upg pacman

This commit is contained in:
joborun linux 2024-03-01 22:02:29 +02:00
parent f32fe7d045
commit f50626583c
17 changed files with 703 additions and 50 deletions

View file

@ -7,12 +7,12 @@
pkgname=pacman
pkgver=6.0.2
pkgrel=015
pkgrel=016
pkgdesc="A library-based package manager with dependency support modified for joborun from arch"
url="https://www.archlinux.org/pacman/"
groups=(base jobbot)
depends=('bash' 'glibc' 'libarchive' 'curl' 'gpgme' 'pacman-mirrorlist' 'jobo-mirror'
'gawk' 'coreutils' 'gnupg' 'grep' 'archlinux-keyring'
depends=('bash' 'glibc' 'libarchive' 'curl' 'gpgme' 'pacman-mirrorlist'
'jobo-mirror' 'gawk' 'coreutils' 'gnupg' 'grep' 'archlinux-keyring'
'obarun-keyring' 'joborun-keyring' 'lzip')
# NOTE: Joborun linux is switching default pkg compression to lzip at level -5
@ -35,6 +35,14 @@ source=(https://sources.archlinux.org/other/pacman/$pkgname-$pkgver.tar.xz{,.sig
pacman-strip-include-o-files-similar-to-kernel-modules.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/de11824527ec4e2561e161ac40a5714ec943543c.patch
pacman-fix-compatibility-with-bash-5.2-patsub_replacement.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/0e938f188692c710be36f9dd9ea7b94381aed1b4.patch
pacman-fix-order-of-fakechroot-fakeroot-nesting.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/05f283b5ad8f5b8f995076e93a27c8772076f872.patch
pacman-change-default-checksum-from-md5-to-sha256.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/aa3a1bc3b50d797fb75278f79a83cd7dde50c66e.patch
pacman-sort-debuginfod-repro.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/843bf21e794c79c5b3bcf8a57e45ef9c62312fee.patch
pacman-split-off-strip-debug.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/7a4fff3310ba2eadd3d5428cbb92e58eb2ee853b.patch
pacman-ignore-a-files.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/00d2b1f90261bf77eaaf262d2504af016562f2ac.patch
pacman-early-err-git.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/3aa096a74f717d31650e0eb3cf34e9a5ebadc313.patch
pacman-fix-gnupg-binary-data.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/86ec26b2d33372a4b3bda48f22c4a9f226c3ccce.patch
pacman-fix-gnupg-newsig-check.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/16a064701a30d7e1175e1185cc6da44238302fab.patch
pacman-check-pipes-gnupg.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/f8c2e59ec57c86827b1f1b1c2f6760dc3e59fe40.patch
pacman.conf
makepkg.conf)
@ -82,13 +90,23 @@ package() {
install -m644 "$srcdir/pacman.conf" "$pkgdir/etc"
install -m644 "$srcdir/makepkg.conf" "$pkgdir/etc"
# rm -rf $pkgdir/usr/share/libalpm/hooks
#
# local wantsdir="$pkgdir/usr/lib/systemd/system/sockets.target.wants"
# install -dm755 "$wantsdir"
#
# local unit
# for unit in dirmngr gpg-agent gpg-agent-{browser,extra,ssh} keyboxd; do
# ln -s "../${unit}@.socket" "$wantsdir/${unit}@etc-pacman.d-gnupg.socket"
# done
}
#---- arch license gpg-key & sha256sums ----
arch=(x86_64)
license=('GPL')
license=('GPL-2.0-or-later')
validpgpkeys=('6645B0A8C7005E78DB1D7864F99FFE0FEAE999BD' # Allan McRae <allan@archlinux.org>
'B8151B117037781095514CA7BBDFFC92306B1121') # Andrew Gregory (pacman) <andrew@archlinux.org>
@ -101,8 +119,14 @@ sha256sums=(7d8e3e8c5121aec0965df71f59bedf46052c6cf14f96365c4411ec3de0a4c1a5 #
d87d0c9957c613fda272553bee58140349d151ae399f346ddaf6d75ee5916312 # pacman-strip-include-o-files-similar-to-kernel-modules.patch
8641d514ef4cae9e4d1867aadf4b9c850a9e8dc9792c6c559f9d2a0e1713a5a1 # pacman-fix-compatibility-with-bash-5.2-patsub_replacement.patch
b11f62d4bd9557e9d3e7456bc95f63e9eabab5ecee1368f4a14a84bc94b1c8d1 # pacman-fix-order-of-fakechroot-fakeroot-nesting.patch
6436e418557989586221d4d5c527666f18d98c6332126dbb6276581b9dce4f6d # pacman.conf
b7b3302848e12438b4767eafcc76e121b0f24717c37572e252ffcf4f36a5c4d9) # makepkg.conf
## 3e50b6c757dae445d65793aa2fb47f34102737613d5e67a7e12ba90f6e903b1f pacman-6.0.2-015-x86_64.pkg.tar.lz
cf749ad981e8f3dedd89c05a5e69a9c91d1e58ef9407e8f8e04ba9c183939623 # pacman-change-default-checksum-from-md5-to-sha256.patch
17e7af22533984924aaf1cf36c74aa26b46b04ad140cd76b65521be906bd3ff7 # pacman-sort-debuginfod-repro.patch
94d1f3575d0c3faf8bf11fee8e5ef36c8b339ebfd24868931903ba179ffecf4e # pacman-split-off-strip-debug.patch
468837eed9a4ffd3778f159a7e62f89a38a4244f822a3a5b014daa69e3c65d28 # pacman-ignore-a-files.patch
0ac6a34e6fc126a243a642e509f459f6cde20af213ab949791a5cc325cf031f9 # pacman-early-err-git.patch
d08d4a56dc3a977fdfd4591c30733fa28976710ffba53786541d98717892dc24 # pacman-fix-gnupg-binary-data.patch
4a3cdfba490121a20f3648791cd47ba323f3d3d56bf7ced21b9badb1f22d6abc # pacman-fix-gnupg-newsig-check.patch
94c273f07e4e28125b6002567c62e1f6c65f543597de6a8bd79e8c5bf6e4a125 # pacman-check-pipes-gnupg.patch
488ae68d6c75c81a829dbb1e75ba7349cf341bea5da07c2896e529cdb09f612e # pacman.conf
e3eca3bbddf18a3d3278b876a40bc37b58175fd410cfa7fd328d48e8fdb1e17f) # makepkg.conf

