[pacman-dev] [PATCH] pacman-key: ignores keys already lsigned during populate
WORK IN PROGRESS. I'm only emailing this patch to get some
feedback. I added a function that checks whether a key
being imported has already been signed, and if it has been,
skip lsigning it.
I'm not 100% sure this line is entirely necessary:
if (( LSIGNKEY || POPULATE )); then
I wanted to ensure that there -was- a signing key to check
against. It might be a superfluous check, but I couldn't
find where --populate implies having run --init. I may've
missed it.
Otherwise, just looking for feedback before I move on to
step 2 which is not disabling already disabled keys. Let
me know if there are any glaring errors you see, or if
there is a more elegant way of doing what I did.
Signed-off-by: Matthew Sexton
---
scripts/pacman-key.sh.in | 27 ++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 3627a805..796375a5 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -247,7 +247,7 @@ check_keyring() {
fi
fi
- if (( LSIGNKEY )); then
+ if (( LSIGNKEY || POPULATE )); then
if [[ $(secret_keys_available) -lt 1 ]]; then
error "$(gettext "There is no secret key available to
sign with.")"
msg "$(gettext "Use '%s' to generate a default secret
key.")" "pacman-key --init"
@@ -447,6 +447,25 @@ list_sigs() {
exit 1
fi
}
+lsigned_already() {
+ # Determines whether a key has already been signed locally by getting
the
+ # local pacman secret key and comparing it against signatures on the key
+ # returns 1 if key is not signed, 0 if signed
+ secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | head
-n1 | awk -F : '{print $5}')
+ NEEDS_SIGNED=1
+ while read line; do
+while IFS=: read -r _ valid _ _ signkey _; do
+if [ "$valid" != "!" ]; then
+continue
+fi
+if [[ "$signkey" == "$secret_key" ]]; then
+NEEDS_SIGNED=0
+break
+fi
+done
+ done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
+
+}
lsign_keys() {
check_keyids_exist
@@ -454,6 +473,10 @@ lsign_keys() {
local ret=0
local key_count=0
for key_id in "$@"; do
+ lsigned_already "$key_id"
+ if [[ "$NEEDS_SIGNED" == 0 ]]; then
+ continue
+ fi
if (( VERBOSE )); then
msg2 "$(gettext "Locally signing key %s...")"
"${key_id}"
fi
@@ -469,7 +492,9 @@ lsign_keys() {
if (( ret )); then
exit 1
fi
+ if (( key_count )); then
msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
+ fi
}
receive_keys() {
--
2.23.0
Re: [pacman-dev] Alternatives system brainstorm
* on Wednesday, 2019-10-23 22:05 +1000, Allan McRae wrote: > On 23/10/19 9:35 pm, Daan van Rossum wrote: > > [*] IMHO it is one of Arch's strengths to follow upstream as much as > > possible and settle on a single current version of e.g. Python. Older > > versions can be installed but the '/usr/bin/python' is always what upstream > > deems 'current'. > > Upstream python specifically states that /usr/bin/python should always > point to /usr/bin/python2. So Arch does not follow upstream in that > regard. Just some idiot decided it was time to point to python3 about > 10 years before upstream will... Given the alternatives system you, Allan, suggest. What if a user runs # pacman -S lua , will you print a list of alternatives for a user to choose from? Suppose you do that, and present the options 1. lua53 2. lua52 3. lua51 and the user choose lua53, now what happens when lua54 is released upstream? I was happy with pacman giving me the latest upstream and in peace with it following upstream. One concern I would like to share is that introducing alternatives for managing parallel "versions" of the same tool may impact how KISS Arch/pacman is going to be. Sure, the Arch devs that decided that python3 was more appropriate to follow for a bleeding edge distro like Arch than python2 might not have met everyone's choice, but it is something that users can easily work with (as evidenced by the fact that env-modules lives in AUR)! Supporting alternative upstreams such as nawk <-> gawk is all different in my view; easy to support and nice to have. IMHO it would stress the beauty and power of Arch/pacman if it is able to support such alternatives without the need of a fully-fledged alternatives system. Daan signature.asc Description: PGP signature
Re: [pacman-dev] [PATCH] pacman-key: ignores keys already lsigned during populate
On Monday, November 4, 2019 12:08:15 PM EST you wrote:
> +lsigned_already() {
> + # Determines whether a key has already been signed locally by getting
the
> + # local pacman secret key and comparing it against signatures on the
key
> + # returns 1 if key is not signed, 0 if signed
I edited this, but forgot to save it before making the patch. This function
returns nothing. It changes a variable NEEDS_SIGNED.
signature.asc
Description: This is a digitally signed message part.
