[pacman-dev] [RFC][PATCH 0/3] Add source package information to repo database
AKA - the I hate ABS patchset... This patchset adds source package information to the sync dbs. Once this is given the all clear, it will be followed by patches reading the information into libalpm and adding a "pacman -B" that will download the source package and extract to /var/build/pacman (or somewhere...). This would be a complete ABS replacement on Arch. Queries: 1) I add a separate file to the db and reuse the variable names from the desc file. This means some probably duplication in the sync db reading code. Or should I add the info to the desc file and give it different names? 2) I add a -S/--source flag to add the source file description. This is similar to --delta and --files. I toyed with the idea of including the source information by default. Opinions on this? Allan McRae (3): makepkg: sign source packages with --sign Always supply base name and version info in .PKGFILE if needed repo-add: add source package information to sync db lib/libalpm/be_package.c | 2 ++ lib/libalpm/be_sync.c | 2 ++ scripts/makepkg.sh.in | 30 +++++++++++++------ scripts/repo-add.sh.in | 75 ++++++++++++++++++++++++++++++++++++++++++++++-- 4 files changed, 99 insertions(+), 10 deletions(-) -- 1.8.4.2
Signed-off-by: Allan McRae
Provide pkgbase information for non-split packages with pkgbase set.
Also record the version of the "base" package. This is useful for
matching package files to source packages.
Signed-off-by: Allan McRae
When using the -S/--source option, add source package information to the
sync db if one is found alongside the package file.
TODO: Add documentation
Signed-off-by: Allan McRae
On Sat, Nov 02, 2013 at 12:21:42PM +1000, Allan McRae wrote:
When using the -S/--source option, add source package information to the sync db if one is found alongside the package file.
TODO: Add documentation
Signed-off-by: Allan McRae
--- lib/libalpm/be_sync.c | 2 ++ scripts/repo-add.sh.in | 75 ++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 75 insertions(+), 2 deletions(-) diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 6ebdf3c..eb60b64 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -674,6 +674,8 @@ static int sync_db_read(alpm_db_t *db, struct archive *archive, /* skip reading delta files if UseDelta is unset */ } else if(strcmp(filename, "files") == 0) { /* currently do nothing with this file */ + } else if(strcmp(filename, "source") == 0) { + /* currently do nothing with this file */ } else { /* unknown database file */ _alpm_log(db->handle, ALPM_LOG_DEBUG, "unknown database file: %s\n", filename); diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index dbb635a..e4a34d1 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -33,6 +33,7 @@ DELTA=0 ONLYADDNEW=0 RMEXISTING=0 WITHFILES=0 +SOURCE=0 SIGN=0 VERIFY=0 REPO_DB_FILE= @@ -61,6 +62,7 @@ Multiple packages to add can be specified on the command line.\n")" printf -- "$(gettext " -n, --new only add packages that are not already in the database\n")" printf -- "$(gettext " -R, --remove remove package file from disk when updating database entry\n")" printf -- "$(gettext " -f, --files update database's file list\n")" + printf -- "$(gettext " -S, --source add source package information to the database\n")" elif [[ $cmd == "repo-remove" ]] ; then printf -- "$(gettext "Usage: repo-remove [options] <path-to-db>
...\n")" printf -- "\n" @@ -124,6 +126,35 @@ find_pkgentry() { return 1 } +match_source_package() { + case $# in + 0) + warning "$(gettext "No source package found")" + return 1 + ;;
I think if you check for existence here you make this a more robust function which doesn't silently require nullglob. This case label then simply becomes 0|1.
+ [!1]) + warning "$(gettext "Cannot determine source package - multiple matches found:")" + msg2 '%s' "$@" + return 1 + ;; + esac + echo "$1" +} + +find_source_package() { + local pkgfile pkgname pkgver sourcepkg + + pkgfile=$1 + pkgname=$2 + pkgver=$3 + + local sourcepkg=$(shopt -s nullglob; + match_source_package "$(dirname "$pkgfile")/$pkgname-$pkgver".src.tar!(*.sig)) + + echo "$sourcepkg"
You probably don't want to do this if match_source_package failed...
