summaryrefslogtreecommitdiffstats
path: root/scripts
AgeCommit message (Collapse)AuthorFilesLines
2021-03-06fix syntax error when running pacman-key --helpEli Schwartz1-1/+1
In commit 0f75ab3224141a5e8a4fe72b48b4639c83c6316b some unbalanced quotes were added by the committer while editing an error message. Fixes FS#69865 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2021-03-03Strip LTO symbols from distributed .a/.o filesAllan McRae1-0/+13
GCC's LTO implementation emits bytecodes into .o files it generates. These bytecodes are _not_ considered stable from one release of GCC to the next. There we need to strip the LTO bytecode out of any .o (and .a) file that gets installed into the package. Signed-off-by: Allan McRae <allan@archlinux.org>
2021-03-03Add link time optimization support to makepkgAllan McRae2-0/+38
Add the 'lto' option to enable building with link time optimization by adding '-flto' to both CFLAGS and CXXFLAGS. The 'lto' option can be specificed both in the PKGBUILD or by setting the default in makepkg.conf. Signed-off-by: Allan McRae <allan@archlinux.org>
2021-03-01Update copyright yearAllan McRae91-96/+96
Signed-off-by: Allan McRae <allan@archlinux.org>
2021-02-24pacman-key: --refresh-keys queries WKD before keyserverMorten Linderud1-4/+29
With the recent outages of the keyservers there is a possibility of `--refresh-keys` failing to fetch new keys. A lot of current key distribution is done over WKD these days, and `pacman-key` has the ability to use it for `--recv-key`. There was a hope `gpg` would end up supporting WKD for the refresh functionality, but this seems to be limited to expired keys fetched through WKD. Since this functionality isn't yet available it makes sense to stuff it into `pacman-key`. The current implementation looks over all available keyids in the keyring, attempts to fetch over WKD and then fall backs to keyservers if no email has a valid WKD available. The downside of this approach is that it takes a bit longer to refresh the keys, but it should be more robust as the distribution should be providing their own WKDs. Co-authored-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Allan McRae <allan@archlinux.org>
2021-02-24libmakepkg: Support zstd decompression for sourcesMorten Linderud2-1/+7
This enables us to extract files in the source array and ensures that we can decompress files if the uncompressed signature is served. Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Allan McRae <allan@archlinux.org>
2021-02-08makepkg: Don't double-layer distcc on ccacheMatti Niemenmaa1-1/+3
buildenv is set once for build() and a second time for package(). When using both distcc and ccache, this lead to CCACHE_PREFIX="distcc distcc" in package(), which breaks PKGBUILDs that execute the compiler in package() because distcc complains: distcc[383041] (main) CRITICAL! distcc seems to have invoked itself recursively! Avoid causing this error by only adding "distcc" to CCACHE_PREFIX if it's not yet there. Signed-off-by: Matti Niemenmaa <matti.niemenmaa+git@iki.fi> Signed-off-by: Allan McRae <allan@archlinux.org>
2021-02-08makepkg: don't let the strip routine mess up file attributesEli Schwartz1-2/+9
It updates the stripped/objcopied file by creating a temp file, chown/chmodding it, and replacing the original file. But upstream binutils has CVE-worthy issues with this if running strip as root, and some recent versions of strip don't play nicely with fakeroot. Also, this has always destroyed xattrs. :/ Sidestep the issue by telling strip/objcopy to write to a temporary file, and manually dump the contents of that back into the original binary. Since the original binary is intact, albeit with different contents, it retains its correct attributes in fakeroot. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2021-01-11pacman-key: Close msg string in generate_master_keyMorten Linderud1-1/+1
In 19980a61e9ed9b9a57520aaa919c40a4b5311f87 there was a msg added which didn't get the string closed. Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Allan McRae <allan@archlinux.org>
2021-01-03pacman-key: warn about time taken for master key generationAllan McRae1-0/+2
Generating the pacman master key can take some time on systems without enough entropy. Warn the user that the generation may take some time. Fixes FS#30286. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26Add fossil scm support to makepkgIvy Foster4-2/+132
Signed-off-by: Ivy Foster <escondida@iff.ink> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-11-26libmakepkg: compress: fix tar extensionMichael Straube1-0/+3