Re: [pacman-dev] Alternatives system brainstorm
On 11/4/19 12:06 PM, Daan van Rossum wrote: > Given the alternatives system you, Allan, suggest. What if a user > runs > > # pacman -S lua > > , will you print a list of alternatives for a user to choose from? > > Suppose you do that, and present the options > > 1. lua53 2. lua52 3. lua51 > > and the user choose lua53, now what happens when lua54 is released > upstream? I was happy with pacman giving me the latest upstream and > in peace with it following upstream. My expectation is it installs what it does today, the "lua" package which provides /usr/bin/lua5.3 and now, instead of installing /usr/bin/lua, installs an alternative that is fulfilled by default for /usr/bin/lua5.3 I suppose I see your point w.r.t. updating the package, does updating lua 5.3.5-2 to lua 5.4.0-1 keep the symlink, updating it to point to /usr/bin/lua5.4, but I don't see why it needs to change how we name packages and we're under no obligation to rename 'extra/python' to 'extra/python3' and have it merely provide 'python'. We can and should continue to make `pacman -S python lua` install the preferred forms of the package. > One concern I would like to share is that introducing alternatives > for managing parallel "versions" of the same tool may impact how KISS > Arch/pacman is going to be. > > Sure, the Arch devs that decided that python3 was more appropriate to > follow for a bleeding edge distro like Arch than python2 might not > have met everyone's choice, but it is something that users can easily > work with (as evidenced by the fact that env-modules lives in AUR)! I think it's fine to have pacman -S python install python3, and have there be a very high likelihood that /usr/bin/python points to python3. This doesn't mean we need to stop people from switching it if they really want to. python 3.x will be installed first in most cases, because much more common software depends on python3 these days than on python2, including many core desktop environment components. > Supporting alternative upstreams such as nawk <-> gawk is all > different in my view; easy to support and nice to have. IMHO it > would stress the beauty and power of Arch/pacman if it is able to > support such alternatives without the need of a fully-fledged > alternatives system. Do you really think gawk/nawk is all as simple as that -- consider makepkg, which depends on awk, but "Results may be inaccurate when using a broken implementation of awk, such as mawk or busybox awk." Thankfully we don't package mawk, we do package busybox awk though. Either gawk or nawk would work, but do we force people to use gawk? There's no such thing as /usr/bin/nontrashy-awk. Opinions, opinions, opinions everywhere. You'll always be able to find something objectionable about making any tool selectable, so let's not take sides and say python is less deserving than awk. :) -- Eli Schwartz Bug Wrangler and Trusted User signature.asc Description: OpenPGP digital signature
Re: [pacman-dev] Alternatives system brainstorm
On November 4, 2019 6:06:04 PM GMT+01:00, Daan van Rossum wrote: >* on Wednesday, 2019-10-23 22:05 +1000, Allan McRae > wrote: > >> On 23/10/19 9:35 pm, Daan van Rossum wrote: > >> > [*] IMHO it is one of Arch's strengths to follow upstream as much >as possible and settle on a single current version of e.g. Python. >Older versions can be installed but the '/usr/bin/python' is always >what upstream deems 'current'. >> >> Upstream python specifically states that /usr/bin/python should >always >> point to /usr/bin/python2. So Arch does not follow upstream in that >> regard. Just some idiot decided it was time to point to python3 >about >> 10 years before upstream will... > >Given the alternatives system you, Allan, suggest. What if a user runs > > # pacman -S lua > >, will you print a list of alternatives for a user to choose from? > >Suppose you do that, and present the options > > 1. lua53 > 2. lua52 > 3. lua51 > >and the user choose lua53, now what happens when lua54 is released >upstream? I was happy with pacman giving me the latest upstream and in >peace with it following upstream. > >One concern I would like to share is that introducing alternatives for >managing parallel "versions" of the same tool may impact how KISS >Arch/pacman is going to be. > What exactly forbids people to still name the non pin-versioned variant lua as it today is the case in Arch?
[pacman-dev] [PATCH v2] pacman-key: ignores keys already lsigned during populate
WORK IN PROGRESS. I'm only emailing this patch to get some
feedback. I added a function that checks whether a key
being imported has already been signed, and if it has been,
skip lsigning it.
I'm not 100% sure this line is entirely necessary:
if (( LSIGNKEY || POPULATE )); then
I wanted to ensure that there -was- a signing key to check
against. It might be a superfluous check, but I couldn't
find where --populate implies having run --init. I may've
missed it.
---
v2. Removed a redundant nested while loop and fixed the
handling of lsigned_already return value checking. Also
did a little cleanup for neater code.
scripts/pacman-key.sh.in | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 3627a805..a152f992 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -247,7 +247,7 @@ check_keyring() {
fi
fi
- if (( LSIGNKEY )); then
+ if (( LSIGNKEY || POPULATE )); then
if [[ $(secret_keys_available) -lt 1 ]]; then
error "$(gettext "There is no secret key available to
sign with.")"
msg "$(gettext "Use '%s' to generate a default secret
key.")" "pacman-key --init"
@@ -447,6 +447,18 @@ list_sigs() {
exit 1
fi
}
+lsigned_already() {
+ # Determines whether a key has already been signed locally by getting
the
+ # local pacman secret key and comparing it against signatures on the key
+ # returns 0 if key is signed, 1 if it is unsigned
+ secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | head
-n1 | awk -F : '{print $5}')
+while IFS=: read -r _ valid _ _ signkey _; do
+if [ "$valid" != "!" ]; then continue; fi
+if [[ "$signkey" == "$secret_key" ]]; then return 0; fi
+ done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
+ return 1
+
+}
lsign_keys() {
check_keyids_exist
@@ -454,6 +466,9 @@ lsign_keys() {
local ret=0
local key_count=0
for key_id in "$@"; do
+ if ( lsigned_already "$key_id" ) ; then
+ continue
+ fi
if (( VERBOSE )); then
msg2 "$(gettext "Locally signing key %s...")"
"${key_id}"
fi
@@ -469,7 +484,9 @@ lsign_keys() {
if (( ret )); then
exit 1
fi
+ if (( key_count )); then
msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
+ fi
}
receive_keys() {
--
2.23.0
[pacman-dev] [PATCH] pacman-key: ignores keys already lsigned/deleted
Added two new functions, lsigned_already() and revoked_already()
that check whether a key has been locally signed or revoked
respectively during --populate. If the key is already signed
or revoked, it is quietly ignored.
Signed-off-by: Matthew Sexton
---
Final version of patch. This patch depends on my previous patch:
v2-0001-pacman-key-hide-lsign-and-revoke-output-behind-ve.patch
This finishes the implementation of:
FS#64142 - pacman-key: make populate less noisy
Most of the credit for this goes to Eli, who did the hard part
of figuring out gpg wizardry. All I did was bash some stuff.
scripts/pacman-key.sh.in | 31 +--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 3627a805..ba56a3ac 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -247,7 +247,7 @@ check_keyring() {
fi
fi
- if (( LSIGNKEY )); then
+ if (( LSIGNKEY || POPULATE )); then
if [[ $(secret_keys_available) -lt 1 ]]; then
error "$(gettext "There is no secret key available to
sign with.")"
msg "$(gettext "Use '%s' to generate a default secret
key.")" "pacman-key --init"
@@ -337,13 +337,16 @@ populate_keyring() {
local key_count=0
msg "$(gettext "Disabling revoked keys in keyring...")"
for key_id in "${!revoked_ids[@]}"; do
+ if ( revoked_already "$key_id" ) ; then continue; fi
if (( VERBOSE )); then
msg2 "$(gettext "Disabling key %s...")"
"${key_id}"
fi
printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}"
--command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
key_count=$((key_count+1))
done
- msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
+ if (( key_count )); then
+ msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
+ fi
fi
}
@@ -447,6 +450,18 @@ list_sigs() {
exit 1
fi
}
+lsigned_already() {
+ # Determines whether a key has already been signed locally by getting
the
+ # local pacman secret key and comparing it against signatures on the key
+ # returns 0 if key is signed, 1 if it is unsigned
+ secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | head
-n1 | awk -F : '{print $5}')
+while IFS=: read -r _ valid _ _ signkey _; do
+if [ "$valid" != "!" ]; then continue; fi
+if [[ "$signkey" == "$secret_key" ]]; then return 0; fi
+ done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
+ return 1
+
+}
lsign_keys() {
check_keyids_exist
@@ -454,6 +469,7 @@ lsign_keys() {
local ret=0
local key_count=0
for key_id in "$@"; do
+ if ( lsigned_already "$key_id" ) ; then continue; fi
if (( VERBOSE )); then
msg2 "$(gettext "Locally signing key %s...")"
