commitpkg: small msg change

Reviewed-on: #67

Makefile

@@ -42,7 +42,10 @@ PKG_BIN = \
 	bin/pkg/checkrepo \
 	bin/pkg/gitearepo \
 	bin/pkg/tidyarch \
-	bin/pkg/mkdepgraph
+	bin/pkg/mkdepgraph \
+	bin/pkg/diffpkg \
+	bin/pkg/makerepropkg \
+	bin/pkg/export-pkgbuild-keys
 
 LN_COMMITPKG = \
 	extrapkg \

bin/base/mkchroot.in

@@ -90,11 +90,11 @@ for f in "${files[@]}"; do
     cp "$f" "$working_dir$f"
 done
 
-basestrap -${umode}Mc ${pacman_conf:+-C "$pacman_conf"} "$working_dir" \
+unshare --mount basestrap -${umode}Mc ${pacman_conf:+-C "$pacman_conf"} "$working_dir" \
     "${cache_dirs[@]/#/--cachedir=}" "$@" || die 'Failed to install all packages'
 
-printf '%s.UTF-8 UTF-8\n' en_US de_DE > "$working_dir/etc/locale.gen"
-printf 'LANG=en_US.UTF-8\n' > "$working_dir/etc/locale.conf"
+printf '%s.UTF-8 UTF-8\n' C en_US de_DE > "$working_dir/etc/locale.gen"
+printf 'LANG=C.UTF-8\n' > "$working_dir/etc/locale.conf"
 # printf 'KEYMAP=en\n' > "$working_dir/etc/vconsole.conf"
 printf "%s\n" "${CHROOTVERSION}" > "$working_dir/.artools"
 

bin/pkg/buildtree.in

@@ -112,8 +112,8 @@ update_tree() {
 
 set_maintainer() {
     local name email path="$1"
-    name=$(git config --get user.name)
-    email=$(git config --get user.email)
+    name=$(git -C $path config --get user.name)
+    email=$(git -C $path config --get user.email)
     sed -e "1s|Maintainer:.*|Maintainer: $name <$email>|" \
         -i "$path"/PKGBUILD
 }

bin/pkg/checkpkg.in

@@ -13,77 +13,10 @@
 # GNU General Public License for more details.
 
 m4_include(lib/base/message.sh)
-
-shopt -s extglob
+m4_include(lib/pkg/diff.sh)
 
 load_makepkg_config
 
-#{{{ functions
-
-pkgver_equal() {
-    if [[ $1 = *-* && $2 = *-* ]]; then
-        # if both versions have a pkgrel, then they must be an exact match
-        [[ $1 = "$2" ]]
-    else
-        # otherwise, trim any pkgrel and compare the bare version.
-        [[ ${1%%-*} = "${2%%-*}" ]]
-    fi
-}
-
-find_cached_package() {
-    local searchdirs=("$PKGDEST" "$PWD") results=()
-    local targetname=$1 targetver=$2 targetarch=$3
-    local dir pkg pkgbasename name ver rel arch r results
-
-    for dir in "${searchdirs[@]}"; do
-        [[ -d $dir ]] || continue
-
-        for pkg in "$dir"/*.pkg.tar?(.!(sig|*.*)); do
-            [[ -f $pkg ]] || continue
-
-            # avoid adding duplicates of the same inode
-            for r in "${results[@]}"; do
-                [[ $r -ef $pkg ]] && continue 2
-            done
-
-            # split apart package filename into parts
-            pkgbasename=${pkg##*/}
-            pkgbasename=${pkgbasename%.pkg.tar*}
-
-            arch=${pkgbasename##*-}
-            pkgbasename=${pkgbasename%-"$arch"}
-
-            rel=${pkgbasename##*-}
-            pkgbasename=${pkgbasename%-"$rel"}
-
-            ver=${pkgbasename##*-}
-            name=${pkgbasename%-"$ver"}
-
-            if [[ $targetname = "$name" && $targetarch = "$arch" ]] &&
-                pkgver_equal "$targetver" "$ver-$rel"; then
-                results+=("$pkg")
-            fi
-        done
-    done
-
-    case ${#results[*]} in
-        0)
-            return 1
-        ;;
-        1)
-            printf '%s\n' "${results[0]}"
-            return 0
-        ;;
-        *)
-            error 'Multiple packages found:'
-            printf '\t%s\n' "${results[@]}" >&2
-            return 1
-        ;;
-    esac
-}
-
-#}}}
-
 usage() {
     cat <<- _EOF_
         Usage: ${BASH_SOURCE[0]##*/} [OPTIONS]

bin/pkg/commitpkg.in

@@ -22,18 +22,6 @@ m4_include(lib/pkg/repo.sh)
 
