I suspect this is just wrong -- you never need to quote the replacement
side of a PE. In bash 4.3, this is essentially a no-op, but because of
a bug in bash 4.2, we get embedded quotes as a result of this
replacement. The relevant changelog item in bash is:
Fixed a bug that caused single quotes that resulted from $'...' quoting
in the replacement portion of a double-quoted ${word/pat/rep} expansion
to be treated as quote characters.
But this doesn't apply to us. Let's just drop the excessive quoting...
Signed-off-by: Allan McRae <allan@archlinux.org>
When a shared library uses an absolute symlink for its its .so file, the check
if the shared version of a static library exists fails. Test for the presence
of a broken symlink too.
Signed-off-by: Allan McRae <allan@archlinux.org>
This bombs out when "$trusted" expands to the empty string. We're
better off passing the var by name and letting bash default to "0" when
the var is empty
Fixes: https://bugs.archlinux.org/task/43269
Signed-off-by: Allan McRae <allan@archlinux.org>
I don't see an easy fix to avoid printing this more than once, so let's
at least differentiate the messaging so that it's more clear what's
going on.
Signed-off-by: Allan McRae <allan@archlinux.org>
We fixed this up to check architecture specific sources in ec679e09b2,
but fudged the array name in the in_array call.
Signed-off-by: Allan McRae <allan@archlinux.org>
Previously, we used a single boolean value to determine correlation of
sources to checksums. Since the introduction of arch-specific sources,
this is no longer sufficient, as we must ensure that we have checksums
for (potentially) multiple source arrays.
This change inlines the logic of have_sources to build an associative
array of source array names, unsetting them as we discover their
checksums. The error condition then becomes a non-empty correlation
array.
Fixes: https://bugs.archlinux.org/task/43192
Signed-off-by: Allan McRae <allan@archlinux.org>
This prevents the database from becoming inaccessible for non-root
users when the script was executed with a umask of 027.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Allan McRae <allan@archlinux.org>
We validated all sources when making a source package, whether or not they
are included in the tarball.
Signed-off-by: Allan McRae <allan@archlinux.org>
People have mentioned that the silent upgrade to DB version 9 when no
adjustments are needed for directory symlinks is confusion. Always print
the upgrading message.
Signed-off-by: Allan McRae <allan@archlinux.org>
I'm pretty sure this is some kind of left over stuff that was supposed
to print the filename, linenumber and line content. This is already
done so just remove it.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
Before this, we'd see bizzare behavior of:
-> Adding changelog file (systemd.install)...
And, changelog files in the global section would not be added at all.
The code is clearly wrong here, as it references 'install' within a
loop of 'changelog' and 'install'. Let's use parameter indirection to
ensure that the proper file is identified and added.
Signed-off-by: Allan McRae <allan@archlinux.org>
File in noextract should still be symlinked into $srcdir so that they
can be accessed without using $SRCDEST. Using noextract on VCS files
makes no sense as these are not being extracted, so now this does
nothing.
Signed-off-by: Allan McRae <allan@archlinux.org>
This matches the behaviour with non-VCS sources. It also allows incremental
builds when subversion is used to obtain sources.
Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
bzr does not recognize bare ssh:// urls.
Fixes FS#41811
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The local changes are discarded when updating. This matches the behaviour
when non-VCS sources are used. It also allows incremental builds.
This also changes the checkout during bzr source "extraction" to a heavyweight
checkout so that pulling a specific revision does not alter the original
download.
Original-work-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The local changes are discarded when updating. This matches the behaviour
when non-VCS sources are used. It also allows incremental builds.
Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Previously the sources were dowloaded in HEAD revision in the download_svn().
If a specific revision was requested in fragment, the code was updated to that
revision in extract_svn(). However, because SVN is a centralized system,
this means that the changed sources has to be downloaded again.
By moving the fragment handling to download_svn(), we get the correct revision
without having to download it later in extract_svn().
Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The local changes are discarded when updating. This matches the behaviour
when non-VCS sources are used. It also allows incremental builds.
Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Similar to .PKGINFO, .SRCINFO provides structured metadata from the
PKGBUILD to be included with source packages.