"${key_id}"
fi
@@ -469,7 +485,9 @@ lsign_keys() {
if (( ret )); then
exit 1
fi
+ if (( key_count )); then
msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
+ fi
}
receive_keys() {
@@ -511,6 +529,15 @@ refresh_keys() {
fi
}
+revoked_already() {
+
+while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
+if [ "$type" != "pub" ]; then continue; fi
+if [[ "$flags" == *"D"* ]]; then return 0; fi
+ done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
+ return 1
+}
+
verify_sig() {
local ret=0 sig=$1 file=$2
if [[ -z $file && -f ${sig%.*} ]]; then
--
2.23.0
[pacman-dev] [PATCH] pacman-key: ignores keys already lsigned/deleted
Added two new functions, lsigned_already() and revoked_already()
that check whether a key has been locally signed or revoked
respectively during --populate. If the key is already signed
or revoked, it is quietly ignored.
Signed-off-by: Matthew Sexton
---
Final version of patch. This patch depends on my previous patch:
v2-0001-pacman-key-hide-lsign-and-revoke-output-behind-ve.patch
This finishes the implementation of:
FS#64142 - pacman-key: make populate less noisy
Most of the credit for this goes to Eli, who did the hard part
of figuring out gpg wizardry. All I did was bash some stuff.
v2. Fixed some inconsistencies in [ vs [[ and removed unnecessary
parantheses.
scripts/pacman-key.sh.in | 31 +--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 3627a805..ba56a3ac 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -247,7 +247,7 @@ check_keyring() {
fi
fi
- if (( LSIGNKEY )); then
+ if (( LSIGNKEY || POPULATE )); then
if [[ $(secret_keys_available) -lt 1 ]]; then
error "$(gettext "There is no secret key available to
sign with.")"
msg "$(gettext "Use '%s' to generate a default secret
key.")" "pacman-key --init"
@@ -337,13 +337,16 @@ populate_keyring() {
local key_count=0
msg "$(gettext "Disabling revoked keys in keyring...")"
for key_id in "${!revoked_ids[@]}"; do
+ if ( revoked_already "$key_id" ) ; then continue; fi
if (( VERBOSE )); then
msg2 "$(gettext "Disabling key %s...")"
"${key_id}"
fi
printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}"
--command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
key_count=$((key_count+1))
done
- msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
+ if (( key_count )); then
+ msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
+ fi
fi
}
@@ -447,6 +450,18 @@ list_sigs() {
exit 1
fi
}
+lsigned_already() {
+ # Determines whether a key has already been signed locally by getting
the
+ # local pacman secret key and comparing it against signatures on the key
+ # returns 0 if key is signed, 1 if it is unsigned
+ secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | head
-n1 | awk -F : '{print $5}')
+while IFS=: read -r _ valid _ _ signkey _; do
+if [ "$valid" != "!" ]; then continue; fi
+if [[ "$signkey" == "$secret_key" ]]; then return 0; fi
+ done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
+ return 1
+
+}
lsign_keys() {
check_keyids_exist
@@ -454,6 +469,7 @@ lsign_keys() {
local ret=0
local key_count=0
for key_id in "$@"; do
+ if ( lsigned_already "$key_id" ) ; then continue; fi
if (( VERBOSE )); then
msg2 "$(gettext "Locally signing key %s...")"
"${key_id}"
fi
@@ -469,7 +485,9 @@ lsign_keys() {
if (( ret )); then
exit 1
fi
+ if (( key_count )); then
msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
+ fi
}
receive_keys() {
@@ -511,6 +529,15 @@ refresh_keys() {
fi
}
+revoked_already() {
+
+while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
+if [ "$type" != "pub" ]; then continue; fi
+if [[ "$flags" == *"D"* ]]; then return 0; fi
+ done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
+ return 1
+}
+
verify_sig() {
local ret=0 sig=$1 file=$2
if [[ -z $file && -f ${sig%.*} ]]; then
--
2.23.0
[pacman-dev] [PATCH v2] pacman-key: ignores keys already lsigned/deleted
Added two new functions, lsigned_already() and revoked_already()
that check whether a key has been locally signed or revoked
respectively during --populate. If the key is already signed
or revoked, it is quietly ignored.
Suggested-by: Eli Schwartz
Signed-off-by: Matthew Sexton
---
v2. (ACTUAL v2.) Previous email was erroneous, I attached the wrong
patch. Corrected some inconsistencies. Gave proper attribution to Eli,
scripts/pacman-key.sh.in | 43 +---
1 file changed, 40 insertions(+), 3 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 3627a805..25bcb3de 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -247,7 +247,7 @@ check_keyring() {
fi
fi
- if (( LSIGNKEY )); then
+ if (( LSIGNKEY || POPULATE )); then
if [[ $(secret_keys_available) -lt 1 ]]; then
error "$(gettext "There is no secret key available to
sign with.")"
msg "$(gettext "Use '%s' to generate a default secret
key.")" "pacman-key --init"
@@ -337,13 +337,18 @@ populate_keyring() {
local key_count=0
msg "$(gettext "Disabling revoked keys in keyring...")"
for key_id in "${!revoked_ids[@]}"; do
+if revoked_already "$key_id" ; then
+continue
+fi
if (( VERBOSE )); then
msg2 "$(gettext "Disabling key %s...")"
"${key_id}"
fi
printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}"
--command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
key_count=$((key_count+1))
done
- msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
+ if (( key_count )); then
+ msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
+ fi
fi
}
@@ -447,6 +452,22 @@ list_sigs() {
exit 1
fi
}
+lsigned_already() {
+ # Determines whether a key has already been signed locally by getting
the
+ # local pacman secret key and comparing it against signatures on the key
+ # returns 0 if key is signed, 1 if it is unsigned
+ secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | head
-n1 | awk -F : '{print $5}')
+while IFS=: read -r _ valid _ _ signkey _; do
+if [[ "$valid" != "!" ]]; then
+continue
+fi
+if [[ "$signkey" = "$secret_key" ]]; then
+return 0
+fi
+ done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
+ return 1
+
+}
lsign_keys() {
check_keyids_exist
@@ -454,6 +475,7 @@ lsign_keys() {
local ret=0
local key_count=0
for key_id in "$@"; do
+ if lsigned_already "$key_id" ; then continue; fi
if (( VERBOSE )); then
msg2 "$(gettext "Locally signing key %s...")"