+} + funcgrep() { awk -v funcmatch="$1" ' /^[[:space:]]*[[:alnum:]_]+[[:space:]]*\([[:space:]]*\)/ { @@ -272,8 +303,9 @@ db_write_entry() { local pkgfile=$1 local -a _groups _licenses _replaces _depends _conflicts _provides \ _optdepends _makedepends _checkdepends - local pkgname pkgver pkgdesc csize size url arch builddate packager \ - md5sum sha256sum pgpsig pgpsigsize install_functions + local pkgname pkgbase pkgver basever pkgdesc csize size url arch builddate \ + packager md5sum sha256sum pgpsig pgpsigsize install_functions \ + spkgfile scsize smd5sum ssha256sum spgpsig
# read info from the zipped package local line var val @@ -353,6 +385,31 @@ db_write_entry() { sha256sum=$(openssl dgst -sha256 "$pkgfile") sha256sum=${sha256sum##* }
+ # gather source package information + if (( SOURCE )); then + msg2 "$(gettext "Adding source package...")" + + spkgfile=$(find_source_package "$pkgfile" ${pkgbase:-$pkgname} ${basever:-$pkgver}) + + if [[ -n "$spkgfile" ]]; then + if [[ -f "$spkgfile.sig" ]]; then + pgpsigsize=$(@SIZECMD@ -L "$spkgfile.sig") + if (( pgpsigsize > 16384 )); then + error "$(gettext "Invalid package signature file '%s'.")" "$spkgfile.sig" + return 1 + fi + spgpsig=$(openssl base64 -in "$spkgfile.sig" | tr -d '\n') + fi + + scsize=$(@SIZECMD@ -L "$spkgfile") + + smd5sum=$(openssl dgst -md5 "$spkgfile") + smd5sum=${md5sum##* } + ssha256sum=$(openssl dgst -sha256 "$spkgfile") + ssha256sum=${sha256sum##* } + fi + fi + # remove an existing entry if it exists, ignore failures db_remove_entry "$pkgname"
@@ -371,6 +428,7 @@ db_write_entry() { format_entry "NAME" "$pkgname" format_entry "BASE" "$pkgbase" format_entry "VERSION" "$pkgver" + format_entry "BASEVER" "$basever" format_entry "DESC" "$pkgdesc" format_entry "GROUPS" "${_groups[@]}" format_entry "CSIZE" "$csize" @@ -403,6 +461,18 @@ db_write_entry() { format_entry "CHECKDEPENDS" "${_checkdepends[@]}" } >'depends'
+ # create source entry + if (( SOURCE )) && [[ -n "$spkgfile" ]]; then + msg2 "$(gettext "Creating '%s' db entry...")" 'source' + { + format_entry "FILENAME" "${spkgfile##*/}" + format_entry "CSIZE" "$scsize" + format_entry "MD5SUM" "$smd5sum" + format_entry "SHA256SUM" "$ssha256sum" + format_entry "PGPSIG" "$spgpsig" + } >'source' + fi + popd >/dev/null popd >/dev/null
@@ -640,6 +710,7 @@ while (( $# )); do -n|--new) ONLYADDNEW=1;; -R|--remove) RMEXISTING=1;; -f|--files) WITHFILES=1;; + -S|--source) SOURCE=1;; --nocolor) USE_COLOR='n';; -s|--sign) check_gpg -- 1.8.4.2
On 03/11/13 10:38, Dave Reisner wrote:
On Sat, Nov 02, 2013 at 12:21:42PM +1000, Allan McRae wrote:
When using the -S/--source option, add source package information to the sync db if one is found alongside the package file.
