This includes some fixes to the messages that are displayed when a
signal is caught in makepkg or repo-add:
* Instead of always showing "==> ERROR: TERM signal caught. Exiting...",
replace "TERM" by whatever signal is actually caught.
* Fix a typo in the SIGERR error message in repo-add ("occurred" instead
of "occured"). Francois already fixed this for makepkg in 1e51b81c.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
There is a small chance that a user sends SIGINT (or any other signal
that is trapped) when we're already in clean_up() which used to lead to
trap_exit() being executed and the remaining code in clean_up() being
skipped due to the bash signal/trap handler blocking EXIT (since its
handler is already being executed, even if it's interrupted).
In practice, this behaviour caused unexpected results (primarily because
pressing ^C at the wrong time left a lock file behind):
$ ./repo-add extra.db.tar.gz foobar
==> Extracting database to a temporary location...
^C
==> ERROR: Aborted by user! Exiting...
$ ./repo-add extra.db.tar.gz foobar
==> Extracting database to a temporary location...
==> ERROR: File 'foobar' not found.
==> No packages modified, nothing to do.
^C
==> ERROR: Aborted by user! Exiting...
$ ./repo-add extra.db.tar.gz foobar
==> ERROR: Failed to acquire lockfile: extra.db.tar.gz.lck.
==> ERROR: Held by process 18522
Fix this and reduce the chance of race conditions in signal handlers by:
* Unhooking all traps in both clean_up() and trap_exit().
* Call clean_up() explicitly in trap_exit() to make sure we remove the
lock file and the temporary directory even if we send SIGINT when
clean_up() is already being executed but didn't reach the unhook code
yet.
Also, add an optional parameter to clean_up() to allow for setting an
explicit exit code when we call clean_up() from trap_exit().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
We have a few incomplete translations, but these should be addressable
before the 4.0.1 maint release that is surely not that far in the
future.
Signed-off-by: Dan McGee <dan@archlinux.org>
Inline comments after pkgver or pkgrel would cause the sanity
checks to fail so remove them before checking the value.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows it to serve double-duty. In order to allow users to base
verification decisions off of both a valid signature and a trusted
signature, we need to assign some level of owner trust to the keys we
designate as trusted on import.
Signed-off-by: Dan McGee <dan@archlinux.org>
* --import now only imports keys from pubkey.gpg and does not import
owner trust; if you want to have both simply run the operations in
sequence.
* --import-trustdb has been simplified; it will overwrite existing
values in the trust database as before, but there is no need to export
it first as those values are safe if left untouched.
* Fix the manpage referring to a non-existent option.
Signed-off-by: Dan McGee <dan@archlinux.org>
If PKGEXT is not one of the recognized tar*'s, create_package() would
create an empty package file and fail, since bsdtar on the left side of
the pipe returns 141 on SIGPIPE (broken pipe).
This patch changes the behavior for an invalid PKGEXT. A warning is
printed on stderr, and a tar file is created. Also retire the obsolete
$EXT variable.
Add the obligatory comment why we don't use bsdtar's compression.
Finally, fix mixed-tab-space indentation.
Signed-off-by: lolilolicon <lolilolicon@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
We're ill equipped to be using this flag as we don't trap and respond to
the ERR signal. The result is that if is ever tripped, pacman-key will
instantly exit with no indication of why. At the same time, we're
already fairly good about doing our own error checking and verbalizing
it before dying.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This prevents the error trap being set off when GPGDir is commented
in pacman.conf. Bug introduced in 507b01b9.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Always quote the right-hand side of expression when the == or != operator
is used, unless intended as a pattern.
Signed-off-by: lolilolicon <lolilolicon@gmail.com>
Always quote the righthand side of expression when the == or != operator
is used, unless intended as a pattern. Quoting bash(1):
When the == and != operators are used, the string to the right of the
operator is considered a pattern. Any part of the pattern may be quoted
to force it to be matched as a string.
Signed-off-by: lolilolicon <lolilolicon@gmail.com>
If '-' isn't the last item, it's interpreted as a range and not
literally, causing problematic behavior in parsing optdepends.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Keep the non-zero return val to let the caller know that the key wasn't
found.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Many PKGBUILDs use formatting whitespace when specifying optdepends.
This is removed when adding a package to a repo-database so the
output of "pacman -Si <package>" and "pacman -Qip <package file>"
becomes inconsistent. Instead, do the adjustment when creating
the .PKGINFO file.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allow the specification of versioned optdepends with an epoch.
This also (partially) enforces a whitespace between ":" and the
description which is required for the future optdepends parsing
code.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is similar to the 'foo-revoked' file we had. This will be used to
inform the user what keys in the shipped keyring need to be explicitly
trusted by the user.
A distro such as Arch will likely have 3-4 master keys listed in this
trusted file, but an additional 25 developer keys present in the keyring
that the user shouldn't have to directly sign.
We use this list to prompt the user to sign the keys locally. If the key
is already signed locally gpg will print a bit of junk but will continue
without pestering the user.
Signed-off-by: Dan McGee <dan@archlinux.org>
We're putting the cart ahead of the horse a bit here. Given that our
keyring is not one where everything is implicitly trusted (ala gpgv),
keeping or deleting a key has no bearing on its trusted status, only
whether we can actually verify things signed by said key.
If we need to address this down the road, we can find a solution that
works for the problem at hand rather than trying to solve it now before
signing is even widespread.
Signed-off-by: Dan McGee <dan@archlinux.org>
Unlike our protégé apt-key, removing a key from our keyring is not
sufficient to prevent it from being trusted or used for verification. We
are better off flagging it as disabled and leaving it in the keyring so
it cannot be reimported or fetched at a later date from a keyserver and
continue to be used.
Implement the logic to disable the key instead of delete it, figuring
out --command-fd in the process.
Note that the surefire way to disable a key involves including said key
in the keyring package, such that it is both in foobar.gpg and
foobar-revoked.
Signed-off-by: Dan McGee <dan@archlinux.org>
This finishes the cleanup started in 710e83999b. We can do a straight
import from another keyring rather than all the funky parsing and piping
business we were doing.