"${key_id}"
fi
@@ -469,7 +491,9 @@ lsign_keys() {
if (( ret )); then
exit 1
fi
- msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
+ if (( key_count )); then
+ msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
+ fi
}
receive_keys() {
@@ -511,6 +535,19 @@ refresh_keys() {
fi
}
+revoked_already() {
+
+while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
+if [[ "$type" != "pub" ]]; then
+continue
+fi
+if [[ "$flags" = *"D"* ]]; then
+return 0
+fi
+ done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
+ return 1
+}
+
verify_sig() {
local ret=0 sig=$1 file=$2
if [[ -z $file && -f ${sig%.*} ]]; then
--
2.23.0
Re: [pacman-dev] Alternatives system brainstorm
* on Monday, 2019-11-04 12:39 -0500, Eli Schwartz wrote: > My expectation is it installs what it does today, the "lua" package > which provides /usr/bin/lua5.3 and now, instead of installing > /usr/bin/lua, installs an alternative that is fulfilled by default for > /usr/bin/lua5.3 Then you end up with package lua52 that provides lua, and a package lua providing lua53. Ugly! > > I think it's fine to have pacman -S python install python3, and have > there be a very high likelihood that /usr/bin/python points to python3. > This doesn't mean we need to stop people from switching it if they > really want to. python 3.x will be installed first in most cases, > because much more common software depends on python3 these days than on > python2, including many core desktop environment components. Pacman already doesn't stop a user from having python point to whatever the user wants. Arch users know that but does pacman also need to support OSes where users don't know that? That brings up another idea: why does pacman not provide alternatives via managing symlinks in /usr/local (or even /usr/alternatives)? That would be entirely independent of the current package structure. If a user doesn't set alternatives then /usr/local remains empty. This would also support the ability to select alternatives per-file etc. as was pointed out by Andrew. I guess a simple version of this could as well be a separate tool instead of part of pacman, except that no comprehensive alternatives info would be available to the user. But do users really need that? I think a user that wants to set an alternative knows what he/she wants to do. The simplest version of this is to let the user manage these links manually :) Daan signature.asc Description: PGP signature
Re: [pacman-dev] Alternatives system brainstorm
On 5/11/19 7:40 am, Daan van Rossum wrote: > * on Monday, 2019-11-04 12:39 -0500, Eli Schwartz > wrote: > >> My expectation is it installs what it does today, the "lua" package >> which provides /usr/bin/lua5.3 and now, instead of installing >> /usr/bin/lua, installs an alternative that is fulfilled by default for >> /usr/bin/lua5.3 > > Then you end up with package lua52 that provides lua, and a package lua > providing lua53. Ugly! > >> >> I think it's fine to have pacman -S python install python3, and have >> there be a very high likelihood that /usr/bin/python points to python3. >> This doesn't mean we need to stop people from switching it if they >> really want to. python 3.x will be installed first in most cases, >> because much more common software depends on python3 these days than on >> python2, including many core desktop environment components. > > Pacman already doesn't stop a user from having python point to whatever the > user wants. Arch users know that but does pacman also need to support OSes > where users don't know that? Yes - pacman is used many places that is not Arch. e.g. Msys2. > That brings up another idea: why does pacman not provide alternatives via > managing symlinks in /usr/local (or even /usr/alternatives)? That would be > entirely independent of the current package structure. If a user doesn't set > alternatives then /usr/local remains empty. This would also support the > ability to select alternatives per-file etc. as was pointed out by Andrew. > > I guess a simple version of this could as well be a separate tool instead of > part of pacman, except that no comprehensive alternatives info would be > available to the user. But do users really need that? I think a user that > wants to set an alternative knows what he/she wants to do. > > The simplest version of this is to let the user manage these links manually :) Sure, you can let a user symlink /usr/local/bin/python -> /usr/bin/python2 and put /usr/local/bin first in the path. But not "man python" does not provide information on what the user sees as the "python" command, and python-config does not point at the python2 version, and ... Simple does not mean half-arsed. Allan
Re: [pacman-dev] [PATCH v2] pacman-key: ignores keys already lsigned/deleted
On 5/11/19 5:36 am, Matthew Sexton wrote:
> Added two new functions, lsigned_already() and revoked_already()
> that check whether a key has been locally signed or revoked
> respectively during --populate. If the key is already signed
> or revoked, it is quietly ignored.
>
It looks as though the implementation is fine at first glance. I also
see this was discussed on the IRC channel with Dave and Eli, so I'm
focusing on stylistic elements here.
The function naming is more about what you are going to do with its
output, rather than what the function does. I suggest:
lsigned_already() -> key_is_lsigned()
revoked_already() -> key_is_revoked()
Also, you added the functions in alphabetically. But that is the
collection of functions directly related to pacman-key options. Please
move them up to where all the helper functions are at the top. Under
check_keyids_exist() seems a logical place.
Finally, the code uses tabs, not spaces for indents. You seem to have
some mixture of the two.
> Suggested-by: Eli Schwartz
> Signed-off-by: Matthew Sexton
> ---
> v2. (ACTUAL v2.) Previous email was erroneous, I attached the wrong
> patch. Corrected some inconsistencies. Gave proper attribution to Eli,
>
> scripts/pacman-key.sh.in | 43 +---
> 1 file changed, 40 insertions(+), 3 deletions(-)
>
> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
> index 3627a805..25bcb3de 100644
> --- a/scripts/pacman-key.sh.in
> +++ b/scripts/pacman-key.sh.in
> @@ -247,7 +247,7 @@ check_keyring() {
> fi
> fi
>
> - if (( LSIGNKEY )); then
> + if (( LSIGNKEY || POPULATE )); then
> if [[ $(secret_keys_available) -lt 1 ]]; then
> error "$(gettext "There is no secret key available to
> sign with.")"
> msg "$(gettext "Use '%s' to generate a default secret
> key.")" "pacman-key --init"
> @@ -337,13 +337,18 @@ populate_keyring() {
> local key_count=0
> msg "$(gettext "Disabling revoked keys in keyring...")"
> for key_id in "${!revoked_ids[@]}"; do
> +if revoked_already "$key_id" ; then
> +continue
> +fi
> if (( VERBOSE )); then
> msg2 "$(gettext "Disabling key %s...")"
