summaryrefslogtreecommitdiff
path: root/scripts
Commit message (Collapse)AuthorAge
* makepkg: command line options for signing packagesDenis A. Altoé Falqueto2011-03-28
| | | | | | | | | | | | | | | | | | Three new command line options were added: --sign: forces the generation of a signature for the resulting package, taking precedence over the value in makepkg.conf --nosign: do not sign the resulting package --key <key>: use a different key than the user's default for signing the package. A check is performed to ensure the user has (provided) a valid gpg key for signing. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Create pacman keyring directory if missingRay Kohler2011-03-27
| | | | | | | | | | | | | | Use mode 755, so non-root users can see inside. Add "--no-permission-warning" to GPG_PACMAN to suppress the noise that otherwise comes of not using mode 700 - this is not private data. GPGme turns out not to issue this warning itself, so no problem there. TODO: should non-root users be allowed to use the read-only operations (--list, --export, --finger)? Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
* Clean up repo-add usage messageRay Kohler2011-03-27
| | | | | | | | This now includes -s and -v, tailors itself to the current command, and is formatted more like that of other pacman commands. Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
* Merge branch 'maint'Dan McGee2011-03-27
|\ | | | | | | | | Conflicts: lib/libalpm/deps.c
| * Clarify error message in pacman-db-upgradeDan McGee2011-03-27
| | | | | | | | | | | | Addresses FS#23451. Signed-off-by: Dan McGee <dan@archlinux.org>
* | Sign database even if emptyRay Kohler2011-03-27
| | | | | | | | | | | | | | | | Move the create_signature() call outside the case of non-empty databases, so it will be called regardless. Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
* | makepkg: allow PKGEXT and SRCEXT to be overridden by env variablesRay Kohler2011-03-27
| | | | | | | | | | | | Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* | Rely on the return value of type instead of its outputDave Reisner2011-03-27
| | | | | | | | | | Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
* | Merge branch 'maint'Dan McGee2011-03-24
|\|
| * Make log redirection sanerJan Steffens2011-03-24
| | | | | | | | | | | | | | | | | | My main motivation was to remove the "sync", which can stall for minutes on a busy machine (FS#23378). I also cleaned up the redirection. Signed-off-by: Jan Steffens <jan.steffens@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* | Fix use of relative paths for packages in repo-addRay Kohler2011-03-24
| | | | | | | | | | | | | | | | | | Move checksum and pgpsig calcluation before changing into the tmpdir, otherwise we can't find the files if a relative path was used. Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
* | Merge branch 'gpg-build-tools'Dan McGee2011-03-23
|\ \
| * | repo-add: add sha256sum values to repo databaseDan McGee2011-03-23
| | | | | | | | | | | | | | | | | | | | | Implements FS#23103. Also modify libalpm so it ignores this value without any warning as we know it is likely to exist. Signed-off-by: Dan McGee <dan@archlinux.org>
| * | repo-add: add symlink to signature fileAllan McRae2011-03-23
| | | | | | | | | | | | Signed-off-by: Allan McRae <allan@archlinux.org>
| * | repo-add: Fix up usage with GPG optionsDan McGee2011-03-23
| | | | | | | | | | | | Signed-off-by: Dan McGee <dan@archlinux.org>
| * | repo-add: add -v/--verify optionDan McGee2011-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is intended to verify an existing signature on a database before making further changes to it and performing updates. Rarely would you use this without immediately resigning it via the -s/--sign option. Instead, it is intended as a "chain of trust" operation where the previous signature is verified to give you some sense that what you sign off on is also safe. Still todo: don't make changes unless the signature is not only good, but also in the accepted list of keys. Signed-off-by: Dan McGee <dan@archlinux.org>
| * | repo-add: allow signing of the package databaseDan McGee2011-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to be fully secure, we can't only sign packages. We also need to sign our repository metadata to prevent database falsification, dependency injection, etc. Add an '-s/--sign' option that allows this functionality, and will generate a .sig file side-by-side with the package database. While at it, fix the issue where a signature file would never be found because of 'cd' madness (this needs fixing in another commit). Signed-off-by: Dan McGee <dan@archlinux.org>
| * | Add PGPSIG field in repo-addGeoffroy Carrier2011-03-23
| | | | | | | | | | | | | | | | | | | | | | | | Use base64 encoding to store the value in the database if a .sig file exists for the package being added. Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr> Signed-off-by: Dan McGee <dan@archlinux.org>
| * | makepkg: place signature symlink in build dirAllan McRae2011-03-22
| | | | | | | | | | | | | | | | | | | | | Be consistent in package and signature placements when using PKGDEST. Signed-off-by: Allan McRae <allan@archlinux.org>