 #{{{ functions
 
-check_rebuild(){
-    if [[ -d "$CARCH"/"${valid_names[10]}" ]] \
-    && [[ "${repo_dest}" == "${valid_names[7]}" ]]; then
-        git rm -r "$CARCH"/"${valid_names[10]}"
-        git commit -m "switch from ${valid_names[10]} to ${valid_names[7]}"
-    elif [[ -d "$CARCH"/"${valid_names[7]}" ]] \
-    && [[ "${repo_dest}" == "${valid_names[10]}" ]]; then
-        git rm -r "$CARCH"/"${valid_names[7]}"
-        git commit -m "switch from ${valid_names[7]} to ${valid_names[10]}"
-    fi
-}
-
 check_team(){
     if [[ "${repo_src}" == "${valid_names[0]}" && "${repo_dest}" == "${valid_names[1]}" ]] || \
         [[ "${repo_src}" == "${valid_names[1]}" && "${repo_dest}" == "${valid_names[0]}" ]] || \
@@ -50,11 +38,22 @@ check_team(){
     fi
 }
 
-path_config() {
-    [[ "${repo_src}" != 'trunk' ]] && pkgbuild="$CARCH/${repo_src}"/PKGBUILD
+push_super() {
+    local name="$1"
+    msg "Update (%s)" "$name"
+    git push origin master
+    git prune
+    [[ "${cmd}" != 'commitpkg' ]] && check_team
+}
 
-    # shellcheck disable=1090
-    . "$pkgbuild"
+push_pkg() {
+    local name="$1"
+    if braid push "${package}"; then
+        braid update "${package}"
+        push_super "$name"
+    else
+        error "'braid push %s' failed.\n" "${package}"
+    fi
 }
 
 get_repo_commit_msg() {
@@ -72,15 +71,15 @@ commit_pkg() {
         commit_msg=$(get_commit_msg)
         msg "Action: %s" "$commit_msg"
         if [[ "${repo_src}" == 'trunk' ]];then
-            git rm -r trunk
+            git rm -r $package/trunk
         else
-            git rm -r "$CARCH/${repo_src}"
+            git rm -r "$package/$CARCH/${repo_src}"
         fi
     else
         action='modify'
         commit_msg=$(get_commit_msg)
         msg "Action: %s" "$commit_msg"
-        git add .
+        git add "$package"
     fi
     git commit -m "$commit_msg"
 }
@@ -88,60 +87,51 @@ commit_pkg() {
 repo_commit_pkg() {
     local commit_msg
 
-    [[ -d "$CARCH/${repo_dest}" ]] && git rm -r "$CARCH/${repo_dest}"
-    [[ ! -d "$CARCH" ]] && mkdir "$CARCH"
-    [[ ! -d "$CARCH/${repo_dest}" ]] && mkdir "$CARCH/${repo_dest}"
+    [[ -d "$package/$CARCH/${repo_dest}" ]] && git rm -r "$package/$CARCH/${repo_dest}"
+    [[ ! -d "$package/$CARCH" ]] && mkdir "$package/$CARCH"
+    [[ ! -d "$package/$CARCH/${repo_dest}" ]] && mkdir "$package/$CARCH/${repo_dest}"
 
     if [[ "${repo_src}" == 'trunk' ]]; then
         action='add'
         commit_msg=$(get_repo_commit_msg)
         msg "Action: %s" "$commit_msg"
-        check_rebuild
-        cp trunk/* "$CARCH/${repo_dest}"/
+        cp -r "$package"/trunk/* "$package/$CARCH/${repo_dest}"/
     else
         action='move'
         [[ ! -f $pkgbuild ]] && die "%s does not exist!" "$pkgbuild"
         commit_msg=$(get_repo_commit_msg)
         msg "Action: %s" "$commit_msg"
-        cp "$CARCH/${repo_src}"/* "$CARCH/${repo_dest}"/
-        git rm -r "$CARCH/${repo_src}"
+        cp -r "$package/$CARCH/${repo_src}"/* "$package/$CARCH/${repo_dest}"/
+        git rm -r "$package/$CARCH/${repo_src}"
     fi
-    git add .
+    git add "$package"
     git commit -m "$commit_msg"
 }
 
 run(){
-    local artixpath head tree
+    local artixpath head tree tree_name
     artixpath=$(find_pkg "${TREE_DIR_ARTIX}" "${package}")
     if [[ -n ${artixpath} ]];then
         tree=${artixpath%/*}
+        tree_name=${tree##*/}
         cd "$tree" || return
         head=$(get_local_head)
 
-        cd "${artixpath}" || return
-
-        path_config
-
-        if [[ "${cmd}" == 'commitpkg' ]];then
-            commit_pkg
-        else
-            repo_commit_pkg
+        pkgbuild="$package"/trunk/PKGBUILD
+        if [[ "${repo_src}" != 'trunk' ]]; then
+            pkgbuild="$package/$CARCH/${repo_src}"/PKGBUILD
         fi
+        # shellcheck disable=1090
+        . "$pkgbuild"
 
-        cd "$tree" || return
+        case "${cmd}" in
+            'commitpkg') commit_pkg ;;
+            *) repo_commit_pkg ;;
+        esac
 
