Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/scripts
AgeCommit message (Collapse)Author
2019-10-07pacman-key: make sure we actually use the Web of Trust, which GnuPG doesn't.Eli Schwartz
By default, the latest versions of GnuPG disable the Web of Trust and refuse to import signatures from public keyservers. This is to prevent denial of service attacks, because refusing to import signatures only if the key size is too big, is apparently too silly to consider. Either way, pacman needs the WoT. If pacman imports a key at all, it means everything failed and we are in fallback mode, trying to overcome a shortcoming in the availability of keys in the keyring package. (This commonly means the user needs to acquire a new key during the same transaction that updates archlinux-keyring.) In order for that new key to be usable, it *must* also import signatures from the Master Keys. I don't give credence to this supposed DoS, since the worst case scenario is nothing happening and needing to CTRL+C in order to exit the program. In the case of pacman, this is better than being unable to install anything at all (which is gnupg doing a much more harmful DoS to pacman), and in the already unusual case where something like --refresh-keys is being used directly instead of depending on the keyring package itself, gnupg supports WKD out of the box and will prefer that for people whose keys are marketed as being non-DOSable. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman-key: when refreshing gpg.conf, don't truncate option checkingEli Schwartz
If an option is a two-part option, we print both (separated by IFS=' '), but when grepping to see if it already exists, we only checked the first component. This means that something like keyserver-options could only check if there were existing keyserver options of any sort, but not which ones. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07makepkg: add rust support for *FLAGS and debug-prefix-mapEli Schwartz
The rust language supports $RUSTFLAGS to be used automatically in all rustc invocations. Allow setting this in makepkg.conf (e.g. for optimization or debuginfo support), and teach debug+strip to pass the rustc command line argument necessary to rewrite source file paths in the debugging symbols. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04libmakepkg: check if PACKAGER has the expected format for WKD lookupJonas Witschel
pacman should be able to extract an email address from PACKAGER for WKD lookup, so issue a warning if it is not of the form "Example Name <email@address.invalid>". Neither the name nor the email address must contain additional angle brackets. Signed-off-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04libmakepkg: fix typomorganamilo
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04autotools: distribute meson filesEli Schwartz
If we use make dist to create the official, signed release tarballs, those will not have meson build files by default since autotools doesn't know what they are. Also distribute all src/common/ files. We never strictly needed any of them to be distributed with autotools, because the dist tarball dereferences the symlinks (???), but only some of them were being distributed, and meson needs them to be in the right location as we only build libcommon from the primary files. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-12Prepare translations for next releaseAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-05makepkg: Ignore "<artificial>" source filesAustin Lund
An artificial symbol can be produced when requesting debugging symbols and the compiler has inlined a function. These symbols will give spurious results when listing source files for inclusion in debug packages. This will ignore these symbols and avoid an error that can be generated when creating a debug package. Signed-off-by: Austin Lund <austin.lund@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-26bash-completion: use POSIX character classes in regular expressionsEli Schwartz
bash uses POSIX extended regular expressions via regex(3), which does not guarantee support for shorthand character classes. Although glibc supports it, msys2-runtime does not. Make sure the completion script works (hopefully) everywhere by being more portable. Fixes: https://github.com/msys2/MSYS2-packages/pull/1549 Original-patch-by: plotasse <platos@protonmail.ch> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-25makepkg: do not exit immediately on dependency install failuresAllan McRae
Fixes FS#63000 Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-06makepkg: restrict pkgname and pkgver to asciiAndrew Gregory
pkgname and pkgver are used as directory names within database files. libarchive does not provide a reliable locale-independent method for reading archive file names, causing errors when archive paths include non-ascii characters. This is a first step toward dealing with FS#49342, by hopefully reducing the number of packages with non-ascii data in the wild before updating libalpm to reject them outright. See https://github.com/libarchive/libarchive/wiki/Filenames and https://github.com/libarchive/libarchive/issues/587 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28makepkg: also move restore_envvars handling into libmakepkgEli Schwartz
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28makepkg: move config loading into libmakepkgEli Schwartz
