From 98bd7e376091ef8a19d848f865521cb13fdfb577 Mon Sep 17 00:00:00 2001 From: Jakub Klinkovský Date: Sun, 11 Feb 2024 13:37:49 +0100 Subject: fix(build): explicitly add --nosign when building a srcpkg We should explicitly instruct makepkg to not sign the source package, even when the BUILDENV array in makepkg.conf contains 'sign'. The devtools workflow is to always sign separately from building, which is different from makepkg and it should not depend on its configuration. Furthermore, this function is currently used only in offload-build to collect sources that are transferred to the server before the build itself. Signing this source package does not provide any benefits. --- src/lib/util/makepkg.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/util/makepkg.sh b/src/lib/util/makepkg.sh index adb3af6..22df247 100644 --- a/src/lib/util/makepkg.sh +++ b/src/lib/util/makepkg.sh @@ -28,7 +28,9 @@ makepkg_source_package() { export LIBMAKEPKG_SRCINFO_SH=1 write_srcinfo() { print_srcinfo; } - set +e -- -F --source + # explicitly instruct makepkg to not sign the source package, even when + # the BUILDENV array in makepkg.conf contains 'sign' + set +e -- -F --source --nosign # shellcheck source=/usr/bin/makepkg source "$(command -v makepkg)" ) -- cgit v1.2.3-70-g09d2