-        msg "Checking (%s) (Artix)" "${tree##*/}"
-        pull_tree "${tree##*/}" "$head"
-
-        if braid push "${package}"; then
-            braid update "${package}"
-            msg "Update (%s)" "${tree##*/}"
-            git push origin master
-            git prune
-            [[ "${cmd}" != 'commitpkg' ]] && check_team
-        else
-            warning "'braid push %s' failed.\n" "${package}"
-        fi
+        msg "Checking (%s) (Artix)" "$tree_name"
+        pull_tree "$tree_name" "$head"
+        push_pkg "$tree_name"
     else
         die "Package '%s' does not exist!" "${package}"
     fi
@@ -168,8 +158,6 @@ repo_src='trunk'
 package=''
 remove=false
 
-pkgbuild=trunk/PKGBUILD
-
 cmd=${0##*/}
 repo_dest=${cmd%pkg}
 

bin/pkg/diffpkg.in

@@ -0,0 +1,325 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/base/message.sh)
+m4_include(lib/pkg/diff.sh)
+
+usage() {
+    cat <<- _EOF_
+    Usage: ${BASH_SOURCE[0]##*/} [OPTIONS] [MODES] [FILE|PKGNAME...]
+
+    Searches for a locally built package corresponding to the PKGBUILD, and
+    downloads the last version of that package from the Pacman repositories.
+    It then compares the package archives using different modes while using
+    simple tar content list by default.
+
+    When given one package, use it to diff against the locally built one.
+    When given two packages, diff both packages against each other.
+
+    In either case, a package name will be converted to a filename from the
+    cache, and diffpkg will proceed as though this filename was initially
+    specified.
+
+    OPTIONS
+        -M, --makepkg-config Set an alternate makepkg configuration file
+        -v, --verbose        Provide more detailed/unfiltered output
+        -h, --help           Show this help text
+
+    MODES
+        -l, --list           Activate content list diff mode (default)
+        -d, --diffoscope     Activate diffoscope diff mode
+        -p, --pkginfo        Activate .PKGINFO diff mode
+        -b, --buildinfo      Activate .BUILDINFO diff mode
+_EOF_
+}
+
+MAKEPKG_CONF=/etc/makepkg.conf
+POOLDIR=/srv/pkgpool
+
+VERBOSE=0
+TARLIST=0
+DIFFOSCOPE=0
+PKGINFO=0
+BUILDINFO=0
+
+DIFFMODE=--side-by-side
+DIFFCOLOR=--color=auto
+DIFFWIDTH=--width=auto
+DIFFOPTIONS=(--expand-tabs)
+
+# option checking
+while (( $# )); do
+    case $1 in
+        -h|--help)
+            usage
+            exit 0
+        ;;
+        -M|--makepkg-config)
+            (( $# <= 1 )) && die "missing argument for %s" "$1"
+            MAKEPKG_CONF="$2"
+            shift 2
+        ;;
+        -l|--list)
+            TARLIST=1
+            shift
+        ;;
+        -d|--diffoscope)
+            DIFFOSCOPE=1
+            shift
+        ;;
+        -p|--pkginfo)
+            PKGINFO=1
+            shift
+        ;;
+        -b|--buildinfo)
+            BUILDINFO=1
+            shift
+        ;;
+        -v|--verbose)
+            VERBOSE=1
+            shift
+        ;;
+        -u|-U|--unified)
+            DIFFMODE=--unified
+            shift
+        ;;
+        -y|--side-by-side)
+            DIFFMODE=--side-by-side
+            shift
+        ;;
+        --color|--color=*)
+            if [[ $2 == never || $2 == always || $2 == auto ]]; then
+                DIFFCOLOR="--color=$2"
+                shift 2
+                continue
+            fi
+            if [[ $1 == --color ]]; then
+                DIFFCOLOR="--color=auto"
+            else
+                DIFFCOLOR="$1"
+            fi
+            shift
+        ;;
+        -W|--width)
+            (( $# <= 1 )) && die "missing argument for %s" "$1"
+            DIFFWIDTH="--width=$2"
+            shift 2
+        ;;
+        --width=*)
+            DIFFWIDTH="$1"
+            shift
+        ;;
+        -P|--pool)
+            (( $# <= 1 )) && die "missing argument for %s" "$1"
+            POOLDIR="$2"
+            shift 2
+        ;;
+        --pool=*)
+            POOLDIR="${1#*=}"
+            shift
+        ;;
+        --)
+            shift
+            break
+        ;;
+        -*|--*)
+            die "invalid argument: %s" "$1"
+        ;;
+        *)
+            break
+        ;;
+    esac
+done
+
+# Set options based on flags or magic values
+if (( VERBOSE )); then
+    if [[ $DIFFMODE == --unified ]]; then
+        DIFFMODE="--unified=99999"
+    fi
+else
+    DIFFOPTIONS+=(--suppress-common-lines)
+fi
+if [[ $DIFFWIDTH == --width=columns ]]; then
+    DIFFWIDTH="--width=${COLUMNS:-130}"
+fi
+if [[ $DIFFWIDTH != --width=auto ]]; then
+    DIFFOPTIONS+=("${DIFFWIDTH}")
+fi
+DIFFOPTIONS+=("${DIFFMODE}" "${DIFFCOLOR}")
+
+if ! (( DIFFOSCOPE || TARLIST || PKGINFO || BUILDINFO )); then
+    TARLIST=1
+fi
+
+# Source makepkg.conf; fail if it is not found
+if [[ -r "${MAKEPKG_CONF}" ]]; then
+    # shellcheck source=config/makepkg/x86_64.conf
+    source "${MAKEPKG_CONF}"
+else
+    die "${MAKEPKG_CONF} not found!"