With commit 74aacf44958e1343b910b3fbdcf753393857f070 creating uncompressed .tar packages fails. -> Compressing package... /usr/share/makepkg/util/compress.sh: line 70: COMPRESS.TAR[@]: invalid variable name bsdtar: Write error Empty the '$ext' variable for the '.tar' extension in get_compress_command() to fix this. We would fallback to cat for 'tar' anyways. Signed-off-by: Michael Straube <michael.straubej@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-10-21makepkg: emptydirs: fix typoMichael Straube1-1/+1
Fix typo in a comment in tidy_emptydirs(). Signed-off-by: Michael Straube <michael.straubej@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-10-21makepkg: properly localize some internal function variablesEli Schwartz1-1/+1
We leaked fullver and pkgarch all over the place, and only conditionally unset the other variables. Marking them local is a more proactive solution. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-10-21makepkg: fix signing of source packagesEli Schwartz1-1/+1
In commit c6b04c04653ba9933fe978829148312e412a9ea7 the signing stage was moved out of fakeroot, and thus into the main control flow instead of create_{,src}package While the function for signing binary packages has logic to build and gpg-sign multiple filenames, the source package never got this special treatment. This would be fine, except it uses the standard variables to set define the filename... like ${fullver}, which is usually set beforehand, but in this case is not. We don't define fullver globally as it's an internal implementation detail, except by sheer coincidence if PKGVERFUNC is false due to improperly guarded code. Result: source packages didn't end up signed. Instead, we raised a logic error: ==> WARNING: Failed to sign package file somepackage-.src.tar.gz. ==> ERROR: An unknown error has occurred. Exiting... Instead, let's just build the version inline, since we only use it once. Reported-by: GaKu999 <g4ku999@gmail.com> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-09-23makepkg: libprovides: don't provide both versioned and unversioned sonamesEli Schwartz1-8/+8
If multiple files match the pattern libfoo.so*, we want to check each of them and see if they are shared libraries, and if so, if they have versions attached. But some packages can have both shared libraries and random files which match the filename pattern. This is true at least for files in /usr/share/gdb/auto-load/, which must match the filename they are paired with, followed by "-gdb.py" (or some other gdb scripting ext), but definitely don't contain a shared library. In this case, we don't want to double-report the library in the generated provides. It's also possible (probably) for a package to provide a versioned as well as an unversioned shared library, but in such cases a single provides entry is sufficient to cover both cases (and the libdepends for the depending package would contain an unversioned dependency). Solve this by keeping track of whether we have added a versioned soname provides already, and then only adding a maximum of one unversioned provides *iff* there isn't a versioned one yet. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-09-03Add pacman-conf zsh completionsRonan Pigott1-1/+95
Signed-off-by: Ronan Pigott <rpigott@berkeley.edu> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-08-10repo-add: use more libmakepkg to handle common compression routinesEli Schwartz1-20/+12
Currently the list of supported formats for an archive, is maintained in two places. And repo-add does not actually get updated. :( In the process, remove some of the logical duplication when calling bsdtar/compress_as. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-08-10libmakepkg: extend compress.sh to also permit checking validityEli Schwartz1-13/+40
get_compression_command() can now be used to do upfront checks for whether a given extension is known to do something successfully. This is useful when writing tools in which an unknown compression type is a fatal error. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-26srcinfo.sh: remove trailing newlineDenton Liu1-3/+2
When a .SRCINFO file is generated via `makepkg --printsrcinfo`, each section is concluded with an empty line. This means that at the end of the file, an empty line remains. This is considered a trailing whitespace error. In fact, `git diff --check` will warn about this, saying "new blank line at EOF." Instead of closing each section off with an empty line, use the empty line to separate sections, omitting the empty line at the end of the file. Signed-off-by: Denton Liu <liu.denton@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-15pacman-key: change signing key to RSA4096Allan McRae1-1/+1
