Re: [pacman-dev] [PATCH] Add fossil scm support to makepkg

[Eli Schwartz]

On 11/4/20 10:50 PM, escond...@iff.ink wrote:
> From: Ivy Foster 

Please extend libmakepkg/executable/vcs.sh.in to check for fossil source
urls and verify that the registered VCSCLIENTS=() in etc/makepkg.conf.in
is consulted to see if it is installed.

> 
> Signed-off-by: Ivy Foster 
> ---
>  doc/PKGBUILD.5.asciidoc|   3 +
>  scripts/libmakepkg/source/fossil.sh.in | 124 +
>  scripts/libmakepkg/util/source.sh.in   |   5 +-
>  3 files changed, 131 insertions(+), 1 deletion(-)
>  create mode 100644 scripts/libmakepkg/source/fossil.sh.in
> 
> diff --git a/doc/PKGBUILD.5.asciidoc b/doc/PKGBUILD.5.asciidoc
> index 2e2108a0..54bb7775 100644
> --- a/doc/PKGBUILD.5.asciidoc
> +++ b/doc/PKGBUILD.5.asciidoc
> @@ -499,6 +499,9 @@ The source URL is divided into four components:
>   *bzr*;;
>   revision (see `'bzr help revisionspec'` for details)
>  
> + *fossil*;;
> + branch, checkin, ci, commit, tag (checkin, ci, and commit are 
> synomymous)

We don't need the synonymity, please stick to one. I prefer commit for
symmetry with git.

> +
>   *git*;;
>   branch, commit, tag
>  
> diff --git a/scripts/libmakepkg/source/fossil.sh.in 
> b/scripts/libmakepkg/source/fossil.sh.in
> new file mode 100644
> index ..a0fe0480
> --- /dev/null
> +++ b/scripts/libmakepkg/source/fossil.sh.in
> @@ -0,0 +1,124 @@
> +#!/bin/bash
> +#
> +#   fossil.sh - function for handling the download and extraction of Fossil 
> sources
> +#
> +#   Copyright (c) 2015-2020 Pacman Development Team 
> 

This file can start in 2002, probably. :)

> +#
> +#   This program is free software; you can redistribute it and/or modify
> +#   it under the terms of the GNU General Public License as published by
> +#   the Free Software Foundation; either version 2 of the License, or
> +#   (at your option) any later version.
> +#
> +#   This program is distributed in the hope that it will be useful,
> +#   but WITHOUT ANY WARRANTY; without even the implied warranty of
> +#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +#   GNU General Public License for more details.
> +#
> +#   You should have received a copy of the GNU General Public License
> +#   along with this program.  If not, see .
> +#
> +
> +[[ -n "$LIBMAKEPKG_SOURCE_FOSSIL_SH" ]] && return
> +LIBMAKEPKG_SOURCE_FOSSIL_SH=1
> +
> +
> +LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
> +
> +source "$LIBRARY/util/message.sh"
> +source "$LIBRARY/util/pkgbuild.sh"
> +
> +download_fossil() {
> + # abort early if parent says not to fetch
> + if declare -p get_vcs > /dev/null 2>&1; then
> + (( get_vcs )) || return
> + fi
> +
> + local netfile=$1
> +
> + local db=$(get_filepath "$netfile")
> + [[ -z "$db" ]] && db="$SRCDEST/$(get_filename "$netfile")"
> +
> + local repo=$db
> +
> + local url=$(get_url "$netfile")
> + url=${url#fossil+}
> + url=${url%%#*}
> + url=${url%%\?*}
> +
> + if [[ ! -f "$db" ]]; then
> + msg2 "$(gettext "Cloning %s %s repo...")" "${repo}" "fossil"
> + if ! fossil clone $url $db; then
> + error "$(gettext "Failure while downloading %s %s 
> repo")" "${repo}" "fossil"
> + plainerr "$(gettext "Aborting...")"
> + exit 1
> + fi
> + elif (( ! HOLDVER )); then
> + # Make sure we are fetching the right repo
> + if ! (fossil remote list -R $db | grep "$url"); then
> + error "$(gettext "%s is not a clone of %s")" "$db" 
> "$url"
> + plainerr "$(gettext "Aborting...")"
> + exit 1

If this has multiple remotes but the current default is not the one we
want, this seems like it would pass...