When scripting/automating around makepkg, it is sometimes desirable to know how makepkg will be configured to operate. One example is the archlinux devtools, which must forward select makepkg.conf variables into a build chroot (for example PACKAGER) or use those variables itself (for example {SRC,PKG,LOG}DEST). The configuration file can be in up to 3 places, and should be capable of being overridden via environment variables. It is sufficiently complex to represent distinct functionality, and sufficiently useful to merit easy accessibility in other scripts, therefore, let us move it into a publicly exposed utility library. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28libmakepkg: add lint_config to validate SRCEXT/PKGEXTEli Schwartz
These variables must begin with .src.tar / .pkg.tar respectively, so fail early if those expectations are not matched. This prevents makepkg from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64" which are actually uncompressed tarballs. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28repo-add: Add --prevent-downgrade optionekardnam
Implements FS#17752 Signed-off-by: Luca Bertozzi <ekarndam@autistici.org>
2019-05-28Support application/gzip MIME type in extractionKevin Mihelich
file 5.37 changed the gzip MIME type from application/x-gzip to application/gzip, so support this when checking to extract source files. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08makepkg: propagate error codes when package failed to sign correctlyEli Schwartz
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08libmakepkg: install pkg-config fileEli Schwartz
Since makepkg exports a public library of functions, other projects may wish to use these functions. Highlights include parseopts or our messaging functions. Install a pkg-config file in order to let downstream users detect where they can source the libmakepkg functionality. This is useful e.g. to gracefully handle the case where a thirdparty project is configured and installed into a different datarootdir from pacman, but still wants to use the installed pacman's version of libmakepkg. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08libmakepkg: fix missing or inaccurate interdependenciesEli Schwartz
When the executable checking was refactored into libmakepkg, it carried with it, usage of $E_* error codes, which need to be declared from error.sh but are only available when the parent program already sources error.sh; additionally, message.sh was only loaded in a parent library, but not where it was needed, and option.sh was often loaded when it wasn't needed at all. util.sh, meanwhile, has always depended on message.sh functions. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08scripts: protect against unintended glob matching in [[ ]] RHSEli Schwartz
The right-hand side of the [[ ... = ... ]] keyword is an exception to the general rule that quoting is unnecessary with [[ This is usually not a problem, e.g. in libmakepkg, lint_one_pkgname will already fail if pkgname has an asterisk, but it certainly doesn't hurt to be "more proper" and go with the spec; it is more dangerous in repo-add, which can get caught in an infinite loop instead of safely asserting there is no package named 'foo*'. Reported-by: Rafael Ascensão <rafa.almas@gmail.com> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08makepkg: use more schema.sh to clean the environment of special variablesEli Schwartz
Fixes "arch" and "checkdepends" never having been unset, fixes b2sums (but not ${!b2sums_@}) being recently left out. The "build" function used to be unset as well, explicitly unset it as a function and do the same for other official functions as well. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08makepkg: fix bash 5 compatibility when packaging symlinks to a directoryEli Schwartz
In commit b5191ea140386dd9b73e4509ffa9a6d347c1b5fa we moved to using shell globbing to print package files for a couple of reasons including reproducible packaging of .METADATA files. Unfortunately, this only works reliably when the glob pattern does not resolve to a symlinked directory due to a change in the bash 5.0 release. Note that the previous, desired behavior was rather to merely refuse to recurse into symlinked directories, but due to an unrelated issue, the symlink handling for globstar was reworked in a way that had this side effect. See https://lists.gnu.org/archive/html/bug-bash/2019-04/msg00015.html for discussion; this may be fixed at some point, but bash 5.0 is broken either way. The appropriate way of handling this seems to be to use **/* to match instead; this produces the same results on both bash 4 and bash 5, as the ** matches any leading directory component (or none), and the * matches any file, directory, or symlink to either one. Fixes FS#62278 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08makepkg: correctly handle hg sources with updates on a non-default branchEli Schwartz
The "tip" ref actually signifies the most recently updated branch. hg does not support a default branch named anything other than "default", except by creating a "@" bookmark. The correct way to explicitly update to the default clone ref, is therefore to use one of these, rather than "tip". Fixes FS#62092 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08libmakepkg: fix migration to schema.sh for integsumsEli Schwartz
One of the callers was changed to use known_hash_algos, one was not. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-25bash-completion: support file redirection completionsEli Schwartz