RSA2048 may have been fine when this was written many moons ago, but time this has a bump. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-11makepkg/repo-add: do not accept public-only keys for signingEli Schwartz2-2/+2
If it's not listed by --list-secret-key we don't care if it has been imported into your keyring, it's unusable. And you might not have a private key at all in the no-keyid-specified case. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-11makepkg/repo-add: handle GPGKEY with spacesEli Schwartz3-8/+8
We pass this to gpg -u and this gpg option can accept a number of different formats, not just the historical hexadecimal fingerprint we assumed. We should not barf hard if a format is used which happens to contain spaces. This also fixes a validation bug. When we initially check if the desired key is available, we don't quote spaces, so gpg goes ahead and treats each space-separated string as a *different key* to search for, returning partial matches, and returning success if at least one key is found. But gpg --detach-sign -u will certainly not accept multiple keys! Fixes FS#66949 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-11libmakepkg: fix regression in sending plain() output to stderrEli Schwartz12-33/+41
In commit 882e707e40bbade0111cf3bdedbdac4d4b70453b we changed message output to go to stdout by default, unless it was an error. The plain() function doesn't *look* like an error function, but in practice it was -- it's used to continue multiline messages, and all in-tree uses were for warning/error. This is a problem both because we're sending output to the wrong place, and because in some cases, we were performing error logging from a function which would otherwise return a value to be captured in a variable using command substution. Fix this and straighten out the API by providing two functions: one for continuing msg output, and one which wraps this by sending output to stderr, for continuing error output. Change all callers to use the second function.
2020-06-11makepkg: correctly handle missing download clientsEli Schwartz1-1/+1
This was broken in commit 882e707e40bbade0111cf3bdedbdac4d4b70453b, which changed 'plain()' messages to go to stdout, which was then captured as the download client in question: cmdline=("Aborting..."). The result was a very confusing error message e.g. /usr/share/makepkg/source/file.sh: line 72: $'\E[1m': command not found or with makepkg --nocolor: /usr/share/makepkg/source/file.sh: line 72: Aborting...: command not found The problem here is that we checked to see if an asynchronous subshell, in our case <(...), failed, by checking if its captured stdout is non-empty. Which is terrible, and also a limitation of old bash. But bash 4.4 can use wait $! to retrieve the return value of an asynchronous subshell. Now we target that as our minimum, we can sanely handle errors in such functions. Losing error messages on stdout by capturing them in a variable instead of printing them, continues to be a problem, but this will be fixed systematically in a later commit. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-11makepkg: guard against undefined git pinned sourcesEli Schwartz1-1/+1
If something like source=(..."#commit=") is used, e.g. due to failed variable expansion, we try to check out an empty refspec as nothing at all, and end up just running "git checkout". This happens because we fail at variable expansion too -- so let's quote our variables properly and make sure git sees this as an empty refspec, so it can error out. Also make sure it is interpreted as a ref instead of a path. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-11Revert "makepkg: drop duplicate reporting of missing dependencies"Allan McRae1-0/+6
This removed all information on dependency failures if the --syncdeps flag was not used. A better approach is needed. This reverts commit 4246a4cc4f0f87642cbbb6b375524b2e4c713412. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-01libmakepkg/strip: don't re-add the same debug source multiple timesEli Schwartz1-4/+7
It's either a waste of work, or triggers edge cases in some packages (like coreutils-8.31) where the source file is readonly and cp gets a permission denied error trying to overwrite it with an identical copy of itself. Also while we are at it, make the variable names be something readable, because I could barely tell what this was doing while editing it. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-06-01Remove autotools supportAllan McRae1-287/+0
This removes support for autotools in favour of meson.
