[pacman-dev] [PATCH 1/2] makepkg: fix signing of source packages
Allan McRae
allan at archlinux.org
Wed Oct 21 01:18:13 UTC 2020
On 12/10/20 12:22 pm, Eli Schwartz wrote:
> In commit c6b04c04653ba9933fe978829148312e412a9ea7 the signing stage was
> moved out of fakeroot, and thus into the main control flow instead of
> create_{,src}package
>
> While the function for signing binary packages has logic to build
> and gpg-sign multiple filenames, the source package never got this
> special treatment. This would be fine, except it uses the standard
> variables to set define the filename... like ${fullver}, which is
> usually set beforehand, but in this case is not. We don't define fullver
> globally as it's an internal implementation detail, except by sheer
> coincidence if PKGVERFUNC is false due to improperly guarded code.
>
> Result: source packages didn't end up signed. Instead, we raised a logic
> error:
>
> ==> WARNING: Failed to sign package file somepackage-.src.tar.gz.
>
> ==> ERROR: An unknown error has occurred. Exiting...
>
> Instead, let's just build the version inline, since we only use it once.
>
> Reported-by: GaKu999 <g4ku999 at gmail.com>
> Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
> ---
> scripts/makepkg.sh.in | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index e1e95412..a9e7c691 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -1362,7 +1362,7 @@ if (( SOURCEONLY )); then
>
> if [[ $SIGNPKG = 'y' ]]; then
> msg "$(gettext "Signing package...")"
> - create_signature "$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}"
> + create_signature "$SRCPKGDEST/${pkgbase}-$(get_full_version)${SRCEXT}"
OK.
> fi
>
> msg "$(gettext "Source package created: %s")" "$pkgbase ($(date +%c))"
>
More information about the pacman-dev
mailing list