| * | makepkg: allow signatures to work with split packagesDan McGee2011-03-22
| | | | | | | | | | | | Signed-off-by: Dan McGee <dan@archlinux.org>
| * | Add GPG signature support to makepkgGeoffroy Carrier2011-03-22
| |/ | | | | | | | | | | | | | | | | This is a rather simple patch to add signing support to makepkg. Add a create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf, and document the changes in the makepkg.conf manpage. Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr> Signed-off-by: Dan McGee <dan@archlinux.org>
* | pacman-key help, round threeDan McGee2011-03-23
| | | | | | | | | | | | | | | | Make it actually like all our other tools rather than some homegrown format. Also make it translator friendly by not wrapping messages across lines in different strings. Signed-off-by: Dan McGee <dan@archlinux.org>
* | pacman-key: improve usage outputAllan McRae2011-03-23
| | | | | | | | | | | | | | | | | | Make the usage output display nicely on 80 character width terminals. Also fix parsing of "-h" and "-v" options and avoid root check when run with no commands. Signed-off-by: Allan McRae <allan@archlinux.org>
* | pacman-key: remake of --reload commandDenis A. Altoé Falqueto2011-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The --reload command was refactored to allow a more flexible management. There are two sets of keys that will be added, one that will be removed and one that will be kept. The set of keys to be kept are configured in pacman.conf, with the option HoldKeys, with the same meaning of HoldPkgs. It can be repeated and several values can be put in the same entry. The new behavior allows a key to be marked for removal, but the user can decide if that key must be kept. For example, if a developer has a public repository, signed with his own key, that key must be added to the HoldKeys option. If the key is marked for removal from pacman's keyring, it will not be removed for the users that have configured HoldKeys correctly. There are other minor fixes, mainly in the handling of --add command when there is no aditional parameter. In that case, pacman-key will behave just like gpg, adding the contents of stdin into pacman's keyring. Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
* | pacman-key: keyring management toolDenis A. Altoé Falqueto2011-03-23
|/ | | | | | | | | The script pacman-key will manage pacman's keyring. It imports, exports, fetches from keyservers, helps in the process of trusting and updates the trust database. Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
* makepkg: Improve optdepends extractionAllan McRae2011-03-20
| | | | | | | | | | Prevents issues where optdepends descriptions contain a bracket. Also, strip all comments from arrays before joining them. Fixes FS#23307. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Fix some easy to find double translationsDan McGee2011-02-28
| | | | | | | | A lot of these were places that should have used the same message but didn't, or were very easy to convert to using the same message and letting some of the burden off of the translators. Signed-off-by: Dan McGee <dan@archlinux.org>
* Ensure pkgbase/epoch are defined before doing anythingDan McGee2011-02-11
| | | | | | | | | When generating integrity sums, we could get some weird output before due to epoch being uninitialized: /usr/bin/makepkg: line 234: [[: 2.6.37: syntax error: invalid arithmetic operator (error token is ".6.37") Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: more bash-3.2 compatibilityAllan McRae2011-02-06
| | | | | | | | Adding the "|| true" to the subshell prevents bash-3.2 setting off the error_trap but requires changing the if statement. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: initialize local arrays to emptyAllan McRae2011-02-02
| | | | | | | | Fixes bash-3.2 compatibility. Thanks-to: Dave Reisner <d@falconindy.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: error on invalid optdependsAllan McRae2011-02-02
| | | | | | | Missed in commit a88cb03a. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: make SRCPKGDEST default to $startdirCedric Staniewski2011-02-02
| | | | | | | | | The current behaviour, which is placing source packages in PKGDEST if SRCPKGDEST is not set, is inconsistent with {SRC,PKG}DEST handling and there is no real advantage in doing so. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: Fix the check for references to srcdir/pkgdirNezmer2011-02-02
| | | | | | | | | | | | | | | | | At least in FreeBSD, find always returns 0 if it finds stuff (imagine that). It doesn't care about the exit status of whatever is passed to -exec. This patch makes the checks compatible with this behaviour. Using xargs and not using grep directly because packages with too many files would cause grep to complain about argument list being too long. This should also fix the false positive in packages with no files. Signed-off-by: Nezmer <git@nezmer.info> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: fix indention to follow style guideCedric Staniewski2011-02-01
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Merge branch 'epoch-work'Dan McGee2011-01-22
|\
| * makepkg: encode epoch in version specifier if > 0Dan McGee2011-01-22
