summaryrefslogtreecommitdiffstats
path: root/scripts
AgeCommit message (Collapse)AuthorFilesLines
2017-09-13libmakepkg: check for invalid tags in gitEli Schwartz1-1/+10
As per https://lists.archlinux.org/pipermail/arch-general/2017-July/043876.html git doesn't check that the tag name matches what an annotated tag object *thinks* it should be called. This is a bit of a theoretical attack and some would argue that we should always use commits since upstream can legitimately change a tag, but nevertheless this can result in a downgrade attack if the git download transport was manipulated or the upstream repository hacked. So, check the tag blob to make sure the tag actually matches the name we used for `git checkout`. This really should be fixed in git itself, rather than forcing all downstream users of git verify-tag to implement their own checks, but the git developers disagree, see the discussion surrounding https://public-inbox.org/git/xmqqk2hzldx8.fsf@gitster.mtv.corp.google.com/ Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06makepkg: add more information to .BUILDINFOLevente Polyak1-2/+10
The .BUILDINFO file should retain all the information needed to reproducibly build a package. Add some extra information to the file and also provide a version number to keep track of future changes. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06makepkg: set default value for PACKAGERAllan McRae1-7/+2
In write_pkginfo, we checked if $PACKAGER was undefined, and gave a default value if not. Just do this upfront to simplify this function. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06makepkg: always write pkgbaseAllan McRae1-3/+1
There is little savings in only writing pkgbase when different to pkgname, and it makes determining the pkgbase by parsing .PKGINFO slightly easier. Lets just write it... Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06makepkg: do not write baseverAllan McRae1-3/+0
Since 8a02abcf19, this attribute will never exist. Remove check to write it. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg: Fix improperly spelled local variable declarationEli Schwartz1-1/+1
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg/integrity: Fix error message not sent to stderrEli Schwartz1-1/+1
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06libmakepkg: fix unsanitized source filenamesEli Schwartz1-2/+2
There were a couple places where filenames beginning with "-" were not properly guarded against by passing them after "--". Some PKGBUILD authors are crazy, but we still take those into account. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-16makepkg: introduce SOURCE_DATE_EPOCHAllan McRae1-4/+9
This patch introduces the SOURCE_DATE_EPOCH environmental variable. All files in a package are adjusted to have their modification dates set to the value of SOURCE_DATE_EPOCH, which defaults to "date +%s". Setting this variable allows a package that is built twice in the same environment to be (potentially) reproducible in that the checksum of the generated package file will be the same. Also adjust the compression of the mtree file to avoid gzip embedding a timestamp. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2017-05-16makepkg: remove build date from .PKGINFO headerAllan McRae1-1/+0
This information is duplicated (in less friendly format) in the "builddate" entry and removing it improves reproducible packaging. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2017-05-08makepkg: create signature files outside of fakerootAllan McRae2-7/+36
With recent version of gpg, signing within fakeroot works on the first invocation, but fails on later runs. Sign all packages outside of fakeroot to avoid this issue. Fixes FS#49946. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-17makepkg: do not create symlinks in build directoryAllan McRae1-28/+0
Setting PKGDEST and friends enables us to keep all built packages in a single location. Symlinking these files into the build directory creates unnecessary clutter and requires clean-up in multiple places when removing old version. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-17makepkg: clean up pkgver and prepare log filesHEADworkingMichael Straube1-0/+6
Delete log files for the pkgver and prepare functions if -c,--clean is passed. Fixes FS#51039 and FS#51075 Includes patch submitted by Christian Braun. Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-04Replace @SIZECMD@ with POSIX-compatible commandDrew DeVault2-5/+5
Now uses wc -c $file | cut -d' ' -f1, which works using only POSIX commands and removes the need for any platform-specific usages. Signed-off-by: Drew DeVault <sir@cmpwn.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Provide source files for useful debug packagesAllan McRae1-2/+21
Debug packages are fairly useless currently because the soucre files needed for stepping through code etc are not packaged with them. This patch adds the needed source files to the debug package and adjusts the debug info to look at the /usr/src/debug/ directory for them rather than the build location. This requires using the "debugedit" program which is provided as part of the RPM sources. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: Verify git signaturesEli Schwartz3-12/+79
