[pacman-dev] [GIT] The official pacman repository branch, master, updated. v5.1.1-214-g2a792ac7
Allan McRae
allan at archlinux.org
Mon Oct 7 03:34:45 UTC 2019
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The official pacman repository".
The branch, master has been updated
via 2a792ac7bb1ceda42767c696e2664819b47ffc3b (commit)
via f49233903521f19a1fcba6bf6c36abea71309a1e (commit)
via 45e01e55c96d9abf8c73f6ee3766b16e5fbefc4d (commit)
via 6d99a15f0bd9cba4500808114738065903312bf6 (commit)
via a6ae5f0a04cd3cac70525f073bdb11e4bb9266e5 (commit)
via b4e4b74acea3d652317b030e761300d5c7b437a2 (commit)
via bcacb00fc89c04ec0b5e7ebefe3b605b266cef57 (commit)
from 48752f1b4b16cd1dad56649cd36b253494aa9ff1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2a792ac7bb1ceda42767c696e2664819b47ffc3b
Author: Eli Schwartz <eschwartz at archlinux.org>
Date: Sun Oct 6 23:11:20 2019 -0400
pacman-key: clean keys on import to remove unknown signatures
There is no good reason to bloat the keyring by importing tons of
signatures we cannot use; drop any signatures that don't validate
against another available key (probably the master keys).
If any desired signatures get cleaned, the key can be refreshed after
importing the new signing public key.
Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
Signed-off-by: Allan McRae <allan at archlinux.org>
commit f49233903521f19a1fcba6bf6c36abea71309a1e
Author: Eli Schwartz <eschwartz at archlinux.org>
Date: Sun Oct 6 23:11:19 2019 -0400
pacman-key: make sure we actually use the Web of Trust, which GnuPG doesn't.
By default, the latest versions of GnuPG disable the Web of Trust and
refuse to import signatures from public keyservers. This is to prevent
denial of service attacks, because refusing to import signatures only if
the key size is too big, is apparently too silly to consider.
Either way, pacman needs the WoT. If pacman imports a key at all, it
means everything failed and we are in fallback mode, trying to overcome
a shortcoming in the availability of keys in the keyring package.
(This commonly means the user needs to acquire a new key during the same
transaction that updates archlinux-keyring.)
In order for that new key to be usable, it *must* also import signatures
from the Master Keys.
I don't give credence to this supposed DoS, since the worst case
scenario is nothing happening and needing to CTRL+C in order to exit the
program. In the case of pacman, this is better than being unable to
install anything at all (which is gnupg doing a much more harmful DoS to
pacman), and in the already unusual case where something like
--refresh-keys is being used directly instead of depending on the
keyring package itself, gnupg supports WKD out of the box and will
prefer that for people whose keys are marketed as being non-DOSable.
Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
Signed-off-by: Allan McRae <allan at archlinux.org>
commit 45e01e55c96d9abf8c73f6ee3766b16e5fbefc4d
Author: Eli Schwartz <eschwartz at archlinux.org>
Date: Mon Aug 5 12:53:09 2019 -0400
pacman-key: when refreshing gpg.conf, don't truncate option checking
If an option is a two-part option, we print both (separated by IFS=' '),
but when grepping to see if it already exists, we only checked the first
component. This means that something like keyserver-options could only
check if there were existing keyserver options of any sort, but not
which ones.
Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
Signed-off-by: Allan McRae <allan at archlinux.org>
commit 6d99a15f0bd9cba4500808114738065903312bf6
Author: Matthew Sexton <WSDMatty at gmail.com>
Date: Tue Sep 10 05:33:53 2019 -0400
pacman/pacman-conf, testpkg: Added translatable strings
Added gettext macro to warnings, helps, and errors for translation.
Signed-off-by: Matthew Sexton <wsdmatty at gmail.com>
Signed-off-by: Allan McRae <allan at archlinux.org>
commit a6ae5f0a04cd3cac70525f073bdb11e4bb9266e5
Author: Matthew Sexton <WSDMatty at gmail.com>
Date: Sun Sep 8 22:52:57 2019 -0400
pacman: pacman-conf: removed hputs macro for usage display
Using the macro got in the way of _() macro for translation
All the macro did was make it so the writer didn't have to type
\n", stream); at the end of every line.
Signed-off-by: Allan McRae <allan at archlinux.org>
commit b4e4b74acea3d652317b030e761300d5c7b437a2
Author: morganamilo <morganamilo at gmail.com>
Date: Sun Sep 8 22:45:27 2019 +0100
libalpm: resolvedep(): don't compare names twice
If we failed to get the pkg from pkgcache then we know no satisfying
package exists by name. So only compare provides.
Signed-off-by: Allan McRae <allan at archlinux.org>
commit bcacb00fc89c04ec0b5e7ebefe3b605b266cef57
Author: Eli Schwartz <eschwartz at archlinux.org>
Date: Sun Oct 6 21:33:41 2019 -0400
makepkg: add rust support for *FLAGS and debug-prefix-map
The rust language supports $RUSTFLAGS to be used automatically in all
rustc invocations. Allow setting this in makepkg.conf (e.g. for
optimization or debuginfo support), and teach debug+strip to pass the
rustc command line argument necessary to rewrite source file paths in
the debugging symbols.
Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
Signed-off-by: Allan McRae <allan at archlinux.org>
-----------------------------------------------------------------------
Summary of changes:
doc/makepkg.conf.5.asciidoc | 9 ++++++
etc/makepkg.conf.in | 2 ++
lib/libalpm/deps.c | 3 +-
scripts/libmakepkg/buildenv.sh.in | 2 +-
scripts/libmakepkg/buildenv/buildflags.sh.in | 2 +-
scripts/libmakepkg/buildenv/debugflags.sh.in | 2 ++
scripts/libmakepkg/lint_config/variable.sh.in | 8 ++---
scripts/pacman-key.sh.in | 8 ++++-
src/pacman/pacman-conf.c | 46 +++++++++++++++------------
src/util/testpkg.c | 29 ++++++++++-------
10 files changed, 70 insertions(+), 41 deletions(-)
hooks/post-receive
--
The official pacman repository
More information about the pacman-dev
mailing list