prepare release

We do not allow packages to be uploaded without signatures so force
all unsigned packages to be signed.  This has the bonus of not
breaking makepkg signing support by requiring you use an internal
makepkg variable.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>

Makefile

@@ -1,4 +1,4 @@
-V=20111220
+V=20120215
 
 PREFIX = /usr/local
 
@@ -26,6 +26,7 @@ CONFIGFILES = \
 	pacman-staging.conf \
 	pacman-multilib.conf \
 	pacman-multilib-testing.conf \
+	pacman-multilib-staging.conf \
 	pacman-kde-unstable.conf \
 	pacman-gnome-unstable.conf
 
@@ -39,6 +40,7 @@ COMMITPKG_LINKS = \
 	community-stagingpkg \
 	multilibpkg \
 	multilib-testingpkg \
+	multilib-stagingpkg \
 	kde-unstablepkg \
 	gnome-unstablepkg
 
@@ -51,6 +53,7 @@ ARCHBUILD_LINKS = \
 	staging-x86_64-build \
 	multilib-build \
 	multilib-testing-build \
+	multilib-staging-build \
 	kde-unstable-i686-build \
 	kde-unstable-x86_64-build \
 	gnome-unstable-i686-build \

archbuild.in

@@ -2,8 +2,7 @@
 
 m4_include(lib/common.sh)
 
-# FIXME: temporary added curl until pacman 4.0 moves to [core]
-base_packages=(base base-devel sudo curl)
+base_packages=(base base-devel sudo)
 
 cmd="${0##*/}"
 if [[ "${cmd%%-*}" == 'multilib' ]]; then
@@ -53,27 +52,13 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 	done
 	exec 9>&-
 
-	# FIXME: temporary workaround until pacman 4.0 moves to [core]
-	if pacman -V | grep -q 'v4.' && ( [[ "$repo" == 'extra' || "$repo" == 'multilib' ]] ); then
-		pacman_conf=$(mktemp)
-		cp "@pkgdatadir@/pacman-${repo}.conf" "${pacman_conf}"
-		sed -r 's/^#(SigLevel = Never)/\1/' -i "${pacman_conf}"
-	else
-		pacman_conf="@pkgdatadir@/pacman-${repo}.conf"
-	fi
-
 	rm -rf "${chroots}/${repo}-${arch}"
 	mkdir -p "${chroots}/${repo}-${arch}"
 	setarch "${arch}" mkarchroot \
-		-C "${pacman_conf}" \
+		-C "@pkgdatadir@/pacman-${repo}.conf" \
 		-M "@pkgdatadir@/makepkg-${arch}.conf" \
 		"${chroots}/${repo}-${arch}/root" \
 		"${base_packages[@]}"
-
-	# FIXME: temporary workaround until pacman 4.0 moves to [core]
-	if pacman -V | grep -q 'v4.' && ( [[ "$repo" == 'extra' || "$repo" == 'multilib' ]] ); then
-		cp "@pkgdatadir@/pacman-${repo}.conf" "${chroots}/${repo}-${arch}/root/etc/pacman.conf"
-	fi
 else
 	setarch ${arch} mkarchroot \
 		-u \

archrelease.in

@@ -1,13 +1,32 @@
 #!/bin/bash
 
 m4_include(lib/common.sh)
+m4_include(lib/valid-tags.sh)
 
-if [[ -z $1 ]]; then
-	echo 'Usage: archrelease <repo>...'
+# parse command line options
+FORCE=
+while getopts ':f' flag; do
+	case $flag in
+		f) FORCE=1 ;;
+		:) die "Option requires an argument -- '$OPTARG'" ;;
+		\?) die "Invalid option -- '$OPTARG'" ;;
+	esac
+done
+shift $(( OPTIND - 1 ))
+
+if ! (( $# )); then
+	echo 'Usage: archrelease [-f] <repo>...'
 	exit 1
 fi
 