> "${key_id}"
> fi
> printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}"
> --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
> key_count=$((key_count+1))
> done
> - msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
> + if (( key_count )); then
> + msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
> + fi
> fi
> }
>
> @@ -447,6 +452,22 @@ list_sigs() {
> exit 1
> fi
> }
> +lsigned_already() {
> + # Determines whether a key has already been signed locally by getting
> the
> + # local pacman secret key and comparing it against signatures on the key
> + # returns 0 if key is signed, 1 if it is unsigned
> + secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | head
> -n1 | awk -F : '{print $5}')
> +while IFS=: read -r _ valid _ _ signkey _; do
> +if [[ "$valid" != "!" ]]; then
We don't quote the left hand side.
> +continue
> +fi
> +if [[ "$signkey" = "$secret_key" ]]; then
> +return 0
> +fi
> + done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
> + return 1
> +
> +}
>
> lsign_keys() {
> check_keyids_exist
> @@ -454,6 +475,7 @@ lsign_keys() {
> local ret=0
> local key_count=0
> for key_id in "$@"; do
> + if lsigned_already "$key_id" ; then continue; fi
Put this over multiple lines.
> if (( VERBOSE )); then
> msg2 "$(gettext "Locally signing key %s...")"
> "${key_id}"
> fi
> @@ -469,7 +491,9 @@ lsign_keys() {
> if (( ret )); then
> exit 1
> fi
> - msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
> + if (( key_count )); then
> + msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
> + fi
> }
>
> receive_keys() {
> @@ -511,6 +535,19 @@ refresh_keys() {
> fi
> }
>
> +revoked_already() {
> +
> +while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
> +if [[ "$type" != "pub" ]]; then
> +continue
> +fi
> +if [[ "$flags" = *"D"* ]]; then
That quoting on the RHS looked weird to me, but I think is fine...
> +return 0
> +fi
> + done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
> + return 1
> +}
> +
> verify_sig() {
> local ret=0 sig=$1 file=$2
> if [[ -z $file && -f ${sig%.*} ]]; then
>
Re: [pacman-dev] [PATCH v2] pacman-key: ignores keys already lsigned/deleted
On Mon, 4 Nov 2019 at 19:36, Matthew Sexton wrote:
>
> Added two new functions, lsigned_already() and revoked_already()
> that check whether a key has been locally signed or revoked
> respectively during --populate. If the key is already signed
> or revoked, it is quietly ignored.
>
> Suggested-by: Eli Schwartz
> Signed-off-by: Matthew Sexton
> ---
> v2. (ACTUAL v2.) Previous email was erroneous, I attached the wrong
> patch. Corrected some inconsistencies. Gave proper attribution to Eli,
>
> scripts/pacman-key.sh.in | 43 +---
> 1 file changed, 40 insertions(+), 3 deletions(-)
>
> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
> index 3627a805..25bcb3de 100644
> --- a/scripts/pacman-key.sh.in
> +++ b/scripts/pacman-key.sh.in
> @@ -247,7 +247,7 @@ check_keyring() {
> fi
> fi
>
> - if (( LSIGNKEY )); then
> + if (( LSIGNKEY || POPULATE )); then
> if [[ $(secret_keys_available) -lt 1 ]]; then
> error "$(gettext "There is no secret key available to
> sign with.")"
> msg "$(gettext "Use '%s' to generate a default secret
> key.")" "pacman-key --init"
> @@ -337,13 +337,18 @@ populate_keyring() {
> local key_count=0
> msg "$(gettext "Disabling revoked keys in keyring...")"
> for key_id in "${!revoked_ids[@]}"; do
> +if revoked_already "$key_id" ; then
> +continue
> +fi
> if (( VERBOSE )); then
> msg2 "$(gettext "Disabling key %s...")"
> "${key_id}"
> fi
> printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}"
> --command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
> key_count=$((key_count+1))
> done
> - msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
> + if (( key_count )); then
> + msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
> + fi
> fi
> }
>
> @@ -447,6 +452,22 @@ list_sigs() {
> exit 1
> fi
> }
> +lsigned_already() {
> + # Determines whether a key has already been signed locally by getting
> the
> + # local pacman secret key and comparing it against signatures on the
> key
> + # returns 0 if key is signed, 1 if it is unsigned
> + secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key |
> head -n1 | awk -F : '{print $5}')
> +while IFS=: read -r _ valid _ _ signkey _; do
> +if [[ "$valid" != "!" ]]; then
> +continue
> +fi
> +if [[ "$signkey" = "$secret_key" ]]; then
> +return 0
> +fi
> + done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
> + return 1
> +
> +}
>
> lsign_keys() {
> check_keyids_exist
> @@ -454,6 +475,7 @@ lsign_keys() {
> local ret=0
> local key_count=0
> for key_id in "$@"; do
> + if lsigned_already "$key_id" ; then continue; fi
> if (( VERBOSE )); then
> msg2 "$(gettext "Locally signing key %s...")"
> "${key_id}"
> fi
> @@ -469,7 +491,9 @@ lsign_keys() {
> if (( ret )); then
> exit 1
> fi
> - msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
> + if (( key_count )); then
> + msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
> + fi
> }
>
> receive_keys() {
> @@ -511,6 +535,19 @@ refresh_keys() {
> fi
> }
>
> +revoked_already() {
> +
> +while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
> +if [[ "$type" != "pub" ]]; then
> +continue
> +fi
> +if [[ "$flags" = *"D"* ]]; then
> +return 0
> +fi
> + done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
> + return 1
> +}
> +
> verify_sig() {
> local ret=0 sig=$1 file=$2
> if [[ -z $file && -f ${sig%.*} ]]; then
> --
> 2.23.0
This may just be my personal preference. But "pacman-key: ignores
keys already lsigned/deleted" kind of sounds past tense, almost like
pacman already does this and you're reporting a bug. I much prefer
just saying "pacman-key: ignore already signed/deleted keys".
Re: [pacman-dev] [PATCH v2] pacman-key: ignores keys already lsigned/deleted
Some additional comments
On 5/11/19 9:40 am, Allan McRae wrote:
>> +lsigned_already() {
>> +# Determines whether a key has already been signed locally by getting
>> the
>> +# local pacman secret key and comparing it against signatures on the key
>> +# returns 0 if key is signed, 1 if it is unsigned
>> +secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | head
>> -n1 | awk -F : '{print $5}')
gpg --with-colons --list-secret-key | awk -F : 'NR==1 {print $5}'
>> +while IFS=: read -r _ valid _ _ signkey _; do
We should read the first value and check it is "sig".
