[pacman-dev] [PATCH 1/2] makepkg: fix signing of source packages

Eli Schwartz eschwartz at archlinux.org
Mon Oct 12 02:22:04 UTC 2020


In commit c6b04c04653ba9933fe978829148312e412a9ea7 the signing stage was
moved out of fakeroot, and thus into the main control flow instead of
create_{,src}package

While the function for signing binary packages has logic to build
and gpg-sign multiple filenames, the source package never got this
special treatment. This would be fine, except it uses the standard
variables to set define the filename... like ${fullver}, which is
usually set beforehand, but in this case is not. We don't define fullver
globally as it's an internal implementation detail, except by sheer
coincidence if PKGVERFUNC is false due to improperly guarded code.

Result: source packages didn't end up signed. Instead, we raised a logic
error:

==> WARNING: Failed to sign package file somepackage-.src.tar.gz.

==> ERROR: An unknown error has occurred. Exiting...

Instead, let's just build the version inline, since we only use it once.

Reported-by: GaKu999 <g4ku999 at gmail.com>
Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
---
 scripts/makepkg.sh.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index e1e95412..a9e7c691 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1362,7 +1362,7 @@ if (( SOURCEONLY )); then
 
 	if [[ $SIGNPKG = 'y' ]]; then
 		msg "$(gettext "Signing package...")"
-		create_signature "$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}"
+		create_signature "$SRCPKGDEST/${pkgbase}-$(get_full_version)${SRCEXT}"
 	fi
 
 	msg "$(gettext "Source package created: %s")" "$pkgbase ($(date +%c))"
-- 
2.28.0


More information about the pacman-dev mailing list