-# TODO: validate repo is really repo-arch
+# validate repo is really repo-arch
+if [[ -z $FORCE ]]; then
+	for tag in "$@"; do
+		if ! in_array "$tag" "${_tags[@]}"; then
+			die 'archrelease: Invalid tag: "'$tag'" (use -f to force release)'
+		fi
+	done
+fi
 
 if [[ ! -f PKGBUILD ]]; then
 	die 'archrelease: PKGBUILD not found'

commitpkg.in

@@ -3,13 +3,19 @@
 m4_include(lib/common.sh)
 
 getpkgfile() {
-	if [[ ${#} -ne 1 ]]; then
-		die 'No canonical package found!'
-	elif [[ ! -f $1 ]]; then
-		die "Package ${1} not found!"
-	fi
+	case $# in
+		0)
+			error 'No canonical package found!'
+			return 1
+			;;
+		[!1])
+			error 'Failed to canonicalize package name -- multiple packages found:'
+			msg2 '%s' "$@"
+			return 1
+			;;
+	esac
 
-	echo ${1}
+	echo "$1"
 }
 
 # Source makepkg.conf; fail if it is not found
@@ -127,36 +133,27 @@ for _arch in ${arch[@]}; do
 
 	for _pkgname in ${pkgname[@]}; do
 		fullver=$(get_full_version $_pkgname)
-		pkgfile=$(getpkgfile "$_pkgname-$fullver-${_arch}".pkg.tar.?z 2>/dev/null)
-		pkgdestfile=$(getpkgfile "$PKGDEST/$_pkgname-$fullver-${_arch}".pkg.tar.?z 2>/dev/null)
 
-		if [[ -f $pkgfile ]]; then
-			pkgfile="./$pkgfile"
-		elif [[ -f $pkgdestfile ]]; then
-			pkgfile="$pkgdestfile"
-		else
-			warning "Could not find ${pkgfile}. Skipping ${_arch}"
+		if ! pkgfile=$(shopt -s nullglob;
+				getpkgfile "${PKGDEST+$PKGDEST/}$_pkgname-$fullver-${_arch}".pkg.tar.?z); then
+			warning "Skipping $_pkgname-$fullver-$_arch: failed to locate package file"
 			skip_arches+=($_arch)
 			continue 2
 		fi
 		uploads+=("$pkgfile")
 
 		sigfile="${pkgfile}.sig"
-		if [[ $SIGNPKG == 'y' && ! -f $sigfile ]]; then
+		if [[ ! -f $sigfile ]]; then
 			msg "Signing package ${pkgfile}..."
 			if [[ -n $GPGKEY ]]; then
 				SIGNWITHKEY="-u ${GPGKEY}"
 			fi
 			gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || die
 		fi
-		if [[ -f $sigfile ]]; then
-			if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
-				die "Signature ${pkgfile}.sig is incorrect!"
-			fi
-			uploads+=("$sigfile")
-		else
-			die "Signature ${pkgfile}.sig was not found"
+		if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
+			die "Signature ${pkgfile}.sig is incorrect!"
 		fi
+		uploads+=("$sigfile")
 	done
 done
 
@@ -167,6 +164,16 @@ for _arch in ${arch[@]}; do
 done
 archrelease "${commit_arches[@]/#/$repo-}" || die
 
+new_uploads=()
+
+# convert to absolute paths so rsync can work with colons (epoch)
+while read -r -d '' upload; do
+	  new_uploads+=("$upload")
+done < <(realpath -z "${uploads[@]}")
+
+uploads=("${new_uploads[@]}")
+unset new_uploads
+
 if [[ ${#uploads[*]} -gt 0 ]]; then
 	msg 'Uploading all package and signature files'
 	rsync "${rsyncopts[@]}" "${uploads[@]}" "$server:staging/$repo/" || die

