| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're putting the cart ahead of the horse a bit here. Given that our
keyring is not one where everything is implicitly trusted (ala gpgv),
keeping or deleting a key has no bearing on its trusted status, only
whether we can actually verify things signed by said key.
If we need to address this down the road, we can find a solution that
works for the problem at hand rather than trying to solve it now before
signing is even widespread.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unlike our protégé apt-key, removing a key from our keyring is not
sufficient to prevent it from being trusted or used for verification. We
are better off flagging it as disabled and leaving it in the keyring so
it cannot be reimported or fetched at a later date from a keyserver and
continue to be used.
Implement the logic to disable the key instead of delete it, figuring
out --command-fd in the process.
Note that the surefire way to disable a key involves including said key
in the keyring package, such that it is both in foobar.gpg and
foobar-revoked.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
| |
This finishes the cleanup started in 710e83999bbf. We can do a straight
import from another keyring rather than all the funky parsing and piping
business we were doing.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
| |
Otherwise we're hiding extremely relevant bits like this one:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
| |
Rather than saying it was invalid, tell the user no signature exists.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
| |
* Ensure usage message is indented correctly
* Show short filenames for both the gpg keyring and revocation file
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
| |
When doing something like `pacman-key --edit-key 'Dan McGee'`, one would
expect it to work, and not fail.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
This fixes build errors when performing a manual install straight to a
filesystem where the files already exist.
Reported-by: Sergej Pupykin <ml@sergej.pp.ru>
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
4ed12ae tightened up the logic to use only find, but ignored the fact
that since the manpage hard link names were no longer captured. They
were created as separate compressed manpages, rather than as hardlinks.
This also introduces a minor efficiency of deleting all hardlinks at
once and using proper iteration over an array rather than a string.
Note to anyone else touching this code: e2fsprogs and libpcap are useful
for testing this. If that changes in the future, you can use the below
bash to locate others:
IFS=$'\n' read -rd '' -a a < <(find /usr/share/man -type f \! -links 1)
pacman -Qqo "${a[@]}" | sort -u
I broke it!
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
|
|
|
|
|
|
|
|
| |
When a sourceball passes this check without any warnings, a newline is
omitted. Similar to the if clause of this else block, print a single new
line at the end of the clause instead of accounting for each output.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
|
|
|
|
|
|
|
| |
This prevents makepkg from aborting with 'file not found' when
changelog= or install= are declared in a PKGBUILD, but empty.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
This is a fix for a bash3 specific bug, where a file sourced by
/etc/profile would exit non-zero and make its way back up to makepkg,
forcing it to exit after package installation. Along with unsetting the
ERR handler, temporarily unset errexit to avoid this.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
|
|
|
|
|
|
|
| |
This simplifies the flow a bit, making the pipeline a little easier to
grok.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
|
|
|
|
|
|
| |
find can do this all on its own and remain portable.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
|
|
|
|
|
|
| |
Correcting a typo, as this function will never output anything.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
|
|
|
|
|
|
|
|
| |
- display associated warnings on same line as pass/fail msg, to be more
consistent with checksum verification output
- properly error on a revoked key (matching pacman's behavior)
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
| |
We seem to enjoy using bash regex capabilities, but never referencing
the result with BASH_REMATCH. Replace almost all regexes with equivalent
globs which are faster and functionally equivalent in these cases.
This enables the extglob shopt.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
| |
Don't just set the flag variables to zero length strings, actually unset
them from the environment. This fixes issues with broken gnu Makefies
that use ?= for assigment, where the presence of a var is enough to make
this condition avoid assignment.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
- Properly read each sorted line into a new array, instead of breaking
on every word.
- LC_COLLATE should apply to the sort portion of the pipeline, not the
printing.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
|
|
|
|
|
|
| |
This allows new signatures to be pulled, revocations to be found, etc.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
| |
This also renames '--receive' to '-recv-keys' to match the wrapped gpg
option name, rather than invent a new one, now that the calling
convention is the same.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
We were using the mystical [<foobar>] options which is some sort of
cross between a <required> argument and an [optional] one. Remove this
madness and do some other general cleanup/consistency work in the
manpage.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
| |
The regex wasn't rooted at the end of the filename, nor was it matching
a period/dot before the file extension. The end result was this matched a
file named '07_all_sig.patch' which is totally broken.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
| |
Read the entire variable, respecting escapes, which are necessary to
retain for the successive eval.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
| |
Further improvments on 2ca27ab which will allow the changelog and
install script files to contain whitespace.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
| |
Broken in 2ca27a by me, trying to fix another problem.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
| |
This allows local signing of a given key to help establish the web of
trust rooted at the generated (or imported) master key.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables pacman-key, during --init, to generate a single secret key
for the pacman keyring if one is not present. This will be used as the
root of the web of trust for those that do not wish to manage it with
their own key, as will be the default.
