This can only ever be an int, and the specification states that a malformed timestamp should be considered a fatal error.
https://reproducible-builds.org/specs/source-date-epoch/ Signed-off-by: Eli Schwartz eschwartz@archlinux.org --- scripts/Makefile.am | 1 + .../lint_config/source_date_epoch.sh.in | 37 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100755 scripts/libmakepkg/lint_config/source_date_epoch.sh.in
diff --git a/scripts/Makefile.am b/scripts/Makefile.am index 54a8d215..255aee2b 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -71,6 +71,7 @@ LIBMAKEPKG_IN = \ libmakepkg/integrity/verify_signature.sh \ libmakepkg/lint_config.sh \ libmakepkg/lint_config/paths.sh \ + libmakepkg/lint_config/source_date_epoch.sh \ libmakepkg/lint_config/variable.sh \ libmakepkg/lint_package.sh \ libmakepkg/lint_package/build_references.sh \ diff --git a/scripts/libmakepkg/lint_config/source_date_epoch.sh.in b/scripts/libmakepkg/lint_config/source_date_epoch.sh.in new file mode 100755 index 00000000..38fbfd77 --- /dev/null +++ b/scripts/libmakepkg/lint_config/source_date_epoch.sh.in @@ -0,0 +1,37 @@ +#!/bin/bash +# +# source_date_epoch.sh - Check that reproducible builds timestamp is valid +# +# Copyright (c) 2018 Pacman Development Team pacman-dev@archlinux.org +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +[[ -n $LIBMAKEPKG_LINT_CONFIG_SOURCE_DATE_EPOCH_SH ]] && return +LIBMAKEPKG_LINT_CONFIG_SOURCE_DATE_EPOCH_SH=1 + +LIBRARY=${LIBRARY:-'@libmakepkgdir@'} + +source "$LIBRARY/util/message.sh" + +lint_config_functions+=('lint_source_date_epoch') + + +lint_source_date_epoch() { + if [[ $SOURCE_DATE_EPOCH = *[^[:digit:]]* ]]; then + error "$(gettext "%s contains invalid characters: %s")" \ + "$SOURCE_DATE_EPOCH" "${SOURCE_DATE_EPOCH//[[:digit:]]}" + return 1 + fi +}
Use mapfile instead of hacking around read -a with the $IFS.
Signed-off-by: Eli Schwartz eschwartz@archlinux.org --- scripts/libmakepkg/executable/checksum.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/libmakepkg/executable/checksum.sh.in b/scripts/libmakepkg/executable/checksum.sh.in index 9783d4ee..0a4b0c9e 100644 --- a/scripts/libmakepkg/executable/checksum.sh.in +++ b/scripts/libmakepkg/executable/checksum.sh.in @@ -29,7 +29,7 @@ executable_functions+=('executable_checksum') executable_checksum() { if (( GENINTEG || ! SKIPCHECKSUMS )); then local integlist - IFS=$'\n' read -rd '' -a integlist < <(get_integlist) + mapfile -t integlist < <(get_integlist)
local integ for integ in "${integlist[@]}"; do
Signed-off-by: Eli Schwartz eschwartz@archlinux.org --- doc/makepkg.8.asciidoc | 2 +- scripts/libmakepkg/integrity/generate_signature.sh.in | 6 +++++- scripts/makepkg.sh.in | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/doc/makepkg.8.asciidoc b/doc/makepkg.8.asciidoc index ec35ab04..dcd597c8 100644 --- a/doc/makepkg.8.asciidoc +++ b/doc/makepkg.8.asciidoc @@ -343,7 +343,7 @@ On exit, makepkg will return one of the following error codes. Programs necessary to run makepkg are missing.
16:: - Specified GPG key does not exist. + Specified GPG key does not exist or failed to sign package.
