summaryrefslogtreecommitdiffstats
path: root/scripts
AgeCommit message (Collapse)AuthorFilesLines
2011-06-01pacman-key: print default gpgdir in usagePang Yan Han1-1/+1
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-05-04Merge branch 'maint'Dan McGee1-1/+1
2011-05-02makepkg: quote variable that may contain spacesAllan McRae1-1/+1
Prevents failures when $PKGDEST contains spaces (FS#24002) Patch-by: Sebastien Duthil Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24repo-add: update copyright messageAllan McRae1-4/+2
Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24repo-add: check for gpg earlyAllan McRae1-9/+14
Check for the presence of gpg as soon as we know we need it. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24repo-add: check for valid key when signing is requestedAllan McRae1-1/+11
Follow the example of makepkg Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24repo-add: add option to specify a different key to sign withDenis A. Altoé Falqueto1-11/+27
Add -k/--key option to specify a non-default key for signing a package database. Original-patch-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24repo-add: simplify usage messageAllan McRae1-3/+3
Listing every option on the usage line becomes unweildly as more options get added so simplify it. Also, provide a standard package name in the repo-add example. Dan: just use 'options' as we use elsewhere, not 'option(s)'. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21pacman-key: improved reading of the configuration fileIvan Kanakarakis1-9/+13
This commit replaces the find_config() function with the get_from() function. get_from expects two arguments, the first is the file to read and the second is the key to look for in the given file. get_from returns the first matching value for the given key. The file is expected to be in the format: key = value Each of 'key' 'equal sign' 'value' can be surrounded be random whitespace. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21pacman-key: display the unsupported command to the userIvan Kanakarakis1-0/+1
If the user provides an unsupported command, inform the user that this switch is unknown, display usage and exit. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21makepkg, pacman-key: unify help message with other scriptsIvan Kanakarakis2-2/+2
The help message changed to match the one rankmirrors script has. It's clearer as to what the --help switch does. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21Add configure option to specify package signing keyAllan McRae1-6/+8
Add the "GPGKEY" option to makepkg.conf for specifying signing packages with the non-default key from the keyring. Is overridded by makepkg's --key option. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-16Merge branch 'maint'Dan McGee1-1/+1
Conflicts: lib/libalpm/alpm.h lib/libalpm/trans.c Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-13makepkg.sh.in: fix a GNU-ism in su invocationRémy Oudompheng1-1/+1
GNU su supports the -c option to specify a command to execute. However, other flavours of su may have a different interpretation of the '-c' flag (e.g. FreeBSD and OpenBSD). The behaviour is correct when '-c' follows an explicit username. Signed-off-by: Rémy Oudompheng <remy@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-05Merge branch 'maint'Dan McGee1-14/+11
Conflicts: lib/libalpm/be_sync.c lib/libalpm/db.c src/pacman/util.c
2011-04-05makepkg: fix a GNU-ism in awk usageRémy Oudompheng1-1/+1
A non-GNU version of awk may not support the (|...) syntax for an optional group and require '()' to match an empty string. The (...)? syntax is more appropriate for this usage. Signed-off-by: Rémy Oudompheng <remy@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-05makepkg: improve parsing for sanity checksAllan McRae1-4/+4
Trailing backslahses can lead to additional spaces at the front of extracted entries. See FS#23524. Strip these while parsing the PKGBUILD entries. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-31makepkg: remove unnecessary tr usageAllan McRae1-3/+1
The use of "tr" only leads to trouble. Remove unnecessary usage of it from within makepkg. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-31makepkg: avoid usage of tr to sidestep locale issuesDave Reisner1-6/+5
to quote dan: "turkish will FUCK YOU UP. this is not the first or the last time" Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-28makepkg: command line options for signing packagesDenis A. Altoé Falqueto1-5/+36
Three new command line options were added: --sign: forces the generation of a signature for the resulting package, taking precedence over the value in makepkg.conf --nosign: do not sign the resulting package --key <key>: use a different key than the user's default for signing the package. A check is performed to ensure the user has (provided) a valid gpg key for signing. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-28Create pacman keyring directory if missingRay Kohler1-1/+6
Use mode 755, so non-root users can see inside. Add "--no-permission-warning" to GPG_PACMAN to suppress the noise that otherwise comes of not using mode 700 - this is not private data. GPGme turns out not to issue this warning itself, so no problem there. TODO: should non-root users be allowed to use the read-only operations (--list, --export, --finger)? Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-28Clean up repo-add usage messageRay Kohler1-18/+25
This now includes -s and -v, tailors itself to the current command, and is formatted more like that of other pacman commands. Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-28Merge branch 'maint'Dan McGee1-1/+5
Conflicts: lib/libalpm/deps.c
2011-03-28Sign database even if emptyRay Kohler1-1/+2
Move the create_signature() call outside the case of non-empty databases, so it will be called regardless. Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-28makepkg: allow PKGEXT and SRCEXT to be overridden by env variablesRay Kohler1-0/+4
Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-28Rely on the return value of type instead of its outputDave Reisner2-4/+4
Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-28Clarify error message in pacman-db-upgradeDan McGee1-1/+5
Addresses FS#23451. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-25Merge branch 'maint'Dan McGee1-5/+5