>> +if [[ "$valid" != "!" ]]; then
>
> We don't quote the left hand side.
>
>> +continue
>> +fi
>> +if [[ "$signkey" = "$secret_key" ]]; then
>> +return 0
>> +fi
>> +done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
>> +return 1
>> +
>> +}
>>
>> lsign_keys() {
>> check_keyids_exist
>> @@ -454,6 +475,7 @@ lsign_keys() {
>> local ret=0
>> local key_count=0
>> for key_id in "$@"; do
>> +if lsigned_already "$key_id" ; then continue; fi
>
> Put this over multiple lines.
>
>> if (( VERBOSE )); then
>> msg2 "$(gettext "Locally signing key %s...")"
>> "${key_id}"
>> fi
>> @@ -469,7 +491,9 @@ lsign_keys() {
>> if (( ret )); then
>> exit 1
>> fi
>> -msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
>> +if (( key_count )); then
>> +msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
>> +fi
>> }
>>
>> receive_keys() {
>> @@ -511,6 +535,19 @@ refresh_keys() {
>> fi
>> }
>>
>> +revoked_already() {
>> +
>> +while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
>> +if [[ "$type" != "pub" ]]; then
>> +continue
>> +fi
>> +if [[ "$flags" = *"D"* ]]; then
>
> That quoting on the RHS looked weird to me, but I think is fine...
>
>> +return 0
>> +fi
>> +done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
>> +return 1
>> +}
>> +
>> verify_sig() {
>> local ret=0 sig=$1 file=$2
>> if [[ -z $file && -f ${sig%.*} ]]; then
>>
> .
>
[pacman-dev] [PATCH v3] pacman-key: ignore already lsigned/deleted keys
Added two new functions, key_is_lsigned() and key_is_revoked()
that check whether a key has been locally signed or revoked
respectively during --populate. If the key is already signed
or revoked, it is quietly ignored.
Suggested-by: Eli Schwartz
Signed-off-by: Matthew Sexton
---
v3. Fixed spaced to tabs, renamed functions, moved functions
to the proper location, key_is_lsigned now ensures it's reading
from the 'sig' line, and a few stylistic corrections suggested
by Allan and Morgan.
scripts/pacman-key.sh.in | 42 +---
1 file changed, 39 insertions(+), 3 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 3627a805..d1c9a456 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -190,6 +190,32 @@ check_keyids_exist() {
fi
}
+key_is_lsigned() {
+ secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | awk
-F : 'NR==1 {print $5}')
+ while IFS=: read -r type valid _ _ sign_key _; do
+ if [[ $type != "sig" ]] || [[ $valid != "!" ]]; then
+ continue
+ fi
+ if [[ "$sign_key" == "$secret_key" ]]; then
+ return 0
+ fi
+ done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
+ return 1
+
+}
+
+key_is_revoked() {
+ while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
+ if [[ $type != "pub" ]]; then
+ continue
+ fi
+ if [[ $flags == *"D"* ]]; then
+ return 0
+ fi
+ done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
+ return 1
+}
+
initialize() {
local conffile keyserv
# Check for simple existence rather than for a directory as someone
@@ -247,7 +273,7 @@ check_keyring() {
fi
fi
- if (( LSIGNKEY )); then
+ if (( LSIGNKEY || POPULATE )); then
if [[ $(secret_keys_available) -lt 1 ]]; then
error "$(gettext "There is no secret key available to
sign with.")"
msg "$(gettext "Use '%s' to generate a default secret
key.")" "pacman-key --init"
@@ -337,13 +363,18 @@ populate_keyring() {
local key_count=0
msg "$(gettext "Disabling revoked keys in keyring...")"
for key_id in "${!revoked_ids[@]}"; do
+ if key_is_revoked "$key_id" ; then
+ continue
+ fi
if (( VERBOSE )); then
msg2 "$(gettext "Disabling key %s...")"
"${key_id}"
fi
printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}"
--command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
key_count=$((key_count+1))
done
- msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
+ if (( key_count )); then
+ msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
+ fi
fi
}
@@ -454,6 +485,9 @@ lsign_keys() {
local ret=0
local key_count=0
for key_id in "$@"; do
+ if key_is_lsigned "$key_id" ; then
+ continue
+ fi
if (( VERBOSE )); then
msg2 "$(gettext "Locally signing key %s...")"
"${key_id}"
fi
@@ -469,7 +503,9 @@ lsign_keys() {
if (( ret )); then
exit 1
fi
- msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
+ if (( key_count )); then
+ msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
+ fi
}
receive_keys() {
--
2.23.0
[pacman-dev] [PATCH v4] pacman-key: ignore already lsigned/deleted keys
Added two new functions, key_is_lsigned() and key_is_revoked()
that check whether a key has been locally signed or revoked
respectively during --populate. If the key is already signed
or revoked, it is quietly ignored.
Suggested-by: Eli Schwartz
Signed-off-by: Matthew Sexton
---
v4. More bash syntax corrections
scripts/pacman-key.sh.in | 42 +---
1 file changed, 39 insertions(+), 3 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 3627a805..f02cf3e6 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -190,6 +190,32 @@ check_keyids_exist() {
fi
}
+key_is_lsigned() {
+ secret_key=$("${GPG_PACMAN[@]}" --with-colons --list-secret-key | awk
-F : 'NR==1 {print $5}')
+ while IFS=: read -r type valid _ _ sign_key _; do
+ if [[ $type != "sig" || $valid != "!" ]]; then
+ continue
+ fi
+ if [[ "$sign_key" == "$secret_key" ]]; then
+ return 0
+ fi
+ done < <("${GPG_PACMAN[@]}" --with-colons --check-signatures "$1")
+ return 1
+
+}
+
+key_is_revoked() {
+ while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
+ if [[ $type != "pub" ]]; then
+ continue
+ fi
+ if [[ $flags == *"D"* ]]; then
+ return 0
+ fi
+ done < <("${GPG_PACMAN[@]}" --with-colons --list-key "$1")
+ return 1
+}
+
initialize() {
local conffile keyserv
# Check for simple existence rather than for a directory as someone
@@ -247,7 +273,7 @@ check_keyring() {
fi
fi
- if (( LSIGNKEY )); then
+ if (( LSIGNKEY || POPULATE )); then
if [[ $(secret_keys_available) -lt 1 ]]; then
error "$(gettext "There is no secret key available to
sign with.")"
msg "$(gettext "Use '%s' to generate a default secret
key.")" "pacman-key --init"
@@ -337,13 +363,18 @@ populate_keyring() {
local key_count=0
msg "$(gettext "Disabling revoked keys in keyring...")"
for key_id in "${!revoked_ids[@]}"; do
+ if key_is_revoked "$key_id" ; then
+ continue
+ fi
if (( VERBOSE )); then
msg2 "$(gettext "Disabling key %s...")"