+fi
+
+# Source user-specific makepkg.conf overrides
+if [[ -r "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf" ]]; then
+    # shellcheck source=/dev/null
+    source "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf"
+elif [[ -r "$HOME/.makepkg.conf" ]]; then
+    # shellcheck source=/dev/null
+    source "$HOME/.makepkg.conf"
+fi
+
+STARTDIR=$(pwd)
+trap 'rm -rf $TMPDIR' EXIT INT TERM QUIT
+TMPDIR=$(mktemp -d --tmpdir diffpkg-script.XXXXXXXX)
+export TMPDIR
+
+tar_list() {
+    bsdtar tf "$*" | if (( VERBOSE )); then
+        cat
+    else
+        sed -E 's|^usr/lib/modules/[0-9][^/]+|usr/lib/modules/[…]|g'
+    fi | sort
+}
+
+file_line_length() {
+    path="$1"
+    wc -L "${path}" | tail -n1 | sed -E 's/^ +//g' | cut -d' ' -f1
+}
+
+file_diff_columns() {
+    file1="$1"
+    file2="$2"
+    file1_length=$(file_line_length "$file1")
+    file2_length=$(file_line_length "$file2")
+    echo $(( file1_length + file2_length + 3 ))
+}
+
+diff_pkgs() {
+    local oldpkg newpkg
+    oldpkg=$(readlink -m "$1")
+    newpkg=$(readlink -m "$2")
+
+    [[ -f $oldpkg ]] || die "No such file: %s" "${oldpkg}"
+    [[ -f $newpkg ]] || die "No such file: %s" "${newpkg}"
+
+    DIFFOPTIONS+=(--label "${oldpkg}" --label "${newpkg}")
+
+    if (( TARLIST )); then
+        tar_list "$oldpkg" > "$TMPDIR/old"
+        tar_list "$newpkg" > "$TMPDIR/new"
+    fi
+
+    if (( PKGINFO )); then
+        bsdtar xOqf "$oldpkg" .PKGINFO > "$TMPDIR/old"
+        bsdtar xOqf "$newpkg" .PKGINFO > "$TMPDIR/new"
+    fi
+
+    if (( BUILDINFO )); then
+        bsdtar xOqf "$oldpkg" .BUILDINFO > "$TMPDIR/old"
+        bsdtar xOqf "$newpkg" .BUILDINFO > "$TMPDIR/new"
+    fi
+
+    if (( TARLIST || PKGINFO || BUILDINFO )); then
+    # Resolve dynamic auto width one we know the content to diff
+        if [[ $DIFFWIDTH == --width=auto ]]; then
+            AUTOLENGTH=$(file_diff_columns "$TMPDIR/old" "$TMPDIR/new")
+            DIFFOPTIONS+=("--width=${AUTOLENGTH}")
+        fi
+
+        # Print a header for side-by-side view as it lacks labels
+        if [[ $DIFFMODE == --side-by-side ]]; then
+            printf -- "--- %s\n+++ %s\n" "${oldpkg}" "${newpkg}"
+        fi
+
+        diff "${DIFFOPTIONS[@]}" "$TMPDIR/old" "$TMPDIR/new"
+    fi
+
+    if (( DIFFOSCOPE )); then
+        diffoscope "${DIFFCOLOR/--color/--text-color}" "$oldpkg" "$newpkg"
+    fi
+}
+
+fetch_pkg() {
+    local pkg pkgdest pkgurl
+    case $1 in
+        *://*)
+            pkgurl=$1 ;;
+        /*|*/*)
+            pkgurl=$(readlink -m "$1") ;;
+        *.pkg.tar*)
+            pkgurl=$1 ;;
+        '')
+        ;;
+        *)
+            pkg=$1 ;;
+    esac
+
+    if [[ -z ${pkgurl} ]]; then
+        # Try to find latest package in pool dir
+        if [[ -d ${POOLDIR} ]]; then
+            shopt -s extglob nullglob
+            pkgurl=$(printf "%s\n" "${POOLDIR}"/*/"${_pkgname}"-!(*-*)-!(*-*)-!(*-*).pkg.tar!(*.sig)|sort -Vr|head -1)
+            shopt -u extglob nullglob
+        fi
+        # Search via pacman database if no pool file exists
+        if [[ ! -f ${pkgurl} ]]; then
+            pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$pkg") ||
+            die "Couldn't download previous package for %s." "$pkg"
+        fi
+    fi
+
+    pkg=${pkgurl##*/}
+    pkgdest=$(mktemp -t -d "${pkg}-XXXXXX")/${pkg}
+
+    if [[ $pkgurl = file://* || ( $pkgurl = /* && -f $pkgurl ) ]]; then
+        ln -sf "${pkgurl#file://}" "$pkgdest"
+    elif [[ -f "$PKGDEST/$pkg" ]]; then
+        ln -sf "$PKGDEST/$pkg" "$pkgdest"
+    elif [[ -f "$STARTDIR/$pkg" ]]; then
+        ln -sf "$STARTDIR/$pkg" "$pkgdest"
+    elif [[ $pkgurl = *://* ]]; then
+        curl -fsLC - --retry 3 --retry-delay 3 -o "$pkgdest" "$pkgurl" || \
+        die "Couldn't download %s" "$pkgurl"
+    else
+        die "File not found: %s" "$pkgurl"
+    fi
+
+    echo "$pkgdest"
+}
+
+if (( $# < 2 )); then
+    if [[ ! -f PKGBUILD ]]; then
+        die "This must be run in the directory of a built package.\nTry '$(basename "$0") --help' for more information."
+    fi
+
+    # shellcheck source=contrib/makepkg/PKGBUILD.proto
+    . ./PKGBUILD
+    if [[ ${arch[0]} == 'any' ]]; then
+        CARCH='any'
+    fi
+
+    for _pkgname in "${pkgname[@]}"; do
+        comparepkg=$_pkgname
+        pkgurl=
+        target_pkgver=$(get_full_version "$_pkgname")
+        if ! pkgfile=$(find_cached_package "$_pkgname" "$target_pkgver" "$CARCH"); then
+            die 'tarball not found for package: %s' "${_pkgname}-$target_pkgver"
+        fi
+
+        ln -s "$pkgfile" "$TMPDIR"
+
+        if (( $# )); then
+            comparepkg="$1"
+        fi
+
+        oldpkg=$(fetch_pkg "$comparepkg") || exit 1
+
+        diff_pkgs "$oldpkg" "$pkgfile"
+    done
+else
+    file1=$(fetch_pkg "$1") || exit 1
+    file2=$(fetch_pkg "$2") || exit 1
+
+    diff_pkgs "$file1" "$file2"
+fi