View file

@ -3,11 +3,11 @@
pkgname=pacman
pkgver=6.0.2
pkgrel=8
pkgrel=9
pkgdesc="A library-based package manager with dependency support"
arch=('x86_64')
url="https://www.archlinux.org/pacman/"
license=('GPL')
license=('GPL-2.0-or-later')
depends=('bash' 'glibc' 'libarchive' 'curl' 'gpgme' 'pacman-mirrorlist'
'gettext' 'gawk' 'coreutils' 'gnupg' 'grep')
makedepends=('meson' 'asciidoc' 'doxygen')
@ -26,6 +26,14 @@ source=(https://sources.archlinux.org/other/pacman/$pkgname-$pkgver.tar.xz{,.sig
pacman-strip-include-o-files-similar-to-kernel-modules.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/de11824527ec4e2561e161ac40a5714ec943543c.patch
pacman-fix-compatibility-with-bash-5.2-patsub_replacement.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/0e938f188692c710be36f9dd9ea7b94381aed1b4.patch
pacman-fix-order-of-fakechroot-fakeroot-nesting.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/05f283b5ad8f5b8f995076e93a27c8772076f872.patch
pacman-change-default-checksum-from-md5-to-sha256.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/aa3a1bc3b50d797fb75278f79a83cd7dde50c66e.patch
pacman-sort-debuginfod-repro.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/843bf21e794c79c5b3bcf8a57e45ef9c62312fee.patch
pacman-split-off-strip-debug.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/7a4fff3310ba2eadd3d5428cbb92e58eb2ee853b.patch
pacman-ignore-a-files.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/00d2b1f90261bf77eaaf262d2504af016562f2ac.patch
pacman-early-err-git.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/3aa096a74f717d31650e0eb3cf34e9a5ebadc313.patch
pacman-fix-gnupg-binary-data.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/86ec26b2d33372a4b3bda48f22c4a9f226c3ccce.patch
pacman-fix-gnupg-newsig-check.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/16a064701a30d7e1175e1185cc6da44238302fab.patch
pacman-check-pipes-gnupg.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/f8c2e59ec57c86827b1f1b1c2f6760dc3e59fe40.patch
pacman.conf
makepkg.conf)
sha256sums=('7d8e3e8c5121aec0965df71f59bedf46052c6cf14f96365c4411ec3de0a4c1a5'
@ -36,8 +44,16 @@ sha256sums=('7d8e3e8c5121aec0965df71f59bedf46052c6cf14f96365c4411ec3de0a4c1a5'
'd87d0c9957c613fda272553bee58140349d151ae399f346ddaf6d75ee5916312'
'8641d514ef4cae9e4d1867aadf4b9c850a9e8dc9792c6c559f9d2a0e1713a5a1'
'b11f62d4bd9557e9d3e7456bc95f63e9eabab5ecee1368f4a14a84bc94b1c8d1'
'cf749ad981e8f3dedd89c05a5e69a9c91d1e58ef9407e8f8e04ba9c183939623'
'17e7af22533984924aaf1cf36c74aa26b46b04ad140cd76b65521be906bd3ff7'
'94d1f3575d0c3faf8bf11fee8e5ef36c8b339ebfd24868931903ba179ffecf4e'
'96efb79a96abf8cdcecb9f8dc461552549cf46159f44bb4160eb073e1ea5000a'
'0ac6a34e6fc126a243a642e509f459f6cde20af213ab949791a5cc325cf031f9'
'6e81b34e6a5f312d48ce3aaca0f02ddd10b7a43325cb32acf7666b6b7ac41552'
'250598a27a3077ec1dfe97a30af8bb0daf449d3ab456ed6a0c7a5bea0eb58f51'
'94c273f07e4e28125b6002567c62e1f6c65f543597de6a8bd79e8c5bf6e4a125'
'656c4d4cb8cb12adbf178fc8cb2fd25f8c285d6572bbdbb24d865d00e0d5a85a'
'b46bca4d3f8b41138923b7a1d7ada272b56ad8b89d0d6ce09145638bdf15185d')
'f2791b51588104ec6dbaafa389451056f3c61fa6c19510dcce3a9a6cc19cba29')
prepare() {
cd "${pkgname}-${pkgver}"
@ -82,6 +98,14 @@ package() {
install -dm755 "$pkgdir/etc"
install -m644 "$srcdir/pacman.conf" "$pkgdir/etc"
install -m644 "$srcdir/makepkg.conf" "$pkgdir/etc"
local wantsdir="$pkgdir/usr/lib/systemd/system/sockets.target.wants"
install -dm755 "$wantsdir"
local unit
for unit in dirmngr gpg-agent gpg-agent-{browser,extra,ssh} keyboxd; do
ln -s "../${unit}@.socket" "$wantsdir/${unit}@etc-pacman.d-gnupg.socket"
done
}
# vim: set ts=2 sw=2 et:

View file

@ -5,5 +5,6 @@ python
fakechroot
cmake
bash-completion
gettext

View file

@ -1,4 +1,6 @@
#!/hint/bash
# shellcheck disable=2034
#
# /etc/makepkg.conf
#
@ -39,18 +41,20 @@ CHOST="x86_64-pc-linux-gnu"
#-- Compiler and Linker Flags
#CPPFLAGS=""
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
-Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
-fstack-clash-protection -fcf-protection"
-Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security \
-fstack-clash-protection -fcf-protection \
-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now \
-Wl,-z,pack-relative-relocs"
LTOFLAGS="-flto=auto"
#RUSTFLAGS="-C opt-level=2"
RUSTFLAGS="-Cforce-frame-pointers=yes"
#-- Make Flags: change this for DistCC/SMP systems
#MAKEFLAGS="-j2"
#-- Debugging flags
DEBUG_CFLAGS="-g"
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
#DEBUG_RUSTFLAGS="-C debuginfo=2"
DEBUG_RUSTFLAGS="-C debuginfo=2"
#########################################################################
# BUILD ENVIRONMENT
@ -92,7 +96,7 @@ BUILDENV=(!distcc color !ccache check !sign)
#-- debug: Add debugging flags as specified in DEBUG_* variables
#-- lto: Add compile flags for building with link time optimization
#
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug lto)
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
INTEGRITY_CHECK=(sha256)
@ -109,7 +113,7 @@ DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
#-- Files to be removed from all packages (if purge is specified)
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
#-- Directory to store source code in for debug packages
DBGSRCDIR="/usr/src/debug"
#DBGSRCDIR="/usr/src/debug"
#########################################################################
# PACKAGE OUTPUT
@ -122,7 +126,7 @@ DBGSRCDIR="/usr/src/debug"
#-- Source cache: specify a fixed directory where source files will be cached
#SRCDEST=/home/sources
#-- Source packages: specify a fixed directory where all src packages will be placed
SRCPKGDEST=/src/pkg/
#SRCPKGDEST=/src/pkg/
#-- Log files: specify a fixed directory where all log files will be placed
#LOGDEST=/home/makepkglogs
#-- Packager: name/email of the person or organization building packages
@ -145,7 +149,7 @@ COMPRESSLRZ=(lrzip -q)
COMPRESSLZO=(lzop -q)
COMPRESSZ=(compress -c -f)
COMPRESSLZ4=(lz4 -q)
COMPRESSLZ=(lzip -6 -c -f)
COMPRESSLZ=(lzip -6 -c -f -vv)
#########################################################################
# EXTENSION DEFAULTS

View file

@ -1,4 +1,6 @@
#!/hint/bash
# shellcheck disable=2034
#
# /etc/makepkg.conf
#
@ -39,18 +41,20 @@ CHOST="x86_64-pc-linux-gnu"
#-- Compiler and Linker Flags
#CPPFLAGS=""
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
-Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
-fstack-clash-protection -fcf-protection"
-Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security \
-fstack-clash-protection -fcf-protection \
-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now \
-Wl,-z,pack-relative-relocs"
LTOFLAGS="-flto=auto"
#RUSTFLAGS="-C opt-level=2"
RUSTFLAGS="-Cforce-frame-pointers=yes"
#-- Make Flags: change this for DistCC/SMP systems
#MAKEFLAGS="-j2"
#-- Debugging flags
DEBUG_CFLAGS="-g"
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
#DEBUG_RUSTFLAGS="-C debuginfo=2"
DEBUG_RUSTFLAGS="-C debuginfo=2"
#########################################################################
# BUILD ENVIRONMENT
@ -92,7 +96,7 @@ BUILDENV=(!distcc color !ccache check !sign)
#-- debug: Add debugging flags as specified in DEBUG_* variables
#-- lto: Add compile flags for building with link time optimization
#
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge debug lto)
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
INTEGRITY_CHECK=(sha256)
@ -137,7 +141,7 @@ DBGSRCDIR="/usr/src/debug"
COMPRESSGZ=(gzip -c -f -n)
COMPRESSBZ2=(bzip2 -c -f)
COMPRESSXZ=(xz -c -z -)
COMPRESSZST=(zstd -c -z -q -)
COMPRESSZST=(zstd -c -T0 --ultra -20 -)
COMPRESSLRZ=(lrzip -q)
COMPRESSLZO=(lzop -q)
COMPRESSZ=(compress -c -f)
@ -157,3 +161,4 @@ SRCEXT='.src.tar.gz'
#
#-- Command used to run pacman as root, instead of trying sudo and su
#PACMAN_AUTH=()
# vim: set ft=sh ts=2 sw=2 et:

