upg pacman
This commit is contained in:
parent
f32fe7d045
commit
f50626583c
17 changed files with 703 additions and 50 deletions
|
@ -7,12 +7,12 @@
|
|||
|
||||
pkgname=pacman
|
||||
pkgver=6.0.2
|
||||
pkgrel=015
|
||||
pkgrel=016
|
||||
pkgdesc="A library-based package manager with dependency support modified for joborun from arch"
|
||||
url="https://www.archlinux.org/pacman/"
|
||||
groups=(base jobbot)
|
||||
depends=('bash' 'glibc' 'libarchive' 'curl' 'gpgme' 'pacman-mirrorlist' 'jobo-mirror'
|
||||
'gawk' 'coreutils' 'gnupg' 'grep' 'archlinux-keyring'
|
||||
depends=('bash' 'glibc' 'libarchive' 'curl' 'gpgme' 'pacman-mirrorlist'
|
||||
'jobo-mirror' 'gawk' 'coreutils' 'gnupg' 'grep' 'archlinux-keyring'
|
||||
'obarun-keyring' 'joborun-keyring' 'lzip')
|
||||
|
||||
# NOTE: Joborun linux is switching default pkg compression to lzip at level -5
|
||||
|
@ -35,6 +35,14 @@ source=(https://sources.archlinux.org/other/pacman/$pkgname-$pkgver.tar.xz{,.sig
|
|||
pacman-strip-include-o-files-similar-to-kernel-modules.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/de11824527ec4e2561e161ac40a5714ec943543c.patch
|
||||
pacman-fix-compatibility-with-bash-5.2-patsub_replacement.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/0e938f188692c710be36f9dd9ea7b94381aed1b4.patch
|
||||
pacman-fix-order-of-fakechroot-fakeroot-nesting.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/05f283b5ad8f5b8f995076e93a27c8772076f872.patch
|
||||
pacman-change-default-checksum-from-md5-to-sha256.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/aa3a1bc3b50d797fb75278f79a83cd7dde50c66e.patch
|
||||
pacman-sort-debuginfod-repro.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/843bf21e794c79c5b3bcf8a57e45ef9c62312fee.patch
|
||||
pacman-split-off-strip-debug.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/7a4fff3310ba2eadd3d5428cbb92e58eb2ee853b.patch
|
||||
pacman-ignore-a-files.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/00d2b1f90261bf77eaaf262d2504af016562f2ac.patch
|
||||
pacman-early-err-git.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/3aa096a74f717d31650e0eb3cf34e9a5ebadc313.patch
|
||||
pacman-fix-gnupg-binary-data.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/86ec26b2d33372a4b3bda48f22c4a9f226c3ccce.patch
|
||||
pacman-fix-gnupg-newsig-check.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/16a064701a30d7e1175e1185cc6da44238302fab.patch
|
||||
pacman-check-pipes-gnupg.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/f8c2e59ec57c86827b1f1b1c2f6760dc3e59fe40.patch
|
||||
pacman.conf
|
||||
makepkg.conf)
|
||||
|
||||
|
@ -82,13 +90,23 @@ package() {
|
|||
install -m644 "$srcdir/pacman.conf" "$pkgdir/etc"
|
||||
install -m644 "$srcdir/makepkg.conf" "$pkgdir/etc"
|
||||
# rm -rf $pkgdir/usr/share/libalpm/hooks
|
||||
|
||||
#
|
||||
# local wantsdir="$pkgdir/usr/lib/systemd/system/sockets.target.wants"
|
||||
# install -dm755 "$wantsdir"
|
||||
#
|
||||
# local unit
|
||||
# for unit in dirmngr gpg-agent gpg-agent-{browser,extra,ssh} keyboxd; do
|
||||
# ln -s "../${unit}@.socket" "$wantsdir/${unit}@etc-pacman.d-gnupg.socket"
|
||||
# done
|
||||
|
||||
}
|
||||
|
||||
#---- arch license gpg-key & sha256sums ----
|
||||
|
||||
arch=(x86_64)
|
||||
|
||||
license=('GPL')
|
||||
license=('GPL-2.0-or-later')
|
||||
|
||||
validpgpkeys=('6645B0A8C7005E78DB1D7864F99FFE0FEAE999BD' # Allan McRae <allan@archlinux.org>
|
||||
'B8151B117037781095514CA7BBDFFC92306B1121') # Andrew Gregory (pacman) <andrew@archlinux.org>
|
||||
|
@ -101,8 +119,14 @@ sha256sums=(7d8e3e8c5121aec0965df71f59bedf46052c6cf14f96365c4411ec3de0a4c1a5 #
|
|||
d87d0c9957c613fda272553bee58140349d151ae399f346ddaf6d75ee5916312 # pacman-strip-include-o-files-similar-to-kernel-modules.patch
|
||||
8641d514ef4cae9e4d1867aadf4b9c850a9e8dc9792c6c559f9d2a0e1713a5a1 # pacman-fix-compatibility-with-bash-5.2-patsub_replacement.patch
|
||||
b11f62d4bd9557e9d3e7456bc95f63e9eabab5ecee1368f4a14a84bc94b1c8d1 # pacman-fix-order-of-fakechroot-fakeroot-nesting.patch
|
||||
6436e418557989586221d4d5c527666f18d98c6332126dbb6276581b9dce4f6d # pacman.conf
|
||||
b7b3302848e12438b4767eafcc76e121b0f24717c37572e252ffcf4f36a5c4d9) # makepkg.conf
|
||||
|
||||
## 3e50b6c757dae445d65793aa2fb47f34102737613d5e67a7e12ba90f6e903b1f pacman-6.0.2-015-x86_64.pkg.tar.lz
|
||||
cf749ad981e8f3dedd89c05a5e69a9c91d1e58ef9407e8f8e04ba9c183939623 # pacman-change-default-checksum-from-md5-to-sha256.patch
|
||||
17e7af22533984924aaf1cf36c74aa26b46b04ad140cd76b65521be906bd3ff7 # pacman-sort-debuginfod-repro.patch
|
||||
94d1f3575d0c3faf8bf11fee8e5ef36c8b339ebfd24868931903ba179ffecf4e # pacman-split-off-strip-debug.patch
|
||||
468837eed9a4ffd3778f159a7e62f89a38a4244f822a3a5b014daa69e3c65d28 # pacman-ignore-a-files.patch
|
||||
0ac6a34e6fc126a243a642e509f459f6cde20af213ab949791a5cc325cf031f9 # pacman-early-err-git.patch
|
||||
d08d4a56dc3a977fdfd4591c30733fa28976710ffba53786541d98717892dc24 # pacman-fix-gnupg-binary-data.patch
|
||||
4a3cdfba490121a20f3648791cd47ba323f3d3d56bf7ced21b9badb1f22d6abc # pacman-fix-gnupg-newsig-check.patch
|
||||
94c273f07e4e28125b6002567c62e1f6c65f543597de6a8bd79e8c5bf6e4a125 # pacman-check-pipes-gnupg.patch
|
||||
488ae68d6c75c81a829dbb1e75ba7349cf341bea5da07c2896e529cdb09f612e # pacman.conf
|
||||
e3eca3bbddf18a3d3278b876a40bc37b58175fd410cfa7fd328d48e8fdb1e17f) # makepkg.conf
|
||||
|
||||
|
|
|
@ -3,11 +3,11 @@
|
|||
|
||||
pkgname=pacman
|
||||
pkgver=6.0.2
|
||||
pkgrel=8
|
||||
pkgrel=9
|
||||
pkgdesc="A library-based package manager with dependency support"
|
||||
arch=('x86_64')
|
||||
url="https://www.archlinux.org/pacman/"
|
||||
license=('GPL')
|
||||
license=('GPL-2.0-or-later')
|
||||
