From patchwork Tue Aug 11 01:32:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eli Schwartz X-Patchwork-Id: 1749 Return-Path: Delivered-To: patchwork@archlinux.org Received: from apollo.archlinux.org (localhost [127.0.0.1]) by apollo.archlinux.org (Postfix) with ESMTP id 3A78B1A76780C for ; Tue, 11 Aug 2020 01:32:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on apollo.archlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1, MAILING_LIST_MULTI=-1,RCVD_IN_DNSWL_MED=-2.3,RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,SPF_HELO_NONE=0.001,T_DMARC_POLICY_NONE=0.01 autolearn=ham autolearn_force=no version=3.4.4 X-Spam-BL-Results: [127.0.0.19] [127.0.9.2] Received: from orion.archlinux.org (orion.archlinux.org [88.198.91.70]) by apollo.archlinux.org (Postfix) with ESMTPS for ; Tue, 11 Aug 2020 01:32:52 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id 5FD2B1D36E4CBB; Tue, 11 Aug 2020 01:32:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org; s=luna2; t=1597109568; bh=GmKCzfpfnKk38CREm8poZxDp1ab1L2vI4nKrDd4n6nc=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=AiyQwsDefWAslyQ2ZugQ+GsOzfOnYuRkpo7vH1AjKXYHIOUyf0UTYmi6rxfUJf3lS rStP95+utJSsAs2IqR2guY10PrjI81KmN30EDJHr9q5T3WKl6UdrLAOL9J1I3xn1Px rKrblDq4I4rwxJBP2bQyBEKjJX8RjiSQ3G5jvizvGMpqF05sxodunRlbMUk0IA3MD9 FZ/98EDPY8ygeQrxtW5XPWTke8xIoJh4jcjyAkjm2PnCHiC/hhnrBGlIEcJ4tmCG9B rSBdb4vVhj7ZbnTRFQqfbs6mIO2k7fbuXF6KJveWmAz8L/yN32pwllz+ikhuPpQa5H vboKxeXvbMnvVzlwDP+STWfRCV4tOZH/8g9c7x4qW3tLNho2SF9zchYyFUqVuun/Px YkWjJMxXclI6MlBin7YOrO2Cm1uUXfvPc/MzrGhad3sUXHI1PtUyjaBLFUUBtYKFha 2HzCirRtS0tzCPmFrTnb2AbNzUhDjBpwelOGOz7+1j2uk7CDKO2tn4w0W7FEJTQq2g q9D3N+77e0k8pOVXlk2CYxlJTkzYQr1SLuz4gkHt9XorN2ZFbfldIclVjF52csjfOs +zPgEONR9XpLelRjYiLXMau8Nd1DDFnoYNSO25nBkUMDbxKCsPPs/jkw87xEuLt645 mN+LIbHiDMXab+UUt5icQt+s= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org; s=orion; t=1597109568; bh=GmKCzfpfnKk38CREm8poZxDp1ab1L2vI4nKrDd4n6nc=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=WRVcm0aWelyV1o3qcjv65KSPnASmISpeJI+7PFuU3WJOuEdSR5yUVEl9mfGHK5p2P 7MZDDnxUbyw7XrNzHS8CkW+hYnsGSBUAh6FKKQgCbYy4VZH2KjTNQq+UrjAAkM0Gap NVPzIDxE7VreS6/ZXD4MeWO5dg9DDCQLuszHwUq/8iwyhL+D8RFc7xrjyhGUfeBfwp N1D2zS5vlW2wesnZ66Ruyape077AEP8HtPx+f1B4j+hOQF6ShXpXi7oTJwljBxLKUZ mYhSNPozoGZLMaSjA0QRvuFSfqSk91e3SxKrM/elSOoObd4mOZXxcL8rV1G36pzTxY sSbZWMx5vziSNGMXnzo7k/wPmeDPdc0OiHbV0L75y4to9S7CEJLaHhx0Ib+xefC9Ld 1v69RfnNB6pfmz+BOWeAmynZT4PjgIIjFSbRxu+qmiIdC8AW2v8C+oW8IMg5OoLel+ 6XHlWlxlkxFxk+6MFCHcX80abwrWtdq3cfyQfiWwTqoYaBeYxRFrbwJeeANpwMjLfj KcCRyEe6jaQeG/N7iFn7bHgW8gg/TXqgWlUfBd9R1gl0Yjz6wMSnXLdQXOTel/TYji yo7EoWDxEsv+9/AKsb+n9DnrRTngGEm8u0EvJnFFTr0G+CcjT74wicxTCJ1dDUp5xN nnhoMjxcaL5q1mcFc7gsNPDI= From: Eli Schwartz DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org; s=orion; t=1597109560; bh=GmKCzfpfnKk38CREm8poZxDp1ab1L2vI4nKrDd4n6nc=; h=From:To:Subject:Date; b=unbxNaznHLm1WsTV/amkIvupwwU2pvUKQR8PjCne8JmQfVeCZjlKTR9gnxqYodJ7E UdaP5l0rOyFmdDYKC08GN3M/pt136fuC5uFSEWptj5+2E8GSr+0g2bZ6D5KcbQWHbj B09ztkqa4SAEZck8ozKiA7T2lJzdnLMwmraoEXgXRYGHyVOhprFHEvvNSBkScisYvt HuFJxepkXeHrVmTWx5pyYQslouaqclpvrzltkvZ6ylLyKAhStSwELAE30gbvA8DeFN