We're putting the cart ahead of the horse a bit here. Given that our
keyring is not one where everything is implicitly trusted (ala gpgv),
keeping or deleting a key has no bearing on its trusted status, only
whether we can actually verify things signed by said key.
If we need to address this down the road, we can find a solution that
works for the problem at hand rather than trying to solve it now before
signing is even widespread.
Signed-off-by: Dan McGee <dan@archlinux.org>
Unlike our protégé apt-key, removing a key from our keyring is not
sufficient to prevent it from being trusted or used for verification. We
are better off flagging it as disabled and leaving it in the keyring so
it cannot be reimported or fetched at a later date from a keyserver and
continue to be used.
Implement the logic to disable the key instead of delete it, figuring
out --command-fd in the process.
Note that the surefire way to disable a key involves including said key
in the keyring package, such that it is both in foobar.gpg and
foobar-revoked.
Signed-off-by: Dan McGee <dan@archlinux.org>
This finishes the cleanup started in 710e83999b. We can do a straight
import from another keyring rather than all the funky parsing and piping
business we were doing.
Signed-off-by: Dan McGee <dan@archlinux.org>
Otherwise we're hiding extremely relevant bits like this one:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Signed-off-by: Dan McGee <dan@archlinux.org>
* Ensure usage message is indented correctly
* Show short filenames for both the gpg keyring and revocation file
Signed-off-by: Dan McGee <dan@archlinux.org>
This fixes build errors when performing a manual install straight to a
filesystem where the files already exist.
Reported-by: Sergej Pupykin <ml@sergej.pp.ru>
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
4ed12ae tightened up the logic to use only find, but ignored the fact
that since the manpage hard link names were no longer captured. They
were created as separate compressed manpages, rather than as hardlinks.
This also introduces a minor efficiency of deleting all hardlinks at
once and using proper iteration over an array rather than a string.
Note to anyone else touching this code: e2fsprogs and libpcap are useful
for testing this. If that changes in the future, you can use the below
bash to locate others:
IFS=$'\n' read -rd '' -a a < <(find /usr/share/man -type f \! -links 1)
pacman -Qqo "${a[@]}" | sort -u
I broke it!
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
When a sourceball passes this check without any warnings, a newline is
omitted. Similar to the if clause of this else block, print a single new
line at the end of the clause instead of accounting for each output.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This prevents makepkg from aborting with 'file not found' when
changelog= or install= are declared in a PKGBUILD, but empty.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This is a fix for a bash3 specific bug, where a file sourced by
/etc/profile would exit non-zero and make its way back up to makepkg,
forcing it to exit after package installation. Along with unsetting the
ERR handler, temporarily unset errexit to avoid this.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
- display associated warnings on same line as pass/fail msg, to be more
consistent with checksum verification output
- properly error on a revoked key (matching pacman's behavior)
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
We seem to enjoy using bash regex capabilities, but never referencing
the result with BASH_REMATCH. Replace almost all regexes with equivalent
globs which are faster and functionally equivalent in these cases.
This enables the extglob shopt.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Don't just set the flag variables to zero length strings, actually unset
them from the environment. This fixes issues with broken gnu Makefies
that use ?= for assigment, where the presence of a var is enough to make
this condition avoid assignment.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
- Properly read each sorted line into a new array, instead of breaking
on every word.
- LC_COLLATE should apply to the sort portion of the pipeline, not the
printing.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
This also renames '--receive' to '-recv-keys' to match the wrapped gpg
option name, rather than invent a new one, now that the calling
convention is the same.
Signed-off-by: Dan McGee <dan@archlinux.org>
We were using the mystical [<foobar>] options which is some sort of
cross between a <required> argument and an [optional] one. Remove this
madness and do some other general cleanup/consistency work in the
manpage.
Signed-off-by: Dan McGee <dan@archlinux.org>
The regex wasn't rooted at the end of the filename, nor was it matching
a period/dot before the file extension. The end result was this matched a
file named '07_all_sig.patch' which is totally broken.