The format is structured such that it contains a "pkgbase" and one to
many "pkgname" sections. Each "pkgname" section represents an "output
package", and inherits all of the attributes of the "pkgbase" section,
and then can define their own additive fields.
For example, a simple PKGBUILD:
pkgbase=ponies
pkgname=('applejack' 'pinkiepie')
pkgver=1.2.3
pkgrel=1
arch=('x86_64' 'i686')
depends=('friendship' 'magic')
build() { ...; }
package_applejack() {
provides=('courage')
...;
}
package_pinkiepie() {
provides=('laughter')
...;
}
Would yield the following .SRCINFO file:
pkgbase = ponies
pkgdesc = friendship is magic
pkgver = 1.2.3
pkgrel = 1
arch = x86_64
arch = i686
depends = friendship
depends = magic
pkgname = applejack
provides = courage
pkgname = pinkiepie
provides = laughter
The code to generate this new file is taken a project which I've been
incubating[0] under the guise of 'mkaurball', which creates .AURINFO
files for the AUR. AURINFO is the exactly same file as .SRCINFO, but
named as such to make it clear that this is specific to the AUR.
Because we're parsing shell in the packaging functions rather than
executing it, there *are* some limitations, but these only really crop
up in more "exotic" PKGBUILDs. Smoketesting[1] for accuracy in the Arch
repos yields 100% accuracy for [core] and [extra]. [community] clocks in
at ~98% accuracy (.3% difference per PKGBUILD), largely due to silly
haskell packages calling pacman from inside the PKGBUILD to determine
dependencies. [multilib] currently shows about 92% accuracy -- a
statistic which can be largely improved by utilizing the recently merged
arch-specific attribute work. This is also a smaller repo so the numbers
are somewhat inflated. In reality, this is only a .8% variance per
PKGBUILD.
Together, we can make PKGBUILD better.
[0] https://github.com/falconindy/pkgbuild-introspection
[1] https://github.com/falconindy/pkgbuild-introspection/blob/master/test/smoketest
Signed-off-by: Allan McRae <allan@archlinux.org>
We can avoid setting a default value for epoch since we intend to mean
unset and "0" as the same thing. This is also a more consistent default
as the display of epoch=0 is no epoch at all in the full package
version.
The extra paranoia in get_full_version can be removed due to lint_epoch
guarding against non-integer values of epoch.
Signed-off-by: Allan McRae <allan@archlinux.org>
This bug isn't currently exposed by any of the existing codepaths, but
an upcoming patch to introduce SRCINFO files to makepkg will expose
this.
Signed-off-by: Allan McRae <allan@archlinux.org>
This regression snuck in during some reviewing of 963f7fe02f
(arch-specific sources). We must always check the source=() array for
sources.
Signed-off-by: Allan McRae <allan@archlinux.org>
Interesting attributes created with 'local' or 'declare' won't be
surfaced in .PKGINFO, so we shouldn't try to look for them.
Signed-off-by: Allan McRae <allan@archlinux.org>
Rather than implementing suffix matching, which might clash, let's just
print the full fingerprint of the err'ing key so that the user can
copy/paste it into validpgpkeys. Also, make it clear in the manpage
that validpgpkeys needs full fingerprints, and nothing else.
Signed-off-by: Allan McRae <allan@archlinux.org>
grep'ing out blank lines and sorting output thoroughly breaks any file
lists with %BACKUP% entries which must be separated from the file list
by a blank line. Adds a custom function to ensure that all paths
printed are non-empty and unique.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
I found this feature confusing, and the documentation wasn't any help.
It was pointed out to me on IRC that validpgpkeys expects full
fingerprints, and won't accept shorter forms. This makes the
documentation insufficient, and the variable name itself misleading.
This patch bolsters the documentation to explain more about what the
contents should be, and implements suffix matching to allow matching on
shorters fingerprint suffices. Now, when makepkg tells you that a key
ID isn't valid, it's sufficient to manually check the key ID against
the known good ID, and add it as is to validpgpkeys.