View file

@ -0,0 +1,159 @@
#!/hint/bash
#
# /etc/makepkg.conf
#
#########################################################################
# SOURCE ACQUISITION
#########################################################################
#
#-- The download utilities that makepkg should use to acquire sources
# Format: 'protocol::agent'
DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
'rsync::/usr/bin/rsync --no-motd -z %u %o'
'scp::/usr/bin/scp -C %u %o')
# Other common tools:
# /usr/bin/snarf
# /usr/bin/lftpget -c
# /usr/bin/wget
#-- The package required by makepkg to download VCS sources
# Format: 'protocol::package'
VCSCLIENTS=('bzr::breezy'
'fossil::fossil'
'git::git'
'hg::mercurial'
'svn::subversion')
#########################################################################
# ARCHITECTURE, COMPILE FLAGS
#########################################################################
#
CARCH="x86_64"
CHOST="x86_64-pc-linux-gnu"
#-- Compiler and Linker Flags
#CPPFLAGS=""
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
-Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
-fstack-clash-protection -fcf-protection"
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
LTOFLAGS="-flto=auto"
#RUSTFLAGS="-C opt-level=2"
#-- Make Flags: change this for DistCC/SMP systems
#MAKEFLAGS="-j2"
#-- Debugging flags
DEBUG_CFLAGS="-g"
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
#DEBUG_RUSTFLAGS="-C debuginfo=2"
#########################################################################
# BUILD ENVIRONMENT
#########################################################################
#
# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
# A negated environment option will do the opposite of the comments below.
#
#-- distcc: Use the Distributed C/C++/ObjC compiler
#-- color: Colorize output messages
#-- ccache: Use ccache to cache compilation
#-- check: Run the check() function if present in the PKGBUILD
#-- sign: Generate PGP signature file
#
BUILDENV=(!distcc color !ccache check !sign)
#
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
#-- specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
#
#-- Specify a directory for package building.
#BUILDDIR=/tmp/makepkg
#########################################################################
# GLOBAL PACKAGE OPTIONS
# These are default values for the options=() settings
#########################################################################
#
# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto)
# A negated option will do the opposite of the comments below.
#
#-- strip: Strip symbols from binaries/libraries
#-- docs: Save doc directories specified by DOC_DIRS
#-- libtool: Leave libtool (.la) files in packages
#-- staticlibs: Leave static library (.a) files in packages
#-- emptydirs: Leave empty directories in packages
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
#-- purge: Remove files specified by PURGE_TARGETS
#-- debug: Add debugging flags as specified in DEBUG_* variables
#-- lto: Add compile flags for building with link time optimization
#
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
INTEGRITY_CHECK=(sha256)
#-- Options to be used when stripping binaries. See `man strip' for details.
STRIP_BINARIES="--strip-all"
#-- Options to be used when stripping shared libraries. See `man strip' for details.
STRIP_SHARED="--strip-unneeded"
#-- Options to be used when stripping static libraries. See `man strip' for details.
STRIP_STATIC="--strip-debug"
#-- Manual (man and info) directories to compress (if zipman is specified)
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
#-- Doc directories to remove (if !docs is specified)
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
#-- Files to be removed from all packages (if purge is specified)
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
#-- Directory to store source code in for debug packages
DBGSRCDIR="/usr/src/debug"
#########################################################################
# PACKAGE OUTPUT
#########################################################################
#
# Default: put built package and cached source in build directory
#
#-- Destination: specify a fixed directory where all packages will be placed
#PKGDEST=/home/packages
#-- Source cache: specify a fixed directory where source files will be cached
#SRCDEST=/home/sources
#-- Source packages: specify a fixed directory where all src packages will be placed
#SRCPKGDEST=/home/srcpackages
#-- Log files: specify a fixed directory where all log files will be placed
#LOGDEST=/home/makepkglogs
#-- Packager: name/email of the person or organization building packages
#PACKAGER="John Doe <john@doe.com>"
#-- Specify a key to use for package signing
#GPGKEY=""
#########################################################################
# COMPRESSION DEFAULTS
#########################################################################
#
COMPRESSGZ=(gzip -c -f -n)
COMPRESSBZ2=(bzip2 -c -f)
COMPRESSXZ=(xz -c -z -)
COMPRESSZST=(zstd -c -z -q -)
COMPRESSLRZ=(lrzip -q)
COMPRESSLZO=(lzop -q)
COMPRESSZ=(compress -c -f)
COMPRESSLZ4=(lz4 -q)
COMPRESSLZ=(lzip -c -f)
#########################################################################
# EXTENSION DEFAULTS
#########################################################################
#
PKGEXT='.pkg.tar.zst'
SRCEXT='.src.tar.gz'
#########################################################################
# OTHER
#########################################################################
#
#-- Command used to run pacman as root, instead of trying sudo and su
#PACMAN_AUTH=()

View file

@ -3,3 +3,4 @@ absolutely necessary.
July 21st 2022 Arch decides to rebuild adding gettext and other build utilities to pacman, unnecesseraly for those who don't build from source within their main installation
The contradiction here is that Arch always advises to build pkgs from source in a separate clean minimal chroot or container or docker, meanwhile they keep adding building tools to pacman because of the makepkg inclusion. I believe a split of makepkg as a separate pkg is best, within the pacman pkgbase
edition 6.0.2-016/arch-rel-9 fails 2 python checks so we run with --nochceck over the build to finish it, possibly with all the new systemd functionality tests fail

