ugly
It looks for .delta files in the current directory when adding a package,
which is not very flexible
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
* report when a package entry to be removed is not found
* backup and restore eventual "deltas" files
* slight optimization when looking for an entry : only look at the entries
starting with $pkgname
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Rework slightly db_write_entry so that $pkgfile is no longer referenced
from the temporary dir. This means $pkgfile can be a relative path and does
not need to be converted with realpath anymore.
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
REPO_DB_FILE does not need to be an absolute path anymore so no need to
call realpath.
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This function was used only once, was basically just one line, and was also
called with an unused argument.
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
eval was ugly and dirty, and bit us here. Instead, use a safer form of
variable declaration to ensure quotes don't foil us in pkgdesc or any other
fields.
This fixes FS#10837.
Signed-off-by: Dan McGee <dan@archlinux.org>
Considering one can easily run:
repo-add .... >/dev/null
to get only warnings and errors, the -q flag is mostly useless.
Make the -q flag silence only level 2 messages.
Signed-off-by: Aaron Griffin <aaronmgriffin@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is similar to the change we made in makepkg so it is cross-platform
compatible and doesn't require coreutils.
Signed-off-by: Dan McGee <dan@archlinux.org>
DB_COMPRESSION was only used in repo-add and DB_CHECKSUMS was not used
anywhere.
This also removes the dependency on makepkg.conf in repo-add, so repo-add no
longer needs to source makepkg.conf
And instead of DB_COMPRESSION, it seems better to just check the extension
of the repository file. It does not make sense to have a tar.gz file with a
tar.bz2 extension or whatever.
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Commit 149839c539 introduced a small behavior regression as a drawback
for a better portability. repo-add now includes the approximate size (to the
nearest KB) rather than an exact size due to the switching of the du command
to a more portable form. Instead of sacrificing the exact size, use
configure to help us determine a valid command to acquire our filesize and
place it in the sync database.
Signed-off-by: Dan McGee <dan@archlinux.org>
repo-add didn't handle whitespaces nicely in fields value, and this has hurt
us several times, first with provision version (FS#9171) and then with
optdepends (FS#10630), so it is time to fix it.
Signed-off-by: Nagy Gabor <ngaba@bibl.u-szeged.hu>
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
* change ln -s to ln -sf in the Makefile to prevent a failure when the link
already exists.
* make test_repo_db_file simpler and more natural, move the complexity out
of it.
* remove one $cmd = repo-remove check that wasn't needed
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
They shared about 75% of their code, so there is no real reason we should
maintain them separately. Merge the differences accordingly and add a check
based on the basename of the command used to decide what behavior to follow.
Signed-off-by: Dan McGee <dan@archlinux.org>
Linux coreutils provides readlink, and BSD systems tend to have realpath
available. Both commands provide similar functionality but of course have
different names. Add a check for either and use what is available.
While doing this, also unify some of the differences that have cropped up
between repo-add and repo-remove.
Signed-off-by: Dan McGee <dan@archlinux.org>
This fixes FS#10459.
There is apparently no portable ways to get the apparent size of a file,
like du -b does. So the best compromise seems to get the block size in kB,
and then convert that to byte so that we keep compatibility.
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
They are pretty noisy scripts in their normal course of operations, so allow
all messages to be squashed except for warning and error messages with this
new flag.
Signed-off-by: Dan McGee <dan@archlinux.org>
Address the issue of our scripts not working so great when gettext is not
available. This has come up in multiple bug reports, and is relatively easy
to address by adding a simple check and a stub function if gettext was not
found that simply echos the original message.
Addresses concerns from FS#9214 and FS#9607.
Signed-off-by: Dan McGee <dan@archlinux.org>