TODO: Add documentation
Signed-off-by: Allan McRae
--- lib/libalpm/be_sync.c | 2 ++ scripts/repo-add.sh.in | 75 ++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 75 insertions(+), 2 deletions(-) diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 6ebdf3c..eb60b64 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -674,6 +674,8 @@ static int sync_db_read(alpm_db_t *db, struct archive *archive, /* skip reading delta files if UseDelta is unset */ } else if(strcmp(filename, "files") == 0) { /* currently do nothing with this file */ + } else if(strcmp(filename, "source") == 0) { + /* currently do nothing with this file */ } else { /* unknown database file */ _alpm_log(db->handle, ALPM_LOG_DEBUG, "unknown database file: %s\n", filename); diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index dbb635a..e4a34d1 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -33,6 +33,7 @@ DELTA=0 ONLYADDNEW=0 RMEXISTING=0 WITHFILES=0 +SOURCE=0 SIGN=0 VERIFY=0 REPO_DB_FILE= @@ -61,6 +62,7 @@ Multiple packages to add can be specified on the command line.\n")" printf -- "$(gettext " -n, --new only add packages that are not already in the database\n")" printf -- "$(gettext " -R, --remove remove package file from disk when updating database entry\n")" printf -- "$(gettext " -f, --files update database's file list\n")" + printf -- "$(gettext " -S, --source add source package information to the database\n")" elif [[ $cmd == "repo-remove" ]] ; then printf -- "$(gettext "Usage: repo-remove [options] <path-to-db>
...\n")" printf -- "\n" @@ -124,6 +126,35 @@ find_pkgentry() { return 1 } +match_source_package() { + case $# in + 0) + warning "$(gettext "No source package found")" + return 1 + ;;
I think if you check for existence here you make this a more robust function which doesn't silently require nullglob. This case label then simply becomes 0|1.
Can you provide more detail here? I am not sure I am understanding where you are directing me...
+ [!1]) + warning "$(gettext "Cannot determine source package - multiple matches found:")" + msg2 '%s' "$@" + return 1 + ;; + esac + echo "$1" +} + +find_source_package() { + local pkgfile pkgname pkgver sourcepkg + + pkgfile=$1 + pkgname=$2 + pkgver=$3 + + local sourcepkg=$(shopt -s nullglob; + match_source_package "$(dirname "$pkgfile")/$pkgname-$pkgver".src.tar!(*.sig)) + + echo "$sourcepkg"
You probably don't want to do this if match_source_package failed...
+} + funcgrep() { awk -v funcmatch="$1" ' /^[[:space:]]*[[:alnum:]_]+[[:space:]]*\([[:space:]]*\)/ { @@ -272,8 +303,9 @@ db_write_entry() { local pkgfile=$1 local -a _groups _licenses _replaces _depends _conflicts _provides \ _optdepends _makedepends _checkdepends - local pkgname pkgver pkgdesc csize size url arch builddate packager \ - md5sum sha256sum pgpsig pgpsigsize install_functions + local pkgname pkgbase pkgver basever pkgdesc csize size url arch builddate \ + packager md5sum sha256sum pgpsig pgpsigsize install_functions \ + spkgfile scsize smd5sum ssha256sum spgpsig
# read info from the zipped package local line var val @@ -353,6 +385,31 @@ db_write_entry() { sha256sum=$(openssl dgst -sha256 "$pkgfile") sha256sum=${sha256sum##* }
+ # gather source package information + if (( SOURCE )); then + msg2 "$(gettext "Adding source package...")" + + spkgfile=$(find_source_package "$pkgfile" ${pkgbase:-$pkgname} ${basever:-$pkgver}) + + if [[ -n "$spkgfile" ]]; then + if [[ -f "$spkgfile.sig" ]]; then + pgpsigsize=$(@SIZECMD@ -L "$spkgfile.sig") + if (( pgpsigsize > 16384 )); then + error "$(gettext "Invalid package signature file '%s'.")" "$spkgfile.sig" + return 1 + fi + spgpsig=$(openssl base64 -in "$spkgfile.sig" | tr -d '\n') + fi + + scsize=$(@SIZECMD@ -L "$spkgfile") + + smd5sum=$(openssl dgst -md5 "$spkgfile") + smd5sum=${md5sum##* } + ssha256sum=$(openssl dgst -sha256 "$spkgfile") + ssha256sum=${sha256sum##* } + fi + fi + # remove an existing entry if it exists, ignore failures db_remove_entry "$pkgname"
