Not all sed implementations on linux accept the --follow-symlinks
argument, so let the user configure the arguments passed to sed if
required.
Signed-off-by: Alastair Hughes <hobbitalastair@gmail.com>
[Allan: fixed configure summary output]
Signed-off-by: Allan McRae <allan@archlinux.org>
If SOURCE_DATE_EPOCH is set, `touch` all source files between the (optional)
prepare() and build() functions to unify the modification times. This works
around build systems and compilers that embed the file modification times
into the file contents of release artifacts.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
As per https://lists.archlinux.org/pipermail/arch-general/2017-July/043876.html
git doesn't check that the tag name matches what an annotated tag object
*thinks* it should be called. This is a bit of a theoretical attack and
some would argue that we should always use commits since upstream can
legitimately change a tag, but nevertheless this can result in a
downgrade attack if the git download transport was manipulated or the
upstream repository hacked.
So, check the tag blob to make sure the tag actually matches the name we
used for `git checkout`.
This really should be fixed in git itself, rather than forcing all
downstream users of git verify-tag to implement their own checks, but
the git developers disagree, see the discussion surrounding
https://public-inbox.org/git/xmqqk2hzldx8.fsf@gitster.mtv.corp.google.com/
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
The .BUILDINFO file should retain all the information needed to reproducibly
build a package. Add some extra information to the file and also provide a
version number to keep track of future changes.
Signed-off-by: Allan McRae <allan@archlinux.org>
In write_pkginfo, we checked if $PACKAGER was undefined, and gave a default
value if not. Just do this upfront to simplify this function.
Signed-off-by: Allan McRae <allan@archlinux.org>
There is little savings in only writing pkgbase when different to pkgname, and
it makes determining the pkgbase by parsing .PKGINFO slightly easier. Lets just
write it...
Signed-off-by: Allan McRae <allan@archlinux.org>
There were a couple places where filenames beginning with "-" were not
properly guarded against by passing them after "--". Some PKGBUILD
authors are crazy, but we still take those into account.
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This patch introduces the SOURCE_DATE_EPOCH environmental variable. All files
in a package are adjusted to have their modification dates set to the value
of SOURCE_DATE_EPOCH, which defaults to "date +%s".
Setting this variable allows a package that is built twice in the same
environment to be (potentially) reproducible in that the checksum of the
generated package file will be the same.
Also adjust the compression of the mtree file to avoid gzip embedding a
timestamp.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This information is duplicated (in less friendly format) in the "builddate"
entry and removing it improves reproducible packaging.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
With recent version of gpg, signing within fakeroot works on the first
invocation, but fails on later runs. Sign all packages outside of fakeroot
to avoid this issue.
Fixes FS#49946.
Signed-off-by: Allan McRae <allan@archlinux.org>
Setting PKGDEST and friends enables us to keep all built packages in a single
location. Symlinking these files into the build directory creates unnecessary
clutter and requires clean-up in multiple places when removing old version.
Signed-off-by: Allan McRae <allan@archlinux.org>
Delete log files for the pkgver and prepare functions if -c,--clean is
passed.
Fixes FS#51039 and FS#51075
Includes patch submitted by Christian Braun.
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
Now uses wc -c $file | cut -d' ' -f1, which works using only POSIX
commands and removes the need for any platform-specific usages.
Signed-off-by: Drew DeVault <sir@cmpwn.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Debug packages are fairly useless currently because the soucre files needed
for stepping through code etc are not packaged with them. This patch adds the
needed source files to the debug package and adjusts the debug info to look at
the /usr/src/debug/ directory for them rather than the build location. This
requires using the "debugedit" program which is provided as part of the RPM
sources.
Signed-off-by: Allan McRae <allan@archlinux.org>
A git repository is marked as signed if it contains the query "signed"
as defined by https://tools.ietf.org/html/rfc3986
Adds two utility functions in util/source.sh.in to extract fragments and
queries, and modifies source/git.sh.in to use them.
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
This makes it easier to add signature verification for new protos.
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
By passing a NUL-separated filelist, this also fixes a bug where files
that look like bsdtar options in the package root could break the
package ("-C" was particularly troublesome because bsdtar interprets it
as an option anywhere in the file list, even following "--").
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
libalpm reserves paths starting with '.' for its own use and will not
extract any other than those it recognizes.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in now raises an error when
pkgver contains forward slashes.
pkgver containing a forward slash results in a package filename
containing a forward slash, which isn't a valid filename.
