summaryrefslogtreecommitdiffstats
path: root/scripts/libmakepkg
AgeCommit message (Collapse)AuthorFilesLines
2018-06-18Add missing sha224 sums in man page and lintingmorganamilo1-1/+2
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18libmakepkg/lint_pkgbuild: squelch syntax error when a pkgname is emptyEli Schwartz1-2/+1
We fail with an error, but then we also fail with: ==> ERROR: depends is not allowed to be empty. /usr/share/makepkg/lint_pkgbuild/pkgname.sh: line 39: continue: only meaningful in a `for', `while', or `until' loop During the refactor to provide enhanced pkgname=pkgver linting, this was moved out of the ${pkgname[@]} loop to a distinct function, at which time it should have been modified to return rather than continue. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18libmakepkg/lint_pkgbuild: permit versioned optdependsEli Schwartz1-5/+13
pacman accepts these, and there is no good reason to be more restrictive ourselves; we should follow the example of "depends" here. Update the documentation to actually state that this is supported. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18libmakepkg: when checking for write permissions, handle pre-existing dirsEli Schwartz1-5/+5
Simplifies the function a bit, but mostly, mkdir -p will never fail if the directory exists, and therefore makepkg never checks to see if it is actually writable. On the other hand, it's unnecessary to check if the directory exists once we know mkdir -p succeeded... Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-12libmakepkg: Support file 5.33's application/x-pie-executableJan Alexander Steffens (heftig)1-0/+2
file 5.33 introduces a new MIME type "application/x-pie-executable", which is used for relocatable binaries. makepkg ignored these binaries and did not attempt to strip them. Handle the new MIME type like the old "application/x-sharedlib". Stripping the binaries with --strip-unneeded to keep relocation information should be the correct thing to do. file 5.33 also misidentifies actual libraries as PIE executables, so we didn't strip any shared libraries, either. We now work around this bug. Signed-off-by: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-12util/pkgbuild: fix broken indentationAndrew Gregory1-8/+8
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-12libmakepkg/integrity: determine what is a signature preferring local filenameEli Schwartz1-1/+1
Checking the file extension to determine if something is a signature is currently done in three places: - verify_file_signature: uses $file to print status, reuses it for comparison - source_has_signatures: uses $netfile, but removes url component if filename component exists - generate_one_checksum: uses $netfile and fails to detect renamed files This leads to inconsistent behavior when trying to use a signature of the form "foo-1.0.tar.gz.asc::https://example.com/foo-1.0.tar.gz.pgp" Fix this by treating the third case like the second case. Reported-by: Giancarlo Razzolini <grazzolini@archlinux.org> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-12libmakepkg: don't save/set/restore extglob in bash [[ testsEli Schwartz1-5/+0
Since bash 4.1 extglobs can be used within [[ ... ]] regardless of whether the shopt is set. Our configure.ac requires bash 4.1.0 at a minimum for pacman scripts. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-12libmakepkg: only save the shellopts we needEli Schwartz6-12/+12
micro-optimization: We only care about temporarily enforcing extglob, so that is the only one we need to explicitly restore. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-12libmakepkg/lint_pkgbuild: fix regression in linting ↵Eli Schwartz6-11/+27
depends=(foo=$epoch:$pkgver-$pkgrel) In commit 91b72cc386ca03241791748da5da2b150c724ace support was added for linting depends/etc. to ensure they contain only valid dependency specifiers. However it did not properly take into account the possibility of dependencies linked to a specific pkgrel or epoch, which promptly failed to build because "-" and ":" is not allowed in a pkgver. pkgrel is something supported by pacman and useful for e.g. split packages which cannot be mismatched even if the pkgver is the same. Fix by removing an optional suffixed "-$decimal" when checking for a valid pkgver. epoch is kind of difficult to do without :D so likewise fix by removing an optional prefixed "$integer:" Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-12remove unneeded break argument from option parsingRafael Ascensão1-1/+1
Some scripts are using `break 2` to break out of the option parsing loop. Since a single `break` is sufficient in these cases, remove the extra argument. Signed-off-by: Rafael Ascensão <rafa.almas@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-04-29libmakepkg/lint_pkgbuild: lint depends/etc. as if they are pkgnameEli Schwartz10-82/+308
depends, provides, conflicts, replaces, and other variables that are meant to contain package names, are now checked to ensure 1) the name component contains only characters that would equate to a valid pkgname. 2) the version component contains only characters that would equate to a valid pkgver. 3) comparison operator is a valid comparison operator (e.g. provides only allows exact = while optdepends doesn't allow anything) This also refactors pkgname into a shared utility function, wires up pkgbase optdepends and provides to use it, and gives pkgver a touchup to allow referencing where it was called from. Fixes FS#57833 and a bit of extra. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-04-29libmakepkg/util/pkgbuild.sh: fix missing extglobEli Schwartz1-0/+6
