offload-build: support different pkgdatadir locations on the remote

Use devtools-config to get the pkgdatadir on the remote and use that
location to search for the appropriate makepkg.conf file. This way the
remote environment can have a non repo matching devtools build for
example being installed to /usr/local

.gitignore

@@ -1,2 +1,24 @@
 *~
-devtools-*.tar.gz
+devtools-*.tar.gz*
+archbuild
+archco
+archrelease
+bash_completion
+checkpkg
+commitpkg
+devtools-config
+diffpkg
+finddeps
+lddd
+makechrootpkg
+makerepropkg
+mkarchroot
+offload-build
+rebuildpkgs
+zsh_completion
+find-libdeps
+crossrepomove
+arch-nspawn
+sogrep
+doc/*.1
+doc/*.7

.gitlab-ci.yml

@@ -0,0 +1,21 @@
+image: "archlinux:latest"
+
+stages:
+  - build
+  - test
+
+build:
+  stage: build
+  needs: []
+  script:
+    - pacman -Syu --noconfirm m4 make openssh subversion rsync arch-install-scripts git bzr mercurial diffutils asciidoc
+    - make PREFIX=/usr
+    - make PREFIX=/usr DESTDIR=build install
+
+check:
+  stage: test
+  needs: []
+  script:
+    - pacman -Syu --noconfirm m4 make openssh subversion rsync arch-install-scripts git bzr mercurial diffutils asciidoc shellcheck
+    - make check || true
+    - SHELLCHECK_OPTS="-S error" make check

LICENSE

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

Makefile

@@ -1,76 +1,163 @@
-V=0.9.22
+V=20220207
+BUILDTOOLVER ?= $(V)
 
-BINPROGS = \
+PREFIX = /usr/local
+MANDIR = $(PREFIX)/share/man
+
+IN_PROGS = \
+	archco \
+	arch-nspawn \
+	archrelease \
+	archbuild \
 	checkpkg \
 	commitpkg \
-	archco \
-	communityco \
-	archrelease \
-	archrm \
-	archbuild \
-	lddd \
+	crossrepomove\
+	devtools-config \
+	diffpkg \
 	finddeps \
-	rebuildpkgs
-
-SBINPROGS = \
+	find-libdeps \
+	lddd \
+	makerepropkg \
 	mkarchroot \
-	makechrootpkg
+	makechrootpkg \
+	offload-build \
+	rebuildpkgs \
+	sogrep
+
+BINPROGS = \
+	$(IN_PROGS)
 
 CONFIGFILES = \
-	makepkg-i686.conf \
 	makepkg-x86_64.conf \
 	pacman-extra.conf \
 	pacman-testing.conf \
 	pacman-staging.conf \
 	pacman-multilib.conf \
-	pacman-multilib-testing.conf
+	pacman-multilib-testing.conf \
+	pacman-multilib-staging.conf \
+	pacman-kde-unstable.conf \
+	pacman-gnome-unstable.conf
+
+SETARCH_ALIASES = \
 
 COMMITPKG_LINKS = \
 	extrapkg \
-	corepkg \
 	testingpkg \
 	stagingpkg \
 	communitypkg \
 	community-testingpkg \
 	community-stagingpkg \
 	multilibpkg \
-	multilib-testingpkg
+	multilib-testingpkg \
+	multilib-stagingpkg \
+	kde-unstablepkg \
+	gnome-unstablepkg
 
 ARCHBUILD_LINKS = \
-	extra-i686-build \
 	extra-x86_64-build \
-	testing-i686-build \
 	testing-x86_64-build \
-	staging-i686-build \
 	staging-x86_64-build \
 	multilib-build \
-	multilib-testing-build
+	multilib-testing-build \
+	multilib-staging-build \
+	kde-unstable-x86_64-build \
+	gnome-unstable-x86_64-build
 
-all:
+CROSSREPOMOVE_LINKS = \
+	extra2community \
+	community2extra
+
+BASHCOMPLETION_LINKS = \
+	archco \
+	communityco
+
+
+MANS = \
+	doc/archbuild.1 \
+	doc/arch-nspawn.1 \
+	doc/makechrootpkg.1 \
+	doc/lddd.1 \
+	doc/checkpkg.1 \
+	doc/devtools-config.1 \
+	doc/diffpkg.1 \
+	doc/offload-build.1 \
+	doc/sogrep.1 \
+	doc/makerepropkg.1 \
+	doc/mkarchroot.1 \
+	doc/find-libdeps.1 \
+	doc/find-libprovides.1 \
+	doc/devtools.7
+
+
+all: $(BINPROGS) bash_completion zsh_completion man
+man: $(MANS)
+
+edit = sed -e "s|@pkgdatadir[@]|$(PREFIX)/share/devtools|g"
+
+%: %.in Makefile lib/common.sh
+	@echo "GEN $@"
+	@$(RM) "$@"
+	@{ echo -n 'm4_changequote([[[,]]])'; cat $@.in; } | m4 -P --define=m4_devtools_version=$(BUILDTOOLVER) | $(edit) >$@
+	@chmod a-w "$@"
+	@chmod +x "$@"
+	@bash -O extglob -n "$@"
+
+$(MANS): doc/asciidoc.conf doc/footer.asciidoc
+
+doc/%: doc/%.asciidoc
+	a2x --no-xmllint --asciidoc-opts="-f doc/asciidoc.conf" -d manpage -f manpage -D doc -a pkgdatadir=$(PREFIX)/share/devtools $<
+
+clean:
+	rm -f $(IN_PROGS) bash_completion zsh_completion $(MANS)
 
 install:
-	install -dm0755 $(DESTDIR)/usr/bin
-	install -dm0755 $(DESTDIR)/usr/sbin
-	install -dm0755 $(DESTDIR)/usr/share/devtools
-	install -m0755 ${BINPROGS} $(DESTDIR)/usr/bin
-	install -m0755 ${SBINPROGS} $(DESTDIR)/usr/sbin
-	install -m0644 ${CONFIGFILES} $(DESTDIR)/usr/share/devtools
-	for l in ${COMMITPKG_LINKS}; do ln -sf commitpkg $(DESTDIR)/usr/bin/$$l; done
-	for l in ${ARCHBUILD_LINKS}; do ln -sf archbuild $(DESTDIR)/usr/bin/$$l; done
-	install -Dm0644 bash_completion $(DESTDIR)/etc/bash_completion.d/devtools
+	install -dm0755 $(DESTDIR)$(PREFIX)/bin
+	install -dm0755 $(DESTDIR)$(PREFIX)/share/devtools/setarch-aliases.d
+	install -m0755 ${BINPROGS} $(DESTDIR)$(PREFIX)/bin
+	install -m0644 ${CONFIGFILES} $(DESTDIR)$(PREFIX)/share/devtools
+	for a in ${SETARCH_ALIASES}; do install -m0644 setarch-aliases.d/$$a $(DESTDIR)$(PREFIX)/share/devtools/setarch-aliases.d; done
+	for l in ${COMMITPKG_LINKS}; do ln -sf commitpkg $(DESTDIR)$(PREFIX)/bin/$$l; done
+	for l in ${ARCHBUILD_LINKS}; do ln -sf archbuild $(DESTDIR)$(PREFIX)/bin/$$l; done
+	for l in ${CROSSREPOMOVE_LINKS}; do ln -sf crossrepomove $(DESTDIR)$(PREFIX)/bin/$$l; done
+	ln -sf find-libdeps $(DESTDIR)$(PREFIX)/bin/find-libprovides
+	install -Dm0644 bash_completion $(DESTDIR)/usr/share/bash-completion/completions/devtools
+	for l in ${BASHCOMPLETION_LINKS}; do ln -sf devtools $(DESTDIR)/usr/share/bash-completion/completions/$$l; done
+	install -Dm0644 zsh_completion $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools
+	ln -sf archco $(DESTDIR)$(PREFIX)/bin/communityco
+	for manfile in $(MANS); do \
+		install -Dm644 $$manfile -t $(DESTDIR)$(MANDIR)/man$${manfile##*.}; \
+	done;
 
 uninstall:
-	for f in ${BINPROGS}; do rm -f $(DESTDIR)/usr/bin/$$f; done
-	for f in ${SBINPROGS}; do rm -f $(DESTDIR)/usr/sbin/$$f; done
-	for f in ${CONFIGFILES}; do rm -f $(DESTDIR)/usr/share/devtools/$$f; done
-	for l in ${COMMITPKG_LINKS}; do rm -f $(DESTDIR)/usr/bin/$$l; done
-	for l in ${ARCHBUILD_LINKS}; do rm -f $(DESTDIR)/usr/bin/$$l; done
-	rm $(DESTDIR)/etc/bash_completion.d/devtools
+	for f in ${BINPROGS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$f; done
+	for f in ${CONFIGFILES}; do rm -f $(DESTDIR)$(PREFIX)/share/devtools/$$f; done
+	for f in ${SETARCH_ALIASES}; do rm -f $(DESTDIR)$(PREFIX)/share/devtools/setarch-aliases.d/$$f; done
+	for l in ${COMMITPKG_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
+	for l in ${ARCHBUILD_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
+	for l in ${CROSSREPOMOVE_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
+	rm $(DESTDIR)/usr/share/bash-completion/completions/devtools
+	rm $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools
+	rm -f $(DESTDIR)$(PREFIX)/bin/communityco
+	rm -f $(DESTDIR)$(PREFIX)/bin/find-libprovides
+	for manfile in $(MANS); do \
+		rm -f $(DESTDIR)$(MANDIR)/man$${manfile##*.}/$${manfile#doc/}; \
+	done;
+
+TODAY=$(shell date +"%Y%m%d")
+tag:
+	@sed -E "s|^V=[0-9]{8}|V=$(TODAY)|" -i Makefile
+	@git commit --gpg-sign --message "Version $(TODAY)" Makefile
+	@git tag --sign --message "Version $(TODAY)" $(TODAY)
 
 dist:
-	git archive --format=tar --prefix=devtools-$(V)/ $(V) | gzip -9 > devtools-$(V).tar.gz
+	git archive --format=tar --prefix=devtools-$(V)/ $(V) | gzip > devtools-$(V).tar.gz
+	gpg --detach-sign --use-agent devtools-$(V).tar.gz
 
 upload:
-	scp devtools-$(V).tar.gz gerolde.archlinux.org:/srv/ftp/other/devtools/
+	scp devtools-$(V).tar.gz devtools-$(V).tar.gz.sig repos.archlinux.org:/srv/ftp/other/devtools/
 
-.PHONY: all install uninstall dist upload
+check: $(BINPROGS) bash_completion makepkg-x86_64.conf PKGBUILD.proto
+	shellcheck $^
+
+.PHONY: all clean install uninstall dist upload check tag
+.DELETE_ON_ERROR:

PKGBUILD.proto

@@ -0,0 +1,48 @@
+#!/hint/bash
+# shellcheck disable=2034
+
+# This is an example PKGBUILD file, so that shellcheck can know what
+# variables to expect be set after including a PKGBUILD.
+
+# Maintainer: Your Name <youremail@domain.com>
+pkgname=NAME
+pkgver=VERSION
+pkgrel=1
+epoch=
+pkgdesc=""
+arch=()
+url=""
+license=('GPL')
+groups=()
+depends=()
+makedepends=()
+checkdepends=()
+optdepends=()
+provides=()
+conflicts=()
+replaces=()
+backup=()
+options=()
+install=
+changelog=
+source=("$pkgname-$pkgver.tar.gz"
+        "$pkgname-$pkgver.patch")
+noextract=()
+md5sums=()
+validpgpkeys=()
+
+prepare() {
+	:
+}
+
+build() {
+	:
+}
+
+check() {
+	:
+}
+
+package() {
+	:
+}

README.md

@@ -0,0 +1,39 @@
+# Devtools - development tools for Arch Linux
+
+This repository contains tools for the Arch Linux distribution for building
+and maintaining official repository packages.
+
+## Patches
+
+Patches can be send to arch-projects@archlinux.org or via a pull request on
+Github. When sending patches to the mailing list make sure to set a valid
+subjectprefix otherwise the email is denied by mailman. Git can be configured
+as following.
+
+```
+git config format.subjectprefix 'devtools] [PATCH'
+```
+
+## Building
+
+When building official distro packages the `BUILDTOOLVER` needs to be set to the
+exact label of the release package in order to allow to detect the exactly used
+devtools version. This is required for reproducible builds to fetch the according
+files like `makepkg.conf`.
+
+```sh
+BUILDTOOLVER="${pkgver}-${pkgrel}-${arch}" make all
+```
+
+## Releasing
+
+1. bump the version in the Makefile
+2. Commit everything as  ```Version $(date +"%Y%m%d")```
+3. Create a new tag ```git tag -s $(date +"%Y%m%d")```
+4. Push changes
+5. Upload the source tarball with ```make dist upload```
+6. Update the package
+
+## License
+
+Devtools is licensed under the terms of the **GPL-3.0-or-later** (see [LICENSE](LICENSE)).

arch-nspawn.in

@@ -0,0 +1,130 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+m4_include(lib/archroot.sh)
+
+# umask might have been changed in /etc/profile
+# ensure that sane default is set again
+umask 0022
+
+working_dir=''
+
+files=()
+mount_args=()
+
+usage() {
+	echo "Usage: ${0##*/} [options] working-dir [systemd-nspawn arguments]"
+	echo "A wrapper around systemd-nspawn. Provides support for pacman."
+	echo
+	echo ' options:'
+	echo '    -C <file>     Location of a pacman config file'
+	echo '    -M <file>     Location of a makepkg config file'
+	echo '    -c <dir>      Set pacman cache'
+	echo '    -f <file>     Copy file from the host to the chroot'
+	echo '    -s            Do not run setarch'
+	echo '    -h            This message'
+	exit 1
+}
+
+while getopts 'hC:M:c:f:s' arg; do
+	case "$arg" in
+		C) pac_conf="$OPTARG" ;;
+		M) makepkg_conf="$OPTARG" ;;
+		c) cache_dirs+=("$OPTARG") ;;
+		f) files+=("$OPTARG") ;;
+		s) nosetarch=1 ;;
+		h|?) usage ;;
+		*) error "invalid argument '%s'" "$arg"; usage ;;
+	esac
+done
+shift $((OPTIND - 1))
+
+(( $# < 1 )) && die 'You must specify a directory.'
+check_root
+
+working_dir=$(readlink -f "$1")
+shift 1
+
+[[ -z $working_dir ]] && die 'Please specify a working directory.'
+
+if (( ${#cache_dirs[@]} == 0 )); then
+	mapfile -t cache_dirs < <(pacman-conf --config "${pac_conf:-$working_dir/etc/pacman.conf}" CacheDir)
+fi
+
+# shellcheck disable=2016
+host_mirrors=($(pacman-conf --repo extra Server 2> /dev/null | sed -r 's#(.*/)extra/os/.*#\1$repo/os/$arch#'))
+
+for host_mirror in "${host_mirrors[@]}"; do
+	if [[ $host_mirror == *file://* ]]; then
+		host_mirror=$(echo "$host_mirror" | sed -r 's#file://(/.*)/\$repo/os/\$arch#\1#g')
+		for m in "$host_mirror"/pool/*/; do
+			in_array "$m" "${cache_dirs[@]}" || cache_dirs+=("$m")
+		done
+	fi
+done
+
+while read -r line; do
+	mapfile -t lines < <(pacman-conf --config "${pac_conf:-$working_dir/etc/pacman.conf}" \
+		--repo $line Server | sed -r 's#(.*/)[^/]+/os/.+#\1#')
+	for line in "${lines[@]}"; do
+		if [[ $line = file://* ]]; then
+			line=${line#file://}
+			in_array "$line" "${cache_dirs[@]}" || cache_dirs+=("$line")
+		fi
+	done
+done < <(pacman-conf --config "${pac_conf:-$working_dir/etc/pacman.conf}" --repo-list)
+
+mount_args+=("--bind=${cache_dirs[0]//:/\\:}")
+
+for cache_dir in "${cache_dirs[@]:1}"; do
+	mount_args+=("--bind-ro=${cache_dir//:/\\:}")
+done
+
+# {{{ functions
+copy_hostconf () {
+	unshare --fork --pid gpg --homedir "$working_dir"/etc/pacman.d/gnupg/ --no-permission-warning --quiet --batch --import --import-options import-local-sigs "$(pacman-conf GpgDir)"/pubring.gpg >/dev/null 2>&1
+	pacman-key --gpgdir "$working_dir"/etc/pacman.d/gnupg/ --import-trustdb "$(pacman-conf GpgDir)" >/dev/null 2>&1
+
+	printf 'Server = %s\n' "${host_mirrors[@]}" >"$working_dir/etc/pacman.d/mirrorlist"
+
+	[[ -n $pac_conf ]] && cp "$pac_conf" "$working_dir/etc/pacman.conf"
+	[[ -n $makepkg_conf ]] && cp "$makepkg_conf" "$working_dir/etc/makepkg.conf"
+
+	local file
+	for file in "${files[@]}"; do
+		mkdir -p "$(dirname "$working_dir$file")"
+		cp -T "$file" "$working_dir$file"
+	done
+
+	sed -r "s|^#?\\s*CacheDir.+|CacheDir = ${cache_dirs[*]}|g" -i "$working_dir/etc/pacman.conf"
+}
+# }}}
+
+umask 0022
+
+# Sanity check
+if [[ ! -f "$working_dir/.arch-chroot" ]]; then
+	die "'%s' does not appear to be an Arch chroot." "$working_dir"
+elif [[ $(cat "$working_dir/.arch-chroot") != "$CHROOT_VERSION" ]]; then
+	die "chroot '%s' is not at version %s. Please rebuild." "$working_dir" "$CHROOT_VERSION"
+fi
+
+copy_hostconf
+
+eval "$(grep -a '^CARCH=' "$working_dir/etc/makepkg.conf")"
+
+[[ -z $nosetarch ]] || unset CARCH
+if [[ -f "@pkgdatadir@/setarch-aliases.d/${CARCH}" ]]; then
+	read -r set_arch < "@pkgdatadir@/setarch-aliases.d/${CARCH}"
+else
+	set_arch="${CARCH}"
+fi
+
+exec ${CARCH:+setarch "$set_arch"} systemd-nspawn -q \
+	-D "$working_dir" \
+	-E "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin" \
+	--register=no --keep-unit --as-pid2 \
+	"${mount_args[@]}" \
+	"$@"

archbuild

@@ -1,67 +0,0 @@
-#!/bin/bash
-
-base_packages='base base-devel sudo'
-
-cmd="$(basename "${0%-build}")"
-if [ "${cmd%-*}" == 'multilib' ]; then
-	repo="${cmd}"
-	arch='x86_64'
-	base_packages+=' multilib-devel'
-else
-	repo=${cmd%-*}
-	arch=${cmd##*-}
-fi
-chroots='/var/tmp/archbuild'
-clean_first=false
-
-usage() {
-	echo "usage $(basename "$0")"
-	echo '    -c         Recreate the chroot before building'
-	echo '    -r <dir>   Create chroots in this directory'
-	exit 1
-}
-
-while getopts 'cr:' arg; do
-	case "${arg}" in
-		c) clean_first=true ;;
-		r) chroots="$OPTARG" ;;
-		*) usage ;;
-	esac
-done
-
-if [ "$EUID" != '0' ]; then
-	echo 'This script must be run as root.'
-	exit 1
-fi
-
-if ${clean_first} || [ ! -d "${chroots}/${repo}-${arch}" ]; then
-	echo "Creating chroot for [${repo}] (${arch})..."
-
-	for copy in ${chroots}/${repo}-${arch}/*; do
-		[[ -d $copy ]] || continue
-		echo "Deleting chroot copy '$(basename "${copy}")'..."
-
-		# Lock the copy
-		exec 9>${copy}.lock
-		flock 9
-
-		{ type -P btrfs && btrfs subvolume delete ${copy}; } &>/dev/null
-		rm -rf ${copy}
-	done
-	exec 9>&-
-
-	rm -rf ${chroots}/${repo}-${arch}
-	mkdir -p ${chroots}/${repo}-${arch}
-	setarch ${arch} mkarchroot \
-		-C /usr/share/devtools/pacman-${repo}.conf \
-		-M /usr/share/devtools/makepkg-${arch}.conf \
-		${chroots}/${repo}-${arch}/root \
-		${base_packages}
-else
-	setarch ${arch} mkarchroot \
-		-u \
-		${chroots}/${repo}-${arch}/root
-fi
-
-echo "Building in chroot for [${repo}] (${arch})..."
-setarch ${arch} makechrootpkg -c -r ${chroots}/${repo}-${arch}