Signed-off-by: Dan McGee <dan@archlinux.org>
Otherwise we're hiding extremely relevant bits like this one:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Signed-off-by: Dan McGee <dan@archlinux.org>
* Ensure usage message is indented correctly
* Show short filenames for both the gpg keyring and revocation file
Signed-off-by: Dan McGee <dan@archlinux.org>
This fixes build errors when performing a manual install straight to a
filesystem where the files already exist.
Reported-by: Sergej Pupykin <ml@sergej.pp.ru>
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
4ed12ae tightened up the logic to use only find, but ignored the fact
that since the manpage hard link names were no longer captured. They
were created as separate compressed manpages, rather than as hardlinks.
This also introduces a minor efficiency of deleting all hardlinks at
once and using proper iteration over an array rather than a string.
Note to anyone else touching this code: e2fsprogs and libpcap are useful
for testing this. If that changes in the future, you can use the below
bash to locate others:
IFS=$'\n' read -rd '' -a a < <(find /usr/share/man -type f \! -links 1)
pacman -Qqo "${a[@]}" | sort -u
I broke it!
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
When a sourceball passes this check without any warnings, a newline is
omitted. Similar to the if clause of this else block, print a single new
line at the end of the clause instead of accounting for each output.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This prevents makepkg from aborting with 'file not found' when
changelog= or install= are declared in a PKGBUILD, but empty.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This is a fix for a bash3 specific bug, where a file sourced by
/etc/profile would exit non-zero and make its way back up to makepkg,
forcing it to exit after package installation. Along with unsetting the
ERR handler, temporarily unset errexit to avoid this.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
- display associated warnings on same line as pass/fail msg, to be more
consistent with checksum verification output
- properly error on a revoked key (matching pacman's behavior)
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
We seem to enjoy using bash regex capabilities, but never referencing
the result with BASH_REMATCH. Replace almost all regexes with equivalent
globs which are faster and functionally equivalent in these cases.
This enables the extglob shopt.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Don't just set the flag variables to zero length strings, actually unset
them from the environment. This fixes issues with broken gnu Makefies
that use ?= for assigment, where the presence of a var is enough to make
this condition avoid assignment.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
- Properly read each sorted line into a new array, instead of breaking
on every word.
- LC_COLLATE should apply to the sort portion of the pipeline, not the
printing.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This also renames '--receive' to '-recv-keys' to match the wrapped gpg
option name, rather than invent a new one, now that the calling
convention is the same.
Signed-off-by: Dan McGee <dan@archlinux.org>
We were using the mystical [<foobar>] options which is some sort of
cross between a <required> argument and an [optional] one. Remove this
madness and do some other general cleanup/consistency work in the
manpage.
Signed-off-by: Dan McGee <dan@archlinux.org>
The regex wasn't rooted at the end of the filename, nor was it matching
a period/dot before the file extension. The end result was this matched a
file named '07_all_sig.patch' which is totally broken.
Signed-off-by: Dan McGee <dan@archlinux.org>
Read the entire variable, respecting escapes, which are necessary to
retain for the successive eval.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Further improvments on 2ca27ab which will allow the changelog and
install script files to contain whitespace.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Broken in 2ca27a by me, trying to fix another problem.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows local signing of a given key to help establish the web of
trust rooted at the generated (or imported) master key.
Signed-off-by: Dan McGee <dan@archlinux.org>
This enables pacman-key, during --init, to generate a single secret key
for the pacman keyring if one is not present. This will be used as the
root of the web of trust for those that do not wish to manage it with
their own key, as will be the default.
This does not preclude later adding other secret keys to the keyring, or
removing this one- we simply ensure you have at least one secret key
available.
Signed-off-by: Dan McGee <dan@archlinux.org>
Any option that flips UPDATEDB=1 doesn't work right now due to what we
thought was a good idea in commit cab1379a1a. Fix this by not
including the update operation in the option count and special casing
it where necessary.
Also, bring back the helpful "Updating trust database" message.
Signed-off-by: Dan McGee <dan@archlinux.org>
This adds a add_gpg_conf_option() helper function which tries to be
intelligent and only add not found options, and those which have not
been explicitly commented out.
The new options added are 'no-greeting', 'no-permission-warning', and a
default 'keyserver'.
Signed-off-by: Dan McGee <dan@archlinux.org>
* secring.gpg can be 600, readable by root user only
* ensure grep for lock-never option in check_keyring doesn't catch comments
Signed-off-by: Dan McGee <dan@archlinux.org>
The HoldKey option was undocumented and was not suited for pacman.conf.
Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list
of keys not to be removed from the pacman keyring with the --populate
option.
Signed-off-by: Allan McRae <allan@archlinux.org>
After most operations that touch the keyring, it is a good idea to
always run a check on the trustdb as this prevents gpg complaining
on later operations.
Inspiration-from: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
The optimization of only importing keys that were not to be later
revoked was a not smart enough. For example, if a key was
in both a repos keyring and its revoke list, alternate runs of
pacman-key --populate would add then remove the key from the pacman
keyring. This problem is made worse when considering the possibility
of multiple keyrings being imported.
Instead, import all keys followed by the revoking of all keys. This
may result in a key being added then revoked, but that is not much of
an issue given that is a very fast operation.
Signed-off-by: Allan McRae <allan@archlinux.org>
The current --reload option, apart from being non-clear in its naming,
is very limited in that only one keyring can be provided. A distribution
may want to provide multiple keyrings for various subsets of its
organisation or custom repo providers may also want to provide a keyring.
This patch adds a --populate option that reads keyrings from (by default)
/usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional
foo-revoked file providing a list of revoked key ids. These files are
required to be signed (detached) by a key trusted by pacman-key, in
practice probably by the key that signed the package providing these
files. The --populate flag either updates the pacman keyring using all
keyrings in the directory or individual keyrings can be specified.
Signed-off-by: Allan McRae <allan@archlinux.org>
This is a safety measure to prevent simple code injection.
$ i="foo bar"
$ eval i="$i"
bash: bar: command not found
$ eval i=\"$i\"
$ echo "|$i|"
|foo bar|
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
If any of pkgver, pkgrel or epoch contained a variable substitution,
then it needed to be evaluated before checking its value conformed
to the rules.
[Dan: add quotes around RHS]
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
makepkg --source is a often used go make source package like for AUR.