We use an extended glob here, but were relying on having it globally set in makepkg. This causes it to fail when used in scripts. Since scripts using libmakepkg may not want extglob to be set, save and restore the environment while explicitly setting extglob only where we need it. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-18makepkg --packagelist: fix listing debug packages with makepkg.confEli Schwartz1-2/+1
print_all_package_names used in_opt_array to check whether or not the PKGBUILD itself has options=('debug' 'split') -- while checking to see if it was enabled per split package which doesn't make sense as these options apply globally. This prevented debug packages from being listed if enabled via makepkg.conf rather than per PKGBUILD. Instead, use check_option to determine whether makepkg actually thinks it is meant to try creating a split debug package. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-15libmakepkg: Add basic rules to lint makepkg.conf variablesEli Schwartz3-0/+156
Currently the only things we check are: - Things that should be arrays, are not strings, and vice versa (this was mostly copy-pasted from the similar code in lint_pkgbuild). - Variables that are meant to contain pathname components cannot contain a newline character, because newline characters in pathnames are weird and also don't play well with future changes intended for the --packagelist option. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-15libmakepkg/integrity: fix regression that broke --installEli Schwartz1-13/+10
In commit c6b04c04653ba9933fe978829148312e412a9ea7 package signing was moved out of fakeroot, and as part of this process, the global pkgname variable was modified in order to extract the built package names. However, if a debug package was not available and added to the list of packages, the function was aborted early, before the pkgname array was restored, thereby corrupting the later stages of makepkg and specifically the install_package function which needs to know which pkgnames to install. Fix this by inlining the debug package signing inside the `if` check, and as added security switch to using `for pkg in "${pkgname[@]}"` as is done in many other parts of makepkg, since package signing does not depend on the value of pkgname for anything. Additionally, since debug packages may not actually exist, check if the package file exists first. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-15makepkg: avoid false "Signing package(s)" msg when signing is disabledEli Schwartz1-3/+3
Followup on c6b04c04653ba9933fe978829148312e412a9ea7 which refactored the signing function to run outside of fakeroot, and in the process moved the status message to outside the $SIGNPKG check. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-14makepkg: refactor checking for write permissions into a utility functionEli Schwartz1-0/+17
Additionally provide a separate error for failure to create the directory vs lack of write permissions on a pre-existing directory. This also means we now consistently try to create any nonexistent *DEST directories as needed before aborting with E_FS_PERMISSIONS. Previously only $BUILDDIR received that kindness. Fixes FS#43537 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-14Update coyrights for 2018Allan McRae53-53/+53
make update-copyright OLD=2017 NEW=201 Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-14Fix linting of whitespace in pkgverRikard Falkeborn1-1/+1
In order to detect if pkgver contains whitespace, we need to quote it. Previously, only the characters up to the first whitespace was checked. Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-03-14makepkg --packagelist: just list the built package files we will buildEli Schwartz1-7/+5
Currently this seems to be only theoretically useful. The most likely reason for wanting a packagelist is in order to script makepkg and derive the filenames for the packages we want to install or repo-add, but in the current implementation this requires a lot of additional post-processing which must be duplicated in every utility to wrap makepkg. - It is of minimal use to know what packages might get created on some other device utilizing a different CPU/OS architecture, so don't list them. - It is non-trivial to reimplement makepkg's logic for sourcing any of several makepkg.conf configuration files, then applying environment overrides in order to get the PKGDEST and PKGEXT, so include them directly in the returned filenames. - Output is delimited by newlines, for readability. For maximum parsing reliability, libmakepkg needs to learn how to lint the PKGDEST and PKGEXT variables to ensure they do not contain newlines, which will be submitted in a separate patch. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-10Fix moving source files into debug packagesAllan McRae1-4/+5
Commit 8bec63bf92d8dd028aa88dbd5109c314cdb9ebea attempted to switch to using -fdebug-prefix-map to set file locations in debug packages. It make a few mistakes... 1) Adding debug C{,XX}FLAGS only worked if DBGSRCDIR was defined in makepkg.conf. Fix this by falling back to the default value. 2) Using -fdebug-prefix-map altered a lot of assumptions about file locations when copying source files into debug packages. This resulted in lots of messages of failed cp in packaging output. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06libmakepkg/integrity: fix git signatures not seen with multiple filesEli Schwartz1-4/+4
