Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/scripts/libmakepkg
AgeCommit message (Collapse)Author
2017-09-13libmakepkg: check for invalid tags in gitEli Schwartz
As per https://lists.archlinux.org/pipermail/arch-general/2017-July/043876.html git doesn't check that the tag name matches what an annotated tag object *thinks* it should be called. This is a bit of a theoretical attack and some would argue that we should always use commits since upstream can legitimately change a tag, but nevertheless this can result in a downgrade attack if the git download transport was manipulated or the upstream repository hacked. So, check the tag blob to make sure the tag actually matches the name we used for `git checkout`. This really should be fixed in git itself, rather than forcing all downstream users of git verify-tag to implement their own checks, but the git developers disagree, see the discussion surrounding https://public-inbox.org/git/xmqqk2hzldx8.fsf@gitster.mtv.corp.google.com/ Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg: Fix improperly spelled local variable declarationEli Schwartz
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg/integrity: Fix error message not sent to stderrEli Schwartz
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg: fix unsanitized source filenamesEli Schwartz
There were a couple places where filenames beginning with "-" were not properly guarded against by passing them after "--". Some PKGBUILD authors are crazy, but we still take those into account. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-08makepkg: create signature files outside of fakerootAllan McRae
With recent version of gpg, signing within fakeroot works on the first invocation, but fails on later runs. Sign all packages outside of fakeroot to avoid this issue. Fixes FS#49946. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Provide source files for useful debug packagesAllan McRae
Debug packages are fairly useless currently because the soucre files needed for stepping through code etc are not packaged with them. This patch adds the needed source files to the debug package and adjusts the debug info to look at the /usr/src/debug/ directory for them rather than the build location. This requires using the "debugedit" program which is provided as part of the RPM sources. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: Verify git signaturesEli Schwartz
A git repository is marked as signed if it contains the query "signed" as defined by https://tools.ietf.org/html/rfc3986 Adds two utility functions in util/source.sh.in to extract fragments and queries, and modifies source/git.sh.in to use them. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04libmakepkg/integrity: Verify file signatures in a separate functionEli Schwartz
This makes it easier to add signature verification for new protos. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: warn about dotfiles in package rootAndrew Gregory
libalpm reserves paths starting with '.' for its own use and will not extract any other than those it recognizes. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Update copyright yearsAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: Disallow forward slashes in pkgverSteef Hegeman
scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in now raises an error when pkgver contains forward slashes. pkgver containing a forward slash results in a package filename containing a forward slash, which isn't a valid filename. Signed-off-by: Steef Hegeman <steefhegeman@hotmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05Build a single debug package for all packages from a PKGBUILDAllan McRae
We want to provide source files with debug symbol packages to allow easy stepping through the program. This becomes difficult with split packages due to the binaries in many of these sharing source files across packages. There are (at least) two solutions to this problem. #1: ensure common source files are located in the debug package for the package lowest in the dependency chain and add dependencies to the debug packages so all require source files are present, or #2: create one debug package for all split packages in a PKGBUILD. The second is a more robust approach despite potentially creating very large debug packages. This patch creates a single $pkgbase-debug package and adds provides such that installing $pkgname-debug will always work. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05add generated scripts to gitignoreChristian Hesse
These files are generated at build time. Ignore in git. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05makepkg: reject packages with newlines in pathsAndrew Gregory
libalpm's local database format does not support paths with newlines. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05makepkg: abort on lint_package errorsAndrew Gregory
Allows lint_package to prevent makepkg from creating an invalid package. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05Revert "[RFC] Provide source files for useful debug packages"Allan McRae
This reverts commit a79c0038ae84c38fe063bd7426a839f3c01c10e8. I merged the wrong branch into master...
