This fixes a lot of checks done by makepkg (e.g. to see if a package
is already built and choosing which package to install). Previously,
if a package had both "i686" and "any" versions, the "i686" one
always took precidence regardless of the value of "arch" in the
PKGBUILD for that package. Fixes FS#27204.
Signed-off-by: Allan McRae <allan@archlinux.org>
Use the no-exec mode of $(BASH_SHELL) to check for syntax errors in
shell scripts. Since we use the extglob feature in various places, this
requires that we pass -O extglob to the shell as well, to ensure that
the parser is armed to handle this syntax.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Perform a search for keys that clearly aren't key IDs. This allows
receiving keys by name or email address, but only if the key resolves
unambiguously.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Loop through arguments passed to verify_sig and treat each as a
signature to be verified against a source file. Output each file as its
checked to avoid ambiguity.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This requires an ugly amount of reworking of how pacman-key handles
options. The change simply to avoid passing keys, files, and directories
as arguments to options, but to leave them as arguments to the overall
program. This is reasonable since pacman-key limits the user to
essentially one operation per invocation (like pacman).
Since we now pass around the positional parameters to the various
operations, we can add some better sanity checking. Each operation is
responsible for testing input and making sure it can operate properly,
otherwise it throws an error and exits.
The doc is updated to reflect this, and uses similar verbiage as pacman,
describing the non-option arguments now passed to pacman-key as targets.
Similar to the doc, --help is reorganized to separate operations and
options and remove argument tokens from operations.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This will replace our current options parser used in pacman-key,
makepkg, and ideally elsewhere. It follows heuristics closer to that of
GNU getopt long (and thus pacman itself), with the exception that it
does not allow for options with optional arguments. Due to the way this
parser will be used, this sort of functionality will not be needed.
Instead of relying on eval+set, options are normalized into an array,
OPTRET, which callers should expect to be populated after returning from
parseopts. This avoids problems with quotes and spaces in arguments,
assuming that the user quotes properly when passing into the
application.
A new test harness for parseopts is added in test/scripts.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This removes some unnecessary quotes and adds quotes in a few places to
hopefully work correctly if the tempdir has spaces.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
Big deltas or deltas for very small packages are not needed so we should
check that and not generate any.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
If the PKGBUILD isn't writeable for devel_update, throw a warning
instead of silently ignoring it. Some logical reordering is present in
this patch to reduce the number of nested if's.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
It's expected that this will lead to unwanted behavior, and needs
widespread testing. It's desirable to commit this for a few reasons:
- there's no reason we can't do our own error checking for code that we
write.
- it avoids the need for ||true hacks scattered about in the code.
- it makes us immune to upstream changes in exit codes (FS#28248)
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Extend our grep pattern to match TRUST_ULTIMATE, not just TRUST_FULLY,
as these keys are to be trusted as well.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Make these functions more whitespace space by treating newlines as the
element delimiter rather than every form of whitespace.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This was a small oversight from 1917c845 which causes makepkg to write
provides entries to the .PKGINFO file improperly, e.g.
provides = systemdlibsystemdudev=999
Add a newline in the printf format to ensure that these are spaced
appropriately.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
In preparation for the removal of the global error trap we need a
way to ensure changing directories succeeds. Add a "cd_safe"
wrapper that performs the necessary check.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Also make sure the strings passed to %s in printf are always quoted.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This was really only half a fix for FS#28445, as it still doesn't
correctly handle the case of filenames with spaces. In the short term,
there is no obvious fix for this. In the long term, I believe the
correct decision is to rewrite the options parser to be more in line
with GNU getopt_long.
This reverts commits:
ca41427141.
969dcddbdf.
This has been 0 since 9fa18d9a4b, but it
doesn't makes sense because we are raising an error.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
We cannot rely on gpg's exit code. Instead we have to check the status-fd to
figure out whether a signature is valid or not.
In addition to this pacman-key --verify can now be used in scripts as it will
return an exit code of 1 if the signature is invalid.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
This matches the optimization made to repo-add in commit 8bbaf045b9
way back in 2009. We don't need to read the whole package file to ensure
multiple .PKGINFO entries don't exist, as well-formed packages should
have this file first in the archive.
Signed-off-by: Dan McGee <dan@archlinux.org>
Since we treat this as an array, we need to initialize it as one. This
avoids addition of an empty element to the option string when we set the
option array from the calling program, e.g.