View file

@ -0,0 +1,59 @@
From aa3a1bc3b50d797fb75278f79a83cd7dde50c66e Mon Sep 17 00:00:00 2001
From: Ben Westover <kwestover.kw@gmail.com>
Date: Fri, 29 Jul 2022 17:04:06 -0400
Subject: [PATCH] proto: Change the default checksum from md5 to sha256
MD5 isn't a very good checksum, and the PKGBUILD page on the Arch Wiki
states that it should not be used, instead recommending sha256 or b2.
This patch changes the default from md5 to sha256 because that seems to
be the most commonly used checksum today.
Signed-off-by: Ben Westover <kwestover.kw@gmail.com>
---
proto/PKGBUILD-split.proto | 2 +-
proto/PKGBUILD-vcs.proto | 2 +-
proto/PKGBUILD.proto | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/proto/PKGBUILD-split.proto b/proto/PKGBUILD-split.proto
index 9898ef81d..eea97e56a 100644
--- a/proto/PKGBUILD-split.proto
+++ b/proto/PKGBUILD-split.proto
@@ -28,7 +28,7 @@ changelog=
source=("$pkgbase-$pkgver.tar.gz"
"$pkgname-$pkgver.patch")
noextract=()
-md5sums=()
+sha256sums=()
validpgpkeys=()
prepare() {
diff --git a/proto/PKGBUILD-vcs.proto b/proto/PKGBUILD-vcs.proto
index ae9956a9c..49c6759f4 100644
--- a/proto/PKGBUILD-vcs.proto
+++ b/proto/PKGBUILD-vcs.proto
@@ -25,7 +25,7 @@ options=()
install=
source=('FOLDER::VCS+URL#FRAGMENT')
noextract=()
-md5sums=('SKIP')
+sha256sums=('SKIP')
# Please refer to the 'USING VCS SOURCES' section of the PKGBUILD man page for
# a description of each element in the source array.
diff --git a/proto/PKGBUILD.proto b/proto/PKGBUILD.proto
index a2c600d5a..9aff797c8 100644
--- a/proto/PKGBUILD.proto
+++ b/proto/PKGBUILD.proto
@@ -27,7 +27,7 @@ changelog=
source=("$pkgname-$pkgver.tar.gz"
"$pkgname-$pkgver.patch")
noextract=()
-md5sums=()
+sha256sums=()
validpgpkeys=()
prepare() {
--
GitLab

View file

@ -0,0 +1,50 @@
From f8c2e59ec57c86827b1f1b1c2f6760dc3e59fe40 Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Mon, 22 Jan 2024 14:35:28 +0100
Subject: [PATCH] pacman-key: Make signature verification more robust by
checking pipes
To ensure we are not dropping the return code of the `gpg` call due to
piping into `grep`, we make use of `PIPESTATUS` to check the return code
of each command separately.
Additionally, we can now distinguish between two states: The signature
does not verify (e.g. due to technical reasons) and the signature is
not trusted.
Signed-off-by: David Runge <dvzrv@archlinux.org>
---
scripts/pacman-key.sh.in | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 8abd824ec..1c9e06478 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -591,10 +591,21 @@ verify_sig() {
error "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
exit 1
fi
- if ! "${GPG_PACMAN[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'; then
- error "$(gettext "The signature identified by %s could not be verified.")" "$sig"
+
+ "${GPG_PACMAN[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'
+
+ # return error if GnuPG fails to verify the signature
+ if [[ "${PIPESTATUS[0]}" -ne 0 ]]; then
+ error "$(gettext "The signature verification for %s failed.")" "$sig"
+ ret=1
+ fi
+
+ # return error if the signature is not trusted fully or ultimately
+ if [[ "${PIPESTATUS[1]}" -ne 0 ]]; then
+ error "$(gettext "The signature %s is not trusted.")" "$sig"
ret=1
fi
+
exit $ret
}
--
GitLab

View file

@ -0,0 +1,54 @@
From 3aa096a74f717d31650e0eb3cf34e9a5ebadc313 Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Mon, 22 Jan 2024 13:48:15 +0100
Subject: [PATCH] makepkg: Emit early error if signature verification fails
Emit an early error message if tag or commit verification with git or
detached signature verification with gpg fails.
Make `verify_file_signature()` and `verify_git_signature()` return
non-zero in this case and set errors to `1`, so that later checks
in `check_pgpsigs()`, although still run, can not lead to a positive
result.
Signed-off-by: David Runge <dvzrv@archlinux.org>
---
.../libmakepkg/integrity/verify_signature.sh.in | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
index 0c1547ee3..ca1d5a868 100644
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
@@ -157,7 +157,13 @@ verify_file_signature() {
"") decompress="cat" ;;
esac
- $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null
+ # verify the signature and write metadata to a status file
+ if ! $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null; then
+ printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "gpg" >&2
+ errors=1
+ return 1
+ fi
+
return 0
}
@@ -189,7 +195,13 @@ verify_git_signature() {
printf " %s git repo ... " "${dir##*/}" >&2
- git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile" 2>&1
+ # verify the signature and write metadata to a status file
+ if ! git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile" 2>&1; then
+ printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "git" >&2
+ errors=1
+ return 1
+ fi
+
if ! grep -qs NEWSIG "$statusfile"; then
printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
errors=1
--
GitLab

