summaryrefslogtreecommitdiffstats
path: root/scripts/libmakepkg
AgeCommit message (Collapse)AuthorFilesLines
2017-09-13libmakepkg: check for invalid tags in gitEli Schwartz1-1/+10
As per https://lists.archlinux.org/pipermail/arch-general/2017-July/043876.html git doesn't check that the tag name matches what an annotated tag object *thinks* it should be called. This is a bit of a theoretical attack and some would argue that we should always use commits since upstream can legitimately change a tag, but nevertheless this can result in a downgrade attack if the git download transport was manipulated or the upstream repository hacked. So, check the tag blob to make sure the tag actually matches the name we used for `git checkout`. This really should be fixed in git itself, rather than forcing all downstream users of git verify-tag to implement their own checks, but the git developers disagree, see the discussion surrounding https://public-inbox.org/git/xmqqk2hzldx8.fsf@gitster.mtv.corp.google.com/ Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg: Fix improperly spelled local variable declarationEli Schwartz1-1/+1
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg/integrity: Fix error message not sent to stderrEli Schwartz1-1/+1
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg: fix unsanitized source filenamesEli Schwartz1-2/+2
There were a couple places where filenames beginning with "-" were not properly guarded against by passing them after "--". Some PKGBUILD authors are crazy, but we still take those into account. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-08makepkg: create signature files outside of fakerootAllan McRae1-3/+31
With recent version of gpg, signing within fakeroot works on the first invocation, but fails on later runs. Sign all packages outside of fakeroot to avoid this issue. Fixes FS#49946. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Provide source files for useful debug packagesAllan McRae1-2/+21
Debug packages are fairly useless currently because the soucre files needed for stepping through code etc are not packaged with them. This patch adds the needed source files to the debug package and adjusts the debug info to look at the /usr/src/debug/ directory for them rather than the build location. This requires using the "debugedit" program which is provided as part of the RPM sources. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: Verify git signaturesEli Schwartz3-12/+79
A git repository is marked as signed if it contains the query "signed" as defined by https://tools.ietf.org/html/rfc3986 Adds two utility functions in util/source.sh.in to extract fragments and queries, and modifies source/git.sh.in to use them. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04libmakepkg/integrity: Verify file signatures in a separate functionEli Schwartz1-38/+46
This makes it easier to add signature verification for new protos. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: warn about dotfiles in package rootAndrew Gregory1-0/+38
libalpm reserves paths starting with '.' for its own use and will not extract any other than those it recognizes. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Update copyright yearsAllan McRae50-50/+50
Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: Disallow forward slashes in pkgverSteef Hegeman1-2/+2
scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in now raises an error when pkgver contains forward slashes. pkgver containing a forward slash results in a package filename containing a forward slash, which isn't a valid filename. Signed-off-by: Steef Hegeman <steefhegeman@hotmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05Build a single debug package for all packages from a PKGBUILDAllan McRae1-1/+1
We want to provide source files with debug symbol packages to allow easy stepping through the program. This becomes difficult with split packages due to the binaries in many of these sharing source files across packages. There are (at least) two solutions to this problem. #1: ensure common source files are located in the debug package for the package lowest in the dependency chain and add dependencies to the debug packages so all require source files are present, or #2: create one debug package for all split packages in a PKGBUILD. The second is a more robust approach despite potentially creating very large debug packages. This patch creates a single $pkgbase-debug package and adds provides such that installing $pkgname-debug will always work. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05add generated scripts to gitignoreChristian Hesse1-0/+3
These files are generated at build time. Ignore in git. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05makepkg: reject packages with newlines in pathsAndrew Gregory1-0/+42
libalpm's local database format does not support paths with newlines. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05makepkg: abort on lint_package errorsAndrew Gregory3-1/+5
Allows lint_package to prevent makepkg from creating an invalid package. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05Revert "[RFC] Provide source files for useful debug packages"Allan McRae1-19/+1
This reverts commit a79c0038ae84c38fe063bd7426a839f3c01c10e8. I merged the wrong branch into master...