find-libdeps.in

@@ -73,7 +73,7 @@ find . -type f $find_args | while read filename; do
 	if [[ $script_mode = "provides" ]]; then
 		# get the string binaries link to: libfoo.so.1.2 -> libfoo.so.1
 		sofile=$(LC_ALL=C readelf -d "$filename" 2>/dev/null | sed -n 's/.*Library soname: \[\(.*\)\].*/\1/p')
-		[[ -z $sofile" ]] && sofile="${filename##*/}"
+		[[ -z $sofile ]] && sofile="${filename##*/}"
 		process_sofile
 	elif [[ $script_mode = "deps" ]]; then
 		# process all libraries needed by the binary

lib/valid-tags.sh

@@ -0,0 +1,20 @@
+_arch=(
+	i686
+	x86_64
+	any
+)
+
+_tags=(
+	core-i686 core-x86_64 core-any
+	extra-i686 extra-x86_64 extra-any
+	multilib-x86_64
+	staging-i686 staging-x86_64 staging-any
+	testing-i686 testing-x86_64 testing-any
+	multilib-testing-x86_64
+	multilib-staging-x86_64
+	community-i686 community-x86_64 community-any
+	community-staging-i686 community-staging-x86_64 community-staging-any
+	community-testing-i686 community-testing-x86_64 community-testing-any
+	kde-unstable-i686 kde-unstable-x86_64 kde-unstable-any
+	gnome-unstable-i686 gnome-unstable-x86_64 gnome-unstable-any
+)

makechrootpkg.in

@@ -20,6 +20,7 @@ install_pkg=
 add_to_db=false
 run_namcap=false
 chrootdir=
+passeddir=
 
 default_copy=$USER
 [[ -n $SUDO_USER ]] && default_copy=$SUDO_USER
@@ -52,8 +53,8 @@ usage() {
 	echo '-I <pkg>   Install a package into the working copy of the chroot'
 	echo '-l <copy>  The directory to use as the working copy of the chroot'
 	echo '           Useful for maintaining multiple copies.'
-	echo '-n         Run namcap on the package'
 	echo "           Default: $default_copy"
+	echo '-n         Run namcap on the package'
 	exit 1
 }
 
@@ -63,7 +64,7 @@ while getopts 'hcudr:I:l:n' arg; do
 		c) clean_first=true ;;
 		u) update_first=true ;;
 		d) add_to_db=true ;;
-		r) chrootdir="$OPTARG" ;;
+		r) passeddir="$OPTARG" ;;
 		I) install_pkg="$OPTARG" ;;
 		l) copy="$OPTARG" ;;
 		n) run_namcap=true ;;
@@ -72,7 +73,7 @@ while getopts 'hcudr:I:l:n' arg; do
 done
 
 # Canonicalize chrootdir, getting rid of trailing /
-chrootdir=$(readlink -e "$chrootdir")
+chrootdir=$(readlink -e "$passeddir")
 
 if [[ ${copy:0:1} = / ]]; then
 	copydir=$copy
@@ -101,7 +102,7 @@ if [[ ! -f PKGBUILD && -z $install_pkg ]]; then
 fi
 
 if [[ ! -d $chrootdir ]]; then
-	die "No chroot dir defined, or invalid path '$chrootdir'"
+	die "No chroot dir defined, or invalid path '$passeddir'"
 fi
 
 if [[ ! -d $chrootdir/root ]]; then

pacman-extra.conf

@@ -47,8 +47,8 @@ Architecture = auto
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
 #SigLevel = Optional TrustAll
-# Disable signature checks for now
-#SigLevel = Never
+# For now, off by default unless you read the above.
+SigLevel = Never
 
 #
 # REPOSITORIES

pacman-gnome-unstable.conf

@@ -47,7 +47,7 @@ Architecture = auto
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
 #SigLevel = Optional TrustAll
-# Disable signature checks for now
+# For now, off by default unless you read the above.
 SigLevel = Never
 
 #

pacman-kde-unstable.conf

@@ -47,7 +47,7 @@ Architecture = auto
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
 #SigLevel = Optional TrustAll
-# Disable signature checks for now
+# For now, off by default unless you read the above.
 SigLevel = Never
 