"${key_id}"
fi
printf 'disable\nquit\n' | LANG=C "${GPG_PACMAN[@]}"
--command-fd 0 --quiet --batch --edit-key "${key_id}" 2>/dev/null
key_count=$((key_count+1))
done
- msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
+ if (( key_count )); then
+ msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
+ fi
fi
}
@@ -454,6 +485,9 @@ lsign_keys() {
local ret=0
local key_count=0
for key_id in "$@"; do
+ if key_is_lsigned "$key_id" ; then
+ continue
+ fi
if (( VERBOSE )); then
msg2 "$(gettext "Locally signing key %s...")"
"${key_id}"
fi
@@ -469,7 +503,9 @@ lsign_keys() {
if (( ret )); then
exit 1
fi
- msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
+ if (( key_count )); then
+ msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
+ fi
}
receive_keys() {
--
2.23.0
Re: [pacman-dev] [PATCH] libmakepkg: fix empty arguments in parseopts
On 25/10/19 11:48 am, Ethan Sommer wrote:
> Previously parseopts checked if there was an argument by checking
> that the string was non-empty, resulting in empty arguments being
> incorrectly considered non-existent. This change makes parseopts check
> if arguments exist at all, rather than checking that they are non-empty
>
> Signed-off-by: Ethan Sommer
I'm pushing the optional argument patch to master. Can you rebase this
on top of it.
Thanks,
Allan
> ---
> scripts/libmakepkg/util/parseopts.sh.in | 8
> test/scripts/parseopts_test.sh | 5 -
> 2 files changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/scripts/libmakepkg/util/parseopts.sh.in
> b/scripts/libmakepkg/util/parseopts.sh.in
> index c056cb1e..8fb862d8 100644
> --- a/scripts/libmakepkg/util/parseopts.sh.in
> +++ b/scripts/libmakepkg/util/parseopts.sh.in
> @@ -102,7 +102,7 @@ parseopts() {
> OPTRET+=("${1:i+1}")
> break
> # if we're at the end, grab the
> the next positional, if it exists
> - elif (( i == ${#1} - 1 )) && [[
> $2 ]]; then
> + elif (( i == ${#1} - 1 && $# >
> 1 )); then
> OPTRET+=("$2")
> shift
> break
> @@ -121,7 +121,7 @@ parseopts() {
> case $? in
> 0)
> # parse failure
> - if [[ $optarg ]]; then
> + if [[ $1 = *=* ]]; then
> printf "${0##*/}:
> $(gettext "option '%s' does not allow an argument")\n" "--$opt" >&2
> OPTRET=(--)
> return 1
> @@ -132,10 +132,10 @@ parseopts() {
> ;;
> 1)
> # --longopt=optarg
> - if [[ $optarg ]]; then
> + if [[ $1 = *=* ]]; then
> OPTRET+=("--$opt"
> "$optarg")
> # --longopt optarg
> - elif [[ $2 ]]; then
> + elif (( $# > 1 )); then
> OPTRET+=("--$opt" "$2" )
> shift
> # parse failure
> diff --git a/test/scripts/parseopts_test.sh b/test/scripts/parseopts_test.sh
> index 9674c6a6..1d76f1ad 100755
> --- a/test/scripts/parseopts_test.sh
> +++ b/test/scripts/parseopts_test.sh
> @@ -31,7 +31,7 @@ tap_parse() {
> unset OPTRET
> }
>
> -tap_plan 50
> +tap_plan 52
>
> # usage: tap_parse test-params...
> # a failed tap_parse will match only the end of options marker '--'
> @@ -111,4 +111,7 @@ tap_parse '--force --' 2 --force
> # exact match on possible stem (opt has optarg)
> tap_parse '--clean foo --' 3 --clean=foo
>
> +# all possible ways to specify empty optargs
> +tap_parse '--key --pkg -p --' 7 --key '' --pkg='' -p ''
> +
> tap_finish
>
[pacman-dev] [GIT] The official pacman repository branch, master, updated. v5.2.1-3-g091b244d
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official pacman repository". The branch, master has been updated via 091b244d0ffa281ba9968606184d709e59c2a2d5 (commit) via e1f5f2198370400565c1eb4ca342299767383f65 (commit) via 7be75523297875dacfad9083b0663a04bf823a3e (commit) from f6564377a2b0a0dd6294fb366a3f91a31142e124 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 091b244d0ffa281ba9968606184d709e59c2a2d5 Author: Matthew Sexton Date: Mon Nov 4 22:30:06 2019 -0500 pacman-key: ignore already lsigned/deleted keys Added two new functions, key_is_lsigned() and key_is_revoked() that check whether a key has been locally signed or revoked respectively during --populate. If the key is already signed or revoked, it is quietly ignored. Suggested-by: Eli Schwartz Signed-off-by: Matthew Sexton Signed-off-by: Allan McRae commit e1f5f2198370400565c1eb4ca342299767383f65 Author: Matthew Sexton Date: Sun Nov 3 23:43:00 2019 -0500 pacman-key: hide lsign and revoke output behind --verbose To cut down on spam during --populate, both locally signing and revoking keys now hide the specific keys being signed or revoked, but can be shown with --verbose. A count was added, to show the number of keys signed/revoked during the process. Partially Implements: FS#64142 - pacman-key: make populate less noisy Signed-off-by: Matthew Sexton Signed-off-by: Allan McRae commit 7be75523297875dacfad9083b0663a04bf823a3e Author: Ethan Sommer Date: Sun Nov 3 19:45:04 2019 -0500 libmakepkg: add optional argument support to parseopts Adds a "?" suffix that can be used to indicate that an option's argument is optional. This allows options to have a default behaviour when the user doesn't specify one, e.g.: --color=[when] being able to behave like --color=auto when only --color is passed Options with optional arguments given on the command line will be returned in the form "--opt=optarg" and "-o=optarg". Despite that not being the syntax for passing an argument with a shortopt (trying to pass -o=foo would make -o's argument "=foo"), this is done to allow the caller to split the option and its optarg easily Signed-off-by: Ethan Sommer Reviewed-by: Dave Reisner Signed-off-by: Allan McRae --- Summary of changes: scripts/libmakepkg/util/parseopts.sh.in | 116 scripts/pacman-key.sh.in| 56 +-- test/scripts/parseopts_test.sh | 12 +++- 3 files changed, 135 insertions(+), 49 deletions(-) hooks/post-receive -- The official pacman repository