Signed-off-by: Dan McGee <dan@archlinux.org>
Read the entire variable, respecting escapes, which are necessary to
retain for the successive eval.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Further improvments on 2ca27ab which will allow the changelog and
install script files to contain whitespace.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Broken in 2ca27a by me, trying to fix another problem.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows local signing of a given key to help establish the web of
trust rooted at the generated (or imported) master key.
Signed-off-by: Dan McGee <dan@archlinux.org>
This enables pacman-key, during --init, to generate a single secret key
for the pacman keyring if one is not present. This will be used as the
root of the web of trust for those that do not wish to manage it with
their own key, as will be the default.
This does not preclude later adding other secret keys to the keyring, or
removing this one- we simply ensure you have at least one secret key
available.
Signed-off-by: Dan McGee <dan@archlinux.org>
Any option that flips UPDATEDB=1 doesn't work right now due to what we
thought was a good idea in commit cab1379a1a. Fix this by not
including the update operation in the option count and special casing
it where necessary.
Also, bring back the helpful "Updating trust database" message.
Signed-off-by: Dan McGee <dan@archlinux.org>
This adds a add_gpg_conf_option() helper function which tries to be
intelligent and only add not found options, and those which have not
been explicitly commented out.
The new options added are 'no-greeting', 'no-permission-warning', and a
default 'keyserver'.
Signed-off-by: Dan McGee <dan@archlinux.org>
* secring.gpg can be 600, readable by root user only
* ensure grep for lock-never option in check_keyring doesn't catch comments
Signed-off-by: Dan McGee <dan@archlinux.org>
The HoldKey option was undocumented and was not suited for pacman.conf.
Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list
of keys not to be removed from the pacman keyring with the --populate
option.
Signed-off-by: Allan McRae <allan@archlinux.org>
After most operations that touch the keyring, it is a good idea to
always run a check on the trustdb as this prevents gpg complaining
on later operations.
Inspiration-from: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
The optimization of only importing keys that were not to be later
revoked was a not smart enough. For example, if a key was
in both a repos keyring and its revoke list, alternate runs of
pacman-key --populate would add then remove the key from the pacman
keyring. This problem is made worse when considering the possibility
of multiple keyrings being imported.
Instead, import all keys followed by the revoking of all keys. This
may result in a key being added then revoked, but that is not much of
an issue given that is a very fast operation.
Signed-off-by: Allan McRae <allan@archlinux.org>
The current --reload option, apart from being non-clear in its naming,
is very limited in that only one keyring can be provided. A distribution
may want to provide multiple keyrings for various subsets of its
organisation or custom repo providers may also want to provide a keyring.
This patch adds a --populate option that reads keyrings from (by default)
/usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional
foo-revoked file providing a list of revoked key ids. These files are
required to be signed (detached) by a key trusted by pacman-key, in
practice probably by the key that signed the package providing these
files. The --populate flag either updates the pacman keyring using all
keyrings in the directory or individual keyrings can be specified.
Signed-off-by: Allan McRae <allan@archlinux.org>
This is a safety measure to prevent simple code injection.
$ i="foo bar"
$ eval i="$i"
bash: bar: command not found
$ eval i=\"$i\"
$ echo "|$i|"
|foo bar|
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
If any of pkgver, pkgrel or epoch contained a variable substitution,
then it needed to be evaluated before checking its value conformed
to the rules.
[Dan: add quotes around RHS]
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
makepkg --source is a often used go make source package like for AUR.
Have a -S shortcut will save the world.
Signed-off-by: Sebastien Luttringer <seblu@seblu.net>
Signed-off-by: Dan McGee <dan@archlinux.org>
When creating a repo outside the current directory, the signature
symlink was not created.