Have a -S shortcut will save the world.
Signed-off-by: Sebastien Luttringer <seblu@seblu.net>
Signed-off-by: Dan McGee <dan@archlinux.org>
When creating a repo outside the current directory, the signature
symlink was not created.
Reported-by: Gaetan Bisson <bisson@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The use of warning once we had already started adding a package was
confusing as it broke the standard indent pattern. It was especially bad
if adding multiple packages as it wasn't clear what sub-messages applied
to which package being added. This should be an output change only from:
==> Adding package '/tmp/sync/netcfg-2.6.7-1-any.pkg.tar.xz'
-> Computing checksums...
-> Adding package signature...
==> WARNING: An entry for 'netcfg-2.6.7-1' already existed
-> Removing existing entry 'netcfg-2.6.7-1'...
-> Creating 'desc' db entry...
-> Creating 'depends' db entry...
to:
==> Adding package '/tmp/sync/netcfg-2.6.7-1-any.pkg.tar.xz'
==> WARNING: An entry for 'netcfg-2.6.7-1' already existed
-> Computing checksums...
-> Adding package signature...
-> Removing existing entry 'netcfg-2.6.7-1'...
-> Creating 'desc' db entry...
-> Creating 'depends' db entry...
Signed-off-by: Dan McGee <dan@archlinux.org>
These are equivalent. Use the autoconf macro for consistency.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This applies to the repo-remove man page as well as the script itself.
Yes Dan, I ran distcheck afterwards.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
When adding a package to a repo, it is useful to be able to see
that repo-add has indeed found the signature file.
[Dan: update text to be more in line with other messages]
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This also pulls in some early translations we had entered in Transifex
in the last day so those would not be lost. The diffstat is huge and not
very telling as usual, as all sorts of fuzzyness switches happened this
time around for some reason.
Signed-off-by: Dan McGee <dan@archlinux.org>
This moves us toward staring translations for the 4.0.0 release,
although this should not be interpreted as a string freeze by any means.
Signed-off-by: Dan McGee <dan@archlinux.org>
In this case, we skip the epoch versioning entirely, as if it were
declared as 0.
Prevents errors such as:
/usr/bin/makepkg: line 244: ((: ! : syntax error: operand expected
(error token is " ")
==> Finished making: cower-git :20110808-1 (Mon Aug 8 17:17:27 EDT
2011)
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The current --list option outputed the keys and all their signatures
which can be overly verbose. It also did not take a list of keys on
the command line to limit its output (although the code suggests that
was intended).
That patch brings consistency with gpg, providing --list-keys and
--list-sigs options that function equivalently to those provided by
gpg.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Currently, pacman-key allows the user to import their keys using the --add
option. However, no similar functionality exists for importing ownertrust
values.
The --import-trustdb option takes a list of directories and imports ownertrust
values if the directories have a trustdb.gpg database.
The --import option takes a list of directories and imports keys from
pubring.gpg and ownertrust values from trustdb.gpg. Think of it as a combination
of --add and --import-trustdb
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allows the commands to safely handle any possible arguments
Signed-off-by: DJ Mills <danielmills1@gmail.com>
Allan: rebase patch
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move the source integrity checking into its own function as the code
was duplicated and is now more complicated with the separation of the
two checks types.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allows the skipping of all integrity checks (checksum and PGP) or
either the checksum or PGP checks individually.
Original-patch-by: Wieland Hoffman <theminew@googlemail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Many projects provide signature files along with the source code
archives. It's good to check these, too, when verifying the integrity
of source code archives.
Not everybody is using gpg so the verification can be disabled with
--skippgpcheck.
Additionally, only a warning is displayed when the key that signed the
source file is unknown.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
When epoch, pkgver and/or pkgrel were overridden in a split package
function, makepkg failed hard finding the real version for checking
if packages were already built or trying to install packages. Fix
the get_full_version function to deal with overrides and return the
actual package version.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We can override pkgver and pkgrel so it is only logical to add epoch
to that list
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Check any overrides of the "arch" variable contain the required
architecture.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Enforce syntax checking for pkgrel and pkgver overrides in package
functions.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
There is always someone who tries to break things (cough *Dave* cough...)
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a cleaner expression of the same information.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Makes sure that the pacman keyring is readable and that the user
has permissions to create a lock file if lock-never is not specified
in the gpg.conf file.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add an --init option that ensures that the pacman keyring has all
the necessary files and they have the correct permissions for being
read as a user.
Signed-off-by: Allan McRae <allan@archlinux.org>
This function had a variety of pitfalls, including the inability to
successfully find a key=value pair where no whitespace surrounded the
equals sign. Make it more robust by splitting the line on the equals
itself, and performing whitespace trimming on the resulting key/value
pair.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Follow the example of gpg and only allow a single operation to be
specified each time. Prevents having to deal with conflicting
variable names and potential issues due to the order in which the
operations are run.
Signed-off-by: Allan McRae <allan@archlinux.org>
This moves the processing of the --edit-key and --receive options
to functions, keeping the final option processing to be all single
line statements.
Also rework the --edit-key option to validate all input before
processing.
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit correctly redirects to /dev/null the output of several
commands that get executed on logic checks.
Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This keeps the naming of the option more consistent with what is
actually being called by gpg.
Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit adds quotes to several variable assignments. Unquoted values
can cause problems on several occasions if the value is empty. It is
safer to have every assignment quoted.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
The conversion to using parse_options causes this option to break.
It is preferable to remove the option rather than fix it as it is
simply a wrapper for "gpg --homedir @sysconfdir@/pacman.d/gnupg".
Any user using more advanced keyring management than provided by
pacman-key can manage to point gpg at the right place themselves...
How to manually edit the keyring with gpg will instead be documented
in the man page in a later commit.
Signed-off-by: Allan McRae <allan@archlinux.org>
The pacman-key script is complicated enough to warrent usage of the
parse_options script. This is especially helpful in dealing with
all the configuration file override flags as the no longer need to
be specified first. It also allows us to do the right thing early
with --help/--version and no option cases cleanly. This change also
makde the check for root privileges only occur on operations where
they are needed.
This patch is inspired by and supercedes some patches submitted by
Denis A. Altoé Falqueto and Ivan Kanakarakis who were altering the
previous option handling in an attempt to deal with the above issues.