bin/pkg/export-pkgbuild-keys.in

@@ -0,0 +1,70 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/base/message.sh)
+
+usage() {
+    cat <<- _EOF_
+        Usage: ${BASH_SOURCE[0]##*/}
+
+        Export the PGP keys from a PKGBUILDs validpgpkeys array into the keys/pgp/
+        subdirectory. Useful for distributing packager validated source signing
+        keys alongside PKGBUILDs.
+
+        OPTIONS
+            -h, --help      Show this help text
+_EOF_
+}
+
+# option checking
+while (( $# )); do
+    case $1 in
+        -h|--help) usage; exit 0 ;;
+        *) die "invalid argument: %s" "$1" ;;
+    esac
+done
+
+if [[ ! -f PKGBUILD ]]; then
+    die "This must be run a directory containing a PKGBUILD."
+fi
+
+mapfile -t validpgpkeys < <(
+    # shellcheck source=PKGBUILD.proto
+    . ./PKGBUILD
+    if (( ${#validpgpkeys[@]} )); then
+        printf "%s\n" "${validpgpkeys[@]}"
+    fi
+)
+
+msg "Exporting ${#validpgpkeys[@]} PGP keys..."
+if (( ${#validpgpkeys[@]} == 0 )); then
+    exit 0
+fi
+
+trap 'rm -rf $TEMPDIR' EXIT INT TERM QUIT
+TEMPDIR=$(mktemp -d --tmpdir export-pkgbuild-keys.XXXXXXXXXX)
+
+mkdir -p keys/pgp
+error=0
+
+for key in "${validpgpkeys[@]}"; do
+    gpg --output "$TEMPDIR/$key.asc" --armor --export --export-options export-minimal "$key" 2>/dev/null
+
+    # gpg does not give a non-zero return value if it fails to export...
+    if [[ -f $TEMPDIR/$key.asc ]]; then
+        msg2 "Exported $key"
+        mv "$TEMPDIR/$key.asc" "keys/pgp/$key.asc"
+    else
+        if [[ -f keys/pgp/$key.asc ]]; then
+            warning "Failed to update key: $key"
+        else
+            error "Key unavailable: $key"
+            error=1
+        fi
+    fi
+done
+
+if (( error )); then
+    die "Failed to export all \'validpgpkeys\' entries."
+fi

bin/pkg/find-libdeps.in

@@ -15,7 +15,6 @@
 m4_include(lib/base/message.sh)
 
 set -e
-shopt -s extglob
 
 IGNORE_INTERNAL=0
 
@@ -53,7 +52,9 @@ fi
 
 process_sofile() {
     # extract the library name: libfoo.so
+    shopt -s extglob nullglob
     soname="${sofile%.so?(+(.+([0-9])))}".so
+    shopt -u extglob nullglob
     # extract the major version: 1
     soversion="${sofile##*\.so\.}"
     if [[ "$soversion" = "$sofile" ]] && ((IGNORE_INTERNAL)); then

