This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official pacman repository". The branch, master has been updated via a8b22e16efbffee84ff8647846196958d871c64b (commit) via 38da050f31fad7fd9252cced698a66c3e3729d98 (commit) via 9a3325a56db87cc8c6336225162daefcd190208f (commit) via ed6fda2f98bdcde56a67e43a6bcf644c549892a2 (commit) via ef26c445245d0d25dfbca8f6feb590d3288d76d4 (commit) via b9263fb4e1900457c9d5f3cc9e05896653130867 (commit) from 47e41b2023f0d13f213b771db96297968fe0f280 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a8b22e16efbffee84ff8647846196958d871c64b Author: Allan McRae <allan@archlinux.org> Date: Wed Nov 24 17:22:32 2010 +1000 Do not reuse old signature After updating a database, remove the old signature to prevent it being used in validation if the new signature fails to download. Signed-off-by: Allan McRae <allan@archlinux.org> commit 38da050f31fad7fd9252cced698a66c3e3729d98 Author: Allan McRae <allan@archlinux.org> Date: Mon Nov 22 16:06:16 2010 +1000 Download and verify package database signatures If signature verification is needed, attempt to download a signature file for a repo when it is updated. Return an error if unable to download signature only when checking is mandatory, or if signature is invalid. TODO: At the moment the database signature is only checked on download. Should we do anything with a database if it fails to be verified to prevent its future usage? Signed-off-by: Allan McRae <allan@archlinux.org> commit 9a3325a56db87cc8c6336225162daefcd190208f Author: Dan McGee <dan@archlinux.org> Date: Wed Mar 23 22:56:54 2011 -0500 Refactor signature loading code into common function We can use this for both standalone package signatures as well as standalone database signatures. Signed-off-by: Dan McGee <dan@archlinux.org> commit ed6fda2f98bdcde56a67e43a6bcf644c549892a2 Author: Allan McRae <allan@archlinux.org> Date: Mon Nov 22 15:06:09 2010 +1000 Add functions for verifying database signature Add a pmpgpsig_t struct to the database entry struct and functions for the lazy loading of database signatures. Add a function for checking database signatures, reusing (and generalizing) the code currently used for checking package signatures. TODO: The code for reading in signature files from the filesystem is duplicated for local packages and database and needs refactoring. Signed-off-by: Allan McRae <allan@archlinux.org> commit ef26c445245d0d25dfbca8f6feb590d3288d76d4 Author: Dave Reisner <d@falconindy.com> Date: Wed Mar 16 22:56:14 2011 -0400 etc/makepkg.conf: use curl in place of wget as a DLAGENT Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org> commit b9263fb4e1900457c9d5f3cc9e05896653130867 Author: Dave Reisner <d@falconindy.com> Date: Thu Mar 17 09:01:30 2011 -0400 lib/dload.c: Check for dlcb == NULL earlier Our curl callback does a whole lot of work for nothing if the front end never defined a callback to receive the data we'd calculate for it. Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org> ----------------------------------------------------------------------- Summary of changes: etc/makepkg.conf.in | 6 +- lib/libalpm/alpm.h | 1 + lib/libalpm/be_package.c | 32 +------------ lib/libalpm/be_sync.c | 51 ++++++++++++++++++--- lib/libalpm/db.c | 29 ++++++++++++ lib/libalpm/db.h | 6 +++ lib/libalpm/dload.c | 22 +++++---- lib/libalpm/package.h | 11 +---- lib/libalpm/signing.c | 113 +++++++++++++++++++++++++++++++++++----------- lib/libalpm/signing.h | 13 +++++- 10 files changed, 198 insertions(+), 86 deletions(-) hooks/post-receive -- The official pacman repository