FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 06-01-2011, 08:21 PM
Dan McGee
 
Default Changed makepkg and repo-add to use -S/--sign for signing. Added --gpgdir option to repo-add to allow GnuPG home directory configuration. Signed-off-by: Kerrick Staley

^^^ You deleted the blank line between the patch subject and the
summary text, which makes it do what it did. You'll want to put that
back.

On Wed, Jun 1, 2011 at 3:03 PM, Kerrick Staley <mail@kerrickstaley.com> wrote:

I'm not against either of these two things, but it probably should be
two patches. The first should add -S to both repo-add and makepkg (and
update the documentation appropriately).

The other should implement --gpgdir (as well as document it). Here is
what I notice at quick glance- to the casual user, it isn't very clear
why only one gpg invocation was changed. Your comment is unfortunately
hidden away in the code, but is very helpful: "unlike signing,
verification of old database is done with pacman's keyring." The usage
string should reflect this accordingly, and it needs to be documented
in the manpages as well this way.

-Dan

> ---
> *scripts/makepkg.sh.in *| * *6 +++---
> *scripts/repo-add.sh.in | * 23 ++++++++++++++++++++---
> *2 files changed, 23 insertions(+), 6 deletions(-)
>
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index b0d0c23..95f541f 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -1625,7 +1625,7 @@ usage() {
> * * * *printf "$(gettext " *--nocheck * * * *Do not run the check() function in the %s")
" "$BUILDSCRIPT"
> * * * *echo "$(gettext " *--nosign * * * * Do not create a signature for the package")"
> * * * *echo "$(gettext " *--pkg <list> * * Only build listed packages from a split package")"
> - * * * echo "$(gettext " *--sign * * * * * Sign the resulting package with gpg")"
> + * * * echo "$(gettext " *-S, --sign * * * * * Sign the resulting package with gpg")"
> * * * *echo "$(gettext " *--skipinteg * * *Do not fail when integrity checks are missing")"
> * * * *echo "$(gettext " *--source * * * * Generate a source-only tarball without downloaded sources")"
> * * * *echo
> @@ -1659,7 +1659,7 @@ fi
> *ARGLIST=("$@")
>
> *# Parse Command Line Options.
> -OPT_SHORT="AcCdefFghiLmop:rRsV"
> +OPT_SHORT="AcCdefFghiLmop:rRsSV"
> *OPT_LONG="allsource,asroot,ignorearch,check,clean ,cleancache,nodeps"
> *OPT_LONG+=",noextract,force,forcever:,geninteg,he lp,holdver"
> *OPT_LONG+=",install,key:,log,nocolor,nobuild,noch eck,nosign,pkg:,rmdeps"
> @@ -1708,7 +1708,7 @@ while true; do
> * * * * * * * *-r|--rmdeps) * * *RMDEPS=1 ;;
> * * * * * * * *-R|--repackage) * REPKG=1 ;;
> * * * * * * * *--skipinteg) * * *SKIPINTEG=1 ;;
> - * * * * * * * --sign) * * * * * SIGNPKG='y' ;;
> + * * * * * * * -S|--sign) * * * *SIGNPKG='y' ;;
> * * * * * * * *--source) * * * * SOURCEONLY=1 ;;
> * * * * * * * *-s|--syncdeps) * *DEP_BIN=1 ;;
>
> diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
> index 820db36..f00b519 100644
> --- a/scripts/repo-add.sh.in
> +++ b/scripts/repo-add.sh.in
> @@ -26,6 +26,8 @@ export TEXTDOMAINDIR='@localedir@'
> *myver='@PACKAGE_VERSION@'
> *confdir='@sysconfdir@'
>
> +GPGDIR='@sysconfdir@/pacman.d/gnupg'
> +
> *QUIET=0
> *DELTA=0
> *WITHFILES=0
> @@ -80,8 +82,9 @@ specified on the command line from the given repo database. Multiple

> *packages to remove can be specified on the command line.

")"
> * * * * * * * *printf "$(gettext "Options:
")"
> * * * *fi
> + * * * printf "$(gettext " *--gpgdir <dir> * *use the specified GnuPG home directory
")"
> * * * *printf "$(gettext " *-q, --quiet * * * minimize output
")"
> - * * * printf "$(gettext " *-s, --sign * * * *sign database with GnuPG after update
")"
> + * * * printf "$(gettext " *-S, --sign * * * *sign database with GnuPG after update
")"
> * * * *printf "$(gettext " *-k, --key <key> * use the specified key to sign the database
")"
> * * * *printf "$(gettext " *-v, --verify * * *verify database's signature before update
")"
> * * * *printf "$(gettext "

> @@ -231,7 +234,12 @@ verify_signature() {
> * * * * * * * *warning "$(gettext "No existing signature found, skipping verification.")"
> * * * * * * * *return
> * * * *fi
> - * * * gpg --verify "$dbfile.sig" || ret=$?
> + * * * # unlike signing, verification of old database is done with pacman's keyring
> + * * * if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then
> + * * * * * * * error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")"
> + * * * * * * * exit 1
> + * * * fi
> + * * * gpg --homedir "$GPGDIR" --verify "$dbfile.sig" || ret=$?
> * * * *if (( ! ret )); then
> * * * * * * * *msg2 "$(gettext "Database signature file verified.")"
> * * * *else
> @@ -552,7 +560,16 @@ while [[ $# > 0 ]]; do
> * * * * * * * *-q|--quiet) QUIET=1;;
> * * * * * * * *-d|--delta) DELTA=1;;
> * * * * * * * *-f|--files) WITHFILES=1;;
> - * * * * * * * -s|--sign)
> + * * * * * * * --gpgdir)
> + * * * * * * * * * * * check_gpg
> + * * * * * * * * * * * shift
> + * * * * * * * * * * * GPGDIR="$1"
> + * * * * * * * * * * * if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then
> + * * * * * * * * * * * * * * * error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")"
> + * * * * * * * * * * * * * * * exit 1
> + * * * * * * * * * * * fi
> + * * * * * * * * * * * ;;
> + * * * * * * * -S|--sign)
> * * * * * * * * * * * *check_gpg
> * * * * * * * * * * * *SIGN=1
> * * * * * * * * * * * *if ! gpg --list-key ${GPGKEY} &>/dev/null; then
> --
> 1.7.5.2
>
>
>
 
Old 06-02-2011, 12:44 AM
Allan McRae
 
Default Changed makepkg and repo-add to use -S/--sign for signing. Added --gpgdir option to repo-add to allow GnuPG home directory configuration. Signed-off-by: Kerrick Staley

On 02/06/11 06:21, Dan McGee wrote:

^^^ You deleted the blank line between the patch subject and the
summary text, which makes it do what it did. You'll want to put that
back.

On Wed, Jun 1, 2011 at 3:03 PM, Kerrick Staley<mail@kerrickstaley.com> wrote:

I'm not against either of these two things, but it probably should be
two patches. The first should add -S to both repo-add and makepkg (and
update the documentation appropriately).



Just as an FYI, I originally went for having no short options to sign a
package with makepkg because I thought actually using --sign would be a
rare case given the control of this in makepkg.conf. However, I'm also
not against adding one and making it consistent with repo-add...


Allan
 

Thread Tools




All times are GMT. The time now is 10:55 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org