| Age | Commit message (Collapse) | Author |
|---|
|
Previously, we used a single boolean value to determine correlation of
sources to checksums. Since the introduction of arch-specific sources,
this is no longer sufficient, as we must ensure that we have checksums
for (potentially) multiple source arrays.
This change inlines the logic of have_sources to build an associative
array of source array names, unsetting them as we discover their
checksums. The error condition then becomes a non-empty correlation
array.
Fixes: https://bugs.archlinux.org/task/43192
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This prevents the database from becoming inaccessible for non-root
users when the script was executed with a umask of 027.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We validated all sources when making a source package, whether or not they
are included in the tarball.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
People have mentioned that the silent upgrade to DB version 9 when no
adjustments are needed for directory symlinks is confusion. Always print
the upgrading message.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
I'm pretty sure this is some kind of left over stuff that was supposed
to print the filename, linenumber and line content. This is already
done so just remove it.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Before this, we'd see bizzare behavior of:
-> Adding changelog file (systemd.install)...
And, changelog files in the global section would not be added at all.
The code is clearly wrong here, as it references 'install' within a
loop of 'changelog' and 'install'. Let's use parameter indirection to
ensure that the proper file is identified and added.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
GnuPG 2.1 no longer allow empty passphrases by default.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
File in noextract should still be symlinked into $srcdir so that they
can be accessed without using $SRCDEST. Using noextract on VCS files
makes no sense as these are not being extracted, so now this does
nothing.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This matches the behaviour with non-VCS sources. It also allows incremental
builds when subversion is used to obtain sources.
Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Referenced by FS#41811
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
bzr does not recognize bare ssh:// urls.
Fixes FS#41811
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The local changes are discarded when updating. This matches the behaviour
when non-VCS sources are used. It also allows incremental builds.
This also changes the checkout during bzr source "extraction" to a heavyweight
checkout so that pulling a specific revision does not alter the original
download.
Original-work-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The local changes are discarded when updating. This matches the behaviour
when non-VCS sources are used. It also allows incremental builds.
Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Previously the sources were dowloaded in HEAD revision in the download_svn().
If a specific revision was requested in fragment, the code was updated to that
revision in extract_svn(). However, because SVN is a centralized system,
this means that the changed sources has to be downloaded again.
By moving the fragment handling to download_svn(), we get the correct revision
without having to download it later in extract_svn().
Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The local changes are discarded when updating. This matches the behaviour
when non-VCS sources are used. It also allows incremental builds.
Signed-off-by: Lukáš Jirkovský <l.jirkovsky@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Similar to .PKGINFO, .SRCINFO provides structured metadata from the
PKGBUILD to be included with source packages.
The format is structured such that it contains a "pkgbase" and one to
many "pkgname" sections. Each "pkgname" section represents an "output
package", and inherits all of the attributes of the "pkgbase" section,
and then can define their own additive fields.
For example, a simple PKGBUILD:
pkgbase=ponies
pkgname=('applejack' 'pinkiepie')
pkgver=1.2.3
pkgrel=1
arch=('x86_64' 'i686')
depends=('friendship' 'magic')
build() { ...; }
package_applejack() {
provides=('courage')
...;
}
package_pinkiepie() {
provides=('laughter')
...;
}
Would yield the following .SRCINFO file:
pkgbase = ponies
pkgdesc = friendship is magic
pkgver = 1.2.3
pkgrel = 1
arch = x86_64
arch = i686
depends = friendship
depends = magic
pkgname = applejack
provides = courage
pkgname = pinkiepie
provides = laughter
The code to generate this new file is taken a project which I've been
incubating[0] under the guise of 'mkaurball', which creates .AURINFO
files for the AUR. AURINFO is the exactly same file as .SRCINFO, but
named as such to make it clear that this is specific to the AUR.
Because we're parsing shell in the packaging functions rather than
executing it, there *are* some limitations, but these only really crop
up in more "exotic" PKGBUILDs. Smoketesting[1] for accuracy in the Arch
repos yields 100% accuracy for [core] and [extra]. [community] clocks in
at ~98% accuracy (.3% difference per PKGBUILD), largely due to silly
haskell packages calling pacman from inside the PKGBUILD to determine
dependencies. [multilib] currently shows about 92% accuracy -- a
statistic which can be largely improved by utilizing the recently merged
arch-specific attribute work. This is also a smaller repo so the numbers
are somewhat inflated. In reality, this is only a .8% variance per
PKGBUILD.
Together, we can make PKGBUILD better.
[0] https://github.com/falconindy/pkgbuild-introspection
[1] https://github.com/falconindy/pkgbuild-introspection/blob/master/test/smoketest
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We can avoid setting a default value for epoch since we intend to mean
unset and "0" as the same thing. This is also a more consistent default
as the display of epoch=0 is no epoch at all in the full package
version.
