summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-03-19makepkg: use "shared" git clones when checking out sourcesEli Schwartz
In order to cache sources offline, makepkg creates *two* copies of every git repo. This is a useful tradeoff for network time, but comes at the cost of increased disk space. Normally, git can smooth this over automagically. Whenever possible, git objects are hardlinked to save space, but this does not work when SRCDEST and BUILDDIR are on separate filesystems. When the repo in question is both very large (linux.git for example is 2.2 GB) and crosses filesystem boundaries, this results in a lot of extra disk space being used; the most likely scenario is where BUILDDIR is a tmpfs for bonus ouch. git(1) has a builtin feature which serves this case handily: the --shared flag will create the info/alternates file instructing git to not copy or hardlink or create objects/packs at all, but merely look for them in an external location (that being the source of the clone). The downside of using shared clones, is that if you modify and drop commits from the original repo, or simply delete the whole repo altogether, you break the copy. But we don't care about that here, because 1) the BUILDDIR copy is meant to be a temporary copy strictly derived via PKGBUILD syntax from the SRCDEST, and must be able to be recreated at any time, 2) if the SRCDEST disappears, makepkg will redownload it, thus restoring the objects needed by the BUILDDIR clone, 3) if the user does non-default things like hacking on the BUILDDIR copy then deleting and re-cloning the SRCDEST may result in momentary breakage, but ultimately should be fine -- the unique objects they created will be stored in the BUILDDIR copy. While it's theoretically possible that upstream will force-push to overwrite the base tree from which makepkg is building (which they should not do), *and* the user deleted their SRCDEST which they should not do, *and* they saved work in makepkg's working directory which they should not do either... ... this is an unlikely chain of events for which we should not care. Using --shared is therefore helpful in immediately useful ways and IMHO has no actual downsides; we should use it. An alternative implementation would be to use worktrees. I've rejected this since it is essentially the same as shared clones, except adding additional restrictions on the branch namespace, and could potentially break existing use cases such as manually handling the SRCDEST in order to share repositories with normal working copies. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-19build: check for gpgme with pkg-config before gpgme-configEli Schwartz
gpgme in git master now supports pkg-config and with the next release we can and should prefer its use. However, retain the legacy code that enables building with older versions of gpgme, as a fallback. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-19drop DU* config variablesSantiago Torres
Since DUFLAGS and DUPATH are not needed anymore remove them from the source Signed-off-by: Santiago Torres <santiago@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-19build: remove references to variable replacements from pacman-optimizeEli Schwartz
MODECMD and OWNERCMD are not used by pacman itself, so we don't need to check for and replace them now that pacman-optimize is removed. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-19Make makepkg compute sizes properlySantiago Torres
Makepkg used to use du --apparent-size to compute the size of the package. Unfortunately, this would result in different sizes depending on the filesystem used (e.g., btrfs vs ext4), which would affect reproducible builds. Use a wc-based approach to compute sizes Signed-off-by: Santiago Torres <santiago@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-19Reformatting log timestamp to include time-zoneFlorian Wehner
The time logged is currently given as localtime without any timezone information. This is confusing in various scenarios. Examples: * If one is travelling across time-zones and the timestamps in the log appear out of order. * Comparing dates with `datediff` gives an offset by the time-zone This patch would reformat the time-stamp to a full ISO-8601 version. It includes the 'T' separating date and time including seconds. Old: [2019-03-04 16:15] New: [2019-03-04T16:15:45-05:00] Signed-off-by: Florian Wehner <florian@whnr.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07Remove support for deltas from libalpmAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07Make pacman forget deltas existAllan McRae
Dummy callbacks are still present to prevent compiler warnings until libalpm is delta free. Also remove Delta parsing from pacman.conf. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07Remove cleanupdeltaAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07Remove pkgdeltaAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07Remove delta support from repo-addAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07doc: add man page for pacman-confJelle van der Waa
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07doc: set rootdir correctly in man pagesJelle van der Waa
If an alternative rootdir is specified in either meson or configure it's not respected in the generated man pages. Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07makepkg: add new checksum algorithm via coreutils b2sumEli Schwartz
coreutils 8.26 in December 2016 added this new hashing method which is compatible with the existing md5sum and sha*sum tool usage, while using the blake2 hash algorithm. makepkg uses coreutils to provide source file integrity checks via ${integ}sum binaries and it makes sense to offer this as an additional option. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07pacman: fix segfault when Usage is specified without a valuemorganamilo
And extract all the common code to a macro. Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-01Sanitize file name received from Content-Disposition headerAndrew Gregory