The current completions don't properly handle redirection operators, and attempt to complete command completions rather than completing filenames to redirect to. bash-completion provides both _get_comp_words_by_ref and a higher-level wrapper _init_completion, but the latter provides handling of redirection operators, so switch to using that. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-19libmakepkg: fix reporting of invalid archive extensions in compress.shEli Schwartz
In commit 1825bd6716c2a51c92642e8b96beac0101e83805 this was split out from makepkg, but the warning was not properly migrated; $ext did not ever exist. As a result, no matter what you did, the only possible warning was: ==> WARNING: '' is not a valid archive extension. Fix to filter based on the presence of .tar in the argument, and building the $ext variable for all checking and messaging purposes within the function. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-19makepkg: use "shared" git clones when checking out sourcesEli Schwartz
In order to cache sources offline, makepkg creates *two* copies of every git repo. This is a useful tradeoff for network time, but comes at the cost of increased disk space. Normally, git can smooth this over automagically. Whenever possible, git objects are hardlinked to save space, but this does not work when SRCDEST and BUILDDIR are on separate filesystems. When the repo in question is both very large (linux.git for example is 2.2 GB) and crosses filesystem boundaries, this results in a lot of extra disk space being used; the most likely scenario is where BUILDDIR is a tmpfs for bonus ouch. git(1) has a builtin feature which serves this case handily: the --shared flag will create the info/alternates file instructing git to not copy or hardlink or create objects/packs at all, but merely look for them in an external location (that being the source of the clone). The downside of using shared clones, is that if you modify and drop commits from the original repo, or simply delete the whole repo altogether, you break the copy. But we don't care about that here, because 1) the BUILDDIR copy is meant to be a temporary copy strictly derived via PKGBUILD syntax from the SRCDEST, and must be able to be recreated at any time, 2) if the SRCDEST disappears, makepkg will redownload it, thus restoring the objects needed by the BUILDDIR clone, 3) if the user does non-default things like hacking on the BUILDDIR copy then deleting and re-cloning the SRCDEST may result in momentary breakage, but ultimately should be fine -- the unique objects they created will be stored in the BUILDDIR copy. While it's theoretically possible that upstream will force-push to overwrite the base tree from which makepkg is building (which they should not do), *and* the user deleted their SRCDEST which they should not do, *and* they saved work in makepkg's working directory which they should not do either... ... this is an unlikely chain of events for which we should not care. Using --shared is therefore helpful in immediately useful ways and IMHO has no actual downsides; we should use it. An alternative implementation would be to use worktrees. I've rejected this since it is essentially the same as shared clones, except adding additional restrictions on the branch namespace, and could potentially break existing use cases such as manually handling the SRCDEST in order to share repositories with normal working copies. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-19drop DU* config variablesSantiago Torres
Since DUFLAGS and DUPATH are not needed anymore remove them from the source Signed-off-by: Santiago Torres <santiago@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-19build: remove references to variable replacements from pacman-optimizeEli Schwartz
MODECMD and OWNERCMD are not used by pacman itself, so we don't need to check for and replace them now that pacman-optimize is removed. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-19Make makepkg compute sizes properlySantiago Torres
Makepkg used to use du --apparent-size to compute the size of the package. Unfortunately, this would result in different sizes depending on the filesystem used (e.g., btrfs vs ext4), which would affect reproducible builds. Use a wc-based approach to compute sizes Signed-off-by: Santiago Torres <santiago@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07Remove pkgdeltaAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07Remove delta support from repo-addAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07makepkg: add new checksum algorithm via coreutils b2sumEli Schwartz
coreutils 8.26 in December 2016 added this new hashing method which is compatible with the existing md5sum and sha*sum tool usage, while using the blake2 hash algorithm. makepkg uses coreutils to provide source file integrity checks via ${integ}sum binaries and it makes sense to offer this as an additional option. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-21libmakepkg: migrate to schema.sh for integsumsEli Schwartz
We cannot use most of the arrays defined in schema.sh as srcinfo is dependent on the order, but migrate the hashes for now. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-21makepkg: simplify run_pacman logicEli Schwartz
We don't need to check the options twice, since it is the same check both times. Instead, merge the conditionals. As far as I can tell, the only reason the checks for: - PACMAN_OPTS and - whether to use sudo were ever separated is due to the historic existence of --asroot, since the second check included a check for (( ! ASROOT )) until it was cleaned up in commit 61ba5c961e4a3536c4bbf41edb348987a9993fdb. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-21makepkg: implement locking for pacman commandsEli Schwartz
