| Message ID | 20201012022205.1272204-1-eschwartz@archlinux.org |
|---|---|
| State | Accepted, archived |
| Headers | show |
| Series | [pacman-dev,1/2] makepkg: fix signing of source packages | expand |
On 10/11/20 10:22 PM, Eli Schwartz wrote: > In commit c6b04c04653ba9933fe978829148312e412a9ea7 the signing stage was > moved out of fakeroot, and thus into the main control flow instead of > create_{,src}package Random factoid: 10:47 PM <amcrae> eschwartz: had I seen those patches before? 10:48 PM <eschwartz> no, I wrote them tonight 10:49 PM <amcrae> ok - it seemed familiar 10:49 PM <eschwartz> you previously merged: 10:49 PM <eschwartz> makepkg: when signing packages, report package filename on failure 10:49 PM <eschwartz> libmakepkg/integrity: fix regression that broke --install 10:49 PM <eschwartz> makepkg: avoid false "Signing package(s)" msg when signing is disabled 10:50 PM <eschwartz> good grief 10:50 PM <amcrae> great patch :P 10:50 PM <eschwartz> that commit is the gift that keeps on giving I must say, this patch really was fun. :D How on earth did it manage to have so many edge cases.... Bets on us discovering a 5th problem?
On 12/10/20 12:22 pm, Eli Schwartz wrote: > In commit c6b04c04653ba9933fe978829148312e412a9ea7 the signing stage was > moved out of fakeroot, and thus into the main control flow instead of > create_{,src}package > > While the function for signing binary packages has logic to build > and gpg-sign multiple filenames, the source package never got this > special treatment. This would be fine, except it uses the standard > variables to set define the filename... like ${fullver}, which is > usually set beforehand, but in this case is not. We don't define fullver > globally as it's an internal implementation detail, except by sheer > coincidence if PKGVERFUNC is false due to improperly guarded code. > > Result: source packages didn't end up signed. Instead, we raised a logic > error: > > ==> WARNING: Failed to sign package file somepackage-.src.tar.gz. > > ==> ERROR: An unknown error has occurred. Exiting... > > Instead, let's just build the version inline, since we only use it once. > > Reported-by: GaKu999 <g4ku999@gmail.com> > Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> > --- > scripts/makepkg.sh.in | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in > index e1e95412..a9e7c691 100644 > --- a/scripts/makepkg.sh.in > +++ b/scripts/makepkg.sh.in > @@ -1362,7 +1362,7 @@ if (( SOURCEONLY )); then > > if [[ $SIGNPKG = 'y' ]]; then > msg "$(gettext "Signing package...")" > - create_signature "$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}" > + create_signature "$SRCPKGDEST/${pkgbase}-$(get_full_version)${SRCEXT}" OK. > fi > > msg "$(gettext "Source package created: %s")" "$pkgbase ($(date +%c))" >
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index e1e95412..a9e7c691 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1362,7 +1362,7 @@ if (( SOURCEONLY )); then if [[ $SIGNPKG = 'y' ]]; then msg "$(gettext "Signing package...")" - create_signature "$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}" + create_signature "$SRCPKGDEST/${pkgbase}-$(get_full_version)${SRCEXT}" fi msg "$(gettext "Source package created: %s")" "$pkgbase ($(date +%c))"
In commit c6b04c04653ba9933fe978829148312e412a9ea7 the signing stage was moved out of fakeroot, and thus into the main control flow instead of create_{,src}package While the function for signing binary packages has logic to build and gpg-sign multiple filenames, the source package never got this special treatment. This would be fine, except it uses the standard variables to set define the filename... like ${fullver}, which is usually set beforehand, but in this case is not. We don't define fullver globally as it's an internal implementation detail, except by sheer coincidence if PKGVERFUNC is false due to improperly guarded code. Result: source packages didn't end up signed. Instead, we raised a logic error: ==> WARNING: Failed to sign package file somepackage-.src.tar.gz. ==> ERROR: An unknown error has occurred. Exiting... Instead, let's just build the version inline, since we only use it once. Reported-by: GaKu999 <g4ku999@gmail.com> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> --- scripts/makepkg.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)