| Age | Commit message (Collapse) | Author |
|---|
|
Simply pass options on to gpg the same way gpg uses them -- no looping
through and checking lots of signatures.
This prevents a situation where the signature file to be verified is
manipulated to contain an embedded signature which is valid, but not a
detached signature for the file you are actually trying to verify.
gpg does not offer an option to verify many files at once by naming each
signature/file pair, and there's no reason for us to do so either, since
it would be quite tiresome to do so.
In the event that there is no signature/file pair specified to
pacman-key itself,
- preserve gpg's behavior, *if* the matching file does not exist, by
- assuming the signature is an embedded signature
- deviate from gpg's behavior, by
- offering a security warning about which one is happening
- when there is an embedded signature *and* a matching detached file,
assume the latter is desired
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This doesn't do quite as good of a job of "hiding away" the real script
as we did with autotools, but it satisfies the need for being able to
run scripts which depend on libmakepkg with the local copy within the
repo. We do, however, improve upon the autotools script by ensuring that
the bash path used in configuring pacman is the interpreter used to run
the underlying script.
|
|
Provide both build systems in parallel for now, to ensure that we work
out all the differences between the two. Some time from now, we'll give
up on autotools.
Meson tends to be faster and probably easier to read/maintain. On my
machine, the full meson configure+build+install takes a little under
half as long as a similar autotools-based invocation.
Building with meson is a two step process. First, configure the build:
meson build
Then, compile the project:
ninja -C build
There's some mild differences in functionality between meson and
autotools. specifically:
1) No singular update-po target. meson only generates individual
update-po targets for each textdomain (of which we have 3). To make
this easier, there's a build-aux/update-po script which finds all
update-po targets and runs them.
2) No 'make dist' equivalent. Just run 'git archive' to generate a
suitable tarball for distribution.
|
|
This isn't super interesting for the autotools side, but it's necessary
in order to make things sane for other build systems which we might
introduce in the future.
|
|
Remove all remnants of library/{output_format,term_colors}.sh
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In the spirit of making libmakepkg more useful as a library, and,
critically, *using* that library for additional pacman scripts, we
should include all of output_format.sh and term_colors.sh directly in
libmakepkg and hopefully stop having to embed additional copies in e.g.
repo-add via m4 macros.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This behavior is confusing, since it means absolutely everything goes to
stderr and makepkg itself is a quiet program that produces no expected
output???
The only situation where messages should go to stderr rather than
stdout, is with --geninteg which is meant to return the checksums on
stdout (but we don't want to totally get rid of status messages when
redirecting the results elsewhere, or, worse, redirect status messages
to a PKGBUILD). For this specific case, redirect message output to
stderr in the --geninteg callers directly.
Implements FS#17173
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
- it comes with free collation when moving the LC_ALL declaration up a bit;
this fixes a bug where the .FILES were not being properly sorted and
their order depended on directory creation order, which broke
reproducible builds in the wild.
- it handles sorting null-delimited output everywhere, without sort -z;
this lets us get rid of sed hacks
- it is faster than invoking multiple find subprocesses
- dotfiles can be automatically printed *and the C locale sorts them first*
with a single ** glob
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We don't need exact package name completions for something that expects a
regular expression *search*, which is what we currently do. If you want
a package name completion for a search, you don't need the search.
This change is consistent with the current state of zsh completions.
Fixes FS#59965
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Filename completion should only be generated for makepkg, when using the
options -p or --config... which means we should offer option completions
by default.
Filename completion for pacman, should not be generated when using -Qu,
or -F without -o.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
If poll() is interrupted by a signal, alpm was closing the socket it
uses for listening to script/hook output. This would drop script output
at the least and kill the script at the worst.
Fixes FS#60396
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Front-ends or libraries may set signals to be ignored, which gets
inherited across fork and exec. This can cause scripts to malfunction
if they expect the signal. To make matters worse, scripts written in
bash can't reset signals that were ignored when bash was started.
Fixes FS#56756
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
[[ ${array[@]} ]] will resolve to false if array only contains empty
strings. This means that values such as "depends=('')" can be inserted
into a pkgbuild and bypass the linting.
This causes makepkg to successfully build the package while pacman
refuses to install it because of the unmet dependency on ''.
Instead check the length of the array.
Signed-off-by: morganamilo <morganamilo@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
SIZECMD was replaced in 1af766987f with a POSIX solution, and this token
is no longer used/needed.
|
|
When --needed is used, up to date packages are now filtered out
before showing the group select.
Fixes FS#22870.
Signed-off-by: morganamilo <morganamilo@gmail.com>
|
|
Currently when attempting to sync a group where all packages are
ignored, either by ignorepkg, ignoregroup or --needed, pacman
will error with "target not found".
Instead, if a group has no packages check if the group exists
before throwing an error.
Signed-off-by: morganamilo <morganamilo@gmail.com>
|
|
Use BytesIO instead of StringIO, and ensure that we unicode-encode data
where needed.
|
|
Upon receiving SIGINT a flag is set to abort the (curl) download.
However, since it was never reset/initialized, if a front-end doesn't
actually exit on SIGINT, and later tries any operation that needs to
perform a new download, said download would always get aborted right
away due to the flag not having been reset.
|
|
Variable dload_interrupted is used both to abort a download because
SIGINT was caught, and when a file limit is reached. But raising SIGINT
is only meant to happen in the first case.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
lint_pkgver returns 0 if PKGVERFUNC, since it's likely that update_pkgver()
will change the value of pkgver anyway, and there's no point in linting the
old value. update_pkgver() will call check_pkgver() itself to validate the
new value.