Reported-by: Gaetan Bisson <bisson@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The use of warning once we had already started adding a package was
confusing as it broke the standard indent pattern. It was especially bad
if adding multiple packages as it wasn't clear what sub-messages applied
to which package being added. This should be an output change only from:
==> Adding package '/tmp/sync/netcfg-2.6.7-1-any.pkg.tar.xz'
-> Computing checksums...
-> Adding package signature...
==> WARNING: An entry for 'netcfg-2.6.7-1' already existed
-> Removing existing entry 'netcfg-2.6.7-1'...
-> Creating 'desc' db entry...
-> Creating 'depends' db entry...
to:
==> Adding package '/tmp/sync/netcfg-2.6.7-1-any.pkg.tar.xz'
==> WARNING: An entry for 'netcfg-2.6.7-1' already existed
-> Computing checksums...
-> Adding package signature...
-> Removing existing entry 'netcfg-2.6.7-1'...
-> Creating 'desc' db entry...
-> Creating 'depends' db entry...
Signed-off-by: Dan McGee <dan@archlinux.org>
These are equivalent. Use the autoconf macro for consistency.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This applies to the repo-remove man page as well as the script itself.
Yes Dan, I ran distcheck afterwards.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
When adding a package to a repo, it is useful to be able to see
that repo-add has indeed found the signature file.
[Dan: update text to be more in line with other messages]
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This also pulls in some early translations we had entered in Transifex
in the last day so those would not be lost. The diffstat is huge and not
very telling as usual, as all sorts of fuzzyness switches happened this
time around for some reason.
Signed-off-by: Dan McGee <dan@archlinux.org>
This moves us toward staring translations for the 4.0.0 release,
although this should not be interpreted as a string freeze by any means.
Signed-off-by: Dan McGee <dan@archlinux.org>
In this case, we skip the epoch versioning entirely, as if it were
declared as 0.
Prevents errors such as:
/usr/bin/makepkg: line 244: ((: ! : syntax error: operand expected
(error token is " ")
==> Finished making: cower-git :20110808-1 (Mon Aug 8 17:17:27 EDT
2011)
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The current --list option outputed the keys and all their signatures
which can be overly verbose. It also did not take a list of keys on
the command line to limit its output (although the code suggests that
was intended).
That patch brings consistency with gpg, providing --list-keys and
--list-sigs options that function equivalently to those provided by
gpg.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Currently, pacman-key allows the user to import their keys using the --add
option. However, no similar functionality exists for importing ownertrust
values.
The --import-trustdb option takes a list of directories and imports ownertrust
values if the directories have a trustdb.gpg database.
The --import option takes a list of directories and imports keys from
pubring.gpg and ownertrust values from trustdb.gpg. Think of it as a combination
of --add and --import-trustdb
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allows the commands to safely handle any possible arguments
Signed-off-by: DJ Mills <danielmills1@gmail.com>
Allan: rebase patch
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move the source integrity checking into its own function as the code
was duplicated and is now more complicated with the separation of the
two checks types.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allows the skipping of all integrity checks (checksum and PGP) or
either the checksum or PGP checks individually.
Original-patch-by: Wieland Hoffman <theminew@googlemail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Many projects provide signature files along with the source code
archives. It's good to check these, too, when verifying the integrity
of source code archives.
Not everybody is using gpg so the verification can be disabled with
--skippgpcheck.
Additionally, only a warning is displayed when the key that signed the
source file is unknown.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
When epoch, pkgver and/or pkgrel were overridden in a split package
function, makepkg failed hard finding the real version for checking
if packages were already built or trying to install packages. Fix
the get_full_version function to deal with overrides and return the
actual package version.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We can override pkgver and pkgrel so it is only logical to add epoch
to that list
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Check any overrides of the "arch" variable contain the required
architecture.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Enforce syntax checking for pkgrel and pkgver overrides in package
functions.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
There is always someone who tries to break things (cough *Dave* cough...)
