Age | Commit message (Collapse) | Author | Files | Lines |
|
Simply pass options on to gpg the same way gpg uses them -- no looping
through and checking lots of signatures.
This prevents a situation where the signature file to be verified is
manipulated to contain an embedded signature which is valid, but not a
detached signature for the file you are actually trying to verify.
gpg does not offer an option to verify many files at once by naming each
signature/file pair, and there's no reason for us to do so either, since
it would be quite tiresome to do so.
In the event that there is no signature/file pair specified to
pacman-key itself,
- preserve gpg's behavior, *if* the matching file does not exist, by
- assuming the signature is an embedded signature
- deviate from gpg's behavior, by
- offering a security warning about which one is happening
- when there is an embedded signature *and* a matching detached file,
assume the latter is desired
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Provide both build systems in parallel for now, to ensure that we work
out all the differences between the two. Some time from now, we'll give
up on autotools.
Meson tends to be faster and probably easier to read/maintain. On my
machine, the full meson configure+build+install takes a little under
half as long as a similar autotools-based invocation.
Building with meson is a two step process. First, configure the build:
meson build
Then, compile the project:
ninja -C build
There's some mild differences in functionality between meson and
autotools. specifically:
1) No singular update-po target. meson only generates individual
update-po targets for each textdomain (of which we have 3). To make
this easier, there's a build-aux/update-po script which finds all
update-po targets and runs them.
2) No 'make dist' equivalent. Just run 'git archive' to generate a
suitable tarball for distribution.
|
|
This isn't super interesting for the autotools side, but it's necessary
in order to make things sane for other build systems which we might
introduce in the future.
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Use implicit dependency rules to translate asciidoc inputs to HTML and
manpage outputs. We should only have to declare explicit dependencies
for odd cases, e.g. the PKGBUILD documentation has an additional include
file and isn't a 1:1 conversion.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Adds opt-in lz4 compression of *pkg.tar files with makepkg.
This is nice to have as an option for very fast compression
and is already installed with libarchive.
Signed-off-by: Alex Butler<alexheretic@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Add missing sha224 sums to makepkg.conf and it's man page.
Signed-off-by: Michael Straube <michael.straube@posteo.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Ini-style configuration formats are all over the place. So are we, for
that matter, as we switched how we treated middle-of-line comments in
commit 8a19c4a78251c5e34ecf508a65d943ca2dc833c7 -- namely, they're not
comments anymore. This is surprising to users, who report bugs because
it used to work, but what's more surprising is that the only
"documentation" for the type of comments users can be expected to use,
is by guessing from our example pacman.conf and maybe discovering
unreliable easter eggs.
Fixes FS#58809
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The use of --sysroot in the real world has flagged some issues that need
addressing. Undeprecate --root for now.
This reverts commit a278356f75866f89232e3e6230bbf9fb2dc1893c.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We do not distribute a ChangeLog prototype, so should not reference
it in the man page.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: morganamilo <morganamilo@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The format of pkgrel was much more retrictive than described in the
man page. Update the documentation to reflect this.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
pacman accepts these, and there is no good reason to be more restrictive
ourselves; we should follow the example of "depends" here.
Update the documentation to actually state that this is supported.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Since we no longer use vim-specific modelines, use the .asciidoc file
extension which is, well, reserved for asciidoc formatted files. This
should presumably work everywhere without needing editor-specific
workarounds and configuration.
Also add a shebang to makepkg.conf to indicate it contains bash content.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Many of these are pointless (e.g. there is no need to explicitly turn on
spellchecking and language dictionaries for the manpages by default).
The only useful modelines are the ones enforcing the project coding
standards for indentation style (and "maybe" filetype/syntax, but
everything except the asciidoc manpages and makepkg.conf is already
autodetected), and indent style can be applied more easily with
.editorconfig
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
file 5.33 introduces a new MIME type "application/x-pie-executable",
which is used for relocatable binaries. makepkg ignored these binaries
and did not attempt to strip them.
Handle the new MIME type like the old "application/x-sharedlib".
Stripping the binaries with --strip-unneeded to keep relocation
information should be the correct thing to do.
file 5.33 also misidentifies actual libraries as PIE executables, so we
didn't strip any shared libraries, either. We now work around this bug.