archbuild.in

@@ -0,0 +1,98 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+m4_include(lib/archroot.sh)
+
+base_packages=(base-devel)
+makechrootpkg_args=(-c -n -C)
+
+cmd="${0##*/}"
+if [[ "${cmd%%-*}" == 'multilib' ]]; then
+	repo="${cmd%-build}"
+	arch='x86_64'
+	base_packages+=(multilib-devel)
+else
+	tag="${cmd%-build}"
+	repo=${tag%-*}
+	arch=${tag##*-}
+fi
+if [[ -f "@pkgdatadir@/setarch-aliases.d/${arch}" ]]; then
+	read -r set_arch < "@pkgdatadir@/setarch-aliases.d/${arch}"
+else
+	set_arch="${arch}"
+fi
+chroots='/var/lib/archbuild'
+clean_first=false
+
+pacman_config="@pkgdatadir@/pacman-${repo}.conf"
+if [[ -f @pkgdatadir@/pacman-${repo}-${arch}.conf ]]; then
+    pacman_config="@pkgdatadir@/pacman-${repo}-${arch}.conf"
+fi
+makepkg_config="@pkgdatadir@/makepkg-${arch}.conf"
+if [[ -f @pkgdatadir@/makepkg-${repo}-${arch}.conf ]]; then
+    makepkg_config="@pkgdatadir@/makepkg-${repo}-${arch}.conf"
+fi
+
+usage() {
+	echo "Usage: $cmd [options] -- [makechrootpkg args]"
+	echo '    -h         This help'
+	echo '    -c         Recreate the chroot before building'
+	echo '    -r <dir>   Create chroots in this directory'
+	echo ''
+	echo "Default makechrootpkg args: ${makechrootpkg_args[*]}"
+	echo ''
+	exit 1
+}
+
+while getopts 'hcr:' arg; do
+	case "${arg}" in
+		c) clean_first=true ;;
+		r) chroots="$OPTARG" ;;
+		*) usage ;;
+	esac
+done
+
+check_root SOURCE_DATE_EPOCH,SRCDEST,SRCPKGDEST,PKGDEST,LOGDEST,MAKEFLAGS,PACKAGER,GNUPGHOME
+
+# Pass all arguments after -- right to makepkg
+makechrootpkg_args+=("${@:$OPTIND}")
+
+if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
+	msg "Creating chroot for [%s] (%s)..." "${repo}" "${arch}"
+
+	for copy in "${chroots}/${repo}-${arch}"/*; do
+		[[ -d $copy ]] || continue
+		msg2 "Deleting chroot copy '%s'..." "$(basename "${copy}")"
+
+		lock 9 "$copy.lock" "Locking chroot copy '%s'" "$copy"
+
+		subvolume_delete_recursive "${copy}"
+		rm -rf --one-file-system "${copy}"
+	done
+	lock_close 9
+
+	rm -rf --one-file-system "${chroots}/${repo}-${arch}"
+	(umask 0022; mkdir -p "${chroots}/${repo}-${arch}")
+	setarch "${set_arch}" mkarchroot \
+		-C "${pacman_config}" \
+		-M "${makepkg_config}" \
+		"${chroots}/${repo}-${arch}/root" \
+		"${base_packages[@]}" || abort
+else
+	lock 9 "${chroots}/${repo}-${arch}/root.lock" "Locking clean chroot"
+	arch-nspawn \
+		-C "${pacman_config}" \
+		-M "${makepkg_config}" \
+		"${chroots}/${repo}-${arch}/root" \
+		pacman -Syuu --noconfirm || abort
+fi
+
+# Always build official packages reproducibly
+if [[ ! -v SOURCE_DATE_EPOCH ]]; then
+	export SOURCE_DATE_EPOCH=$(date +%s)
+fi
+
+msg "Building in chroot for [%s] (%s)..." "${repo}" "${arch}"
+exec makechrootpkg -r "${chroots}/${repo}-${arch}" "${makechrootpkg_args[@]}"

archco

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-if [ "$1" = '' ]; then
-	echo 'Usage: archco <package name> [<package name>]'
-	exit 1
-fi
-
-for i in "$@"; do
-	svn co svn+ssh://gerolde.archlinux.org/srv/svn-packages/$i
-done

archco.in

@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+
+scriptname=${0##*/}
+
+if [[ -z $1 ]]; then
+	printf 'Usage: %s <package name>...\n' "$scriptname"
+	exit 1
+fi
+
+case $scriptname in
+	archco)
+		SVNURL="svn+ssh://svn-packages@repos.archlinux.org/srv/repos/svn-packages/svn";;
+	communityco)
+		SVNURL="svn+ssh://svn-community@repos.archlinux.org/srv/repos/svn-community/svn";;
+	*)
+		die "Couldn't find svn url for %s" "$scriptname"
+		;;
+esac
+
+for i in "$@"; do
+	svn co "$SVNURL/$i"
+done

archrelease

@@ -1,35 +0,0 @@
-#!/bin/bash
-
-abort() {
-	echo ${1:-'archrelease: Cancelled'}
-	exit 1
-}
-
-if [ "$1" = '' ]; then
-	abort 'Usage: archrelease <repo>'
-fi
-
-if [ ! -f PKGBUILD ]; then
-	abort 'archrelease: PKGBUILD not found'
-fi
-
-trunk=$(basename $(pwd))
-
-if [ "$(basename $(dirname $(pwd)))" == "repos" ]; then
-	abort 'archrelease: Not in a package trunk dir'
-fi
-
-if [ ! -z "$(svn status -q)" ]; then
-	abort 'archrelease: You have not committed your changes yet!'
-fi
-
-echo -n "releasing package to ${1}..."
-pushd .. >/dev/null
-if [ -d "repos/${1}" ]; then
-	svn rm --force -q "repos/${1}"
-	svn commit -q -m "archrelease: remove ${1}" || abort
-fi
-svn copy -q -r HEAD "${trunk}" "repos/${1}"
-svn commit -q -m "archrelease: copy ${trunk} to ${1}" || abort
-popd >/dev/null
-echo 'done'

archrelease.in

@@ -0,0 +1,92 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+m4_include(lib/valid-tags.sh)
+
+# parse command line options
+FORCE=
+while getopts ':f' flag; do
+	case $flag in
+		f) FORCE=1 ;;
+		:) die "Option requires an argument -- '%s'" "$OPTARG" ;;
+		\?) die "Invalid option -- '%s'" "$OPTARG" ;;
+	esac
+done
+shift $(( OPTIND - 1 ))
+
+if ! (( $# )); then
+	echo 'Usage: archrelease [-f] <repo>...'
+	exit 1
+fi
+
+# validate repo is really repo-arch
+if [[ -z $FORCE ]]; then
+	for tag in "$@"; do
+		if ! in_array "$tag" "${_tags[@]}"; then
+			die "archrelease: Invalid tag: '%s' (use -f to force release)" "$tag"
+		fi
+	done
+fi
+
+if [[ ! -f PKGBUILD ]]; then
+	die 'archrelease: PKGBUILD not found'
+fi
+
+trunk=${PWD##*/}
+
+# Normally this should be trunk, but it may be something
+# such as 'gnome-unstable'
+IFS='/' read -r -d '' -a parts <<< "$PWD"
+if [[ "${parts[*]:(-2):1}" == "repos" ]]; then
+	die 'archrelease: Should not be in repos dir (try from trunk/)'
+fi
+unset parts
+
+if [[ $(svn status -q) ]]; then
+	die 'archrelease: You have not committed your changes yet!'
+fi
+
+pushd .. >/dev/null
+mapfile -t known_files < <(svn ls -r HEAD "$trunk")
+wait $! || die "failed to discover committed files"
+for file in "${known_files[@]}"; do
+	if [[ ${file:(-1)} = '/' ]]; then
+		die "archrelease: subdirectories are not supported in package directories!"
+	fi
+done
+
+# gracefully handle files containing an "@" character
+known_files=("${known_files[@]/%/@}")
+
+# update repo directory first to avoid a commit failure
+svn up repos
+
+for tag in "$@"; do
+	stat_busy "Copying %s to %s" "${trunk}" "${tag}"
+
+	if [[ -d repos/$tag ]]; then
+		mapfile -t trash < <(svn ls "repos/$tag")
+		wait $! || die "failed to discover existing files"
+		if (( ${#trash[@]} )); then
+			trash=("${trash[@]/#/repos/$tag/}")
+			svn rm -q "${trash[@]/%/@}"
+		fi
+	else
+		mkdir -p "repos/$tag"
+		svn add --parents -q "repos/$tag"
+	fi
+
+	# copy all files at once from trunk to the subdirectory in repos/
+	svn copy -q -r HEAD "${known_files[@]/#/$trunk/}" "repos/$tag/"
+
+	stat_done
+done
+
+stat_busy "Releasing package"
+printf -v tag_list ", %s" "$@"; tag_list="${tag_list#, }"
+svn commit -q -m "archrelease: copy ${trunk} to $tag_list" || abort
+stat_done
+
+popd >/dev/null

archrm

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-if [ "$1" = '' ]; then
-	echo 'Usage: archrm <path to checkout>'
-	exit 1
-fi
-
-# FIXME: Check if there are uncommited changes
-#pushd $1
-#
-#popd
-
-rm -rf $1

bash_completion.in

@@ -1,9 +1,13 @@
+#!/hint/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
 _devtools_compgen() {
   local i r
   COMPREPLY=($(compgen -W '$*' -- "$cur"))
   for ((i=1; i < ${#COMP_WORDS[@]}-1; i++)); do
-    for r in ${!COMPREPLY[@]}; do
-      if [[ ${COMP_WORDS[i]} = ${COMPREPLY[r]} ]]; then
+    for r in "${!COMPREPLY[@]}"; do
+      if [[ ${COMP_WORDS[i]} = "${COMPREPLY[r]}" ]]; then
         unset 'COMPREPLY[r]'; break
       fi
     done
@@ -12,7 +16,7 @@ _devtools_compgen() {
 
 _archco_pkg() {
   _devtools_compgen "$(
-      \pacman -$1
+      command pacman "-$1"
   )"
 }
 
@@ -34,7 +38,7 @@ _makechrootpkg() {
 
   case $cur in
     -*)
-       COMPREPLY=( $( compgen -W '-I -c -d -h -l -r -u' -- "$cur" ) )
+       COMPREPLY=( $( compgen -W '-I -c -h -l -r -u' -- "$cur" ) )
        ;;
     *)
       _filedir
@@ -53,7 +57,7 @@ _mkarchroot() {
 
   case $cur in
     -*)
-       COMPREPLY=( $( compgen -W '-C -M -c -f -h -n -r -u' -- "$cur" ) )
+       COMPREPLY=( $( compgen -W '-C -M -c -h' -- "$cur" ) )
        ;;
     *)
       _filedir
@@ -65,5 +69,22 @@ _mkarchroot() {
 } &&
 complete -F _mkarchroot mkarchroot
 
+_arch-nspawn() {
+  local cur
+  COMPREPLY=()
+  _get_comp_words_by_ref cur
 
+  case $cur in
+    -*)
+       COMPREPLY=( $( compgen -W '-C -M -c -h' -- "$cur" ) )
+       ;;
+    *)
+      _filedir
+      return 0
+      ;;
+  esac
+
+  true
+} &&
+complete -F _arch-nspawn arch-nspawn
 # ex:et ts=2 sw=2 ft=sh

checkpkg

@@ -1,100 +0,0 @@
-#!/bin/bash
-
-# Source makepkg.conf; fail if it is not found
-if [ -r '/etc/makepkg.conf' ]; then
-	source '/etc/makepkg.conf'
-else
-	echo '/etc/makepkg.conf not found!'
-	exit 1
-fi
-
-# Source user-specific makepkg.conf overrides
-if [ -r ~/.makepkg.conf ]; then
-	source ~/.makepkg.conf
-fi
-
-strip_url() {
-	echo $1 | sed 's|^.*://.*/||g'
-}
-
-if [ ! -f PKGBUILD ]; then
-	echo 'This must be run in the directory of a built package.'
-	exit 1
-fi
-
-. PKGBUILD
-if [ "$arch" == 'any' ]; then
-	CARCH='any'
-fi
-
-STARTDIR=$(pwd)
-TEMPDIR=$(mktemp -d /tmp/checkpkg-script.XXXX)
-cd $TEMPDIR
-
-for _pkgname in ${pkgname[@]}; do
-	if [ -z ${epoch} ] ; then
-		pkgfile=${_pkgname}-${pkgver}-${pkgrel}-${CARCH}${PKGEXT}
-	else
-		pkgfile=${_pkgname}-${epoch}:${pkgver}-${pkgrel}-${CARCH}${PKGEXT}
-	fi
-
-	if [ -f "$STARTDIR/$pkgfile" ]; then
-		cp "$STARTDIR/$pkgfile" .
-	elif [ -f "$PKGDEST/$pkgfile" ]; then
-		cp "$PKGDEST/$pkgfile" .
-	else
-		echo "File \"$pkgfile\" doesn't exist"
-		exit 1
-	fi
-
-	tmp=`pacman -Spd --noconfirm $_pkgname`
-
-	if [ $? -ne 0 ]; then
-		echo "Couldn't download previous package for $_pkgname."
-		exit 1
-	fi
-
-	pkgurl=`echo $tmp | rev | cut -d ' ' -f 1 | rev`
-
-	oldpkg=`strip_url $pkgurl`
-
-	if [ "$(basename $oldpkg)" = "$(basename $pkgfile)" ]; then
-		echo "The built package ($_pkgname) is the one in the repo right now!"
-		exit 1
-	fi
-
-	if [ ! -f $oldpkg ]; then
-		if echo $pkgurl | grep '^file:///' > /dev/null 2>&1; then
-			cp `echo $pkgurl | sed 's#^file://##'` .
-		elif [ -f $PKGDEST/$oldpkg ]; then
-			cp $PKGDEST/$oldpkg .
-		elif [ -f $STARTDIR/$oldpkg ]; then
-			cp $STARTDIR/$oldpkg .
-		else
-			wget --quiet $pkgurl
-		fi
-	fi
-
-	bsdtar tf $oldpkg > filelist-$_pkgname-old
-	bsdtar tf "$pkgfile" > filelist-$_pkgname
-
-	sort -o filelist-$_pkgname filelist-$_pkgname
-	sort -o filelist-$_pkgname-old filelist-$_pkgname-old
-
-	sdiff -s filelist-$_pkgname-old filelist-$_pkgname
-
-	if diff filelist-$_pkgname-old filelist-$_pkgname | grep '\.so' > /dev/null 2>&1; then
-		mkdir -p pkg
-		cd pkg
-		bsdtar xf ../"$pkgfile" > /dev/null
-		for i in `diff ../filelist-$_pkgname-old ../filelist-$_pkgname | grep \> | grep \.so | awk '{print $2}'`; do
-			echo -n "${i}: "
-			objdump -p $i | grep SONAME
-		done
-		cd ..
-	else
-		echo "No soname differences for $_pkgname."
-	fi
-done
-
-echo "Files saved to $TEMPDIR"

checkpkg.in

@@ -0,0 +1,155 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+shopt -s extglob
+
+m4_include(lib/common.sh)
+
+usage() {
+    cat <<- _EOF_
+		Usage: ${BASH_SOURCE[0]##*/} [OPTIONS]
+
+		Searches for a locally built package corresponding to the PKGBUILD, and
+		downloads the last version of that package from the Pacman repositories.
+		It then compares the list of .so files provided by each version of the
+		package and outputs if there are soname differences for the new package.
+		A directory is also created using mktemp with files containing a file
+		list for both packages and a library list for both packages.
+
+		OPTIONS
+		    -r, --rmdir          Remove the temporary directory
+		    -w, --warn           Print a warning in case of differences
+		    -M, --makepkg-config Set an alternate makepkg configuration file
+		    -h, --help           Show this help text
+_EOF_
+}
+
+RMDIR=0
+WARN=0
+MAKEPKG_CONF=/etc/makepkg.conf
+
+# option checking
+while (( $# )); do
+	case $1 in
+		-h|--help)
+			usage
+			exit 0
+			;;
+		-r|--rmdir)
+			RMDIR=1
+			shift
+			;;
+		-w|--warn)
+			WARN=1
+			shift
+			;;
+		-M|--makepkg-config)
+			MAKEPKG_CONF="$2"
+			shift 2
+			;;
+		--)
+			shift
+			break
+			;;
+		-*,--*)
+			die "invalid argument: %s" "$1"
+			;;
+		*)
+			break
+			;;
+	esac
+done
+
+# Source makepkg.conf; fail if it is not found
+if [[ -r "${MAKEPKG_CONF}" ]]; then
+	# shellcheck source=makepkg-x86_64.conf
+	source "${MAKEPKG_CONF}"
+else
+	die "${MAKEPKG_CONF} not found!"
+fi
+
+# Source user-specific makepkg.conf overrides
+if [[ -r "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf"
+elif [[ -r "$HOME/.makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "$HOME/.makepkg.conf"
+fi
+
+if [[ ! -f PKGBUILD ]]; then
+	die 'This must be run in the directory of a built package.'
+fi
+
+# shellcheck source=PKGBUILD.proto
+. ./PKGBUILD
+if [[ ${arch[0]} == 'any' ]]; then
+	CARCH='any'
+fi
+
+STARTDIR=$(pwd)
+(( RMDIR )) && trap 'rm -rf $TEMPDIR' EXIT INT TERM QUIT
+TEMPDIR=$(mktemp -d --tmpdir checkpkg-script.XXXX)
+
+for _pkgname in "${pkgname[@]}"; do
+	comparepkg=$_pkgname
+	pkgurl=
+	target_pkgver=$(get_full_version "$_pkgname")
+	if ! pkgfile=$(find_cached_package "$_pkgname" "$target_pkgver" "$CARCH"); then
+		die 'tarball not found for package: %s' "${_pkgname}-$target_pkgver"
+	fi
+
+	ln -s "$pkgfile" "$TEMPDIR"
+
+	if (( $# )); then
+		case $1 in
+			*://*)
+				pkgurl=$1 ;;
+			/*|*/*)
+				pkgurl=$(readlink -m "$1") ;;
+			*.pkg.tar*)
+				pkgurl=$1 ;;
+			'')
+				;;
+			*)
+				comparepkg=$1 ;;
+		esac
+		shift
+	fi
+	[[ -n $pkgurl ]] || pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$comparepkg") ||
+		die "Couldn't download previous package for %s." "$comparepkg"
+
+	oldpkg=${pkgurl##*/}
+
+	if [[ ${oldpkg} = "${pkgfile##*/}" ]]; then
+		die "The built package (%s) is the one in the repo right now!" "$_pkgname"
+	fi
+
+	if [[ $pkgurl = file://* || ( $pkgurl = /* && -f $pkgurl ) ]]; then
+		ln -s "${pkgurl#file://}" "$TEMPDIR/$oldpkg"
+	elif [[ -f "$PKGDEST/$oldpkg" ]]; then
+		ln -s "$PKGDEST/$oldpkg" "$TEMPDIR/$oldpkg"
+	elif [[ -f "$STARTDIR/$oldpkg" ]]; then
+		ln -s "$STARTDIR/$oldpkg" "$TEMPDIR/$oldpkg"
+	else
+		curl -fsLC - --retry 3 --retry-delay 3 -o "$TEMPDIR/$oldpkg" "$pkgurl"
+	fi
+
+	bsdtar tf "$TEMPDIR/$oldpkg" | sort > "$TEMPDIR/filelist-$_pkgname-old"
+	bsdtar tf "$pkgfile" | sort > "$TEMPDIR/filelist-$_pkgname"
+
+	sdiff -s "$TEMPDIR/filelist-$_pkgname-old" "$TEMPDIR/filelist-$_pkgname"
+
+	find-libprovides "$TEMPDIR/$oldpkg" 2>/dev/null | sort > "$TEMPDIR/libraries-$_pkgname-old"
+	find-libprovides "$pkgfile" 2>/dev/null | sort > "$TEMPDIR/libraries-$_pkgname"
+	if ! diff_output="$(sdiff -s "$TEMPDIR/libraries-$_pkgname-old" "$TEMPDIR/libraries-$_pkgname")"; then
+		message="Sonames differ in $_pkgname!"
+		(( WARN )) && warning "$message" || msg "$message"
+		echo "$diff_output"
+	else
+		msg "No soname differences for %s." "$_pkgname"
+	fi
+done
+
+(( RMDIR )) || msg "Files saved to %s" "$TEMPDIR"

commitpkg

@@ -1,175 +0,0 @@
-#!/bin/bash
-
-abort() {
-	echo ${1:-'Cancelled'}
-	exit 1
-}
-
-getpkgfile() {
-	if [[ ${#} -ne 1 ]]; then
-		echo 'ERROR: No canonical package found!' >&2
-		exit 1
-	elif [ ! -f "${1}" ]; then
-		echo "ERROR: Package ${1} not found!" >&2
-		exit 1
-	fi
-
-	echo ${1}
-}
-
-##
-#  usage : get_full_version( $epoch, $pkgver, $pkgrel )
-# return : full version spec, including epoch (if necessary), pkgver, pkgrel
-##
-get_full_version() {
-	if [[ $1 -eq 0 ]]; then
-		# zero epoch case, don't include it in version
-		echo $2-$3
-	else
-		echo $1:$2-$3
-	fi
-}
-
-# Source makepkg.conf; fail if it is not found
-if [ -r '/etc/makepkg.conf' ]; then
-	source '/etc/makepkg.conf'
-else
-	abort '/etc/makepkg.conf not found!'
-fi
-
-# Source user-specific makepkg.conf overrides
-if [ -r ~/.makepkg.conf ]; then
-	. ~/.makepkg.conf
-fi
-
-cmd=$(basename "$0")
-
-if [ ! -f PKGBUILD ]; then
-	abort 'No PKGBUILD file'
-fi
-
-. PKGBUILD
-pkgbase=${pkgbase:-$pkgname}
-
-case "$cmd" in
-	commitpkg)
-		if [ $# -eq 0 ]; then
-			abort 'usage: commitpkg <reponame> [-l limit] [commit message]'
-		fi
-		repo="$1"
-		shift
-		;;
-	*pkg)
-		repo="${cmd%pkg}"
-		;;
-	*)
-		abort 'usage: commitpkg <reponame> [-l limit] [commit message]'
-		;;
-esac
-
-case "$repo" in
-	core|extra|testing|staging)
-		server='gerolde.archlinux.org' ;;
-	community*|multilib*)
-		server='aur.archlinux.org' ;;
-	*)
-		server='gerolde.archlinux.org'
-		echo "Non-standard repository $repo in use, defaulting to server $server" ;;
-esac
-
-# check if all local source files are under version control
-for s in ${source[@]}; do
-	echo $s | grep -Fvq '://' && \
-	svn status $s | grep -q '^\?' && \
-	abort "$s is not under version control"
-done
-
-# check if changelog and install files are under version control
-for i in 'changelog' 'install'; do
-	filelist=$(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
-	for file in $filelist; do
-		# evaluate any bash variables used
-		eval file=${file}
-		if svn status ${file} | grep -q '^\?'; then
-			abort "${file} is not under version control"
-		fi
-	done
-done
-
-# see if any limit options were passed, we'll send them to rsync
-rsyncopts='-e ssh -p --chmod=ug=rw,o=r -c -h -L --progress --partial -y'
-if [ "$1" = '-l' ]; then
-	rsyncopts="$rsyncopts --bwlimit=$2"
-	shift 2
-fi
-
-echo -n 'committing changes to trunk...'
-if [ -n "$1" ]; then
-	svn commit -q -m "upgpkg: $pkgbase $pkgver-$pkgrel
-$1" || abort
-else
-	svn commit -q || abort
-fi
-echo 'done'
-
-declare -a uploads
-
-for _arch in ${arch[@]}; do
-	for _pkgname in ${pkgname[@]}; do
-		fullver=$(get_full_version ${epoch:-0} $pkgver $pkgrel)
-		pkgfile=$(getpkgfile "$_pkgname-$fullver-${_arch}".pkg.tar.?z 2>/dev/null)
-		pkgdestfile=$(getpkgfile "$PKGDEST/$_pkgname-$fullver-${_arch}".pkg.tar.?z 2>/dev/null)
-
-		if [ -f "$pkgfile" ]; then
-			pkgfile="./$pkgfile"
-		elif [ -f "$pkgdestfile" ]; then
-			pkgfile="$pkgdestfile"
-		else
-			echo "skipping ${_arch}"
-			continue 2
-		fi
-		uploads+=("$pkgfile")
-
-		if [[ $SIGNPKG == 'y' ]]; then
-			echo "Signing package ${pkgfile}..."
-			if [[ -n $GPGKEY ]]; then
-				SIGNWITHKEY="-u ${GPGKEY}"
-			fi
-			gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || abort
-		fi
-
-		sigfile="${pkgfile}.sig"
-		if [ -f "${sigfile}" ]; then
-			uploads+=("$sigfile")
-		elif [[ $SIGNPKG == 'y' ]]; then
-			abort "Signature ${pkgfile}.sig was not found"
-		fi
-	done
-	archrelease $repo-${_arch} || abort
-done
-
-if [[ ${#uploads[*]} -gt 0 ]]; then
-	echo 'uploading all package and signature files'
-	rsync $rsyncopts "${uploads[@]}" "$server:staging/$repo/" || abort
-fi
-
-if [ "${arch[*]}" == 'any' ]; then
-	if [ -d ../repos/$repo-i686 -a -d ../repos/$repo-x86_64 ]; then
-		pushd ../repos/ >/dev/null
-		echo "removing $repo-i686 and $repo-x86_64..."
-		svn rm $repo-i686
-		svn rm $repo-x86_64
-		svn commit -q -m "removed $repo-i686 and $repo-x86_64 for $pkgname"
-		echo 'done'
-		popd >/dev/null
-	fi
-else
-	if [ -d ../repos/$repo-any ]; then
-		pushd ../repos/ >/dev/null
-		echo "removing $repo-any..."
-		svn rm $repo-any
-		svn commit -q -m "removed $repo-any for $pkgname"
-		echo 'done'
-		popd >/dev/null
-	fi
-fi