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This is a cleaner expression of the same information.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Makes sure that the pacman keyring is readable and that the user
has permissions to create a lock file if lock-never is not specified
in the gpg.conf file.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add an --init option that ensures that the pacman keyring has all
the necessary files and they have the correct permissions for being
read as a user.
Signed-off-by: Allan McRae <allan@archlinux.org>
This function had a variety of pitfalls, including the inability to
successfully find a key=value pair where no whitespace surrounded the
equals sign. Make it more robust by splitting the line on the equals
itself, and performing whitespace trimming on the resulting key/value
pair.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Follow the example of gpg and only allow a single operation to be
specified each time. Prevents having to deal with conflicting
variable names and potential issues due to the order in which the
operations are run.
Signed-off-by: Allan McRae <allan@archlinux.org>
This moves the processing of the --edit-key and --receive options
to functions, keeping the final option processing to be all single
line statements.
Also rework the --edit-key option to validate all input before
processing.
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit correctly redirects to /dev/null the output of several
commands that get executed on logic checks.
Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This keeps the naming of the option more consistent with what is
actually being called by gpg.
Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit adds quotes to several variable assignments. Unquoted values
can cause problems on several occasions if the value is empty. It is
safer to have every assignment quoted.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
The conversion to using parse_options causes this option to break.
It is preferable to remove the option rather than fix it as it is
simply a wrapper for "gpg --homedir @sysconfdir@/pacman.d/gnupg".
Any user using more advanced keyring management than provided by
pacman-key can manage to point gpg at the right place themselves...
How to manually edit the keyring with gpg will instead be documented
in the man page in a later commit.
Signed-off-by: Allan McRae <allan@archlinux.org>
The pacman-key script is complicated enough to warrent usage of the
parse_options script. This is especially helpful in dealing with
all the configuration file override flags as the no longer need to
be specified first. It also allows us to do the right thing early
with --help/--version and no option cases cleanly. This change also
makde the check for root privileges only occur on operations where
they are needed.
This patch is inspired by and supercedes some patches submitted by
Denis A. Altoé Falqueto and Ivan Kanakarakis who were altering the
previous option handling in an attempt to deal with the above issues.
Signed-off-by: Allan McRae <allan@archlinux.org>
Specifying a filename with spaces in a PKGBUILDs noextract array fails
due to a lack of quoting.
Fixes FS#25100.
Reported-by: Thomas Weißschuh <thomas_weissschuh@lavabit.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The full path to the signature file when it is created is in a temporary
directory so only print the filename.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This prevents a dangling symlink being left behind if the repo goes
from being signed to unsigned.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
There is no need for a writable PKGDEST when using the --nobuild or
--geninteg flags.
Allan: added --geninteg
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Put a .gitignore entry at the right level and sort that file
alphabetically.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We nuke it from the completion file as well along with its longopt.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The '[[ -z' test in in_array() is redundant, so remove it.
Signed-off-by: DJ Mills <danielmills1@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Instead of hacking around the error trap, simply do an explicit
test for failure.
Signed-off-by: DJ Mills <danielmills1@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This adds the '.tar.Z' option to both repo-add and makepkg for no other
reason than "why not", and because bsdtar supports it natively with the
'-Z' flag. Also update the documentation accordingly.
Signed-off-by: Dan McGee <dan@archlinux.org>
If you are keeping a copy of the old database, you probably want
to keep a copy of its signature too. Also, delete the previously
backed-up database signature if no new one is being copied.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The lone quotation mark in "pacman's" causes issues for some syntax
highlighting. Change the printing of the nessage from echo to printf
so we can invisibly escape it.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Allow command-line options to accept multiple arguments without
additional quoting by taking the list of arguments until one
starting with a "-" is reached.
The only current use of this is the --pkg option in makepkg. This
allows (e.g.)
makepkg --pkg foo bar
and packages "foo" and "bar" will be built.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This allows options specified with a trailing "::" to optionally
take arguments.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
vim recognises what type of shell script it's dealing with by looking at
the shebang. If detection fails it falls back to sh which doesn't
support some bash features. Adding a normal, possibly broken, shebang
which gets fixed by the Makefile allows vim to detect bash syntax.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
Revert to the old behavior that 6f5a90 attempted to simplify and go with
the original proposed solution of using "ugly" bash to detect empty
directories.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We fubar-ed this pretty good.