2016-11-02[RFC] Provide source files for useful debug packagesAllan McRae1-1/+19
Debug packages are fairly useless currently because the soucre files needed for stepping through code etc are not packaged with them. This patch adds the needed source files to the debug package and adjusts the debug info to look at the /usr/src/debug/ directory for them rather than the build location. This requires using the "debugedit" program which is provided as part of the RPM sources. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22makepkg: print files with refs to $srcdir/$pkgdirIvy Foster1-7/+9
Since rewriting build_references() anyway, tweaked quoting. Implements FS#31558. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Use coreutils binaries for checking/generating checksumsAllan McRae2-9/+4
If pacman is build against a crypto library other than openssl, it makes no sense to require makepkg to use it. The only currently considered alternative to openssl is nettle, which has no binary for base64 encode/decode. This means that we could replace the hashing cacluations with nettle-hash, but would require base64 from coreutils. Given makepkg already relies heavily on coreutils, we might as well use all the coreutils hashing binaries too. This patch also improves the checking of required binaries for hashing operations. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22makepkg: Move parseopts from library to libmakepkgAlad Wenter1-0/+173
parseopts is used in makepkg and other scripts such as pacman-key as a getopt replacement. Instead of including it in those scripts via a macro, move it to libmakepkg/util/parseopts.sh and have scripts source this file where appropriate. To keep the parseopts test, a new variable was introduced: PM_LIBMAKEPKG_DIR Signed-off-by: Alad Wenter <alad@archlinux.info> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22libmakepkg: generate all scriptsAlad Wenter3-0/+0
In order for the scripts to be used in testsuites, it is easiest to generate all of them so they are found in the build directory (which may be different to the source directory). Signed-off-by: Alad Wenter <alad@archlinux.info> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-10lint_pkgbuild/pkgname: pkgname is not allowed to be emptyChristian Hesse1-0/+5
We checked for empty array elements, but did not catch empty array. Add a check for that case as well. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30libmakepkg: look for architecture-specific hashes in get_integlistJack O'Connor1-0/+11
`makepkg -g` looks for existing checksums in the PKGBUILD file, so that it can generate new sums of the same type. Previously it only checked variables of the form "sha256sums", and not "sha256sums_x86_64". That meant it would always fall back to MD5 for packages with only architecture-specific sources. This change makes it look at architecture-specific checksums too to determine the type. Signed-off-by: Jack O'Connor <oconnor663@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-18libmakepkg: extract functions for integrity checkingAshley Whetter7-1/+568
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-03-28libmakepkg: extract functions for writing .SRCINFO filesAshley Whetter2-0/+128
Signed-off-by: Ashley Whetter <ashley@awhetter.co.uk> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-03-21libmakepkg: ensure emptydir find command acts on individual directoriesAllan McRae1-1/+2
Using "-exec command {} +" systax exits on any error. Such errors occur when running rmdir on a non-empty directory. Switch to "{} ;" syntax instead which avoids exiting before the find command is completed. Fixes FS#48515. Note, we can not use "-empty" in the find command because it is not supported by Busybox find, and the "--ignore-fail-on-non-empty" flag for rmdir is not available on BSD rmdir variants. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-26makepkg: Remove upx and optipng supportAllan McRae2-90/+0
These options were added before libmakepkg allowed passes like this to be dropped in. I prefer only real core packaging tasks to be included in makepkg and additional things like this to be dropped in by a user or distribution that wants to support them. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-26libmakepkg: fix is_array functionAllan McRae1-1/+1
This happened to work for the majority of cases because the only calling function used a variable named "i" that was related to the variable being passed to the function. Fixes FS#48340. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-20libmakepkg: increase robustness of the detection of array variablesAllan McRae2-3/+20
