Allan McRae pushed to branch master at Pacman / Pacman Commits: 2fc2ab6c by Levente Polyak at 2023-08-28T22:15:03+10:00 makepkg: immutable git sources by hashing the checkout content This feature makes Git VCS build inputs immutable by adding support for pinning a Git checkout by a hash of its content using the deterministic export functionality `git archive`. This feature aids packagers by allowing them to use simple and convenient refnames (instead of full commit hashes) in the `PKGBUILD` while still preserving security implications of immutable build inputs using a trusted cryptographic hash function of the content. Previously VCS source downloads have been skipped for `--geninteg` and `--source` as both options did not need a checkout. This commit changes this behavior by forcing the download of all sources as integrity checks and generation requires to have an up to date state. Signed-off-by: Levente Polyak <anthraxx@archlinux.org> - - - - - ca3c873d by Levente Polyak at 2023-08-28T22:15:03+10:00 makepkg: immutable mercurial sources by hashing the checkout content This feature makes Mercurial VCS build inputs immutable by adding support for pinning a Mercurial checkout by a hash of its content using the deterministic export functionality `hg archive`. This feature aids packagers by allowing them to use simple and convenient refnames (instead of full commit hashes) in the `PKGBUILD` while still preserving security implications of immutable build inputs using a trusted cryptographic hash function of the content. Signed-off-by: Levente Polyak <anthraxx@archlinux.org> - - - - - ee933acf by Levente Polyak at 2023-08-28T22:15:03+10:00 makepkg: immutable bzr by hashing the checkout content This feature makes bzr VCS build inputs immutable by adding support for pinning a bzr checkout by a hash of its content using the deterministic export functionality `bzr export`. This feature allows to preserve security implications of immutable build inputs using a trusted cryptographic hash function of the content. Signed-off-by: Levente Polyak <anthraxx@archlinux.org> - - - - - 8 changed files: - doc/PKGBUILD.5.asciidoc - scripts/libmakepkg/integrity/generate_checksum.sh.in - scripts/libmakepkg/integrity/verify_checksum.sh.in - scripts/libmakepkg/source/bzr.sh.in - scripts/libmakepkg/source/file.sh.in - scripts/libmakepkg/source/git.sh.in - scripts/libmakepkg/source/hg.sh.in - scripts/makepkg.sh.in View it on GitLab: https://gitlab.archlinux.org/pacman/pacman/-/compare/843bf21e794c79c5b3bcf8a... -- View it on GitLab: https://gitlab.archlinux.org/pacman/pacman/-/compare/843bf21e794c79c5b3bcf8a... You're receiving this email because of your account on gitlab.archlinux.org.