1. The whole old/new move shuffle was totally busted if you used a
relative path to your database, as we would just build the database in
place.
2. Our prior temp directory layout had the database files extracted
directly into it. When we tried to create a xxx.db.tar.gz file in this
same directory, due to the fact that we were no longer using a shell
wildcard, we tried to include the db in ourself, which is a big failure.
Fix all this by extracting to tree/ so we can have a clean top-level
temp directory.
3. Fix the inclusion of the './' directory entry; ensure the regex
prunes both leading paths of '.' as well as './'.
Where is that test suite again?
Signed-off-by: Dan McGee <dan@archlinux.org>
Otherwise there is no way to easily test or run with a standalone config
file without outside interference.
Signed-off-by: Dan McGee <dan@archlinux.org>
The path was not being stripped from $file before prefixing with
$srcdir resulting in the attempted removal of a very weird
filename.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We already use msg() and error() in here, might as well just use the
standard functions. In addition, fix one translated message that would
have printed ERROR twice if anyone ever saw it.
Signed-off-by: Dan McGee <dan@archlinux.org>
Allow one of 4 archive extensions: .tar{,.gz,.xz,.bz2} for each of the 2
valid repo extensions: .db and .files. Check for this via
'verify_repo_extension' directly after option parsing to assert that
this extension is present, and again after files have been added to get
the proper archive option for bsdtar.
Signed-off-by: Dave Reisner <d@falconindy.com>
Dump the whole conditional and filter the contents of the directory to
create an empty or non-empty archive.
Signed-off-by: Dave Reisner <d@falconindy.com>
Fixes FS#24893.
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This ranks high on the code readability scale. The same function formats
all of our data and writes to the metadata file at once.
Signed-off-by: Dave Reisner <d@falconindy.com>
Fields like groups and depends should be stored as arrays. This requires
rewriting our write_list_entry function to accomodate our new data type.
This new function will not write to a file, but rather only format it.
Signed-off-by: Dave Reisner <d@falconindy.com>
grep and sed aren't needed here, and this removes the truly ugly
manipulation of IFS. The process substituion could just as well be a
herestring, but it breaks vim's syntax highlighting. Style over
substance, mang.
Signed-off-by: Dave Reisner <d@falconindy.com>
* 'master' of git://projects.archlinux.org/pacman:
pactree: carry a list of databases for dep resolution
makepkg: Remove a lone quotation mark
makepkg: remove the cleancache option
Don't require a transaction for sync DB updates
Move locking functions to handle
Add a 'valid' flag to the database object
Move database 'version' check to registration time
Do database signature checking at load time
This is a fairly useless feature given all it does is an "rm" on a
directory. It is also unlikely that you would want to remove the
entire SRCDEST anyway, but rather just the old files.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
There was a lot of inconsistency in how strings that should not be
translated (program names, option flags, PKGBUILD directives, etc) were
handled. This patch moves them all outside the gettext invocation for
consistency and to prevent accidental translation.
Note that some of these may need reverted if they cause difficulties in
translation due to gettext usage in bash not taking positional parameters
for arguments. A quick survey of current translations indicates that this
issue will be rare. Also, we should be able to catch these before a full
string freeze given we are going to probably need a "developer preview"
release before the next release series.
Signed-off-by: Allan McRae <allan@archlinux.org>
b899099 made path checking a bit more strict than I had intended, and
would actually forbid creation of a repo in $PWD if only the filename
was specified. readlink would be the fun and easy solution here, but
it's avoided due to portability issues, making the validation process a
bit more verbose.
Signed-off-by: Dan McGee <dan@archlinux.org>
This has gettext strings, but wasn't added to the list of files in
POTFILES.in just yet. Add it and update the catalogs.
