summaryrefslogtreecommitdiffstats
path: root/scripts
AgeCommit message (Collapse)AuthorFilesLines
2020-06-18makepkg/repo-add: do not accept public-only keys for signingEli Schwartz2-2/+2
If it's not listed by --list-secret-key we don't care if it has been imported into your keyring, it's unusable. And you might not have a private key at all in the no-keyid-specified case. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 02ae97b0da220d9079c6c2c1ac3e3ab0d12c1ac7)
2020-06-18makepkg/repo-add: handle GPGKEY with spacesEli Schwartz3-8/+8
We pass this to gpg -u and this gpg option can accept a number of different formats, not just the historical hexadecimal fingerprint we assumed. We should not barf hard if a format is used which happens to contain spaces. This also fixes a validation bug. When we initially check if the desired key is available, we don't quote spaces, so gpg goes ahead and treats each space-separated string as a *different key* to search for, returning partial matches, and returning success if at least one key is found. But gpg --detach-sign -u will certainly not accept multiple keys! Fixes FS#66949 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 899d39b635d46f9e2daff1aada75ea07f08fef64)
2020-06-18libmakepkg: fix regression in sending plain() output to stderrEli Schwartz12-33/+41
In commit 882e707e40bbade0111cf3bdedbdac4d4b70453b we changed message output to go to stdout by default, unless it was an error. The plain() function doesn't *look* like an error function, but in practice it was -- it's used to continue multiline messages, and all in-tree uses were for warning/error. This is a problem both because we're sending output to the wrong place, and because in some cases, we were performing error logging from a function which would otherwise return a value to be captured in a variable using command substution. Fix this and straighten out the API by providing two functions: one for continuing msg output, and one which wraps this by sending output to stderr, for continuing error output. Change all callers to use the second function. (cherry picked from commit bf458cced7c0845f7b6fabb887d3878ae4cd51b2)
2020-06-18makepkg: correctly handle missing download clientsEli Schwartz1-1/+1
This was broken in commit 882e707e40bbade0111cf3bdedbdac4d4b70453b, which changed 'plain()' messages to go to stdout, which was then captured as the download client in question: cmdline=("Aborting..."). The result was a very confusing error message e.g. /usr/share/makepkg/source/file.sh: line 72: $'\E[1m': command not found or with makepkg --nocolor: /usr/share/makepkg/source/file.sh: line 72: Aborting...: command not found The problem here is that we checked to see if an asynchronous subshell, in our case <(...), failed, by checking if its captured stdout is non-empty. Which is terrible, and also a limitation of old bash. But bash 4.4 can use wait $! to retrieve the return value of an asynchronous subshell. Now we target that as our minimum, we can sanely handle errors in such functions. Losing error messages on stdout by capturing them in a variable instead of printing them, continues to be a problem, but this will be fixed systematically in a later commit. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 381e11375569fa7588b1297e0e744749bdafe8f5)
2020-06-18makepkg: guard against undefined git pinned sourcesEli Schwartz1-1/+1
If something like source=(..."#commit=") is used, e.g. due to failed variable expansion, we try to check out an empty refspec as nothing at all, and end up just running "git checkout". This happens because we fail at variable expansion too -- so let's quote our variables properly and make sure git sees this as an empty refspec, so it can error out. Also make sure it is interpreted as a ref instead of a path. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 817f9fb715b4e90d28bc141dfccfc530b9e951dc)
2020-06-18libmakepkg/strip: don't re-add the same debug source multiple timesEli Schwartz1-4/+7
It's either a waste of work, or triggers edge cases in some packages (like coreutils-8.31) where the source file is readonly and cp gets a permission denied error trying to overwrite it with an identical copy of itself. Also while we are at it, make the variable names be something readable, because I could barely tell what this was doing while editing it. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 3674144a74cfe897ec3ff46c18681df293290caa)
2020-06-18makepkg: deterministic PKGINFO libprovides for multiple library versionsLevente Polyak1-1/+1
While iterating over the provides array, the find call for locating a shared library may result in listing multiple entries which by itself does not produce a stable deterministic order and may vary depending on the underlying filesystem. To provide a stable listing and a reproducible .PKGINFO file the result of find is piped to sort with a static LC_ALL=C localisation. Signed-off-by: Levente Polyak <anthraxx@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 8ce142a2552418f64a74e773f659d92b065d6209)
2020-06-18build-aux/update-copyright 2019 2020Allan McRae90-95/+95
Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit e76ec94083235ddc5510ab57b7c2bc12a1d34e8a)
2020-06-18makepkg: make per-package files containing '$pkgname' consistently workEli Schwartz3-9/+21
