Commit 9c8d7a80 broke the signing of debug packages by merging code up but
not changing the test condition.
Signed-off-by: Allan McRae <allan@archlinux.org>
Assuming that everything is a string leads to code which is effectively:
a=
a+=('bar')
This creates an array with 2 elements instead of one. Using proper array
initialization fixes this.
https://lists.archlinux.org/pipermail/pacman-dev/2018-June/022591.html
Signed-off-by: Allan McRae <allan@archlinux.org>
When comparing the $BUILDDIR to the $startdir, we used string equality
instead of testing whether they are the same location, and ended up
appending $pkgbase even though there's no reason to use it here.
In some cases, this could result in makepkg erroring when trying to
create $srcdir/$pkgdir, if a file with the same name as the $pkgbase
exists. This is expected behavior if a file "src" or "pkg" exists, but
decidedly less so for $pkgbase.
This could be fixed either by setting $startdir to an absolute path, or
by ensuring the test checks this directly; I've chosen to do both, since
the test should really be correctly checking the thing it actually cares
about, but since we ensure absolute paths are used everywhere else, this
might bite us elsewhere someday. It's also more consistent.
Fixes FS#58865
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
It's especially dangerous in trap handlers since the return value of the
function becomes the return value of the last command before the trap,
not the last command in the current function. This applies to any
function executed in a trap handler, nested functions included.
In one case, install_packages failed (via return 14), which was inside a
conditional that then ran exit 14, which triggered the EXIT handler,
which called clean_up, which called remove_deps, which had !RMDEPS and
thus returned. The return value of remove_deps became the return value
of install_packages, triggering the ERR handler, which (due to another
problem) was still the user function handler, which then printed a
misleading error message and overrode the exit code with 4.
Signed-off-by: Allan McRae <allan@archlinux.org>
In commit 8ff03868a3 PACMAN_OPTS was
turned into an array. Unfortunately, that array was generated by
treating the "--color never" option as one string, instead of an
array of two strings...
Fixes FS#58820
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
$restoretrap is empty if the trap was not set. This caused the trap
handler to remain and override later exit codes.
Signed-off-by: Allan McRae <allan@archlinux.org>
We fail with an error, but then we also fail with:
==> ERROR: depends is not allowed to be empty.
/usr/share/makepkg/lint_pkgbuild/pkgname.sh: line 39: continue: only meaningful in a `for', `while', or `until' loop
During the refactor to provide enhanced pkgname=pkgver linting, this was
moved out of the ${pkgname[@]} loop to a distinct function, at which
time it should have been modified to return rather than continue.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
In commit d8717a6a96 the write permission
checks were refactored. Initially we intended to drop this chmod in the
process, but due to some confusion about whether it was needed, I ended
up submitting patches both to preserve and to remove it... but it's not
needed after all. We do it on the individual $srcdir/$pkgdir, later on.
Then, we used the wrong version, which causes unnecessary restrictions.
See FS#58790
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
pacman accepts these, and there is no good reason to be more restrictive
ourselves; we should follow the example of "depends" here.
Update the documentation to actually state that this is supported.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Simplifies the function a bit, but mostly, mkdir -p will never fail if
the directory exists, and therefore makepkg never checks to see if it is
actually writable. On the other hand, it's unnecessary to check if the
directory exists once we know mkdir -p succeeded...
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Reported-by: Rafael Ascensão <rafa.almas@gmail.com>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
In commit d8591dd341 when teaching
--packagelist to print the full filepath for built arches only, I forgot
to update the helptext at the same time as I updated the manpage.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Also remove any translations that are less than 75% complete. These will
be readded once translation completion passes our minimum threshold.
Signed-off-by: Allan McRae <allan@archlinux.org>
In commit 5698d7b66d a new non-root use of
pacman was added -- previously we used -T or -Qq, and run_pacman did not
know how to special-case -Qi to skip being prepended with sudo.
The result is:
-> Generating .BUILDINFO file...
ERROR: ld.so: object 'libfakeroot.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
[sudo] password for eschwartz:
-> Adding changelog file...
Fix this by using a more generic glob since neither -Q nor -T will ever
need sudo or PACMAN_OPTS
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Many of these are pointless (e.g. there is no need to explicitly turn on
spellchecking and language dictionaries for the manpages by default).
