Age | Commit message (Collapse) | Author |
|
Provide both build systems in parallel for now, to ensure that we work
out all the differences between the two. Some time from now, we'll give
up on autotools.
Meson tends to be faster and probably easier to read/maintain. On my
machine, the full meson configure+build+install takes a little under
half as long as a similar autotools-based invocation.
Building with meson is a two step process. First, configure the build:
meson build
Then, compile the project:
ninja -C build
There's some mild differences in functionality between meson and
autotools. specifically:
1) No singular update-po target. meson only generates individual
update-po targets for each textdomain (of which we have 3). To make
this easier, there's a build-aux/update-po script which finds all
update-po targets and runs them.
2) No 'make dist' equivalent. Just run 'git archive' to generate a
suitable tarball for distribution.
|
|
make update-copyright OLD=2017 NEW=201
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
As per https://lists.archlinux.org/pipermail/arch-general/2017-July/043876.html
git doesn't check that the tag name matches what an annotated tag object
*thinks* it should be called. This is a bit of a theoretical attack and
some would argue that we should always use commits since upstream can
legitimately change a tag, but nevertheless this can result in a
downgrade attack if the git download transport was manipulated or the
upstream repository hacked.
So, check the tag blob to make sure the tag actually matches the name we
used for `git checkout`.
This really should be fixed in git itself, rather than forcing all
downstream users of git verify-tag to implement their own checks, but
the git developers disagree, see the discussion surrounding
https://public-inbox.org/git/xmqqk2hzldx8.fsf@gitster.mtv.corp.google.com/
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
There were a couple places where filenames beginning with "-" were not
properly guarded against by passing them after "--". Some PKGBUILD
authors are crazy, but we still take those into account.
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
A git repository is marked as signed if it contains the query "signed"
as defined by https://tools.ietf.org/html/rfc3986
Adds two utility functions in util/source.sh.in to extract fragments and
queries, and modifies source/git.sh.in to use them.
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
make update-copyright OLD=2015 NEW=2016
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Most entries in $sources contain variables so finding out why a URL
fails to download is hard because one has to manually replace the
variables when looking at the PKGBUILD. Simply output the full URL here
so that it can be easily seen what is wrong.
Old:
==> ERROR: Failure while downloading example-1.2.4.tar.gz
New:
==> ERROR: Failure while downloading http://example.org/releases/1.1/example-1.2.4.tar.gz
With the new format it is much more obvious that the directory name is
the culprint (1.1 vs 1.2) while the old one would not display that
information.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Makes all use of ellipses consistent...
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|