bin/pkg/makerepropkg.in

@@ -0,0 +1,271 @@
+#!/bin/bash
+#
+# makerepropkg - rebuild a package to see if it is reproducible
+#
+# Copyright (c) 2019 by Eli Schwartz <eschwartz@archlinux.org>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/util-base.sh)
+m4_include(lib/base/message.sh)
+m4_include(lib/base/chroot.sh)
+m4_include(lib/base/chroot.sh)
+
+declare -A buildinfo
+declare -a buildenv buildopts installed installpkgs
+
+archiveurl='https://archive.artixlinux.org/packages'
+buildroot="${CHROOTS_DIR}"/reproducible
+diffoscope=0
+
+chroot=$USER
+[[ -n ${SUDO_USER:-} ]] && chroot=$SUDO_USER
+[[ -z "$chroot" || $chroot = root ]] && chroot=copy
+
+parse_buildinfo() {
+    local line var val
+
+    while read -r line; do
+        var="${line%% = *}"
+        val="${line#* = }"
+        case ${var} in
+            buildenv)
+                buildenv+=("${val}")
+                ;;
+            options)
+                buildopts+=("${val}")
+                ;;
+            installed)
+                installed+=("${val}")
+                ;;
+            *)
+                buildinfo["${var}"]="${val}"
+                ;;
+        esac
+    done
+}
+
+get_pkgfile() {
+    local cdir=${cache_dirs[0]}
+    local pkgfilebase=${1}
+    local mode=${2}
+    local pkgname=${pkgfilebase%-*-*-*}
+    local pkgfile ext
+
+    # try without downloading
+    if [[ ${mode} != localonly ]] && get_pkgfile "${pkgfilebase}" localonly; then
+        return 0
+    fi
+
+    for ext in .zst .xz ''; do
+        pkgfile=${pkgfilebase}.pkg.tar${ext}
+
+        for c in "${cache_dirs[@]}"; do
+            if [[ -f ${c}/${pkgfile} ]]; then
+                cdir=${c}
+                break
+            fi
+        done
+
+        for f in "${pkgfile}" "${pkgfile}.sig"; do
+            if [[ ! -f "${cdir}/${f}" ]]; then
+                if [[ ${mode} = localonly ]]; then
+                    continue 2
+                fi
+                msg2 "retrieving '%s'..." "${f}" >&2
+                curl -Llf -# -o "${cdir}/${f}" "${archiveurl}/${pkgname:0:1}/${pkgname}/${f}" || continue 2
+            fi
+        done
+        printf '%s\n' "file://${cdir}/${pkgfile}"
+        return 0
+    done
+
+    return 1
+}
+
+get_makepkg_conf() {
+    local fname=${1}
+    local makepkg_conf="${2}"
+    if ! buildtool_file=$(get_pkgfile "${fname}"); then
+        error "failed to retrieve ${fname}"
+        return 1
+    fi
+    msg2 "using makepkg.conf from ${fname}"
+    bsdtar xOqf "${buildtool_file/file:\/\//}" usr/share/artools/makepkg.conf > "${makepkg_conf}"
+    return 0
+}
+
+usage() {
+    cat << __EOF__
+    usage: ${BASH_SOURCE[0]##*/} [options] <package_file>
+
+    Run this script in a PKGBUILD dir to build a package inside a
+    clean chroot while attempting to reproduce it. The package file
+    will be used to derive metadata needed for reproducing the
+    package, including the .PKGINFO as well as the buildinfo.
+
+    For more details see https://reproducible-builds.org/
+
+    OPTIONS
+        -d            Run diffoscope if the package is unreproducible
+        -c <dir>      Set pacman cache
+        -M <file>     Location of a makepkg config file
+        -l <chroot>   The directory name to use as the chroot namespace
+                    Useful for maintaining multiple copies
+                    Default: $chroot
+        -h            Show this usage message
+__EOF__
+}
+
+while getopts 'dM:c:l:h' arg; do
+    case "$arg" in
+        d) diffoscope=1 ;;
+        M) artixroot_args+=(-M "$OPTARG") ;;
+        c) cache_dirs+=("$OPTARG") ;;
+        l) chroot="$OPTARG" ;;
+        h) usage; exit 0 ;;
+        *|?) usage; exit 1 ;;
+    esac
+done
+shift $((OPTIND - 1))
+
+check_root
+
+[[ -f PKGBUILD ]] || { error "No PKGBUILD in current directory."; exit 1; }
+
+# without arguments, get list of packages from PKGBUILD
+if [[ -z $1 ]]; then
+    mapfile -t pkgnames < <(source PKGBUILD; pacman -Sddp --print-format '%r/%n' "${pkgname[@]}")
+    wait $! || {
+        error "No package file specified and failed to retrieve package names from './PKGBUILD'."
+        plain "Try '${BASH_SOURCE[0]##*/} -h' for more information." >&2
+        exit 1
+    }
+    msg "Reproducing all pkgnames listed in ./PKGBUILD"
+    set -- "${pkgnames[@]}"
+fi
+
+# check each package to see if it's a file, and if not, try to download it
+# using pacman -Sw, and get the filename from there
+splitpkgs=()
+for p in "$@"; do