Signed-off-by: Allan McRae <allan@archlinux.org>
Specifying a filename with spaces in a PKGBUILDs noextract array fails
due to a lack of quoting.
Fixes FS#25100.
Reported-by: Thomas Weißschuh <thomas_weissschuh@lavabit.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The full path to the signature file when it is created is in a temporary
directory so only print the filename.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This prevents a dangling symlink being left behind if the repo goes
from being signed to unsigned.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
There is no need for a writable PKGDEST when using the --nobuild or
--geninteg flags.
Allan: added --geninteg
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Put a .gitignore entry at the right level and sort that file
alphabetically.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We nuke it from the completion file as well along with its longopt.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The '[[ -z' test in in_array() is redundant, so remove it.
Signed-off-by: DJ Mills <danielmills1@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Instead of hacking around the error trap, simply do an explicit
test for failure.
Signed-off-by: DJ Mills <danielmills1@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This adds the '.tar.Z' option to both repo-add and makepkg for no other
reason than "why not", and because bsdtar supports it natively with the
'-Z' flag. Also update the documentation accordingly.
Signed-off-by: Dan McGee <dan@archlinux.org>
If you are keeping a copy of the old database, you probably want
to keep a copy of its signature too. Also, delete the previously
backed-up database signature if no new one is being copied.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The lone quotation mark in "pacman's" causes issues for some syntax
highlighting. Change the printing of the nessage from echo to printf
so we can invisibly escape it.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allow command-line options to accept multiple arguments without
additional quoting by taking the list of arguments until one
starting with a "-" is reached.
The only current use of this is the --pkg option in makepkg. This
allows (e.g.)
makepkg --pkg foo bar
and packages "foo" and "bar" will be built.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows options specified with a trailing "::" to optionally
take arguments.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
vim recognises what type of shell script it's dealing with by looking at
the shebang. If detection fails it falls back to sh which doesn't
support some bash features. Adding a normal, possibly broken, shebang
which gets fixed by the Makefile allows vim to detect bash syntax.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
Revert to the old behavior that 6f5a90 attempted to simplify and go with
the original proposed solution of using "ugly" bash to detect empty
directories.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We fubar-ed this pretty good.
1. The whole old/new move shuffle was totally busted if you used a
relative path to your database, as we would just build the database in
place.
2. Our prior temp directory layout had the database files extracted
directly into it. When we tried to create a xxx.db.tar.gz file in this
same directory, due to the fact that we were no longer using a shell
wildcard, we tried to include the db in ourself, which is a big failure.
Fix all this by extracting to tree/ so we can have a clean top-level
temp directory.
3. Fix the inclusion of the './' directory entry; ensure the regex
prunes both leading paths of '.' as well as './'.
Where is that test suite again?
Signed-off-by: Dan McGee <dan@archlinux.org>
Otherwise there is no way to easily test or run with a standalone config
file without outside interference.
Signed-off-by: Dan McGee <dan@archlinux.org>
The path was not being stripped from $file before prefixing with
$srcdir resulting in the attempted removal of a very weird
filename.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We already use msg() and error() in here, might as well just use the
standard functions. In addition, fix one translated message that would
have printed ERROR twice if anyone ever saw it.
Signed-off-by: Dan McGee <dan@archlinux.org>
Allow one of 4 archive extensions: .tar{,.gz,.xz,.bz2} for each of the 2
valid repo extensions: .db and .files. Check for this via
'verify_repo_extension' directly after option parsing to assert that
this extension is present, and again after files have been added to get
the proper archive option for bsdtar.
Signed-off-by: Dave Reisner <d@falconindy.com>
Dump the whole conditional and filter the contents of the directory to
create an empty or non-empty archive.
Signed-off-by: Dave Reisner <d@falconindy.com>
Fixes FS#24893.
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This ranks high on the code readability scale. The same function formats
all of our data and writes to the metadata file at once.
Signed-off-by: Dave Reisner <d@falconindy.com>
Fields like groups and depends should be stored as arrays. This requires
rewriting our write_list_entry function to accomodate our new data type.
This new function will not write to a file, but rather only format it.
Signed-off-by: Dave Reisner <d@falconindy.com>
grep and sed aren't needed here, and this removes the truly ugly
manipulation of IFS. The process substituion could just as well be a
herestring, but it breaks vim's syntax highlighting. Style over
substance, mang.
Signed-off-by: Dave Reisner <d@falconindy.com>
* 'master' of git://projects.archlinux.org/pacman:
pactree: carry a list of databases for dep resolution
makepkg: Remove a lone quotation mark
makepkg: remove the cleancache option
Don't require a transaction for sync DB updates
Move locking functions to handle
Add a 'valid' flag to the database object
Move database 'version' check to registration time
Do database signature checking at load time
This is a fairly useless feature given all it does is an "rm" on a
directory. It is also unlikely that you would want to remove the
entire SRCDEST anyway, but rather just the old files.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
There was a lot of inconsistency in how strings that should not be
translated (program names, option flags, PKGBUILD directives, etc) were
handled. This patch moves them all outside the gettext invocation for
consistency and to prevent accidental translation.
Note that some of these may need reverted if they cause difficulties in
translation due to gettext usage in bash not taking positional parameters
for arguments. A quick survey of current translations indicates that this
issue will be rare. Also, we should be able to catch these before a full
string freeze given we are going to probably need a "developer preview"
release before the next release series.
Signed-off-by: Allan McRae <allan@archlinux.org>
b899099 made path checking a bit more strict than I had intended, and
would actually forbid creation of a repo in $PWD if only the filename
was specified. readlink would be the fun and easy solution here, but
it's avoided due to portability issues, making the validation process a
bit more verbose.
Signed-off-by: Dan McGee <dan@archlinux.org>
This has gettext strings, but wasn't added to the list of files in
POTFILES.in just yet. Add it and update the catalogs.
Signed-off-by: Dan McGee <dan@archlinux.org>
Now that we have performed the split, prune the catalogs of all
pacman-only messages.