Signed-off-by: Allan McRae <allan@archlinux.org>
This commit changes the few remaining instances of:
[[ ! $foo = "$bar" ]]
to the more common:
[[ $foo != "$bar" ]]
Signed-off-by: Allan McRae <allan@archlinux.org>
This implements support for declarations such as:
arch=('i686' 'x86_64')
...
source=("somescript.sh")
source_i686=("http://evilmonster.com/i686/ponies-9001-1.i686.bin")
source_x86_64=("http://evilmonster.com/i686/ponies-9001-1.x86_64.bin")
md5sums=('d41d8cd98f00b204e9800998ecf8427e')
md5sums_i686=('e4ca381035a34b7a852184cc0dd89baa')
md5sums_x86_64=('4019740e6998f30a3c534bac6a83f582')
Just the same as the "untagged" sources, multiple integrity algorithms
are supported. The manpage is updated to reflect support for these
suffices.
This commit also refactors download_sources slightly:
1) to use the otherwise preferred convention of lowercase local variable
names, and to make the handling of $1 more clear.
2) rename the "fast" parameter to "novcs", to make it more clear what
this token does.
3) add a new possible token "allarch" to ensure that download_sources
will fetch all sources, for all architectures.
This also fixes a "bug" in which a PKGBUILD without any source array
would generate "md5sums=()". While not technically wrong, we can easily
do better and emit nothing at all.
We rely on values in the arch array to be valid as part of variable
names, so extend the arch lint check to catch this.
This also cleans up lint_arch to restrict the use of "lint" only to the
package-specific architecture checks. It previously had an odd
declaration with a conditional expansion that would never be true.
Since source package creation is architecture independent, we should
ignore architecture-dependent behaviors such as the lint check which
will halt execution when the host machine is not a supported arch.
https://github.com/falconindy/pkgbuild-introspection/issues/15
Original-work-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
* convert dbpath from argument to option
* add --config and --root options
* read dbpath and root from config file
* if root is set but not dbpath, dbpath is set relative to root
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This eval enables the following in a PKGBUILD to "just work":
source=('$pkgname-$pkgver.tar.gz'::'https://host/$pkgver.tar.gz')
This has at least two problems:
- It violated the principle of least surprise.
- It could be a security issue since URLs are arbitrary input.
Instead, expand the dlagent command line into an array, replace the %o,
%u place holders, and run the resultant command line as is.
Embedded spaces in the DLAGENTS entry can be escaped with a backslash.
Fixes FS#41682
Signed-off-by: Allan McRae <allan@archlinux.org>
Git has the ability to use helper applications for interfacing with hg,
and from what we had before, the following url::
foo::git+hg::http://foo.bar/foobar
would get converted to something along the lines of:
filename: foo
URL: http://foo.bar/foobar
and the 'git+hg' part would essentially be ignored when it's getting set
up in the 'get_protocol' and 'get_downloadclient' functions. With this
patch it is possible to have a source link with '::' in it, however it
is not possible to have a filename with '::', which is the current
behavior.
Signed-off-by: Allan McRae <allan@archlinux.org>
Prevents trust being spoofed by using TRUST_FULLY in the signatory's name
or in an added notation.
Fixes FS#41147.
Signed-off-by: Allan McRae <allan@archlinux.org>
This introduces support for architecture-specific conflicts, depends,
optdepends, makedepends, replaces, and conflicts by appending "_$CARCH"
to the array name. For example, in the global section:
arch=('i686' 'x86_64')
depends=('foo')
depends_x86_64=('bar')
This will generate depends of 'foo' and 'bar' on x86_64, but only 'foo'
on i686. Moreover, this is supported in the package functions with the
same heuristics as the generic names, e.g.
...
arch=('i686' 'x86_64')
depends=('foo')
...
package_somepkg() {
depends_x86_64=('bar')
...
}
Again, will cause x86_64 to have depends of 'foo' and 'bar', but only
'foo' for i686.
Break apart each of the blocks into their own separate functions. And,
instead of the hand crafted eval statements, reuse the logic from
pkgbuild-introspection[0] to abstract away the complexities of parsing
bash.
This commit fixes at least 3 bugs in check_sanity:
1) The wrong variable is shown for the error which would be thrown
when, e.g. pkgname=('foopkg' 'bar^pkg')
2) The "arch" variable is not sanity checked when the PKGBUILD has
an arch override, but only one output package.
3) https://bugs.archlinux.org/task/40361
Lastly, there's some string changes here which should help to clarify
a few errors emitted in the linting process.