> + fi
> + msg2 "$(gettext "Updating %s %s repo...")" "${repo}" "fossil"
> + if ! fossil pull -R $db; then
> + # only warn on failure to allow offline builds
> + warning "$(gettext "Failure while updating %s %s 
> repo")" "${repo}" "fossil"
> + fi
> + fi
> +}
> +
> +extract_fossil() {
> + local netfile=$1 tagname
> +
> + local fragment=$(get_uri_fragment "$netfile")
> + local repo=$(get_filename "$netfile")
> +
> + local db=$(get_filepath "$netfile")
> + [[ -z "$db" ]] && db="$SRCDEST/$(get_filename "$netfile")"
> + local dir=${db%%.fossil}
> + dir=${dir##*/}
> +
> + msg2 "$(gettext "Creating working copy of %s %s repo...")" "${repo}" 
> "fossil"
> + pushd "$srcdir" &>/dev/null
> +
> + if [[ -f "$dir/.fslckout" ]]; then
> + cd_safe "$dir"
> + if ! (fossil revert && fossil clean --verily); then
> + error "$(gettext "Failure while updating working copy 
> of %s %s repo")" "${repo}" "fossil"
> + plainerr "$(gettext "Aborting...")"
> + 

[pacman-dev] [PATCH] Add fossil scm support to makepkg

[escondida]

From: Ivy Foster 

Signed-off-by: Ivy Foster 
---
 doc/PKGBUILD.5.asciidoc|   3 +
 scripts/libmakepkg/source/fossil.sh.in | 124 +
 scripts/libmakepkg/util/source.sh.in   |   5 +-
 3 files changed, 131 insertions(+), 1 deletion(-)
 create mode 100644 scripts/libmakepkg/source/fossil.sh.in

diff --git a/doc/PKGBUILD.5.asciidoc b/doc/PKGBUILD.5.asciidoc
index 2e2108a0..54bb7775 100644
--- a/doc/PKGBUILD.5.asciidoc
+++ b/doc/PKGBUILD.5.asciidoc
@@ -499,6 +499,9 @@ The source URL is divided into four components:
*bzr*;;
revision (see `'bzr help revisionspec'` for details)
 
+   *fossil*;;
+   branch, checkin, ci, commit, tag (checkin, ci, and commit are 
synomymous)
+
*git*;;
branch, commit, tag
 
diff --git a/scripts/libmakepkg/source/fossil.sh.in 
b/scripts/libmakepkg/source/fossil.sh.in
new file mode 100644
index ..a0fe0480
--- /dev/null
+++ b/scripts/libmakepkg/source/fossil.sh.in
@@ -0,0 +1,124 @@
+#!/bin/bash
+#
+#   fossil.sh - function for handling the download and extraction of Fossil 
sources
+#
+#   Copyright (c) 2015-2020 Pacman Development Team 
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program.  If not, see .
+#
+
+[[ -n "$LIBMAKEPKG_SOURCE_FOSSIL_SH" ]] && return
+LIBMAKEPKG_SOURCE_FOSSIL_SH=1
+
+
+LIBRARY=${LIBRARY:-'@libmakepkgdir@'}
+
+source "$LIBRARY/util/message.sh"
+source "$LIBRARY/util/pkgbuild.sh"
+
+download_fossil() {
+   # abort early if parent says not to fetch
+   if declare -p get_vcs > /dev/null 2>&1; then
+   (( get_vcs )) || return
+   fi
+
+   local netfile=$1
+
+   local db=$(get_filepath "$netfile")
+   [[ -z "$db" ]] && db="$SRCDEST/$(get_filename "$netfile")"
+
+   local repo=$db
+
+   local url=$(get_url "$netfile")
+   url=${url#fossil+}
+   url=${url%%#*}
+   url=${url%%\?*}
+
+   if [[ ! -f "$db" ]]; then
+   msg2 "$(gettext "Cloning %s %s repo...")" "${repo}" "fossil"
+   if ! fossil clone $url $db; then
+   error "$(gettext "Failure while downloading %s %s 
repo")" "${repo}" "fossil"
+   plainerr "$(gettext "Aborting...")"
+   exit 1
+   fi
+   elif (( ! HOLDVER )); then
+   # Make sure we are fetching the right repo
+   if ! (fossil remote list -R $db | grep "$url"); then
+   error "$(gettext "%s is not a clone of %s")" "$db" 
"$url"
+   plainerr "$(gettext "Aborting...")"
+   exit 1
+   fi
+   msg2 "$(gettext "Updating %s %s repo...")" "${repo}" "fossil"
+   if ! fossil pull -R $db; then
+   # only warn on failure to allow offline builds
+   warning "$(gettext "Failure while updating %s %s 
repo")" "${repo}" "fossil"
+   fi
+   fi
+}
+
+extract_fossil() {
+   local netfile=$1 tagname
+
+   local fragment=$(get_uri_fragment "$netfile")
+   local repo=$(get_filename "$netfile")
+
+   local db=$(get_filepath "$netfile")
+   [[ -z "$db" ]] && db="$SRCDEST/$(get_filename "$netfile")"
+   local dir=${db%%.fossil}
+   dir=${dir##*/}
+
+   msg2 "$(gettext "Creating working copy of %s %s repo...")" "${repo}" 
"fossil"
+   pushd "$srcdir" &>/dev/null
+
+   if [[ -f "$dir/.fslckout" ]]; then
+   cd_safe "$dir"
+   if ! (fossil revert && fossil clean --verily); then
+   error "$(gettext "Failure while updating working copy 
of %s %s repo")" "${repo}" "fossil"
+   plainerr "$(gettext "Aborting...")"
+   exit 1
+   fi
+   cd_safe "$srcdir"
+   elif [[ -d "$dir" && ! -f "$dir/.fslckout" ]]; then
+   error "$(gettext "%s is not a working copy of %s")" "$dir" "$db"
+   plainerr "$(gettext "Aborting...")"
+   exit 1
+   elif ! fossil open "$db" --workdir "$dir"; then
+   error "$(gettext "Failure while creating working copy of %s %s 
repo")" "${repo}" "fossil"
+   plainerr "$(gettext "Aborting...")"
+   exit 1
+   fi
+
+   cd_safe "${dir##*/}"
+
+   ref=tip
+   if [[ -n $fragment ]]; then
+   case 