All old messages were pruned from the files using the following command:
sed -i -e '/^#\~/,' *.po
Note: the diff on this commit looks much less insane if the --patience
option is used.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is the first step at separating the pacman message catalog and the
scripts message catalog. Makefiles, configure.ac, and other such files
are adjusted accordingly, as well as renaming files. The TEXTDOMAIN of
scripts is also adjusted.
Note that no actual pot or po files get changed here; these will get
pruned in a future commit so each catalog contains only the necessary
messages.
Signed-off-by: Dan McGee <dan@archlinux.org>
Way back in c94bfbaba when refactoring makepkg options handling, I added
these lines to unset MAKEFLAGS if '!distcc' was set in a PKGBUILD (not
taking into account makepkg.conf settings). This was an attempt to say
"if it is broken in distcc, it is probably broken even more". However,
this is silly as one should be using '!makeflags' as well. Remove the
linkage.
Signed-off-by: Dan McGee <dan@archlinux.org>
Unify function braces to be top right opening, bottom left closing.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add a function that checks for the software needed by makepkg to
process a PKGBUILD with the requested options. This allows makepkg
to bail early in the packaging process.
Many other checks can be added to this function...
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Contractions are less clear for non-native speakers so should be
avoided (and cause syntax highlighting issues). Also, the 'provides'
and 'depends' strings are not to be translated.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add a BUILDDIR variable (which can be overridden in the environment)
to specify an alternative location for building the package. This is
useful for people who want to build on a different filesystem for
improved performance (e.g. tmpfs).
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This patch enables the automatic compression of executable binaries
using UPX when the 'upx' options is specified in makepkg.conf or the
PKGBUILD. Additional arguments can be passed to UPX by specifying
the UPXFLAGS variable.
Original-patch-by: Bryce Gibson <bryce@gibson-consulting.com.au>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Previously, the error message when trying to add to a repo where a
parent directory didn't exist was:
==> ERROR: Failed to acquire lockfile: /path/to/noexist/repo.tar.gz.lck
This sucks. Make an explicit check to ensure that the path to the repo
really does exist, and throw a meaningful error message when it can't be
found.
Dan: reuse an existing (translated) error message.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
A plain '.tar' ending should be allowed. This corresponds to how we
handle this extension in makepkg. Also fix up the other extension
checks, which were missing a leading '.' character.
Signed-off-by: Dan McGee <dan@archlinux.org>
Create source package files inside the fakeroot environment to
ensure reasonable ownership of files within the archive.
Fixes FS#24330.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We no longer have any python scripts in our scripts/ directory so
we can simplify the makefile a bit.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Provide consistent error messages for unknown long and short options.
Also get full string translation for the messages.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add a README file to briefly document the code snippets in the scripts
library folder.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move the common output formatting functions into a separate
library file and import that into each script. makepkg is
excluded due to its additional color formatting.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This move the getopt replacement function parse_options out of
makepkg.sh.in and into a separate file. The code is inserted
into the relevant place in makepkg using m4.
This will allow the reuse of the option parsing code in other
scripts (i.e. pacman-key) while avoiding code duplication.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Clarfiy that it is unwanted files are being removed rather than "other"
files (whatever they are...).
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Our scripts all currently say:
Generated from foo.in; do not edit by hand.
Fix this to say foo.sh.in, which is the actual original file name.
Signed-off-by: Allan McRae <allan@archlinux.org>
When creating a source package using an non-local buildscript via
the -p option, the inclusion of changelog and install files would
fail. Fixes FS#24567.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Fixes FS#24534. Dotfiles, such as /etc/skel/.bash_profile, were not
being included in generated files entries. bsdtar --exclude option
supports anchors on the pattern, so using "^.*" instead of ".*" solves
our problem and still excludes all root-level dotfiles (e.g. .PKGINFO).
Signed-off-by: Dan McGee <dan@archlinux.org>
The user adds libaries to the depends array without a version. These
must end with .so.
Example: depends=(glibc libc.so)
find_libdepends() looks for ELF files (not symlinks because these could
point outside of pkgdir) in $pkgdir, extracts the library sonames the
binary links to and outputs depends seperated by spaces.
This list contains all libraries needed by the package.
Example: libfoo.so=3-64
write_pkginfo() only keeps .so depends with version information and warns
the user about unneded ones.
Support-by: Thomas Bächler <thomas@archlinux.org>
Support-by: Christoph Schied <Christoph.Schied@uni-ulm.de>
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
The user adds libaries to the provides array without a version. These
must end with .so.
Example: provides=(readline libreadline.so)
find_libprovides() looks for .so files (not symlinks because these could
point outside of pkgdir) in $pkgdir, extracts the library soname (ld
links the binary to this name) and outputs provides seperated by spaces.
This list contains all libraries provided by the package.
Example: libfoo.so=3-64
write_pkginfo() only keeps .so provides with version information and warns
the user about unneded ones.
Support-by: Thomas Bächler <thomas@archlinux.org>
Support-by: Christoph Schied <Christoph.Schied@uni-ulm.de>
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
Check for the presence of gpg as soon as we know we need it.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add -k/--key option to specify a non-default key for signing
a package database.
Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Listing every option on the usage line becomes unweildly as more
options get added so simplify it. Also, provide a standard package
name in the repo-add example.
Dan: just use 'options' as we use elsewhere, not 'option(s)'.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This commit replaces the find_config() function with the get_from()
function. get_from expects two arguments, the first is the file to
read and the second is the key to look for in the given file.
get_from returns the first matching value for the given key. The
file is expected to be in the format:
key = value
Each of 'key' 'equal sign' 'value' can be surrounded be random
whitespace.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
If the user provides an unsupported command, inform the user that this
switch is unknown, display usage and exit.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
The help message changed to match the one rankmirrors script has.
It's clearer as to what the --help switch does.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add the "GPGKEY" option to makepkg.conf for specifying signing packages
with the non-default key from the keyring. Is overridded by makepkg's
--key option.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
GNU su supports the -c option to specify a command to execute.
However, other flavours of su may have a different interpretation
of the '-c' flag (e.g. FreeBSD and OpenBSD).
The behaviour is correct when '-c' follows an explicit username.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
A non-GNU version of awk may not support the (|...) syntax for
an optional group and require '()' to match an empty string.