Signed-off-by: Steef Hegeman <steefhegeman@hotmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
We want to provide source files with debug symbol packages to allow easy
stepping through the program. This becomes difficult with split packages due
to the binaries in many of these sharing source files across packages.
There are (at least) two solutions to this problem. #1: ensure common source
files are located in the debug package for the package lowest in the dependency
chain and add dependencies to the debug packages so all require source files
are present, or #2: create one debug package for all split packages in a
PKGBUILD. The second is a more robust approach despite potentially creating
very large debug packages.
This patch creates a single $pkgbase-debug package and adds provides such that
installing $pkgname-debug will always work.
Signed-off-by: Allan McRae <allan@archlinux.org>
These files are generated at build time. Ignore in git.
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
libalpm's local database format does not support paths with newlines.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Allows lint_package to prevent makepkg from creating an invalid package.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
The PKGINFO format cannot handle values that contain newlines.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Neither function was checking for the existence of actual results before
calling printf, resulting in them returning a list with a single empty
value if there were no depends/provides.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
I'm not convinced this is a worthwhile goal, but let's follow suit.
Since we can't know the names of all the vars that might exist, unset
them by pattern.
Use shopt to set/reset errexit and errtrace, which lets us:
1) be more vigilant, resetting anything the user might do to us in
PKGBUILD functions.
2) use human-readable words (errexit vs. -e)
On top of this, introduce a new save/restore for the shell's other
shopts. A user should not have any expectations that what happens in
one function is available in another function, if it isn't explicitly
defined in the PKGBUILD. While this change does not make that
assertion, it gets us closer.
We also replace a variable which comes from out of nowhere (pkgfunc)
with the positional parameter containing the same value. Quoting is
adjusted to make the expansion happen at the time the trap is set,
rather than later on.
After 1f8f0bd9ac all scripts that were
changed to using the wrapper for in-tree use have the wrappers installed
to the system instead of the actual script, so change the install
command to support all wrapped scripts instead of just makepkg.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Debug packages are fairly useless currently because the soucre files
needed for stepping through code etc are not packaged with them. This
patch adds the needed source files to the debug package and adjusts
the debug info to look at the /usr/src/debug/ directory for them rather
than the build location. This requires using the "debugedit" program
which is provided as part of the RPM sources.
Signed-off-by: Allan McRae <allan@archlinux.org>
If pacman is build against a crypto library other than openssl, it makes no
sense to require makepkg to use it.
The only currently considered alternative to openssl is nettle, which has no
binary for base64 encode/decode. This means that we could replace the hashing
cacluations with nettle-hash, but would require base64 from coreutils.
Given makepkg already relies heavily on coreutils, we might as well use all
the coreutils hashing binaries too.
This patch also improves the checking of required binaries for hashing
operations.
Signed-off-by: Allan McRae <allan@archlinux.org>
parseopts is used in makepkg and other scripts such as pacman-key as a
getopt replacement.
Instead of including it in those scripts via a macro, move it to
libmakepkg/util/parseopts.sh and have scripts source this file where
appropriate.
To keep the parseopts test, a new variable was introduced:
PM_LIBMAKEPKG_DIR
Signed-off-by: Alad Wenter <alad@archlinux.info>
Signed-off-by: Allan McRae <allan@archlinux.org>
In order for the scripts to be used in testsuites, it is easiest to generate
all of them so they are found in the build directory (which may be different
to the source directory).
Signed-off-by: Alad Wenter <alad@archlinux.info>
Signed-off-by: Allan McRae <allan@archlinux.org>
makepkg-wrapper did not get rebuilt if makepkg was regenerated due to library
changes. Ensure makepkg-wrapper is always generated and linked any time
makepkg changes.
Signed-off-by: Allan McRae <allan@archlinux.org>
We checked for empty array elements, but did not catch empty array. Add
a check for that case as well.
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
The people who believe that pacman-optimize is actually doing something
useful are the same people who are voting for Trump.
Signed-off-by: Allan McRae <allan@archlinux.org>
This fixes the issue with --printsrcinfo that all arch specific variants
of a variable get merged into their non arch specific variant.
The .SRCINFO file ends up having $depends containing $depends_x86_64
and omitting the latter.
Signed-off-by: Allan McRae <allan@archlinux.org>