A git repository is marked as signed if it contains the query "signed" as defined by https://tools.ietf.org/html/rfc3986 Adds two utility functions in util/source.sh.in to extract fragments and queries, and modifies source/git.sh.in to use them. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04libmakepkg/integrity: Verify file signatures in a separate functionEli Schwartz1-38/+46
This makes it easier to add signature verification for new protos. Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04repo-add: sort file list entriesAndrew Gregory1-1/+1
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: sort package contentsAndrew Gregory1-12/+12
By passing a NUL-separated filelist, this also fixes a bug where files that look like bsdtar options in the package root could break the package ("-C" was particularly troublesome because bsdtar interprets it as an option anywhere in the file list, even following "--"). Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: warn about dotfiles in package rootAndrew Gregory3-0/+40
libalpm reserves paths starting with '.' for its own use and will not extract any other than those it recognizes. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Update copyright yearsAllan McRae56-61/+61
Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04makepkg: Disallow forward slashes in pkgverSteef Hegeman1-2/+2
scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in now raises an error when pkgver contains forward slashes. pkgver containing a forward slash results in a package filename containing a forward slash, which isn't a valid filename. Signed-off-by: Steef Hegeman <steefhegeman@hotmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05Build a single debug package for all packages from a PKGBUILDAllan McRae2-7/+13
We want to provide source files with debug symbol packages to allow easy stepping through the program. This becomes difficult with split packages due to the binaries in many of these sharing source files across packages. There are (at least) two solutions to this problem. #1: ensure common source files are located in the debug package for the package lowest in the dependency chain and add dependencies to the debug packages so all require source files are present, or #2: create one debug package for all split packages in a PKGBUILD. The second is a more robust approach despite potentially creating very large debug packages. This patch creates a single $pkgbase-debug package and adds provides such that installing $pkgname-debug will always work. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05add generated scripts to gitignoreChristian Hesse1-0/+3
These files are generated at build time. Ignore in git. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05makepkg: reject packages with newlines in pathsAndrew Gregory3-0/+44
libalpm's local database format does not support paths with newlines. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05makepkg: abort on lint_package errorsAndrew Gregory4-3/+7
Allows lint_package to prevent makepkg from creating an invalid package. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05makepkg: reject package data with newlinesAndrew Gregory1-25/+38
The PKGINFO format cannot handle values that contain newlines. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05makepkg: fix find_lib{depends, provides} resultsAndrew Gregory1-3/+3
Neither function was checking for the existence of actual results before calling printf, resulting in them returning a list with a single empty value if there were no depends/provides. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05makepkg: unset potentially architecture-specific varsDave Reisner1-1/+5
I'm not convinced this is a worthwhile goal, but let's follow suit. Since we can't know the names of all the vars that might exist, unset them by pattern.
2016-12-05makepkg: fix quoting in calls to dependency checkingDave Reisner1-4/+4
2016-12-05makepkg: fix quoting in calls to check_depsDave Reisner1-3/+3
The inside needs quoting, and this is separate from the declartion, which does not (in these cases).
2016-12-05makepkg: make run_function_safe more robustDave Reisner1-8/+11
Use shopt to set/reset errexit and errtrace, which lets us: 1) be more vigilant, resetting anything the user might do to us in PKGBUILD functions. 2) use human-readable words (errexit vs. -e) On top of this, introduce a new save/restore for the shell's other shopts. A user should not have any expectations that what happens in one function is available in another function, if it isn't explicitly defined in the PKGBUILD. While this change does not make that assertion, it gets us closer. We also replace a variable which comes from out of nowhere (pkgfunc) with the positional parameter containing the same value. Quoting is adjusted to make the expansion happen at the time the trap is set, rather than later on.
2016-12-05makepkg: remove vestiges of global errexitDave Reisner1-3/+3
These 'set +E' diversions haven't been needed since global errexit was disabled in dca10b062f2 (January 2012).