The (...)? syntax is more appropriate for this usage.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Trailing backslahses can lead to additional spaces at the front
of extracted entries. See FS#23524. Strip these while parsing
the PKGBUILD entries.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The use of "tr" only leads to trouble. Remove unnecessary usage
of it from within makepkg.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
to quote dan:
"turkish will FUCK YOU UP. this is not the first or the last time"
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Three new command line options were added:
--sign: forces the generation of a signature for the resulting package,
taking precedence over the value in makepkg.conf
--nosign: do not sign the resulting package
--key <key>: use a different key than the user's default for signing
the package.
A check is performed to ensure the user has (provided) a valid gpg key
for signing.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Use mode 755, so non-root users can see inside.
Add "--no-permission-warning" to GPG_PACMAN to suppress the noise that
otherwise comes of not using mode 700 - this is not private data.
GPGme turns out not to issue this warning itself, so no problem there.
TODO: should non-root users be allowed to use the read-only operations
(--list, --export, --finger)?
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This now includes -s and -v, tailors itself to the current command,
and is formatted more like that of other pacman commands.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move the create_signature() call outside the case of non-empty
databases, so it will be called regardless.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
My main motivation was to remove the "sync", which can stall for
minutes on a busy machine (FS#23378). I also cleaned up the redirection.
Signed-off-by: Jan Steffens <jan.steffens@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move checksum and pgpsig calcluation before changing into the
tmpdir, otherwise we can't find the files if a relative path
was used.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Implements FS#23103. Also modify libalpm so it ignores this value
without any warning as we know it is likely to exist.
Signed-off-by: Dan McGee <dan@archlinux.org>
Make it actually like all our other tools rather than some homegrown
format. Also make it translator friendly by not wrapping messages across
lines in different strings.
Signed-off-by: Dan McGee <dan@archlinux.org>
Make the usage output display nicely on 80 character width terminals.
Also fix parsing of "-h" and "-v" options and avoid root check when
run with no commands.
Signed-off-by: Allan McRae <allan@archlinux.org>
The --reload command was refactored to allow a more flexible management.
There are two sets of keys that will be added, one that will be
removed and one that will be kept.
The set of keys to be kept are configured in pacman.conf, with the
option HoldKeys, with the same meaning of HoldPkgs. It can be repeated
and several values can be put in the same entry.
The new behavior allows a key to be marked for removal, but the user
can decide if that key must be kept. For example, if a developer has
a public repository, signed with his own key, that key must be added
to the HoldKeys option. If the key is marked for removal from pacman's
keyring, it will not be removed for the users that have configured
HoldKeys correctly.
There are other minor fixes, mainly in the handling of --add command
when there is no aditional parameter. In that case, pacman-key will
behave just like gpg, adding the contents of stdin into pacman's keyring.
Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
The script pacman-key will manage pacman's keyring. It imports, exports,
fetches from keyservers, helps in the process of trusting and updates
the trust database.
Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This is intended to verify an existing signature on a database before
making further changes to it and performing updates. Rarely would you
use this without immediately resigning it via the -s/--sign option.
Instead, it is intended as a "chain of trust" operation where the
previous signature is verified to give you some sense that what you sign
off on is also safe.
Still todo: don't make changes unless the signature is not only good,
but also in the accepted list of keys.
Signed-off-by: Dan McGee <dan@archlinux.org>
In order to be fully secure, we can't only sign packages. We also need
to sign our repository metadata to prevent database falsification,
dependency injection, etc. Add an '-s/--sign' option that allows this
functionality, and will generate a .sig file side-by-side with the
package database.
While at it, fix the issue where a signature file would never be found
because of 'cd' madness (this needs fixing in another commit).
Signed-off-by: Dan McGee <dan@archlinux.org>
Use base64 encoding to store the value in the database if a .sig file exists
for the package being added.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a rather simple patch to add signing support to makepkg. Add a
create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf,
and document the changes in the makepkg.conf manpage.
Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
Prevents issues where optdepends descriptions contain a bracket.
Also, strip all comments from arrays before joining them.
Fixes FS#23307.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
A lot of these were places that should have used the same message but
didn't, or were very easy to convert to using the same message and
letting some of the burden off of the translators.
Signed-off-by: Dan McGee <dan@archlinux.org>
When generating integrity sums, we could get some weird output before due to
epoch being uninitialized:
/usr/bin/makepkg: line 234: [[: 2.6.37: syntax error: invalid arithmetic operator (error token is ".6.37")
Signed-off-by: Dan McGee <dan@archlinux.org>
Adding the "|| true" to the subshell prevents bash-3.2 setting off the
error_trap but requires changing the if statement.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Fixes bash-3.2 compatibility.
Thanks-to: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The current behaviour, which is placing source packages in PKGDEST if
SRCPKGDEST is not set, is inconsistent with {SRC,PKG}DEST handling and
there is no real advantage in doing so.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
At least in FreeBSD, find always returns 0 if it finds stuff
(imagine that). It doesn't care about the exit status of whatever is
passed to -exec.
This patch makes the checks compatible with this behaviour.
Using xargs and not using grep directly because packages with too many
files would cause grep to complain about argument list being too long.
This should also fix the false positive in packages with no files.
Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
dirty indicates if the repo has uncommited changes or not when building,
so dont hardcode this info.
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
repo-add should only attempt to create the delta file when using the -d
option.
Also adjust a couple of tests to use the "double bracket" syntax.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This makes things consistent with everywhere else we are incorporating the
new optional epoch field. Add a helper function that forms the version
string for you and use it in makepkg where I found 'pkgver.*-.*pkgrel'.
This exposes a few shortcomings in a previous "Override pkgver" patch
(2020e629) in the install package and check if built functions.
Signed-off-by: Dan McGee <dan@archlinux.org>
Instead, go the same route we have always taken with version-release in
libalpm and treat it all as one piece of information. Makepkg is the only
script that knows about epoch as a distinct value; from there on out we will
parse out the components as necessary.
This makes the code a lot simpler as far as epoch handling goes. The
downside here is that we are tossing some compatibility to the wind;
packages using force will have to be rebuilt with an incremented epoch to
keep their special status.
Signed-off-by: Dan McGee <dan@archlinux.org>
It is pretty annoying to get one, fix it, and then get another. We should be
able to continue on through most of the sanity checks in one go so the user
gets all the error messages at once.