commitpkg.in

@@ -0,0 +1,223 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+
+# Source makepkg.conf; fail if it is not found
+if [[ -r '/etc/makepkg.conf' ]]; then
+	# shellcheck source=makepkg-x86_64.conf
+	source '/etc/makepkg.conf'
+else
+	die '/etc/makepkg.conf not found!'
+fi
+
+# Source user-specific makepkg.conf overrides
+if [[ -r "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf"
+elif [[ -r "$HOME/.makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "$HOME/.makepkg.conf"
+fi
+
+cmd=${0##*/}
+
+if [[ ! -f PKGBUILD ]]; then
+	die 'No PKGBUILD file'
+fi
+
+source=()
+# shellcheck source=PKGBUILD.proto
+. ./PKGBUILD
+pkgbase=${pkgbase:-$pkgname}
+
+case "$cmd" in
+	commitpkg)
+		if (( $# == 0 )); then
+			die 'Usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
+		fi
+		repo="$1"
+		shift
+		;;
+	*pkg)
+		repo="${cmd%pkg}"
+		;;
+	*)
+		die 'Usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
+		;;
+esac
+
+# find files which should be under source control
+needsversioning=()
+for s in "${source[@]}"; do
+	[[ $s != *://* ]] && needsversioning+=("$s")
+done
+for i in 'changelog' 'install'; do
+	while read -r file; do
+		# evaluate any bash variables used
+		eval "file=\"$(sed "s/^\(['\"]\)\(.*\)\1\$/\2/" <<< "$file")\""
+		needsversioning+=("$file")
+	done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
+done
+
+# assert that they really are controlled by SVN
+if (( ${#needsversioning[*]} )); then
+	# svn status's output is only two columns when the status is unknown
+	while read -r status filename; do
+		[[ $status = '?' ]] && unversioned+=("$filename")
+	done < <(svn status -v "${needsversioning[@]}")
+	(( ${#unversioned[*]} )) && die "%s is not under version control" "${unversioned[@]}"
+fi
+
+rsyncopts=(-e ssh -p '--chmod=ug=rw,o=r' -c -h -L --progress --partial -y)
+archreleaseopts=()
+while getopts ':l:a:s:f' flag; do
+	case $flag in
+		f) archreleaseopts+=('-f') ;;
+		s) server=$OPTARG ;;
+		l) rsyncopts+=("--bwlimit=$OPTARG") ;;
+		a) commit_arch=$OPTARG ;;
+		:) die "Option requires an argument -- '%s'" "$OPTARG" ;;
+		\?) die "Invalid option -- '%s'" "$OPTARG" ;;
+	esac
+done
+shift $(( OPTIND - 1 ))
+
+# check packages for validity
+for _arch in "${arch[@]}"; do
+	if [[ -n $commit_arch && ${_arch} != "$commit_arch" ]]; then
+		continue
+	fi
+	for _pkgname in "${pkgname[@]}"; do
+		fullver=$(get_full_version "$_pkgname")
+
+		if pkgfile=$(find_cached_package "$_pkgname" "$fullver" "$_arch"); then
+			check_package_validity "$pkgfile"
+		fi
+	done
+
+	fullver=$(get_full_version "$pkgbase")
+	if pkgfile=$(find_cached_package "$pkgbase-debug" "$fullver" "$_arch"); then
+		check_package_validity "$pkgfile"
+	fi
+done
+
+if [[ -z $server ]]; then
+	server='repos.archlinux.org'
+fi
+
+if [[ -n $(svn status -q) ]]; then
+	msgtemplate="upgpkg: $pkgbase $(get_full_version)"
+	if [[ -n $1 ]]; then
+		stat_busy 'Committing changes to trunk'
+		svn commit -q -m "${msgtemplate}: ${1}" || die
+		stat_done
+	else
+		msgfile="$(mktemp)"
+		echo "$msgtemplate" > "$msgfile"
+		if [[ -n $SVN_EDITOR ]]; then
+			$SVN_EDITOR "$msgfile"
+		elif [[ -n $VISUAL ]]; then
+			$VISUAL "$msgfile"
+		elif [[ -n $EDITOR ]]; then
+			$EDITOR "$msgfile"
+		else
+			vi "$msgfile"
+		fi
+		[[ -s $msgfile ]] || die
+		stat_busy 'Committing changes to trunk'
+		svn commit -q -F "$msgfile" || die
+		unlink "$msgfile"
+		stat_done
+	fi
+fi
+
+declare -a uploads
+declare -a commit_arches
+declare -a skip_arches
+
+for _arch in "${arch[@]}"; do
+	if [[ -n $commit_arch && ${_arch} != "$commit_arch" ]]; then
+		skip_arches+=("$_arch")
+		continue
+	fi
+
+	for _pkgname in "${pkgname[@]}"; do
+		fullver=$(get_full_version "$_pkgname")
+		if ! pkgfile=$(find_cached_package "$_pkgname" "$fullver" "${_arch}"); then
+			warning "Skipping %s: failed to locate package file" "$_pkgname-$fullver-$_arch"
+			skip_arches+=("$_arch")
+			continue 2
+		fi
+		uploads+=("$pkgfile")
+	done
+
+	fullver=$(get_full_version "$pkgbase")
+	if ! pkgfile=$(find_cached_package "$pkgbase-debug" "$fullver" "$_arch"); then
+		continue
+	fi
+	if ! is_debug_package "$pkgfile"; then
+		continue
+	fi
+	uploads+=("$pkgfile")
+done
+
+for pkgfile in "${uploads[@]}"; do
+	sigfile="${pkgfile}.sig"
+	if [[ ! -f $sigfile ]]; then
+		msg "Signing package %s..." "${pkgfile}"
+		if [[ -n $GPGKEY ]]; then
+			SIGNWITHKEY=(-u "${GPGKEY}")
+		fi
+		gpg --detach-sign --use-agent --no-armor "${SIGNWITHKEY[@]}" "${pkgfile}" || die
+	fi
+	if ! gpg --verify "$sigfile" "$pkgfile" >/dev/null 2>&1; then
+		die "Signature %s is incorrect!" "$sigfile"
+	fi
+	uploads+=("$sigfile")
+done
+
+for _arch in "${arch[@]}"; do
+	if ! in_array "$_arch" "${skip_arches[@]}"; then
+		commit_arches+=("$_arch")
+	fi
+done
+
+if [[ ${#commit_arches[*]} -gt 0 ]]; then
+	archrelease "${archreleaseopts[@]}" "${commit_arches[@]/#/$repo-}" || die
+fi
+
+if [[ ${#uploads[*]} -gt 0 ]]; then
+	new_uploads=()
+
+	# convert to absolute paths so rsync can work with colons (epoch)
+	while read -r -d '' upload; do
+		new_uploads+=("$upload")
+	done < <(realpath -z "${uploads[@]}")
+
+	uploads=("${new_uploads[@]}")
+	unset new_uploads
+	msg 'Uploading all package and signature files'
+	rsync "${rsyncopts[@]}" "${uploads[@]}" "$server:staging/$repo/" || die
+fi
+
+if [[ "${arch[*]}" == 'any' ]]; then
+	if [[ -d ../repos/$repo-x86_64 ]]; then
+		pushd ../repos/ >/dev/null
+		stat_busy "Removing %s" "$repo-x86_64"
+		svn rm -q "$repo-x86_64"
+		svn commit -q -m "Removed $repo-x86_64 for $pkgname"
+		stat_done
+		popd >/dev/null
+	fi
+else
+	if [[ -d ../repos/$repo-any ]]; then
+		pushd ../repos/ >/dev/null
+		stat_busy "Removing %s" "$repo-any"
+		svn rm -q "$repo-any"
+		svn commit -q -m "Removed $repo-any for $pkgname"
+		stat_done
+		popd >/dev/null
+	fi
+fi

communityco

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-if [ "$1" = '' ]; then
-	echo 'Usage: communityco <package name> [<package name>]'
-	exit 1
-fi
-
-for i in "$@"; do
-	svn co svn+ssh://aur.archlinux.org/srv/svn-packages/$i
-done

crossrepomove.in

@@ -0,0 +1,86 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+
+scriptname=${0##*/}
+
+if [[ -z $1 ]]; then
+	printf 'Usage: %s [pkgbase]\n' "$scriptname"
+	exit 1
+fi
+
+pkgbase="${1}"
+
+case $scriptname in
+	extra2community)
+		source_name='packages'
+		target_name='community'
+		source_repo='extra'
+		target_repo='community'
+		;;
+	community2extra)
+		source_name='community'
+		target_name='packages'
+		source_repo='community'
+		target_repo='extra'
+		;;
+	*)
+		die "Couldn't find configuration for %s" "$scriptname"
+		;;
+esac
+
+server='repos.archlinux.org'
+source_svn="svn+ssh://svn-${source_name}@${server}/srv/repos/svn-${source_name}/svn"
+target_svn="svn+ssh://svn-${target_name}@${server}/srv/repos/svn-${target_name}/svn"
+source_dbscripts="/srv/repos/svn-${source_name}/dbscripts"
+target_dbscripts="/srv/repos/svn-${target_name}/dbscripts"
+
+setup_workdir
+
+pushd "$WORKDIR" >/dev/null
+
+msg "Downloading sources for %s" "${pkgbase}"
+svn -q checkout -N "${target_svn}" target_checkout
+mkdir -p "target_checkout/${pkgbase}/repos"
+svn -q export "${source_svn}/${pkgbase}/trunk" "target_checkout/${pkgbase}/trunk" || die
+# shellcheck source=PKGBUILD.proto
+. "target_checkout/${pkgbase}/trunk/PKGBUILD"
+
+msg "Downloading packages for %s" "${pkgbase}"
+for _arch in "${arch[@]}"; do
+	if [[ "${_arch[*]}" == 'any' ]]; then
+		repo_arch='x86_64'
+	else
+		repo_arch=${_arch}
+	fi
+	for _pkgname in "${pkgname[@]}"; do
+		fullver=$(get_full_version "$_pkgname")
+		pkgpath="/srv/ftp/$source_repo/os/$repo_arch/$_pkgname-$fullver-${_arch}.pkg.tar.*"
+		# shellcheck disable=2029
+		ssh "$server" "cp $pkgpath staging/$target_repo" || die
+	done
+done
+
+msg "Adding %s to %s" "${pkgbase}" "${target_repo}"
+svn -q add "target_checkout/${pkgbase}"
+svn -q commit -m"${scriptname}: Moving ${pkgbase} from ${source_repo} to ${target_repo}" target_checkout
+pushd "target_checkout/${pkgbase}/trunk" >/dev/null
+archrelease "${arch[@]/#/$target_repo-}" || die
+popd >/dev/null
+
+# shellcheck disable=2029
+ssh "${server}" "${target_dbscripts}/db-update" || die
+
+msg "Removing %s from %s" "${pkgbase}" "${source_repo}"
+for _arch in "${arch[@]}"; do
+	# shellcheck disable=2029
+	ssh "${server}" "${source_dbscripts}/db-remove ${source_repo} ${_arch} ${pkgbase}"
+done
+svn -q checkout -N "${source_svn}" source_checkout
+svn -q up "source_checkout/${pkgbase}"
+svn -q rm "source_checkout/${pkgbase}"
+svn -q commit -m"${scriptname}: Moving ${pkgbase} from ${source_repo} to ${target_repo}" source_checkout
+
+popd >/dev/null

devtools-config.in

@@ -0,0 +1,46 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+pkgdatadir='@pkgdatadir@'
+
+# shellcheck disable=SC2059
+die() { printf "error: $1\n" "${@:2}" >&2; exit 1; }
+
+usage() {
+	cat <<- _EOF_
+		Usage: ${BASH_SOURCE[0]##*/} [OPTION...]
+
+		Manage and print environment specific devtools information.
+
+		OPTIONS
+		    --pkgdatadir    Print pkgdatadir location
+		    -h, --help      Show this help text
+_EOF_
+}
+
+print_pkgdatadir() {
+	printf "%s\n" "${pkgdatadir}"
+}
+
+if (( $# == 0 )); then
+	usage
+	exit 0
+fi
+
+# option checking
+while (( $# )); do
+	case $1 in
+		-h|--help)
+			usage
+			exit 0
+			;;
+		--pkgdatadir)
+			print_pkgdatadir
+			exit 0
+			;;
+		*)
+			die "invalid argument: %s" "$1"
+			;;
+	esac
+done

diffpkg.in

@@ -0,0 +1,228 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+shopt -s extglob
+
+m4_include(lib/common.sh)
+
+usage() {
+    cat <<- _EOF_
+		Usage: ${BASH_SOURCE[0]##*/} [OPTIONS] [MODES] [FILE|PKGNAME...]
+
+		Searches for a locally built package corresponding to the PKGBUILD, and
+		downloads the last version of that package from the Pacman repositories.
+		It then compares the package archives using different modes while using
+		simple tar content list by default.
+
+		When given one package, use it to diff against the locally built one.
+		When given two packages, diff both packages against each other.
+
+		In either case, a package name will be converted to a filename from the
+		cache, and diffpkg will proceed as though this filename was initially
+		specified.
+
+		OPTIONS
+		    -M, --makepkg-config Set an alternate makepkg configuration file
+		    -v, --verbose        Provide more detailed/unfiltered output
+		    -h, --help           Show this help text
+
+		MODES
+		    -l, --list           Activate content list diff mode (default)
+		    -d, --diffoscope     Activate diffoscope diff mode
+		    -p, --pkginfo        Activate .PKGINFO diff mode
+		    -b, --buildinfo      Activate .BUILDINFO diff mode
+_EOF_
+}
+
+MAKEPKG_CONF=/etc/makepkg.conf
+VERBOSE=0
+TARLIST=0
+DIFFOSCOPE=0
+PKGINFO=0
+BUILDINFO=0
+
+# option checking
+while (( $# )); do
+	case $1 in
+		-h|--help)
+			usage
+			exit 0
+			;;
+		-M|--makepkg-config)
+			MAKEPKG_CONF="$2"
+			shift 2
+			;;
+		-l|--list)
+			TARLIST=1
+			shift
+			;;
+		-d|--diffoscope)
+			DIFFOSCOPE=1
+			shift
+			;;
+		-p|--pkginfo)
+			PKGINFO=1
+			shift
+			;;
+		-b|--buildinfo)
+			BUILDINFO=1
+			shift
+			;;
+		-v|--verbose)
+			VERBOSE=1
+			shift
+			;;
+		--)
+			shift
+			break
+			;;
+		-*,--*)
+			die "invalid argument: %s" "$1"
+			;;
+		*)
+			break
+			;;
+	esac
+done
+
+if ! (( DIFFOSCOPE || TARLIST || PKGINFO || BUILDINFO )); then
+	TARLIST=1
+fi
+
+# Source makepkg.conf; fail if it is not found
+if [[ -r "${MAKEPKG_CONF}" ]]; then
+	# shellcheck source=makepkg-x86_64.conf
+	source "${MAKEPKG_CONF}"
+else
+	die "${MAKEPKG_CONF} not found!"
+fi
+
+# Source user-specific makepkg.conf overrides
+if [[ -r "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf"
+elif [[ -r "$HOME/.makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "$HOME/.makepkg.conf"
+fi
+
+STARTDIR=$(pwd)
+trap 'rm -rf $TMPDIR' EXIT INT TERM QUIT
+TMPDIR=$(mktemp -d --tmpdir diffpkg-script.XXXXXXXX)
+export TMPDIR
+
+tar_list() {
+	bsdtar tf "$*" | if (( VERBOSE )); then
+		cat
+	else
+		sed -E 's|^usr/lib/modules/[0-9][^/]+|usr/lib/modules/[…]|g'
+	fi | sort
+}
+
+diff_pkgs() {
+	local oldpkg newpkg
+	oldpkg=$(readlink -m "$1")
+	newpkg=$(readlink -m "$2")
+
+	[[ -f $oldpkg ]] || die "No such file: %s" "${oldpkg}"
+	[[ -f $newpkg ]] || die "No such file: %s" "${newpkg}"
+
+	if (( TARLIST )); then
+		tar_list "$oldpkg" > "$TMPDIR/filelist-old"
+		tar_list "$newpkg" > "$TMPDIR/filelist"
+
+		sdiff -s "$TMPDIR/filelist-old" "$TMPDIR/filelist"
+	fi
+
+	if (( PKGINFO )); then
+		bsdtar xOqf "$oldpkg" .PKGINFO > "$TMPDIR/pkginfo-old"
+		bsdtar xOqf "$newpkg" .PKGINFO > "$TMPDIR/pkginfo"
+
+		sdiff -s "$TMPDIR/pkginfo-old" "$TMPDIR/pkginfo"
+	fi
+
+	if (( BUILDINFO )); then
+		bsdtar xOqf "$oldpkg" .BUILDINFO > "$TMPDIR/buildinfo-old"
+		bsdtar xOqf "$newpkg" .BUILDINFO > "$TMPDIR/buildinfo"
+
+		sdiff -s "$TMPDIR/buildinfo-old" "$TMPDIR/buildinfo"
+	fi
+
+	if (( DIFFOSCOPE )); then
+		diffoscope "$oldpkg" "$newpkg"
+	fi
+}
+
+fetch_pkg() {
+	local pkg pkgdest pkgurl
+	case $1 in
+		*://*)
+			pkgurl=$1 ;;
+		/*|*/*)
+			pkgurl=$(readlink -m "$1") ;;
+		*.pkg.tar*)
+			pkgurl=$1 ;;
+		'')
+			;;
+		*)
+			pkg=$1 ;;
+	esac
+
+	[[ -n $pkgurl ]] || pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$pkg") ||
+		die "Couldn't download previous package for %s." "$pkg"
+
+	pkg=${pkgurl##*/}
+	pkgdest=$(mktemp -t -d "${pkg}-XXXXXX")/${pkg}
+
+	if [[ $pkgurl = file://* || ( $pkgurl = /* && -f $pkgurl ) ]]; then
+		ln -sf "${pkgurl#file://}" "$pkgdest"
+	elif [[ -f "$PKGDEST/$pkg" ]]; then
+		ln -sf "$PKGDEST/$pkg" "$pkgdest"
+	elif [[ -f "$STARTDIR/$pkg" ]]; then
+		ln -sf "$STARTDIR/$pkg" "$pkgdest"
+	elif [[ $pkgurl = *://* ]]; then
+		curl -fsLC - --retry 3 --retry-delay 3 -o "$pkgdest" "$pkgurl" || \
+			die "Couldn't download %s" "$pkgurl"
+	else
+		die "File not found: %s" "$pkgurl"
+	fi
+
+	echo "$pkgdest"
+}
+
+if (( $# < 2 )); then
+	if [[ ! -f PKGBUILD ]]; then
+		die "This must be run in the directory of a built package.\nTry '$(basename "$0") --help' for more information."
+	fi
+
+	# shellcheck source=PKGBUILD.proto
+	. ./PKGBUILD
+	if [[ ${arch[0]} == 'any' ]]; then
+		CARCH='any'
+	fi
+
+	for _pkgname in "${pkgname[@]}"; do
+		comparepkg=$_pkgname
+		pkgurl=
+		target_pkgver=$(get_full_version "$_pkgname")
+		if ! pkgfile=$(find_cached_package "$_pkgname" "$target_pkgver" "$CARCH"); then
+			die 'tarball not found for package: %s' "${_pkgname}-$target_pkgver"
+		fi
+
+		ln -s "$pkgfile" "$TMPDIR"
+
+		if (( $# )); then
+			comparepkg="$1"
+		fi
+
+		oldpkg=$(fetch_pkg "$comparepkg") || exit 1
+
+		diff_pkgs "$oldpkg" "$pkgfile"
+	done
+else
+	file1=$(fetch_pkg "$1") || exit 1
+	file2=$(fetch_pkg "$2") || exit 1
+
+	diff_pkgs "$file1" "$file2"
+fi

doc/arch-nspawn.1.asciidoc

@@ -0,0 +1,40 @@
+arch-nspawn(1)
+==============
+
+Name
+----
+arch-nspawn - Run a command or OS in a light-weight namespace container
+
+Synopsis
+--------
+arch-nspawn [options] working-dir [systemd-nspawn arguments]
+
+Description
+-----------
+
+'arch-nspawn' is a wrapper around systemd-nspawn to run command or OS in a
+namespace container such as a directory including base utilities of a OS.
+It is used to build package(s) in given clean and defined environment.
+
+Options
+-------
+
+*-C* <file>::
+	Location of a pacman config file
+
+*-M* <file>::
+	Location of a makepkg config file
+
+*-c* <dir>::
+	Set pacman cache, if no directory is specified the passed pacman.conf's cachedir is used with a fallback to '/etc/pacman.conf'
+
+*-f* <file>::
+	Copy file from the host to the chroot
+
+*-s*::
+	Do not run setarch
+
+*-h*::
+	Show this usage message
+
+include::footer.asciidoc[]

