[SOLVED] makepkg: fail to sign source package with dynamic version

GaKu999 · 2020-10-11 22:31:22

Repeating the contents of the title, makepkg fails to sign the resulting source package when it's a dynamically versioned package (having pkgver function in PKGBUILD)
The reason (as I have tracked thus far) is because on the line 1361 the variable fullver expands to an empty string...

Output of a test run with setroot-git:

$ makepkg --allsource --sign
==> Making package: setroot-git v1.5.gfc7c6dd-1 (Sun Oct 11 17:21:16 2020)
==> Retrieving sources...
  -> Updating setroot git repo...
Fetching origin
==> Validating source files with md5sums...
    setroot ... Skipped
==> Entering fakeroot environment...
==> Creating source package...
  -> Adding PKGBUILD...
  -> Generating .SRCINFO file...
  -> Adding setroot...
  -> Adding install file (setroot-git.install)...
  -> Compressing source package...
==> Leaving fakeroot environment.
==> Signing package...
==> WARNING: Failed to sign package file setroot-git-.src.tar.gz.

==> ERROR: An unknown error has occurred. Exiting...
User defined signal 1
CODE: 138

Is this a known bug? The bugtracker doesn't have something similar to this
Didn't find anything in the mailing lists & this forum either...

I'm currently searching the why, hopefully this thread will end with a working patch that will fix it, (unless it's known already and fixed in the git repo...that's why I choose to ask here)

Version information:

$ makepkg --version
makepkg (pacman) 5.2.2
Copyright (c) 2006-2020 Pacman Development Team <pacman-dev@archlinux.org>.
Copyright (C) 2002-2006 Judd Vinet <jvinet@zeroflux.org>.

This is free software; see the source for copying conditions.
There is NO WARRANTY, to the extent permitted by law.

If there's a way to make makepkg spit out a really verbose output that will be more useful than the one I have posted already, let me known.
I'm considering set -x, but that will be REALLY verbose...

Last edited by GaKu999 (2020-10-12 02:08:43)

Trilby · 2020-10-11 23:40:32

From just reviewing the makepkg script code I believe you are right. $fullver is used on line 1361 but that variable is never defined in that (global) scope. It is only ever defined as needed within functions as fullver=$(get_full_version).

GaKu999 · 2020-10-12 00:14:34

Did a test compilation and run of pacman-git from the AUR, besides makepkg haves 2 extra lines displacing the issue to 1363, nobody has noticed it. Seems to be legit.
*reverted to core/pacman*

I wonder, is there an official package built with dynamic versioning? Most are in the AUR, and probably I'm the first one that decided to make source packages of ${name}-git packages...

On topic, with enough info of replication, knowing that it's still there, and where it lies, should I make a bugtracker account and report it as a bug?
I don't have a patch, and there is maybe a reason of why fullver is inside functions only...

Looking at it, I also noticed that pkgver is not run at all, building the source package with an old version number...(for the case of --allsource, IIRC -S omits certain files)

Yep, indeed a test suite would be a niche with all the planned features:
https://bugs.archlinux.org/task/15645?p … &pagenum=2

Trilby · 2020-10-12 00:43:42

It'd be pretty easy to patch. Either of the following should suffice:

# option 1
- create_signature "$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}"
+ create_signature "$SRCPKGDEST/${pkgbase}-$(get_full_version)${SRCEXT}"

# option 2
+ fullver=$(get_full_version)
  create_signature "$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}"

I'd prefer the former, as there is little point in storing a result in a variable if it is to only be used once. But the second version may fit in better with the current style.

Of course this is all for naught if the pkgver function isn't even run. That seems to be a bigger concern and would have to be addressed first. Though I'm confused by that ... to make a source package, steps must have been run to retrieve the source, so there's no reason pkgver should not be executed.

Last edited by Trilby (2020-10-12 00:44:42)

GaKu999 · 2020-10-12 00:52:42

Trilby wrote:

It'd be pretty easy to patch. Either of the following should suffice:
# option 1
- create_signature "$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}"
+ create_signature "$SRCPKGDEST/${pkgbase}-$(get_full_version)${SRCEXT}"

# option 2
+ fullver=$(get_full_version)
  create_signature "$SRCPKGDEST/${pkgbase}-${fullver}${SRCEXT}"
I'd prefer the former, as there is little point in storing a result in a variable if it is to only be used once. But the second version may fit in better with the current style.

Simple enough

Trilby wrote:

Of course this is all for naught if the pkgver function isn't even run. That seems to be a bigger concern and would have to be addressed first. Though I'm confused by that ... to make a source package, steps must have been run to retrieve the source, so there's no reason pkgver should not be executed.

~~If I'm not mistaken, running pkgver should be after fetching the sources...let me try some tweaks...(after researching how it even runs pkgver)~~

~~Well, working patch that takes care of both issues:~~
EDIT: @eschwartz already dealt with it, patches aren't needed anymore

I might have to patch or create against the source tree...will update shortly
EDIT: much better

~~Any final remarks? I'm gonna create a bugtracker account now~~

EDIT:
Per petition of @eschwartz in IRC "and no, we should not be messing with the pkgver"
Reverted and only make fullver

Solved, case closed.

Last edited by GaKu999 (2020-10-12 02:07:56)

eschwartz · 2020-10-12 02:04:21

Patch to fix this: https://paste.xinu.at/rp2pDSkB7/

check_build_status accidentally leaked the needed variable into the global state, which is why it sometimes worked.

No, the pkgver() function must not be run during source package creation, only after running source extraction into $BUILDDIR followed by prepare().

In much the way --verifysource will download git repos but not update the pkgver either.

Arch Linux

#1 2020-10-11 22:31:22

[SOLVED] makepkg: fail to sign source package with dynamic version

#2 2020-10-11 23:40:32

Re: [SOLVED] makepkg: fail to sign source package with dynamic version

#3 2020-10-12 00:14:34

Re: [SOLVED] makepkg: fail to sign source package with dynamic version

#4 2020-10-12 00:43:42

Re: [SOLVED] makepkg: fail to sign source package with dynamic version

#5 2020-10-12 00:52:42

Re: [SOLVED] makepkg: fail to sign source package with dynamic version

#6 2020-10-12 02:04:21

Re: [SOLVED] makepkg: fail to sign source package with dynamic version

Board footer