+/usr/bin/makepkg[2033]: set -- -i --pkg vim -- ''
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
User reports indicate that the SKS keyservers are more reliable
than both the gnupg.net and mit.edu ones.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Using -e without arguments failed to export all keys. Using --export
worked as expected.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Pull updates from transifex, run update-po on all files, fix a few
errors, and push them back to Transifex.
Signed-off-by: Dan McGee <dan@archlinux.org>
delayed allocation hoses us here and causes erroenous install sizes to
be reported. Add a short sleep to allow the transaction to be committed
to the filesystem and the stat buffers to be updated.
This is apparently a "feature", as per to some of the denizens of #btrfs
on freenode.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Most places in makepkg deal with full file paths, but a few use the
file name only. Protect from potential issues when a file name
starts with a hyphen.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This means multiple packages can be build using the same BUILDDIR
without their source files all ending up extracted in the same
directory. Fixes FS#28417.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Similar to how we manage receipt of SIGINT in pacman's internal
downloader, catch the signal and invoke our own trap handler before
unsetting it and calling the default. This requires a slight
modification to the arguments passed to trap_exit so we can pass the
raised signal to trap_exit (note that we substitue USR1 for ERR since
the latter is unique to bash).
Fixes FS#28491.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Adds the ability to override the commands used to compressing
compiled and source packages. This is useful for those wanting
to use alternative implementations of the compression tools or
non-default compression options.
Allan: documented options in man page
Signed-off-by: Allan McRae <allan@archlinux.org>
The rest of our scripts have been using `openssl dgst` rather than tools
like `md5sum` for some time, so convert this one too. We also make the
following other adjustments:
* Use a `find -print0 | xargs -0` pipeline so paths with spaces and or
newlines don't totally kill us.
* Ensure the files we write out contain only paths relative to the
database root, where we know the filenames should all be sane.
* Remove use of `diff`, this was the only time we used it in scripts and
we can get a cheap substitute by comparing file checksums instead.
* Only touch the local/ part of the database. It makes little sense to
do anything to the sync/ directory anymore as they are compressed
single files that should be regularly written out in full and won't be
fragmented on any sane filesystem.
Signed-off-by: Dan McGee <dan@archlinux.org>
Verifing the keyring at this point is useless as a malicious package is already
installed and as such has several options to bypass this check anyway.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
* it updates to all translations
* minor fr, pt_BR, de, lt, sk and uk updates
* add new strings in pacman translation catalog
Signed-off-by: Dan McGee <dan@archlinux.org>
Passing the "-L" flag to stat means we get the size of the file
being pointed to for symlinks instead of the size of the symlink.
Keep "-L" usage in repo-add as we want the actual size of the
package/delta/signature there.
Signed-off-by: Allan McRae <allan@archlinux.org>
With multiple items in $libdepends this check only worked for the first
one, everything after this returned an error. This was probably an issue
with \s being treated wrong.
Fix-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Florian Pritz <bluewind@xinu.at>
libperl.so results in soname="libperl.so.so" which is wrong.
This returns the correct string: "libperl.so"
Fix-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Florian Pritz <bluewind@xinu.at>
This reworks the implmentation of libprovides for the following
benefits:
- Moves functionality from write_pkginfo() to find_libprovides()
- Only calculates the version for libraries specifically requested
and not all libraries. This has the disadvantage of running find
over the $pkgdir for as many libraries as needed, but is unlikely
to be an issue due to caching.
- The order of the provides array in the PKGBUILD is kept in the
package
- There are more warning messages when things fail and those that
were there are no longer errors (as I do not think failure of
libprovides should result in complete packaging failure)
- It is now modular so can be easy extended to other library types
other than ELF *.so.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Modify parse_options logic to fill an array instead of printing parsed
options. Avoid eval like the plague. Because it is the plague.
Fixes bugs such as FS#28445.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This fixes a problem that occurs if you tell makepkg to remove installed
dependencies (just to be sure) but there are none. As the $ was missing
in front of deplist, the check never happened and 'pacman -Rn' was
called which obviously failed.
Dan: later reported as FS#28448.