doc/archbuild.1.asciidoc

@@ -0,0 +1,47 @@
+archbuild(1)
+============
+
+Name
+----
+archbuild - a script to build an Arch Linux package inside a clean chroot.
+
+Synopsis
+--------
+archbuild [options] -- [makechrootpkg args]
+
+Description
+-----------
+
+'archbuild' is a script to build an Arch Linux package. archbuild is part of devtools but should only be used via one of the included symlinks:
+
+* extra-x86_64-build
+* gnome-unstable-x86_64-build
+* kde-unstable-x86_64-build
+* multilib-build
+* multilib-staging-build
+* multilib-testing-build
+* staging-x86_64-build
+* testing-x86_64-build
+
+The symlink used to run it will be inspected by archbuild, to determine which target you want it to use. It will load the available pacman configuration from 'pacman-reponame-arch.conf' with a fallback to 'pacman-reponame.conf' from {pkgdatadir}. The makepkg configuration is loaded from 'makepkg-repo-arch.conf' with a fallback to 'makepkg-reponame.conf' from {pkgdatadir}.
+
+
+Options
+-------
+
+*-h*::
+	Output command line options.
+
+*-c*::
+	Recreate the chroot before building.
+
+*-r* <dir>::
+	Create chroots in this directory.
+
+
+See Also
+--------
+
+linkman:devtools[7]
+
+include::footer.asciidoc[]

doc/asciidoc.conf

@@ -0,0 +1,37 @@
+## linkman: macro
+# Inspired by/borrowed from the GIT source tree at Documentation/asciidoc.conf
+#
+# Usage: linkman:command[manpage-section]
+#
+# Note, {0} is the manpage section, while {target} is the command.
+#
+# Show man link as: <command>(<section>); if section is defined, else just show
+# the command.
+
+[macros]
+(?su)[\\]?(?P<name>linkman):(?P<target>\S*?)\[(?P<attrlist>.*?)\]=
+
+[attributes]
+asterisk=&#42;
+plus=&#43;
+caret=&#94;
+startsb=&#91;
+endsb=&#93;
+backslash=&#92;
+tilde=&#126;
+apostrophe=&#39;
+backtick=&#96;
+litdd=&#45;&#45;
+
+ifdef::backend-docbook[]
+[linkman-inlinemacro]
+{0%{target}}
+{0#<citerefentry>}
+{0#<refentrytitle>{target}</refentrytitle><manvolnum>{0}</manvolnum>}
+{0#</citerefentry>}
+endif::backend-docbook[]
+
+ifdef::backend-xhtml11[]
+[linkman-inlinemacro]
+<a href="{target}.{0}.html">{target}{0?({0})}</a>
+endif::backend-xhtml11[]

doc/checkpkg.1.asciidoc

@@ -0,0 +1,43 @@
+checkpkg(1)
+===========
+
+Name
+----
+checkpkg - Compare the current build package with the repository version
+
+Synopsis
+--------
+checkpkg
+
+Description
+-----------
+
+Searches for a locally built package corresponding to the PKGBUILD, and
+downloads the last version of that package from the Pacman repositories. It
+then compares the list of .so files provided by each version of the package and
+outputs if there are soname differences for the new package. A directory is
+also created using mktemp with files containing a file list for both packages
+and a library list for both packages.
+
+Options
+-------
+
+*-r, --rmdir*::
+	Remove the temporary directory created to contain the file and library list
+	of both packages.
+
+*-w, --warn*::
+	Print a warning instead of a regular message in case of soname differences.
+
+*-M, --makepkg-config*::
+	Set an alternate makepkg configuration file.
+
+*-h, --help*::
+	Show a help text
+
+See Also
+--------
+
+linkman:find-libprovides[1]
+
+include::footer.asciidoc[]

doc/devtools-config.1.asciidoc

@@ -0,0 +1,26 @@
+devtools-config(1)
+================
+
+Name
+----
+devtools-config - Manage and print environment specific devtools information.
+
+Synopsis
+--------
+devtools-config [OPTIONS]
+
+Description
+-----------
+
+Manage and print environment specific devtools information.
+
+Options
+-------
+
+*--pkgdatadir*::
+	Print environment specific pkgdatadir location.
+
+*-h, --help*::
+	Show a help text.
+
+include::footer.asciidoc[]

doc/devtools.7.asciidoc

@@ -0,0 +1,55 @@
+devtools(7)
+===========
+
+Name
+----
+devtools - Developer tools for the Arch Linux distribution
+
+Description
+-----------
+
+Devtools contains tools for package maintenance in Arch Linux. The toolset
+varies from tools for building packages in a clean chroot ('mkarchroot',...),
+packaging related tools for sonames ('sogrep', 'lddd') and tools for
+repository management such as ('archco', 'extra2community')
+
+Programs
+--------
+The list below gives a short overview; see the respective documentation
+for details.
+
+linkman:archbuild[1]
+	Build an Arch Linux package inside a clean chroot
+
+linkman:arch-nspawn[1]
+	Run a command or OS in a light-weight namespace container
+
+linkman:checkpkg[1]
+	Compare the current build pakcage with the repository version
+
+linkman:find-libdeps[1]
+	Find soname dependencies for a package
+
+linkman:find-libprovides[1]
+	Find soname's which are provided by a package
+
+linkman:lddd[1]
+	Find broken library links on your system
+
+linkman:mkarchroot[1]
+	Creates an arch chroot in a specified location with a specified set of
+	packages
+
+linkman:makechrootpkg[1]
+	Build a PKGBUILD in a given chroot environment
+
+linkman:makerepropkg[1]
+	Rebuild a package to see if it is reproducible
+
+linkman:offload-build[1]
+	Build a PKGBUILD on a remote server using makechrootpkg
+
+linkman:sogrep[1]
+	Find packages using a linked to a given shared library
+
+include::footer.asciidoc[]

doc/diffpkg.1.asciidoc

@@ -0,0 +1,57 @@
+diffpkg(1)
+===========
+
+Name
+----
+diffpkg - Compare package files using different modes.
+
+Synopsis
+--------
+diffpkg [OPTIONS] [MODES] [FILE|PKGNAME...]
+
+Description
+-----------
+
+Searches for a locally built package corresponding to the PKGBUILD, and
+downloads the last version of that package from the Pacman repositories.
+It then compares the package archives using different modes while using
+simple tar content list by default.
+
+When given one package, use it to diff against the locally built one.
+When given two packages, diff both packages against each other.
+
+In either case, a package name will be converted to a filename from the
+cache, and diffpkg will proceed as though this filename was initially
+specified.
+
+Options
+-------
+
+*-M, --makepkg-config*::
+	Set an alternate makepkg configuration file
+
+*-v, --verbose*::
+	Provide more detailed/unfiltered output
+
+*-h, --help*::
+	Show a help text
+
+Modes
+-----
+
+*-l, --list*::
+	Activate tar content list diff mode (default)
+
+*-d, --diffoscope*::
+	Activate diffoscope diff mode
+
+*-p, --pkginfo*::
+	Activate .PKGINFO diff mode
+
+*-b, --buildinfo*::
+	Activate .BUILDINFO diff mode
+
+See Also
+--------
+
+include::footer.asciidoc[]

doc/find-libdeps.1.asciidoc

@@ -0,0 +1,24 @@
+find-libdeps(1)
+===============
+
+Name
+----
+find-libdeps - Find soname dependencies for a package
+
+Synopsis
+--------
+find-libdeps [options]
+
+Description
+-----------
+Finds soname dependencies of a package and prints out a list in the following
+format '<soname>=<soversion>-<soarch>'.
+
+Options
+-------
+
+*--ignore-internal*::
+	Ignore internal libraries.
+
+
+include::footer.asciidoc[]

doc/find-libprovides.1.asciidoc

@@ -0,0 +1,24 @@
+find-libprovides(1)
+===================
+
+Name
+----
+find-libprovides - Find soname's which are provided by a package
+
+Synopsis
+--------
+find-libprovides [options]
+
+Description
+-----------
+
+Finds soname's provided by a package and prints out a list in the following
+format '<soname>=<soversion>-<soarch>'.
+
+Options
+-------
+
+*--ignore-internal*::
+	Ignore internal libraries.
+
+include::footer.asciidoc[]

doc/footer.asciidoc

@@ -0,0 +1,29 @@
+
+Bugs
+----
+Bugs can be reported on the bug tracker 'https://bugs.archlinux.org' in the Arch
+Linux category and title prefixed with [devtools] or via
+mailto:arch-projects@archlinux.org[].
+
+
+Authors
+-------
+
+Maintainers:
+
+* Aaron Griffin <aaronmgriffin@gmail.com>
+* Allan McRae <allan@archlinux.org>
+* Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
+* Dan McGee <dan@archlinux.org>
+* Dave Reisner <dreisner@archlinux.org>
+* Evangelos Foutras <evangelos@foutrelis.com>
+* Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
+* Jelle van der Waa <jelle@archlinux.org>
+* Levente Polyak <anthraxx@archlinux.org>
+* Pierre Schmitz <pierre@archlinux.de>
+* Sébastien Luttringer <seblu@seblu.net>
+* Sven-Hendrik Haase <svenstaro@gmail.com>
+* Thomas Bächler <thomas@archlinux.org>
+
+For additional contributors, use `git shortlog -s` on the devtools.git
+repository.

doc/lddd.1.asciidoc

@@ -0,0 +1,25 @@
+lddd(1)
+=======
+
+Name
+----
+lddd - Find broken library links on your system
+
+Synopsis
+--------
+lddd
+
+Description
+-----------
+
+Scans '$PATH', '/lib', '/usr/lib', '/usr/local/lib' and
+'/etc/ld.so.conf.d/*.conf' directories for ELF files with references to missing
+shared libraries, and suggests which packages might need to be rebuilt. The
+collected data is written to a temporary directory created by mktemp.
+
+See Also
+--------
+
+linkman:ldd[1]
+
+include::footer.asciidoc[]

doc/makechrootpkg.1.asciidoc

@@ -0,0 +1,76 @@
+makechrootpkg(1)
+================
+
+Name
+----
+makechrootpkg - Build a PKGBUILD in a given chroot environment
+
+Synopsis
+--------
+makechrootpkg [OPTIONS] -r <chrootdir> [--] [makepkg args]
+
+Description
+-----------
+
+Run this script in a directory containing a PKGBUILD to build a package
+inside a clean chroot. Arguments passed to this script after the
+end-of-options marker (--) will be passed to makepkg.
+
+The chroot dir consists of the following directories:
+<chrootdir>/{root, copy} but only "root" is required
+by default. The working copy will be created as needed
+
+The chroot "root" directory must be created via the following
+command:
+	mkarchroot <chrootdir>/root base-devel
+
+This script reads {SRC,SRCPKG,PKG,LOG}DEST, MAKEFLAGS and PACKAGER
+from makepkg.conf(5), if those variables are not part of the
+environment.
+
+Default makepkg args: --syncdeps --noconfirm --log --holdver --skipinteg
+
+Options
+-------
+
+*-h*::
+	Show this usage message
+
+*-c*::
+	Clean the chroot before building
+
+*-d* <dir>::
+	Bind directory into build chroot as read-write
+
+*-D* <dir>::
+	Bind directory into build chroot as read-only
+
+*-u*::
+	Update the working copy of the chroot before building
+	This is useful for rebuilds without dirtying the pristine
+	chroot
+
+*-r* <dir>::
+	The chroot dir to use
+
+*-I* <pkg>::
+	Install a package into the working copy of the chroot
+
+*-l* <copy>::
+	The directory to use as the working copy of the chroot
+	Useful for maintaining multiple copies
+	Default: $USER
+
+*-n*::
+	Run namcap on the build package
+
+*-C*::
+	Run checkpkg on the build package
+
+*-T*::
+	Build in a temporary directory
+
+*-U*::
+	Run makepkg as a specified user
+
+include::footer.asciidoc[]

doc/makerepropkg.1.asciidoc

@@ -0,0 +1,59 @@
+makerepropkg(1)
+================
+
+Name
+----
+makerepropkg - Rebuild a package to see if it is reproducible
+
+Synopsis
+--------
+makerepropkg [OPTIONS] [<package_file|pkgname>...]
+
+Description
+-----------
+
+Given the path to a built pacman package(s), attempt to rebuild it using the
+PKGBUILD in the current directory. The package will be built in an environment
+as closely matching the environment of the initial package as possible, by
+building up a chroot to match the information exposed in the package's
+linkman:BUILDINFO[5] manifest. On success, the resulting package will be
+compared to the input package, and makerepropkg will report whether the
+artifacts are identical.
+
+When given multiple packages, additional package files are assumed to be split
+packages and will be treated as additional artifacts to compare during the
+verification step.
+
+A valid target(s) for pacman -S can be specified instead, and makerepropkg will
+download it to the cache if needed. This is mostly useful to specify which
+repository to retrieve from. If no positional arguments are specified, the
+targets will be sourced from the PKGBUILD.
+
+In either case, the package name will be converted to a filename from the
+cache, and makerepropkg will proceed as though this filename was initially
+specified.
+
+This implements a verifier for pacman/libalpm packages in accordance with the
+link:https://reproducible-builds.org/[Reproducible Builds] project.
+
+Options
+-------
+
+*-d*::
+	If packages are not reproducible, compare them using diffoscope.
+
+*-c*::
+	Set the pacman cache directory.
+
+*-M* <file>::
+	Location of a makepkg config file.
+
+*-l* <chroot>::
+	The directory name to use as the chroot namespace
+	Useful for maintaining multiple copies
+	Default: $USER
+
+*-h*::
+	Show this usage message
+
+include::footer.asciidoc[]

doc/mkarchroot.1.asciidoc

@@ -0,0 +1,49 @@
+mkarchroot(1)
+==============
+
+Name
+----
+mkarchroot - Creates an arch chroot in a specified location with a specified set of packages
+
+Synopsis
+--------
+mkarchroot [options] [location] [packages]
+
+Description
+-----------
+
+'mkarchroot' is a script to create an Arch Linux chroot at a specified location
+with specified packages. Typically used by 'makechrootpkg' to create build
+chroots. Apart from installing specified packages the chroot is created with an
+en_US.UTF-8 and de_DE.UTF-8 locale and a generated machine-id.
+
+Options
+-------
+
+*-U*::
+	Use 'pacman -U' to install packages.
+
+*-C* <file>::
+	Location of a pacman config file.
+
+*-M* <file>::
+	Location of a makepkg config file.
+
+*-c* <dir>::
+	Set pacman cache.
+
+*-f* <file>::
+	Copy file from the host to the chroot.
+
+*-s*::
+	Do not run setarch.
+
+*-h*::
+	Output command line options.
+
+See Also
+--------
+
+linkman:pacman[1]
+
+include::footer.asciidoc[]

doc/offload-build.1.asciidoc

@@ -0,0 +1,52 @@
+offload-build(1)
+================
+
+Name
+----
+offload-build - Build a PKGBUILD on a remote server using makechrootpkg
+
+Synopsis
+--------
+offload-build [OPTIONS] -- [ARCHBUILD_OPTIONS]
+
+Description
+-----------
+
+Build a PKGBUILD on a remote server using makechrootpkg. Requires a remote user
+that can run archbuild in a non-interactive manner, e.g. must be able to
+elevate permissions using passwordless sudo.
+
+Options
+-------
+
+*-r, --repo* <reponame>::
+	Build against a specific repository. The default is `extra`, to build packages using
+	the stable repositories via extra-x86_64-build.
+
+*-a, --arch* <architecture>::
+	Build against a specific architecture. The default is `x86_64`, the only
+	architecture officially supported by Arch Linux.
+
+*-s, --server* <hostname>::
+	Offload to a specific build server. The default is build.archlinux.org
+	which is used as part of the build toolchain for the official Arch Linux
+	repos.
+
+*-h, --help*::
+	Show a help text.
+
+Passing options to archbuild
+----------------------------
+
+Options after a delimiting -- are passed on to archbuild on the remote.
+archbuild in turn supports passing arguments on to makechrootpkg, which in turn
+supports passing options to makepkg. Since each uses -- to delimit options that
+are forwarded, make sure to escape them properly:
+
+	`offload-build offload-args -- archbuild-args -- makechrootpkg-args -- makepkg-args`
+
+Example: To use a second `testing-x86_64-build` instance with another copydir:
+
+	`offload-build -r testing -- -- -l <chroot_copy>`
+
+include::footer.asciidoc[]

doc/sogrep.1.asciidoc

@@ -0,0 +1,48 @@
+sogrep(1)
+=========
+
+Name
+----
+sogrep - Find shared library links in an Arch Linux repository
+
+Synopsis
+--------
+sogrep [options] repo libname
+
+Description
+-----------
+
+Check the soname links database for Arch Linux repositories containing packages
+linked to a given shared library. If the repository specified is "all", then
+all repositories will be searched, otherwise only the named repository will be
+searched.
+
+If the links database does not exist, it will be downloaded first.
+
+Options
+-------
+
+*-v, --verbose*::
+    Provide detailed output containing the matched links for each package, the
+    repository it came from (in the event that all repositories are being
+    searched), and, in combination with `-r`, a progress bar for the links
+    database download.
+
+*-r, --refresh*::
+	Refresh the links databases
+
+*-h, --help*::
+	Show a help text
+
+
+Environment Variables
+---------------------
+**SOLINKS_MIRROR**="https://mirror.foo.com"
+	Alternative mirror to use for downloading soname links database.
+
+**SOCACHE_DIR**="/path/to/directory"::
+	Directory where soname links database is stored, overrides the default
+	directory set by the **XDG_CACHE_HOME** environment variable or the
+	**HOME** environment variable if **XDG_CACHE_HOME** is not set.
+
+include::footer.asciidoc[]

find-libdeps.in

@@ -0,0 +1,89 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+
+set -e
+shopt -s extglob
+
+IGNORE_INTERNAL=0
+
+if [[ $1 = "--ignore-internal" ]]; then
+	IGNORE_INTERNAL=1
+	shift
+fi
+
+script_mode=${BASH_SOURCE[0]##*/find-lib}
+
+case $script_mode in
+	deps|provides) true;;
+	*) die "Unknown mode %s" "$script_mode" ;;
+esac
+
+if [[ -z $1 ]]; then
+	echo "${0##*/} [options] <package file|extracted package dir>"
+	echo "Options:"
+	echo "    --ignore-internal      ignore internal libraries"
+	exit 1
+fi
+
+if [[ -d $1 ]]; then
+	pushd "$1" >/dev/null
+else
+	setup_workdir
+
+	case ${script_mode} in
+		deps) bsdtar -C "$WORKDIR" -xf "$1";;
+		provides) bsdtar -C "$WORKDIR" -xf "$1" --include="*.so*";;
+	esac
+
+	pushd "$WORKDIR" >/dev/null
+fi
+
+process_sofile() {
+	# extract the library name: libfoo.so
+	soname="${sofile%.so?(+(.+([0-9])))}".so
+	# extract the major version: 1
+	soversion="${sofile##*\.so\.}"
+	if [[ "$soversion" = "$sofile" ]] && ((IGNORE_INTERNAL)); then
+		return
+	fi
+	if ! in_array "${soname}=${soversion}-${soarch}" "${soobjects[@]}"; then
+		# libfoo.so=1-64
+		echo "${soname}=${soversion}-${soarch}"
+		soobjects+=("${soname}=${soversion}-${soarch}")
+	fi
+}
+
+case $script_mode in
+	deps) find_args=(-perm -u+x);;
+	provides) find_args=(-name '*.so*');;
+esac
+
+find . -type f "${find_args[@]}" | while read -r filename; do
+	if [[ $script_mode = "provides" ]]; then
+		# ignore if we don't have a shared object
+		if ! LC_ALL=C readelf -h "$filename" 2>/dev/null | grep -q '.*Type:.*DYN (Shared object file).*'; then
+			continue
+		fi
+	fi
+
+	# get architecture of the file; if soarch is empty it's not an ELF binary
+	soarch=$(LC_ALL=C readelf -h "$filename" 2>/dev/null | sed -n 's/.*Class.*ELF\(32\|64\)/\1/p')
+	[[ -n $soarch ]] || continue
+
+	if [[ $script_mode = "provides" ]]; then
+		# get the string binaries link to: libfoo.so.1.2 -> libfoo.so.1
+		sofile=$(LC_ALL=C readelf -d "$filename" 2>/dev/null | sed -n 's/.*Library soname: \[\(.*\)\].*/\1/p')
+		[[ -z $sofile ]] && sofile="${filename##*/}"
+		process_sofile
+	elif [[ $script_mode = "deps" ]]; then
+		# process all libraries needed by the binary
+		for sofile in $(LC_ALL=C readelf -d "$filename" 2>/dev/null | sed -nr 's/.*Shared library: \[(.*)\].*/\1/p'); do
+			process_sofile
+		done
+	fi
+done
+
+popd >/dev/null

finddeps.in

@@ -2,45 +2,40 @@
 #
 # finddeps - find packages that depend on a given depname
 #
+# SPDX-License-Identifier: GPL-3.0-or-later
 
-if [ "$1" = '' ]; then
-	echo 'usage: finddeps <depname>'
+m4_include(lib/common.sh)
+
+match=$1
+
+if [[ -z $match ]]; then
+	echo 'Usage: finddeps <depname>'
 	echo ''
 	echo 'Find packages that depend on a given depname.'
 	echo 'Run this script from the top-level directory of your ABS tree.'
 	echo ''
-	exit 0
+	exit 1
 fi
 