However, that "optimization" only holds if we're definitely going to call
update_pkgver() later; and that's way more complicated than
if (( PKGVERFUNC )); then
it's more like:
if (( !GENINTEG && !PACKAGELIST && !PRINTSRCINFO && !SOURCEONLY && !REPKG && PKGVERFUNC )); then
Which is to say: If I have a PKGBUILD with pkgver():
* if I run `makepkg -g` I expect it to lint pkgver, but it won't
* if I run `makepkg -R` I expect it to lint pkgver, but it won't
* ...
So let's fix that.
Rather than try to keep a huge list of conditions in sync with the flow of
makepkg.sh.in, let's just drop it. As far as I can tell, the only thing
that skipping lint_pkgver() really enables is letting the PKGBUILD author
write `pkgver=` in the initial version, and letting pkgver() fill it in.
They can just start writing `pkgver=0` for that workflow.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Currently, if checking the validity of packages fails due to an access
error on one or more packages, the user must sift through debug output
in order to find the culprit package(s). This patch adds a call to
_alpm_log in such a case to make the culprits more easily visible.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We accept package_foo() in non-split packages, because it's easier to
switch to/from a split package just by removing a pkgname element. But
it makes no sense to have both in one PKGBUILD.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
When doing "pacman -Fs", show the "(groupname)"
message just like "pacman -Ss".
And refactor group printing to its own function.
Signed-off-by: morganamilo <morganamilo@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Due to a copy-paste error when initially implementing this, it actually
uses a duplicate function name, usually resulting in lint_pkgbuild
overwriting the function definition.
Then the PKGBUILD lint gets run twice, one time before the PKGBUILD is
even sourced -- to potentially surprising results, like erroring out on
a pre-existing shell definition that doesn't match our expectations.
Seen in the wild with lint_config triggering an error for
'declare -x arch="foo"'
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Fixes FS#60106
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We don't need to translate the "Copyright YEAR AUTHOR" part, no part of
it should probably be translated and it definitely shouldn't turn every
single license terms notice into a separate translation just because the
author/year is different.
Fixes FS#58452
Also consistently add a blank line after the copyright and before the
license terms.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This reverts commit 9cdfd18739cc4b0e2b2efeb9a92a3ea612c8505f.
We've never documented whirlpoolsums support in the manpage and no one
really seems to have realized we support it, let alone use it -- except
for a few parabola packages, being the contributor's motivation for
adding support.
The problem is that for two years the code has been broken. In commit
577701250d645d1fc1a505cde34aedbeb3208ea5 we moved to coreutils to
provide checksum commands, rather than openssl, but there is no
whirlpoolsums binary.
Properly fixing this would require re-adding a dependency on openssl,
independent of the libalpm crypto backend -- which defeats the purpose
of moving to coreutils in the general case. nettle-hash does not provide
a whirlpool algorithm any more than it does base64 (the original reason
for moving to coreutils).
Therefore, we should just drop support for this again.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: morganamilo <morganamilo@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
It's most likely a case where output is being captured, so we shouldn't
be interleaving status messages with function output regardless. Setting
the pkgver() status message (the one time we use it in a subshell)
separately also makes it safe to change whether message.sh functions write
to stdout or stderr.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
`run_function_safe pkgver` is evaluated in a subshell and therefore does
not abort when it should. Explicitly check the return outside of the
subshell and abort if necessary.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Both run_function and run_function_safe will save and restore `shopt -p`
but the former is only called from the latter. It makes sense to save
this as part of a "safe" runner, so let's just do it in one place, there
where we save and restore everything else too.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
When doing "pacman -Fs", show the "[installed: version]"
message just like "pacman -Ss".
Signed-off-by: morganamilo <morganamilo@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Use implicit dependency rules to translate asciidoc inputs to HTML and
manpage outputs. We should only have to declare explicit dependencies
for odd cases, e.g. the PKGBUILD documentation has an additional include
file and isn't a 1:1 conversion.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We don't use these.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
When re-running makepkg for fakeroot, if `bash -x makepkg` was used this
is lost. Fix by encoding the current set of options explicitly in the
invocation, both for makepkg and for the wrapper used to test scripts
inside the source tree.
Also change to use ${BASH_SOURCE[0]} instead of $0 as the latter can be
anything the parent process wants, while the former is explicitly set by
bash itself to the filepath of the script.
See http://mywiki.wooledge.org/BashFAQ/028
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Pull out the expected=y/n check into a separate function and make use of
the fact we can just prepend the fallback arrays to get the same result.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Now that we require bash 4.4 this is "more correct" than analyzing the
output of declare -p to see if it compares favorably with -a.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This is required in order to use declare -g and ${var@a}
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit c6b04c04653ba9933fe978829148312e412a9ea7 the signing function
was moved out of fakeroot, and thus out of the create_package loop. This
meant that if package signing failed, it was no longer possible to tell
which package it failed on by checking which package creation is
currently running. Successful signing attempts do not have this problem
as we already printed the name of the signature file.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Add a case for curl error 'Could not resolve host'.
An attempt to fix FS#48285.
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
It is desirable to have 'a-post.hook' ordered after 'a.hook'. For this,
it is needed to ignore the suffix when sorting.
Signed-off-by: Allan McRae <allan@archlinux.org>
|