[0] https://github.com/falconindy/pkgbuild-introspection
Dependencies are now handled with --nobuild unless specificially skipped.
Using --verifysource will skip dependency checks unless --syncdeps is
specified.
Fixes FS#35057 and FS#36999.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add an array VCSCLIENTS to makepkg.conf that matches vcs source protocols
to the package containing the software needed for handling the source.
Signed-off-by: Allan McRae <allan@archlinux.org>
The documentation very clearly states that the buildfile has to be in
$PWD, but the error thrown by makepkg reference some mysterious "build
directory". Simplify this check so that we more directly check that the
file being referred to is in fact in our $PWD. Revise the error message
when the check fails to more plainly point out the problem.
Signed-off-by: Allan McRae <allan@archlinux.org>
Add support for following the XDG Base Directory Specification when
reading the user-specific configuration file.
If no $XDG_CONFIG_HOME/pacman/makepkg.conf file exists we fall back to
sourcing $HOME/.makepkg.conf
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
[Allan] Note XDG_CONFIG_HOME takes priority.
Signed-off-by: Allan McRae <allan@archlinux.org>
After resourcing the PKGBUILD in update_pkgver(), set the epoch to 0
if it is empty. Also adjust the get_full_version function to be more
robust if epoch somehow still is empty.
Fixes FS#41022.
Signed-off-by: Allan McRae <allan@archlinux.org>
This ensures packages build on a UTF-8 locale system with non-ASCII character
names can be installed on non-UTF-8 systems.
Signed-off-by: Allan McRae <allan@archlinux.org>
Remove the comment above the signature generation command as the command
is self explanatory and no longer does what the comment says.
Signed-off-by: Allan McRae <allan@archlinux.org>
We expect all source file to lie in $startdir. However, using
"makepkg -p <buildscript>" can currently allows people to specify buildscripts
in other directories. This results in confusion about where other sources
should lie (in startdir or in the directory that the buildscript is in).
Explicitly disable using -p for files in other directories to avoid this issue.
Fixes FS#40293.
Signed-off-by: Allan McRae <allan@archlinux.org>
If validpgpkeys is set in the PKGBUILD, signature checking fails if
the fingerprint of the key used to create the signature is not listed
in the array.
The key's trust value is ignored.
Signed-off-by: Allan McRae <allan@archlinux.org>
Instead of invoking grep multiple times, parse the status file once.
This refactoring also changes the behvaiour when signature verification
fails due to a missing public key: It is now an error instead of a
warning.
Signed-off-by: Allan McRae <allan@archlinux.org>
Provide pkgbase information for non-split packages with pkgbase set.
Also record the version of the "base" package. This is useful for
matching package files to source packages.
Signed-off-by: Allan McRae <allan@archlinux.org>
Packaging outside of fakeroot can result in incorrect permissions for
package files. It has been years since fakeroot issues during packaging
were common, so it is safe to enforce fakeroot usage. If using fakeroot
is impossible for some reason, a two line wrapper script will suffice to
fool makepkg.
Signed-off-by: Allan McRae <allan@archlinux.org>
The days of fakeroot being error ridden are long gone, so there is no
valid reason to run makepkg as root.
Signed-off-by: Allan McRae <allan@archlinux.org>
1. Packagers who want to test the package() function, i.e. to check the content
of the pkg/ folder.
2. Developers who want to check how the packaged version of a program looks, in
other words how the pkg/ folder looks.
3. For users of systems with no port tree, makepkg can ease package creation.
However the resulting archive of the whole makepkg process is often useless.
For all situations, makepkg will usually be called several times. But no archive
(the final package) is needed in any cases. The archive creation ends up being a
waste of time and resource, especially for big applications and slow machines.
Since this option aborts the process prematurely, it behaves like the
-o,--nobuild option, i.e. any other option acting on later stages in the process
will be automatically discarded. For --noarchive, it means that in
$ makepkg --noarchive --install
the '--install' option does not do anything.
Signed-off-by: Pierre Neidhardt <ambrevar@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Previously, install_package() return code was either used as exit code or
ignored. This was rather confusing. The return code is now always ignored and a
comment on install_package() has been added.
