1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-17 14:55:07 -05:00
Commit Graph

706 Commits

Author SHA1 Message Date
Dave Reisner
d2d00e4543 makepkg: properly correlate checksums for multiple sources
Previously, we used a single boolean value to determine correlation of
sources to checksums. Since the introduction of arch-specific sources,
this is no longer sufficient, as we must ensure that we have checksums
for (potentially) multiple source arrays.

This change inlines the logic of have_sources to build an associative
array of source array names, unsetting them as we discover their
checksums. The error condition then becomes a non-empty correlation
array.

Fixes: https://bugs.archlinux.org/task/43192

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-12-24 11:15:38 +10:00
Allan McRae
325e20dea1 makepkg: download sources for all architectures when making source package
We validated all sources when making a source package, whether or not they
are included in the tarball.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-12-24 11:15:00 +10:00
Allan McRae
ec679e09b2 Check architecture specific fields for VCS support
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-12-22 14:01:34 +10:00
Timothy Redaelli
91a56a7072 Fix double spaces in "Running %s as root is not allowed" message
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-12-21 16:26:45 +10:00
Dave Reisner
0cd174efd5 makepkg: correctly add changelog files
Before this, we'd see bizzare behavior of:

  -> Adding changelog file (systemd.install)...

And, changelog files in the global section would not be added at all.

The code is clearly wrong here, as it references 'install' within a
loop of 'changelog' and 'install'. Let's use parameter indirection to
ensure that the proper file is identified and added.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-12-18 16:33:37 +10:00
Allan McRae
a7298c36fd makepkg: symlink files in noextract into $srcdir
File in noextract should still be symlinked into $srcdir so that they
can be accessed without using $SRCDEST.  Using noextract on VCS files
makes no sense as these are not being extracted, so now this does
nothing.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-18 11:58:25 +10:00
Lukáš Jirkovský
4c1f41a7c1 makepkg: svn: update existing sources in srcdir without removing them first.
This matches the behaviour with non-VCS sources. It also allows incremental
builds when subversion is used to obtain sources.

Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-17 14:56:17 +10:00
Andrew Gregory
0d24994934 makepkg: only strip vcs prefixes from front of url
Referenced by FS#41811

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-17 13:02:12 +10:00
Andrew Gregory
6949012590 makepkg: do not strip bzr+ from bzr+ssh urls
bzr does not recognize bare ssh:// urls.

Fixes FS#41811

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-17 13:01:43 +10:00
Allan McRae
db2562113b makepkg: bzr: update existing sources in srcdir without removing them first.
The local changes are discarded when updating. This matches the behaviour
when non-VCS sources are used. It also allows incremental builds.

This also changes the checkout during bzr source "extraction" to a heavyweight
checkout so that pulling a specific revision does not alter the original
download.

Original-work-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-17 12:58:06 +10:00
Lukáš Jirkovský
be3ce88bb2 makepkg: hg: update existing sources in srcdir without removing them first.
The local changes are discarded when updating. This matches the behaviour
when non-VCS sources are used. It also allows incremental builds.

Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-09 18:28:47 +10:00
Lukáš Jirkovský
f66ae5334e makepkg: checkout a revision specified in SVN fragment in download_svn.
Previously the sources were dowloaded in HEAD revision in the download_svn().
If a specific revision was requested in fragment, the code was updated to that
revision in extract_svn(). However, because SVN is a centralized system,
this means that the changed sources has to be downloaded again.

By moving the fragment handling to download_svn(), we get the correct revision
without having to download it later in extract_svn().

Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-09 17:28:22 +10:00
Lukáš Jirkovský
f6b3c9d803 makepkg: git: update existing sources in srcdir without removing them first.
The local changes are discarded when updating. This matches the behaviour
when non-VCS sources are used. It also allows incremental builds.

Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-09 16:09:27 +10:00
Allan McRae
ecf0e37fc5 makepkg: improve stripping pkgdesc of whitespace for .PKGINFO
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-09 15:53:16 +10:00
Dave Reisner
6029a77ac0 makepkg: introduce .SRCINFO files for source packages
Similar to .PKGINFO, .SRCINFO provides structured metadata from the
PKGBUILD to be included with source packages.

The format is structured such that it contains a "pkgbase" and one to
many "pkgname" sections.  Each "pkgname" section represents an "output
package", and inherits all of the attributes of the "pkgbase" section,
and then can define their own additive fields.