Signed-off-by: Dan McGee <dan@archlinux.org>
Now that we have performed the split, prune the catalogs of all
pacman-only messages.
All old messages were pruned from the files using the following command:
sed -i -e '/^#\~/,' *.po
Note: the diff on this commit looks much less insane if the --patience
option is used.
Signed-off-by: Dan McGee <dan@archlinux.org>
This is the first step at separating the pacman message catalog and the
scripts message catalog. Makefiles, configure.ac, and other such files
are adjusted accordingly, as well as renaming files. The TEXTDOMAIN of
scripts is also adjusted.
Note that no actual pot or po files get changed here; these will get
pruned in a future commit so each catalog contains only the necessary
messages.
Signed-off-by: Dan McGee <dan@archlinux.org>
Way back in c94bfbaba when refactoring makepkg options handling, I added
these lines to unset MAKEFLAGS if '!distcc' was set in a PKGBUILD (not
taking into account makepkg.conf settings). This was an attempt to say
"if it is broken in distcc, it is probably broken even more". However,
this is silly as one should be using '!makeflags' as well. Remove the
linkage.
Signed-off-by: Dan McGee <dan@archlinux.org>
Unify function braces to be top right opening, bottom left closing.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add a function that checks for the software needed by makepkg to
process a PKGBUILD with the requested options. This allows makepkg
to bail early in the packaging process.
Many other checks can be added to this function...
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Contractions are less clear for non-native speakers so should be
avoided (and cause syntax highlighting issues). Also, the 'provides'
and 'depends' strings are not to be translated.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add a BUILDDIR variable (which can be overridden in the environment)
to specify an alternative location for building the package. This is
useful for people who want to build on a different filesystem for
improved performance (e.g. tmpfs).
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This patch enables the automatic compression of executable binaries
using UPX when the 'upx' options is specified in makepkg.conf or the
PKGBUILD. Additional arguments can be passed to UPX by specifying
the UPXFLAGS variable.
Original-patch-by: Bryce Gibson <bryce@gibson-consulting.com.au>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Previously, the error message when trying to add to a repo where a
parent directory didn't exist was:
==> ERROR: Failed to acquire lockfile: /path/to/noexist/repo.tar.gz.lck
This sucks. Make an explicit check to ensure that the path to the repo
really does exist, and throw a meaningful error message when it can't be
found.
Dan: reuse an existing (translated) error message.
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
A plain '.tar' ending should be allowed. This corresponds to how we
handle this extension in makepkg. Also fix up the other extension
checks, which were missing a leading '.' character.
Signed-off-by: Dan McGee <dan@archlinux.org>
Create source package files inside the fakeroot environment to
ensure reasonable ownership of files within the archive.
Fixes FS#24330.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
We no longer have any python scripts in our scripts/ directory so
we can simplify the makefile a bit.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Provide consistent error messages for unknown long and short options.
Also get full string translation for the messages.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add a README file to briefly document the code snippets in the scripts
library folder.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Move the common output formatting functions into a separate
library file and import that into each script. makepkg is
excluded due to its additional color formatting.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This move the getopt replacement function parse_options out of
makepkg.sh.in and into a separate file. The code is inserted
into the relevant place in makepkg using m4.
This will allow the reuse of the option parsing code in other
scripts (i.e. pacman-key) while avoiding code duplication.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Clarfiy that it is unwanted files are being removed rather than "other"
files (whatever they are...).
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Our scripts all currently say:
Generated from foo.in; do not edit by hand.
Fix this to say foo.sh.in, which is the actual original file name.
Signed-off-by: Allan McRae <allan@archlinux.org>
When creating a source package using an non-local buildscript via
the -p option, the inclusion of changelog and install files would
fail. Fixes FS#24567.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Fixes FS#24534. Dotfiles, such as /etc/skel/.bash_profile, were not
being included in generated files entries. bsdtar --exclude option
supports anchors on the pattern, so using "^.*" instead of ".*" solves
our problem and still excludes all root-level dotfiles (e.g. .PKGINFO).