Signed-off-by: Pierre Neidhardt <ambrevar@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Files hosted on kernel.org only provide signatures for the uncompressed tarball.
Support this scheme by transparently uncompressing the archives and piping
the data into gpg.
Signed-off-by: Allan McRae <allan@archlinux.org>
I noticed when I built a kernel package with options 'strip' and 'debug' that
the debug package was missing the debug information for the kernel modules.
This patch adds kernel modules to the targets for 'strip' and is compatible
with the split-out debug information packages.
v2: Correct logic error -- did a 'continue' after the 2nd-level case statement
instead of in the default case.
v3: Oops, forgot to terminate outer case. Ran this version through the test
suite and all tests passed.
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
Signed-off-by: Allan McRae <allan@archlinux.org>
makepkg only aborts on errors during PKGBUILD functions so the remaining
"|| true" statements are unneeded.
Signed-off-by: Allan McRae <allan@archlinux.org>
It turns out that you should refer to variables by their actual name...
Introduced in commit a521cea9.
FS#38414.
Signed-off-by: Allan McRae <allan@archlinux.org>
FS#34240. This is useful for translators and has little cost to us since
we moved to transifex for translations.
Signed-off-by: Allan McRae <allan@archlinux.org>
If the user has "armor" in thier gpg.conf, makepkg will create an
ascii-armored signature. Use --no-armor in the gpg call to avoid.
FS#38503.
Signed-off-by: Allan McRae <allan@archlinux.org>
Forcing vim users to view files with a tabstop of 2 seems really
unnecessary when noet is set. I find it much easier to read code with
ts=4 and I dislike having to override the modeline by hand.
Command run:
find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} +
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
Running 'makepkg -g' or 'makepkg' to download source files results in
different permissions on the files if the user has a non-default umask.
Put the umask definition at the "beginning" of the makepkg script to
ensure all files generated by makepkg have a 0022 umask.
Signed-off-by: Allan McRae <allan@archlinux.org>
Unify the formatting of the --help switch for pacman utils, if it exists.
All of the pacman utils will now output help text using the following
format:
util-name (pacman) v<pacman version>
one line description of util's purpose
Usage: util-name [options]
-b, --bar whatever --bar does
-f, --foo whatever --foo does
-h, --help display this help message
Reported-by: Karol Błażewicz <karol.blazewicz at gmail.com>
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
This commit:
-- replaces space-based indents with tabs per the coding standards
-- removes extraneous whitespace (e.g. extra spaces between function args)
-- adds missing braces for a one-line if statement
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
The call to bsdtar to check if a file needs extracted returns 1 if it does
not. We then propegate this return value accidentally which can cause
makepkg to report an error later on. Explicitly return 0 in this case.
Signed-off-by: Allan McRae <allan@archlinux.org>
It is fairly common that packages contain static libraries with no
shared counterpart. These should not be removed with !staticlibs.
Signed-off-by: Allan McRae <allan@archlinux.org>
It appears there are a lot of packages with arch=('i686 x86_64')
floating around. Quote the arch array when passing as a parameter
to detect such things.
Signed-off-by: Allan McRae <allan@archlinux.org>
Validate the new pkgver efore blindly ramming it into the PKGBUILD.
This gives us good feedback and prevents corrupting the PKGBUILD, e.g.
==> Starting pkgver()...
==> ERROR: pkgver is not allowed to contain colons, hyphens or whitespace.
==> ERROR: pkgver() generated an invalid version: a horse is not a pkgver
As an additional failsafe, exchange a valid for invalid character as
command separator in @SEDINPLACE@ expressions. For even more paranoia,
exit if sed fails for any reason.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This points makepkg to where is library is located. Can be
overridden by value in the environment.
Signed-off-by: Allan McRae <allan@archlinux.org>
[Ashley: Rebased]
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk>
Build makepkg to scripts/.lib/makepkg and add a wrapper script to
call it. This is not useful at the moment, but is the first step
to allowing makepkg to be split into smaller pieces.
Signed-off-by: Allan McRae <allan@archlinux.org>
[Ashley: rebased]
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk>
The separation between downloading and extracting for non-vsc sources
was incomplete due to symlinks being made in $srcdir during the download
stage. Have download_{local,file} just ensure the presence of the files
in $startdir or $SRCDEST (downloading if needed) and then have
extract_file symlink these files into $srcdir.