+    if [[ -f ${p} ]]; then
+        splitpkgs+=("${p}")
+    else
+        pkgfile_remote=$(pacman -Sddp "${p}" 2>/dev/null) || { error "package name '%s' not in repos" "${p}"; exit 1; }
+        pkgfile=${pkgfile_remote#file://}
+        if [[ ! -f ${pkgfile} ]]; then
+            msg "Downloading package '%s' into pacman's cache" "${pkgfile}"
+            sudo pacman -Swdd --noconfirm --logfile /dev/null "${p}" || exit 1
+            pkgfile_remote=$(pacman -Sddp "${p}" 2>/dev/null)
+            pkgfile="${pkgfile_remote#file://}"
+        fi
+        splitpkgs+=("${pkgfile}")
+    fi
+done
+
+for f in "${splitpkgs[@]}"; do
+    if ! bsdtar -tqf "${f}" .BUILDINFO >/dev/null 2>&1; then
+        error "file is not a valid pacman package: '%s'" "${f}"
+        exit 1
+    fi
+done
+
+if (( ${#cache_dirs[@]} == 0 )); then
+	mapfile -t cache_dirs < <(pacman-conf CacheDir)
+fi
+
+ORIG_HOME=${HOME}
+IFS=: read -r _ _ _ _ _ HOME _ < <(getent passwd "${SUDO_USER:-$USER}")
+load_makepkg_config
+HOME=${ORIG_HOME}
+[[ -d ${SRCDEST} ]] || SRCDEST=${PWD}
+
+parse_buildinfo < <(bsdtar -xOqf "${splitpkgs[0]}" .BUILDINFO)
+export SOURCE_DATE_EPOCH="${buildinfo[builddate]}"
+PACKAGER="${buildinfo[packager]}"
+BUILDDIR="${buildinfo[builddir]}"
+BUILDTOOL="${buildinfo[buildtool]}"
+BUILDTOOLVER="${buildinfo[buildtoolver]}"
+PKGEXT=${splitpkgs[0]#${splitpkgs[0]%.pkg.tar*}}
+
+# nuke and restore reproducible testenv
+namespace="$buildroot/$chroot"
+lock 9 "${namespace}.lock" "Locking chroot namespace '%s'" "${namespace}"
+for copy in "${namespace}"/*/; do
+    [[ -d ${copy} ]] || continue
+    subvolume_delete_recursive "${copy}"
+done
+rm -rf --one-file-system "${namespace}"
+(umask 0022; mkdir -p "${namespace}")
+
+for fname in "${installed[@]}"; do
+    if ! allpkgfiles+=("$(get_pkgfile "${fname}")"); then
+        error "failed to retrieve ${fname}"
+        exit 1
+    fi
+done
+
+trap 'rm -rf $TEMPDIR' EXIT INT TERM QUIT
+TEMPDIR=$(mktemp -d --tmpdir makerepropkg.XXXXXXXXXX)
+
+makepkg_conf="${TEMPDIR}/makepkg.conf"
+# anything before buildtool support is pinned to the last none buildtool aware release
+if [[ -z "${BUILDTOOL}" ]]; then
+    get_makepkg_conf "artools-pkg-0.28.2-1-any" "${makepkg_conf}" || exit 1
+# prefere to assume artools-pkg up until matching makepkg version so repository packages remain reproducible
+elif [[ "${BUILDTOOL}" = makepkg ]] && (( $(vercmp "${BUILDTOOLVER}" 6.0.1) <= 0 )); then
+    get_makepkg_conf "artools-pkg-0.28.2-1-any" "${makepkg_conf}" || exit 1
+# all artools-pkg builds
+elif [[ "${BUILDTOOL}" = artools-pkg ]] && get_makepkg_conf "${BUILDTOOL}-${BUILDTOOLVER}" "${makepkg_conf}"; then
+    true
+# fallback to current makepkg.conf
+else
+    warning "Unknown buildtool (${BUILDTOOL}-${BUILDTOOLVER}), using fallback"
+    makepkg_conf="${DATADIR}"/makepkg.conf
+fi
+printf '%s\n' "${allpkgfiles[@]}" | mkchroot -M "${makepkg_conf}" -U "${artixroot_args[@]}" "${namespace}/root" - || exit 1
+
+# use makechrootpkg to prep the build directory
+mkchrootpkg -r "${namespace}" -l build -- --packagelist || exit 1
+
+# set detected makepkg.conf options
+{
+    for var in PACKAGER BUILDDIR BUILDTOOL BUILDTOOLVER PKGEXT; do
+        printf '%s=%s\n' "${var}" "${!var@Q}"
+    done
+    printf 'OPTIONS=(%s)\n' "${buildopts[*]@Q}"
+    printf 'BUILDENV=(%s)\n' "${buildenv[*]@Q}"
+} >> "${namespace}/build"/etc/makepkg.conf
+install -d -o "${SUDO_UID:-$UID}" -g "$(id -g "${SUDO_UID:-$UID}")" "${namespace}/build/${BUILDDIR}"
+
+bindmounts+=("-B:${PWD}:/startdir" "-B:${SRCDEST}:/srcdest")
+
+# kick off the build
+chroot-run \
+    -b "${bindmounts[*]}" \
+    "${namespace}/build" \
+    /chrootbuild -C --noconfirm --log --holdver --skipinteg
+ret=$?
+
+if (( ${ret} == 0 )); then
+    msg2 "built succeeded! built packages can be found in ${namespace}/build/pkgdest"
+    msg "comparing artifacts..."
+
+    for pkgfile in "${splitpkgs[@]}"; do
+        comparefiles=("${pkgfile}" "${namespace}/build/pkgdest/${pkgfile##*/}")
+        if cmp -s "${comparefiles[@]}"; then
+            msg2 "Package '%s' successfully reproduced!" "${pkgfile}"
+        else
+            ret=1
+            warning "Package '%s' is not reproducible. :(" "${pkgfile}"
+            sha256sum "${comparefiles[@]}"
+            if (( diffoscope )); then
+                diffoscope "${comparefiles[@]}"
+            fi
+        fi
+    done
+fi
+
+# return failure from chrootbuild, or the reproducibility status
+exit ${ret}

