[pacman-dev] [PATCH 2/2] makepkg: create signature files outside of fakeroot

Allan McRae allan at archlinux.org
Mon Apr 17 08:43:35 UTC 2017 

With recent version of gpg, signing within fakeroot works on the first
invocation, but fails on later runs.  Sign all packages outside of fakeroot
to avoid this issue.

Fixes FS#49946.

Signed-off-by: Allan McRae <allan at archlinux.org>
---
 .../libmakepkg/integrity/generate_signature.sh.in  | 34 ++++++++++++++++++++--
 scripts/makepkg.sh.in                              |  9 +++---
 2 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/scripts/libmakepkg/integrity/generate_signature.sh.in b/scripts/libmakepkg/integrity/generate_signature.sh.in
index 060ae344..6d65d82d 100644
--- a/scripts/libmakepkg/integrity/generate_signature.sh.in
+++ b/scripts/libmakepkg/integrity/generate_signature.sh.in
@@ -27,11 +27,10 @@ source "$LIBRARY/util/message.sh"
 
 create_signature() {
 	if [[ $SIGNPKG != 'y' ]]; then
-		return
+		return 0
 	fi
 	local ret=0
 	local filename="$1"
-	msg "$(gettext "Signing package...")"
 
 	local SIGNWITHKEY=""
 	if [[ -n $GPGKEY ]]; then
@@ -42,8 +41,37 @@ create_signature() {
 
 
 	if (( ! ret )); then
-		msg2 "$(gettext "Created signature file %s.")" "$filename.sig"
+		msg2 "$(gettext "Created signature file %s.")" "${filename##*/}.sig"
 	else
 		warning "$(gettext "Failed to sign package file.")"
 	fi
+
+	return $ret
+}
+
+create_package_signatures() {
+	local pkgarch pkg_file
+	local pkgname_backup=("${pkgname[@]}")
+	local fullver=$(get_full_version)
+
+	msg "$(gettext "Signing package(s)...")"
+
+	for pkgname in ${pkgname_backup[@]}; do
+		pkgarch=$(get_pkg_arch $pkgname)
+		pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}"
+
+		create_signature "$pkg_file"
+	done
+
+	# check if debug package needs a signature
+	if ! check_option "debug" "y" || ! check_option "strip" "y"; then
+		return
+	fi
+
+	pkgname=$pkgbase- at DEBUGSUFFIX@
+	pkgarch=$(get_pkg_arch)
+	pkg_file="$PKGDEST/${pkgname}-${fullver}-${pkgarch}${PKGEXT}"
+	create_signature "$pkg_file"
+
+	pkgname=("${pkgname_backup[@]}")
 }
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index be0ea72e..ca9b6685 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -769,8 +769,6 @@ create_package() {
 		error "$(gettext "Failed to create package file.")"
 		exit 1 # TODO: error code
 	fi
-
-	create_signature "$pkg_file"
 }
 
 create_debug_package() {
@@ -868,8 +866,6 @@ create_srcpackage() {
 		exit 1 # TODO: error code
 	fi
 
-	create_signature "$pkg_file"
-
 	cd_safe "${startdir}"
 	rm -rf "${srclinks}"
 }
@@ -1625,6 +1621,9 @@ if (( SOURCEONLY )); then
 
 	enter_fakeroot
 
+	msg "$(gettext "Signing package...")"
+	create_signature "$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}"
+
 	msg "$(gettext "Source package created: %s")" "$pkgbase ($(date))"
 	exit 0
 fi
@@ -1716,6 +1715,8 @@ else
 	fi
 
 	enter_fakeroot
+
+    create_package_signatures
 fi
 
 # if inhibiting archive creation, go no further
-- 
2.12.0

More information about the pacman-dev mailing list