Age | Commit message (Collapse) | Author | Files | Lines |
|
Adds functions for every gpg command. By pulling out the gpg commands from the
"program start" section, additional commands can be run before or after a
specific gpg command without adding additional clutter to the function call
section.
Adds an explicit exit status of 0 to prevent arithmetic expansions from
returning non-zero, thereby falsely causing pacman-key to have a non-zero exit
status.
This change creates the framework for additional error messages and better
exit statuses being added to every pacman-key gpg call.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Use consistent blank lines across all commands, get rid of the
translated double newlines which only serve to confuse translators, and
fix -h/--help for that extra special third command this script offers.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Conflicts:
lib/libalpm/signing.c
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
makepkg would not abort on a missing download agent due to the
output variable being declared local on the same line as the
function call in the assignment. That would result in strange output
such as:
==> Retrieving Sources...
==> ERROR: There is no agent set up to handle foo URLs. Check /etc/makepkg.conf.
Aborting...
-> Downloading foobaz...
/home/arch/code/pacman/scripts/makepkg: line 401: foo://foobaz: No such file or directory
==> ERROR: Failure while downloading foobaz
Aborting...
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Declaring the variable as local on the same line as the assignment
results in result of the assignment being returned rather than the
result of the function on the righthand side of the assignment.
Declaring the variable as local on a separate line means the result
of the function on the r.h.s. is returned and our error function
will be invoked if necessary (although it is practically impossible
to ever trigger it...).
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Simplify the source tarball generation by unifying the handling of
local and remote files. This also allows local files to be found
in $SRCDEST (FS#26580) and makepkg will abort on missing local source
files (only possible to trigger in combination with --skipinteg).
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
The current calculation of the total file size for a package using "du"
suffers from issues in portability and correctness. Especially on btrfs,
this can result in clearly wrong package information such as:
Download Size : 14684.29 KiB
Installed Size : 7628.00 KiB
Use an approach based on "stat" to calculate total file size.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Using the value of "SKIP" in the checksum array will cause that
integrity check to be skipped. This makes building packages that
rely on user configurable sources less painful.
Based-on-patch-by: Dan McGee <dan@archlinux.org>
Based-on-patch-by: David Campbell <davekong@archlinux.us>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
Signed-off-by: Timothy Redaelli <timothy.redaelli@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Allows renamed .asc/.sig files to be still discovered by makepkg. This
is needed for a package such as PuTTY, which provides abnormally named
sig files (.DSA and .RSA) which are valid input for gpg --verify.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This converts our script generation to use the built-in AM_V_GEN macro,
which honors the V= setting passed to make and allows one to see the
full command if they truly desire. The AM_V_at macro is also used in
place of an explicit @ so verbose-mode compiles show all commands being
run.
We can also use these two macros in doc generation to quiet it down to
the level we expect.
Other minor changes:
* a pointless test call is removed in test/pacman/tests/
* sed is used instead of dos2unix as we depend on it anyway
* consecutive chmod calls are reduced to a single call (e.g., '+x,a-x')
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Be more semantically accurate and avoid accidental overwriting of some
configuration variables that are considered to be constant.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
This prevents user error in adding a file generated via `gpg --sign`
rather than `--detach-sign`, for example. The same 16KiB limit is used
we use in our pacman download code.
The section is moved above the checksum generation to avoid presenting
info messages to the user if the signature isn't valid.
Addresses a shortcoming pointed out in FS#27453.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
Whereas comm will check inputs to see if they're sorted (and warn when
they aren't), grep doesn't even care about ordering. In this particular
instance -- neither do we. We're only interested that the two lists are
equivalent.
Fixes FS#26580.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Some late-arriving translation updates and add the correct dates to the
index.txt releases table.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
Add support for overriding configuration in /etc/makepkg.conf and
~/.makepkg.conf by setting the environment variable PACKAGER similar to
how SRCDEST and PKGDEST behave.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This addresses a short but sweet race condition currently existing in
repo-add and repo-remove. We do the smart thing and zip the database to
a location in a temporary directory and not over the original database
directly. However, we then proceed to move this file directly from the
temporary directory to our final location, which is more than likely a
cross-filesystem move (/tmp on tmpfs) and thus non-atomic.
Instead, zip the file to the same directory, prefixing the filename with
'.tmp.'. We then move the file into place. This move is guaranteed to be
atomic, so any reader of the database file will get either the old
version, the new version, or ENOENT.