-match=$1
-tld=$(pwd)
-
-for d in $(find . -type d); do
-	cd $d
-	if [ -f PKGBUILD ]; then
-		unset pkgname depends makedepends
-		. PKGBUILD
+find . -type d -print0 2>/dev/null| while read -r -d '' d; do
+	if [[ -f "$d/PKGBUILD" ]]; then
+		pkgname=() depends=() makedepends=() optdepends=()
+		# shellcheck source=PKGBUILD.proto
+		. "$d/PKGBUILD"
 		for dep in "${depends[@]}"; do
 			# lose the version comparator, if any
 			depname=${dep%%[<>=]*}
-			if [ "$depname" = "$match" ]; then
-				echo "$d (depends)"
-			fi
+			[[ $depname = "$match" ]] && echo "$d (depends)"
 		done
 		for dep in "${makedepends[@]}"; do
 			# lose the version comparator, if any
 			depname=${dep%%[<>=]*}
-			if [ "$depname" = "$match" ]; then
-				echo "$d (makedepends)"
-			fi
+			[[ $depname = "$match" ]] && echo "$d (makedepends)"
 		done
 		for dep in "${optdepends[@]/:*}"; do
 			# lose the version comaparator, if any
 			depname=${dep%%[<>=]*}
-			if [ "$depname" = "$match" ]; then
-				echo "$d (optdepends)"
-			fi
+			[[ $depname = "$match" ]] && echo "$d (optdepends)"
 		done
 	fi
-	cd $tld
 done

lddd

@@ -1,46 +0,0 @@
-#!/bin/sh
-#
-# lddd - find broken library links on your machine
-#
-
-ifs=$IFS
-IFS=':'
-
-libdirs='/lib:/usr/lib:/opt/qt/lib:/opt/kde/lib:/usr/lib/libfakeroot:/opt/NX/lib'
-extras=
-
-TEMPDIR=$(mktemp -d /tmp/lddd-script.XXXX)
-
-echo 'Go out and drink some tea, this will take a while :) ...'
-#  Check ELF binaries in the PATH and specified dir trees.
-for tree in $PATH $libdirs $extras; do
-	echo DIR $tree
-
-	#  Get list of files in tree.
-	files=$(find $tree -type f ! -name '*.a' ! -name '*.la' ! -name '*.py*' ! -name '*.txt' ! -name '*.h' ! -name '*.ttf' ! \
-	-name '*.rb' ! -name '*.ko' ! -name '*.pc' ! -name '*.enc' ! -name '*.cf' ! -name '*.def' ! -name '*.rules' ! -name \
-	'*.cmi' ! -name  '*.mli' ! -name '*.ml' ! -name '*.cma' ! -name '*.cmx' ! -name '*.cmxa' ! -name '*.pod' ! -name '*.pm' \
-	! -name '*.pl' ! -name '*.al' ! -name '*.tcl' ! -name '*.bs' ! -name '*.o' ! -name '*.png' ! -name '*.gif' ! -name '*.cmo' \
-	! -name '*.cgi' ! -name '*.defs' ! -name '*.conf' ! -name '*_LOCALE' ! -name 'Compose' ! -name '*_OBJS' ! -name '*.msg' ! \
-	-name '*.mcopclass' ! -name '*.mcoptype')
-	IFS=$ifs
-	for i in $files; do
-		if [ `file $i | grep -c 'ELF'` -ne 0 ]; then
-			#  Is an ELF binary.
-			if [ `ldd $i 2>/dev/null | grep -c 'not found'` -ne 0 ]; then
-				#  Missing lib.
-				echo "$i:" >> $TEMPDIR/raw.txt
-				ldd $i 2>/dev/null | grep 'not found' >> $TEMPDIR/raw.txt
-			fi
-		fi
-	done
-done
-grep '^/' $TEMPDIR/raw.txt | sed -e 's/://g' >> $TEMPDIR/affected-files.txt
-# invoke pacman
-for i in $(cat $TEMPDIR/affected-files.txt); do
-	pacman -Qo $i | awk '{print $4,$5}' >> $TEMPDIR/pacman.txt
-done
-# clean list
-sort -u $TEMPDIR/pacman.txt >> $TEMPDIR/possible-rebuilds.txt
-
-echo "Files saved to $TEMPDIR"

lddd.in

@@ -0,0 +1,49 @@
+#!/bin/bash
+#
+# lddd - find broken library links on your machine
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+
+ifs=$IFS
+IFS="${IFS}:"
+
+libdirs="/lib /usr/lib /usr/local/lib $(cat /etc/ld.so.conf.d/*)"
+extras=
+
+TEMPDIR=$(mktemp -d --tmpdir lddd-script.XXXX)
+
+msg 'Go out and drink some tea, this will take a while :) ...'
+#  Check ELF binaries in the PATH and specified dir trees.
+for tree in $PATH $libdirs $extras; do
+	msg2 "DIR %s" "$tree"
+
+	#  Get list of files in tree.
+	files=$(find "$tree" -type f ! -name '*.a' ! -name '*.la' ! -name '*.py*' ! -name '*.txt' ! -name '*.h' ! -name '*.ttf' ! \
+	-name '*.rb' ! -name '*.ko' ! -name '*.pc' ! -name '*.enc' ! -name '*.cf' ! -name '*.def' ! -name '*.rules' ! -name \
+	'*.cmi' ! -name  '*.mli' ! -name '*.ml' ! -name '*.cma' ! -name '*.cmx' ! -name '*.cmxa' ! -name '*.pod' ! -name '*.pm' \
+	! -name '*.pl' ! -name '*.al' ! -name '*.tcl' ! -name '*.bs' ! -name '*.o' ! -name '*.png' ! -name '*.gif' ! -name '*.cmo' \
+	! -name '*.cgi' ! -name '*.defs' ! -name '*.conf' ! -name '*_LOCALE' ! -name 'Compose' ! -name '*_OBJS' ! -name '*.msg' ! \
+	-name '*.mcopclass' ! -name '*.mcoptype')
+	IFS=$ifs
+	for i in $files; do
+		if (( $(file "$i" | grep -c 'ELF') != 0 )); then
+			#  Is an ELF binary.
+			if (( $(ldd "$i" 2>/dev/null | grep -c 'not found') != 0 )); then
+				#  Missing lib.
+				echo "$i:" >> "$TEMPDIR/raw.txt"
+				ldd "$i" 2>/dev/null | grep 'not found' >> "$TEMPDIR/raw.txt"
+			fi
+		fi
+	done
+done
+grep '^/' "$TEMPDIR/raw.txt" | sed -e 's/://g' >> "$TEMPDIR/affected-files.txt"
+# invoke pacman
+while read -r i; do
+	pacman -Qo "$i" | awk '{print $4,$5}' >> "$TEMPDIR/pacman.txt"
+done < "$TEMPDIR/affected-files.txt"
+# clean list
+sort -u "$TEMPDIR/pacman.txt" >> "$TEMPDIR/possible-rebuilds.txt"
+
+msg "Files saved to %s" "$TEMPDIR"

lib/archroot.sh

@@ -0,0 +1,62 @@
+#!/hint/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+:
+
+# shellcheck disable=2034
+CHROOT_VERSION='v4'
+
+##
+#  usage : check_root $keepenv
+##
+orig_argv=("${BASH_SOURCE[0]}" "$@")
+check_root() {
+	local keepenv=$1
+
+	(( EUID == 0 )) && return
+	if type -P sudo >/dev/null; then
+		exec sudo --preserve-env=$keepenv -- "${orig_argv[@]}"
+	else
+		exec su root -c "$(printf ' %q' "${orig_argv[@]}")"
+	fi
+}
+
+##
+#  usage : is_btrfs( $path )
+# return : whether $path is on a btrfs
+##
+is_btrfs() {
+	[[ -e "$1" && "$(stat -f -c %T "$1")" == btrfs ]]
+}
+
+##
+#  usage : is_subvolume( $path )
+# return : whether $path is a the root of a btrfs subvolume (including
+#          the top-level subvolume).
+##
+is_subvolume() {
+	[[ -e "$1" && "$(stat -f -c %T "$1")" == btrfs && "$(stat -c %i "$1")" == 256 ]]
+}
+
+##
+#  usage : subvolume_delete_recursive( $path )
+#
+#    Find all btrfs subvolumes under and including $path and delete them.
+##
+subvolume_delete_recursive() {
+	local subvol
+
+	is_subvolume "$1" || return 0
+
+	while IFS= read -d $'\0' -r subvol; do
+		if ! subvolume_delete_recursive "$subvol"; then
+			return 1
+		fi
+	done < <(find "$1" -mindepth 1 -xdev -depth -inum 256 -print0)
+	if ! btrfs subvolume delete "$1" &>/dev/null; then
+		error "Unable to delete subvolume %s" "$subvol"
+		return 1
+	fi
+
+	return 0
+}

lib/common.sh

@@ -0,0 +1,261 @@
+#!/hint/bash
+#
+# This may be included with or without `set -euE`
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[[ -z ${_INCLUDE_COMMON_SH:-} ]] || return 0
+_INCLUDE_COMMON_SH="$(set +o|grep nounset)"
+
+set +u +o posix
+# shellcheck disable=1091
+. /usr/share/makepkg/util.sh
+$_INCLUDE_COMMON_SH
+
+# Avoid any encoding problems
+export LANG=C
+
+# Set buildtool properties
+export BUILDTOOL=devtools
+export BUILDTOOLVER=m4_devtools_version
+
+shopt -s extglob
+
+# check if messages are to be printed using color
+if [[ -t 2 && "$TERM" != dumb ]]; then
+	colorize
+else
+	# shellcheck disable=2034
+	declare -gr ALL_OFF='' BOLD='' BLUE='' GREEN='' RED='' YELLOW=''
+fi
+
+stat_busy() {
+	local mesg=$1; shift
+	# shellcheck disable=2059
+	printf "${GREEN}==>${ALL_OFF}${BOLD} ${mesg}...${ALL_OFF}" "$@" >&2
+}
+
+stat_done() {
+	# shellcheck disable=2059
+	printf "${BOLD}done${ALL_OFF}\n" >&2
+}
+
+_setup_workdir=false
+setup_workdir() {
+	[[ -z ${WORKDIR:-} ]] && WORKDIR=$(mktemp -d --tmpdir "${0##*/}.XXXXXXXXXX")
+	_setup_workdir=true
+	trap 'trap_abort' INT QUIT TERM HUP
+	trap 'trap_exit' EXIT
+}
+
+cleanup() {
+	if [[ -n ${WORKDIR:-} ]] && $_setup_workdir; then
+		rm -rf "$WORKDIR"
+	fi
+	exit "${1:-0}"
+}
+
+abort() {
+	error 'Aborting...'
+	cleanup 255
+}
+
+trap_abort() {
+	trap - EXIT INT QUIT TERM HUP
+	abort
+}
+
+trap_exit() {
+	local r=$?
+	trap - EXIT INT QUIT TERM HUP
+	cleanup $r
+}
+
+die() {
+	(( $# )) && error "$@"
+	cleanup 255
+}
+
+##
+#  usage : lock( $fd, $file, $message, [ $message_arguments... ] )
+##
+lock() {
+	# Only reopen the FD if it wasn't handed to us
+	if ! [[ "/dev/fd/$1" -ef "$2" ]]; then
+		mkdir -p -- "$(dirname -- "$2")"
+		eval "exec $1>"'"$2"'
+	fi
+
+	if ! flock -n "$1"; then
+		stat_busy "${@:3}"
+		flock "$1"
+		stat_done
+	fi
+}
+
+##
+#  usage : slock( $fd, $file, $message, [ $message_arguments... ] )
+##
+slock() {
+	# Only reopen the FD if it wasn't handed to us
+	if ! [[ "/dev/fd/$1" -ef "$2" ]]; then
+		mkdir -p -- "$(dirname -- "$2")"
+		eval "exec $1>"'"$2"'
+	fi
+
+	if ! flock -sn "$1"; then
+		stat_busy "${@:3}"
+		flock -s "$1"
+		stat_done
+	fi
+}
+
+##
+#  usage : lock_close( $fd )
+##
+lock_close() {
+	local fd=$1
+	# https://github.com/koalaman/shellcheck/issues/862
+	# shellcheck disable=2034
+	exec {fd}>&-
+}
+
+##
+# usage: pkgver_equal( $pkgver1, $pkgver2 )
+##
+pkgver_equal() {
+	if [[ $1 = *-* && $2 = *-* ]]; then
+		# if both versions have a pkgrel, then they must be an exact match
+		[[ $1 = "$2" ]]
+	else
+		# otherwise, trim any pkgrel and compare the bare version.
+		[[ ${1%%-*} = "${2%%-*}" ]]
+	fi
+}
+
+##
+#  usage: find_cached_package( $pkgname, $pkgver, $arch )
+#
+#    $pkgver can be supplied with or without a pkgrel appended.
+#    If not supplied, any pkgrel will be matched.
+##
+find_cached_package() {
+	local searchdirs=("$PWD" "$PKGDEST") results=()
+	local targetname=$1 targetver=$2 targetarch=$3
+	local dir pkg pkgbasename name ver rel arch r results
+
+	for dir in "${searchdirs[@]}"; do
+		[[ -d $dir ]] || continue
+
+		for pkg in "$dir"/*.pkg.tar?(.!(sig|*.*)); do
+			[[ -f $pkg ]] || continue
+
+			# avoid adding duplicates of the same inode
+			for r in "${results[@]}"; do
+				[[ $r -ef $pkg ]] && continue 2
+			done
+
+			# split apart package filename into parts
+			pkgbasename=${pkg##*/}
+			pkgbasename=${pkgbasename%.pkg.tar*}
+
+			arch=${pkgbasename##*-}
+			pkgbasename=${pkgbasename%-"$arch"}
+
+			rel=${pkgbasename##*-}
+			pkgbasename=${pkgbasename%-"$rel"}
+
+			ver=${pkgbasename##*-}
+			name=${pkgbasename%-"$ver"}
+
+			if [[ $targetname = "$name" && $targetarch = "$arch" ]] &&
+					pkgver_equal "$targetver" "$ver-$rel"; then
+				results+=("$pkg")
+			fi
+		done
+	done
+
+	case ${#results[*]} in
+		0)
+			return 1
+			;;
+		1)
+			printf '%s\n' "${results[0]}"
+			return 0
+			;;
+		*)
+			error 'Multiple packages found:'
+			printf '\t%s\n' "${results[@]}" >&2
+			return 1
+	esac
+}
+
+
+check_package_validity(){
+	local pkgfile=$1
+	if grep -q "packager = Unknown Packager" <(bsdtar -xOqf "$pkgfile" .PKGINFO); then
+		die "PACKAGER was not set when building package"
+	fi
+	hashsum=sha256sum
+	pkgbuild_hash=$(awk -v"hashsum=$hashsum" -F' = ' '$1 == "pkgbuild_"hashsum {print $2}' <(bsdtar -xOqf "$pkgfile" .BUILDINFO))
+	if [[ "$pkgbuild_hash" != "$($hashsum PKGBUILD|cut -d' ' -f1)" ]]; then
+		die "PKGBUILD $hashsum mismatch: expected $pkgbuild_hash"
+	fi
+}
+
+
+# usage: grep_pkginfo pkgfile pattern
+grep_pkginfo() {
+	local _ret=()
+	mapfile -t _ret < <(bsdtar -xOqf "$1" ".PKGINFO" | grep "^${2} = ")
+	printf '%s\n' "${_ret[@]#${2} = }"
+}
+
+
+# Get the package name
+getpkgname() {
+	local _name
+
+	_name="$(grep_pkginfo "$1" "pkgname")"
+	if [[ -z $_name ]]; then
+		error "Package '%s' has no pkgname in the PKGINFO. Fail!" "$1"
+		exit 1
+	fi
+
+	echo "$_name"
+}
+
+
+# Get the package base or name as fallback
+getpkgbase() {
+	local _base
+
+	_base="$(grep_pkginfo "$1" "pkgbase")"
+	if [[ -z $_base ]]; then
+		getpkgname "$1"
+	else
+		echo "$_base"
+	fi
+}
+
+
+getpkgdesc() {
+	local _desc
+
+	_desc="$(grep_pkginfo "$1" "pkgdesc")"
+	if [[ -z $_desc ]]; then
+		error "Package '%s' has no pkgdesc in the PKGINFO. Fail!" "$1"
+		exit 1
+	fi
+
+	echo "$_desc"
+}
+
+
+is_debug_package() {
+	local pkgfile=${1} pkgbase pkgname pkgdesc
+	pkgbase="$(getpkgbase "${pkgfile}")"
+	pkgname="$(getpkgname "${pkgfile}")"
+	pkgdesc="$(getpkgdesc "${pkgfile}")"
+	[[ ${pkgdesc} == "Detached debugging symbols for "* && ${pkgbase}-debug = "${pkgname}" ]]
+}

lib/valid-repos.sh

@@ -0,0 +1,32 @@
+#!/hint/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+:
+
+# shellcheck disable=2034
+_repos=(
+	staging
+	testing
+	core
+	extra
+	community-staging
+	community-testing
+	community
+	multilib-staging
+	multilib-testing
+	multilib
+	gnome-unstable
+	kde-unstable
+)
+
+# shellcheck disable=2034
+_build_repos=(
+	staging
+	testing
+	extra
+	multilib-staging
+	multilib-testing
+	multilib
+	gnome-unstable
+	kde-unstable
+)

lib/valid-tags.sh

@@ -0,0 +1,26 @@
+#!/hint/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+:
+
+# shellcheck disable=2034
+_arch=(
+	x86_64
+	any
+)
+
+# shellcheck disable=2034
+_tags=(
+	core-x86_64 core-any
+	extra-x86_64 extra-any
+	multilib-x86_64
+	staging-x86_64 staging-any
+	testing-x86_64 testing-any
+	multilib-testing-x86_64
+	multilib-staging-x86_64
+	community-x86_64 community-any
+	community-staging-x86_64 community-staging-any
+	community-testing-x86_64 community-testing-any
+	kde-unstable-x86_64 kde-unstable-any
+	gnome-unstable-x86_64 gnome-unstable-any
+)