View file

@ -0,0 +1,106 @@
From 86ec26b2d33372a4b3bda48f22c4a9f226c3ccce Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Sun, 21 Jan 2024 12:33:04 +0100
Subject: [PATCH] makepkg: Improve robustness of signature verification by
limiting terms
The output of
`gpg --quiet --batch --status-fd /dev/stdout --verify <signature_file> <file> 2> /dev/null`
or
`git verify-commit --raw <commit> 2>&1`
may contain binary data, if the signature has been created with an
OpenPGP implementation, that e.g. makes use of notations.
If the notation string (see `NOTATION_DATA` in /usr/share/doc/gnupg/
DETAILS) contains a trailing binary char, this will break signature
verification, as any following entry (e.g. `VALIDSIG`) will be offset.
As we are only making use of a narrow set of terms from the statusfile
(namely `NEWSIG`, `GOODSIG`, `EXPSIG`, `EXPKEYSIG`, `REVKEYSIG`,
`BADSIG`, `ERRSIG`, `VALIDSIG`, `TRUST_UNDEFINED`, `TRUST_NEVER`,
`TRUST_MARGINAL`, `TRUST_FULLY`, `TRUST_ULTIMATE`), we are applying a
filter, so that only understood terms are written to the file.
Signed-off-by: David Runge <dvzrv@archlinux.org>
---
.../integrity/verify_signature.sh.in | 27 ++++++++++++++++---
1 file changed, 24 insertions(+), 3 deletions(-)
diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
index ca1d5a868..d786a2c39 100644
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
@@ -26,6 +26,12 @@ MAKEPKG_LIBRARY=${MAKEPKG_LIBRARY:-'@libmakepkgdir@'}
source "$MAKEPKG_LIBRARY/util/message.sh"
source "$MAKEPKG_LIBRARY/util/pkgbuild.sh"
+# Filter the contents of a GnuPG statusfile to only contain understood terms to narrow the file's scope and circumvent
+# the use of terms (e.g. NOTATION_DATA) that may contain unescaped binary data
+filter_gnupg_statusfile() {
+ grep -E "(.*SIG| TRUST_.*)"
+}
+
check_pgpsigs() {
(( SKIPPGPCHECK )) && return 0
! source_has_signatures && return 0
@@ -35,6 +41,7 @@ check_pgpsigs() {
local netfile proto pubkey success status fingerprint trusted
local warnings=0
local errors=0
+ local statusfile_raw="$(mktemp)"
local statusfile=$(mktemp)
local all_sources
@@ -103,7 +110,7 @@ check_pgpsigs() {
printf '\n' >&2
done
- rm -f "$statusfile"
+ rm -f "$statusfile" "$statusfile_raw"
if (( errors )); then
error "$(gettext "One or more PGP signatures could not be verified!")"
@@ -158,12 +165,19 @@ verify_file_signature() {
esac
# verify the signature and write metadata to a status file
- if ! $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile" --verify "$file" - 2> /dev/null; then
+ if ! $decompress < "$sourcefile" | gpg --quiet --batch --status-file "$statusfile_raw" --verify "$file" - 2> /dev/null; then
printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "gpg" >&2
errors=1
return 1
fi
+ # create a statusfile that contains only understood terms
+ if ! filter_gnupg_statusfile > "$statusfile" < "$statusfile_raw"; then
+ printf '%s\n' "$(gettext "unable to extract signature metadata.")" >&2
+ errors=1
+ return 1
+ fi
+
return 0
}
@@ -196,12 +210,19 @@ verify_git_signature() {
printf " %s git repo ... " "${dir##*/}" >&2
# verify the signature and write metadata to a status file
- if ! git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile" 2>&1; then
+ if ! git -C "$dir" verify-$fragtype --raw "$fragval" > "$statusfile_raw" 2>&1; then
printf '%s\n' "$(gettext "%s is unable to verify the signature.")" "git" >&2
errors=1
return 1
fi
+ # create a statusfile that contains only understood terms
+ if ! filter_gnupg_statusfile > "$statusfile" < "$statusfile_raw"; then
+ printf '%s\n' "$(gettext "unable to extract signature metadata.")" >&2
+ errors=1
+ return 1
+ fi
+
if ! grep -qs NEWSIG "$statusfile"; then
printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
errors=1
--
GitLab

View file

@ -0,0 +1,48 @@
From 16a064701a30d7e1175e1185cc6da44238302fab Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Mon, 22 Jan 2024 14:04:28 +0100
Subject: [PATCH] makepkg: Move check for signature metadata to central
location
Move the check for the `NEWSIG` metadata keyword contained in the
GnuPG based statusfile to `parse_gpg_statusfile()` so that it is also
run when creating the statusfile in `verify_file_signature()` and not
only when running `verify_git_signature()`.
Signed-off-by: David Runge <dvzrv@archlinux.org>
---
scripts/libmakepkg/integrity/verify_signature.sh.in | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
index d786a2c39..8a35fe16e 100644
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
@@ -223,17 +223,19 @@ verify_git_signature() {
return 1
fi
- if ! grep -qs NEWSIG "$statusfile"; then
- printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
- errors=1
- return 1
- fi
return 0
}
parse_gpg_statusfile() {
local type arg1 arg6 arg10
+ # ensure the NEWSIG keyword is part of the metadata
+ if ! grep -qs NEWSIG "$statusfile"; then
+ printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
+ errors=1
+ return 1
+ fi
+
while read -r _ type arg1 _ _ _ _ arg6 _ _ _ arg10 _; do
case "$type" in
GOODSIG)
--
GitLab