When installing a remote package with "pacman -U <url>", pacman renames the downloaded package file to match the name given in the Content-Disposition header. However, pacman does not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a content-disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. For example, a malicious package-hosting server (or a network man-in-the-middle, if downloading over HTTP) could serve the following header: Content-Disposition: filename=../../../../../../usr/share/libalpm/hooks/evil.hook and pacman would move the downloaded file to /usr/share/libalpm/hooks/evil.hook. This invocation of "pacman -U" would later fail, unable to find the downloaded package in the cache directory, but the hook file would remain in place. The commands in the malicious hook would then be run (as root) the next time any package is installed. Discovered-by: Adam Suhl <asuhl@mit.edu> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-21Use standard, consistent units in the download progress.Sever Oraz
Rather than use M/s which can be either MB or MiB, specify that it uses MiB (consistent with the displayed total size). Fixes FS#59201 Signed-off-by: Sever Oraz <severoraz@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-21meson: fix static/shared split againEli Schwartz
shared_library does not generate a sane pkg-config file because it assumes we don't want dependencies. Additionally, since we key off of buildstatic, when *not* using buildstatic but attempting to build libalpm on its own as static using -Ddefault_library=static, we are building and linking to a shared libalpm anyway. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-21libmakepkg: migrate to schema.sh for integsumsEli Schwartz
We cannot use most of the arrays defined in schema.sh as srcinfo is dependent on the order, but migrate the hashes for now. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-21makepkg: simplify run_pacman logicEli Schwartz
We don't need to check the options twice, since it is the same check both times. Instead, merge the conditionals. As far as I can tell, the only reason the checks for: - PACMAN_OPTS and - whether to use sudo were ever separated is due to the historic existence of --asroot, since the second check included a check for (( ! ASROOT )) until it was cleaned up in commit 61ba5c961e4a3536c4bbf41edb348987a9993fdb. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-21makepkg: implement locking for pacman commandsEli Schwartz
When pacman is run as root to do -S, -U, or -R, it would immediately abort if pacman is not ready for use. Instead, poll the lockfile and wait until it becomes available. Implements FS#28840 Original-patch-by: Georges Dubus <georges.dubus@compiletoi.net> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-12build: link vercmp with a static copy of libalpmEli Schwartz
This has historically been the case in autotools since we want vercmp to not break mid-transaction in an install script. For convenience, we create libalpm.a and use this to optionally generate libalpm.so (when not configured with -Dbuildstatic=true) as well as to link any binary which explicitly wishes to be built statically "with libalpm", but does not care where a function is defined. meson then treats this correctly: it builds the object file only once for both libraries, and the compiler strips out unused functionality from the final static binary. Currently the only binary which requires this is vercmp. Fixes FS#61719 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-12Add implicit fall through warningAllan McRae
Requires modification to our comment about fall through to match compilers expectations. Works for GCC and Clang. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-07libalpm: prevent 301 redirect loop from hanging the processMark Ulrich
If a mirror responds with a 301 redirect to itself, it will create an infinite redirect loop. This will cause pacman to hang, unresponsive to even a SIGINT. The result is pacman being unable to sync or download any package from a particular repo if its current mirror is stuck in a redirect loop. Setting libcurl's MAXREDIRS option effectively prevents a redirect loop from hanging the process. Signed-off-by: Mark Ulrich <mark.ulrich.86@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-07I blame everyone but me for thisAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-04fix various typosmorganamilo
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-31libmakepkg: lint disallowed architecture specific variablesmorganamilo
Variables such as 'pkgdesc_x86_64' are invalid, instead of ignoring them raise an error. This also disallows using 'any' as an architecture specific variable Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-31libmakepkg: lint disallowed variables in package()morganamilo
makepkg will now error if disallowed variables are set inside of the package function. Disallowed variables are variables that do exist, like 'makedepends' and 'pkgver' but can not be set inside of a package function. Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-31libmakepkg: centralise random arrays of pkgbuild variablesmorganamilo
Refactor many of the different arrays of pkgbuild variables into scripts/libmakepkg/util/schema.sh.in. Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-30makepkg: use --unneeded for pacman call in remove_deps()Allan McRae
This patch was inspired by FS#32723 which asks makepkg to install makedepends before depends. The use case is to build a package depending on a virtual package that is only provided by other packages (e.g. java-runtime in Arch Linux), but wanting to build against a specific version. Installing makedepends first (but not at the same time as depends) would allow specifying the version to build against, instead of pacman resolving to the default version when installing depends. It turns out, we can already achieve installing makedepends first by specifying dependencies only in the package function (and making sure makedepends includes everything needed). The only issue is that if we use makepkg to install the built package with the --install flag and along with the --rmdeps flag, we will try to remove any installed dependencies that are specified in the depends array in the package function. To counter this, we need to use the --unneeded flag for the pacman call. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-30libmakepkg: Add lzip ext supportChloe Kudryavtsev