See Also -------- diff --git a/scripts/libmakepkg/integrity/generate_signature.sh.in b/scripts/libmakepkg/integrity/generate_signature.sh.in index 1567ee89..786ca081 100644 --- a/scripts/libmakepkg/integrity/generate_signature.sh.in +++ b/scripts/libmakepkg/integrity/generate_signature.sh.in @@ -47,6 +47,8 @@ create_signature() { }
create_package_signatures() { + local ret=0 + if [[ $SIGNPKG != 'y' ]]; then return 0 fi @@ -55,7 +57,9 @@ create_package_signatures() {
print_all_package_names | while read -r pkg_file; do if [[ -f $pkg_file ]]; then - create_signature "$pkg_file" + create_signature "$pkg_file" || ret=$? fi done + + return $ret } diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 66729584..fcc76e7f 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1493,7 +1493,7 @@ else
enter_fakeroot
- create_package_signatures + create_package_signatures || exit $E_PRETTY_BAD_PRIVACY fi
# if inhibiting archive creation, go no further
On 10/1/19 3:58 pm, Eli Schwartz wrote:
Signed-off-by: Eli Schwartz eschwartz@archlinux.org
This patch is on top of something that is not accepted yet so does not apply.
A
Signed-off-by: Eli Schwartz eschwartz@archlinux.org ---
v2: apply patch on top of master, not another pending patch
doc/makepkg.8.asciidoc | 2 +- scripts/libmakepkg/integrity/generate_signature.sh.in | 8 ++++++-- scripts/makepkg.sh.in | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/doc/makepkg.8.asciidoc b/doc/makepkg.8.asciidoc index b15e3a67..544659fc 100644 --- a/doc/makepkg.8.asciidoc +++ b/doc/makepkg.8.asciidoc @@ -340,7 +340,7 @@ On exit, makepkg will return one of the following error codes. Programs necessary to run makepkg are missing.
16:: - Specified GPG key does not exist. + Specified GPG key does not exist or failed to sign package.
See Also -------- diff --git a/scripts/libmakepkg/integrity/generate_signature.sh.in b/scripts/libmakepkg/integrity/generate_signature.sh.in index e6ff3b1b..b6138824 100644 --- a/scripts/libmakepkg/integrity/generate_signature.sh.in +++ b/scripts/libmakepkg/integrity/generate_signature.sh.in @@ -47,6 +47,8 @@ create_signature() { }
create_package_signatures() { + local ret=0 + if [[ $SIGNPKG != 'y' ]]; then return 0 fi @@ -59,7 +61,7 @@ create_package_signatures() { pkgarch=$(get_pkg_arch $pkg) pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}"
- create_signature "$pkg_file" + create_signature "$pkg_file" || ret=$? done
# check if debug package needs a signature @@ -68,7 +70,9 @@ create_package_signatures() { pkgarch=$(get_pkg_arch) pkg_file="$PKGDEST/${pkg}-${fullver}-${pkgarch}${PKGEXT}" if [[ -f $pkg_file ]]; then - create_signature "$pkg_file" + create_signature "$pkg_file" || ret=$? fi fi + + return $ret } diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 4f096a36..351f120e 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1480,7 +1480,7 @@ else
enter_fakeroot
- create_package_signatures + create_package_signatures || exit $E_PRETTY_BAD_PRIVACY fi
# if inhibiting archive creation, go no further
This is not really an error with a "user function".
Signed-off-by: Eli Schwartz eschwartz@archlinux.org --- scripts/makepkg.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 72c953c9..64a62236 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1223,7 +1223,7 @@ unset "${!sha384sums_@}" "${!sha512sums_@}" BUILDFILE=${BUILDFILE:-$BUILDSCRIPT} if [[ ! -f $BUILDFILE ]]; then error "$(gettext "%s does not exist.")" "$BUILDFILE" - exit $E_USER_FUNCTION_FAILED + exit $E_PKGBUILD_ERROR
else if [[ $(<"$BUILDFILE") = *$'\r'* ]]; then
On 10/1/19 3:58 pm, Eli Schwartz wrote:
This can only ever be an int, and the specification states that a malformed timestamp should be considered a fatal error.
https://reproducible-builds.org/specs/source-date-epoch/ Signed-off-by: Eli Schwartz eschwartz@archlinux.org
scripts/Makefile.am | 1 + .../lint_config/source_date_epoch.sh.in | 37 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100755 scripts/libmakepkg/lint_config/source_date_epoch.sh.in
Pulled to my patchqueue with the needed meson addition.
A
pacman-dev@lists.archlinux.org