View file

@ -0,0 +1,52 @@
From 00d2b1f90261bf77eaaf262d2504af016562f2ac Mon Sep 17 00:00:00 2001
From: Morten Linderud <morten@linderud.pw>
Date: Sun, 17 Dec 2023 16:03:36 +0100
Subject: [PATCH] strip: don't create debug packages from .a files
.a files are not valid ELF files so we can't run objcopy nor debugedit
on them.
Rename STRIPLTO to STATICLIB to be more descriptive.
Signed-off-by: Morten Linderud <morten@linderud.pw>
---
scripts/libmakepkg/tidy/strip.sh.in | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in
index 6c435058a..e0a303532 100644
--- a/scripts/libmakepkg/tidy/strip.sh.in
+++ b/scripts/libmakepkg/tidy/strip.sh.in
@@ -156,7 +156,7 @@ tidy_strip() {
local binary strip_flags
find . -type f -perm -u+w -print0 2>/dev/null | LC_ALL=C sort -z | while IFS= read -rd '' binary ; do
- local STRIPLTO=0
+ local STATICLIB=0
case "$(LC_ALL=C readelf -h "$binary" 2>/dev/null)" in
*Type:*'DYN (Shared object file)'*) # Libraries (.so) or Relocatable binaries
strip_flags="$STRIP_SHARED";;
@@ -167,7 +167,7 @@ tidy_strip() {
*Type:*'REL (Relocatable file)'*) # Libraries (.a) or objects
if ar t "$binary" &>/dev/null; then # Libraries (.a)
strip_flags="$STRIP_STATIC"
- STRIPLTO=1
+ STATICLIB=1
elif [[ $binary = *'.ko' || $binary = *'.o' ]]; then # Kernel module or object file
strip_flags="$STRIP_SHARED"
else
@@ -177,9 +177,9 @@ tidy_strip() {
*)
continue ;;
esac
- collect_debug_symbols "$binary"
+ (( ! STATICLIB )) && collect_debug_symbols "$binary"
strip_file "$binary" ${strip_flags}
- (( STRIPLTO )) && strip_lto "$binary"
+ (( STATICLIB )) && strip_lto "$binary"
done
elif check_option "debug" "y"; then
--
GitLab

View file

@ -0,0 +1,26 @@
From 843bf21e794c79c5b3bcf8a57e45ef9c62312fee Mon Sep 17 00:00:00 2001
From: kpcyrd <kpcyrd@archlinux.org>
Date: Sun, 27 Aug 2023 13:03:40 +0200
Subject: [PATCH] libmakepkg: Fix non-reproducible binaries by processing
debuginfo in order
---
scripts/libmakepkg/tidy/strip.sh.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in
index 035a2142e..a53bd451b 100644
--- a/scripts/libmakepkg/tidy/strip.sh.in
+++ b/scripts/libmakepkg/tidy/strip.sh.in
@@ -152,7 +152,7 @@ tidy_strip() {
fi
local binary strip_flags
- find . -type f -perm -u+w -print0 2>/dev/null | while IFS= read -rd '' binary ; do
+ find . -type f -perm -u+w -print0 2>/dev/null | LC_ALL=C sort -z | while IFS= read -rd '' binary ; do
local STRIPLTO=0
case "$(LC_ALL=C readelf -h "$binary" 2>/dev/null)" in
*Type:*'DYN (Shared object file)'*) # Libraries (.so) or Relocatable binaries
--
GitLab

View file

@ -0,0 +1,50 @@
From 7a4fff3310ba2eadd3d5428cbb92e58eb2ee853b Mon Sep 17 00:00:00 2001
From: Morten Linderud <morten@linderud.pw>
Date: Wed, 21 Dec 2022 17:52:57 +0100
Subject: [PATCH] strip: split off file stripping and debug package creation
Some projects might duplicate the file in multiple locations for one
reason or another. When debug packages are enabled, `makepkg` will only
strip the first occurrence of the binary and abort early on all the
other binaries.
Signed-off-by: Morten Linderud <morten@linderud.pw>
---
scripts/libmakepkg/tidy/strip.sh.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in
index e904080c9..6c435058a 100644
--- a/scripts/libmakepkg/tidy/strip.sh.in
+++ b/scripts/libmakepkg/tidy/strip.sh.in
@@ -66,7 +66,7 @@ package_source_files() {
done < <(source_files "$binary")
}
-strip_file() {
+collect_debug_symbols() {
local binary=$1; shift
if check_option "debug" "y"; then
@@ -118,7 +118,10 @@ strip_file() {
ln -s "$target" "$dbgdir/.build-id/${bid:0:2}/${bid:2}.debug"
fi
fi
+}
+strip_file(){
+ local binary=$1; shift
local tempfile=$(mktemp "$binary.XXXXXX")
if strip "$@" "$binary" -o "$tempfile"; then
cat "$tempfile" > "$binary"
@@ -174,6 +177,7 @@ tidy_strip() {
*)
continue ;;
esac
+ collect_debug_symbols "$binary"
strip_file "$binary" ${strip_flags}
(( STRIPLTO )) && strip_lto "$binary"
done
--
GitLab