This does not preclude later adding other secret keys to the keyring, or
removing this one- we simply ensure you have at least one secret key
available.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Any option that flips UPDATEDB=1 doesn't work right now due to what we
thought was a good idea in commit cab1379a1ab14. Fix this by not
including the update operation in the option count and special casing
it where necessary.
Also, bring back the helpful "Updating trust database" message.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a add_gpg_conf_option() helper function which tries to be
intelligent and only add not found options, and those which have not
been explicitly commented out.
The new options added are 'no-greeting', 'no-permission-warning', and a
default 'keyserver'.
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
| |
* secring.gpg can be 600, readable by root user only
* ensure grep for lock-never option in check_keyring doesn't catch comments
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
The HoldKey option was undocumented and was not suited for pacman.conf.
Instead use the file "/etc/pacman.d/gnupg/heldkeys" to contain a list
of keys not to be removed from the pacman keyring with the --populate
option.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
After most operations that touch the keyring, it is a good idea to
always run a check on the trustdb as this prevents gpg complaining
on later operations.
Inspiration-from: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The optimization of only importing keys that were not to be later
revoked was a not smart enough. For example, if a key was
in both a repos keyring and its revoke list, alternate runs of
pacman-key --populate would add then remove the key from the pacman
keyring. This problem is made worse when considering the possibility
of multiple keyrings being imported.
Instead, import all keys followed by the revoking of all keys. This
may result in a key being added then revoked, but that is not much of
an issue given that is a very fast operation.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current --reload option, apart from being non-clear in its naming,
is very limited in that only one keyring can be provided. A distribution
may want to provide multiple keyrings for various subsets of its
organisation or custom repo providers may also want to provide a keyring.
This patch adds a --populate option that reads keyrings from (by default)
/usr/share/pacman/keyrings. A keyring is named foo.gpg, with optional
foo-revoked file providing a list of revoked key ids. These files are
required to be signed (detached) by a key trusted by pacman-key, in
practice probably by the key that signed the package providing these
files. The --populate flag either updates the pacman keyring using all
keyrings in the directory or individual keyrings can be specified.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a safety measure to prevent simple code injection.
$ i="foo bar"
$ eval i="$i"
bash: bar: command not found
$ eval i=\"$i\"
$ echo "|$i|"
|foo bar|
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
| |
If any of pkgver, pkgrel or epoch contained a variable substitution,
then it needed to be evaluated before checking its value conformed
to the rules.
[Dan: add quotes around RHS]
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
| |
makepkg --source is a often used go make source package like for AUR.
Have a -S shortcut will save the world.
Signed-off-by: Sebastien Luttringer <seblu@seblu.net>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
When creating a repo outside the current directory, the signature
symlink was not created.
Reported-by: Gaetan Bisson <bisson@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
| |
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The use of warning once we had already started adding a package was
confusing as it broke the standard indent pattern. It was especially bad
if adding multiple packages as it wasn't clear what sub-messages applied
to which package being added. This should be an output change only from:
==> Adding package '/tmp/sync/netcfg-2.6.7-1-any.pkg.tar.xz'
-> Computing checksums...
-> Adding package signature...
==> WARNING: An entry for 'netcfg-2.6.7-1' already existed
-> Removing existing entry 'netcfg-2.6.7-1'...
-> Creating 'desc' db entry...
-> Creating 'depends' db entry...
to:
==> Adding package '/tmp/sync/netcfg-2.6.7-1-any.pkg.tar.xz'
==> WARNING: An entry for 'netcfg-2.6.7-1' already existed
-> Computing checksums...
-> Adding package signature...
-> Removing existing entry 'netcfg-2.6.7-1'...
-> Creating 'desc' db entry...
-> Creating 'depends' db entry...
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
| |
These are equivalent. Use the autoconf macro for consistency.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
| |
This applies to the repo-remove man page as well as the script itself.
Yes Dan, I ran distcheck afterwards.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|
|
|
|
|
|
|
|
|
|
| |
When adding a package to a repo, it is useful to be able to see
that repo-add has indeed found the signature file.
[Dan: update text to be more in line with other messages]
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
|