When pacman is run as root to do -S, -U, or -R, it would immediately abort if pacman is not ready for use. Instead, poll the lockfile and wait until it becomes available. Implements FS#28840 Original-patch-by: Georges Dubus <georges.dubus@compiletoi.net> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-04fix various typosmorganamilo
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-31libmakepkg: lint disallowed architecture specific variablesmorganamilo
Variables such as 'pkgdesc_x86_64' are invalid, instead of ignoring them raise an error. This also disallows using 'any' as an architecture specific variable Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-31libmakepkg: lint disallowed variables in package()morganamilo
makepkg will now error if disallowed variables are set inside of the package function. Disallowed variables are variables that do exist, like 'makedepends' and 'pkgver' but can not be set inside of a package function. Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-31libmakepkg: centralise random arrays of pkgbuild variablesmorganamilo
Refactor many of the different arrays of pkgbuild variables into scripts/libmakepkg/util/schema.sh.in. Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-30makepkg: use --unneeded for pacman call in remove_deps()Allan McRae
This patch was inspired by FS#32723 which asks makepkg to install makedepends before depends. The use case is to build a package depending on a virtual package that is only provided by other packages (e.g. java-runtime in Arch Linux), but wanting to build against a specific version. Installing makedepends first (but not at the same time as depends) would allow specifying the version to build against, instead of pacman resolving to the default version when installing depends. It turns out, we can already achieve installing makedepends first by specifying dependencies only in the package function (and making sure makedepends includes everything needed). The only issue is that if we use makepkg to install the built package with the --install flag and along with the --rmdeps flag, we will try to remove any installed dependencies that are specified in the depends array in the package function. To counter this, we need to use the --unneeded flag for the pacman call. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-30libmakepkg: Add lzip ext supportChloe Kudryavtsev
lzip is a lossless data compressor designed to replace gzip and bzip2 as the standard general-purpose compressed format. - add .lz (lzip) support to libmakepkg/util/compress.sh:compress_as - add COMPRESSLZ to makepkg.conf.in - document COMPRESSLZ - document PKGEXT with `.tar.lz` Signed-off-by: Chloe Kudryavtsev <toast@toastin.space> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-22libmakepkg: move checkdepends to the correct arraymorganamilo
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-22libmakepkg: Implement extendable signature verificationEli Schwartz
Lookup the existence of matching functions for each protocol, and fallback on the generic file handler. New verification protocols can then be added via thirdparty libmakepkg drop-ins without requiring modifications to verify_signature.sh Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-22libmakepkg: implement extendable source protocolsEli Schwartz
Lookup the existence of matching functions for each protocol, and fallback on the generic file handler. New source protocols can then be added via thirdparty libmakepkg drop-ins without requiring modifications to source.sh Fixes FS#49076 Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-22libmakepkg: optimize get_protocol to always return proto, not proto+uriEli Schwartz
e.g. git+https:// is commonly used for git repositories cloned over HTTPS, but we assume a proto with a plus in it is actually a protocol followed by some URI handler. So we might as well simplify the return value and not have to always add glob matching everywhere when checking the proto in use. This is required in order to use the proto directly in function calls, which will be used in a followup patch. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-22libmakepkg: make gettext replacements more templatedEli Schwartz
Making the undescore be translated is probably not something we need translators to think about. Additionally, a number of places which use the same text differ only by the variable being referenced, so simplifying the string means we can drop a redundant translation. Bonus: we save a few bytes here and there. \o/ Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-16libmakepkg: disallow using 'any' with other archesmorganamilo
Error if the arch array contains any and any other values. This also fixes a bug where the check for `$arch == 'any'` which only evaluated the first value in the array, meaning the rest of the values would not be linted. Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-14meson: fix regression that broke building libmakepkgEli Schwartz
In commit f7efa6a93d5361af610827d41045d87c7a72f2b5 we added a new file, and also wired it up to the build systems, but it got added under the wrong name in meson.build Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-10makepkg: return E_PKGBUILD_ERROR for nonexistent PKGBUILDEli Schwartz
This is not really an error with a "user function". Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>