The extra paranoia in get_full_version can be removed due to lint_epoch
guarding against non-integer values of epoch.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This bug isn't currently exposed by any of the existing codepaths, but
an upcoming patch to introduce SRCINFO files to makepkg will expose
this.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This regression snuck in during some reviewing of 963f7fe02fcb14
(arch-specific sources). We must always check the source=() array for
sources.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In all other cases, this code gets the outvalue from the final
parameter.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Interesting attributes created with 'local' or 'declare' won't be
surfaced in .PKGINFO, so we shouldn't try to look for them.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Rather than implementing suffix matching, which might clash, let's just
print the full fingerprint of the err'ing key so that the user can
copy/paste it into validpgpkeys. Also, make it clear in the manpage
that validpgpkeys needs full fingerprints, and nothing else.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This reverts commit 50296576d006d433fbfd4a6c57d5f95a942f7833.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
grep'ing out blank lines and sorting output thoroughly breaks any file
lists with %BACKUP% entries which must be separated from the file list
by a blank line. Adds a custom function to ensure that all paths
printed are non-empty and unique.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
I found this feature confusing, and the documentation wasn't any help.
It was pointed out to me on IRC that validpgpkeys expects full
fingerprints, and won't accept shorter forms. This makes the
documentation insufficient, and the variable name itself misleading.
This patch bolsters the documentation to explain more about what the
contents should be, and implements suffix matching to allow matching on
shorters fingerprint suffices. Now, when makepkg tells you that a key
ID isn't valid, it's sufficient to manually check the key ID against
the known good ID, and add it as is to validpgpkeys.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This commit changes the few remaining instances of:
[[ ! $foo = "$bar" ]]
to the more common:
[[ $foo != "$bar" ]]
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
This implements support for declarations such as:
arch=('i686' 'x86_64')
...
source=("somescript.sh")
source_i686=("http://evilmonster.com/i686/ponies-9001-1.i686.bin")
source_x86_64=("http://evilmonster.com/i686/ponies-9001-1.x86_64.bin")
md5sums=('d41d8cd98f00b204e9800998ecf8427e')
md5sums_i686=('e4ca381035a34b7a852184cc0dd89baa')
md5sums_x86_64=('4019740e6998f30a3c534bac6a83f582')
Just the same as the "untagged" sources, multiple integrity algorithms
are supported. The manpage is updated to reflect support for these
suffices.
This commit also refactors download_sources slightly:
1) to use the otherwise preferred convention of lowercase local variable
names, and to make the handling of $1 more clear.
2) rename the "fast" parameter to "novcs", to make it more clear what
this token does.
3) add a new possible token "allarch" to ensure that download_sources
will fetch all sources, for all architectures.
|
|
This also fixes a "bug" in which a PKGBUILD without any source array
would generate "md5sums=()". While not technically wrong, we can easily
do better and emit nothing at all.
|
|
|
|
We rely on values in the arch array to be valid as part of variable
names, so extend the arch lint check to catch this.
This also cleans up lint_arch to restrict the use of "lint" only to the
package-specific architecture checks. It previously had an odd
declaration with a conditional expansion that would never be true.
|
|
Since source package creation is architecture independent, we should
ignore architecture-dependent behaviors such as the lint check which
will halt execution when the host machine is not a supported arch.
https://github.com/falconindy/pkgbuild-introspection/issues/15
|
|
unix has no "folders".
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Original-work-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
* convert dbpath from argument to option
* add --config and --root options
* read dbpath and root from config file
* if root is set but not dbpath, dbpath is set relative to root
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This eval enables the following in a PKGBUILD to "just work":
source=('$pkgname-$pkgver.tar.gz'::'https://host/$pkgver.tar.gz')
This has at least two problems:
- It violated the principle of least surprise.
- It could be a security issue since URLs are arbitrary input.
Instead, expand the dlagent command line into an array, replace the %o,
%u place holders, and run the resultant command line as is.
Embedded spaces in the DLAGENTS entry can be escaped with a backslash.
Fixes FS#41682
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Git has the ability to use helper applications for interfacing with hg,
and from what we had before, the following url::
foo::git+hg::http://foo.bar/foobar
would get converted to something along the lines of:
filename: foo
URL: http://foo.bar/foobar
and the 'git+hg' part would essentially be ignored when it's getting set
up in the 'get_protocol' and 'get_downloadclient' functions. With this
patch it is possible to have a source link with '::' in it, however it
is not possible to have a filename with '::', which is the current
behavior.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Prevents trust being spoofed by using TRUST_FULLY in the signatory's name
or in an added notation.
Fixes FS#41147.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
|
|
This introduces support for architecture-specific conflicts, depends,
optdepends, makedepends, replaces, and conflicts by appending "_$CARCH"
to the array name. For example, in the global section:
arch=('i686' 'x86_64')
depends=('foo')
depends_x86_64=('bar')
This will generate depends of 'foo' and 'bar' on x86_64, but only 'foo'
on i686. Moreover, this is supported in the package functions with the
same heuristics as the generic names, e.g.
...
arch=('i686' 'x86_64')
depends=('foo')
...
package_somepkg() {
depends_x86_64=('bar')
...
}
Again, will cause x86_64 to have depends of 'foo' and 'bar', but only
'foo' for i686.
|