 #

pacman-multilib-staging.conf

@@ -0,0 +1,113 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+HoldPkg     = pacman glibc
+# If upgrades are available for these packages they will be asked for first
+SyncFirst   = pacman
+#XferCommand = /usr/bin/curl -C - -f %u > %o
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#UseDelta
+#TotalDownload
+# We cannot check disk space from within a chroot environment
+#CheckSpace
+#VerbosePkgLists
+
+# PGP signature checking
+# NOTE: None of this will work without running `pacman-key --init` first.
+# The compiled in default is equivalent to the following line. This requires
+# you to locally sign and trust packager keys using `pacman-key` for them to be
+# considered valid.
+#SigLevel = Optional TrustedOnly
+# If you wish to check signatures but avoid local sign and trust issues, use
+# the following line. This will treat any key imported into pacman's keyring as
+# trusted.
+#SigLevel = Optional TrustAll
+# For now, off by default unless you read the above.
+SigLevel = Never
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+[staging]
+Include = /etc/pacman.d/mirrorlist
+
+[testing]
+Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+[community-staging]
+Include = /etc/pacman.d/mirrorlist
+
+[community-testing]
+Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# If you want to run 32 bit applications on your x86_64 system,
+# enable the multilib repository here.
+[multilib-staging]
+Include = /etc/pacman.d/mirrorlist
+
+[multilib-testing]
+#SigLevel = Optional TrustAll
+Include = /etc/pacman.d/mirrorlist
+
+[multilib]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#Server = file:///home/custompkgs
+

pacman-multilib-testing.conf

@@ -47,7 +47,7 @@ Architecture = auto
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
 #SigLevel = Optional TrustAll
-# Disable signature checks for now
+# For now, off by default unless you read the above.
 SigLevel = Never
 
 #

pacman-multilib.conf

@@ -47,8 +47,8 @@ Architecture = auto
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
 #SigLevel = Optional TrustAll
-# Disable signature checks for now
-#SigLevel = Never
+# For now, off by default unless you read the above.
+SigLevel = Never
 
 #
 # REPOSITORIES

pacman-staging.conf

@@ -47,7 +47,7 @@ Architecture = auto
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
 #SigLevel = Optional TrustAll
-# Disable signature checks for now
+# For now, off by default unless you read the above.
 SigLevel = Never
 
 #

pacman-testing.conf

@@ -47,7 +47,7 @@ Architecture = auto
 # the following line. This will treat any key imported into pacman's keyring as
 # trusted.
 #SigLevel = Optional TrustAll
-# Disable signature checks for now
+# For now, off by default unless you read the above.
 SigLevel = Never
 
 #

zsh_completion.in

@@ -1,20 +1,6 @@
-#compdef archbuild archco archrelease archrm commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-i686-build=archbuild extra-x86_64-build=archbuild testing-i686-build=archbuild testing-x86_64-build=archbuild staging-i686-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild kde-unstable-i686-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-i686-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco
+#compdef archbuild archco archrelease archrm commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-i686-build=archbuild extra-x86_64-build=archbuild testing-i686-build=archbuild testing-x86_64-build=archbuild staging-i686-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-i686-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-i686-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco
 
-_arch=(i686 x86_64 any)
-
-_tags=(
-	core-i686 core-x86_64 core-any
-	extra-i686 extra-x86_64 extra-any
-	multilib-i686 multilib-x86_64 multilib-any
-	staging-i686 staging-x86_64 staging-any
-	testing-i686 testing-x86_64 testing-any
-	multilib-testing-i686 multilib-testing-x86_64 multilib-testing-any
-	community-i686 community-x86_64 community-any
-	community-staging-i686 community-staging-x86_64 community-staging-any
-	community-testing-i686 community-testing-x86_64 community-testing-any
-	kde-unstable-i686 kde-unstable-x86_64 kde-unstable-any
-	gnome-unstable-i686 gnome-unstable-x86_64 gnome-unstable-any
-)
+m4_include(lib/valid-tags.sh)
 
 _archbuild_args=(
 	'-c[Recreate the chroot before building]'