The only useful modelines are the ones enforcing the project coding
standards for indentation style (and "maybe" filetype/syntax, but
everything except the asciidoc manpages and makepkg.conf is already
autodetected), and indent style can be applied more easily with
.editorconfig
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
file 5.33 introduces a new MIME type "application/x-pie-executable",
which is used for relocatable binaries. makepkg ignored these binaries
and did not attempt to strip them.
Handle the new MIME type like the old "application/x-sharedlib".
Stripping the binaries with --strip-unneeded to keep relocation
information should be the correct thing to do.
file 5.33 also misidentifies actual libraries as PIE executables, so we
didn't strip any shared libraries, either. We now work around this bug.
Signed-off-by: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
In commit cb0f2bd038 the changes from
commit 81d233b793 seem to have been
inadvertently backed out.
Right now the current check doesn't do anything, since "fail" is always
nothing and therefore successful.
Fixes FS#58505
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Checking the file extension to determine if something is a signature is
currently done in three places:
- verify_file_signature: uses $file to print status, reuses it for
comparison
- source_has_signatures: uses $netfile, but removes url component if
filename component exists
- generate_one_checksum: uses $netfile and fails to detect renamed files
This leads to inconsistent behavior when trying to use a signature of
the form "foo-1.0.tar.gz.asc::https://example.com/foo-1.0.tar.gz.pgp"
Fix this by treating the third case like the second case.
Reported-by: Giancarlo Razzolini <grazzolini@archlinux.org>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Adding the architecture to the 'installed' elements of the .BUILDINFO
file makes it easier to retrieve the packages needed to reconstruct
the build environment.
Signed-off-by: Robin Broda <robin@broda.me>
Signed-off-by: Allan McRae <allan@archlinux.org>
Architecture information is required for repro tooling
This is a revised version of https://patchwork.archlinux.org/patch/475/
Signed-off-by: Robin Broda <robin@broda.me>
Signed-off-by: Allan McRae <allan@archlinux.org>
Since bash 4.1 extglobs can be used within [[ ... ]] regardless of
whether the shopt is set. Our configure.ac requires bash 4.1.0 at a
minimum for pacman scripts.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
micro-optimization: We only care about temporarily enforcing extglob, so
that is the only one we need to explicitly restore.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
In commit 91b72cc386 support was added for
linting depends/etc. to ensure they contain only valid dependency
specifiers. However it did not properly take into account the
possibility of dependencies linked to a specific pkgrel or epoch, which
promptly failed to build because "-" and ":" is not allowed in a pkgver.
pkgrel is something supported by pacman and useful for e.g. split packages
which cannot be mismatched even if the pkgver is the same. Fix by
removing an optional suffixed "-$decimal" when checking for a valid
pkgver.
epoch is kind of difficult to do without :D so likewise fix by removing
an optional prefixed "$integer:"
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Some scripts are using `break 2` to break out of the option parsing
loop.
Since a single `break` is sufficient in these cases, remove the extra
argument.
Signed-off-by: Rafael Ascensão <rafa.almas@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
depends, provides, conflicts, replaces, and other variables that are
meant to contain package names, are now checked to ensure
1) the name component contains only characters that would equate to
a valid pkgname.
2) the version component contains only characters that would equate
to a valid pkgver.
3) comparison operator is a valid comparison operator (e.g. provides
only allows exact = while optdepends doesn't allow anything)
This also refactors pkgname into a shared utility function, wires up
pkgbase optdepends and provides to use it, and gives pkgver a touchup
to allow referencing where it was called from.
Fixes FS#57833 and a bit of extra.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
We use an extended glob here, but were relying on having it globally set
in makepkg. This causes it to fail when used in scripts.
Since scripts using libmakepkg may not want extglob to be set, save and
restore the environment while explicitly setting extglob only where we
need it.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
print_all_package_names used in_opt_array to check whether or not the
PKGBUILD itself has options=('debug' 'split') -- while checking to see
if it was enabled per split package which doesn't make sense as these
options apply globally. This prevented debug packages from being listed
if enabled via makepkg.conf rather than per PKGBUILD.