2011-03-25Make log redirection sanerJan Steffens1-5/+5
My main motivation was to remove the "sync", which can stall for minutes on a busy machine (FS#23378). I also cleaned up the redirection. Signed-off-by: Jan Steffens <jan.steffens@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24Fix use of relative paths for packages in repo-addRay Kohler1-14/+17
Move checksum and pgpsig calcluation before changing into the tmpdir, otherwise we can't find the files if a relative path was used. Signed-off-by: Ray Kohler <ataraxia937@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Merge branch 'gpg-build-tools'Dan McGee2-7/+97
2011-03-23repo-add: add sha256sum values to repo databaseDan McGee1-5/+9
Implements FS#23103. Also modify libalpm so it ignores this value without any warning as we know it is likely to exist. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23pacman-key help, round threeDan McGee1-39/+24
Make it actually like all our other tools rather than some homegrown format. Also make it translator friendly by not wrapping messages across lines in different strings. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23pacman-key: improve usage outputAllan McRae1-17/+21
Make the usage output display nicely on 80 character width terminals. Also fix parsing of "-h" and "-v" options and avoid root check when run with no commands. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23pacman-key: remake of --reload commandDenis A. Altoé Falqueto1-42/+99
The --reload command was refactored to allow a more flexible management. There are two sets of keys that will be added, one that will be removed and one that will be kept. The set of keys to be kept are configured in pacman.conf, with the option HoldKeys, with the same meaning of HoldPkgs. It can be repeated and several values can be put in the same entry. The new behavior allows a key to be marked for removal, but the user can decide if that key must be kept. For example, if a developer has a public repository, signed with his own key, that key must be added to the HoldKeys option. If the key is marked for removal from pacman's keyring, it will not be removed for the users that have configured HoldKeys correctly. There are other minor fixes, mainly in the handling of --add command when there is no aditional parameter. In that case, pacman-key will behave just like gpg, adding the contents of stdin into pacman's keyring. Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
2011-03-23pacman-key: keyring management toolDenis A. Altoé Falqueto3-0/+278
The script pacman-key will manage pacman's keyring. It imports, exports, fetches from keyservers, helps in the process of trusting and updates the trust database. Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23repo-add: add symlink to signature fileAllan McRae1-0/+5
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23repo-add: Fix up usage with GPG optionsDan McGee1-2/+3
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23repo-add: add -v/--verify optionDan McGee1-0/+26
This is intended to verify an existing signature on a database before making further changes to it and performing updates. Rarely would you use this without immediately resigning it via the -s/--sign option. Instead, it is intended as a "chain of trust" operation where the previous signature is verified to give you some sense that what you sign off on is also safe. Still todo: don't make changes unless the signature is not only good, but also in the accepted list of keys. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23repo-add: allow signing of the package databaseDan McGee1-0/+23
In order to be fully secure, we can't only sign packages. We also need to sign our repository metadata to prevent database falsification, dependency injection, etc. Add an '-s/--sign' option that allows this functionality, and will generate a .sig file side-by-side with the package database. While at it, fix the issue where a signature file would never be found because of 'cd' madness (this needs fixing in another commit). Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add PGPSIG field in repo-addGeoffroy Carrier1-0/+6
Use base64 encoding to store the value in the database if a .sig file exists for the package being added. Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23makepkg: place signature symlink in build dirAllan McRae1-2/+3
Be consistent in package and signature placements when using PKGDEST. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23makepkg: allow signatures to work with split packagesDan McGee1-5/+8
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add GPG signature support to makepkgGeoffroy Carrier1-0/+21
This is a rather simple patch to add signing support to makepkg. Add a create_signature() to makepkg, add a 'sign' BUILDENV option in makepkg.conf, and document the changes in the makepkg.conf manpage. Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-20makepkg: Improve optdepends extractionAllan McRae1-4/+8
Prevents issues where optdepends descriptions contain a bracket. Also, strip all comments from arrays before joining them. Fixes FS#23307. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-01Fix some easy to find double translationsDan McGee3-11/+11
A lot of these were places that should have used the same message but didn't, or were very easy to convert to using the same message and letting some of the burden off of the translators. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-11Ensure pkgbase/epoch are defined before doing anythingDan McGee1-3/+4
When generating integrity sums, we could get some weird output before due to epoch being uninitialized: /usr/bin/makepkg: line 234: [[: 2.6.37: syntax error: invalid arithmetic operator (error token is ".6.37") Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-06makepkg: more bash-3.2 compatibilityAllan McRae1-2/+2
Adding the "|| true" to the subshell prevents bash-3.2 setting off the error_trap but requires changing the if statement. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-03makepkg: initialize local arrays to emptyAllan McRae1-3/+3
Fixes bash-3.2 compatibility. Thanks-to: Dave Reisner <d@falconindy.com> Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-02-03makepkg: error on invalid optdependsAllan McRae1-0/+1
Missed in commit a88cb03a. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>