Re: [pacman-dev] [PATCH] pacman-key: change signing key to ed25519

[Allan McRae]

On 5/11/20 9:23 am, Jonas Witschel wrote:
> On 2020-11-04 21:53, Geert Hendrickx via pacman-dev wrote:
>> Larger RSA keys are not the way forward, switch to ed25519 instead.
>> This will also become the default in the next version of GnuPG.
>> [...] 
>> -Key-Type: RSA
>> -Key-Length: 4096
>> +Key-Type: EDDSA
>> +Key-Curve: ed25519
> 
> I will note that the strength of Ed25519 is estimated to be roughly comparable
> to RSA 3027 [1], so the currently chosen RSA 4096 is actually a slightly
> stronger algorithm. I am not saying that this is an argument against using
> Ed25519, which I believe offers ample security for the foreseeable future, but
> to be honest, I do not see a pressing need to switch either:
> 
> One main benefit of elliptic curves is the much smaller key size, but that is
> not important for a locally-generated signing key that by design will never be
> shared with anyone else.
> 
> On the other hand, Ed25519 is still not formally included in the OpenPGP
> specification [2]. (Again, this is not necessarily an argument against its
> internal use in pacman, since it only needs to be processable by GnuPG.)
> 
> However, given the above facts, personally I would feel more comfortable
> holding back this change for now, at least until GnuPG has actually made the
> switch to Ed25519 as its default algorithm.
> 

These are strong arguments to keep the current default.   Particularly
given there is nothing wrong with the current default at the moment, and
you can initialize your pacman keyring "by hand" if you really are
concerned.

Allan

Re: [pacman-dev] [PATCH] pacman-key: change signing key to ed25519

[Eli Schwartz]

On 11/4/20 5:47 PM, Geert Hendrickx via pacman-dev wrote:
> On Wed, Nov 04, 2020 at 16:30:19 -0500, Eli Schwartz wrote:
>> Currently pacman assumes gpgme from >= the year 2010, is that sufficient
>> to read ed25519? (idk, it's shelling out to gpg and thus likely doesn't
>> care?) Maybe we should bump this anyway in the expectation that requiring
>> a ~2015 version of gpgme will naturally lead to gpg versions that support
>> generating such keys.
> 
> 
> This change only affects new installations, existing ones will continue
> using their rsa2048 (or recently rsa4096) master keys, until they re-run
> pacman-key --init.

That's really not my point at all. My point is that rerunning --init
does something the project dependencies don't describe as a requirement
to support.

>>> This will also become the default in the next version of GnuPG.
>>
>> I see such a commit on GnuPG's master branch but not on the stable
>> branch. When do you expect this to be released...
> 
> 
> Good question, I don't know.  The point is that the trend is clearly
> towards EdDSA rather than larger RSA.  And GnuPG (as well as openssh
> etc) need to be conservative, as they must be interoperable with other
> or older implementations, pacman doesn't even have that limitation.

Why doesn't pacman have this limitation? Because it is only used in Arch
Linux?

Untrue, there is an active MSYS2 community using it, and we support
running on macOS/BSD and occasionally get people posting compilation
fixes on those platforms. Who knows what version of GnuPG various minor
users might have?

It's not ridiculous to consider *if* we can declare a dependency on the
proposed, updated runtime workflow requirement.

Likewise, I think "GnuPG did not actually change this default and won't
for some time" is a meaningful point of discussion; Jonas pointed out
the key strength actually decreases, while the smaller key size is not
obviously beneficial as it is only used for web of trust signing.

TBH, I'm -1 on any change that is being done without any rationale other
than "because it's the modern way of the future". Changes should be done
because they are better, or safer, or some other practical application.

This may or may not be the case here, I haven't pondered it much yet.
But... it's not being highlighted in the current discussion.