depends=('bash' 'glibc' 'libarchive' 'curl' 'gpgme' 'pacman-mirrorlist'
|
||||
'gettext' 'gawk' 'coreutils' 'gnupg' 'grep')
|
||||
makedepends=('meson' 'asciidoc' 'doxygen')
|
||||
|
@ -26,6 +26,14 @@ source=(https://sources.archlinux.org/other/pacman/$pkgname-$pkgver.tar.xz{,.sig
|
|||
pacman-strip-include-o-files-similar-to-kernel-modules.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/de11824527ec4e2561e161ac40a5714ec943543c.patch
|
||||
pacman-fix-compatibility-with-bash-5.2-patsub_replacement.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/0e938f188692c710be36f9dd9ea7b94381aed1b4.patch
|
||||
pacman-fix-order-of-fakechroot-fakeroot-nesting.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/05f283b5ad8f5b8f995076e93a27c8772076f872.patch
|
||||
pacman-change-default-checksum-from-md5-to-sha256.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/aa3a1bc3b50d797fb75278f79a83cd7dde50c66e.patch
|
||||
pacman-sort-debuginfod-repro.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/843bf21e794c79c5b3bcf8a57e45ef9c62312fee.patch
|
||||
pacman-split-off-strip-debug.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/7a4fff3310ba2eadd3d5428cbb92e58eb2ee853b.patch
|
||||
pacman-ignore-a-files.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/00d2b1f90261bf77eaaf262d2504af016562f2ac.patch
|
||||
pacman-early-err-git.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/3aa096a74f717d31650e0eb3cf34e9a5ebadc313.patch
|
||||
pacman-fix-gnupg-binary-data.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/86ec26b2d33372a4b3bda48f22c4a9f226c3ccce.patch
|
||||
pacman-fix-gnupg-newsig-check.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/16a064701a30d7e1175e1185cc6da44238302fab.patch
|
||||
pacman-check-pipes-gnupg.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/f8c2e59ec57c86827b1f1b1c2f6760dc3e59fe40.patch
|
||||
pacman.conf
|
||||
makepkg.conf)
|
||||
sha256sums=('7d8e3e8c5121aec0965df71f59bedf46052c6cf14f96365c4411ec3de0a4c1a5'
|
||||
|
@ -36,8 +44,16 @@ sha256sums=('7d8e3e8c5121aec0965df71f59bedf46052c6cf14f96365c4411ec3de0a4c1a5'
|
|||
'd87d0c9957c613fda272553bee58140349d151ae399f346ddaf6d75ee5916312'
|
||||
'8641d514ef4cae9e4d1867aadf4b9c850a9e8dc9792c6c559f9d2a0e1713a5a1'
|
||||
'b11f62d4bd9557e9d3e7456bc95f63e9eabab5ecee1368f4a14a84bc94b1c8d1'
|
||||
'cf749ad981e8f3dedd89c05a5e69a9c91d1e58ef9407e8f8e04ba9c183939623'
|
||||
'17e7af22533984924aaf1cf36c74aa26b46b04ad140cd76b65521be906bd3ff7'
|
||||
'94d1f3575d0c3faf8bf11fee8e5ef36c8b339ebfd24868931903ba179ffecf4e'
|
||||
'96efb79a96abf8cdcecb9f8dc461552549cf46159f44bb4160eb073e1ea5000a'
|
||||
'0ac6a34e6fc126a243a642e509f459f6cde20af213ab949791a5cc325cf031f9'
|
||||
'6e81b34e6a5f312d48ce3aaca0f02ddd10b7a43325cb32acf7666b6b7ac41552'
|
||||
'250598a27a3077ec1dfe97a30af8bb0daf449d3ab456ed6a0c7a5bea0eb58f51'
|
||||
'94c273f07e4e28125b6002567c62e1f6c65f543597de6a8bd79e8c5bf6e4a125'
|
||||
'656c4d4cb8cb12adbf178fc8cb2fd25f8c285d6572bbdbb24d865d00e0d5a85a'
|
||||
'b46bca4d3f8b41138923b7a1d7ada272b56ad8b89d0d6ce09145638bdf15185d')
|
||||
'f2791b51588104ec6dbaafa389451056f3c61fa6c19510dcce3a9a6cc19cba29')
|
||||
|
||||
prepare() {
|
||||
cd "${pkgname}-${pkgver}"
|
||||
|
@ -82,6 +98,14 @@ package() {
|
|||
install -dm755 "$pkgdir/etc"
|
||||
install -m644 "$srcdir/pacman.conf" "$pkgdir/etc"
|
||||
install -m644 "$srcdir/makepkg.conf" "$pkgdir/etc"
|
||||
|
||||
local wantsdir="$pkgdir/usr/lib/systemd/system/sockets.target.wants"
|
||||
install -dm755 "$wantsdir"
|
||||
|
||||
local unit
|
||||
for unit in dirmngr gpg-agent gpg-agent-{browser,extra,ssh} keyboxd; do
|
||||
ln -s "../${unit}@.socket" "$wantsdir/${unit}@etc-pacman.d-gnupg.socket"
|
||||
done
|
||||
}
|
||||
|
||||
# vim: set ts=2 sw=2 et:
|
||||
|
|
|
@ -5,5 +5,6 @@ python
|
|||
fakechroot
|
||||
cmake
|
||||
bash-completion
|
||||
gettext
|
||||
|
||||
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
#!/hint/bash
|
||||
# shellcheck disable=2034
|
||||
|
||||
#
|
||||
# /etc/makepkg.conf
|
||||
#
|
||||
|
@ -39,18 +41,20 @@ CHOST="x86_64-pc-linux-gnu"
|
|||
#-- Compiler and Linker Flags
|
||||
#CPPFLAGS=""
|
||||
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
|
||||
-Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
|
||||
-fstack-clash-protection -fcf-protection"
|
||||
-Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security \
|
||||
-fstack-clash-protection -fcf-protection \
|
||||
-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
|
||||
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
|
||||
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
|
||||
LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now \
|
||||
-Wl,-z,pack-relative-relocs"
|
||||
LTOFLAGS="-flto=auto"
|
||||
#RUSTFLAGS="-C opt-level=2"
|
||||
RUSTFLAGS="-Cforce-frame-pointers=yes"
|
||||
#-- Make Flags: change this for DistCC/SMP systems
|
||||
#MAKEFLAGS="-j2"
|
||||
#-- Debugging flags
|
||||
DEBUG_CFLAGS="-g"
|
||||
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
|
||||
#DEBUG_RUSTFLAGS="-C debuginfo=2"
|
||||
DEBUG_RUSTFLAGS="-C debuginfo=2"
|
||||
|
||||
#########################################################################
|
||||
# BUILD ENVIRONMENT
|
||||
|
@ -92,7 +96,7 @@ BUILDENV=(!distcc color !ccache check !sign)
|
|||
#-- debug: Add debugging flags as specified in DEBUG_* variables
|
||||
#-- lto: Add compile flags for building with link time optimization
|
||||
#
|
||||
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
|
||||
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug lto)
|
||||
|
||||
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
|
||||
INTEGRITY_CHECK=(sha256)
|
||||
|
@ -109,7 +113,7 @@ DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