Extracting function variables containing arbitrarily scoped variables of arbitrary nature is a disaster, but let's at least cover the common case of using the actual '$pkgname' in an install/changelog file. It's the odd case of actually being basically justified use of disambiguating between the same variable used in multiple different split packages... and also, --printsrcinfo already uses and overwrites the variable 'pkgname' in pkgbuild_extract_to_srcinfo, so this "works" in .SRCINFO but doesn't work in .src.tar.gz It doesn't work in lint_pkgbuild either, but in that case the problem is being too permissive, not too restrictive -- we might end up checking the same file twice, and printing that it is missing twice. Fixes FS#64932 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit d626a17ef94d79975ff17d04250152ea46aaade3)
2020-01-14makepkg: fix regression that broke extraction of file:// sourcesEli Schwartz2-3/+3
In commit 9c817b654996249b8022e189ee7e2692f4668431 we made these sources extendable, and heuristically determined the correct extraction functions to use. But our fallback for protos that didn't have an exact extract_* function didn't take into account that 'extract_file' matches an actual proto... so we passed the netfile in while the function expected a file. Solution: the function should expect a netfile too, thereby allowing us to delay an attempted resolution of netfile -> file, to the one case where it is actually used. This makes us slightly more efficient in the non-file case, makes our functions a bit more consistent, and makes file:// extraction work again. Fixes FS#64648 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 349c22d043290ccd0cce9f30981f5415e295442a)
2020-01-10makepkg: fix one more file-seccomp issueEli Schwartz1-1/+1
When file is called via fakeroot, it doesn't matter whether you use -z or not, it is still incompatible with seccomp. Fix by configuring it with FILECMD when used in the fakeroot 'tidy' run. Fixes FS#65100 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-01Pull latest translations from TransifexAllan McRae39-81/+107
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-30Comma failAllan McRae1-1/+1
2019-10-30makepkg: only run --clean actions if we built a packageEli Schwartz1-1/+1
Fixes issue where users were allowed to run cleanup while running --geninteg or --printsrcinfo or --packagelist, thus mixing invalid responses into stdout. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-30makepkg: do not count hard links multiple times when calculating pkg sizeEli Schwartz4-1/+44
Exclude files with hardlinks when cat'ing all the files, and do a second run to look at each file with hardlinks, keep track of the ones we've already operated on, and only cat each inode once. Then use "wc -c" to get the size of all (deduplicated) files the same way we were already doing. Original-patch-by: Ronan Pigott <rpigott@berkeley.edu> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-30makepkg: protect against unexpected whitespace in filenamesEli Schwartz4-11/+11
zipman: read -r protects against those evil manpages whose filenames contain backslash escapes, (muahahaha?) IFS= read protects against filenames with: - leading whitespace (but no one is actually stupid enough to configure their MAN_DIRS=() in makepkg.conf with such silly directories, *right*?) - trailing whitespace (but likewise, no one should be stupid enough to write an uncompressed manpage for section '1 ' or something) Also fix several other cases where we read filenames without protecting against surrounding whitespace, or without using null-delimited filenames when we could trivially do so. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-23Update copyright yearsAllan McRae87-92/+92
make update-copyright OLD=2018 NEW=2019 Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-23Remove --force from completionAllan McRae2-4/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-23Update completion for -F changesAllan McRae2-4/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-22makepkg: don't warn when PACKAGER is unsetmorganamilo1-1/+1
makepkg now complains when PACKAGER is not in the format "name <email>". Hide this warning when PACKAGER is unset but still warn if it is set to something out of format. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-22Fix compression of package databases with zstdNick Cao1-6/+6
Commit 7afe51171 attempted to add zstd compression support to repo-add, but failed... FS#64213 Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-22Fix distribution of meson filesAllan McRae1-1/+3
Also caught the source of a man page not being distributed. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-21Final translation updates for pacman-5.2.0Allan McRae38-125/+89
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-14Translation updatesAllan McRae39-833/+1093
Pull all translations with >75% completion. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-09makepkg: do not save fflags when creating packagesEli Schwartz1-2/+2
