This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official pacman repository". The branch, master has been updated via 9c552272e83905703ad0cbcfc92883ebd1eff6f9 (commit) via 97be2f0e0a0daad2f9058377c7dbee62cc7a8718 (commit) via b7b3fc23869475d3d1729de802935b98594d1677 (commit) via 1d7ad5d24bd7487d70b98197d4dd3477ff75f513 (commit) via 4d63ebe2fbe932412a7b8340af49bf30c8e17a91 (commit) via 1cf79eb8c8c7894d238cd906613dc1cd5b7ced1a (commit) via 2df1534b787a87b4b7e8e4aaa5a9d5c2e3c6e47a (commit) via 225acbbff176e52a88eb6b8030d331a599a7ef06 (commit) via 31e55b8049ed001a993441f3efc8ffebdf360061 (commit) from a7d33d0c36420462b3de5c7e2f8327ddbda2a129 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9c552272e83905703ad0cbcfc92883ebd1eff6f9 Author: Dan McGee <dan@archlinux.org> Date: Sun Apr 24 11:42:51 2011 -0500 configure: add output showing what libraries will be used Signed-off-by: Dan McGee <dan@archlinux.org> commit 97be2f0e0a0daad2f9058377c7dbee62cc7a8718 Author: Dan McGee <dan@archlinux.org> Date: Sun Apr 24 11:40:58 2011 -0500 Allow conditional compilation with GPGME This makes it possible to omit usage of -lgpgme, just as we can do for -lcurl and -lcrypto. Thanks to Rémy Oudompheng for an initial stab at this. Signed-off-by: Dan McGee <dan@archlinux.org> commit b7b3fc23869475d3d1729de802935b98594d1677 Author: Dan McGee <dan@archlinux.org> Date: Sat Apr 23 11:39:51 2011 -0500 signing: add more detail to unexpected signature count error Do a quick loop and count of the returned data so we can show how many signatures were parsed and read. Signed-off-by: Dan McGee <dan@archlinux.org> commit 1d7ad5d24bd7487d70b98197d4dd3477ff75f513 Author: Dan McGee <dan@archlinux.org> Date: Fri Apr 22 15:55:54 2011 -0500 Enhance GPGME debug output Add some lookup functions for nice names for the various types used by the library, and remove some fields that are of little use to us in the debug output. This should make looking at key loading and verification a bit easier, especially in determining what makes up our good and bad criteria. Signed-off-by: Dan McGee <dan@archlinux.org> commit 4d63ebe2fbe932412a7b8340af49bf30c8e17a91 Author: Dan McGee <dan@archlinux.org> Date: Thu Apr 21 23:39:01 2011 -0500 Perform package verification at package load time Both md5sum verification and PGP verification can and should be done at package load time. This allows verification to happen as early as possible for packages provided by filename and loaded in the frontend, and moves more stuff out of sync_commit that doesn't really belong there. This should also set the stage for simplified parallel loading of packages later down the road. Signed-off-by: Dan McGee <dan@archlinux.org> commit 1cf79eb8c8c7894d238cd906613dc1cd5b7ced1a Author: Dan McGee <dan@archlinux.org> Date: Thu Apr 21 21:57:08 2011 -0500 sync_commit: refactor out validate_deltas More stuff going on in the pre-committing stage that can be in a static method to make things a bit more clear. Signed-off-by: Dan McGee <dan@archlinux.org> commit 2df1534b787a87b4b7e8e4aaa5a9d5c2e3c6e47a Author: Dan McGee <dan@archlinux.org> Date: Thu Apr 21 21:40:00 2011 -0500 sync_commit: refactor out file downloads This part is almost completely self-contained, except building the list of delta filenames that we use later to check their md5sums. Refactor it into a static method so we can bring most of the code in sync_commit closer to the method name. Signed-off-by: Dan McGee <dan@archlinux.org> commit 225acbbff176e52a88eb6b8030d331a599a7ef06 Author: Dan McGee <dan@archlinux.org> Date: Thu Apr 21 19:25:44 2011 -0500 Rein in the complexity of the signature type Given that we offer no transparency into the pmpgpsig_t type, we don't really need to expose it outside of the library, and at this point, we don't need it at all. Don't decode anything except when checking signatures. For packages/files not from a sync database, we now just read the signature file directly anyway. Also push the decoding logic down further into the check method so we don't need this hanging out in a less than ideal place. This will make it easier to conditionally compile things down the road. Signed-off-by: Dan McGee <dan@archlinux.org> commit 31e55b8049ed001a993441f3efc8ffebdf360061 Author: Dan McGee <dan@archlinux.org> Date: Thu Apr 21 19:01:06 2011 -0500 signing: let GPGME handle loading signatures from files Rather than go through all the hassle of doing this ourselves, just let GPGME handle the work by passing it a file handle. Signed-off-by: Dan McGee <dan@archlinux.org> ----------------------------------------------------------------------- Summary of changes: configure.ac | 28 ++++- lib/libalpm/Makefile.am | 6 +- lib/libalpm/alpm.h | 10 +- lib/libalpm/be_package.c | 40 +++++--- lib/libalpm/be_sync.c | 2 +- lib/libalpm/db.c | 23 ---- lib/libalpm/db.h | 3 - lib/libalpm/package.c | 41 +------- lib/libalpm/package.h | 7 +- lib/libalpm/signing.c | 267 +++++++++++++++++++++++++++++++++------------- lib/libalpm/signing.h | 13 +-- lib/libalpm/sync.c | 197 ++++++++++++++++------------------ src/pacman/query.c | 2 +- src/pacman/sync.c | 3 +- src/pacman/upgrade.c | 3 +- src/util/testpkg.c | 3 +- 16 files changed, 362 insertions(+), 286 deletions(-) hooks/post-receive -- The official pacman repository