zZZSuqWHaTyxot+GSnu19Q/chEBH8J8Y2g0mJsg7qeHOA2kFQZVbkDWc6tF2bAWKlK TjZohvWxuWQEJj6SShp5hVWw+BJXUYzBepBbBmASMoAWvMQqEQPtno4Osj/zxPIKr6 w4xld8g1/jRCdCmCL7dzQ1DJ8HUNfycGxlRJjilaIBYVqSj8G+kdKMJlalLGlQBCZD GddbjmWl2x1f/q3wWDCyMeH7v6HPy6q6S58Ncfr7zQ5BpVRAa7srWFeyR6aa2Jgj4C 5Z5q9NrHr+U0xsAcVODp1ulQr+EqfwrMvCGJnPskbo1Ok02k3ECkabb3CzDPmXGTQp PMCKGV6jBUNalkNHWe/eh/PdakLib/egqkVo2KtrcO6fOiH970Bgq1+HmnLZxMmooM /DuXnEdhk5AkrvdXbS94PjQU= To: pacman-dev@archlinux.org Date: Mon, 10 Aug 2020 21:32:25 -0400 Message-Id: <20200811013225.1457594-1-eschwartz@archlinux.org> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Subject: [pacman-dev] [PATCH] makepkg: --source should download repos with PGP signatures X-BeenThere: pacman-dev@archlinux.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion list for pacman development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Discussion list for pacman development Errors-To: pacman-dev-bounces@archlinux.org Sender: "pacman-dev" We optimize this out for sourceballs since VCS sources don't get their checksums verified. But this logic is broken ever since we implemented PGP signature checking for git sources -- if the git source is signed, we still check it, but we don't make sure to download it first. makepkg then fails to generate a sourceball unless you previously ran --verifysource or attempted to build. Signed-off-by: Eli Schwartz --- scripts/libmakepkg/source.sh.in | 5 ++++- scripts/libmakepkg/source/git.sh.in | 9 ++++++--- scripts/makepkg.sh.in | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/scripts/libmakepkg/source.sh.in b/scripts/libmakepkg/source.sh.in index a0c6b662..b95e6be8 100644 --- a/scripts/libmakepkg/source.sh.in +++ b/scripts/libmakepkg/source.sh.in @@ -35,7 +35,7 @@ done download_sources() { local netfile all_sources - local get_source_fn=get_all_sources_for_arch get_vcs=1 + local get_source_fn=get_all_sources_for_arch get_vcs=1 get_pgp=0 msg "$(gettext "Retrieving sources...")" @@ -47,6 +47,9 @@ download_sources() { novcs) get_vcs=0 ;; + getpgp) + (( SKIPPGPCHECK )) || get_pgp=1 + ;; *) break ;; diff --git a/scripts/libmakepkg/source/git.sh.in b/scripts/libmakepkg/source/git.sh.in index 7d191b8d..d090f14e 100644 --- a/scripts/libmakepkg/source/git.sh.in +++ b/scripts/libmakepkg/source/git.sh.in @@ -29,13 +29,16 @@ source "$LIBRARY/util/pkgbuild.sh" download_git() { + local netfile=$1 + local query=$(get_uri_query "$netfile") + # abort early if parent says not to fetch if declare -p get_vcs > /dev/null 2>&1; then - (( get_vcs )) || return + if (( ! get_pgp )) || [[ $query != signed ]]; then + (( get_vcs )) || return + fi fi - local netfile=$1 - local dir=$(get_filepath "$netfile") [[ -z "$dir" ]] && dir="$SRCDEST/$(get_filename "$netfile")" diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 7e8d6805..c9940f0a 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1416,7 +1416,7 @@ if (( SOURCEONLY )); then download_sources allarch elif ( (( ! SKIPCHECKSUMS )) || \ ( (( ! SKIPPGPCHECK )) && source_has_signatures ) ); then - download_sources allarch novcs + download_sources allarch novcs getpgp fi check_source_integrity all cd_safe "$startdir"