lzip is a lossless data compressor designed to replace gzip and bzip2 as the standard general-purpose compressed format. - add .lz (lzip) support to libmakepkg/util/compress.sh:compress_as - add COMPRESSLZ to makepkg.conf.in - document COMPRESSLZ - document PKGEXT with `.tar.lz` Signed-off-by: Chloe Kudryavtsev <toast@toastin.space> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-22libmakepkg: move checkdepends to the correct arraymorganamilo
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-22libmakepkg: Implement extendable signature verificationEli Schwartz
Lookup the existence of matching functions for each protocol, and fallback on the generic file handler. New verification protocols can then be added via thirdparty libmakepkg drop-ins without requiring modifications to verify_signature.sh Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-22libmakepkg: implement extendable source protocolsEli Schwartz
Lookup the existence of matching functions for each protocol, and fallback on the generic file handler. New source protocols can then be added via thirdparty libmakepkg drop-ins without requiring modifications to source.sh Fixes FS#49076 Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-22libmakepkg: optimize get_protocol to always return proto, not proto+uriEli Schwartz
e.g. git+https:// is commonly used for git repositories cloned over HTTPS, but we assume a proto with a plus in it is actually a protocol followed by some URI handler. So we might as well simplify the return value and not have to always add glob matching everywhere when checking the proto in use. This is required in order to use the proto directly in function calls, which will be used in a followup patch. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-22libmakepkg: make gettext replacements more templatedEli Schwartz
Making the undescore be translated is probably not something we need translators to think about. Additionally, a number of places which use the same text differ only by the variable being referenced, so simplifying the string means we can drop a redundant translation. Bonus: we save a few bytes here and there. \o/ Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-21libalpm: fix minor typo in _alpm_db_usage_morganamilo
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-21Fix typo in pacman man pageAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-16libmakepkg: disallow using 'any' with other archesmorganamilo
Error if the arch array contains any and any other values. This also fixes a bug where the check for `$arch == 'any'` which only evaluated the first value in the array, meaning the rest of the values would not be linted. Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-16meson: fix website targetEli Schwartz
A number of pages don't actually exist as html inside the source tree, and need to be generated even though they are manpages. This caused the website.tar.gz target to only work inside a dirty tree initially created by autotools. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-14update a bunch of links for https and to adapt to changing domainsEli Schwartz
projects.archlinux.org and mailman.archlinux.org are both migrated to new domains. Transifex supports https, so encourage its use by default. Take advantage of the opportunity when updating these links, to also delist some projects that are dead. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-14doc: add a couple missing manpages from the html indexEli Schwartz
The index embeds the names of all doc subpages, and these were never updated. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-14doc: keep manpages and html pages in syncEli Schwartz
We forgot to add BUILDINFO to the list of html docs. Instead of always updating things in two places, just derive the one from the other. meson did not have this problem as it already derives both lists from one template. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-14meson: fix regression that broke building libmakepkgEli Schwartz
In commit f7efa6a93d5361af610827d41045d87c7a72f2b5 we added a new file, and also wired it up to the build systems, but it got added under the wrong name in meson.build Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-10makepkg: return E_PKGBUILD_ERROR for nonexistent PKGBUILDEli Schwartz
This is not really an error with a "user function". Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-10libmakepkg: simplify splitting command output into arrayEli Schwartz
Use mapfile instead of hacking around read -a with the $IFS. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-10libmakepkg: add routine for linting $SOURCE_DATE_EPOCHEli Schwartz
This can only ever be an int, and the specification states that a malformed timestamp should be considered a fatal error. https://reproducible-builds.org/specs/source-date-epoch/ Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-10makepkg: fix unguarded use of printfEli Schwartz
paths can contain printf-unsafe chars, and printf -v is not somehow immune to this Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-10makepkg: check_pkgrel: Don't say "decimal" in the error messageLuke Shumaker
If you have a malformed pkgrel, the error message says that it must be a "decimal". That isn't quite true, as that would mean that `1.1 == 1.10`. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-01-10makepkg: Better error messages for versions in (check, make, ↵Luke Shumaker
opt)depends/provides/conflicts Given the depends depends=('foo>=1.2-1.par2') and the error message ==> ERROR: pkgver in depends is not allowed to contain colons, forward slashes, hyphens or whitespace. One would be lead to believe that the problem is that they gave a pkgrel in depends at all, not that the pkgrel contains letters. Each of the (check,make,opt)depends, conflicts, and provides linters use a glob to trim off properly formed epoch an rel from the full version string, and pass the remainder to check_pkgver(). This does a good job of accepting/rejecting full versions, but doesn't do a good job of generating good error messages when rejecting if it's because of the epoch or rel. 1. Factor out check_epoch() and check_pkgrel() from lint_epoch() and lint_pkgrel(), similarly to check_pkgver(). 2. Add a check_fullpkgver() that takes a full [epoch:]ver[-rel] string and splits it in to epoch/ver/rel, and calls the appropriate check_ function on each. 3. Use check_fullpkgver() in the {,check,make,opt}depends, conflicts, and provides linters. Signed-off-by: Allan McRae <allan@archlinux.org>