By default, the latest versions of GnuPG disable the Web of Trust and
refuse to import signatures from public keyservers. This is to prevent
denial of service attacks, because refusing to import signatures only if
the key size is too big, is apparently too silly to consider.
Either way, pacman nee
If an option is a two-part option, we print both (separated by IFS=' '),
but when grepping to see if it already exists, we only checked the first
component. This means that something like keyserver-options could only
check if there were existing keyserver options of any sort, but not
which ones.
S
On 2019-08-05 18:07, Eli Schwartz wrote:
> New suggestion:
>
> You can do inline comments for a patch using git send-email --annotate,
> and insert descriptions like:
>
> v2: changed foo to bar
>
> After the "---" which ends the commit message and before the "diff
> --git".
Thanks, that is usef
pacman should be able to extract an email address from PACKAGER for WKD
lookup, so issue a warning if it is not of the form
"Example Name ". Neither the name nor the email
address must contain additional angle brackets.
Signed-off-by: Jonas Witschel
---
v2: implement Eli's suggestion to improve
On 8/5/19 11:37 AM, Jonas Witschel wrote:
> Hi,
>
> thank you for the review!
New suggestion:
You can do inline comments for a patch using git send-email --annotate,
and insert descriptions like:
v2: changed foo to bar
After the "---" which ends the commit message and before the "diff
--git".
On 8/5/19 11:36 AM, Jonas Witschel wrote:
> pacman should be able to extract an email address from PACKAGER for WKD
> lookup, so issue a warning if it is not of the form
> "Example Name ". Neither the name nor the email
> address must contain additional angle brackets.
>
> Signed-off-by: Jonas Wit
On 2019-08-05 13:31, Allan McRae wrote:
>> +if (( ${#emails[*]} > 0 )) && ! "${GPG_PACMAN[@]}" --auto-key-locate
>> nodefault,clear,wkd,keyserver --locate-key "${emails[@]}" ; then
>
> Super long line. Please split across two or more lines.
>
> I would also like to see this block placed abo
Hi,
thank you for the review!
On 2019-08-05 13:14, Allan McRae wrote:
>> +errors =
>> alpm_list_add(errors, email);
>> errors =
>> alpm_list_add(errors, strdup(key));
>
> I don't like this.
pacman should be able to extract an email address from PACKAGER for WKD
lookup, so issue a warning if it is not of the form
"Example Name ". Neither the name nor the email
address must contain additional angle brackets.
Signed-off-by: Jonas Witschel
---
scripts/libmakepkg/lint_config/variable.sh
If an email address is specified, we use --locate-key to look up the key
using WKD and keyserver as a fallback. If the key is specified as a key
ID, this doesn't work, so we use the normal keyserver-based --recv-keys.
Note that --refresh-keys still uses the keyservers exclusively for
refreshing, t
We assume that the packager is of the form
"Example Name " and that the key used to sign the
package can be resolved using WKD with this address. This means that the
package signing key should have one user ID with the given email
address, which does not need to be a valid address, but needs to be
In contrast to the preceeding commit we do not have a database with the
required packager information to work with, so we need to extract the
package temporarily to obtain this information.
Signed-off-by: Jonas Witschel
---
lib/libalpm/be_package.c | 12 +++-
1 file changed, 11 insertion
Commit 11ab9aa9f5f0f3873df89c73e8715b82f485bd9b replaced a strcpy() call
with memcpy(), without copying the terminating null character.
Since fname is allocated with malloc(), subsequent strstr() calls will
overrun the buffer's boundary.
Signed-off-by: László Várady
---
src/pacman/callback.c |
Hi,
Thanks for the review!
> Ok, but maybe we should remove the now redundant null termination after
> the if block.
>
>
I believe the '\0' character after the if block is not completely
redundant, it
terminates the stripped package name which can be shorter than the original
string. `len` is mo
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The official pacman repository".