In eaa82b4d0775252856a4e54a6f2a9ea191cf0b8f source_has_signature() was modified to check if git repositories are marked as signed. However, due to a typo the unused variable $netfile was checked. This worked as long as the last source element was marked as signed, due to $netfile being mistakenly set as a global in check_vcs_software(), but usually failed with multiple sources. Break this more consistently by properly declaring $netfile as a local variable in check_vcs_software() which it should be regardless. Fix it again by completely moving over to $netfile in source_has_signature() as netfile is more descriptive of the current state. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06libmakepkg/integrity: fix regression that broke invalid file sigsEli Schwartz1-0/+2
In 42e7020281d3ae260e1e9693495f527b7f476625 creating the gpg statusfile for a source file was split into a separate function, which used the return code to indicate unsigned files and proto-specific errors. However, the fallback return code was set by the final gpg invocation, which would be 1 if the signature was somehow broken (for example, the key was not available in the gpg keyring). As a result makepkg thought that file did not have a signature and skipped over it rather than erroring out. Fix this by explicitly setting the return code for all verify_*_signature() functions. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07makepkg: tell the compiler to record debugging info for debug packagesEli Schwartz1-5/+2
In commit 8b0d59b83a60eb504567590346119fe4cd891cad support was added for storing the source files of binaries in debug packages. This made use of the debugedit program which is part of the RPM package manager, which is not very standalone. The same effect can be achieved using -fdebug-prefix-map, an option accepted by both the gcc and clang compilers which modifies how the compiler itself stores the references to the source files rather than requiring us to later edit the produced binaries. This also removes the dependency on external programs like debugedit. As a result of this change, source files will only be effectively added for programs which actually use the exported CFLAGS. This is a reasonable tradeoff as we expect our CFLAGS to be used rather than ignored. Upstream software which do not produce useful debug packages are expected to fix their build systems to respect the environment CFLAGS. As a result of this change, the routine for extracting source filenames from binaries had to be modified to derive the source file from the final debug location, rather than the other way around. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07makepkg: Add a config option to specify the location of debug sourcesEli Schwartz1-1/+1
In commit 8b0d59b83a60eb504567590346119fe4cd891cad support was added for storing the source files of binaries in debug packages. Allow the user to specify where those source files should be stored via makepkg.conf Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07makepkg: refactor archive compression for reusabilityEli Schwartz1-0/+47
This allows for more easily extending the list of allowed compression methods, as it has to be modified in only one place. Also allow the user to specify their own preferred command + options for source packages in addition to compiled packages. Currently, makepkg.conf(5) erroneously claims this is already possible.
2017-12-07libmakepkg: fix .gitignore to simply ignore all generated .sh filesEli Schwartz1-17/+1
Prior to commit aca153bfa6b1bcd828f0b35db453bb9fea6a08bf some .sh files were not generated and simply included directly, and it was necessary to explicitly iterate all ignored files to prevent git from ignoring the directly-included files. However, now all .sh files are in fact generated so it makes no sense to list each one separately in the .gitignore file. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07makepkg: implement error codesIvy Foster1-0/+41
For your convenience, makepkg now has 16 distinct ways to fail. Also closes FS#54204. Signed-off-by: Ivy Foster <iff@escondida.tk> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-10-17libmakepkg: only output package file names when checking for build referencesAllan McRae1-1/+1
The leading directory is distraction from identifying the files containing build references. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-09-14libmakepkg: grammar fixAllan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2017-09-13libmakepkg: check for invalid tags in gitEli Schwartz1-1/+10
As per https://lists.archlinux.org/pipermail/arch-general/2017-July/043876.html git doesn't check that the tag name matches what an annotated tag object *thinks* it should be called. This is a bit of a theoretical attack and some would argue that we should always use commits since upstream can legitimately change a tag, but nevertheless this can result in a downgrade attack if the git download transport was manipulated or the upstream repository hacked. So, check the tag blob to make sure the tag actually matches the name we used for `git checkout`. This really should be fixed in git itself, rather than forcing all downstream users of git verify-tag to implement their own checks, but the git developers disagree, see the discussion surrounding https://public-inbox.org/git/xmqqk2hzldx8.fsf@gitster.mtv.corp.google.com/ Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg: Fix improperly spelled local variable declarationEli Schwartz1-1/+1