|
|||
#-- Files to be removed from all packages (if purge is specified)
|
||||
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
|
||||
#-- Directory to store source code in for debug packages
|
||||
DBGSRCDIR="/usr/src/debug"
|
||||
#DBGSRCDIR="/usr/src/debug"
|
||||
|
||||
#########################################################################
|
||||
# PACKAGE OUTPUT
|
||||
|
@ -122,7 +126,7 @@ DBGSRCDIR="/usr/src/debug"
|
|||
#-- Source cache: specify a fixed directory where source files will be cached
|
||||
#SRCDEST=/home/sources
|
||||
#-- Source packages: specify a fixed directory where all src packages will be placed
|
||||
SRCPKGDEST=/src/pkg/
|
||||
#SRCPKGDEST=/src/pkg/
|
||||
#-- Log files: specify a fixed directory where all log files will be placed
|
||||
#LOGDEST=/home/makepkglogs
|
||||
#-- Packager: name/email of the person or organization building packages
|
||||
|
@ -145,7 +149,7 @@ COMPRESSLRZ=(lrzip -q)
|
|||
COMPRESSLZO=(lzop -q)
|
||||
COMPRESSZ=(compress -c -f)
|
||||
COMPRESSLZ4=(lz4 -q)
|
||||
COMPRESSLZ=(lzip -6 -c -f)
|
||||
COMPRESSLZ=(lzip -6 -c -f -vv)
|
||||
|
||||
#########################################################################
|
||||
# EXTENSION DEFAULTS
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
#!/hint/bash
|
||||
# shellcheck disable=2034
|
||||
|
||||
#
|
||||
# /etc/makepkg.conf
|
||||
#
|
||||
|
@ -39,18 +41,20 @@ CHOST="x86_64-pc-linux-gnu"
|
|||
#-- Compiler and Linker Flags
|
||||
#CPPFLAGS=""
|
||||
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
|
||||
-Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
|
||||
-fstack-clash-protection -fcf-protection"
|
||||
-Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security \
|
||||
-fstack-clash-protection -fcf-protection \
|
||||
-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
|
||||
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
|
||||
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
|
||||
LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now \
|
||||
-Wl,-z,pack-relative-relocs"
|
||||
LTOFLAGS="-flto=auto"
|
||||
#RUSTFLAGS="-C opt-level=2"
|
||||
RUSTFLAGS="-Cforce-frame-pointers=yes"
|
||||
#-- Make Flags: change this for DistCC/SMP systems
|
||||
#MAKEFLAGS="-j2"
|
||||
#-- Debugging flags
|
||||
DEBUG_CFLAGS="-g"
|
||||
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
|
||||
#DEBUG_RUSTFLAGS="-C debuginfo=2"
|
||||
DEBUG_RUSTFLAGS="-C debuginfo=2"
|
||||
|
||||
#########################################################################
|
||||
# BUILD ENVIRONMENT
|
||||
|
@ -92,7 +96,7 @@ BUILDENV=(!distcc color !ccache check !sign)
|
|||
#-- debug: Add debugging flags as specified in DEBUG_* variables
|
||||
#-- lto: Add compile flags for building with link time optimization
|
||||
#
|
||||
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
|
||||
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge debug lto)
|
||||
|
||||
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
|
||||
INTEGRITY_CHECK=(sha256)
|
||||
|
@ -137,7 +141,7 @@ DBGSRCDIR="/usr/src/debug"
|
|||
COMPRESSGZ=(gzip -c -f -n)
|
||||
COMPRESSBZ2=(bzip2 -c -f)
|
||||
COMPRESSXZ=(xz -c -z -)
|
||||
COMPRESSZST=(zstd -c -z -q -)
|
||||
COMPRESSZST=(zstd -c -T0 --ultra -20 -)
|
||||
COMPRESSLRZ=(lrzip -q)
|
||||
COMPRESSLZO=(lzop -q)
|
||||
COMPRESSZ=(compress -c -f)
|
||||
|
@ -157,3 +161,4 @@ SRCEXT='.src.tar.gz'
|
|||
#
|
||||
#-- Command used to run pacman as root, instead of trying sudo and su
|
||||
#PACMAN_AUTH=()
|
||||
# vim: set ft=sh ts=2 sw=2 et:
|
||||
|
|
159
pacman/makepkg.conf-arch-old
Normal file
159
pacman/makepkg.conf-arch-old
Normal file
|
@ -0,0 +1,159 @@
|
|||
#!/hint/bash
|
||||
#
|
||||
# /etc/makepkg.conf
|
||||
#
|
||||
|
||||
#########################################################################
|
||||
# SOURCE ACQUISITION
|
||||
#########################################################################
|
||||
#
|
||||
#-- The download utilities that makepkg should use to acquire sources
|
||||
# Format: 'protocol::agent'
|
||||
DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
|
||||
'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
|
||||
'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
|
||||
'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
|
||||
'rsync::/usr/bin/rsync --no-motd -z %u %o'
|
||||
'scp::/usr/bin/scp -C %u %o')
|
||||
|
||||
# Other common tools:
|
||||
# /usr/bin/snarf
|
||||
# /usr/bin/lftpget -c
|
||||
# /usr/bin/wget
|
||||
|
||||
#-- The package required by makepkg to download VCS sources
|
||||
# Format: 'protocol::package'
|
||||
VCSCLIENTS=('bzr::breezy'
|
||||
'fossil::fossil'
|
||||
'git::git'
|
||||
'hg::mercurial'
|
||||
'svn::subversion')
|
||||
|
||||
#########################################################################
|
||||
# ARCHITECTURE, COMPILE FLAGS
|
||||
#########################################################################
|
||||
#
|
||||
CARCH="x86_64"
|
||||
CHOST="x86_64-pc-linux-gnu"
|
||||
|
||||
#-- Compiler and Linker Flags
|
||||
#CPPFLAGS=""
|
||||
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
|
||||
-Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
|
||||
-fstack-clash-protection -fcf-protection"
|
||||
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
|
||||
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
|
||||
LTOFLAGS="-flto=auto"
|
||||
#RUSTFLAGS="-C opt-level=2"
|
||||
#-- Make Flags: change this for DistCC/SMP systems
|
||||
#MAKEFLAGS="-j2"
|
||||
#-- Debugging flags
|
||||
DEBUG_CFLAGS="-g"
|
||||
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
|
||||
#DEBUG_RUSTFLAGS="-C debuginfo=2"