-- 
Eli Schwartz
Bug Wrangler and Trusted User



signature.asc
Description: OpenPGP digital signature

Re: [pacman-dev] [PATCH] pacman-key: change signing key to ed25519

[Jonas Witschel]

On 2020-11-04 21:53, Geert Hendrickx via pacman-dev wrote:
> Larger RSA keys are not the way forward, switch to ed25519 instead.
> This will also become the default in the next version of GnuPG.
> [...] 
> -Key-Type: RSA
> -Key-Length: 4096
> +Key-Type: EDDSA
> +Key-Curve: ed25519

I will note that the strength of Ed25519 is estimated to be roughly comparable
to RSA 3027 [1], so the currently chosen RSA 4096 is actually a slightly
stronger algorithm. I am not saying that this is an argument against using
Ed25519, which I believe offers ample security for the foreseeable future, but
to be honest, I do not see a pressing need to switch either:

One main benefit of elliptic curves is the much smaller key size, but that is
not important for a locally-generated signing key that by design will never be
shared with anyone else.

On the other hand, Ed25519 is still not formally included in the OpenPGP
specification [2]. (Again, this is not necessarily an argument against its
internal use in pacman, since it only needs to be processable by GnuPG.)

However, given the above facts, personally I would feel more comfortable
holding back this change for now, at least until GnuPG has actually made the
switch to Ed25519 as its default algorithm.

Best,
Jonas

[1] https://ed25519.cr.yp.to/
[2] https://tools.ietf.org/html/rfc4880


signature.asc
Description: PGP signature

Re: [pacman-dev] [PATCH] pacman-key: change signing key to ed25519

[Geert Hendrickx via pacman-dev]

On Wed, Nov 04, 2020 at 16:30:19 -0500, Eli Schwartz wrote:
> Currently pacman assumes gpgme from >= the year 2010, is that sufficient
> to read ed25519? (idk, it's shelling out to gpg and thus likely doesn't
> care?) Maybe we should bump this anyway in the expectation that requiring
> a ~2015 version of gpgme will naturally lead to gpg versions that support
> generating such keys.


This change only affects new installations, existing ones will continue
using their rsa2048 (or recently rsa4096) master keys, until they re-run
pacman-key --init.


> > This will also become the default in the next version of GnuPG.
> 
> I see such a commit on GnuPG's master branch but not on the stable
> branch. When do you expect this to be released...


Good question, I don't know.  The point is that the trend is clearly
towards EdDSA rather than larger RSA.  And GnuPG (as well as openssh
etc) need to be conservative, as they must be interoperable with other
or older implementations, pacman doesn't even have that limitation.


Geert





signature.asc
Description: PGP signature

Re: [pacman-dev] [PATCH] pacman-key: change signing key to ed25519

[Eli Schwartz]

On 11/4/20 3:53 PM, Geert Hendrickx via pacman-dev wrote:
> Larger RSA keys are not the way forward, switch to ed25519 instead.

Currently pacman assumes gpgme from >= the year 2010, is that sufficient
to read ed25519? (idk, it's shelling out to gpg and thus likely doesn't
care?) Maybe we should bump this anyway in the expectation that
requiring a ~2015 version of gpgme will naturally lead to gpg versions
that support generating such keys.

> This will also become the default in the next version of GnuPG.

I see such a commit on GnuPG's master branch but not on the stable
branch. When do you expect this to be released...

> Signed-off-by: Geert Hendrickx 
> ---
>  scripts/pacman-key.sh.in | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
> index ccfd1b96..fd9d3793 100644
> --- a/scripts/pacman-key.sh.in
> +++ b/scripts/pacman-key.sh.in
> @@ -147,8 +147,8 @@ generate_master_key() {
>   # Generate the master key, which will be in both pubring and secring
>   "${GPG_PACMAN[@]}" --gen-key --batch <  %echo Generating pacman keyring master key...
> -Key-Type: RSA
> -Key-Length: 4096
> +Key-Type: EDDSA
> +Key-Curve: ed25519
>  Key-Usage: sign
>  Name-Real: Pacman Keyring Master Key
>  Name-Email: pacman@localhost
> 


-- 
Eli Schwartz
Bug Wrangler and Trusted User



signature.asc
Description: OpenPGP digital signature

[pacman-dev] [PATCH] pacman-key: change signing key to ed25519

[Geert Hendrickx via pacman-dev]

Larger RSA keys are not the way forward, switch to ed25519 instead.
This will also become the default in the next version of GnuPG.

Signed-off-by: Geert Hendrickx 
---
 scripts/pacman-key.sh.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index ccfd1b96..fd9d3793 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -147,8 +147,8 @@ generate_master_key() {
# Generate the master key, which will be in both pubring and secring
"${GPG_PACMAN[@]}" --gen-key --batch <