[pacman-dev] [PATCH v2] libmakepkg: fix empty arguments in parseopts
Previously parseopts checked if there was an argument by checking
that the string was non-empty, resulting in empty arguments being
incorrectly considered non-existent. This change makes parseopts check
if arguments exist at all, rather than checking that they are non-empty
Signed-off-by: Ethan Sommer
---
scripts/libmakepkg/util/parseopts.sh.in | 8
test/scripts/parseopts_test.sh | 5 -
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/scripts/libmakepkg/util/parseopts.sh.in
b/scripts/libmakepkg/util/parseopts.sh.in
index 38ff7f62..698f2acb 100644
--- a/scripts/libmakepkg/util/parseopts.sh.in
+++ b/scripts/libmakepkg/util/parseopts.sh.in
@@ -103,7 +103,7 @@ parseopts() {
OPTRET+=("-$opt" "${1:i+1}")
break
# if we're at the end,
grab the the next positional, if it exists
- elif (( i == ${#1} - 1
)) && [[ $2 ]]; then
+ elif (( i == ${#1} - 1
&& $# > 1 )); then
OPTRET+=("-$opt" "$2")
shift
break
@@ -144,7 +144,7 @@ parseopts() {
case $? in
0)
# parse failure
- if [[ $optarg ]]; then
+ if [[ $1 = *=* ]]; then
printf "${0##*/}:
$(gettext "option '%s' does not allow an argument")\n" "--$opt" >&2
OPTRET=(--)
return 1
@@ -155,10 +155,10 @@ parseopts() {
;;
1)
# --longopt=optarg
- if [[ $optarg ]]; then
+ if [[ $1 = *=* ]]; then
OPTRET+=("--$opt"
"$optarg")
# --longopt optarg
- elif [[ $2 ]]; then
+ elif (( $# > 1 )); then
OPTRET+=("--$opt" "$2" )
shift
# parse failure
diff --git a/test/scripts/parseopts_test.sh b/test/scripts/parseopts_test.sh
index 8f1ea1f3..3d706be8 100755
--- a/test/scripts/parseopts_test.sh
+++ b/test/scripts/parseopts_test.sh
@@ -31,7 +31,7 @@ tap_parse() {
unset OPTRET
}
-tap_plan 54
+tap_plan 56
# usage: tap_parse test-params...
# a failed tap_parse will match only the end of options marker '--'
@@ -117,4 +117,7 @@ tap_parse '--opt= --opt=foo --opt --' 4 --opt= --opt=foo
--opt
# short opt with and without optional arg, and non-option arg
tap_parse '-b=foo -A -b -- foo' 5 -bfoo -Ab foo
+# all possible ways to specify empty optargs
+tap_parse '--key --pkg -p --' 7 --key '' --pkg='' -p ''
+
tap_finish
--
2.24.0
Re: [pacman-dev] [PATCH v2] libmakepkg: fix empty arguments in parseopts
On 5/11/19 2:36 pm, Ethan Sommer wrote: > Previously parseopts checked if there was an argument by checking > that the string was non-empty, resulting in empty arguments being > incorrectly considered non-existent. This change makes parseopts check > if arguments exist at all, rather than checking that they are non-empty > > Signed-off-by: Ethan Sommer > --- Thanks! Pushed. A
[pacman-dev] [GIT] The official pacman repository branch, master, updated. v5.2.1-4-g1bfae7d1
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official pacman repository". The branch, master has been updated via 1bfae7d14a7bdad777e82912c5c6883deb11aee5 (commit) from 091b244d0ffa281ba9968606184d709e59c2a2d5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 1bfae7d14a7bdad777e82912c5c6883deb11aee5 Author: Ethan Sommer Date: Mon Nov 4 23:36:02 2019 -0500 libmakepkg: fix empty arguments in parseopts Previously parseopts checked if there was an argument by checking that the string was non-empty, resulting in empty arguments being incorrectly considered non-existent. This change makes parseopts check if arguments exist at all, rather than checking that they are non-empty Signed-off-by: Ethan Sommer Signed-off-by: Allan McRae --- Summary of changes: scripts/libmakepkg/util/parseopts.sh.in | 8 test/scripts/parseopts_test.sh | 5 - 2 files changed, 8 insertions(+), 5 deletions(-) hooks/post-receive -- The official pacman repository
[pacman-dev] [PATCH] Move update-copyright into build-aux
This is a useful function to update all our copyright years. Move
it into build-aux so that it is not lost in the switch to meson.
Signed-off-by: Allan McRae
---
Makefile.am| 7 +--
build-aux/update-copyright | 8
2 files changed, 9 insertions(+), 6 deletions(-)
create mode 100755 build-aux/update-copyright
diff --git a/Makefile.am b/Makefile.am
index c661f447..851bf472 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -77,9 +77,4 @@ update-po:
$(MAKE) -C scripts/po update-po
$(MAKE) -C src/pacman/po update-po
-update-copyright:
- for file in $(shell sh -c 'git grep -l "Copyright .* Pacman
Development" | grep -v "\.po"'); do \
- sed -i -e "/Copyright (/s/-$(OLD)/-$(NEW)/" -e "/Copyright (/s/
$(OLD)/ $(OLD)-$(NEW)/" "$$file"; \
- done
-
-.PHONY: update-po update-copyright
+.PHONY: update-po
diff --git a/build-aux/update-copyright b/build-aux/update-copyright
new file mode 100755
index ..eef368b8
--- /dev/null
+++ b/build-aux/update-copyright
@@ -0,0 +1,8 @@
+#! /bin/sh
+
+OLD=$1
+NEW=$2
+
+for file in $(git grep -l "Copyright .* Pacman Development" | grep -v "\.po");
do \
+ sed -i -e "/Copyright (/s/-${OLD}/-${NEW}/" -e "/Copyright (/s/ ${OLD}/
${OLD}-${NEW}/" "$file"
+done
--
2.23.0