|
||||
|
||||
#########################################################################
|
||||
# BUILD ENVIRONMENT
|
||||
#########################################################################
|
||||
#
|
||||
# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
|
||||
# A negated environment option will do the opposite of the comments below.
|
||||
#
|
||||
#-- distcc: Use the Distributed C/C++/ObjC compiler
|
||||
#-- color: Colorize output messages
|
||||
#-- ccache: Use ccache to cache compilation
|
||||
#-- check: Run the check() function if present in the PKGBUILD
|
||||
#-- sign: Generate PGP signature file
|
||||
#
|
||||
BUILDENV=(!distcc color !ccache check !sign)
|
||||
#
|
||||
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
|
||||
#-- specify a space-delimited list of hosts running in the DistCC cluster.
|
||||
#DISTCC_HOSTS=""
|
||||
#
|
||||
#-- Specify a directory for package building.
|
||||
#BUILDDIR=/tmp/makepkg
|
||||
|
||||
#########################################################################
|
||||
# GLOBAL PACKAGE OPTIONS
|
||||
# These are default values for the options=() settings
|
||||
#########################################################################
|
||||
#
|
||||
# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto)
|
||||
# A negated option will do the opposite of the comments below.
|
||||
#
|
||||
#-- strip: Strip symbols from binaries/libraries
|
||||
#-- docs: Save doc directories specified by DOC_DIRS
|
||||
#-- libtool: Leave libtool (.la) files in packages
|
||||
#-- staticlibs: Leave static library (.a) files in packages
|
||||
#-- emptydirs: Leave empty directories in packages
|
||||
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
|
||||
#-- purge: Remove files specified by PURGE_TARGETS
|
||||
#-- debug: Add debugging flags as specified in DEBUG_* variables
|
||||
#-- lto: Add compile flags for building with link time optimization
|
||||
#
|
||||
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
|
||||
|
||||
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
|
||||
INTEGRITY_CHECK=(sha256)
|
||||
#-- Options to be used when stripping binaries. See `man strip' for details.
|
||||
STRIP_BINARIES="--strip-all"
|
||||
#-- Options to be used when stripping shared libraries. See `man strip' for details.
|
||||
STRIP_SHARED="--strip-unneeded"
|
||||
#-- Options to be used when stripping static libraries. See `man strip' for details.
|
||||
STRIP_STATIC="--strip-debug"
|
||||
#-- Manual (man and info) directories to compress (if zipman is specified)
|
||||
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
|
||||
#-- Doc directories to remove (if !docs is specified)
|
||||
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
|
||||
#-- Files to be removed from all packages (if purge is specified)
|
||||
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
|
||||
#-- Directory to store source code in for debug packages
|
||||
DBGSRCDIR="/usr/src/debug"
|
||||
|
||||
#########################################################################
|
||||
# PACKAGE OUTPUT
|
||||
#########################################################################
|
||||
#
|
||||
# Default: put built package and cached source in build directory
|
||||
#
|
||||
#-- Destination: specify a fixed directory where all packages will be placed
|
||||
#PKGDEST=/home/packages
|
||||
#-- Source cache: specify a fixed directory where source files will be cached
|
||||
#SRCDEST=/home/sources
|
||||
#-- Source packages: specify a fixed directory where all src packages will be placed
|
||||
#SRCPKGDEST=/home/srcpackages
|
||||
#-- Log files: specify a fixed directory where all log files will be placed
|
||||
#LOGDEST=/home/makepkglogs
|
||||
#-- Packager: name/email of the person or organization building packages
|
||||
#PACKAGER="John Doe <john@doe.com>"
|
||||
#-- Specify a key to use for package signing
|
||||
#GPGKEY=""
|
||||
|
||||
#########################################################################
|
||||
# COMPRESSION DEFAULTS
|
||||
#########################################################################
|
||||
#
|
||||
COMPRESSGZ=(gzip -c -f -n)
|
||||
COMPRESSBZ2=(bzip2 -c -f)
|
||||
COMPRESSXZ=(xz -c -z -)
|
||||
COMPRESSZST=(zstd -c -z -q -)
|
||||
COMPRESSLRZ=(lrzip -q)
|
||||
COMPRESSLZO=(lzop -q)
|
||||
COMPRESSZ=(compress -c -f)
|
||||
COMPRESSLZ4=(lz4 -q)
|
||||
COMPRESSLZ=(lzip -c -f)
|
||||
|
||||
#########################################################################
|
||||
# EXTENSION DEFAULTS
|
||||
#########################################################################
|
||||
#
|
||||
PKGEXT='.pkg.tar.zst'
|
||||
SRCEXT='.src.tar.gz'
|
||||
|
||||
#########################################################################
|
||||
# OTHER
|
||||
#########################################################################
|
||||
#
|
||||
#-- Command used to run pacman as root, instead of trying sudo and su
|
||||
#PACMAN_AUTH=()
|
|
@ -3,3 +3,4 @@ absolutely necessary.
|
|||
|
||||
July 21st 2022 Arch decides to rebuild adding gettext and other build utilities to pacman, unnecesseraly for those who don't build from source within their main installation
|
||||
The contradiction here is that Arch always advises to build pkgs from source in a separate clean minimal chroot or container or docker, meanwhile they keep adding building tools to pacman because of the makepkg inclusion. I believe a split of makepkg as a separate pkg is best, within the pacman pkgbase
|
||||
edition 6.0.2-016/arch-rel-9 fails 2 python checks so we run with --nochceck over the build to finish it, possibly with all the new systemd functionality tests fail
|
||||
|
|
|
@ -0,0 +1,59 @@
|
|||
From aa3a1bc3b50d797fb75278f79a83cd7dde50c66e Mon Sep 17 00:00:00 2001
|
||||
From: Ben Westover <kwestover.kw@gmail.com>
|
||||
Date: Fri, 29 Jul 2022 17:04:06 -0400
|
||||
Subject: [PATCH] proto: Change the default checksum from md5 to sha256
|
||||
|
||||
MD5 isn't a very good checksum, and the PKGBUILD page on the Arch Wiki
|
||||
states that it should not be used, instead recommending sha256 or b2.
|
||||
This patch changes the default from md5 to sha256 because that seems to
|
||||
be the most commonly used checksum today.