Also replace "continue" with "return" in extract_file to make it clearer
what is happening.
Signed-off-by: Allan McRae <allan@archlinux.org>
These loops already maintain an independent loop counter, so cut out
the middle man. While this change doesn't necessarily require that we
drop support for sparse arrays, we do via this patch. A new lint check
is added in check_sanity to abort when a sparse array is encountered.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
These are all cases where we're reading filenames -- any backslashes
are intentional and should not be interpreted.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
With some simple math and printf formatting tokens, we can create the
whitespace necessary for this without the need for a loop and string
concatentation.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Unifying this list makes adding new algorithms easier. There's also
some menial cleanup in this patch to avoid use of eval and properly
treat lists of data as array instead of simple strings.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows for VAR=value and VAR+=value variable declarations.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
These references to bug numbers assume we will forever be using that bug
tracker. It is better to properly comment the code instead (which was
done in almost all cases anyway).
Signed-off-by: Allan McRae <allan@archlinux.org>
Replace spaces with tabs in one instance.
Remove extra spaces.
Signed-off-by: Jason St. John <jstjohn@purdue.edu>
Signed-off-by: Allan McRae <allan@archlinux.org>
When maintaining a custom repo, often it is undesirable to retain older
versions of packages. This patch adds the --remove option to remove the
current package file and it's signature from disk before adding the new
one to the database. Documentation is also updated. This is an optional
flag and default behaviour (leaving ondisk files alone) is not changed.
Signed-off-by: Phillip Smith <fukawi2@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Given a revoked keyring containing only:
BC1FBE4D2826A0B51E47ED62E2539214C6C11350
We should only disable this specific keyid. This change enforces that the
contents of the -revoked keyring file are full fingerprints which can uniquely
identify a key.
Before:
# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
-> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
-> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
-> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
-> Disabling key 1390420191...
-> Disabling key E2539214C6C11350...
-> Disabling key 8544EA82113502DE...
==> Updating trust database...
gpg: next trustdb check due at 2014-01-22
After:
# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
-> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
-> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
-> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
-> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
==> Updating trust database...
gpg: next trustdb check due at 2014-01-22
Partially addresses FS#35478. This does nothing to confirm whether or not the
key was successfully disabled -- a ridiculously simple request which appears to
be far too difficult for gpg to manage.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Adding this restriction means we can filter any FILENAME entry from
starting with a "/" or a ".". Use the term "dot" as it is more
computing relevant compared to "full stop" or "period" which vary
depending on English locale.
Signed-off-by: Allan McRae <allan@archlinux.org>
given/when has been marked experimental in perl 5.18 because it will
change it 5.20. if/else is ugly, but hiding the generated warning is no
good solution either, so we us if/else for now.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
This also slighty changes the word order in the description for
--newest.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
This allows for somewhat easy templating for PKGBUILDs.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
Add support for overriding configuration in /etc/makepkg.conf and
~/.makepkg.conf by setting the environment variable CARCH similar to
how SRCDEST and PKGDEST behave.
Fixes FS#35030.
Signed-off-by: Allan McRae <allan@archlinux.org>
Not having a package() function means all building occurs as root
and repackaging can lose permissions. Given the use of package()
functions has been around for years and we deprecated not having
one in pacman-4.1, we can remove support for PKGBUILDs without
package() functions altogether. However, keep PKGBUILDs that have
neither a build() or package() function working.
Signed-off-by: Allan McRae <allan@archlinux.org>
Using PKGBUILDs from stdin means that we can not use pkgver() in
packages. Given we have the "-p" option to pass any file to
makepkg and passing a PKGBUILD in the form "cat foo | makepkg"
does not work, this feature is unneeded.
Signed-off-by: Allan McRae <allan@archlinux.org>
If LOGDEST is set, we may not check that $startdir is writable. Store
the log pipe in LOGDEST instead.
Signed-off-by: Allan McRae <allan@archlinux.org>
bzr support "worked", but didn't handle any of the actual features we
wanted with makepkg. This moves the revision specification to the proper
place (extraction, rather than download), and fixes an additional broken
reference to $repo which was never set.
Fixes FS#35281.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
