This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official pacman repository". The branch, master has been updated via 02ae97b0da220d9079c6c2c1ac3e3ab0d12c1ac7 (commit) via 899d39b635d46f9e2daff1aada75ea07f08fef64 (commit) via bf458cced7c0845f7b6fabb887d3878ae4cd51b2 (commit) via 381e11375569fa7588b1297e0e744749bdafe8f5 (commit) via 817f9fb715b4e90d28bc141dfccfc530b9e951dc (commit) via 3bd88821bbfc8066a63ddfc9959e78984bc17750 (commit) via e348ba38814c9cc7c1c9892d0451096234dc39ab (commit) via 40bbaead44db8fcdef7087f4b05820bf90dee090 (commit) from 5f6ef895b1dac04c7fb1b63acab2d42c19f91922 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 02ae97b0da220d9079c6c2c1ac3e3ab0d12c1ac7 Author: Eli Schwartz <eschwartz@archlinux.org> Date: Mon Jun 8 22:03:18 2020 -0400 makepkg/repo-add: do not accept public-only keys for signing If it's not listed by --list-secret-key we don't care if it has been imported into your keyring, it's unusable. And you might not have a private key at all in the no-keyid-specified case. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> commit 899d39b635d46f9e2daff1aada75ea07f08fef64 Author: Eli Schwartz <eschwartz@archlinux.org> Date: Mon Jun 8 21:59:18 2020 -0400 makepkg/repo-add: handle GPGKEY with spaces We pass this to gpg -u and this gpg option can accept a number of different formats, not just the historical hexadecimal fingerprint we assumed. We should not barf hard if a format is used which happens to contain spaces. This also fixes a validation bug. When we initially check if the desired key is available, we don't quote spaces, so gpg goes ahead and treats each space-separated string as a *different key* to search for, returning partial matches, and returning success if at least one key is found. But gpg --detach-sign -u will certainly not accept multiple keys! Fixes FS#66949 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> commit bf458cced7c0845f7b6fabb887d3878ae4cd51b2 Author: Eli Schwartz <eschwartz@archlinux.org> Date: Tue Jun 2 17:50:24 2020 -0400 libmakepkg: fix regression in sending plain() output to stderr In commit 882e707e40bbade0111cf3bdedbdac4d4b70453b we changed message output to go to stdout by default, unless it was an error. The plain() function doesn't *look* like an error function, but in practice it was -- it's used to continue multiline messages, and all in-tree uses were for warning/error. This is a problem both because we're sending output to the wrong place, and because in some cases, we were performing error logging from a function which would otherwise return a value to be captured in a variable using command substution. Fix this and straighten out the API by providing two functions: one for continuing msg output, and one which wraps this by sending output to stderr, for continuing error output. Change all callers to use the second function. commit 381e11375569fa7588b1297e0e744749bdafe8f5 Author: Eli Schwartz <eschwartz@archlinux.org> Date: Tue Jun 2 18:16:48 2020 -0400 makepkg: correctly handle missing download clients This was broken in commit 882e707e40bbade0111cf3bdedbdac4d4b70453b, which changed 'plain()' messages to go to stdout, which was then captured as the download client in question: cmdline=("Aborting..."). The result was a very confusing error message e.g. /usr/share/makepkg/source/file.sh: line 72: $'\E[1m': command not found or with makepkg --nocolor: /usr/share/makepkg/source/file.sh: line 72: Aborting...: command not found The problem here is that we checked to see if an asynchronous subshell, in our case <(...), failed, by checking if its captured stdout is non-empty. Which is terrible, and also a limitation of old bash. But bash 4.4 can use wait $! to retrieve the return value of an asynchronous subshell. Now we target that as our minimum, we can sanely handle errors in such functions. Losing error messages on stdout by capturing them in a variable instead of printing them, continues to be a problem, but this will be fixed systematically in a later commit. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> commit 817f9fb715b4e90d28bc141dfccfc530b9e951dc Author: Eli Schwartz <eschwartz@archlinux.org> Date: Mon May 25 23:52:16 2020 -0400 makepkg: guard against undefined git pinned sources If something like source=(..."#commit=") is used, e.g. due to failed variable expansion, we try to check out an empty refspec as nothing at all, and end up just running "git checkout". This happens because we fail at variable expansion too -- so let's quote our variables properly and make sure git sees this as an empty refspec, so it can error out. Also make sure it is interpreted as a ref instead of a path. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> commit 3bd88821bbfc8066a63ddfc9959e78984bc17750 Author: Eli Schwartz <eschwartz@archlinux.org> Date: Mon May 18 15:18:12 2020 -0400 build: add libintl dependency to meson and the .pc file In order to use gettext on systems where it is not part of libc, the correct linker flags are needed in libalpm.pc (for static compilation). This has never been the case. The new meson build system currently only checks for ngettext in libc, but does not fall back to searching for the existence of -lintl; add it to the libalpm dependencies. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> commit e348ba38814c9cc7c1c9892d0451096234dc39ab Author: Filipe Laíns <lains@archlinux.org> Date: Thu May 21 00:38:41 2020 +0100 ci: cache packages Results in ~40s saved in each job. Signed-off-by: Filipe Laíns <lains@archlinux.org> commit 40bbaead44db8fcdef7087f4b05820bf90dee090 Author: Allan McRae <allan@archlinux.org> Date: Tue Mar 17 14:03:58 2020 +1000 Revert "makepkg: drop duplicate reporting of missing dependencies" This removed all information on dependency failures if the --syncdeps flag was not used. A better approach is needed. This reverts commit 4246a4cc4f0f87642cbbb6b375524b2e4c713412. Signed-off-by: Allan McRae <allan@archlinux.org> ----------------------------------------------------------------------- Summary of changes: .gitlab-ci.yml | 15 +++++++++++--- lib/libalpm/libalpm.pc.in | 2 +- meson.build | 8 ++++++-- scripts/libmakepkg/executable/vcs.sh.in | 2 +- .../libmakepkg/integrity/generate_signature.sh.in | 6 +++--- .../libmakepkg/integrity/verify_signature.sh.in | 2 +- scripts/libmakepkg/source/bzr.sh.in | 8 ++++---- scripts/libmakepkg/source/file.sh.in | 6 +++--- scripts/libmakepkg/source/git.sh.in | 16 +++++++-------- scripts/libmakepkg/source/hg.sh.in | 8 ++++---- scripts/libmakepkg/source/svn.sh.in | 4 ++-- scripts/libmakepkg/util/config.sh.in | 2 +- scripts/libmakepkg/util/message.sh.in | 8 ++++++++ scripts/libmakepkg/util/source.sh.in | 4 ++-- scripts/libmakepkg/util/util.sh.in | 2 +- scripts/makepkg.sh.in | 24 ++++++++++++++-------- scripts/repo-add.sh.in | 8 ++++---- 17 files changed, 76 insertions(+), 49 deletions(-) hooks/post-receive -- The official pacman repository