|
||||
|
||||
Signed-off-by: Ben Westover <kwestover.kw@gmail.com>
|
||||
---
|
||||
proto/PKGBUILD-split.proto | 2 +-
|
||||
proto/PKGBUILD-vcs.proto | 2 +-
|
||||
proto/PKGBUILD.proto | 2 +-
|
||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/proto/PKGBUILD-split.proto b/proto/PKGBUILD-split.proto
|
||||
index 9898ef81d..eea97e56a 100644
|
||||
--- a/proto/PKGBUILD-split.proto
|
||||
+++ b/proto/PKGBUILD-split.proto
|
||||
@@ -28,7 +28,7 @@ changelog=
|
||||
source=("$pkgbase-$pkgver.tar.gz"
|
||||
"$pkgname-$pkgver.patch")
|
||||
noextract=()
|
||||
-md5sums=()
|
||||
+sha256sums=()
|
||||
validpgpkeys=()
|
||||
|
||||
prepare() {
|
||||
diff --git a/proto/PKGBUILD-vcs.proto b/proto/PKGBUILD-vcs.proto
|
||||
index ae9956a9c..49c6759f4 100644
|
||||
--- a/proto/PKGBUILD-vcs.proto
|
||||
+++ b/proto/PKGBUILD-vcs.proto
|
||||
@@ -25,7 +25,7 @@ options=()
|
||||
install=
|
||||
source=('FOLDER::VCS+URL#FRAGMENT')
|
||||
noextract=()
|
||||
-md5sums=('SKIP')
|
||||
+sha256sums=('SKIP')
|
||||
|
||||
# Please refer to the 'USING VCS SOURCES' section of the PKGBUILD man page for
|
||||
# a description of each element in the source array.
|
||||
diff --git a/proto/PKGBUILD.proto b/proto/PKGBUILD.proto
|
||||
index a2c600d5a..9aff797c8 100644
|
||||
--- a/proto/PKGBUILD.proto
|
||||
+++ b/proto/PKGBUILD.proto
|
||||
@@ -27,7 +27,7 @@ changelog=
|
||||
source=("$pkgname-$pkgver.tar.gz"
|
||||
"$pkgname-$pkgver.patch")
|
||||
noextract=()
|
||||
-md5sums=()
|
||||
+sha256sums=()
|
||||
validpgpkeys=()
|
||||
|
||||
prepare() {
|
||||
--
|
||||
GitLab
|
||||
|
50
pacman/pacman-check-pipes-gnupg.patch
Normal file
50
pacman/pacman-check-pipes-gnupg.patch
Normal file
|
@ -0,0 +1,50 @@
|
|||
From f8c2e59ec57c86827b1f1b1c2f6760dc3e59fe40 Mon Sep 17 00:00:00 2001
|
||||
From: David Runge <dvzrv@archlinux.org>
|
||||
Date: Mon, 22 Jan 2024 14:35:28 +0100
|
||||
Subject: [PATCH] pacman-key: Make signature verification more robust by
|
||||
checking pipes
|
||||
|
||||
To ensure we are not dropping the return code of the `gpg` call due to
|
||||
piping into `grep`, we make use of `PIPESTATUS` to check the return code
|
||||
of each command separately.
|
||||
|
||||
Additionally, we can now distinguish between two states: The signature
|
||||
does not verify (e.g. due to technical reasons) and the signature is
|
||||
not trusted.
|
||||
|
||||
Signed-off-by: David Runge <dvzrv@archlinux.org>
|
||||
---
|
||||
scripts/pacman-key.sh.in | 15 +++++++++++++--
|
||||
1 file changed, 13 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
|
||||
index 8abd824ec..1c9e06478 100644
|
||||
--- a/scripts/pacman-key.sh.in
|
||||
+++ b/scripts/pacman-key.sh.in
|
||||
@@ -591,10 +591,21 @@ verify_sig() {
|
||||
error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
|
||||
exit 1
|
||||
fi
|
||||
- if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
|
||||
- error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
|
||||
+
|
||||
+ "${GPG_PACMAN[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'
|
||||
+
|
||||
+ # return error if GnuPG fails to verify the signature
|
||||
+ if [[ "${PIPESTATUS[0]}" -ne 0 ]]; then
|
||||
+ error "$(gettext "The signature verification for %s failed.")" "$sig"
|
||||
+ ret=1
|
||||
+ fi
|
||||
+
|
||||
+ # return error if the signature is not trusted fully or ultimately
|
||||
+ if [[ "${PIPESTATUS[1]}" -ne 0 ]]; then
|
||||
+ error "$(gettext "The signature %s is not trusted.")" "$sig"
|
||||
ret=1
|
||||
fi
|
||||
+
|
||||
exit $ret
|
||||
}
|
||||
|
||||
--
|
||||
GitLab
|
||||
|
54
pacman/pacman-early-err-git.patch
Normal file
54
pacman/pacman-early-err-git.patch
Normal file
|
@ -0,0 +1,54 @@
|
|||
From 3aa096a74f717d31650e0eb3cf34e9a5ebadc313 Mon Sep 17 00:00:00 2001
|
||||
From: David Runge <dvzrv@archlinux.org>
|
||||
Date: Mon, 22 Jan 2024 13:48:15 +0100
|
||||
Subject: [PATCH] makepkg: Emit early error if signature verification fails
|
||||
|
||||
Emit an early error message if tag or commit verification with git or
|
||||
detached signature verification with gpg fails.
|
||||
Make `verify_file_signature()` and `verify_git_signature()` return
|
||||
non-zero in this case and set errors to `1`, so that later checks
|
||||
in `check_pgpsigs()`, although still run, can not lead to a positive
|
||||
result.
|
||||
|
||||
Signed-off-by: David Runge <dvzrv@archlinux.org>
|
||||
---
|
||||
.../libmakepkg/integrity/verify_signature.sh.in | 16 ++++++++++++++--
|
||||
1 file changed, 14 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
|
||||
index 0c1547ee3..ca1d5a868 100644
|
||||
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
|
||||
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
|
||||
@@ -157,7 +157,13 @@ verify_file_signature() {
|
||||
"") decompress="cat" ;;
|
||||
esac
|
||||
|
||||
- $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null
|
||||
+ # verify the signature and write metadata to a status file
|
||||
+ if ! $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null; then
|
||||
+ printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "gpg" >&2
|
||||
+ errors=1
|
||||
+ return 1
|
||||
+ fi
|
||||
+
|
||||
return 0
|
||||
}
|
||||
|
||||
@@ -189,7 +195,13 @@ verify_git_signature() {
|
||||
|
||||
printf " %s git repo ... " "${dir##*/}" >&2
|
||||
|
||||
- git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile" 2>&1
|
||||
+ # verify the signature and write metadata to a status file
|
||||
+ if ! git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile" 2>&1; then
|
||||
+ printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "git" >&2
|
||||
+ errors=1
|
||||
+ return 1
|
||||
+ fi
|
||||
+
|
||||
if ! grep -qs NEWSIG "$statusfile"; then
|
||||
printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
|
||||
errors=1
|
||||
--
|
||||
GitLab
|
||||
|
106
pacman/pacman-fix-gnupg-binary-data.patch
Normal file
106
pacman/pacman-fix-gnupg-binary-data.patch
Normal file
|
@ -0,0 +1,106 @@
|
|||
From 86ec26b2d33372a4b3bda48f22c4a9f226c3ccce Mon Sep 17 00:00:00 2001
|
||||
From: David Runge <dvzrv@archlinux.org>
|
||||
Date: Sun, 21 Jan 2024 12:33:04 +0100
|
||||
Subject: [PATCH] makepkg: Improve robustness of signature verification by
|
||||
limiting terms
|
||||
|
||||
The output of
|
||||
`gpg --quiet --batch --status-fd /dev/stdout --verify <signature_file> <file> 2> /dev/null`
|
||||
or
|
||||
`git verify-commit --raw <commit> 2>&1`
|
||||
may contain binary data, if the signature has been created with an
|
||||
OpenPGP implementation, that e.g. makes use of notations.