2016-11-02[RFC] Provide source files for useful debug packagesAllan McRae
Debug packages are fairly useless currently because the soucre files needed for stepping through code etc are not packaged with them. This patch adds the needed source files to the debug package and adjusts the debug info to look at the /usr/src/debug/ directory for them rather than the build location. This requires using the "debugedit" program which is provided as part of the RPM sources. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22makepkg: print files with refs to $srcdir/$pkgdirIvy Foster
Since rewriting build_references() anyway, tweaked quoting. Implements FS#31558. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Use coreutils binaries for checking/generating checksumsAllan McRae
If pacman is build against a crypto library other than openssl, it makes no sense to require makepkg to use it. The only currently considered alternative to openssl is nettle, which has no binary for base64 encode/decode. This means that we could replace the hashing cacluations with nettle-hash, but would require base64 from coreutils. Given makepkg already relies heavily on coreutils, we might as well use all the coreutils hashing binaries too. This patch also improves the checking of required binaries for hashing operations. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22makepkg: Move parseopts from library to libmakepkgAlad Wenter
parseopts is used in makepkg and other scripts such as pacman-key as a getopt replacement. Instead of including it in those scripts via a macro, move it to libmakepkg/util/parseopts.sh and have scripts source this file where appropriate. To keep the parseopts test, a new variable was introduced: PM_LIBMAKEPKG_DIR Signed-off-by: Alad Wenter <alad@archlinux.info> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22libmakepkg: generate all scriptsAlad Wenter
In order for the scripts to be used in testsuites, it is easiest to generate all of them so they are found in the build directory (which may be different to the source directory). Signed-off-by: Alad Wenter <alad@archlinux.info> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-10lint_pkgbuild/pkgname: pkgname is not allowed to be emptyChristian Hesse
We checked for empty array elements, but did not catch empty array. Add a check for that case as well. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30libmakepkg: look for architecture-specific hashes in get_integlistJack O'Connor
`makepkg -g` looks for existing checksums in the PKGBUILD file, so that it can generate new sums of the same type. Previously it only checked variables of the form "sha256sums", and not "sha256sums_x86_64". That meant it would always fall back to MD5 for packages with only architecture-specific sources. This change makes it look at architecture-specific checksums too to determine the type. Signed-off-by: Jack O'Connor <oconnor663@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18libmakepkg: extract functions for integrity checkingAshley Whetter
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-03-28libmakepkg: extract functions for writing .SRCINFO filesAshley Whetter
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-03-21libmakepkg: ensure emptydir find command acts on individual directoriesAllan McRae
Using "-exec command {} +" systax exits on any error. Such errors occur when running rmdir on a non-empty directory. Switch to "{} ;" syntax instead which avoids exiting before the find command is completed. Fixes FS#48515. Note, we can not use "-empty" in the find command because it is not supported by Busybox find, and the "--ignore-fail-on-non-empty" flag for rmdir is not available on BSD rmdir variants. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-26makepkg: Remove upx and optipng supportAllan McRae
These options were added before libmakepkg allowed passes like this to be dropped in. I prefer only real core packaging tasks to be included in makepkg and additional things like this to be dropped in by a user or distribution that wants to support them. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-26libmakepkg: fix is_array functionAllan McRae
This happened to work for the majority of cases because the only calling function used a variable named "i" that was related to the variable being passed to the function. Fixes FS#48340. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-20libmakepkg: increase robustness of the detection of array variablesAllan McRae
Extract array detection into its own utility function that ensures extglob is enabled. Suggested-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-01-25Fix testing of arrays status for arch specific variablesZuyi Hu
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-01-04Update copyright years for 2016Allan McRae
make update-copyright OLD=2015 NEW=2016 Signed-off-by: Allan McRae <allan@archlinux.org>
2015-12-15makepkg: Output full URL in case of download failureFlorian Pritz
Most entries in $sources contain variables so finding out why a URL fails to download is hard because one has to manually replace the variables when looking at the PKGBUILD. Simply output the full URL here so that it can be easily seen what is wrong. Old: ==> ERROR: Failure while downloading example-1.2.4.tar.gz New: ==> ERROR: Failure while downloading http://example.org/releases/1.1/example-1.2.4.tar.gz With the new format it is much more obvious that the directory name is the culprint (1.1 vs 1.2) while the old one would not display that information. Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-11-23lint_pkgbuild/variable: increase robustnessAllan McRae
Approach the detection of variables of the wrong type using an approach similar to that used for construction of .SRCINFO files. While doing silly things in bash could still result in false negatives, this approach should be very robust to generatinf false positives results. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-11-23lint_pkgbuild: explicitly return valueAllan McRae
Set the return value to be local and always explictly returns it. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-11-05Refactor lint_source to work with earlier versions of BashAaron Campbell
Negative subscripts to indexed arrays are not supported before 4.2. However, since substring expansion works on arrays, we can specify an offset of -1 to be taken relative to one greater than the maximum index of the specified array (see Parameter Expansion section of the bash man page). This works with both Bash 4.1 and 4.2, and 4.1 is already the oldest supported by pacman. Signed-off-by: Aaron Campbell <aaron@monkey.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-10-27libmakepkg: fix pkgver checkingAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-10-19libmakepkg: Add check_buildoption for distcc and ccacheJan Alexander Steffens (heftig)
makepkg used to check OPTIONS too, which could override BUILDENV. Implement a new function that handles these options more like OPTIONS. This also reduces code duplication a bit. Signed-off-by: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-10-19Remove space before ellipsesAllan McRae
Makes all use of ellipses consistent... Signed-off-by: Allan McRae <allan@archlinux.org>
2015-09-22libmakepkg: remove declaration of unused local variablesAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-09-22libmakepkg: return 1 on error in arch arrayAllan McRae
The return value was being assigned when an error was found in a PKGBUILD's arch array but it never was returned. Also remove error message explaining about adding the arch array to a PKGBUILD. That was added a long time ago when the arch array first became compulsory. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-09-22libmakepkg: update .gitignoreAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-09-07libmakepkg: check if PKGBUILD variables are arrays or not as appropriateAllan McRae
When extracting variables from PKGBUILD (e.g. for .SRCINFO creation) we make assumptions about whether variables are arrays or not. This adds a check to the PKGBUILD linter to ensure variables are arrays or not as appropriate. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-09-07libmakepkg: util/pkgbuild.sh needs processing on buildAllan McRae
pkgbuild.sh contained @DEBUGSUFFIX@ and so needs to be run through the sed command on build. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20libmakepkg: move color settings to functionAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20libmakepkg: lint_package requires cd_safeAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: extract functions for source download and extractionAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: extract functions for handling source URLsAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: fix test styleAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: move more functions for extracting information from PKGBIULDsAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: extract more utility functionsAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>