Saving fflages breaks reproducible builds due to encoding information specific to the filesystem that was used to build the package. This information is not needed for packaging purposes anyway. Including fflags also means that attempting to extract a package file as root (or fakeroot) might result in angry warnings being printed to the console by bsdtar, followed by a non-zero exit code, unless the user remembers to use --no-fflags during extraction. This is unpleasant UI, even if pacman itself won't care about these. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman-key: receive keys from WKD with -r/--recv-keysJonas Witschel1-8/+17
If an email address is specified, we use --locate-key to look up the key using WKD and keyserver as a fallback. If the key is specified as a key ID, this doesn't work, so we use the normal keyserver-based --recv-keys. Note that --refresh-keys still uses the keyservers exclusively for refreshing, though the situation might potentially be improved in a new version of GnuPG: https://lists.gnupg.org/pipermail/gnupg-users/2019-July/062169.html Signed-off-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07Pull and push translation changes in preparation for 5.2Allan McRae40-12741/+8135
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07makepkg: propagate E_REMOVE_BUILD_DEPSAlad Wenter1-1/+5
remove_deps is called once, at the end of clean_up() before makepkg exit. If remove_deps returns >0 (e.g. when pressing "n" in the resulting prompt), the error is caught by the ERR signal handler. This in turns sends SIGUSR1 to the process group, with resulting exit code 138. In case remove_deps fails, this patch exits makepkg with E_REMOVE_DEPS if there was no previous error (that is, EXIT_CODE equals E_OK). Otherwise, makepkg exits with EXIT_CODE. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07makepkg: remove makedepends before installing built packageErich Eckner1-0/+3
When running `makepkg -i` it may be necessary to first remove make- and checkdepends before installing the built package - for example if they conflict each other. This is the case for wireguard-arch which makedepends and conflicts wireguard-dkms. Signed-off-by: Erich Eckner <git@eckner.net> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07makepkg: wait for process to finishAllan McRae1-1/+1
Without the -f option to wait, we might move on and try to delete the logpipe before the process is completed. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07makepkg: Delete logpipe when exitingAustin Lund1-3/+4
The logpipe fifo can remain when exiting on a non-error condition such as recieving signals INT and USR1. This can be seen by doing either a manual CTRL-C to interrupt the build or by sending a signal such as: $ makepkg & sleep 5 ; kill -USR1 $! Remove the fifo in all cases on script exit if it still exists. Signed-off-by: Austin Lund <austin.lund@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07Support file with seccomp enabledEli Schwartz2-1/+2
Not all compression types can be detected in the seccomp sandbox, so we need to disable it. This requires either configuring makepkg to know the sandbox is available, or checking for file >= 5.38 in which the sandbox option is a no-op even when seccomp is disabled. - Requires autoconf-archive for autotools version compare macro. - meson version comparison could be made a lot simpler using meson-git. Fixes FS#58626 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman-key: clean keys on import to remove unknown signaturesEli Schwartz1-0/+1
There is no good reason to bloat the keyring by importing tons of signatures we cannot use; drop any signatures that don't validate against another available key (probably the master keys). If any desired signatures get cleaned, the key can be refreshed after importing the new signing public key. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman-key: make sure we actually use the Web of Trust, which GnuPG doesn't.Eli Schwartz1-0/+5
By default, the latest versions of GnuPG disable the Web of Trust and refuse to import signatures from public keyservers. This is to prevent denial of service attacks, because refusing to import signatures only if the key size is too big, is apparently too silly to consider. Either way, pacman needs the WoT. If pacman imports a key at all, it means everything failed and we are in fallback mode, trying to overcome a shortcoming in the availability of keys in the keyring package. (This commonly means the user needs to acquire a new key during the same transaction that updates archlinux-keyring.) In order for that new key to be usable, it *must* also import signatures from the Master Keys. I don't give credence to this supposed DoS, since the worst case scenario is nothing happening and needing to CTRL+C in order to exit the program. In the case of pacman, this is better than being unable to install anything at all (which is gnupg doing a much more harmful DoS to pacman), and in the already unusual case where something like --refresh-keys is being used directly instead of depending on the keyring package itself, gnupg supports WKD out of the box and will prefer that for people whose keys are marketed as being non-DOSable. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07pacman-key: when refreshing gpg.conf, don't truncate option checkingEli Schwartz1-1/+1
If an option is a two-part option, we print both (separated by IFS=' '), but when grepping to see if it already exists, we only checked the first component. This means that something like keyserver-options could only check if there were existing keyserver options of any sort, but not which ones. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07makepkg: add rust support for *FLAGS and debug-prefix-mapEli Schwartz4-6/+8