bin/pkg/mkchrootpkg.in

@@ -329,13 +329,14 @@ fi
 # Pass all arguments after -- right to makepkg
 makepkg_args+=("${@:$OPTIND}")
 
-# See if -R or -e was passed to makepkg
+# See if -R, -e or -A was passed to makepkg
 for arg in "${@:$OPTIND}"; do
     case ${arg%%=*} in
-        --skip*|--holdver) verifysource_args+=("$arg") ;;
+        --skip*|--holdver|--ignorearch) verifysource_args+=("$arg") ;;
         --repackage|--noextract) keepbuilddir=1 ;;
         --*) ;;
-        -*R*|-*e*) keepbuilddir=1 ;;
+        -*A*) verifysource_args+=(-A) ;;&
+        -*R*|-*e*) keepbuilddir=1 ;;&
     esac
 done
 

lib/base/message.sh

@@ -9,8 +9,6 @@
 
 export LANG=C
 
-shopt -s extglob
-
 if [[ -t 2 && "$TERM" != dumb ]]; then
     colorize
 else

lib/pkg/diff.sh

@@ -0,0 +1,71 @@
+#!/hint/bash
+
+#{{{ functions
+
+pkgver_equal() {
+    if [[ $1 = *-* && $2 = *-* ]]; then
+        # if both versions have a pkgrel, then they must be an exact match
+        [[ $1 = "$2" ]]
+    else
+        # otherwise, trim any pkgrel and compare the bare version.
+        [[ ${1%%-*} = "${2%%-*}" ]]
+    fi
+}
+
+find_cached_package() {
+    local searchdirs=("$PWD" "$PKGDEST") results=()
+    local targetname=$1 targetver=$2 targetarch=$3
+    local dir pkg packages pkgbasename name ver rel arch r results
+
+    for dir in "${searchdirs[@]}"; do
+        [[ -d $dir ]] || continue
+
+        shopt -s extglob nullglob
+        mapfile -t packages < <(printf "%s\n" "$dir"/"${targetname}"-"${targetver}"-*"${targetarch}".pkg.tar?(.!(sig|*.*)))
+        shopt -u extglob nullglob
+
+        for pkg in "${packages[@]}"; do
+            [[ -f $pkg ]] || continue
+
+            # avoid adding duplicates of the same inode
+            for r in "${results[@]}"; do
+                [[ $r -ef $pkg ]] && continue 2
+            done
+
+            # split apart package filename into parts
+            pkgbasename=${pkg##*/}
+            pkgbasename=${pkgbasename%.pkg.tar*}
+
+            arch=${pkgbasename##*-}
+            pkgbasename=${pkgbasename%-"$arch"}
+
+            rel=${pkgbasename##*-}
+            pkgbasename=${pkgbasename%-"$rel"}
+
+            ver=${pkgbasename##*-}
+            name=${pkgbasename%-"$ver"}
+
+            if [[ $targetname = "$name" && $targetarch = "$arch" ]] &&
+                pkgver_equal "$targetver" "$ver-$rel"; then
+                results+=("$pkg")
+            fi
+        done
+    done
+
+    case ${#results[*]} in
+        0)
+            return 1
+        ;;
+        1)
+            printf '%s\n' "${results[0]}"
+            return 0
+        ;;
+        *)
+            error 'Multiple packages found:'
+            printf '\t%s\n' "${results[@]}" >&2
+            return 1
+        ;;
+    esac
+}
+
+#}}}