2020-05-11makepkg: deterministic PKGINFO libprovides for multiple library versionsLevente Polyak1-1/+1
While iterating over the provides array, the find call for locating a shared library may result in listing multiple entries which by itself does not produce a stable deterministic order and may vary depending on the underlying filesystem. To provide a stable listing and a reproducible .PKGINFO file the result of find is piped to sort with a static LC_ALL=C localisation. Signed-off-by: Levente Polyak <anthraxx@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-02-12makepkg: drop duplicate reporting of missing dependenciesDave Reisner1-6/+0
When pacman fails to satisfy deps, we might see output like the following: ==> Making package: spiderfoot 3.0-1 (Thu 06 Feb 2020 12:45:10 PM CET) ==> Checking runtime dependencies... ==> Installing missing dependencies... error: target not found: python-pygexf ==> ERROR: 'pacman' failed to install missing dependencies. ==> Missing dependencies: -> python-dnspython -> python-exifread -> python-cherrypy -> python-beautifulsoup4 -> python-netaddr -> python-pysocks -> python-ipwhois -> python-ipaddress -> python-phonenumbers -> python-pypdf2 -> python-stem -> python-whois -> python-future -> python-pyopenssl -> python-docx -> python-pptx -> python-networkx -> python-cryptography -> python-secure -> python-pygexf -> python-adblockparser ==> Checking buildtime dependencies... ==> ERROR: Could not resolve all dependencies. This is misleading -- the only truly missing package is python-pygexf, but we fail to remove sync-able deps from our deplist and report everything as if it were missing. Simply drop this extra reporting because pacman already tells us exactly what couldn't be resolved. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-02-10build-aux/update-copyright 2019 2020Allan McRae90-95/+95
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-01-28makepkg: add CRC checksums and set these to be the defaultAllan McRae2-3/+3
Checksums arrays should be filled with values provided by upstream. We currently have md5 set as an unsecure default, and are constantly asked to change it to sha2. However, just changing the default to a stronger checksum gives the user the impression that "makepkg -g" checksums are perfect. Instead, change the default checksum to a CRC, to make it clear that any checksum generated purely by "makepkg -g" is not ideal. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-01-27makepkg: make per-package files containing '$pkgname' consistently workEli Schwartz3-9/+21
Extracting function variables containing arbitrarily scoped variables of arbitrary nature is a disaster, but let's at least cover the common case of using the actual '$pkgname' in an install/changelog file. It's the odd case of actually being basically justified use of disambiguating between the same variable used in multiple different split packages... and also, --printsrcinfo already uses and overwrites the variable 'pkgname' in pkgbuild_extract_to_srcinfo, so this "works" in .SRCINFO but doesn't work in .src.tar.gz It doesn't work in lint_pkgbuild either, but in that case the problem is being too permissive, not too restrictive -- we might end up checking the same file twice, and printing that it is missing twice. Fixes FS#64932 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-12-11libmakepkg: use readelf instead of file for finding ELF file typesEthan Sommer1-14/+12
Signed-off-by: Ethan Sommer <e5ten.arch@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-26makepkg: add the $startdir to package .BUILDINFOEli Schwartz1-1/+2
This value is needed for reproducible builds. The reason is because $BUILDDIR changes its behavior depending on whether it is the same as $startdir, and the result is that we cannot know whether $srcdir (the path that is potentially embedded into the final package) is actually "$BUILDDIR/src" or "$BUILDDIR/$pkgbase/src". Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-26meson: make non-symlink scripts install for real, and use a better wrapperEli Schwartz1-21/+17
We now generate the scripts using their real name, install them using meson's builtin facility instead of an install_script, and generate the wrapper scripts in the root of the build directory, instead of a subdirectory. This gets us closer to resolving FS#64394. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-26makepkg: fix regression that broke extraction of file:// sourcesEli Schwartz2-3/+3
