diff --git a/doc/PKGBUILD.5.asciidoc b/doc/PKGBUILD.5.asciidoc index 4ca8eb3b..e7743c88 100644 --- a/doc/PKGBUILD.5.asciidoc +++ b/doc/PKGBUILD.5.asciidoc @@ -344,6 +344,10 @@ function. fakeroot to ensure correct file permissions in the resulting package. All other functions will be run as the user calling makepkg. +*verify() Function*:: + An optional `verify()` function can be specified to implement arbiterary + source authentication. This function is run before sources are extracted. + *prepare() Function*:: An optional `prepare()` function can be specified in which operations to prepare the sources for building, such as patching, are performed. This diff --git a/doc/makepkg.8.asciidoc b/doc/makepkg.8.asciidoc index 38032e7b..75b2139f 100644 --- a/doc/makepkg.8.asciidoc +++ b/doc/makepkg.8.asciidoc @@ -168,6 +168,9 @@ Options *\--noprepare*:: Do not run the prepare() function in the PKGBUILD. +*\--noverify*:: + Do not run the verify() function in the PKGBUILD. + *\--sign*:: Sign the resulting package with gpg, overriding the setting in linkman:makepkg.conf[5]. diff --git a/scripts/libmakepkg/integrity.sh.in b/scripts/libmakepkg/integrity.sh.in index 070392fa..81f935df 100644 --- a/scripts/libmakepkg/integrity.sh.in +++ b/scripts/libmakepkg/integrity.sh.in @@ -42,4 +42,7 @@ check_source_integrity() { check_checksums "$@" check_pgpsigs "$@" fi + if (( VERIFYFUNC )); then + run_verify + fi } diff --git a/scripts/libmakepkg/source.sh.in b/scripts/libmakepkg/source.sh.in index e39dd16c..92dc71e4 100644 --- a/scripts/libmakepkg/source.sh.in +++ b/scripts/libmakepkg/source.sh.in @@ -69,6 +69,21 @@ download_sources() { done } +copy_sources(){ + msg "$(gettext "Copying sources...")" + local netfile all_sources + + get_all_sources_for_arch 'all_sources' + for netfile in "${all_sources[@]}"; do + local proto=$(get_protocol "$netfile") + if declare -f copy_$proto > /dev/null; then + copy_$proto "$netfile" + else + copy_file "$netfile" + fi + done +} + extract_sources() { msg "$(gettext "Extracting sources...")" local netfile all_sources diff --git a/scripts/libmakepkg/source/file.sh.in b/scripts/libmakepkg/source/file.sh.in index fa09d446..51452550 100644 --- a/scripts/libmakepkg/source/file.sh.in +++ b/scripts/libmakepkg/source/file.sh.in @@ -82,13 +82,20 @@ download_file() { fi } -extract_file() { +copy_file(){ local netfile=$1 local file=$(get_filename "$netfile") local filepath=$(get_filepath "$file") rm -f "$srcdir/${file}" ln -s "$filepath" "$srcdir/" +} + +extract_file() { + local netfile=$1 + + local file=$(get_filename "$netfile") + local filepath=$(get_filepath "$file") if in_array "$file" "${noextract[@]}"; then # skip source files in the noextract=() array diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 5aaabf63..b7b21af1 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -144,6 +144,9 @@ clean_up() { if (( PKGVERFUNC )); then rm -f "${pkgbase}-${fullver}-${CARCH}-pkgver.log"* fi + if (( VERIFYFUNC )); then + rm -f "${pkgbase}-${fullver}-${CARCH}-verify.log"* + fi if (( PREPAREFUNC )); then rm -f "${pkgbase}-${fullver}-${CARCH}-prepare.log"* fi @@ -447,6 +450,10 @@ run_function() { fi } +run_verify() { + run_function_safe "verify" +} + run_prepare() { run_function_safe "prepare" } @@ -973,6 +980,7 @@ while true; do -m|--nocolor) USE_COLOR='n'; PACMAN_OPTS+=("--color" "never") ;; --noarchive) NOARCHIVE=1 ;; --nocheck) RUN_CHECK='n' ;; + --noverify) RUN_VERIFY='n' ;; --noprepare) RUN_PREPARE='n' ;; --nosign) SIGNPKG='n' ;; -o|--nobuild) BUILDPKG=0 NOBUILD=1 ;; @@ -1093,7 +1101,7 @@ fi unset pkgname "${pkgbuild_schema_strings[@]}" "${pkgbuild_schema_arrays[@]}" unset "${known_hash_algos[@]/%/sums}" -unset -f pkgver prepare build check package "${!package_@}" +unset -f pkgver verify prepare build check package "${!package_@}" unset "${!makedepends_@}" "${!depends_@}" "${!source_@}" "${!checkdepends_@}" unset "${!optdepends_@}" "${!conflicts_@}" "${!provides_@}" "${!replaces_@}" unset "${!cksums_@}" "${!md5sums_@}" "${!sha1sums_@}" "${!sha224sums_@}" @@ -1165,6 +1173,12 @@ if (( ${#pkgname[@]} > 1 )) || have_function package_${pkgname}; then fi # test for available PKGBUILD functions +if have_function verify; then + # "Hide" verify() function if not going to be run + if [[ $RUN_VERIFY != "n" ]]; then + VERIFYFUNC=1 + fi +fi if have_function prepare; then # "Hide" prepare() function if not going to be run if [[ $RUN_PREPARE != "n" ]]; then @@ -1312,6 +1326,7 @@ if (( !REPKG )); then warning "$(gettext "Using existing %s tree")" "\$srcdir/" else download_sources + copy_sources check_source_integrity (( VERIFYSOURCE )) && exit $E_OK