makechrootpkg

@@ -1,301 +0,0 @@
-#!/bin/bash
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-FORCE='n'
-RUN=''
-MAKEPKG_ARGS='-s --noconfirm'
-REPACK=''
-WORKDIR=$PWD
-
-update_first='0'
-clean_first='0'
-install_pkg=''
-add_to_db=0
-
-chrootdir=''
-
-APPNAME=$(basename "${0}")
-
-default_copy=$USER
-[[ -n $SUDO_USER ]] && default_copy=$SUDO_USER
-[[ -z $default_copy || $default_copy = root ]] && default_copy=copy
-
-usage() {
-	echo "usage ${APPNAME} [options] -r <chrootdir> [--] [makepkg args]"
-	echo ' Run this script in a PKGBUILD dir to build a package inside a'
-	echo ' clean chroot. All unrecognized arguments passed to this script'
-	echo ' will be passed to makepkg.'
-	echo ''
-	echo ' The chroot dir consists of the following directories:'
-	echo ' <chrootdir>/{root, copy} but only "root" is required'
-	echo ' by default. The working copy will be created as needed'
-	echo ''
-	echo 'The chroot "root" directory must be created via the following'
-	echo 'command:'
-	echo '    mkarchroot <chrootdir>/root base base-devel sudo'
-	echo ''
-	echo "Default makepkg args: $MAKEPKG_ARGS"
-	echo ''
-	echo 'Flags:'
-	echo '-h         This help'
-	echo '-c         Clean the chroot before building'
-	echo '-u         Update the working copy of the chroot before building'
-	echo '           This is useful for rebuilds without dirtying the pristine'
-	echo '           chroot'
-	echo '-d         Add the package to a local db at /repo after building'
-	echo '-r <dir>   The chroot dir to use'
-	echo '-I <pkg>   Install a package into the working copy of the chroot'
-	echo '-l <copy>  The directory to use as the working copy of the chroot'
-	echo '           Useful for maintaining multiple copies.'
-	echo "           Default: $default_copy"
-	exit 1
-}
-
-while getopts 'hcudr:I:l:' arg; do
-	case "${arg}" in
-		h) usage ;;
-		c) clean_first=1 ;;
-		u) update_first=1 ;;
-		d) add_to_db=1 ;;
-		r) chrootdir="$OPTARG" ;;
-		I) install_pkg="$OPTARG" ;;
-		l) copy="$OPTARG" ;;
-		*) MAKEPKG_ARGS="$MAKEPKG_ARGS -$arg $OPTARG" ;;
-	esac
-done
-
-# Canonicalize chrootdir, getting rid of trailing /
-chrootdir=$(readlink -e "$chrootdir")
-
-[[ -z $copy ]] && copy=$default_copy
-copydir="$chrootdir/$copy"
-
-# Pass all arguments after -- right to makepkg
-MAKEPKG_ARGS="$MAKEPKG_ARGS ${*:$OPTIND}"
-
-# See if -R was passed to makepkg
-for arg in ${*:$OPTIND}; do
-	if [ "$arg" = '-R' ]; then
-		REPACK=1
-		break;
-	fi
-done
-
-if [ "$EUID" != '0' ]; then
-	echo 'This script must be run as root.'
-	exit 1
-fi
-
-if [ ! -f PKGBUILD -a -z "$install_pkg" ]; then
-	echo 'This must be run in a directory containing a PKGBUILD.'
-	exit 1
-fi
-
-if [ ! -d "$chrootdir" ]; then
-	echo "No chroot dir defined, or invalid path '$chrootdir'"
-	exit 1
-fi
-
-if [ ! -d "$chrootdir/root" ]; then
-	echo 'Missing chroot dir root directory.'
-	echo "Try using: mkarchroot $chrootdir/root base base-devel sudo"
-	usage
-fi
-
-umask 0022
-
-# Lock the chroot we want to use. We'll keep this lock until we exit.
-# Note this is the same FD number as in mkarchroot
-exec 9>"$copydir.lock"
-if ! flock -n 9; then
-	echo -n "locking chroot copy '$copy'..."
-	flock 9
-	echo "done"
-fi
-
-if [ ! -d "$copydir" -o "$clean_first" -eq "1" ]; then
-	# Get a read lock on the root chroot to make
-	# sure we don't clone a half-updated chroot
-	exec 8>"$chrootdir/root.lock"
-
-	if ! flock -sn 8; then
-		echo -n "locking clean chroot..."
-		flock -s 8
-		echo "done"
-	fi
-
-	echo -n 'creating clean working copy...'
-	use_rsync=false
-	if type -P btrfs >/dev/null; then
-		[ -d $copydir ] && btrfs subvolume delete "$copydir" &>/dev/null
-		btrfs subvolume snapshot "$chrootdir/root" "$copydir" &>/dev/null || use_rsync=true
-	else
-		use_rsync=true
-	fi
-
-	if $use_rsync; then
-		mkdir -p "$copydir"
-		rsync -a --delete -q -W -x "$chrootdir/root/" "$copydir"
-	fi
-	echo 'done'
-
-	# Drop the read lock again
-	exec 8>&-
-fi
-
-if [ -n "$install_pkg" ]; then
-	pkgname="$(basename "$install_pkg")"
-	cp "$install_pkg" "$copydir/$pkgname"
-	mkarchroot -r "pacman -U /$pkgname" "$copydir"
-	ret=$?
-	rm "$copydir/$pkgname"
-	# Exit early, we've done all we need to
-	exit $ret
-fi
-
-if [ $update_first -eq 1 ]; then
-	mkarchroot -u "$copydir"
-fi
-
-[ -d "$copydir/build" ] || mkdir "$copydir/build"
-
-if [ "$REPACK" != "1" ]; then
-	# Remove anything in there UNLESS -R (repack) was passed to makepkg
-	rm -rf "$copydir/build/"*
-fi
-
-# Read .makepkg.conf even if called via sudo
-if [ -n "${SUDO_USER}" ]; then
-	makepkg_conf="/$(eval echo ~${SUDO_USER})/.makepkg.conf"
-else
-	makepkg_conf="~/.makepkg.conf"
-fi
-
-# Get SRC/PKGDEST from makepkg.conf
-if [ -f "${makepkg_conf}" ]; then
-	eval $(grep '^SRCDEST=' "${makepkg_conf}")
-	eval $(grep '^PKGDEST=' "${makepkg_conf}")
-
-	eval $(grep '^MAKEFLAGS=' "${makepkg_conf}")
-	eval $(grep '^PACKAGER=' "${makepkg_conf}")
-fi
-[ -z "${SRCDEST}" ] && eval $(grep '^SRCDEST=' /etc/makepkg.conf)
-[ -z "${PKGDEST}" ] && eval $(grep '^PKGDEST=' /etc/makepkg.conf)
-
-[ -d "$copydir/pkgdest" ] || mkdir "$copydir/pkgdest"
-if ! grep 'PKGDEST="/pkgdest"' "$copydir/etc/makepkg.conf" >/dev/null 2>&1; then
-	echo 'PKGDEST="/pkgdest"' >> "$copydir/etc/makepkg.conf"
-fi
-
-[ -d "$copydir/srcdest" ] || mkdir "$copydir/srcdest"
-if ! grep 'SRCDEST="/srcdest"' "$copydir/etc/makepkg.conf" >/dev/null 2>&1; then
-	echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf"
-fi
-[ -z "${MAKEFLAGS}" ] && eval $(grep '^MAKEFLAGS=' /etc/makepkg.conf)
-if [ -n "${MAKEFLAGS}" ]; then 
-  sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf"
-  echo "MAKEFLAGS='${MAKEFLAGS}'" >> "$copydir/etc/makepkg.conf"
-fi
-[ -z "${PACKAGER}" ] && eval $(grep '^PACKAGER=' /etc/makepkg.conf)
-if [ -n "${PACKAGER}" ]; then 
-  sed -i '/^PACKAGER=/d' "$copydir/etc/makepkg.conf"
-  echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf"
-fi
-
-# Set target CARCH as it might be used within the PKGBUILD to select correct sources
-eval $(grep '^CARCH=' "$copydir/etc/makepkg.conf")
-export CARCH
-# Copy PKGBUILD and sources
-source=($(. PKGBUILD; echo ${source[@]}))
-cp PKGBUILD "$copydir/build/"
-for f in ${source[@]}; do
-	basef=$(echo $f | sed 's|::.*||' | sed 's|^.*://.*/||g')
-	if [ -f "$basef" ]; then
-		cp "$basef" "$copydir/srcdest/"
-	elif [ -f "$SRCDEST/$basef" ]; then
-		cp "$SRCDEST/$basef" "$copydir/srcdest/"
-	fi
-done
-
-( . PKGBUILD
-for i in 'changelog' 'install'; do
-	filelist=$(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
-	for file in $filelist; do
-		# evaluate any bash variables used
-		eval file=${file}
-		if [[ -f "$file" ]]; then
-			cp "$file" "$copydir/build/"
-		fi
-	done
-done
-)
-
-chown -R nobody "$copydir/build"
-chown -R nobody "$copydir/srcdest"
-chown -R nobody "$copydir/pkgdest"
-
-echo 'nobody ALL = NOPASSWD: /usr/bin/pacman' > "$copydir/etc/sudoers.d/nobody-pacman"
-chmod 440 "$copydir/etc/sudoers.d/nobody-pacman"
-
-#This is a little gross, but this way the script is recreated every time in the
-#working copy
-(cat <<EOF
-#!/bin/bash
-export LANG=C
-cd /build
-export HOME=/build
-sudo -u nobody makepkg $MAKEPKG_ARGS || touch BUILD_FAILED
-[ -f BUILD_FAILED ] && exit 1
-which namcap &>/dev/null && namcap /build/PKGBUILD /pkgdest/*.pkg.tar.* > /build/namcap.log
-exit 0
-EOF
-) > "$copydir/chrootbuild"
-chmod +x "$copydir/chrootbuild"
-
-if mkarchroot -r "/chrootbuild" "$copydir"; then
-	for pkgfile in "${copydir}"/pkgdest/*.pkg.tar.*; do
-		[ -e "$pkgfile" ] || continue
-		if [ "$add_to_db" -eq "1" ]; then
-			mkdir -p "${copydir}/repo"
-			pushd "${copydir}/repo" >/dev/null
-			cp "$pkgfile" .
-			repo-add repo.db.tar.gz "$(basename "$pkgfile")"
-			popd >/dev/null
-		fi
-
-		if [ -d "$PKGDEST" ]; then
-			mv "$pkgfile" "${PKGDEST}"
-		else
-			mv "$pkgfile" "${WORKDIR}"
-		fi
-	done
-
-	for l in "${copydir}"/build/{namcap,*-{build,check,package,package_*}}.log; do
-		[ -f "$l" ] && mv "$l" "${WORKDIR}"
-	done
-else
-	#just in case. We returned 1, make sure we fail
-	touch "${copydir}/build/BUILD_FAILED"
-fi
-
-for f in "${copydir}"/srcdest/*; do
-	[ -e "$f" ] || continue
-	if [ -d "$SRCDEST" ]; then
-		mv "$f" "${SRCDEST}"
-	else
-		mv "$f" "${WORKDIR}"
-	fi
-done
-
-if [ -e "${copydir}/build/BUILD_FAILED" ]; then
-	echo "Build failed, check $copydir/build"
-	rm "${copydir}/build/BUILD_FAILED"
-	exit 1
-fi

makechrootpkg.in

@@ -0,0 +1,414 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+m4_include(lib/archroot.sh)
+
+source /usr/share/makepkg/util/config.sh
+
+shopt -s nullglob
+
+default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg)
+makepkg_args=("${default_makepkg_args[@]}")
+verifysource_args=()
+chrootdir=
+passeddir=
+makepkg_user=
+declare -a install_pkgs
+declare -i ret=0
+
+keepbuilddir=0
+update_first=0
+clean_first=0
+run_namcap=0
+run_checkpkg=0
+temp_chroot=0
+
+bindmounts_ro=()
+bindmounts_rw=()
+
+copy=$USER
+[[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER
+[[ -z "$copy" || $copy = root ]] && copy=copy
+src_owner=${SUDO_USER:-$USER}
+
+usage() {
+	echo "Usage: ${0##*/} [options] -r <chrootdir> [--] [makepkg args]"
+	echo ' Run this script in a PKGBUILD dir to build a package inside a'
+	echo ' clean chroot. Arguments passed to this script after the'
+	echo ' end-of-options marker (--) will be passed to makepkg.'
+	echo ''
+	echo ' The chroot dir consists of the following directories:'
+	echo ' <chrootdir>/{root, copy} but only "root" is required'
+	echo ' by default. The working copy will be created as needed'
+	echo ''
+	echo 'The chroot "root" directory must be created via the following'
+	echo 'command:'
+	echo '    mkarchroot <chrootdir>/root base-devel'
+	echo ''
+	echo 'This script reads {SRC,SRCPKG,PKG,LOG}DEST, MAKEFLAGS and PACKAGER'
+	echo 'from makepkg.conf(5), if those variables are not part of the'
+	echo 'environment.'
+	echo ''
+	echo "Default makepkg args: ${default_makepkg_args[*]}"
+	echo ''
+	echo 'Flags:'
+	echo '-h         This help'
+	echo '-c         Clean the chroot before building'
+	echo '-d <dir>   Bind directory into build chroot as read-write'
+	echo '-D <dir>   Bind directory into build chroot as read-only'
+	echo '-u         Update the working copy of the chroot before building'
+	echo '           This is useful for rebuilds without dirtying the pristine'
+	echo '           chroot'
+	echo '-r <dir>   The chroot dir to use'
+	echo '-I <pkg>   Install a package into the working copy of the chroot'
+	echo '-l <copy>  The directory to use as the working copy of the chroot'
+	echo '           Useful for maintaining multiple copies'
+	echo "           Default: $copy"
+	echo '-n         Run namcap on the package'
+	echo '-C         Run checkpkg on the package'
+	echo '-T         Build in a temporary directory'
+	echo '-U         Run makepkg as a specified user'
+	exit 1
+}
+
+# {{{ functions
+# Usage: sync_chroot $chrootdir $copydir [$copy]
+sync_chroot() {
+	local chrootdir=$1
+	local copydir=$2
+	local copy=${3:-$2}
+
+	if [[ "$chrootdir/root" -ef "$copydir" ]]; then
+		error 'Cannot sync copy with itself: %s' "$copydir"
+		return 1
+	fi
+
+	# Get a read lock on the root chroot to make
+	# sure we don't clone a half-updated chroot
+	slock 8 "$chrootdir/root.lock" \
+		"Locking clean chroot [%s]" "$chrootdir/root"
+
+	stat_busy "Synchronizing chroot copy [%s] -> [%s]" "$chrootdir/root" "$copy"
+	if is_btrfs "$chrootdir" && ! mountpoint -q "$copydir"; then
+		subvolume_delete_recursive "$copydir" ||
+			die "Unable to delete subvolume %s" "$copydir"
+		btrfs subvolume snapshot "$chrootdir/root" "$copydir" >/dev/null ||
+			die "Unable to create subvolume %s" "$copydir"
+	else
+		mkdir -p "$copydir"
+		rsync -a --delete -q -W -x "$chrootdir/root/" "$copydir"
+	fi
+	stat_done
+
+	# Drop the read lock again
+	lock_close 8
+
+	# Update mtime
+	touch "$copydir"
+}
+
+# Usage: delete_chroot $copydir [$copy]
+delete_chroot() {
+	local copydir=$1
+	local copy=${1:-$2}
+
+	stat_busy "Removing chroot copy [%s]" "$copy"
+	if is_subvolume "$copydir" && ! mountpoint -q "$copydir"; then
+		subvolume_delete_recursive "$copydir" ||
+			die "Unable to delete subvolume %s" "$copydir"
+	else
+		# avoid change of filesystem in case of an umount failure
+		rm --recursive --force --one-file-system "$copydir" ||
+			die "Unable to delete %s" "$copydir"
+	fi
+
+	# remove lock file
+	rm -f "$copydir.lock"
+	stat_done
+}
+
+install_packages() {
+	local -a pkgnames
+	local ret
+
+	pkgnames=("${install_pkgs[@]##*/}")
+
+	cp -- "${install_pkgs[@]}" "$copydir/root/"
+	arch-nspawn "$copydir" "${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
+		bash -c 'yes y | pacman -U -- "$@"' -bash "${pkgnames[@]/#//root/}"
+	ret=$?
+	rm -- "${pkgnames[@]/#/$copydir/root/}"
+
+	return $ret
+}
+
+prepare_chroot() {
+	(( keepbuilddir )) || rm -rf "$copydir/build"
+
+	local builduser_uid builduser_gid
+	builduser_uid="$(id -u "$makepkg_user")"
+	builduser_gid="$(id -g "$makepkg_user")"
+	local install="install -o $builduser_uid -g $builduser_gid"
+	local x
+
+	# We can't use useradd without chrooting, otherwise it invokes PAM modules
+	# which we might not be able to load (i.e. when building i686 packages on
+	# an x86_64 host).
+	sed -e '/^builduser:/d' -i "$copydir"/etc/{passwd,shadow,group}
+	printf >>"$copydir/etc/group"  'builduser:x:%d:\n' "$builduser_gid"
+	printf >>"$copydir/etc/passwd" 'builduser:x:%d:%d:builduser:/build:/bin/bash\n' "$builduser_uid" "$builduser_gid"
+	printf >>"$copydir/etc/shadow" 'builduser:!!:%d::::::\n' "$(( $(date -u +%s) / 86400 ))"
+
+	$install -d "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest}
+
+	sed -e '/^MAKEFLAGS=/d' -e '/^PACKAGER=/d' -i "$copydir/etc/makepkg.conf"
+	for x in BUILDDIR=/build PKGDEST=/pkgdest SRCPKGDEST=/srcpkgdest SRCDEST=/srcdest LOGDEST=/logdest \
+		"MAKEFLAGS='${MAKEFLAGS:-}'" "PACKAGER='${PACKAGER:-}'"
+	do
+		grep -q "^$x" "$copydir/etc/makepkg.conf" && continue
+		echo "$x" >>"$copydir/etc/makepkg.conf"
+	done
+
+	cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF
+builduser ALL = NOPASSWD: /usr/bin/pacman
+EOF
+	chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"
+
+	# This is a little gross, but this way the script is recreated every time in the
+	# working copy
+	{
+		printf '#!/bin/bash\n'
+		declare -f _chrootbuild
+		declare -p SOURCE_DATE_EPOCH 2>/dev/null || true
+		declare -p BUILDTOOL 2>/dev/null
+		declare -p BUILDTOOLVER 2>/dev/null
+		printf '_chrootbuild "$@" || exit\n'
+
+		if (( run_namcap )); then
+			declare -f _chrootnamcap
+			printf '_chrootnamcap || exit\n'
+		fi
+	} >"$copydir/chrootbuild"
+	chmod +x "$copydir/chrootbuild"
+}
+
+# These functions aren't run in makechrootpkg,
+# so no global variables
+_chrootbuild() {
+	# No coredumps
+	ulimit -c 0
+
+	# shellcheck source=/dev/null
+	. /etc/profile
+
+	# Beware, there are some stupid arbitrary rules on how you can
+	# use "$" in arguments to commands with "sudo -i".  ${foo} or
+	# ${1} is OK, but $foo or $1 isn't.
+	# https://bugzilla.sudo.ws/show_bug.cgi?id=765
+	sudo --preserve-env=SOURCE_DATE_EPOCH \
+		--preserve-env=BUILDTOOL \
+		--preserve-env=BUILDTOOLVER \
+		-iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@"
+	ret=$?
+	case $ret in
+		0|14)
+			return 0;;
+		*)
+			return $ret;;
+	esac
+}
+
+_chrootnamcap() {
+	pacman -S --needed --noconfirm namcap
+	for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
+		echo "Checking ${pkgfile##*/}"
+		sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
+	done
+}
+
+download_sources() {
+	setup_workdir
+	chown "$makepkg_user:" "$WORKDIR"
+
+	# Ensure sources are downloaded
+	sudo -u "$makepkg_user" --preserve-env=GNUPGHOME,SSH_AUTH_SOCK \
+		env SRCDEST="$SRCDEST" BUILDDIR="$WORKDIR" \
+		makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" ||
+		die "Could not download sources."
+}
+
+move_logfiles() {
+	local l
+	for l in "$copydir"/logdest/*; do
+		[[ $l == */logpipe.* ]] && continue
+		chown "$src_owner" "$l"
+		mv "$l" "$LOGDEST"
+	done
+}
+
+move_products() {
+	local pkgfile
+	for pkgfile in "$copydir"/pkgdest/*; do
+		chown "$src_owner" "$pkgfile"
+		mv "$pkgfile" "$PKGDEST"
+
+		# Fix broken symlink because of temporary chroot PKGDEST /pkgdest
+		if [[ "$PWD" != "$PKGDEST" && -L "$PWD/${pkgfile##*/}" ]]; then
+			ln -sf "$PKGDEST/${pkgfile##*/}"
+		fi
+	done
+
+	move_logfiles
+
+	for s in "$copydir"/srcpkgdest/*; do
+		chown "$src_owner" "$s"
+		mv "$s" "$SRCPKGDEST"
+
+		# Fix broken symlink because of temporary chroot SRCPKGDEST /srcpkgdest
+		if [[ "$PWD" != "$SRCPKGDEST" && -L "$PWD/${s##*/}" ]]; then
+			ln -sf "$SRCPKGDEST/${s##*/}"
+		fi
+	done
+}
+# }}}
+
+while getopts 'hcur:I:l:nCTD:d:U:' arg; do
+	case "$arg" in
+		c) clean_first=1 ;;
+		D) bindmounts_ro+=("--bind-ro=$OPTARG") ;;
+		d) bindmounts_rw+=("--bind=$OPTARG") ;;
+		u) update_first=1 ;;
+		r) passeddir="$OPTARG" ;;
+		I) install_pkgs+=("$OPTARG") ;;
+		l) copy="$OPTARG" ;;
+		n) run_namcap=1; makepkg_args+=(--install) ;;
+		C) run_checkpkg=1 ;;
+		T) temp_chroot=1; copy+="-$$" ;;
+		U) makepkg_user="$OPTARG" ;;
+		h|*) usage ;;
+	esac
+done
+
+[[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.'
+[[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.'
+makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}}
+
+check_root SOURCE_DATE_EPOCH,BUILDTOOL,BUILDTOOLVER,GNUPGHOME,SRCDEST,SRCPKGDEST,PKGDEST,LOGDEST,MAKEFLAGS,PACKAGER
+
+# Canonicalize chrootdir, getting rid of trailing /
+chrootdir=$(readlink -e "$passeddir")
+[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir"
+[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try using: mkarchroot %s/root base-devel" "$chrootdir"
+
+if [[ ${copy:0:1} = / ]]; then
+	copydir=$copy
+else
+	copydir="$chrootdir/$copy"
+fi
+
+# Pass all arguments after -- right to makepkg
+makepkg_args+=("${@:$OPTIND}")
+
+# See if -R or -e was passed to makepkg
+for arg in "${@:$OPTIND}"; do
+	case ${arg%%=*} in
+		--skip*|--holdver) verifysource_args+=("$arg") ;;
+		--repackage|--noextract) keepbuilddir=1 ;;
+		--*) ;;
+		-*R*|-*e*) keepbuilddir=1 ;;
+	esac
+done
+
+umask 0022
+
+ORIG_HOME=$HOME
+IFS=: read -r _ _ _ _ _ HOME _ < <(getent passwd "${SUDO_USER:-$USER}")
+load_makepkg_config
+HOME=$ORIG_HOME
+
+# Use PKGBUILD directory if these don't exist
+[[ -d $PKGDEST ]]    || PKGDEST=$PWD
+[[ -d $SRCDEST ]]    || SRCDEST=$PWD
+[[ -d $SRCPKGDEST ]] || SRCPKGDEST=$PWD
+[[ -d $LOGDEST ]]    || LOGDEST=$PWD
+
+# Lock the chroot we want to use. We'll keep this lock until we exit.
+lock 9 "$copydir.lock" "Locking chroot copy [%s]" "$copy"
+
+if [[ ! -d $copydir ]] || (( clean_first )); then
+	sync_chroot "$chrootdir" "$copydir" "$copy"
+fi
+
+(( update_first )) && arch-nspawn "$copydir" \
+		"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
+		pacman -Syuu --noconfirm
+
+if [[ -n ${install_pkgs[*]:-} ]]; then
+	install_packages
+	ret=$?
+	# If there is no PKGBUILD we are done
+	[[ -f PKGBUILD ]] || exit $ret
+fi
+
+if [[ "$(id -u "$makepkg_user")" == 0 ]]; then
+	error "Running makepkg as root is not allowed."
+	exit 1
+fi
+
+download_sources
+
+prepare_chroot
+
+if arch-nspawn "$copydir" \
+	--bind="${PWD//:/\\:}:/startdir" \
+	--bind="${SRCDEST//:/\\:}:/srcdest" \
+	"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
+	/chrootbuild "${makepkg_args[@]}"
+then
+	mapfile -t pkgnames < <(sudo -u "$makepkg_user" bash -c 'source PKGBUILD; printf "%s\n" "${pkgname[@]}"')
+	move_products
+else
+	(( ret += 1 ))
+	move_logfiles
+fi
+
+(( temp_chroot )) && delete_chroot "$copydir" "$copy"
+
+if (( ret != 0 )); then
+	if (( temp_chroot )); then
+		die "Build failed"
+	else
+		die "Build failed, check %s/build" "$copydir"
+	fi
+else
+	if (( run_checkpkg )); then
+		msg "Running checkpkg"
+
+		mapfile -t remotepkgs < <(pacman --config "$copydir"/etc/pacman.conf \
+			--dbpath "$copydir"/var/lib/pacman \
+			-Sddp "${pkgnames[@]}")
+
+		if ! wait $!; then
+			warning "Skipped checkpkg due to missing repo packages"
+			exit 0
+		fi
+
+		# download package files if any non-local location exists
+		for remotepkg in "${remotepkgs[@]}"; do
+			if [[ $remotepkg != file://* ]]; then
+				msg2 "Downloading current versions"
+				arch-nspawn "$copydir" pacman --noconfirm -Swdd "${pkgnames[@]}"
+				mapfile -t remotepkgs < <(pacman --config "$copydir"/etc/pacman.conf \
+					--dbpath "$copydir"/var/lib/pacman \
+					-Sddp "${pkgnames[@]}")
+				break
+			fi
+		done
+
+		msg2 "Checking packages"
+		sudo -u "$makepkg_user" checkpkg --rmdir --warn --makepkg-config "$copydir/etc/makepkg.conf" "${remotepkgs[@]/#file:\/\//}"
+	fi
+	true
+fi