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg/integrity: Fix error message not sent to stderrEli Schwartz1-1/+1
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg: fix unsanitized source filenamesEli Schwartz1-2/+2
There were a couple places where filenames beginning with "-" were not properly guarded against by passing them after "--". Some PKGBUILD authors are crazy, but we still take those into account. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-08makepkg: create signature files outside of fakerootAllan McRae1-3/+31
With recent version of gpg, signing within fakeroot works on the first invocation, but fails on later runs. Sign all packages outside of fakeroot to avoid this issue. Fixes FS#49946. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Provide source files for useful debug packagesAllan McRae1-2/+21
Debug packages are fairly useless currently because the soucre files needed for stepping through code etc are not packaged with them. This patch adds the needed source files to the debug package and adjusts the debug info to look at the /usr/src/debug/ directory for them rather than the build location. This requires using the "debugedit" program which is provided as part of the RPM sources. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: Verify git signaturesEli Schwartz3-12/+79
A git repository is marked as signed if it contains the query "signed" as defined by https://tools.ietf.org/html/rfc3986 Adds two utility functions in util/source.sh.in to extract fragments and queries, and modifies source/git.sh.in to use them. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04libmakepkg/integrity: Verify file signatures in a separate functionEli Schwartz1-38/+46
This makes it easier to add signature verification for new protos. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: warn about dotfiles in package rootAndrew Gregory1-0/+38
libalpm reserves paths starting with '.' for its own use and will not extract any other than those it recognizes. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Update copyright yearsAllan McRae50-50/+50
Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: Disallow forward slashes in pkgverSteef Hegeman1-2/+2
scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in now raises an error when pkgver contains forward slashes. pkgver containing a forward slash results in a package filename containing a forward slash, which isn't a valid filename. Signed-off-by: Steef Hegeman <steefhegeman@hotmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05Build a single debug package for all packages from a PKGBUILDAllan McRae1-1/+1
We want to provide source files with debug symbol packages to allow easy stepping through the program. This becomes difficult with split packages due to the binaries in many of these sharing source files across packages. There are (at least) two solutions to this problem. #1: ensure common source files are located in the debug package for the package lowest in the dependency chain and add dependencies to the debug packages so all require source files are present, or #2: create one debug package for all split packages in a PKGBUILD. The second is a more robust approach despite potentially creating very large debug packages. This patch creates a single $pkgbase-debug package and adds provides such that installing $pkgname-debug will always work. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05add generated scripts to gitignoreChristian Hesse1-0/+3
These files are generated at build time. Ignore in git. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05makepkg: reject packages with newlines in pathsAndrew Gregory1-0/+42
libalpm's local database format does not support paths with newlines. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05makepkg: abort on lint_package errorsAndrew Gregory3-1/+5
Allows lint_package to prevent makepkg from creating an invalid package. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05Revert "[RFC] Provide source files for useful debug packages"Allan McRae1-19/+1
This reverts commit a79c0038ae84c38fe063bd7426a839f3c01c10e8. I merged the wrong branch into master...
2016-11-02[RFC] Provide source files for useful debug packagesAllan McRae1-1/+19
Debug packages are fairly useless currently because the soucre files needed for stepping through code etc are not packaged with them. This patch adds the needed source files to the debug package and adjusts the debug info to look at the /usr/src/debug/ directory for them rather than the build location. This requires using the "debugedit" program which is provided as part of the RPM sources. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22makepkg: print files with refs to $srcdir/$pkgdirIvy Foster1-7/+9
Since rewriting build_references() anyway, tweaked quoting. Implements FS#31558. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Use coreutils binaries for checking/generating checksumsAllan McRae2-9/+4
If pacman is build against a crypto library other than openssl, it makes no sense to require makepkg to use it. The only currently considered alternative to openssl is nettle, which has no binary for base64 encode/decode. This means that we could replace the hashing cacluations with nettle-hash, but would require base64 from coreutils. Given makepkg already relies heavily on coreutils, we might as well use all the coreutils hashing binaries too. This patch also improves the checking of required binaries for hashing operations. Signed-off-by: Allan McRae <allan@archlinux.org>