|
||||
If the notation string (see `NOTATION_DATA` in /usr/share/doc/gnupg/
|
||||
DETAILS) contains a trailing binary char, this will break signature
|
||||
verification, as any following entry (e.g. `VALIDSIG`) will be offset.
|
||||
|
||||
As we are only making use of a narrow set of terms from the statusfile
|
||||
(namely `NEWSIG`, `GOODSIG`, `EXPSIG`, `EXPKEYSIG`, `REVKEYSIG`,
|
||||
`BADSIG`, `ERRSIG`, `VALIDSIG`, `TRUST_UNDEFINED`, `TRUST_NEVER`,
|
||||
`TRUST_MARGINAL`, `TRUST_FULLY`, `TRUST_ULTIMATE`), we are applying a
|
||||
filter, so that only understood terms are written to the file.
|
||||
|
||||
Signed-off-by: David Runge <dvzrv@archlinux.org>
|
||||
---
|
||||
.../integrity/verify_signature.sh.in | 27 ++++++++++++++++---
|
||||
1 file changed, 24 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
|
||||
index ca1d5a868..d786a2c39 100644
|
||||
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
|
||||
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
|
||||
@@ -26,6 +26,12 @@ MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
|
||||
source "$MAKEPKG_LIBRARY/util/message.sh"
|
||||
source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
|
||||
|
||||
+# Filter the contents of a GnuPG statusfile to only contain understood terms to narrow the file's scope and circumvent
|
||||
+# the use of terms (e.g. NOTATION_DATA) that may contain unescaped binary data
|
||||
+filter_gnupg_statusfile() {
|
||||
+ grep -E "(.*SIG| TRUST_.*)"
|
||||
+}
|
||||
+
|
||||
check_pgpsigs() {
|
||||
(( SKIPPGPCHECK )) && return 0
|
||||
! source_has_signatures && return 0
|
||||
@@ -35,6 +41,7 @@ check_pgpsigs() {
|
||||
local netfile proto pubkey success status fingerprint trusted
|
||||
local warnings=0
|
||||
local errors=0
|
||||
+ local statusfile_raw="$(mktemp)"
|
||||
local statusfile=$(mktemp)
|
||||
local all_sources
|
||||
|
||||
@@ -103,7 +110,7 @@ check_pgpsigs() {
|
||||
printf '\n' >&2
|
||||
done
|
||||
|
||||
- rm -f "$statusfile"
|
||||
+ rm -f "$statusfile" "$statusfile_raw"
|
||||
|
||||
if (( errors )); then
|
||||
error "$(gettext "One or more PGP signatures could not be verified!")"
|
||||
@@ -158,12 +165,19 @@ verify_file_signature() {
|
||||
esac
|
||||
|
||||
# verify the signature and write metadata to a status file
|
||||
- if ! $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null; then
|
||||
+ if ! $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile_raw" --verify "$file" - 2> /dev/null; then
|
||||
printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "gpg" >&2
|
||||
errors=1
|
||||
return 1
|
||||
fi
|
||||
|
||||
+ # create a statusfile that contains only understood terms
|
||||
+ if ! filter_gnupg_statusfile > "$statusfile" < "$statusfile_raw"; then
|
||||
+ printf '%s\n' "$(gettext "unable to extract signature metadata.")" >&2
|
||||
+ errors=1
|
||||
+ return 1
|
||||
+ fi
|
||||
+
|
||||
return 0
|
||||
}
|
||||
|
||||
@@ -196,12 +210,19 @@ verify_git_signature() {
|
||||
printf " %s git repo ... " "${dir##*/}" >&2
|
||||
|
||||
# verify the signature and write metadata to a status file
|
||||
- if ! git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile" 2>&1; then
|
||||
+ if ! git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile_raw" 2>&1; then
|
||||
printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "git" >&2
|
||||
errors=1
|
||||
return 1
|
||||
fi
|
||||
|
||||
+ # create a statusfile that contains only understood terms
|
||||
+ if ! filter_gnupg_statusfile > "$statusfile" < "$statusfile_raw"; then
|
||||
+ printf '%s\n' "$(gettext "unable to extract signature metadata.")" >&2
|
||||
+ errors=1
|
||||
+ return 1
|
||||
+ fi
|
||||
+
|
||||
if ! grep -qs NEWSIG "$statusfile"; then
|
||||
printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
|
||||
errors=1
|
||||
--
|
||||
GitLab
|
||||
|
48
pacman/pacman-fix-gnupg-newsig-check.patch
Normal file
48
pacman/pacman-fix-gnupg-newsig-check.patch
Normal file
|
@ -0,0 +1,48 @@
|
|||
From 16a064701a30d7e1175e1185cc6da44238302fab Mon Sep 17 00:00:00 2001
|
||||
From: David Runge <dvzrv@archlinux.org>
|
||||
Date: Mon, 22 Jan 2024 14:04:28 +0100
|
||||
Subject: [PATCH] makepkg: Move check for signature metadata to central
|
||||
location
|
||||
|
||||
Move the check for the `NEWSIG` metadata keyword contained in the
|
||||
GnuPG based statusfile to `parse_gpg_statusfile()` so that it is also
|
||||
run when creating the statusfile in `verify_file_signature()` and not
|
||||
only when running `verify_git_signature()`.
|
||||
|
||||
Signed-off-by: David Runge <dvzrv@archlinux.org>
|
||||
---
|
||||
scripts/libmakepkg/integrity/verify_signature.sh.in | 12 +++++++-----
|
||||
1 file changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
|
||||
index d786a2c39..8a35fe16e 100644
|
||||
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
|
||||
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
|
||||
@@ -223,17 +223,19 @@ verify_git_signature() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
- if ! grep -qs NEWSIG "$statusfile"; then
|
||||
- printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
|
||||
- errors=1
|
||||
- return 1
|
||||
- fi
|
||||
return 0
|
||||
}
|
||||
|
||||
parse_gpg_statusfile() {
|
||||
local type arg1 arg6 arg10
|
||||
|
||||
+ # ensure the NEWSIG keyword is part of the metadata
|
||||
+ if ! grep -qs NEWSIG "$statusfile"; then
|
||||
+ printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
|
||||
+ errors=1
|
||||
+ return 1
|
||||
+ fi
|
||||
+
|
||||
while read -r _ type arg1 _ _ _ _ arg6 _ _ _ arg10 _; do
|
||||
case "$type" in
|
||||
GOODSIG)
|
||||
--
|
||||
GitLab
|
||||
|
52
pacman/pacman-ignore-a-files.patch
Normal file
52
pacman/pacman-ignore-a-files.patch
Normal file
|
@ -0,0 +1,52 @@
|
|||
From 00d2b1f90261bf77eaaf262d2504af016562f2ac Mon Sep 17 00:00:00 2001
|
||||
From: Morten Linderud <morten@linderud.pw>
|
||||
Date: Sun, 17 Dec 2023 16:03:36 +0100
|
||||
Subject: [PATCH] strip: don't create debug packages from .a files
|
||||
|
||||
.a files are not valid ELF files so we can't run objcopy nor debugedit
|
||||
on them.