@@ -371,6 +428,7 @@ db_write_entry() { format_entry "NAME" "$pkgname" format_entry "BASE" "$pkgbase" format_entry "VERSION" "$pkgver" + format_entry "BASEVER" "$basever" format_entry "DESC" "$pkgdesc" format_entry "GROUPS" "${_groups[@]}" format_entry "CSIZE" "$csize" @@ -403,6 +461,18 @@ db_write_entry() { format_entry "CHECKDEPENDS" "${_checkdepends[@]}" } >'depends'
+ # create source entry + if (( SOURCE )) && [[ -n "$spkgfile" ]]; then + msg2 "$(gettext "Creating '%s' db entry...")" 'source' + { + format_entry "FILENAME" "${spkgfile##*/}" + format_entry "CSIZE" "$scsize" + format_entry "MD5SUM" "$smd5sum" + format_entry "SHA256SUM" "$ssha256sum" + format_entry "PGPSIG" "$spgpsig" + } >'source' + fi + popd >/dev/null popd >/dev/null
@@ -640,6 +710,7 @@ while (( $# )); do -n|--new) ONLYADDNEW=1;; -R|--remove) RMEXISTING=1;; -f|--files) WITHFILES=1;; + -S|--source) SOURCE=1;; --nocolor) USE_COLOR='n';; -s|--sign) check_gpg -- 1.8.4.2
On Tue, Nov 05, 2013 at 11:01:57AM +1000, Allan McRae wrote:
On 03/11/13 10:38, Dave Reisner wrote:
On Sat, Nov 02, 2013 at 12:21:42PM +1000, Allan McRae wrote:
When using the -S/--source option, add source package information to the sync db if one is found alongside the package file.
TODO: Add documentation
Signed-off-by: Allan McRae
--- lib/libalpm/be_sync.c | 2 ++ scripts/repo-add.sh.in | 75 ++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 75 insertions(+), 2 deletions(-) diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 6ebdf3c..eb60b64 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -674,6 +674,8 @@ static int sync_db_read(alpm_db_t *db, struct archive *archive, /* skip reading delta files if UseDelta is unset */ } else if(strcmp(filename, "files") == 0) { /* currently do nothing with this file */ + } else if(strcmp(filename, "source") == 0) { + /* currently do nothing with this file */ } else { /* unknown database file */ _alpm_log(db->handle, ALPM_LOG_DEBUG, "unknown database file: %s\n", filename); diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index dbb635a..e4a34d1 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -33,6 +33,7 @@ DELTA=0 ONLYADDNEW=0 RMEXISTING=0 WITHFILES=0 +SOURCE=0 SIGN=0 VERIFY=0 REPO_DB_FILE= @@ -61,6 +62,7 @@ Multiple packages to add can be specified on the command line.\n")" printf -- "$(gettext " -n, --new only add packages that are not already in the database\n")" printf -- "$(gettext " -R, --remove remove package file from disk when updating database entry\n")" printf -- "$(gettext " -f, --files update database's file list\n")" + printf -- "$(gettext " -S, --source add source package information to the database\n")" elif [[ $cmd == "repo-remove" ]] ; then printf -- "$(gettext "Usage: repo-remove [options] <path-to-db>
...\n")" printf -- "\n" @@ -124,6 +126,35 @@ find_pkgentry() { return 1 } +match_source_package() { + case $# in + 0) + warning "$(gettext "No source package found")" + return 1 + ;;
I think if you check for existence here you make this a more robust function which doesn't silently require nullglob. This case label then simply becomes 0|1.
Can you provide more detail here? I am not sure I am understanding where you are directing me...
Sure. Here's what I had in mind: match_source_package() { case $# in 0|1) if [[ ! -f $1 ]]; then warning "$(gettext "No source package found")" return 1 fi ;; *) warning "$(gettext "Cannot determine source package - multiple matches found:")" msg2 '%s' "$@" return 1 ;; esac echo "$1" } Now when you call match_source_package(), you don't have to worry about setting nullglob.