Also ensure $pkgbase is defined by the time we call this function;
previously we printed nothing where a package name should have been due to
this oversight.
Signed-off-by: Dan McGee <dan@archlinux.org>
I tried to move things around here when testing and did a bit too much; the
warning message always showed regardless of delta inclusion in the call. Fix
it so we only warn if we have a filename, but the file couldn't be located.
Signed-off-by: Dan McGee <dan@archlinux.org>
Rather than explicit cd calls, we can use the directory stack to our
advantage. This also removes the need to store and restore $startdir, so
kill the variable entirely.
Signed-off-by: Dan McGee <dan@archlinux.org>
Add the "buildflags" option, which is useful in its negative form
for disabling CFLAGS, CXXFLAGS and LDFLAGS when building a package.
This is useful when determining of one of these flags is causing
an issue with a package.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
A PKGBUILD can have an option check() function for running test suites
between the build() and package() stages. This function is run by
default but can be disabled globally in with "!check" in BUILDENV in
makepkg.conf. This setting can be controlled on an individual package
basis using makepkg's --check and --nocheck flags. Addition dependencies
needed for running the test suite can be specified in the checkdepends
array and are only checked when running the check() function.
Original-work-by: Jeff C <jeff@kcaccess.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The closing parenthesis of bash arrays needs to be escaped in the ending
address of awk expressions in order to play nicely with implementations
of awk other than gawk. This change provides compatibility with gawk,
nawk and mawk.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Currently, using $pkgname in a split package package_*() function
always returns the first value in the pkgname array rather than the
name of tha package being packaged. Fix this so $pkgname gives the
expected value.
Fixes FS#22174
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We should always use $BUILDSCRIPT instead of PKGBUILD. The only
remaining uses of PKGBUILD in makekg are in comments.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The pacman-db-upgrade script was added to detect old pacman database
formats and upgrade them.
Currently performs the merging of depends files into desc files in
the local database.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Check the over-ridden entries for provides, backup, optdepends and
options for illegal entries. Partially fixes FS#16004.
Signed-off-by: Allan McRae <allan@archlinux.org>
The error message that has been removed never gets to print because, given the
same condition, handle_deps throws the same error and then immediately exits
makepkg.
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
As check_deps is run in a subshell, exit had the same meaning as return.
Since the intention is to halt makepkg when pacman throws an error other than
127, the enclosing function has to handle error control instead.
Fixes FS#19840
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The escape string isn't necesarily \033; it's determined by what the
particular termcap/info entry for that terminal contains.
Bash uses ncurses functions to expand \e to the _correct_ terminal
escape.
Signed-off-by: Carlos Diaz <839273@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allow it to be a variable in the PKGBUILD as well as propagating it through
to the built package and the package database. We leave some backward
compatibility in place by placing the '%FORCE%' option in the database if
the package contains an epoch; this will be used by older versions of pacman
and more or less ignored by versions that use epoch.
Signed-off-by: Dan McGee <dan@archlinux.org>
BASH is defined when you are actually using bash during configure, which
sucks because it ends up being '/bin/sh', messing up all of our scripts.
Change the name of the variable we use in configure, and also ensure we get
a full path to the executable by using AC_PATH_PROGS rather than
AC_CHECK_PROGS. Finally, change the variable name everywhere we use it.
Signed-off-by: Dan McGee <dan@archlinux.org>
This applies to contrib/ files, our scripts, and the documentation.
Dan: fix 'make clean' in contrib/ directory.
Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Dan McGee <dan@archlinux.org>
- Print an error if database entry was not found and delta entry cannot
be added
- More informative line when delta entry is added (oldfile -> newfile)
Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows deltas to be generated at repo-add invocation time as opposed to
just added to the database. It will generate the delta from the package
version currently in the database.
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
'mknod <file> p' is apparently GNU-only. Looking at coreutils' source
code, It just calls mkfifo.
This one line patch should fix makepkg logging in non-GNU systems.
Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Dan McGee <dan@archlinux.org>
This prevents circular symlinks and weird final package locations
when using commands like 'PKGDEST="." makepkg'.
Fixes FS#20922.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Compare paths using bash's "-ef" rather than by string tests as this
takes symlinks into account. This will prevent issues similar to those
in FS#20922 if (e.g.) $PKGDEST is a symlink to $startdir.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The checking of the package for $srcdir references was overly
sensitive and gave a lot of what appear to be false positives with
binary files (in particular with debugging symbols kept).
Restrict the search for $srcdir to non-binary files as this should
still catch the majority of configuration issues the check was
initially designed to catch. Also, add a similar check for $pkgdir.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
For binary packages, the majority of the time used in the debugs symbol
stripping process is the actual stripping of the binaries/libraries and
not the testing of which files to strip. This allows more complete
stripping of packages that install to "non-standard" paths that would
not be generally included in makepkg.conf.
Any performance hit that may be apparent for (_large_) "arch=('any')"
packages can readily be avoided by disabling stripping in the PKGBUILD
options array.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
After a8dcfeccfc, Allan noted that one more regular exprssion inside makepkg
also contained quotes; these should not be there for the same reason as that
commit.
Signed-off-by: Dan McGee <dan@archlinux.org>
A pipe between tar and compression command is used. This improves
performance by running tar and the compression command simultaneously.
Using a pipe also reduces IO by not writing an intermediate tar file
to disk.
Signed-off-by: Juergen Hoetzel <juergen@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Regular expressions in bash should not be quoted. Glad this was in the
documentation and I didn't have to go to #bash to ask...
Signed-off-by: Dan McGee <dan@archlinux.org>
If optdepends was defined with empty members, then makepkg would
abort late in the package building process. Detect such cases
in the check_sanity() function.
Fix-provided-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Instead of declaring a new local variable for each loop in the
check_sanity() function, just reuse $i.
Signed-off-by: Allan McRae <allan@archlinux.org>
It is unnecessary to check for a variables existence before
looping over it.
Extracted from patch supplied by Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
"Invalid backup entry" was not a particular helpful error message,
especially when it was due to the file not being in the final package.
Clarify these two messages.
Signed-off-by: Allan McRae <allan@archlinux.org>
Combine changelog and install file creation in create_package().
