summaryrefslogtreecommitdiff
path: root/scripts
AgeCommit message (Collapse)Author
2011-10-05pacman-key: treat foo-trusted as an ownertrust export fileDan McGee
This allows it to serve double-duty. In order to allow users to base verification decisions off of both a valid signature and a trusted signature, we need to assign some level of owner trust to the keys we designate as trusted on import. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-05pacman-key: refine and clarify import/import-trustdb behaviorDan McGee
* --import now only imports keys from pubkey.gpg and does not import owner trust; if you want to have both simply run the operations in sequence. * --import-trustdb has been simplified; it will overwrite existing values in the trust database as before, but there is no need to export it first as those values are safe if left untouched. * Fix the manpage referring to a non-existent option. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-03makepkg: create tar file for bogus PKGEXTlolilolicon
If PKGEXT is not one of the recognized tar*'s, create_package() would create an empty package file and fail, since bsdtar on the left side of the pipe returns 141 on SIGPIPE (broken pipe). This patch changes the behavior for an invalid PKGEXT. A warning is printed on stderr, and a tar file is created. Also retire the obsolete $EXT variable. Add the obligatory comment why we don't use bsdtar's compression. Finally, fix mixed-tab-space indentation. Signed-off-by: lolilolicon <lolilolicon@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2011-09-30makepkg: support .tar.Z source packages creationlolilolicon
SRCEXT should allow whatever PKGEXT does. Also address an uninitialized use of $ret. Signed-off-by: lolilolicon <lolilolicon@gmail.com>
2011-09-30pacman-key: remove errexit flag from shebangDave Reisner
We're ill equipped to be using this flag as we don't trap and respond to the ERR signal. The result is that if is ever tripped, pacman-key will instantly exit with no indication of why. At the same time, we're already fairly good about doing our own error checking and verbalizing it before dying. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-30pacman-key: return 0 from get_from if default value usedAllan McRae
This prevents the error trap being set off when GPGDir is commented in pacman.conf. Bug introduced in 507b01b9. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-28pkgdelta: proper quoting in [[ expression ]]lolilolicon
Always quote the right-hand side of expression when the == or != operator is used, unless intended as a pattern. Signed-off-by: lolilolicon <lolilolicon@gmail.com>
2011-09-28makepkg: proper quoting in [[ expression ]]lolilolicon
Always quote the righthand side of expression when the == or != operator is used, unless intended as a pattern. Quoting bash(1): When the == and != operators are used, the string to the right of the operator is considered a pattern. Any part of the pattern may be quoted to force it to be matched as a string. Signed-off-by: lolilolicon <lolilolicon@gmail.com>
2011-09-27makepkg: ensure '-' is last in a character globDave Reisner
If '-' isn't the last item, it's interpreted as a range and not literally, causing problematic behavior in parsing optdepends. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-27pacman-key: use consistent punctuation in error messagesDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26pacman-key: allow get_from to return a default valueDave Reisner
Keep the non-zero return val to let the caller know that the key wasn't found. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26pacman-key: simplify writing to config fileDave Reisner
Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26makepkg: normalize whitespace for optdepends in .PKGINFOAllan McRae
Many PKGBUILDs use formatting whitespace when specifying optdepends. This is removed when adding a package to a repo-database so the output of "pacman -Si <package>" and "pacman -Qip <package file>" becomes inconsistent. Instead, do the adjustment when creating the .PKGINFO file. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26makepkg: allow versioned optdepends with epochAllan McRae
Allow the specification of versioned optdepends with an epoch. This also (partially) enforces a whitespace between ":" and the description which is required for the future optdepends parsing code. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22Regenerate message catalogs and translationsDan McGee
We've had a bit of churn since the last time this was done. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22Translation file updates from TransifexDan McGee
Pick up any updates before I push new source messages out to the service. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: add an additional plain text 'foo-trusted' fileDan McGee
This is similar to the 'foo-revoked' file we had. This will be used to inform the user what keys in the shipped keyring need to be explicitly trusted by the user. A distro such as Arch will likely have 3-4 master keys listed in this trusted file, but an additional 25 developer keys present in the keyring that the user shouldn't have to directly sign. We use this list to prompt the user to sign the keys locally. If the key is already signed locally gpg will print a bit of junk but will continue without pestering the user. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: factor out validate_with_gpg() methodDan McGee
This was copy-pasted code for the most part once the filename was factored out. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: remove holdkeys functionalityDan McGee
We're putting the cart ahead of the horse a bit here. Given that our keyring is not one where everything is implicitly trusted (ala gpgv), keeping or deleting a key has no bearing on its trusted status, only whether we can actually verify things signed by said key. If we need to address this down the road, we can find a solution that works for the problem at hand rather than trying to solve it now before signing is even widespread. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: implement promptless lsigningDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: disable, don't remove, revoked keysDan McGee
Unlike our protégé apt-key, removing a key from our keyring is not sufficient to prevent it from being trusted or used for verification. We are better off flagging it as disabled and leaving it in the keyring so it cannot be reimported or fetched at a later date from a keyserver and continue to be used. Implement the logic to disable the key instead of delete it, figuring out --command-fd in the process. Note that the surefire way to disable a key involves including said key in the keyring package, such that it is both in foobar.gpg and foobar-revoked. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: simplify import in populateDan McGee
This finishes the cleanup started in 710e83999bbf. We can do a straight import from another keyring rather than all the funky parsing and piping business we were doing. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: don't hide --verify details in populateDan McGee
Otherwise we're hiding extremely relevant bits like this one: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: print message in populate if signature is missingDan McGee
Rather than saying it was invalid, tell the user no signature exists. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: clean up populate outputDan McGee