|
||||
|
||||
Rename STRIPLTO to STATICLIB to be more descriptive.
|
||||
|
||||
Signed-off-by: Morten Linderud <morten@linderud.pw>
|
||||
---
|
||||
scripts/libmakepkg/tidy/strip.sh.in | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in
|
||||
index 6c435058a..e0a303532 100644
|
||||
--- a/scripts/libmakepkg/tidy/strip.sh.in
|
||||
+++ b/scripts/libmakepkg/tidy/strip.sh.in
|
||||
@@ -156,7 +156,7 @@ tidy_strip() {
|
||||
|
||||
local binary strip_flags
|
||||
find . -type f -perm -u+w -print0 2>/dev/null | LC_ALL=C sort -z | while IFS= read -rd '' binary ; do
|
||||
- local STRIPLTO=0
|
||||
+ local STATICLIB=0
|
||||
case "$(LC_ALL=C readelf -h "$binary" 2>/dev/null)" in
|
||||
*Type:*'DYN (Shared object file)'*) # Libraries (.so) or Relocatable binaries
|
||||
strip_flags="$STRIP_SHARED";;
|
||||
@@ -167,7 +167,7 @@ tidy_strip() {
|
||||
*Type:*'REL (Relocatable file)'*) # Libraries (.a) or objects
|
||||
if ar t "$binary" &>/dev/null; then # Libraries (.a)
|
||||
strip_flags="$STRIP_STATIC"
|
||||
- STRIPLTO=1
|
||||
+ STATICLIB=1
|
||||
elif [[ $binary = *'.ko' || $binary = *'.o' ]]; then # Kernel module or object file
|
||||
strip_flags="$STRIP_SHARED"
|
||||
else
|
||||
@@ -177,9 +177,9 @@ tidy_strip() {
|
||||
*)
|
||||
continue ;;
|
||||
esac
|
||||
- collect_debug_symbols "$binary"
|
||||
+ (( ! STATICLIB )) && collect_debug_symbols "$binary"
|
||||
strip_file "$binary" ${strip_flags}
|
||||
- (( STRIPLTO )) && strip_lto "$binary"
|
||||
+ (( STATICLIB )) && strip_lto "$binary"
|
||||
done
|
||||
|
||||
elif check_option "debug" "y"; then
|
||||
--
|
||||
GitLab
|
||||
|
26
pacman/pacman-sort-debuginfod-repro.patch
Normal file
26
pacman/pacman-sort-debuginfod-repro.patch
Normal file
|
@ -0,0 +1,26 @@
|
|||
From 843bf21e794c79c5b3bcf8a57e45ef9c62312fee Mon Sep 17 00:00:00 2001
|
||||
From: kpcyrd <kpcyrd@archlinux.org>
|
||||
Date: Sun, 27 Aug 2023 13:03:40 +0200
|
||||
Subject: [PATCH] libmakepkg: Fix non-reproducible binaries by processing
|
||||
debuginfo in order
|
||||
|
||||
---
|
||||
scripts/libmakepkg/tidy/strip.sh.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in
|
||||
index 035a2142e..a53bd451b 100644
|
||||
--- a/scripts/libmakepkg/tidy/strip.sh.in
|
||||
+++ b/scripts/libmakepkg/tidy/strip.sh.in
|
||||
@@ -152,7 +152,7 @@ tidy_strip() {
|
||||
fi
|
||||
|
||||
local binary strip_flags
|
||||
- find . -type f -perm -u+w -print0 2>/dev/null | while IFS= read -rd '' binary ; do
|
||||
+ find . -type f -perm -u+w -print0 2>/dev/null | LC_ALL=C sort -z | while IFS= read -rd '' binary ; do
|
||||
local STRIPLTO=0
|
||||
case "$(LC_ALL=C readelf -h "$binary" 2>/dev/null)" in
|
||||
*Type:*'DYN (Shared object file)'*) # Libraries (.so) or Relocatable binaries
|
||||
--
|
||||
GitLab
|
||||
|
50
pacman/pacman-split-off-strip-debug.patch
Normal file
50
pacman/pacman-split-off-strip-debug.patch
Normal file
|
@ -0,0 +1,50 @@
|
|||
From 7a4fff3310ba2eadd3d5428cbb92e58eb2ee853b Mon Sep 17 00:00:00 2001
|
||||
From: Morten Linderud <morten@linderud.pw>
|
||||
Date: Wed, 21 Dec 2022 17:52:57 +0100
|
||||
Subject: [PATCH] strip: split off file stripping and debug package creation
|
||||
|
||||
Some projects might duplicate the file in multiple locations for one
|
||||
reason or another. When debug packages are enabled, `makepkg` will only
|
||||
strip the first occurrence of the binary and abort early on all the
|
||||
other binaries.