Signed-off-by: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Adding the architecture to the 'installed' elements of the .BUILDINFO
file makes it easier to retrieve the packages needed to reconstruct
the build environment.
Signed-off-by: Robin Broda <robin@broda.me>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Architecture information is required for repro tooling
This is a revised version of https://patchwork.archlinux.org/patch/475/
Signed-off-by: Robin Broda <robin@broda.me>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
make update-copyright OLD=2017 NEW=201
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
They're all generated during make.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Currently this seems to be only theoretically useful. The most likely
reason for wanting a packagelist is in order to script makepkg and
derive the filenames for the packages we want to install or repo-add,
but in the current implementation this requires a lot of additional
post-processing which must be duplicated in every utility to wrap
makepkg.
- It is of minimal use to know what packages might get created on some
other device utilizing a different CPU/OS architecture, so don't list
them.
- It is non-trivial to reimplement makepkg's logic for sourcing any of
several makepkg.conf configuration files, then applying environment
overrides in order to get the PKGDEST and PKGEXT, so include them
directly in the returned filenames.
- Output is delimited by newlines, for readability. For maximum
parsing reliability, libmakepkg needs to learn how to lint the PKGDEST
and PKGEXT variables to ensure they do not contain newlines, which
will be submitted in a separate patch.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The --root option was widely misunderstood, and is now replaced by
--sysroot.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Add a new man page which describes the structure of a BUILDINFO file
included in a package produced by makepkg.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit 8b0d59b83a60eb504567590346119fe4cd891cad support was added for
storing the source files of binaries in debug packages. Allow the user
to specify where those source files should be stored via makepkg.conf
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The documentation for OPTIONS and BUILDENV listed some incorrect
defaults for undefined options. The defaults are implementation-defined
in the source code for makepkg itself (e.g. it depends whether we use
`check_option "opt" "y"` or `check_option "opt" "n"`) but were
erroneously declared to be "whatever we *define* in the default
makepkg.conf".
Fixes FS#55754
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
For your convenience, makepkg now has 16 distinct ways to fail.
Also closes FS#54204.
Signed-off-by: Ivy Foster <iff@escondida.tk>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
If SOURCE_DATE_EPOCH is set, `touch` all source files between the (optional)
prepare() and build() functions to unify the modification times. This works
around build systems and compilers that embed the file modification times
into the file contents of release artifacts.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
--root is not sufficient to properly operate on a mounted guest system.
Using --root still uses the host system's configuration and there is no
way to correctly use the guest configuration without manually modifying
any Include directives. --sysroot provides an easier way to operate on
a guest system by chrooting immediately after option parsing before
configuration parsing or performing any operations. It is currently
limited to the root user, but that's enough for restoring a guest system
to a working state, which is the primary intended use case.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
|
|
--force is widely misunderstood and the same effect can now be achieved
with --overwrite, which is better named and can be used more safely.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Allows for safer, more fine-grained control for overwriting files than
--force's all-or-nothing approach.
Implements FS#31549.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Add command line option ('--disable-download-timeout') and config file
option ('DisableDownloadTimeout') to disable defaults for low speed
limit and timeout on downloads. Use this if you have issues downloading
files with proxy and/or security gateway.
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in now raises an error when
pkgver contains forward slashes.
pkgver containing a forward slash results in a package filename
containing a forward slash, which isn't a valid filename.
Signed-off-by: Steef Hegeman <steefhegeman@hotmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
'pacman -Dk' prints a "success!" message if there were no errors.
It is possible to suppress the output using the '-q / --quiet' flag.
This implements the feature discussed at https://bugs.archlinux.org/task/50087
Signed-off-by: Patrick Eigensatz <patrick.eigensatz@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Though correct, the wording of the description of Query's
-t/--unrequired option was confusing. Closes FS#48144.
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This has been moved to the pacman-contrib project.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Add a space between the option and its argument. Also, do not enclose
the argument in asterisk characters.
Fixes a typo introduced in aa4c61f (Document database checking options,
2014-12-28).
Reported-by: Luca Weiss <luca.emanuel.weiss@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|