* Ensure usage message is indented correctly * Show short filenames for both the gpg keyring and revocation file Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22pacman-key: ensure array iterations are quotedDan McGee
When doing something like `pacman-key --edit-key 'Dan McGee'`, one would expect it to work, and not fail. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-14buildsys: remove existing symlinks before installingDave Reisner
This fixes build errors when performing a manual install straight to a filesystem where the files already exist. Reported-by: Sergej Pupykin <ml@sergej.pp.ru> Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-14makepkg: fix recreation of hardlinks to .gz manpagesDave Reisner
4ed12ae tightened up the logic to use only find, but ignored the fact that since the manpage hard link names were no longer captured. They were created as separate compressed manpages, rather than as hardlinks. This also introduces a minor efficiency of deleting all hardlinks at once and using proper iteration over an array rather than a string. Note to anyone else touching this code: e2fsprogs and libpcap are useful for testing this. If that changes in the future, you can use the below bash to locate others: IFS=$'\n' read -rd '' -a a < <(find /usr/share/man -type f \! -links 1) pacman -Qqo "${a[@]}" | sort -u I broke it! Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-14makepkg: add missing newline on passing gpg sourcecheckDave Reisner
When a sourceball passes this check without any warnings, a newline is omitted. Similar to the if clause of this else block, print a single new line at the end of the clause instead of accounting for each output. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-12makepkg: check for var existance before file existanceDave Reisner
This prevents makepkg from aborting with 'file not found' when changelog= or install= are declared in a PKGBUILD, but empty. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-11makepkg: unset errexit when sourcing /etc/profileDave Reisner
This is a fix for a bash3 specific bug, where a file sourced by /etc/profile would exit non-zero and make its way back up to makepkg, forcing it to exit after package installation. Along with unsetting the ERR handler, temporarily unset errexit to avoid this. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-07makepkg: use more awk'ish syntax in sanity checksDave Reisner
This simplifies the flow a bit, making the pipeline a little easier to grok. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-07makepkg: avoid for loop in deleting manpage hardlinksDave Reisner
find can do this all on its own and remain portable. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-07makepkg: act on function return value, not outputDave Reisner
Correcting a typo, as this function will never output anything. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-07makepkg: refactor check_pgpsigs outputDave Reisner
- display associated warnings on same line as pass/fail msg, to be more consistent with checksum verification output - properly error on a revoked key (matching pacman's behavior) Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-06makepkg: use globs in place of regexDave Reisner
We seem to enjoy using bash regex capabilities, but never referencing the result with BASH_REMATCH. Replace almost all regexes with equivalent globs which are faster and functionally equivalent in these cases. This enables the extglob shopt. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-06makepkg: unset variables as per !{make,build}flagsDave Reisner
Don't just set the flag variables to zero length strings, actually unset them from the environment. This fixes issues with broken gnu Makefies that use ?= for assigment, where the presence of a var is enough to make this condition avoid assignment. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-06rankmirrors: properly sort resulting timesDave Reisner
- Properly read each sorted line into a new array, instead of breaking on every word. - LC_COLLATE should apply to the sort portion of the pipeline, not the printing. Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2011-09-02pacman-key: add --refresh-keys operationDan McGee
This allows new signatures to be pulled, revocations to be found, etc. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02pacman-key: split keyserver to a separate optionDan McGee
This also renames '--receive' to '-recv-keys' to match the wrapped gpg option name, rather than invent a new one, now that the calling convention is the same. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02pacman-key help and documentation cleanupDan McGee
We were using the mystical [<foobar>] options which is some sort of cross between a <required> argument and an [optional] one. Remove this madness and do some other general cleanup/consistency work in the manpage. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02pacman-key: document --lsign-keyDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-01makepkg: fix overzealous PGP signature file matchingDan McGee
The regex wasn't rooted at the end of the filename, nor was it matching a period/dot before the file extension. The end result was this matched a file named '07_all_sig.patch' which is totally broken. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-01makepkg: fix sanity checking in versioningDave Reisner
Read the entire variable, respecting escapes, which are necessary to retain for the successive eval. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-01makepkg: read filenames in a while loopDave Reisner
Further improvments on 2ca27ab which will allow the changelog and install script files to contain whitespace. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-01makepkg: fix breakage in eval'ing quoted stringsDave Reisner
Broken in 2ca27a by me, trying to fix another problem. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-30pacman-key: add --lsign-key operationDan McGee
This allows local signing of a given key to help establish the web of trust rooted at the generated (or imported) master key. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-30pacman-key master key generationDan McGee
This enables pacman-key, during --init, to generate a single secret key for the pacman keyring if one is not present. This will be used as the root of the web of trust for those that do not wish to manage it with their own key, as will be the default. This does not preclude later adding other secret keys to the keyring, or removing this one- we simply ensure you have at least one secret key available. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-29pacman-key: fix broken logic around updating trust databaseDan McGee
Any option that flips UPDATEDB=1 doesn't work right now due to what we thought was a good idea in commit cab1379a1ab14. Fix this by not including the update operation in the option count and special casing it where necessary. Also, bring back the helpful "Updating trust database" message. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-29pacman-key: have --init add more options to default gpg.confDan McGee
This adds a add_gpg_conf_option() helper function which tries to be intelligent and only add not found options, and those which have not been explicitly commented out. The new options added are 'no-greeting', 'no-permission-warning', and a default 'keyserver'. Signed-off-by: Dan McGee <dan@archlinux.org>