+ [!1]) + warning "$(gettext "Cannot determine source package - multiple matches found:")" + msg2 '%s' "$@" + return 1 + ;; + esac + echo "$1" +} + +find_source_package() { + local pkgfile pkgname pkgver sourcepkg + + pkgfile=$1 + pkgname=$2 + pkgver=$3 + + local sourcepkg=$(shopt -s nullglob; + match_source_package "$(dirname "$pkgfile")/$pkgname-$pkgver".src.tar!(*.sig)) + + echo "$sourcepkg"
You probably don't want to do this if match_source_package failed...
+} + funcgrep() { awk -v funcmatch="$1" ' /^[[:space:]]*[[:alnum:]_]+[[:space:]]*\([[:space:]]*\)/ { @@ -272,8 +303,9 @@ db_write_entry() { local pkgfile=$1 local -a _groups _licenses _replaces _depends _conflicts _provides \ _optdepends _makedepends _checkdepends - local pkgname pkgver pkgdesc csize size url arch builddate packager \ - md5sum sha256sum pgpsig pgpsigsize install_functions + local pkgname pkgbase pkgver basever pkgdesc csize size url arch builddate \ + packager md5sum sha256sum pgpsig pgpsigsize install_functions \ + spkgfile scsize smd5sum ssha256sum spgpsig
# read info from the zipped package local line var val @@ -353,6 +385,31 @@ db_write_entry() { sha256sum=$(openssl dgst -sha256 "$pkgfile") sha256sum=${sha256sum##* }
+ # gather source package information + if (( SOURCE )); then + msg2 "$(gettext "Adding source package...")" + + spkgfile=$(find_source_package "$pkgfile" ${pkgbase:-$pkgname} ${basever:-$pkgver}) + + if [[ -n "$spkgfile" ]]; then + if [[ -f "$spkgfile.sig" ]]; then + pgpsigsize=$(@SIZECMD@ -L "$spkgfile.sig") + if (( pgpsigsize > 16384 )); then + error "$(gettext "Invalid package signature file '%s'.")" "$spkgfile.sig" + return 1 + fi + spgpsig=$(openssl base64 -in "$spkgfile.sig" | tr -d '\n') + fi + + scsize=$(@SIZECMD@ -L "$spkgfile") + + smd5sum=$(openssl dgst -md5 "$spkgfile") + smd5sum=${md5sum##* } + ssha256sum=$(openssl dgst -sha256 "$spkgfile") + ssha256sum=${sha256sum##* } + fi + fi + # remove an existing entry if it exists, ignore failures db_remove_entry "$pkgname"
@@ -371,6 +428,7 @@ db_write_entry() { format_entry "NAME" "$pkgname" format_entry "BASE" "$pkgbase" format_entry "VERSION" "$pkgver" + format_entry "BASEVER" "$basever" format_entry "DESC" "$pkgdesc" format_entry "GROUPS" "${_groups[@]}" format_entry "CSIZE" "$csize" @@ -403,6 +461,18 @@ db_write_entry() { format_entry "CHECKDEPENDS" "${_checkdepends[@]}" } >'depends'
+ # create source entry + if (( SOURCE )) && [[ -n "$spkgfile" ]]; then + msg2 "$(gettext "Creating '%s' db entry...")" 'source' + { + format_entry "FILENAME" "${spkgfile##*/}" + format_entry "CSIZE" "$scsize" + format_entry "MD5SUM" "$smd5sum" + format_entry "SHA256SUM" "$ssha256sum" + format_entry "PGPSIG" "$spgpsig" + } >'source' + fi + popd >/dev/null popd >/dev/null
@@ -640,6 +710,7 @@ while (( $# )); do -n|--new) ONLYADDNEW=1;; -R|--remove) RMEXISTING=1;; -f|--files) WITHFILES=1;; + -S|--source) SOURCE=1;; --nocolor) USE_COLOR='n';; -s|--sign) check_gpg -- 1.8.4.2
participants (2)
-
Allan McRae
-
Dave Reisner