Signed-off-by: Dan McGee <dan@archlinux.org>
The user adds libaries to the depends array without a version. These
must end with .so.
Example: depends=(glibc libc.so)
find_libdepends() looks for ELF files (not symlinks because these could
point outside of pkgdir) in $pkgdir, extracts the library sonames the
binary links to and outputs depends seperated by spaces.
This list contains all libraries needed by the package.
Example: libfoo.so=3-64
write_pkginfo() only keeps .so depends with version information and warns
the user about unneded ones.
Support-by: Thomas Bächler <thomas@archlinux.org>
Support-by: Christoph Schied <Christoph.Schied@uni-ulm.de>
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
The user adds libaries to the provides array without a version. These
must end with .so.
Example: provides=(readline libreadline.so)
find_libprovides() looks for .so files (not symlinks because these could
point outside of pkgdir) in $pkgdir, extracts the library soname (ld
links the binary to this name) and outputs provides seperated by spaces.
This list contains all libraries provided by the package.
Example: libfoo.so=3-64
write_pkginfo() only keeps .so provides with version information and warns
the user about unneded ones.
Support-by: Thomas Bächler <thomas@archlinux.org>
Support-by: Christoph Schied <Christoph.Schied@uni-ulm.de>
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
Check for the presence of gpg as soon as we know we need it.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add -k/--key option to specify a non-default key for signing
a package database.
Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Listing every option on the usage line becomes unweildly as more
options get added so simplify it. Also, provide a standard package
name in the repo-add example.
Dan: just use 'options' as we use elsewhere, not 'option(s)'.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
This commit replaces the find_config() function with the get_from()
function. get_from expects two arguments, the first is the file to
read and the second is the key to look for in the given file.
get_from returns the first matching value for the given key. The
file is expected to be in the format:
key = value
Each of 'key' 'equal sign' 'value' can be surrounded be random
whitespace.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
If the user provides an unsupported command, inform the user that this
switch is unknown, display usage and exit.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
The help message changed to match the one rankmirrors script has.
It's clearer as to what the --help switch does.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
Add the "GPGKEY" option to makepkg.conf for specifying signing packages
with the non-default key from the keyring. Is overridded by makepkg's
--key option.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
GNU su supports the -c option to specify a command to execute.
However, other flavours of su may have a different interpretation
of the '-c' flag (e.g. FreeBSD and OpenBSD).
The behaviour is correct when '-c' follows an explicit username.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
A non-GNU version of awk may not support the (|...) syntax for
an optional group and require '()' to match an empty string.
The (...)? syntax is more appropriate for this usage.
Signed-off-by: Rémy Oudompheng <remy@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Trailing backslahses can lead to additional spaces at the front
of extracted entries. See FS#23524. Strip these while parsing
the PKGBUILD entries.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
The use of "tr" only leads to trouble. Remove unnecessary usage
of it from within makepkg.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
to quote dan:
"turkish will FUCK YOU UP. this is not the first or the last time"
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Three new command line options were added:
--sign: forces the generation of a signature for the resulting package,
taking precedence over the value in makepkg.conf
--nosign: do not sign the resulting package
--key <key>: use a different key than the user's default for signing
the package.
A check is performed to ensure the user has (provided) a valid gpg key
for signing.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
Use mode 755, so non-root users can see inside.
Add "--no-permission-warning" to GPG_PACMAN to suppress the noise that
otherwise comes of not using mode 700 - this is not private data.
GPGme turns out not to issue this warning itself, so no problem there.
TODO: should non-root users be allowed to use the read-only operations
(--list, --export, --finger)?
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This now includes -s and -v, tailors itself to the current command,
and is formatted more like that of other pacman commands.
Signed-off-by: Ray Kohler <ataraxia937@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