|
||||
|
||||
Signed-off-by: Morten Linderud <morten@linderud.pw>
|
||||
---
|
||||
scripts/libmakepkg/tidy/strip.sh.in | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in
|
||||
index e904080c9..6c435058a 100644
|
||||
--- a/scripts/libmakepkg/tidy/strip.sh.in
|
||||
+++ b/scripts/libmakepkg/tidy/strip.sh.in
|
||||
@@ -66,7 +66,7 @@ package_source_files() {
|
||||
done < <(source_files "$binary")
|
||||
}
|
||||
|
||||
-strip_file() {
|
||||
+collect_debug_symbols() {
|
||||
local binary=$1; shift
|
||||
|
||||
if check_option "debug" "y"; then
|
||||
@@ -118,7 +118,10 @@ strip_file() {
|
||||
ln -s "$target" "$dbgdir/.build-id/${bid:0:2}/${bid:2}.debug"
|
||||
fi
|
||||
fi
|
||||
+}
|
||||
|
||||
+strip_file(){
|
||||
+ local binary=$1; shift
|
||||
local tempfile=$(mktemp "$binary.XXXXXX")
|
||||
if strip "$@" "$binary" -o "$tempfile"; then
|
||||
cat "$tempfile" > "$binary"
|
||||
@@ -174,6 +177,7 @@ tidy_strip() {
|
||||
*)
|
||||
continue ;;
|
||||
esac
|
||||
+ collect_debug_symbols "$binary"
|
||||
strip_file "$binary" ${strip_flags}
|
||||
(( STRIPLTO )) && strip_lto "$binary"
|
||||
done
|
||||
--
|
||||
GitLab
|
||||
|
|
@ -84,20 +84,14 @@ SigLevel = Never
|
|||
[jobcore]
|
||||
#Server = file:///var/cache/jobcore/
|
||||
Include = /etc/pacman.d/mirrorlist-jobo
|
||||
#Server = https://ftp.iij.ad.jp/pub/osdn.jp/storage/g/j/jo/joborun/jobcore/
|
||||
#Server = https://osdn.net/projects/joborun/storage/jobcore/
|
||||
|
||||
[jobextra]
|
||||
#Server = file:///var/cache/jobextra/
|
||||
Include = /etc/pacman.d/mirrorlist-jobo
|
||||
#Server = https://ftp.iij.ad.jp/pub/osdn.jp/storage/g/j/jo/joborun/jobextra/
|
||||
#Server = https://osdn.net/projects/joborun/storage/jobextra/
|
||||
|
||||
[jobcomm]
|
||||
#Server = file:///var/cache/jobcomm/
|
||||
Include = /etc/pacman.d/mirrorlist-jobo
|
||||
#Server = https://ftp.iij.ad.jp/pub/osdn.jp/storage/g/j/jo/joborun/jobcomm/
|
||||
#Server = https://osdn.net/projects/joborun/storage/jobcomm/
|
||||
|
||||
#[jobmine]
|
||||
# ## make your own repository and add what you build from OUR or AUR
|
||||
|
@ -108,13 +102,14 @@ Include = /etc/pacman.d/mirrorlist-jobo
|
|||
#### gpgme drops the effort after a few seconds and replies with
|
||||
#### failure. Obarun should first make strict rules on building
|
||||
#### before implementing strict rules on downloading pkgs!
|
||||
#### Nothing useful can come out of obcore anymore unless you are curious
|
||||
|
||||
#[obcore-testing]
|
||||
##[obcore-testing]
|
||||
##Server = https://cloud.server.obarun.org/$repo/os/$arch/
|
||||
|
||||
#[obcore]
|
||||
#Server = https://cloud.server.obarun.org/$repo/os/$arch/
|
||||
|
||||
[obcore]
|
||||
Server = https://cloud.server.obarun.org/$repo/os/$arch/
|
||||
|
||||
#[obextra-testing]
|
||||
#Server = https://cloud.server.obarun.org/$repo/os/$arch/
|
||||
|
||||
|
@ -183,17 +178,14 @@ Include = /etc/pacman.d/mirrorlist
|
|||
#### Spark-Linux begins here #######
|
||||
|
||||
#[spark-testing]
|
||||
#SigLevel = Never
|
||||
##Include = /etc/pacman.d/mirrorlist-spark
|
||||
#Server = https://mirror.fleshless.org/spark/$repo
|
||||
|
||||
#[spark]
|
||||
#SigLevel = Never
|
||||
##Include = /etc/pacman.d/mirrorlist-spark
|
||||
#Server = https://mirror.fleshless.org/spark/$repo
|
||||
|
||||
#[spark-extra]
|
||||
#SigLevel = Never
|
||||
##Include = /etc/pacman.d/mirrorlist-spark
|
||||
#Server = https://mirror.fleshless.org/spark/$repo
|
||||
|
||||
|
@ -204,31 +196,26 @@ Include = /etc/pacman.d/mirrorlist
|
|||
#### Artix is designed to use exclusively ONE init and service manager, not two!
|
||||
|
||||
#[gremlins]
|
||||
#SigLevel = Never
|
||||
##SigLevel = DatabaseOptional
|
||||
##Include = /etc/pacman.d/mirrorlist-artix
|
||||
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
|
||||
|
||||
#[system]
|
||||
#SigLevel = Never
|
||||
##SigLevel = DatabaseOptional
|
||||
##Include = /etc/pacman.d/mirrorlist-artix
|
||||
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
|
||||
|
||||
#[world]
|
||||
#SigLevel = Never
|
||||
##SigLevel = DatabaseOptional
|
||||
##Include = /etc/pacman.d/mirrorlist-artix
|
||||
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
|
||||
|
||||
#[galaxy-gremlins]
|
||||
#SigLevel = Never
|
||||
##SigLevel = DatabaseOptional
|
||||
##Include = /etc/pacman.d/mirrorlist-artix
|
||||
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
|
||||
|
||||
#[galaxy]
|
||||
#SigLevel = Never
|
||||
##SigLevel = DatabaseOptional
|
||||
##Include = /etc/pacman.d/mirrorlist-artix
|
||||
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
|
||||
|
@ -237,13 +224,11 @@ Include = /etc/pacman.d/mirrorlist
|
|||
# enable the multilib repositories as required here.
|
||||
|
||||
#[lib32-gremlins]
|
||||
#SigLevel = Never
|
||||
##SigLevel = DatabaseOptional
|
||||
##Include = /etc/pacman.d/mirrorlist-artix
|
||||
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
|
||||
|
||||
#[lib32]
|
||||
#SigLevel = Never
|
||||
##SigLevel = DatabaseOptional
|
||||
##Include = /etc/pacman.d/mirrorlist-artix
|
||||
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
|
||||
|
@ -251,19 +236,16 @@ Include = /etc/pacman.d/mirrorlist
|
|||
#### Archstrike and Blackarch begin here #######
|
||||
|
||||
#[archstrike-testing]
|
||||
#SigLevel = Never
|
||||
##SigLevel = DatabaseOptional
|
||||
##Include = /etc/pacman.d/archstrike-mirrorlist
|
||||
#Server = https://mirror.archstrike.org/$arch/$repo
|
||||
|
||||
#[archstrike]
|
||||
#SigLevel = Never
|
||||
##SigLevel = DatabaseOptional
|
||||
##Include = /etc/pacman.d/archstrike-mirrorlist
|
||||
#Server = https://mirror.archstrike.org/$arch/$repo
|
||||
|
||||
#[blackarch]
|
||||
#SigLevel = Never
|
||||
##SigLevel = DatabaseOptional
|
||||
##Include = /etc/pacman.d/blackarch-mirrorlist
|
||||
#Server = https://blackarch.org/blackarch/$repo/os/$arch
|
||||
|
|
8
pacman/patch.list
Normal file
8
pacman/patch.list
Normal file
|
@ -0,0 +1,8 @@
|
|||
pacman-change-default-checksum-from-md5-to-sha256.patch
|
||||
pacman-sort-debuginfod-repro.patch
|
||||
pacman-split-off-strip-debug.patch
|
||||
pacman-ignore-a-files.patch
|
||||
pacman-early-err-git.patch
|
||||
pacman-fix-gnupg-binary-data.patch
|
||||
pacman-fix-gnupg-newsig-check.patch
|
||||
pacman-check-pipes-gnupg.patch
|
Loading…
Reference in a new issue