makepkg-i686.conf

@@ -1,114 +0,0 @@
-#
-# /etc/makepkg.conf
-#
-
-#########################################################################
-# SOURCE ACQUISITION
-#########################################################################
-#
-#-- The download utilities that makepkg should use to acquire sources
-#  Format: 'protocol::agent'
-DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
-          'http::/usr/bin/wget -c -t 3 --waitretry=3 -O %o %u'
-          'https::/usr/bin/wget -c -t 3 --waitretry=3 --no-check-certificate -O %o %u'
-          'rsync::/usr/bin/rsync -z %u %o'
-          'scp::/usr/bin/scp -C %u %o')
-
-# Other common tools:
-# /usr/bin/snarf
-# /usr/bin/lftpget -c
-# /usr/bin/curl
-
-#########################################################################
-# ARCHITECTURE, COMPILE FLAGS
-#########################################################################
-#
-CARCH="i686"
-CHOST="i686-pc-linux-gnu"
-
-#-- Exclusive: will only run on i686
-# -march (or -mcpu) builds exclusively for an architecture
-# -mtune optimizes for an architecture, but builds for whole processor family
-CFLAGS="-march=i686 -mtune=generic -O2 -pipe"
-CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe"
-LDFLAGS="-Wl,--hash-style=gnu -Wl,--as-needed"
-#-- Make Flags: change this for DistCC/SMP systems
-#MAKEFLAGS="-j2"
-
-#########################################################################
-# BUILD ENVIRONMENT
-#########################################################################
-#
-# Defaults: BUILDENV=(fakeroot !distcc color !ccache check)
-#  A negated environment option will do the opposite of the comments below.
-#
-#-- fakeroot: Allow building packages as a non-root user
-#-- distcc:   Use the Distributed C/C++/ObjC compiler
-#-- color:    Colorize output messages
-#-- ccache:   Use ccache to cache compilation
-#-- check:    Run the check() function if present in the PKGBUILD
-#
-BUILDENV=(fakeroot !distcc color !ccache check)
-#
-#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
-#-- specify a space-delimited list of hosts running in the DistCC cluster.
-#DISTCC_HOSTS=""
-
-#########################################################################
-# GLOBAL PACKAGE OPTIONS
-#   These are default values for the options=() settings
-#########################################################################
-#
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge)
-#  A negated option will do the opposite of the comments below.
-#
-#-- strip:     Strip symbols from binaries/libraries
-#-- docs:      Save doc directories specified by DOC_DIRS
-#-- libtool:   Leave libtool (.la) files in packages
-#-- emptydirs: Leave empty directories in packages
-#-- zipman:    Compress manual (man and info) pages in MAN_DIRS with gzip
-#-- purge:     Remove files specified by PURGE_TARGETS
-#
-OPTIONS=(strip docs libtool emptydirs zipman purge)
-
-#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
-INTEGRITY_CHECK=(md5)
-#-- Options to be used when stripping binaries. See `man strip' for details.
-STRIP_BINARIES="--strip-all"
-#-- Options to be used when stripping shared libraries. See `man strip' for details.
-STRIP_SHARED="--strip-unneeded"
-#-- Options to be used when stripping static libraries. See `man strip' for details.
-STRIP_STATIC="--strip-debug"
-#-- Manual (man and info) directories to compress (if zipman is specified)
-MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
-#-- Doc directories to remove (if !docs is specified)
-DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
-#-- Files to be removed from all packages (if purge is specified)
-PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
-
-#########################################################################
-# PACKAGE OUTPUT
-#########################################################################
-#
-# Default: put built package and cached source in build directory
-#
-#-- Destination: specify a fixed directory where all packages will be placed
-#PKGDEST=/home/packages
-#-- Source cache: specify a fixed directory where source files will be cached
-#SRCDEST=/home/sources
-#-- Source packages: specify a fixed directory where all src packages will be placed
-#SRCPKGDEST=/home/srcpackages
-#-- Packager: name/email of the person or organization building packages
-#PACKAGER="John Doe <john@doe.com>"
-
-#########################################################################
-# EXTENSION DEFAULTS
-#########################################################################
-#
-# WARNING: Do NOT modify these variables unless you know what you are
-#          doing.
-#
-PKGEXT='.pkg.tar.xz'
-SRCEXT='.src.tar.gz'
-
-# vim: set ft=sh ts=2 sw=2 et:

makepkg-x86_64.conf

@@ -1,3 +1,6 @@
+#!/hint/bash
+# shellcheck disable=2034
+
 #
 # /etc/makepkg.conf
 #
@@ -8,71 +11,93 @@
 #
 #-- The download utilities that makepkg should use to acquire sources
 #  Format: 'protocol::agent'
-DLAGENTS=('ftp::/usr/bin/wget -c --passive-ftp -t 3 --waitretry=3 -O %o %u'
-          'http::/usr/bin/wget -c -t 3 --waitretry=3 -O %o %u'
-          'https::/usr/bin/wget -c -t 3 --waitretry=3 --no-check-certificate -O %o %u'
-          'rsync::/usr/bin/rsync -z %u %o'
+DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
+          'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+          'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'rsync::/usr/bin/rsync --no-motd -z %u %o'
           'scp::/usr/bin/scp -C %u %o')
 
 # Other common tools:
 # /usr/bin/snarf
 # /usr/bin/lftpget -c
-# /usr/bin/curl
+# /usr/bin/wget
+
+#-- The package required by makepkg to download VCS sources
+#  Format: 'protocol::package'
+VCSCLIENTS=('bzr::bzr'
+            'fossil::fossil'
+            'git::git'
+            'hg::mercurial'
+            'svn::subversion')
 
 #########################################################################
 # ARCHITECTURE, COMPILE FLAGS
 #########################################################################
 #
 CARCH="x86_64"
-CHOST="x86_64-unknown-linux-gnu"
+CHOST="x86_64-pc-linux-gnu"
 
-#-- Exclusive: will only run on x86_64
-# -march (or -mcpu) builds exclusively for an architecture
-# -mtune optimizes for an architecture, but builds for whole processor family
-CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe"
-CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe"
-LDFLAGS="-Wl,--hash-style=gnu -Wl,--as-needed"
+#-- Compiler and Linker Flags
+#CPPFLAGS=""
+CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
+        -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
+        -fstack-clash-protection -fcf-protection"
+CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+LTOFLAGS="-flto=auto"
+#RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
+#-- Debugging flags
+DEBUG_CFLAGS="-g"
+DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
+#DEBUG_RUSTFLAGS="-C debuginfo=2"
 
 #########################################################################
 # BUILD ENVIRONMENT
 #########################################################################
 #
-# Defaults: BUILDENV=(fakeroot !distcc color !ccache check)
+# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
 #  A negated environment option will do the opposite of the comments below.
 #
-#-- fakeroot: Allow building packages as a non-root user
 #-- distcc:   Use the Distributed C/C++/ObjC compiler
 #-- color:    Colorize output messages
 #-- ccache:   Use ccache to cache compilation
 #-- check:    Run the check() function if present in the PKGBUILD
+#-- sign:     Generate PGP signature file
 #
-BUILDENV=(fakeroot !distcc color !ccache check)
+BUILDENV=(!distcc color !ccache check !sign)
 #
 #-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
 #-- specify a space-delimited list of hosts running in the DistCC cluster.
 #DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
 
 #########################################################################
 # GLOBAL PACKAGE OPTIONS
 #   These are default values for the options=() settings
 #########################################################################
 #
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge)
+# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto)
 #  A negated option will do the opposite of the comments below.
 #
-#-- strip:     Strip symbols from binaries/libraries
-#-- docs:      Save doc directories specified by DOC_DIRS
-#-- libtool:   Leave libtool (.la) files in packages
-#-- emptydirs: Leave empty directories in packages
-#-- zipman:    Compress manual (man and info) pages in MAN_DIRS with gzip
-#-- purge:     Remove files specified by PURGE_TARGETS
+#-- strip:      Strip symbols from binaries/libraries
+#-- docs:       Save doc directories specified by DOC_DIRS
+#-- libtool:    Leave libtool (.la) files in packages
+#-- staticlibs: Leave static library (.a) files in packages
+#-- emptydirs:  Leave empty directories in packages
+#-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
+#-- purge:      Remove files specified by PURGE_TARGETS
+#-- debug:      Add debugging flags as specified in DEBUG_* variables
+#-- lto:        Add compile flags for building with link time optimization
 #
-OPTIONS=(strip docs libtool emptydirs zipman purge)
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug lto)
 
-#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
-INTEGRITY_CHECK=(md5)
+#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
+INTEGRITY_CHECK=(sha256)
 #-- Options to be used when stripping binaries. See `man strip' for details.
 STRIP_BINARIES="--strip-all"
 #-- Options to be used when stripping shared libraries. See `man strip' for details.
@@ -85,6 +110,8 @@ MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
 DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
 #-- Files to be removed from all packages (if purge is specified)
 PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
+#-- Directory to store source code in for debug packages
+DBGSRCDIR="/usr/src/debug"
 
 #########################################################################
 # PACKAGE OUTPUT
@@ -98,17 +125,38 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
 #SRCDEST=/home/sources
 #-- Source packages: specify a fixed directory where all src packages will be placed
 #SRCPKGDEST=/home/srcpackages
+#-- Log files: specify a fixed directory where all log files will be placed
+#LOGDEST=/home/makepkglogs
 #-- Packager: name/email of the person or organization building packages
 #PACKAGER="John Doe <john@doe.com>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
+
+#########################################################################
+# COMPRESSION DEFAULTS
+#########################################################################
+#
+COMPRESSGZ=(gzip -c -f -n)
+COMPRESSBZ2=(bzip2 -c -f)
+COMPRESSXZ=(xz -c -z -)
+COMPRESSZST=(zstd -c -T0 --ultra -20 -)
+COMPRESSLRZ=(lrzip -q)
+COMPRESSLZO=(lzop -q)
+COMPRESSZ=(compress -c -f)
+COMPRESSLZ4=(lz4 -q)
+COMPRESSLZ=(lzip -c -f)
 
 #########################################################################
 # EXTENSION DEFAULTS
 #########################################################################
 #
-# WARNING: Do NOT modify these variables unless you know what you are
-#          doing.
-#
-PKGEXT='.pkg.tar.xz'
+PKGEXT='.pkg.tar.zst'
 SRCEXT='.src.tar.gz'
 
+#########################################################################
+# OTHER
+#########################################################################
+#
+#-- Command used to run pacman as root, instead of trying sudo and su
+#PACMAN_AUTH=()
 # vim: set ft=sh ts=2 sw=2 et:

makerepropkg.in

@@ -0,0 +1,270 @@
+#!/bin/bash
+#
+# makerepropkg - rebuild a package to see if it is reproducible
+#
+# Copyright (c) 2019 by Eli Schwartz <eschwartz@archlinux.org>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+m4_include(lib/archroot.sh)
+
+source /usr/share/makepkg/util/config.sh
+source /usr/share/makepkg/util/message.sh
+
+declare -A buildinfo
+declare -a buildenv buildopts installed installpkgs
+
+archiveurl='https://archive.archlinux.org/packages'
+buildroot=/var/lib/archbuild/reproducible
+diffoscope=0
+
+chroot=$USER
+[[ -n ${SUDO_USER:-} ]] && chroot=$SUDO_USER
+[[ -z "$chroot" || $chroot = root ]] && chroot=copy
+
+parse_buildinfo() {
+    local line var val
+
+    while read -r line; do
+        var="${line%% = *}"
+        val="${line#* = }"
+        case ${var} in
+            buildenv)
+                buildenv+=("${val}")
+                ;;
+            options)
+                buildopts+=("${val}")
+                ;;
+            installed)
+                installed+=("${val}")
+                ;;
+            *)
+                buildinfo["${var}"]="${val}"
+                ;;
+        esac
+    done
+}
+
+get_pkgfile() {
+    local cdir=${cache_dirs[0]}
+    local pkgfilebase=${1}
+    local mode=${2}
+    local pkgname=${pkgfilebase%-*-*-*}
+    local pkgfile ext
+
+    # try without downloading
+    if [[ ${mode} != localonly ]] && get_pkgfile "${pkgfilebase}" localonly; then
+        return 0
+    fi
+
+    for ext in .zst .xz ''; do
+        pkgfile=${pkgfilebase}.pkg.tar${ext}
+
+        for c in "${cache_dirs[@]}"; do
+            if [[ -f ${c}/${pkgfile} ]]; then
+                cdir=${c}
+                break
+            fi
+        done
+
+        for f in "${pkgfile}" "${pkgfile}.sig"; do
+            if [[ ! -f "${cdir}/${f}" ]]; then
+                if [[ ${mode} = localonly ]]; then
+                    continue 2
+                fi
+                msg2 "retrieving '%s'..." "${f}" >&2
+                curl -Llf -# -o "${cdir}/${f}" "${archiveurl}/${pkgname:0:1}/${pkgname}/${f}" || continue 2
+            fi
+        done
+        printf '%s\n' "file://${cdir}/${pkgfile}"
+        return 0
+    done
+
+    return 1
+}
+
+get_makepkg_conf() {
+    local fname=${1}
+    local makepkg_conf="${2}"
+    if ! buildtool_file=$(get_pkgfile "${fname}"); then
+        error "failed to retrieve ${fname}"
+        return 1
+    fi
+    msg2 "using makepkg.conf from ${fname}"
+    bsdtar xOqf "${buildtool_file/file:\/\//}" usr/share/devtools/makepkg-x86_64.conf > "${makepkg_conf}"
+    return 0
+}
+
+usage() {
+    cat << __EOF__
+usage: ${BASH_SOURCE[0]##*/} [options] <package_file>
+
+Run this script in a PKGBUILD dir to build a package inside a
+clean chroot while attempting to reproduce it. The package file
+will be used to derive metadata needed for reproducing the
+package, including the .PKGINFO as well as the buildinfo.
+
+For more details see https://reproducible-builds.org/
+
+OPTIONS
+    -d            Run diffoscope if the package is unreproducible
+    -c <dir>      Set pacman cache
+    -M <file>     Location of a makepkg config file
+    -l <chroot>   The directory name to use as the chroot namespace
+                  Useful for maintaining multiple copies
+                  Default: $chroot
+    -h            Show this usage message
+__EOF__
+}
+
+while getopts 'dM:c:l:h' arg; do
+    case "$arg" in
+        d) diffoscope=1 ;;
+        M) archroot_args+=(-M "$OPTARG") ;;
+        c) cache_dirs+=("$OPTARG") ;;
+        l) chroot="$OPTARG" ;;
+        h) usage; exit 0 ;;
+        *|?) usage; exit 1 ;;
+    esac
+done
+shift $((OPTIND - 1))
+
+check_root
+
+[[ -f PKGBUILD ]] || { error "No PKGBUILD in current directory."; exit 1; }
+
+# without arguments, get list of packages from PKGBUILD
+if [[ -z $1 ]]; then
+    mapfile -t pkgnames < <(source PKGBUILD; pacman -Sddp --print-format '%r/%n' "${pkgname[@]}")
+    wait $! || {
+        error "No package file specified and failed to retrieve package names from './PKGBUILD'."
+        plain "Try '${BASH_SOURCE[0]##*/} -h' for more information." >&2
+        exit 1
+    }
+    msg "Reproducing all pkgnames listed in ./PKGBUILD"
+    set -- "${pkgnames[@]}"
+fi
+
+# check each package to see if it's a file, and if not, try to download it
+# using pacman -Sw, and get the filename from there
+splitpkgs=()
+for p in "$@"; do
+    if [[ -f ${p} ]]; then
+        splitpkgs+=("${p}")
+    else
+        pkgfile_remote=$(pacman -Sddp "${p}" 2>/dev/null) || { error "package name '%s' not in repos" "${p}"; exit 1; }
+        pkgfile=${pkgfile_remote#file://}
+        if [[ ! -f ${pkgfile} ]]; then
+            msg "Downloading package '%s' into pacman's cache" "${pkgfile}"
+            sudo pacman -Swdd --noconfirm --logfile /dev/null "${p}" || exit 1
+            pkgfile_remote=$(pacman -Sddp "${p}" 2>/dev/null)
+            pkgfile="${pkgfile_remote#file://}"
+        fi
+        splitpkgs+=("${pkgfile}")
+    fi
+done
+
+for f in "${splitpkgs[@]}"; do
+    if ! bsdtar -tqf "${f}" .BUILDINFO >/dev/null 2>&1; then
+        error "file is not a valid pacman package: '%s'" "${f}"
+        exit 1
+    fi
+done
+
+if (( ${#cache_dirs[@]} == 0 )); then
+	mapfile -t cache_dirs < <(pacman-conf CacheDir)
+fi
+
+ORIG_HOME=${HOME}
+IFS=: read -r _ _ _ _ _ HOME _ < <(getent passwd "${SUDO_USER:-$USER}")
+load_makepkg_config
+HOME=${ORIG_HOME}
+[[ -d ${SRCDEST} ]] || SRCDEST=${PWD}
+
+parse_buildinfo < <(bsdtar -xOqf "${splitpkgs[0]}" .BUILDINFO)
+export SOURCE_DATE_EPOCH="${buildinfo[builddate]}"
+PACKAGER="${buildinfo[packager]}"
+BUILDDIR="${buildinfo[builddir]}"
+BUILDTOOL="${buildinfo[buildtool]}"
+BUILDTOOLVER="${buildinfo[buildtoolver]}"
+PKGEXT=${splitpkgs[0]#${splitpkgs[0]%.pkg.tar*}}
+
+# nuke and restore reproducible testenv
+namespace="$buildroot/$chroot"
+lock 9 "${namespace}.lock" "Locking chroot namespace '%s'" "${namespace}"
+for copy in "${namespace}"/*/; do
+    [[ -d ${copy} ]] || continue
+    subvolume_delete_recursive "${copy}"
+done
+rm -rf --one-file-system "${namespace}"
+(umask 0022; mkdir -p "${namespace}")
+
+for fname in "${installed[@]}"; do
+    if ! allpkgfiles+=("$(get_pkgfile "${fname}")"); then
+        error "failed to retrieve ${fname}"
+        exit 1
+    fi
+done
+
+trap 'rm -rf $TEMPDIR' EXIT INT TERM QUIT
+TEMPDIR=$(mktemp -d --tmpdir makerepropkg.XXXXXXXXXX)
+
+makepkg_conf="${TEMPDIR}/makepkg.conf"
+# anything before buildtool support is pinned to the last none buildtool aware release
+if [[ -z "${BUILDTOOL}" ]]; then
+    get_makepkg_conf "devtools-20210202-3-any" "${makepkg_conf}" || exit 1
+# prefere to assume devtools up until matching makepkg version so repository packages remain reproducible
+elif [[ "${BUILDTOOL}" = makepkg ]] && (( $(vercmp "${BUILDTOOLVER}" 6.0.1) <= 0 )); then
+    get_makepkg_conf "devtools-20210202-3-any" "${makepkg_conf}" || exit 1
+# all devtools builds
+elif [[ "${BUILDTOOL}" = devtools ]] && get_makepkg_conf "${BUILDTOOL}-${BUILDTOOLVER}" "${makepkg_conf}"; then
+    true
+# fallback to current makepkg.conf
+else
+    warning "Unknown buildtool (${BUILDTOOL}-${BUILDTOOLVER}), using fallback"
+    makepkg_conf=@pkgdatadir@/makepkg-x86_64.conf
+fi
+printf '%s\n' "${allpkgfiles[@]}" | mkarchroot -M "${makepkg_conf}" -U "${archroot_args[@]}" "${namespace}/root" - || exit 1
+
+# use makechrootpkg to prep the build directory
+makechrootpkg -r "${namespace}" -l build -- --packagelist || exit 1
+
+# set detected makepkg.conf options
+{
+    for var in PACKAGER BUILDDIR BUILDTOOL BUILDTOOLVER PKGEXT; do
+        printf '%s=%s\n' "${var}" "${!var@Q}"
+    done
+    printf 'OPTIONS=(%s)\n' "${buildopts[*]@Q}"
+    printf 'BUILDENV=(%s)\n' "${buildenv[*]@Q}"
+} >> "${namespace}/build"/etc/makepkg.conf
+install -d -o "${SUDO_UID:-$UID}" -g "$(id -g "${SUDO_UID:-$UID}")" "${namespace}/build/${BUILDDIR}"
+
+# kick off the build
+arch-nspawn "${namespace}/build" \
+    --bind="${PWD}:/startdir" \
+    --bind="${SRCDEST}:/srcdest" \
+    /chrootbuild -C --noconfirm --log --holdver --skipinteg
+ret=$?
+
+if (( ${ret} == 0 )); then
+    msg2 "built succeeded! built packages can be found in ${namespace}/build/pkgdest"
+    msg "comparing artifacts..."
+
+    for pkgfile in "${splitpkgs[@]}"; do
+        comparefiles=("${pkgfile}" "${namespace}/build/pkgdest/${pkgfile##*/}")
+        if cmp -s "${comparefiles[@]}"; then
+            msg2 "Package '%s' successfully reproduced!" "${pkgfile}"
+        else
+            ret=1
+            warning "Package '%s' is not reproducible. :(" "${pkgfile}"
+            sha256sum "${comparefiles[@]}"
+            if (( diffoscope )); then
+                diffoscope "${comparefiles[@]}"
+            fi
+        fi
+    done
+fi
+
+# return failure from chrootbuild, or the reproducibility status
+exit ${ret}