2016-12-05Make sure all proper scripts are installed instead of the wrappersJohannes Löthberg1-3/+2
After 1f8f0bd9ac4c11cdc1b9506f9f64d8192ecad4ee all scripts that were changed to using the wrapper for in-tree use have the wrappers installed to the system instead of the actual script, so change the install command to support all wrapped scripts instead of just makepkg. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05Revert "[RFC] Provide source files for useful debug packages"Allan McRae1-19/+1
This reverts commit a79c0038ae84c38fe063bd7426a839f3c01c10e8. I merged the wrong branch into master...
2016-11-02[RFC] Provide source files for useful debug packagesAllan McRae1-1/+19
Debug packages are fairly useless currently because the soucre files needed for stepping through code etc are not packaged with them. This patch adds the needed source files to the debug package and adjusts the debug info to look at the /usr/src/debug/ directory for them rather than the build location. This requires using the "debugedit" program which is provided as part of the RPM sources. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22makepkg: print files with refs to $srcdir/$pkgdirIvy Foster1-7/+9
Since rewriting build_references() anyway, tweaked quoting. Implements FS#31558. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Use coreutils binaries for checking/generating checksumsAllan McRae4-26/+27
If pacman is build against a crypto library other than openssl, it makes no sense to require makepkg to use it. The only currently considered alternative to openssl is nettle, which has no binary for base64 encode/decode. This means that we could replace the hashing cacluations with nettle-hash, but would require base64 from coreutils. Given makepkg already relies heavily on coreutils, we might as well use all the coreutils hashing binaries too. This patch also improves the checking of required binaries for hashing operations. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22makepkg: Move parseopts from library to libmakepkgAlad Wenter9-42/+67
parseopts is used in makepkg and other scripts such as pacman-key as a getopt replacement. Instead of including it in those scripts via a macro, move it to libmakepkg/util/parseopts.sh and have scripts source this file where appropriate. To keep the parseopts test, a new variable was introduced: PM_LIBMAKEPKG_DIR Signed-off-by: Alad Wenter <alad@archlinux.info> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Generalise makepkg-wrapper to handle any script using libmakepkgAllan McRae2-13/+20
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22libmakepkg: generate all scriptsAlad Wenter5-9/+10
In order for the scripts to be used in testsuites, it is easiest to generate all of them so they are found in the build directory (which may be different to the source directory). Signed-off-by: Alad Wenter <alad@archlinux.info> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-11Ensure makepkg-wrapper is built after makepkgAllan McRae1-5/+2
makepkg-wrapper did not get rebuilt if makepkg was regenerated due to library changes. Ensure makepkg-wrapper is always generated and linked any time makepkg changes. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-10lint_pkgbuild/pkgname: pkgname is not allowed to be emptyChristian Hesse1-0/+5
We checked for empty array elements, but did not catch empty array. Add a check for that case as well. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-10Move bash/zsh completion out of contribAllan McRae4-1/+909
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-10Remove pacman-optimizeAllan McRae4-197/+0
The people who believe that pacman-optimize is actually doing something useful are the same people who are voting for Trump. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-10fix --printsrcinfo unify arch and non-arch specific variablesLevente Polyak1-1/+1
This fixes the issue with --printsrcinfo that all arch specific variants of a variable get merged into their non arch specific variant. The .SRCINFO file ends up having $depends containing $depends_x86_64 and omitting the latter. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-09repo-add: fix error in directories with a space in their nameFabio Castell1-1/+1
Fixes FS#50285 Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-02Fix typo in pacman-db-upgrade usage messageAllan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Fix file name in scripts potfileAllan McRae1-5/+5
2016-08-30libmakepkg: look for architecture-specific hashes in get_integlistJack O'Connor1-0/+11
`makepkg -g` looks for existing checksums in the PKGBUILD file, so that it can generate new sums of the same type. Previously it only checked variables of the form "sha256sums", and not "sha256sums_x86_64". That meant it would always fall back to MD5 for packages with only architecture-specific sources. This change makes it look at architecture-specific checksums too to determine the type. Signed-off-by: Jack O'Connor <oconnor663@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>