We also perform a hardlink if possible instead of a move when shifting
the old database out of the way to '.old'; this ensures there is no
chance of a database file not existing during the whole process.
Only one small race condition should now be present- when the database
has been fully moved into place and the signature has not, you may see a
mismatch. There seems to be no good way to address this, and it existed
before this patch.
A final note- if someone had locked-down permissions on the directory
that the database files are in (e.g., could only write to foo.db.tar.gz,
foo.db, foo.db.tar.gz.old, foo.db.old, and the lock file), this would
break.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Given our semi-frequent use of pushd/popd, if we are in any directory
but the original and the database path given was relative, we won't
unlock the database file when cleaning up after an error.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
* Add last-minute changes to NEWS
* Don't treat '_' or '_n' special in scripts when finding translatable
strings; this breaks with one use of `read` and a dummy _ variable
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This applies to pkgver, pkgrel, and epoch and ensures that any trailing
whitespace outside of the context of the variable declaration itself is
properly trimmed. The Bash parser will ignore this, and so should we.
We don't need to worry about leading space because it would force a
syntax error, or fail validation.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Bump the version, update the translation template files, and fill in
NEWS with relevant commits and changes since 4.0.0.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
This prevent bsdtar from exploding when install= or changelog= are
present without a value.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
Detached sgnature files with extension .sign are accepted by gnupg.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Conflicts:
src/pacman/package.c
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
The default is supposidely 30 seconds from the gpg manpage, but that
sure wasn't what I was seeing- it was somewhere closer to two minutes of
silence. Add a more reasonable 10 second timeout value which should be
good enough for any keyserver that doesn't totally stink at it's job.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
Nothing we do in our traps is necessary this early in the script. This
fixes FS#26196.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Conflicts:
src/pacman/util.c
|
|
Replace "/tmp" with "${TMPDIR:-/tmp}" to allow for overriding the
hardcoded path.
Since we only use "/tmp" in conjunction with mktemp(1), we could also
have used "--tmpdir", which is GNU-ish, however (and the BSD counterpart
"-t" has been deprecated in GNU mktemp).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This includes some fixes to the messages that are displayed when a
signal is caught in makepkg or repo-add:
* Instead of always showing "==> ERROR: TERM signal caught. Exiting...",
replace "TERM" by whatever signal is actually caught.
* Fix a typo in the SIGERR error message in repo-add ("occurred" instead
of "occured"). Francois already fixed this for makepkg in 1e51b81c.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
There is a small chance that a user sends SIGINT (or any other signal
that is trapped) when we're already in clean_up() which used to lead to
trap_exit() being executed and the remaining code in clean_up() being
skipped due to the bash signal/trap handler blocking EXIT (since its
handler is already being executed, even if it's interrupted).
In practice, this behaviour caused unexpected results (primarily because
pressing ^C at the wrong time left a lock file behind):
$ ./repo-add extra.db.tar.gz foobar
==> Extracting database to a temporary location...
^C
==> ERROR: Aborted by user! Exiting...
$ ./repo-add extra.db.tar.gz foobar
==> Extracting database to a temporary location...
==> ERROR: File 'foobar' not found.
==> No packages modified, nothing to do.
^C
==> ERROR: Aborted by user! Exiting...
$ ./repo-add extra.db.tar.gz foobar
==> ERROR: Failed to acquire lockfile: extra.db.tar.gz.lck.
==> ERROR: Held by process 18522
Fix this and reduce the chance of race conditions in signal handlers by:
* Unhooking all traps in both clean_up() and trap_exit().
* Call clean_up() explicitly in trap_exit() to make sure we remove the
lock file and the temporary directory even if we send SIGINT when
clean_up() is already being executed but didn't reach the unhook code
yet.
Also, add an optional parameter to clean_up() to allow for setting an
explicit exit code when we call clean_up() from trap_exit().
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
We have a few incomplete translations, but these should be addressable
before the 4.0.1 maint release that is surely not that far in the
future.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This screws up gettext and causes the message to display always
untranslated.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
In prep for the 4.0.0 release.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Inline comments after pkgver or pkgrel would cause the sanity
checks to fail so remove them before checking the value.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
This allows it to serve double-duty. In order to allow users to base
verification decisions off of both a valid signature and a trusted
signature, we need to assign some level of owner trust to the keys we
designate as trusted on import.
Signed-off-by: Dan McGee <dan@archlinux.org>
|