Signed-off-by: Christoph Vigano <mail@cvigano.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
This wonderful/awful little bash shell variable wrecks havoc on `cd`
calls in shell scripts. Unset CDPATH in makepkg where we use `cd` quite
heavily. In pacman-optimize, we can move the change directory logic into
the bsdtar call so we are left with no usages of `cd` in the script.
Signed-off-by: Dan McGee <dan@archlinux.org>
PKGBUILDs are advertised as being pure bash so it would be expected
that the default bash options are in effect when sourcing it.
This inadvertantly "fixes" FS#27780 where enabling extglob causes
the bash parser to error on non-valid bash function names like
package_libxml++(). Note that these function names are unsupported
in bash and could break again even with this "fix" in future bash
releases.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
From mercurial-2.1, "hg pull" returns 1 when there are no updates.
Catch the return code and either pull the update or return an
error as appropriate.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is after some manual massaging to fix issues with newlines in some
translations of the script catalogs.
Signed-off-by: Dan McGee <dan@archlinux.org>
Provide a helpful error message for when creating a source tarball
and SRCPKGDEST is not writable.
Fixes FS#28197.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Instead of iterating over the revocation keyfile and calling gpg once
for each key, map the file into an array and call gpg once, iterating
over this output to mark each key as revoked.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This addresses two problems:
1) echo's behavior is inconsistent when dealing with flags, and can
potentially be problematic.
$ echo -n
$ echo -- -n
-- -n
2) Always using the end of options markers prevents translated strings
from throwing errors, as shown in FS#28069.
The remaining "inconsistencies" are because printf is being used in a
guaranteed safe manner, e.g.
printf '%s\n' "$(gettext "--this can never break")"
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This "fixes" two issues:
1) MAN_DIRS contains a glob by default so should not be quoted. It is
not quoted anywhere else so this should not cause breakage...
2) the find statement returns 1 when some of MAN_DIRS are missing. This
appears to only be exposed when running makepkg as root (which it appears
some wrappers do...).
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
With pacman-4.0, using --noconfirm or --noprogressbar with -Q or -T
results in pacman reporting an "invalid option" error. Restrict the
passing of these options to pacman. Fixes FS#28012.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The grep statement used to check for a difference between the
installed package list before and after resolving dependencies
returns 1 if there is no difference. This sets of the error
trap when "-r" is used "unnecessarily".
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Return codes from gpg commands are currently lost. This adds the functionality
of taking non-zero exit statuses from gpg. This includes error reporting for all
gpg commands that are run individually, run in a loop, and run through a pipe.
Includes the check_keyids_exist function which verifies a key exists locally
prior to attempted local manipulation of the key.
If a gpg command has a non-zero status, pacman-key will now exit with a non-zero
status. It will print a gettext error message of gpg's failure.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Adds functions for every gpg command. By pulling out the gpg commands from the
"program start" section, additional commands can be run before or after a
specific gpg command without adding additional clutter to the function call
section.
Adds an explicit exit status of 0 to prevent arithmetic expansions from
returning non-zero, thereby falsely causing pacman-key to have a non-zero exit
status.
This change creates the framework for additional error messages and better
exit statuses being added to every pacman-key gpg call.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Use consistent blank lines across all commands, get rid of the
translated double newlines which only serve to confuse translators, and
fix -h/--help for that extra special third command this script offers.
Signed-off-by: Dan McGee <dan@archlinux.org>
makepkg would not abort on a missing download agent due to the
output variable being declared local on the same line as the
function call in the assignment. That would result in strange output
such as:
==> Retrieving Sources...
==> ERROR: There is no agent set up to handle foo URLs. Check /etc/makepkg.conf.
Aborting...
-> Downloading foobaz...
/home/arch/code/pacman/scripts/makepkg: line 401: foo://foobaz: No such file or directory
==> ERROR: Failure while downloading foobaz
Aborting...
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Declaring the variable as local on the same line as the assignment
results in result of the assignment being returned rather than the
result of the function on the righthand side of the assignment.
Declaring the variable as local on a separate line means the result
of the function on the r.h.s. is returned and our error function
will be invoked if necessary (although it is practically impossible
to ever trigger it...).
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Simplify the source tarball generation by unifying the handling of
local and remote files. This also allows local files to be found
in $SRCDEST (FS#26580) and makepkg will abort on missing local source
files (only possible to trigger in combination with --skipinteg).
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>