| | | | | | | | | | | | | | | | | | | | | | This makes things consistent with everywhere else we are incorporating the new optional epoch field. Add a helper function that forms the version string for you and use it in makepkg where I found 'pkgver.*-.*pkgrel'. This exposes a few shortcomings in a previous "Override pkgver" patch (2020e629) in the install package and check if built functions. Signed-off-by: Dan McGee <dan@archlinux.org>
| * Remove epoch as an independent fieldDan McGee2011-01-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead, go the same route we have always taken with version-release in libalpm and treat it all as one piece of information. Makepkg is the only script that knows about epoch as a distinct value; from there on out we will parse out the components as necessary. This makes the code a lot simpler as far as epoch handling goes. The downside here is that we are tossing some compatibility to the wind; packages using force will have to be rebuilt with an incremented epoch to keep their special status. Signed-off-by: Dan McGee <dan@archlinux.org>
* | Makefile: Use git describe --dirty for GIT VERSIONXavier Chantry2011-01-22
| | | | | | | | | | | | | | | | dirty indicates if the repo has uncommited changes or not when building, so dont hardcode this info. Signed-off-by: Xavier Chantry <chantry.xavier@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
* | repo-add: only attempt to create deltas when askedAllan McRae2011-01-22
|/ | | | | | | | | | repo-add should only attempt to create the delta file when using the -d option. Also adjust a couple of tests to use the "double bracket" syntax. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: perform all sanity checks before erroring outDan McGee2011-01-14
| | | | | | | | | | | | It is pretty annoying to get one, fix it, and then get another. We should be able to continue on through most of the sanity checks in one go so the user gets all the error messages at once. Also ensure $pkgbase is defined by the time we call this function; previously we printed nothing where a package name should have been due to this oversight. Signed-off-by: Dan McGee <dan@archlinux.org>
* repo-add: fix misguided conditional correctionDan McGee2011-01-13
| | | | | | | | I tried to move things around here when testing and did a bit too much; the warning message always showed regardless of delta inclusion in the call. Fix it so we only warn if we have a filename, but the file couldn't be located. Signed-off-by: Dan McGee <dan@archlinux.org>
* repo-add: Create/modify files databasesPyroPeter2011-01-11
| | | | | | | | | Implements FS#11302. Dan: updated docs to not reference pkgfile. Signed-off-by: PyroPeter <abi1789@googlemail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
* repo-add: use pushd/popdDan McGee2011-01-11
| | | | | | | | Rather than explicit cd calls, we can use the directory stack to our advantage. This also removes the need to store and restore $startdir, so kill the variable entirely. Signed-off-by: Dan McGee <dan@archlinux.org>
* Update copyright years for 2011Allan McRae2011-01-07
| | | | | Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: add option to clear buildflagsAllan McRae2010-12-29
| | | | | | | | | | Add the "buildflags" option, which is useful in its negative form for disabling CFLAGS, CXXFLAGS and LDFLAGS when building a package. This is useful when determining of one of these flags is causing an issue with a package. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: Add check() function for running test suitesAllan McRae2010-12-29
| | | | | | | | | | | | | | A PKGBUILD can have an option check() function for running test suites between the build() and package() stages. This function is run by default but can be disabled globally in with "!check" in BUILDENV in makepkg.conf. This setting can be controlled on an individual package basis using makepkg's --check and --nocheck flags. Addition dependencies needed for running the test suite can be specified in the checkdepends array and are only checked when running the check() function. Original-work-by: Jeff C <jeff@kcaccess.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: escape closing bash array paren for awkDave Reisner2010-12-29
| | | | | | | | | | | The closing parenthesis of bash arrays needs to be escaped in the ending address of awk expressions in order to play nicely with implementations of awk other than gawk. This change provides compatibility with gawk, nawk and mawk. Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: allow pkgname usage in split package functionsAllan McRae2010-12-29
| | | | | | | | | | | | Currently, using $pkgname in a split package package_*() function always returns the first value in the pkgname array rather than the name of tha package being packaged. Fix this so $pkgname gives the expected value. Fixes FS#22174 Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* makepkg: remove last inappropriate PKGBUILD usageAllan McRae2010-12-20
| | | | | | | | We should always use $BUILDSCRIPT instead of PKGBUILD. The only remaining uses of PKGBUILD in makekg are in comments. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* Update scripts/ .gitignoreDan McGee2010-12-12
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>