For example, a simple PKGBUILD:

  pkgbase=ponies
  pkgname=('applejack' 'pinkiepie')
  pkgver=1.2.3
  pkgrel=1
  arch=('x86_64' 'i686')
  depends=('friendship' 'magic')

  build() { ...; }

  package_applejack() {
    provides=('courage')

    ...;
  }

  package_pinkiepie() {
    provides=('laughter')

    ...;
  }

Would yield the following .SRCINFO file:

  pkgbase = ponies
  	pkgdesc = friendship is magic
  	pkgver = 1.2.3
  	pkgrel = 1
  	arch = x86_64
  	arch = i686
  	depends = friendship
  	depends = magic

  pkgname = applejack
  	provides = courage

  pkgname = pinkiepie
  	provides = laughter

The code to generate this new file is taken a project which I've been
incubating[0] under the guise of 'mkaurball', which creates .AURINFO
files for the AUR. AURINFO is the exactly same file as .SRCINFO, but
named as such to make it clear that this is specific to the AUR.

Because we're parsing shell in the packaging functions rather than
executing it, there *are* some limitations, but these only really crop
up in more "exotic" PKGBUILDs. Smoketesting[1] for accuracy in the Arch
repos yields 100% accuracy for [core] and [extra]. [community] clocks in
at ~98% accuracy (.3% difference per PKGBUILD), largely due to silly
haskell packages calling pacman from inside the PKGBUILD to determine
dependencies. [multilib] currently shows about 92% accuracy -- a
statistic which can be largely improved by utilizing the recently merged
arch-specific attribute work. This is also a smaller repo so the numbers
are somewhat inflated. In reality, this is only a .8% variance per
PKGBUILD.

Together, we can make PKGBUILD better.

[0] https://github.com/falconindy/pkgbuild-introspection
[1] https://github.com/falconindy/pkgbuild-introspection/blob/master/test/smoketest

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-09 15:41:50 +10:00
Dave Reisner
bd746568f6 makepkg: simplify epoch handling
We can avoid setting a default value for epoch since we intend to mean
unset and "0" as the same thing. This is also a more consistent default
as the display of epoch=0 is no epoch at all in the full package
version.

The extra paranoia in get_full_version can be removed due to lint_epoch
guarding against non-integer values of epoch.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-09 15:35:12 +10:00
Dave Reisner
03aa44a3ec makepkg: ignore empty global attributes in extraction
This bug isn't currently exposed by any of the existing codepaths, but
an upcoming patch to introduce SRCINFO files to makepkg will expose
this.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-11-09 13:46:51 +10:00
Dave Reisner
d6785a5726 makepkg: always look for sources in source=()
This regression snuck in during some reviewing of 963f7fe02f
(arch-specific sources). We must always check the source=() array for
sources.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-10-19 20:47:01 +10:00
Dave Reisner
a0cfed7df2 makepkg: reorder args to pkgbuild_get_attribute for consistency
In all other cases, this code gets the outvalue from the final
parameter.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-10-13 23:22:09 +10:00
Dave Reisner
62c11e450a makepkg: simplify attr matching in extract_function_var
Interesting attributes created with 'local' or 'declare' won't be
surfaced in .PKGINFO, so we shouldn't try to look for them.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-10-13 12:54:26 +10:00
Dave Reisner
3f0303dc92 makepkg: show full fingerprint on pgp failure
Rather than implementing suffix matching, which might clash, let's just
print the full fingerprint of the err'ing key so that the user can
copy/paste it into validpgpkeys. Also, make it clear in the manpage
that validpgpkeys needs full fingerprints, and nothing else.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-10-13 12:54:19 +10:00
Dave Reisner
926d998a75 Revert "makepkg: allow less than the full fingerprint in validpgpkeys"
This reverts commit 50296576d0.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-10-13 12:54:09 +10:00
Dave Reisner
50296576d0 makepkg: allow less than the full fingerprint in validpgpkeys
I found this feature confusing, and the documentation wasn't any help.
It was pointed out to me on IRC that validpgpkeys expects full
fingerprints, and won't accept shorter forms. This makes the
documentation insufficient, and the variable name itself misleading.