In commit 9c817b654996249b8022e189ee7e2692f4668431 we made these sources extendable, and heuristically determined the correct extraction functions to use. But our fallback for protos that didn't have an exact extract_* function didn't take into account that 'extract_file' matches an actual proto... so we passed the netfile in while the function expected a file. Solution: the function should expect a netfile too, thereby allowing us to delay an attempted resolution of netfile -> file, to the one case where it is actually used. This makes us slightly more efficient in the non-file case, makes our functions a bit more consistent, and makes file:// extraction work again. Fixes FS#64648 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-07repo-add: use wc -c on stdin instead of file to avoid use of cutEthan Sommer1-2/+2
Redirect file to stdin so wc -c doesn't print a file name that needs to be stripped. Signed-off-by: Ethan Sommer <e5ten.arch@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-06build: remove use of handcrafted m4 in configuring scriptsEli Schwartz2-9/+3
Now that library/ is fully gone, we don't need this anymore. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-06scripts/library: remove human_to_sizeEli Schwartz5-72/+0
pkgdelta was the last user, and it is gone now. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-06Remove "Generated from ...; do not edit by hand" from scriptsAllan McRae6-7/+1
This is a useless piece of information. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-06makepkg: replaces sed in-place with built in substitutionEthan Sommer2-5/+5
Reads PKGBUILD into an array and replaces the pkgver and pkgrel with bash parameter substitution, then uses shell redirection to write to to the file. Because shell redirection follows symlinks, this accomplishes the same thing as the previous default of using the GNU-specific --follow-symlinks sed flag. Removes SEDPATH and SEDINPLACEFLAGS from the build systems as they are not used elsewhere. Signed-off-by: Ethan Sommer <e5ten.arch@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-05libmakepkg: fix empty arguments in parseoptsEthan Sommer1-4/+4
Previously parseopts checked if there was an argument by checking that the string was non-empty, resulting in empty arguments being incorrectly considered non-existent. This change makes parseopts check if arguments exist at all, rather than checking that they are non-empty Signed-off-by: Ethan Sommer <e5ten.arch@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-05pacman-key: ignore already lsigned/deleted keysMatthew Sexton1-3/+38
Added two new functions, key_is_lsigned() and key_is_revoked() that check whether a key has been locally signed or revoked respectively during --populate. If the key is already signed or revoked, it is quietly ignored. Suggested-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Matthew Sexton <wsdmatty@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-05pacman-key: hide lsign and revoke output behind --verboseMatthew Sexton1-3/+16
To cut down on spam during --populate, both locally signing and revoking keys now hide the specific keys being signed or revoked, but can be shown with --verbose. A count was added, to show the number of keys signed/revoked during the process. Partially Implements: FS#64142 - pacman-key: make populate less noisy Signed-off-by: Matthew Sexton <wsdmatty@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-04libmakepkg: add optional argument support to parseoptsEthan Sommer1-42/+74
Adds a "?" suffix that can be used to indicate that an option's argument is optional. This allows options to have a default behaviour when the user doesn't specify one, e.g.: --color=[when] being able to behave like --color=auto when only --color is passed Options with optional arguments given on the command line will be returned in the form "--opt=optarg" and "-o=optarg". Despite that not being the syntax for passing an argument with a shortopt (trying to pass -o=foo would make -o's argument "=foo"), this is done to allow the caller to split the option and its optarg easily Signed-off-by: Ethan Sommer <e5ten.arch@gmail.com> Reviewed-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-01Pull latest translations from TransifexAllan McRae39-81/+107
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-30Comma failAllan McRae1-1/+1
2019-10-30makepkg: only run --clean actions if we built a packageEli Schwartz1-1/+1
Fixes issue where users were allowed to run cleanup while running --geninteg or --printsrcinfo or --packagelist, thus mixing invalid responses into stdout. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>