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Eases maintanence if we need to add further options in the future.
Extracted from a patch supplied by Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
As noted in FS#20498, if an absolute path is used for specifying the
database when invoking repo-add, the symlink generated will point to the
absolute path instead of being relative to the directory. Fix this for
the two linking cases, but leave the copy untouched so that will still
work.
Signed-off-by: Dan McGee <dan@archlinux.org>
Prevent makepkg aborting whe colors are enabled and the terminal
does not support setting colors by tput.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
When performing local testing, it may be useful to add PKGEXT='.pkg.tar'
to the PKGBUILD to save time, especially with big packages.
Signed-off-by: Dan McGee <dan@archlinux.org>
Fixes repackaging issues when multiple package names are passed to the
--pkg option.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
With commit 5dffef78, the repo database always has a symlink
of the form reponame.db. Use that filename and let libarchive
determine the compression type.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Variables that are only meaningful within the function they are declared in are
now prefixed by "local".
Signed-off-by: Andres P <aepd87@gmail.com>
[Allan: fix whitespace]
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This fixes two issues:
1) using "sudo -l" results in excess password asking under certian
configurations. Revert to the pre 3.4 behaviour of always using
sudo if it is installed.
2) Properly escape the command so that that versioned dependencies,
such as "foo>4", do not get treated as output redirection when using
su. This also unifies the generation of the pacman line and its
privilege escalation.
Based on patches supplied by Andres P <aepd87@gmail.com> with minor
adjustments for suitability for the maint branch.
Original-work-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
When makepkg catches a command failure it currently prints "Aborting..."
and exits. Clarify the reason for aborting from packaging is a failure
during one of the PKGBUILDs functions.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Attempt to find "du" from coreutils in the standard paths and if
not revert to the version in the users PATH. Using the full path
prevents issues such as FS#19932, where a different and incompatible
version of du is put earlier in the users path.
Signed-off-by: Allan McRae <allan@archlinux.org>
The 'grep -R' in the $srcdir check would not only grep regular files,
but also devices, symlinks (that might potentially point outside of
$pkgdir), pipes and so on. Use find to ensure only regular files are
examined.
This should fix https://bugs.archlinux.org/task/19975
Signed-off-by: Allan McRae <allan@archlinux.org>
We were seeing some issues when trying to create our new database alias
using symlinks on certain filesystems (see FS#19907). Have a fallback method
in place where we first try a symlink, then a hard link, then just copy the
database if all else fails.
Signed-off-by: Dan McGee <dan@archlinux.org>
Commit 13748ca052 inversed the nature of one test wherein the if clause would
throw a fatal error if a legitimate package function was defined in PKGBUILD.
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Running "pacman -T foo" is expected to return a non-zero value when
"foo" is not installed. This sets of the error trap in bash-3.2 but
not bash 4.x. Work around this by disabling the error trap around
this pacman call as we are manually checking the return value anyway.
Signed-off-by: Allan McRae <allan@archlinux.org>
If this is to be scripted with AIF or another tool, it needs to respect stderr.
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Valid pacman configuration files do not have to start with a hash for that line
to be a comment, neither do directives need to be in column 0.
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
$replacedurl was being built from an expansion of itself. But at the time it
happened, it was empty.
Fixes FS#19911
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Commit 3d67d9b1 introduced multiple bash4 string manipulations.
Revert those in order retain compatibility with bash-3.2 which
is still widely used.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
pacman -Qq output is sorted according to the users LC_COLLATE
setting as is needed for comm.
Signed-off-by: Andres P <aepd87@gmail.com>
[Allan: adjust commit message]
Signed-off-by: Allan McRae <allan@archlinux.org>
Ease maintainace; the two parts that have been combined into a function were
identical.
Signed-off-by: Andres P <aepd87@gmail.com>
[Allan: rename function]
Signed-off-by: Allan McRae <allan@archlinux.org>
Regression caused by c71fe7db. Was checking for "optdepend" and "conflict"
rather than "optdepends" and "conflicts" when populating .PKGINFO.
Signed-off-by: Andres P <aepd87@gmail.com>
[Allan: adjust commit message]
Signed-off-by: Allan McRae <allan@archlinux.org>
If the library stripping variables are not defined in makepkg.conf,
libraries will be fully stripped and become broken. Fallback to a
sane default stripping level.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
If "file -bizL" does not return a supported type, check if the file is
recognized by bsdtar and if yes extract from it.
Dan: use '-q' option to prevent needing to seek the entire archive.
Signed-off-by: Nezmer <git@nezmer.info>
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Instead of specifying the output file on every echo, leave it to the
caller of write_pkginfo to specify the target.
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Change all instances of the (test) [ builtin to the [[ keyword.
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Rely on type -p's return value instead of a string check.
And gettext was previously being checked with type -t, which was
inconsistent with the rest of the tests pertaining commands that aren't
expected to be functions nor builtins.
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
If the library stripping variables are not defined in makepkg.conf,
libraries will be fully stripped and become broken. Fallback to a
sane default stripping level.
Signed-off-by: Allan McRae <allan@archlinux.org>
Source packages were getting created with only links to local source
files. Caused by commit 5cddcc90.
Also, fix dangling symlinks to install and changelog files. Caused
by commit fe1e3471.
Thanks to Christopher Rogers <slaxemulator@gmail.com> for pointing
out areas that were failing.
Signed-off-by: Allan McRae <allan@archlinux.org>
Move the absolute filename detection to a new function to reduce code
duplication.
This patch also fixes the --allsource option that did not include remote
source files if they reside in $startdir instead of $SRCDEST.
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Signed-off-by: Allan McRae <allan@archlinux.org>
The complete file path of a temporary symlink is really useless
information.
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a small step towards allowing pacman to handle databases
with variable compression types.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Merges code in two almost identical chunks in create_srcpackage and
check_sanity.
Also discards the space kept by regex in ae73d75660 and earlier, since
the for loop discards it later on.
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The .INSTALL and .CHANGELOG files in a package retained the permissions
that they had in $startdir. Do a chmod after copying to ensure
that the permissions are sane.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
f569c4a042 wrongly relied on file's output.
The fix is to not decompress files in the first place.
Signed-off-by: Andres P <aepd87@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>