This patch bolsters the documentation to explain more about what the
contents should be, and implements suffix matching to allow matching on
shorters fingerprint suffices. Now, when makepkg tells you that a key
ID isn't valid, it's sufficient to manually check the key ID against
the known good ID, and add it as is to validpgpkeys.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-09-30 14:00:43 +10:00
Dave Reisner
60c1f2857b makepkg: move negation in inequality comparisons
This commit changes the few remaining instances of:

  [[ ! $foo = "$bar" ]]

to the more common:

  [[ $foo != "$bar" ]]

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-09-30 12:57:25 +10:00
Dave Reisner
cb9489119e makepkg: abort if we can't add install/changelog to package 2014-09-30 12:56:57 +10:00
Dave Reisner
963f7fe02f PKGBUILD: add support for arch-specific sources
This implements support for declarations such as:

  arch=('i686' 'x86_64')
  ...

  source=("somescript.sh")
  source_i686=("http://evilmonster.com/i686/ponies-9001-1.i686.bin")
  source_x86_64=("http://evilmonster.com/i686/ponies-9001-1.x86_64.bin")

  md5sums=('d41d8cd98f00b204e9800998ecf8427e')
  md5sums_i686=('e4ca381035a34b7a852184cc0dd89baa')
  md5sums_x86_64=('4019740e6998f30a3c534bac6a83f582')

Just the same as the "untagged" sources, multiple integrity algorithms
are supported. The manpage is updated to reflect support for these
suffices.

This commit also refactors download_sources slightly:

1) to use the otherwise preferred convention of lowercase local variable
names, and to make the handling of $1 more clear.
2) rename the "fast" parameter to "novcs", to make it more clear what
this token does.
3) add a new possible token "allarch" to ensure that download_sources
will fetch all sources, for all architectures.
2014-09-30 12:56:21 +10:00
Dave Reisner
51353edc61 makepkg: break out checksum generation to its own function
This also fixes a "bug" in which a PKGBUILD without any source array
would generate "md5sums=()". While not technically wrong, we can easily
do better and emit nothing at all.
2014-09-30 12:56:21 +10:00
Dave Reisner
a3d7230e4d makepkg: break out check_checksums to reasonably sized functions 2014-09-30 12:56:21 +10:00
Dave Reisner
9c066dff43 makepkg: disallow values of 'arch' which might be problematic
We rely on values in the arch array to be valid as part of variable
names, so extend the arch lint check to catch this.

This also cleans up lint_arch to restrict the use of "lint" only to the
package-specific architecture checks. It previously had an odd
declaration with a conditional expansion that would never be true.
2014-09-23 21:43:16 +10:00
Dave Reisner
85c055da73 makepkg: let --source imply --ignorearch
Since source package creation is architecture independent, we should
ignore architecture-dependent behaviors such as the lint check which
will halt execution when the host machine is not a supported arch.

https://github.com/falconindy/pkgbuild-introspection/issues/15
2014-09-23 21:43:16 +10:00
Dave Reisner
e1f6fe652d makepkg: use correct terminology
unix has no "folders".
2014-09-23 21:43:16 +10:00
lolilolicon
ee207d7c7b makepkg: do not eval dlcmd
This eval enables the following in a PKGBUILD to "just work":

  source=('$pkgname-$pkgver.tar.gz'::'https://host/$pkgver.tar.gz')

This has at least two problems:

- It violated the principle of least surprise.
- It could be a security issue since URLs are arbitrary input.

Instead, expand the dlagent command line into an array, replace the %o,
%u place holders, and run the resultant command line as is.

Embedded spaces in the DLAGENTS entry can be escaped with a backslash.

Fixes FS#41682

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-09-15 09:32:29 +10:00
William Giokas
95e1a1ef82 makepkg: Allow using sources with :: in them
Git has the ability to use helper applications for interfacing with hg,
and from what we had before, the following url::

  foo::git+hg::http://foo.bar/foobar

would get converted to something along the lines of:

  filename: foo
  URL: http://foo.bar/foobar

and the 'git+hg' part would essentially be ignored when it's getting set
up in the 'get_protocol' and 'get_downloadclient' functions. With this
patch it is possible to have a source link with '::' in it, however it
is not possible to have a filename with '::', which is the current
behavior.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-09-15 09:30:54 +10:00
Dave Reisner
17ed9eb734 makepkg: replace bare eval with var extraction functions 2014-08-08 13:44:40 +10:00
Dave Reisner
2b556d89de PKGBUILD: handle arch specific attributes
This introduces support for architecture-specific conflicts, depends,
optdepends, makedepends, replaces, and conflicts by appending "_$CARCH"
to the array name. For example, in the global section:

  arch=('i686' 'x86_64')
  depends=('foo')
  depends_x86_64=('bar')

This will generate depends of 'foo' and 'bar' on x86_64, but only 'foo'
on i686. Moreover, this is supported in the package functions with the
same heuristics as the generic names, e.g.

  ...
  arch=('i686' 'x86_64')
  depends=('foo')
  ...

  package_somepkg() {
    depends_x86_64=('bar')

    ...
  }

Again, will cause x86_64 to have depends of 'foo' and 'bar', but only
'foo' for i686.
2014-08-08 13:44:25 +10:00
Dave Reisner
cbd6c300b5 makepkg: refactor check_sanity, give it some sanity of its own
Break apart each of the blocks into their own separate functions. And,
instead of the hand crafted eval statements, reuse the logic from
pkgbuild-introspection[0] to abstract away the complexities of parsing
bash.