Instead, use check_option to determine whether makepkg actually thinks
it is meant to try creating a split debug package.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Rather than manually crafting foo_backup in a loop and eval'ing them
with a complicated escape pattern, store every splitpkg_overrides
element into a single variable via the eval-friendly `declare` builtin.
An alternative to eval would be using `printf -v` but this does not work
for arrays.
This has the additional benefit of reducing the number of
variables/arrays floating around in the environment.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Currently the only things we check are:
- Things that should be arrays, are not strings, and vice versa (this
was mostly copy-pasted from the similar code in lint_pkgbuild).
- Variables that are meant to contain pathname components cannot contain
a newline character, because newline characters in pathnames are weird
and also don't play well with future changes intended for the
--packagelist option.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
In commit c6b04c0465 package signing was
moved out of fakeroot, and as part of this process, the global pkgname
variable was modified in order to extract the built package names.
However, if a debug package was not available and added to the list of
packages, the function was aborted early, before the pkgname array was
restored, thereby corrupting the later stages of makepkg and
specifically the install_package function which needs to know which
pkgnames to install.
Fix this by inlining the debug package signing inside the `if` check,
and as added security switch to using `for pkg in "${pkgname[@]}"` as is
done in many other parts of makepkg, since package signing does not
depend on the value of pkgname for anything.
Additionally, since debug packages may not actually exist, check if the
package file exists first.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Followup on c6b04c0465 which refactored
the signing function to run outside of fakeroot, and in the process
moved the status message to outside the $SIGNPKG check.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Additionally provide a separate error for failure to create the
directory vs lack of write permissions on a pre-existing directory.
This also means we now consistently try to create any nonexistent *DEST
directories as needed before aborting with E_FS_PERMISSIONS. Previously
only $BUILDDIR received that kindness.
Fixes FS#43537
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
This fixes an issue where smartcards, such a Yubikey, would cause the
keyring to fail locally signing, thus also failing to verify signed
packages.
Signed-off-by: Eric Renfro <psi-jack@linux-help.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
makepkg configures the umask 0022 as a sane default for building
packages. After installing dependencies, it sources `/etc/profile`
again. If the user configured a umask other than Arch's default of
0022 (or 022) in `/etc/profile`, this sane default is now gone and
needs to be set again.
Signed-off-by: Allan McRae <allan@archlinux.org>
In order to detect if pkgver contains whitespace, we need to quote it.
Previously, only the characters up to the first whitespace was checked.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Before this change, LC_TIME=zh_TW.UTF-8 makepkg has the following line:
==> Making package: foobar 1-1 (日 2月 11 01:13:42 CST 2018)
With this patch, this line becomes:
==> Making package: foobar 1-1 (西元2018年02月11日 (週日) 01時13分57秒)
The latter is more natural for a Chinese native speaker.
Signed-off-by: Chih-Hsuan Yen <yan12125@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Currently this seems to be only theoretically useful. The most likely
reason for wanting a packagelist is in order to script makepkg and
derive the filenames for the packages we want to install or repo-add,
but in the current implementation this requires a lot of additional
post-processing which must be duplicated in every utility to wrap
makepkg.
- It is of minimal use to know what packages might get created on some
other device utilizing a different CPU/OS architecture, so don't list
them.
- It is non-trivial to reimplement makepkg's logic for sourcing any of
several makepkg.conf configuration files, then applying environment
overrides in order to get the PKGDEST and PKGEXT, so include them
directly in the returned filenames.
- Output is delimited by newlines, for readability. For maximum
parsing reliability, libmakepkg needs to learn how to lint the PKGDEST
and PKGEXT variables to ensure they do not contain newlines, which
will be submitted in a separate patch.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Recent versions of GnuPG are perfectly capable of using sane defaults,
and the default SKS keyserver over hkps:// is better than hardcoding the
same keyserver over hkp:// anyway.
Fixes FS#55278
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
In commit ab2be5794d return codes were
implemented, and the output of install_package was improperly assigned
to a variable when the return code was wanted.
All we need to do is restore the previous exit handling, but return $?
instead of hardcoding "0".
Reported-by: xftroxgpx <xftroxgpx@protonmail.com>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
Because parsing pacman.conf is so difficult that even we can't do it
right.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