View file

@ -84,20 +84,14 @@ SigLevel = Never
[jobcore]
#Server = file:///var/cache/jobcore/
Include = /etc/pacman.d/mirrorlist-jobo
#Server = https://ftp.iij.ad.jp/pub/osdn.jp/storage/g/j/jo/joborun/jobcore/
#Server = https://osdn.net/projects/joborun/storage/jobcore/
[jobextra]
#Server = file:///var/cache/jobextra/
Include = /etc/pacman.d/mirrorlist-jobo
#Server = https://ftp.iij.ad.jp/pub/osdn.jp/storage/g/j/jo/joborun/jobextra/
#Server = https://osdn.net/projects/joborun/storage/jobextra/
[jobcomm]
#Server = file:///var/cache/jobcomm/
Include = /etc/pacman.d/mirrorlist-jobo
#Server = https://ftp.iij.ad.jp/pub/osdn.jp/storage/g/j/jo/joborun/jobcomm/
#Server = https://osdn.net/projects/joborun/storage/jobcomm/
#[jobmine]
# ## make your own repository and add what you build from OUR or AUR
@ -108,13 +102,14 @@ Include = /etc/pacman.d/mirrorlist-jobo
#### gpgme drops the effort after a few seconds and replies with
#### failure. Obarun should first make strict rules on building
#### before implementing strict rules on downloading pkgs!
#### Nothing useful can come out of obcore anymore unless you are curious
#[obcore-testing]
##[obcore-testing]
##Server = https://cloud.server.obarun.org/$repo/os/$arch/
#[obcore]
#Server = https://cloud.server.obarun.org/$repo/os/$arch/
[obcore]
Server = https://cloud.server.obarun.org/$repo/os/$arch/
#[obextra-testing]
#Server = https://cloud.server.obarun.org/$repo/os/$arch/
@ -183,17 +178,14 @@ Include = /etc/pacman.d/mirrorlist
#### Spark-Linux begins here #######
#[spark-testing]
#SigLevel = Never
##Include = /etc/pacman.d/mirrorlist-spark
#Server = https://mirror.fleshless.org/spark/$repo
#[spark]
#SigLevel = Never
##Include = /etc/pacman.d/mirrorlist-spark
#Server = https://mirror.fleshless.org/spark/$repo
#[spark-extra]
#SigLevel = Never
##Include = /etc/pacman.d/mirrorlist-spark
#Server = https://mirror.fleshless.org/spark/$repo
@ -204,31 +196,26 @@ Include = /etc/pacman.d/mirrorlist
#### Artix is designed to use exclusively ONE init and service manager, not two!
#[gremlins]
#SigLevel = Never
##SigLevel = DatabaseOptional
##Include = /etc/pacman.d/mirrorlist-artix
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
#[system]
#SigLevel = Never
##SigLevel = DatabaseOptional
##Include = /etc/pacman.d/mirrorlist-artix
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
#[world]
#SigLevel = Never
##SigLevel = DatabaseOptional
##Include = /etc/pacman.d/mirrorlist-artix
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
#[galaxy-gremlins]
#SigLevel = Never
##SigLevel = DatabaseOptional
##Include = /etc/pacman.d/mirrorlist-artix
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
#[galaxy]
#SigLevel = Never
##SigLevel = DatabaseOptional
##Include = /etc/pacman.d/mirrorlist-artix
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
@ -237,13 +224,11 @@ Include = /etc/pacman.d/mirrorlist
# enable the multilib repositories as required here.
#[lib32-gremlins]
#SigLevel = Never
##SigLevel = DatabaseOptional
##Include = /etc/pacman.d/mirrorlist-artix
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
#[lib32]
#SigLevel = Never
##SigLevel = DatabaseOptional
##Include = /etc/pacman.d/mirrorlist-artix
#Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
@ -251,19 +236,16 @@ Include = /etc/pacman.d/mirrorlist
#### Archstrike and Blackarch begin here #######
#[archstrike-testing]
#SigLevel = Never
##SigLevel = DatabaseOptional
##Include = /etc/pacman.d/archstrike-mirrorlist
#Server = https://mirror.archstrike.org/$arch/$repo
#[archstrike]
#SigLevel = Never
##SigLevel = DatabaseOptional
##Include = /etc/pacman.d/archstrike-mirrorlist
#Server = https://mirror.archstrike.org/$arch/$repo
#[blackarch]
#SigLevel = Never
##SigLevel = DatabaseOptional
##Include = /etc/pacman.d/blackarch-mirrorlist
#Server = https://blackarch.org/blackarch/$repo/os/$arch

8
pacman/patch.list Normal file
View file

@ -0,0 +1,8 @@
pacman-change-default-checksum-from-md5-to-sha256.patch
pacman-sort-debuginfod-repro.patch
pacman-split-off-strip-debug.patch
pacman-ignore-a-files.patch
pacman-early-err-git.patch
pacman-fix-gnupg-binary-data.patch
pacman-fix-gnupg-newsig-check.patch
pacman-check-pipes-gnupg.patch