This commit fixes at least 3 bugs in check_sanity:

1) The wrong variable is shown for the error which would be thrown
when, e.g.  pkgname=('foopkg' 'bar^pkg')
2) The "arch" variable is not sanity checked when the PKGBUILD has
an arch override, but only one output package.
3) https://bugs.archlinux.org/task/40361

Lastly, there's some string changes here which should help to clarify
a few errors emitted in the linting process.

[0] https://github.com/falconindy/pkgbuild-introspection
2014-08-08 13:44:00 +10:00
Dave Reisner
8a02abcf19 makepkg: disallow pkgver/pkgrel/epoch overrides in packages
This is a confusing feature, and no one uses it.
2014-08-08 13:40:00 +10:00
Allan McRae
dce82f9d19 makepkg: skip dependency checking with --verifysource
Dependencies are now handled with --nobuild unless specificially skipped.
Using --verifysource will skip dependency checks unless --syncdeps is
specified.

Fixes FS#35057 and FS#36999.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-08-04 14:23:58 +10:00
Allan McRae
7e87614665 makepkg: ensure vcs download tool are installed when required
Add an array VCSCLIENTS to makepkg.conf that matches vcs source protocols
to the package containing the software needed for handling the source.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-08-04 14:23:56 +10:00
Dave Reisner
fbb0945bfb makepkg: improve check and error message for buildfile location
The documentation very clearly states that the buildfile has to be in
$PWD, but the error thrown by makepkg reference some mysterious "build
directory". Simplify this check so that we more directly check that the
file being referred to is in fact in our $PWD. Revise the error message
when the check fails to more plainly point out the problem.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-08-03 18:46:32 +10:00
Johannes Löthberg
80eca94c8e makepkg: Respect XDG_CONFIG_HOME
Add support for following the XDG Base Directory Specification when
reading the user-specific configuration file.

If no $XDG_CONFIG_HOME/pacman/makepkg.conf file exists we fall back to
sourcing $HOME/.makepkg.conf

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>

[Allan] Note XDG_CONFIG_HOME takes priority.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-08-03 18:46:31 +10:00
Allan McRae
7305768d54 makepkg: handle "epoch=" in PKGBUILD with pkgver function
After resourcing the PKGBUILD in update_pkgver(), set the epoch to 0
if it is empty.  Also adjust the get_full_version function to be more
robust if epoch somehow still is empty.

Fixes FS#41022.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-06-29 17:15:23 +10:00
Allan McRae
537a335cc7 Use C locale for bsdtar calls during package creation
This ensures packages build on a UTF-8 locale system with non-ASCII character
names can be installed on non-UTF-8 systems.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-06-12 12:50:15 +10:00
Johannes Löthberg
9ff6dc93af makepkg: Remove redundant sig generation comment
Remove the comment above the signature generation command as the command
is self explanatory and no longer does what the comment says.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-06-10 14:27:27 +10:00
Andrew DeMaria
235ce32563 makepkg: pass "--nocolor" to pacman
FS#39982.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-05-25 14:06:58 +10:00
Allan McRae
2401468f51 makepkg: Force buildscripts to be in startdir
We expect all source file to lie in $startdir. However, using
"makepkg -p <buildscript>" can currently allows people to specify buildscripts
in other directories. This results in confusion about where other sources
should lie (in startdir or in the directory that the buildscript is in).
Explicitly disable using -p for files in other directories to avoid this issue.

Fixes FS#40293.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-05-25 13:53:19 +10:00
Thomas Bächler
d39d3b3a09 makepkg: Introduce validpgpkeys array
If validpgpkeys is set in the PKGBUILD, signature checking fails if
the fingerprint of the key used to create the signature is not listed
in the array.

The key's trust value is ignored.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-05-23 15:31:00 +10:00
Thomas Bächler
d174cc8943 makepkg: Treat a signature from an untrusted key as an error
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-05-23 15:31:00 +10:00
Thomas Bächler
34ae6ce4e5 makepkg: Use read to parse status file during signature verification.
Instead of invoking grep multiple times, parse the status file once.

This refactoring also changes the behvaiour when signature verification
fails due to a missing public key: It is now an error instead of a
warning.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-05-23 15:30:54 +10:00
Steven Noonan
6103183253 makepkg: use dash instead of underscore in /usr/lib/debug/.build-id
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-04-21 20:25:02 +10:00