The branch, master has been updated
via 75837a2717c3b5654149393d6ec0e0977a7ddc2f (commit)
vi
On 10/6/19 6:50 am, Andrew Gregory wrote:
> ---
>
> A few changes I omitted from the initial patch.
>
> Does anybody know what usepart was for? It was unset unless %o was
> used in XferCommand, but I'm not sure what the use case for an
> XferCommand without %o would be.
>
According to the man
On 4/7/19 7:40 am, Eli Schwartz wrote:
> The rust language supports $RUSTFLAGS to be used automatically in all
> rustc invocations. Allow setting this in makepkg.conf (e.g. for
> optimization or debuginfo support), and teach debug+strip to pass the
> rustc command line argument necessary to rewrite
On 4/7/19 7:57 am, Eli Schwartz wrote:
> SAMUFLAGS is recently added to the samurai build tool, an implementation
> of the ninja build format (which is a competitor to Makefiles).
> Currently, samurai implements support for -v (verbose) and -j
> (configuring the number of parallel jobs) and rejects
On 18/7/19 6:06 am, Jonas Witschel wrote:
> If an email address is specified, we use --locate-key to look up the key
> using WKD and keyserver as a fallback. If the key is specified as a key
> ID, this doesn't work, so we use the normal keyserver-based --recv-keys.
>
> Note that --refresh-keys sti
Hi Allan,
> > > @@ -428,7 +428,7 @@ run_function() {
> > >$pkgfunc &>"$logpipe"
> > >
> > >wait $teepid
> > > - rm "$logpipe"
> > > + rm -f "$logpipe"
>
> I don't understand this either... Note that there is no evidence of
> this occurring when running
On 18/7/19 6:06 am, Jonas Witschel wrote:
> We assume that the packager is of the form
> "Example Name " and that the key used to sign the
> package can be resolved using WKD with this address. This means that the
> package signing key should have one user ID with the given email
> address, which d
On 10/7/19 12:52 pm, Eli Schwartz wrote:
> On 7/9/19 9:57 PM, Yardena Cohen wrote:
>> Sometimes makechrootpkg fails with:
>>
>>rm: cannot remove '/logdest/logpipe.': No such file or directory
>>
>> This shouldn't cause the whole script to fail, so let's tolerate a missing
>> pipe
>
>
Hi,
good news everyone, thanks to Florian Pritz we now have a working WKD
[1] I had to modify the fingerprint check again [2] because the key used
for signing might be a subkey, so we need to loop trough all subkeys and
check if one of these key IDs matches the one used for signing the package.
T
Currently pacman relies on the SKS keyserver network to fetch unknown
PGP keys. These keyservers are vulnerable to signature spamming attacks,
potentionally making it impossible to import the required keys. An
alternative to keyservers is a so-called Web Key Directory (WKD), a
well-known, trusted l
On 30/7/19 3:01 pm, Austin Lund wrote:
> An artificial symbol can be produced when requesting debugging symbols
> and the compiler has inlined a function. These symbols will give
> spurious results when listing source files for inclusion in debug
> packages. This will ignore these symbols and avo
On 30/6/19 2:58 am, Dave Reisner wrote:
> This includes a patch from Andrew to fix pactest's TAP output for
> subtests. Original TAP support in meson was added in 0.50, but 0.51
> contains a bugfix that ensures the test still work with the --verbose
> flag passed to meson test, so let's depend on t
On 8/6/19 2:12 pm, Andrew Gregory wrote:
> Overriding the segfault handler prevents the creation of core dumps by
> the default handler, which makes debugging segfaults difficult.
>
> Signed-off-by: Andrew Gregory
> ---
This looks good to me. I did a double take at the underscore leading
the fu
On 8/6/19 2:12 pm, Andrew Gregory wrote:
> If we get SIGSEGV we need to bail out quickly, leaving other signals
> unblocked could lead to other signal handlers getting triggered.
>
> Signed-off-by: Andrew Gregory
> ---
>
> Signals are hard. I'd appreciate if somebody could double check my
> mat
28 matches
Mail list logo