On 16/08/11 09:38, Gaetan Bisson wrote:
[2011-08-11 12:28:20 -0500] Dan McGee:
What we're looking for feedback on:
* any build failures in makepkg you may see * if you manage a custom repo, how does repo-add work for you * does pacman behave as it did before * if you want to sign packages, does the functionality in makepkg and the documentation make sense * same for signing repos- does it work for you
My custom repo now has both its packages and db signed; after a few pacman-key invocations, pacman started verifying packages' signatures seamlessly. Great work, guys!
I only had a minor issue with repo-add: if it is not run from the repo directory, repo.db.sig is not symlinked to repo.db.tar.gz.sig; so I patched it as follows:
diff -aur old/scripts/repo-add.sh.in new/scripts/repo-add.sh.in --- old/scripts/repo-add.sh.in 2011-08-15 16:12:42.000000000 -0700 +++ new/scripts/repo-add.sh.in 2011-08-15 16:31:01.595136037 -0700 @@ -661,7 +661,7 @@ ln -s "$target" "$dblink" 2>/dev/null || \ ln "$target" "$dblink" 2>/dev/null || \ cp "$REPO_DB_FILE" "$dblink" - if [[ -f "$target.sig" ]]; then + if [[ -f "${REPO_DB_FILE%/*}/$target.sig" ]]; then
Nice spotting. The fix I applied: if [[ -f "${REPO_DB_FILE}.sig" ]]; then Patch sent to pacman-dev. Allan