The rust language supports $RUSTFLAGS to be used automatically in all rustc invocations. Allow setting this in makepkg.conf (e.g. for optimization or debuginfo support), and teach debug+strip to pass the rustc command line argument necessary to rewrite source file paths in the debugging symbols. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04libmakepkg: check if PACKAGER has the expected format for WKD lookupJonas Witschel1-0/+6
pacman should be able to extract an email address from PACKAGER for WKD lookup, so issue a warning if it is not of the form "Example Name <email@address.invalid>". Neither the name nor the email address must contain additional angle brackets. Signed-off-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04libmakepkg: fix typomorganamilo1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04autotools: distribute meson filesEli Schwartz1-0/+2
If we use make dist to create the official, signed release tarballs, those will not have meson build files by default since autotools doesn't know what they are. Also distribute all src/common/ files. We never strictly needed any of them to be distributed with autotools, because the dist tarball dereferences the symlinks (???), but only some of them were being distributed, and meson needs them to be in the right location as we only build libcommon from the primary files. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-12Prepare translations for next releaseAllan McRae38-20300/+20267
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-05makepkg: Ignore "<artificial>" source filesAustin Lund1-1/+1
An artificial symbol can be produced when requesting debugging symbols and the compiler has inlined a function. These symbols will give spurious results when listing source files for inclusion in debug packages. This will ignore these symbols and avoid an error that can be generated when creating a debug package. Signed-off-by: Austin Lund <austin.lund@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-26bash-completion: use POSIX character classes in regular expressionsEli Schwartz1-3/+3
bash uses POSIX extended regular expressions via regex(3), which does not guarantee support for shorthand character classes. Although glibc supports it, msys2-runtime does not. Make sure the completion script works (hopefully) everywhere by being more portable. Fixes: https://github.com/msys2/MSYS2-packages/pull/1549 Original-patch-by: plotasse <platos@protonmail.ch> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-25makepkg: do not exit immediately on dependency install failuresAllan McRae1-2/+2
Fixes FS#63000 Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-06makepkg: restrict pkgname and pkgver to asciiAndrew Gregory2-0/+9
pkgname and pkgver are used as directory names within database files. libarchive does not provide a reliable locale-independent method for reading archive file names, causing errors when archive paths include non-ascii characters. This is a first step toward dealing with FS#49342, by hopefully reducing the number of packages with non-ascii data in the wild before updating libalpm to reject them outright. See https://github.com/libarchive/libarchive/wiki/Filenames and https://github.com/libarchive/libarchive/issues/587 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28makepkg: also move restore_envvars handling into libmakepkgEli Schwartz2-6/+21
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28makepkg: move config loading into libmakepkgEli Schwartz5-31/+73
When scripting/automating around makepkg, it is sometimes desirable to know how makepkg will be configured to operate. One example is the archlinux devtools, which must forward select makepkg.conf variables into a build chroot (for example PACKAGER) or use those variables itself (for example {SRC,PKG,LOG}DEST). The configuration file can be in up to 3 places, and should be capable of being overridden via environment variables. It is sufficiently complex to represent distinct functionality, and sufficiently useful to merit easy accessibility in other scripts, therefore, let us move it into a publicly exposed utility library. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28libmakepkg: add lint_config to validate SRCEXT/PKGEXTEli Schwartz3-0/+47
These variables must begin with .src.tar / .pkg.tar respectively, so fail early if those expectations are not matched. This prevents makepkg from creating e.g. package files literally named "./pacman-5.1.3-1-x86_64" which are actually uncompressed tarballs. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-28repo-add: Add --prevent-downgrade optionekardnam1-3/+16
Implements FS#17752 Signed-off-by: Luca Bertozzi <ekarndam@autistici.org>
2019-05-28Support application/gzip MIME type in extractionKevin Mihelich1-1/+1
file 5.37 changed the gzip MIME type from application/x-gzip to application/gzip, so support this when checking to extract source files. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08makepkg: propagate error codes when package failed to sign correctlyEli Schwartz2-3/+7
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>