Extract array detection into its own utility function that ensures extglob is enabled. Suggested-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-01-25Fix testing of arrays status for arch specific variablesZuyi Hu1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-01-04Update copyright years for 2016Allan McRae44-44/+44
make update-copyright OLD=2015 NEW=2016 Signed-off-by: Allan McRae <allan@archlinux.org>
2015-12-15makepkg: Output full URL in case of download failureFlorian Pritz1-1/+1
Most entries in $sources contain variables so finding out why a URL fails to download is hard because one has to manually replace the variables when looking at the PKGBUILD. Simply output the full URL here so that it can be easily seen what is wrong. Old: ==> ERROR: Failure while downloading example-1.2.4.tar.gz New: ==> ERROR: Failure while downloading http://example.org/releases/1.1/example-1.2.4.tar.gz With the new format it is much more obvious that the directory name is the culprint (1.1 vs 1.2) while the old one would not display that information. Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-11-23lint_pkgbuild/variable: increase robustnessAllan McRae1-12/+54
Approach the detection of variables of the wrong type using an approach similar to that used for construction of .SRCINFO files. While doing silly things in bash could still result in false negatives, this approach should be very robust to generatinf false positives results. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-11-23lint_pkgbuild: explicitly return valueAllan McRae5-4/+12
Set the return value to be local and always explictly returns it. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-11-05Refactor lint_source to work with earlier versions of BashAaron Campbell1-1/+1
Negative subscripts to indexed arrays are not supported before 4.2. However, since substring expansion works on arrays, we can specify an offset of -1 to be taken relative to one greater than the maximum index of the specified array (see Parameter Expansion section of the bash man page). This works with both Bash 4.1 and 4.2, and 4.1 is already the oldest supported by pacman. Signed-off-by: Aaron Campbell <aaron@monkey.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-10-27libmakepkg: fix pkgver checkingAllan McRae1-2/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-10-19libmakepkg: Add check_buildoption for distcc and ccacheJan Alexander Steffens (heftig)1-0/+34
makepkg used to check OPTIONS too, which could override BUILDENV. Implement a new function that handles these options more like OPTIONS. This also reduces code duplication a bit. Signed-off-by: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2015-10-19Remove space before ellipsesAllan McRae1-2/+2
Makes all use of ellipses consistent... Signed-off-by: Allan McRae <allan@archlinux.org>
2015-09-22libmakepkg: remove declaration of unused local variablesAllan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-09-22libmakepkg: return 1 on error in arch arrayAllan McRae1-2/+2
The return value was being assigned when an error was found in a PKGBUILD's arch array but it never was returned. Also remove error message explaining about adding the arch array to a PKGBUILD. That was added a long time ago when the arch array first became compulsory. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-09-22libmakepkg: update .gitignoreAllan McRae1-2/+3
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-09-07libmakepkg: check if PKGBUILD variables are arrays or not as appropriateAllan McRae1-0/+65
When extracting variables from PKGBUILD (e.g. for .SRCINFO creation) we make assumptions about whether variables are arrays or not. This adds a check to the PKGBUILD linter to ensure variables are arrays or not as appropriate. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-09-07libmakepkg: util/pkgbuild.sh needs processing on buildAllan McRae1-0/+0
pkgbuild.sh contained @DEBUGSUFFIX@ and so needs to be run through the sed command on build. Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20libmakepkg: move color settings to functionAllan McRae1-0/+20
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20libmakepkg: lint_package requires cd_safeAllan McRae1-0/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: extract functions for source download and extractionAllan McRae8-0/+734
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: extract functions for handling source URLsAllan McRae2-0/+145
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: fix test styleAllan McRae2-2/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: move more functions for extracting information from PKGBIULDsAllan McRae1-1/+46
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-05-19libmakepkg: extract more utility functionsAllan McRae1-1/+31
Signed-off-by: Allan McRae <allan@archlinux.org>