mkarchroot

@@ -1,231 +0,0 @@
-#!/bin/bash
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-FORCE='n'
-RUN=''
-NOCOPY='n'
-
-working_dir=''
-
-APPNAME=$(basename "${0}")
-
-# usage: usage <exitvalue>
-usage() {
-	echo "usage ${APPNAME} [options] working-dir [package-list | app]"
-	echo ' options:'
-	echo '    -r <app>      Run "app" within the context of the chroot'
-	echo '    -u            Update the chroot via pacman'
-	echo '    -f            Force overwrite of files in the working-dir'
-	echo '    -C <file>     Location of a pacman config file'
-	echo '    -M <file>     Location of a makepkg config file'
-	echo '    -n            Do not copy config files into the chroot'
-	echo '    -c <dir>      Set pacman cache. Default: /var/cache/pacman/pkg'
-	echo '    -h            This message'
-	exit $1
-}
-
-while getopts 'r:ufnhC:M:c:' arg; do
-	case "${arg}" in
-		r) RUN="$OPTARG" ;;
-		u) RUN='/bin/sh -c "pacman -Syu --noconfirm && (pacman -Qqu >/dev/null && pacman -Su --noconfirm || exit 0)"' ;;
-		f) FORCE='y' ;;
-		C) pac_conf="$OPTARG" ;;
-		M) makepkg_conf="$OPTARG" ;;
-		n) NOCOPY='y' ;;
-		c) cache_dir="$OPTARG" ;;
-		h|?) usage 0 ;;
-		*) echo "invalid argument '${arg}'"; usage 1 ;;
-	esac
-done
-
-if [ "$EUID" != '0' ]; then
-	echo 'error: this script must be run as root.'
-	exit 1
-fi
-
-shift $(($OPTIND - 1))
-
-if [ "$RUN" = '' -a $# -lt 2 ]; then
-	echo 'you must specify a directory and one or more packages'
-	usage 1
-elif [ $# -lt 1 ]; then
-	echo 'you must specify a directory'
-	usage 1
-fi
-
-working_dir="$(readlink -f ${1})"
-shift 1
-
-[ "${working_dir}" = '' ] && echo 'error: please specify a working directory' && usage 1
-
-if [ -z "$cache_dir" ]; then
-	cache_conf=${working_dir}/etc/pacman.conf
-	[ ! -f $cache_conf ] && cache_conf=${pac_conf:-/etc/pacman.conf}
-	cache_dir=$( (grep -m 1 '^CacheDir' $cache_conf || echo 'CacheDir = /var/cache/pacman/pkg') | sed 's/CacheDir\s*=\s*//')
-	unset cache_conf
-fi
-
-if [ -f /etc/pacman.d/mirrorlist ]; then
-	host_mirror=$(pacman -Sdp extra/devtools 2>/dev/null | sed -E 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
-fi
-if [ -z "${host_mirror}" ]; then
-	host_mirror='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
-fi
-if echo "${host_mirror}" | grep -q 'file://'; then
-	host_mirror_path=$(echo "${host_mirror}" | sed -E 's#file://(/.*)/\$repo/os/\$arch#\1#g')
-fi
-
-# {{{ functions
-chroot_mount() {
-	[ -e "${working_dir}/sys" ] || mkdir "${working_dir}/sys"
-	mount -t sysfs sysfs "${working_dir}/sys"
-
-	[ -e "${working_dir}/proc" ] || mkdir "${working_dir}/proc"
-	mount -t proc proc "${working_dir}/proc"
-
-	[ -e "${working_dir}/dev" ] || mkdir "${working_dir}/dev"
-	mount -t tmpfs dev "${working_dir}/dev" -o mode=0755,size=10M,nosuid
-	mknod -m 666 "${working_dir}/dev/null" c 1 3
-	mknod -m 666 "${working_dir}/dev/zero" c 1 5
-	mknod -m 600 "${working_dir}/dev/console" c 5 1
-	mknod -m 644 "${working_dir}/dev/random" c 1 8
-	mknod -m 644 "${working_dir}/dev/urandom" c 1 9
-	mknod -m 666 "${working_dir}/dev/tty" c 5 0
-	mknod -m 666 "${working_dir}/dev/tty0" c 4 0
-	mknod -m 666 "${working_dir}/dev/full" c 1 7
-	ln -s /proc/kcore "${working_dir}/dev/core"
-	ln -s /proc/self/fd "${working_dir}/dev/fd"
-	ln -s /proc/self/fd/0 "${working_dir}/dev/stdin"
-	ln -s /proc/self/fd/1 "${working_dir}/dev/stdout"
-	ln -s /proc/self/fd/2 "${working_dir}/dev/stderr"
-
-	[ -e "${working_dir}/dev/shm" ] || mkdir "${working_dir}/dev/shm"
-	mount -t tmpfs shm "${working_dir}/dev/shm" -o nodev,nosuid,size=128M
-
-	[ -e "${working_dir}/dev/pts" ] || mkdir "${working_dir}/dev/pts"
-	mount -t devpts devpts "${working_dir}/dev/pts" -o newinstance,ptmxmode=666
-	ln -s pts/ptmx "${working_dir}/dev/ptmx"
-
-	[ -e "${cache_dir}" ] || mkdir -p "${cache_dir}"
-	[ -e "${working_dir}/${cache_dir}" ] || mkdir -p "${working_dir}/${cache_dir}"
-	mount -o bind "${cache_dir}" "${working_dir}/${cache_dir}"
-
-	if [ -n "${host_mirror_path}" ]; then
-		[ -e "${working_dir}/${host_mirror_path}" ] || mkdir -p "${working_dir}/${host_mirror_path}"
-		mount -o bind "${host_mirror_path}" "${working_dir}/${host_mirror_path}"
-		mount -o remount,ro,bind "${host_mirror_path}" "${working_dir}/${host_mirror_path}"
-	fi
-
-	trap 'chroot_umount' EXIT INT QUIT TERM HUP
-}
-
-copy_hostconf () {
-	chroot "${working_dir}" /bin/findmnt -rnu -o SOURCE,TARGET,FSTYPE,OPTIONS > "${working_dir}/etc/mtab"
-	cp /etc/resolv.conf "${working_dir}/etc/resolv.conf"
-	echo "Server = ${host_mirror}" > ${working_dir}/etc/pacman.d/mirrorlist
-}
-
-chroot_umount () {
-	umount "${working_dir}/proc"
-	umount "${working_dir}/sys"
-	umount "${working_dir}/dev/pts"
-	umount "${working_dir}/dev/shm"
-	umount "${working_dir}/dev"
-	umount "${working_dir}/${cache_dir}"
-	[ -n "${host_mirror_path}" ] && umount "${working_dir}/${host_mirror_path}"
-}
-
-chroot_lock () {
-	# Only reopen the FD if it wasn't handed to us
-	if [ "$(readlink -f /dev/fd/9)" != "${working_dir}.lock" ]; then
-	  exec 9>"${working_dir}.lock"
-	fi
-
-	# Lock the chroot. Take note of the FD number.
-	if ! flock -n 9; then
-		echo -n "locking chroot..."
-		flock 9
-		echo "done"
-	fi
-}
-# }}}
-
-umask 0022
-if [ "$RUN" != "" ]; then
-	# run chroot {{{
-	#Sanity check
-	if [ ! -f "${working_dir}/.arch-chroot" ]; then
-		echo "error: '${working_dir}' does not appear to be a Arch chroot"
-		echo '       please build the image using mkarchroot'
-		exit 1
-	fi
-
-	chroot_lock
-	chroot_mount
-	copy_hostconf
-
-	eval chroot "${working_dir}" ${RUN}
-
-	# }}}
-else
-	# {{{ build chroot
-	if [ -e "${working_dir}" -a "${FORCE}" = "n" ]; then
-		echo "error: working dir '${working_dir}' already exists - try using -f"
-		exit 1
-	fi
-
-	if { type -P btrfs && btrfs subvolume create "${working_dir}"; } &>/dev/null; then
-		chmod 0755 "${working_dir}"
-	fi
-
-	mkdir -p "${working_dir}/var/lib/pacman/sync"
-	mkdir -p "${working_dir}/etc/"
-
-	chroot_lock
-	chroot_mount
-
-	pacargs="--noconfirm --root=${working_dir} --cachedir=${cache_dir}"
-	if [ "$pac_conf" != "" ]; then
-		pacargs="$pacargs --config=${pac_conf}"
-	fi
-
-	if [ $# -ne 0 ]; then
-		op='-Sy'
-		if [ "$FORCE" = "y" ]; then
-			op="${op}f"
-		fi
-		if ! pacman ${op} ${pacargs} $@; then
-			echo 'error: failed to install all packages'
-			exit 1
-		fi
-	fi
-
-	if [ -d "${working_dir}/lib/modules" ]; then
-		ldconfig -r "${working_dir}"
-	fi
-
-	if [ "$pac_conf" != "" -a "$NOCOPY" = "n" ]; then
-		cp ${pac_conf} ${working_dir}/etc/pacman.conf
-	fi
-
-	if [ "$makepkg_conf" != "" -a "$NOCOPY" = "n" ]; then
-		cp ${makepkg_conf} ${working_dir}/etc/makepkg.conf
-	fi
-
-	if [ -e "${working_dir}/etc/locale.gen" ]; then
-		echo -e 'en_US.UTF-8 UTF-8\nde_DE.UTF-8 UTF-8' > "${working_dir}/etc/locale.gen"
-		chroot "${working_dir}" locale-gen
-	fi
-
-	if [ ! -e "${working_dir}/.arch-chroot" ]; then
-		date +%s > "${working_dir}/.arch-chroot"
-	fi
-	# }}}
-fi

mkarchroot.in

@@ -0,0 +1,95 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+m4_include(lib/archroot.sh)
+
+# umask might have been changed in /etc/profile
+# ensure that sane default is set again
+umask 0022
+
+working_dir=''
+umode=''
+
+files=()
+nspawn_args=()
+
+usage() {
+	echo "Usage: ${0##*/} [options] working-dir package-list..."
+	echo ' options:'
+	echo '    -U            Use pacman -U to install packages'
+	echo '    -C <file>     Location of a pacman config file'
+	echo '    -M <file>     Location of a makepkg config file'
+	echo '    -c <dir>      Set pacman cache'
+	echo '    -f <file>     Copy file from the host to the chroot'
+	echo '    -s            Do not run setarch'
+	echo '    -h            This message'
+	exit 1
+}
+
+while getopts 'hUC:M:c:f:s' arg; do
+	case "$arg" in
+		U) umode=U ;;
+		C) pac_conf="$OPTARG" ;;
+		M) makepkg_conf="$OPTARG" ;;
+		c) cache_dirs+=("$OPTARG") ;;
+		f) files+=("$OPTARG") ;;
+		s) nosetarch=1 ;;
+		h|?) usage ;;
+		*) error "invalid argument '%s'" "$arg"; usage ;;
+	esac
+	if [[ $arg != U ]]; then
+		nspawn_args+=("-$arg")
+		[[ -v OPTARG ]] && nspawn_args+=("$OPTARG")
+	fi
+done
+shift $((OPTIND - 1))
+
+(( $# < 2 )) && die 'You must specify a directory and one or more packages.'
+
+check_root
+
+working_dir="$(readlink -f "$1")"
+shift 1
+
+[[ -z $working_dir ]] && die 'Please specify a working directory.'
+
+
+if (( ${#cache_dirs[@]} == 0 )); then
+	mapfile -t cache_dirs < <(pacman-conf CacheDir)
+fi
+
+umask 0022
+
+[[ -e $working_dir ]] && die "Working directory '%s' already exists" "$working_dir"
+
+mkdir -p "$working_dir"
+
+lock 9 "${working_dir}.lock" "Locking chroot"
+
+if is_btrfs "$working_dir"; then
+	rmdir "$working_dir"
+	if ! btrfs subvolume create "$working_dir"; then
+		die "Couldn't create subvolume for '%s'" "$working_dir"
+	fi
+	chmod 0755 "$working_dir"
+fi
+
+for file in "${files[@]}"; do
+	mkdir -p "$(dirname "$working_dir$file")"
+	cp "$file" "$working_dir$file"
+done
+
+pacstrap -${umode}Mcd ${pac_conf:+-C "$pac_conf"} "$working_dir" \
+	"${cache_dirs[@]/#/--cachedir=}" "$@" || die 'Failed to install all packages'
+
+printf '%s.UTF-8 UTF-8\n' en_US de_DE > "$working_dir/etc/locale.gen"
+echo 'LANG=en_US.UTF-8' > "$working_dir/etc/locale.conf"
+echo "$CHROOT_VERSION" > "$working_dir/.arch-chroot"
+
+systemd-machine-id-setup --root="$working_dir"
+
+exec arch-nspawn \
+	"${nspawn_args[@]}" \
+	"$working_dir" locale-gen

offload-build.in

@@ -0,0 +1,122 @@
+#!/bin/bash
+#
+# offload-build - build a PKGBUILD on a remote server using makechrootpkg.
+#
+# Copyright (c) 2019 by Eli Schwartz <eschwartz@archlinux.org>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+source /usr/share/makepkg/util/config.sh
+
+
+# global defaults suitable for use by Arch staff
+repo=extra
+arch=x86_64
+server=build.archlinux.org
+
+die() { printf "error: $1\n" "${@:2}"; exit 1; }
+
+usage() {
+    cat <<- _EOF_
+		Usage: ${BASH_SOURCE[0]##*/} [--repo REPO] [--arch ARCHITECTURE] [--server SERVER] -- [ARCHBUILD_ARGS]
+
+		Build a PKGBUILD on a remote server using makechrootpkg. Requires a remote user
+		that can run archbuild without password auth. Options passed after a -- are
+		passed on to archbuild, and eventually to makechrootpkg.
+
+		OPTIONS
+		    -r, --repo      Build against a specific repository (current: $repo)
+		    -a, --arch      Build against a specific architecture (current: $arch)
+		    -s, --server    Offload to a specific build server (current: $server)
+		    -h, --help      Show this help text
+_EOF_
+}
+
+# option checking
+while (( $# )); do
+    case $1 in
+        -h|--help)
+            usage
+            exit 0
+            ;;
+        -r|--repo)
+            repo=$2
+            shift 2
+            ;;
+        -a|--arch)
+            arch=$2
+            shift 2
+            ;;
+        -s|--server)
+            server=$2
+            shift 2
+            ;;
+        --)
+            shift
+            break
+            ;;
+        *)
+            die "invalid argument: %s" "$1"
+            ;;
+    esac
+done
+
+# multilib must be handled specially
+archbuild_arch="${arch}"
+if [[ $repo = multilib* ]]; then
+    archbuild_arch=
+fi
+
+archbuild_cmd=("${repo}${archbuild_arch:+-$archbuild_arch}-build" "$@")
+
+trap 'rm -rf $TEMPDIR' EXIT INT TERM QUIT
+
+# Load makepkg.conf variables to be available
+load_makepkg_config
+
+# Use a source-only tarball as an intermediate to transfer files. This
+# guarantees the checksums are okay, and guarantees that all needed files are
+# transferred, including local sources, install scripts, and changelogs.
+export TEMPDIR=$(mktemp -d --tmpdir offload-build.XXXXXXXXXX)
+export SRCPKGDEST=${TEMPDIR}
+makepkg --source || die "unable to make source package"
+
+# Temporary cosmetic workaround makepkg if SRCDEST is set somewhere else
+# but an empty src dir is created in PWD. Remove once fixed in makepkg.
+rmdir --ignore-fail-on-non-empty src 2>/dev/null || true
+
+mapfile -t files < <(
+    # This is sort of bash golfing but it allows running a mildly complex
+    # command over ssh with a single connection.
+    # shellcheck disable=SC2145
+    cat "$SRCPKGDEST"/*"$SRCEXT" |
+        ssh $server '
+            temp="${XDG_CACHE_HOME:-$HOME/.cache}/offload-build" &&
+            mkdir -p "$temp" &&
+            temp=$(mktemp -d -p "$temp") &&
+            cd "$temp" &&
+            {
+                bsdtar --strip-components 1 -xvf - &&
+                script -qefc "'"${archbuild_cmd[@]@Q}"'" /dev/null &&
+                printf "%s\n" "" "-> build complete" &&
+                printf "\t%s\n" "$temp"/*
+            } >&2 &&
+            pkgdatadir="$(devtools-config --pkgdatadir||echo /usr/share/devtools)" &&
+            makepkg_user_config="${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf" &&
+            makepkg_config="${pkgdatadir}/makepkg-'"${arch}"'.conf" &&
+            if [[ -f "${pkgdatadir}/makepkg-'"${repo}"'-'"${arch}"'.conf" ]]; then
+                makepkg_config="${pkgdatadir}/makepkg-'"${repo}"'-'"${arch}"'.conf"
+            fi &&
+            makepkg --config <(cat "${makepkg_user_config}" "${makepkg_config}" 2>/dev/null) --packagelist &&
+            printf "%s\n" "${temp}/PKGBUILD"
+')
+
+
+if (( ${#files[@]} )); then
+    printf '%s\n' '' '-> copying files...'
+    scp "${files[@]/#/$server:}" "${TEMPDIR}/"
+    mv "${TEMPDIR}"/*.pkg.tar* "${PKGDEST:-${PWD}}/"
+    mv "${TEMPDIR}/PKGBUILD" "${PWD}/"
+else
+    exit 1
+fi

pacman-extra.conf

@@ -13,11 +13,11 @@
 #DBPath      = /var/lib/pacman/
 #CacheDir    = /var/cache/pacman/pkg/
 #LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
-#XferCommand = /usr/bin/curl -C - -f %u > %o
 #CleanMethod = KeepInstalled
 Architecture = auto
 
@@ -28,12 +28,24 @@ Architecture = auto
 #NoUpgrade   =
 #NoExtract   =
 
-# Misc options (all disabled by default)
+# Misc options
 #UseSyslog
-#ShowSize
-#UseDelta
-#TotalDownload
+#Color
+NoProgressBar
+# We cannot check disk space from within a chroot environment
 #CheckSpace
+VerbosePkgLists
+ParallelDownloads = 5
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
 
 #
 # REPOSITORIES
@@ -76,5 +88,5 @@ Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
-

pacman-gnome-unstable.conf

@@ -0,0 +1,95 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+NoProgressBar
+# We cannot check disk space from within a chroot environment
+#CheckSpace
+VerbosePkgLists
+ParallelDownloads = 5
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+[gnome-unstable]
+Include = /etc/pacman.d/mirrorlist
+
+[testing]
+Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+[community-testing]
+Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs

pacman-kde-unstable.conf

@@ -0,0 +1,95 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+NoProgressBar
+# We cannot check disk space from within a chroot environment
+#CheckSpace
+VerbosePkgLists
+ParallelDownloads = 5
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+[kde-unstable]
+Include = /etc/pacman.d/mirrorlist
+
+[testing]
+Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+[community-testing]
+Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs

pacman-multilib-staging.conf

@@ -0,0 +1,109 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+NoProgressBar
+# We cannot check disk space from within a chroot environment
+#CheckSpace
+VerbosePkgLists
+ParallelDownloads = 5
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+[staging]
+Include = /etc/pacman.d/mirrorlist
+
+[testing]
+Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+[community-staging]
+Include = /etc/pacman.d/mirrorlist
+
+[community-testing]
+Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# If you want to run 32 bit applications on your x86_64 system,
+# enable the multilib repositories as required here.
+[multilib-staging]
+Include = /etc/pacman.d/mirrorlist
+
+[multilib-testing]
+Include = /etc/pacman.d/mirrorlist
+
+[multilib]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs

pacman-multilib-testing.conf

@@ -13,11 +13,11 @@
 #DBPath      = /var/lib/pacman/
 #CacheDir    = /var/cache/pacman/pkg/
 #LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
-#XferCommand = /usr/bin/curl -C - -f %u > %o
 #CleanMethod = KeepInstalled
 Architecture = auto
 
@@ -28,12 +28,24 @@ Architecture = auto
 #NoUpgrade   =
 #NoExtract   =
 
-# Misc options (all disabled by default)
+# Misc options
 #UseSyslog
-#ShowSize
-#UseDelta
-#TotalDownload
+#Color
+NoProgressBar
+# We cannot check disk space from within a chroot environment
 #CheckSpace
+VerbosePkgLists
+ParallelDownloads = 5
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
 
 #
 # REPOSITORIES
@@ -74,7 +86,7 @@ Include = /etc/pacman.d/mirrorlist
 Include = /etc/pacman.d/mirrorlist
 
 # If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
 [multilib-testing]
 Include = /etc/pacman.d/mirrorlist
 
@@ -84,5 +96,5 @@ Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
-

pacman-multilib.conf

@@ -13,11 +13,11 @@
 #DBPath      = /var/lib/pacman/
 #CacheDir    = /var/cache/pacman/pkg/
 #LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
-#XferCommand = /usr/bin/curl -C - -f %u > %o
 #CleanMethod = KeepInstalled
 Architecture = auto
 
@@ -28,12 +28,24 @@ Architecture = auto
 #NoUpgrade   =
 #NoExtract   =
 
-# Misc options (all disabled by default)
+# Misc options
 #UseSyslog
-#ShowSize
-#UseDelta
-#TotalDownload
+#Color
+NoProgressBar
+# We cannot check disk space from within a chroot environment
 #CheckSpace
+VerbosePkgLists
+ParallelDownloads = 5
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
 
 #
 # REPOSITORIES
@@ -74,12 +86,16 @@ Include = /etc/pacman.d/mirrorlist
 Include = /etc/pacman.d/mirrorlist
 
 # If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
+
+#[multilib-testing]
+#Include = /etc/pacman.d/mirrorlist
+
 [multilib]
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
-

pacman-staging.conf

@@ -13,11 +13,11 @@
 #DBPath      = /var/lib/pacman/
 #CacheDir    = /var/cache/pacman/pkg/
 #LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
-#XferCommand = /usr/bin/curl -C - -f %u > %o
 #CleanMethod = KeepInstalled
 Architecture = auto
 
@@ -28,12 +28,24 @@ Architecture = auto
 #NoUpgrade   =
 #NoExtract   =
 
-# Misc options (all disabled by default)
+# Misc options
 #UseSyslog
-#ShowSize
-#UseDelta
-#TotalDownload
+#Color
+NoProgressBar
+# We cannot check disk space from within a chroot environment
 #CheckSpace
+VerbosePkgLists
+ParallelDownloads = 5
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
 
 #
 # REPOSITORIES
@@ -82,5 +94,5 @@ Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
-

pacman-testing.conf

@@ -13,11 +13,11 @@
 #DBPath      = /var/lib/pacman/
 #CacheDir    = /var/cache/pacman/pkg/
 #LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
-#XferCommand = /usr/bin/curl -C - -f %u > %o
 #CleanMethod = KeepInstalled
 Architecture = auto
 
@@ -28,12 +28,24 @@ Architecture = auto
 #NoUpgrade   =
 #NoExtract   =
 
-# Misc options (all disabled by default)
+# Misc options
 #UseSyslog
-#ShowSize
-#UseDelta
-#TotalDownload
+#Color
+NoProgressBar
+# We cannot check disk space from within a chroot environment
 #CheckSpace
+VerbosePkgLists
+ParallelDownloads = 5
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
 
 #
 # REPOSITORIES
@@ -76,5 +88,5 @@ Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
-

rebuildpkgs.in

@@ -1,7 +1,10 @@
 #!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
 # This script rebuilds a list of packages in order
 # and reports anything that fails
-# 
+#
 # Due to sudo usage, it is recommended to allow makechrootpkg
 # to be run with NOPASSWD in your sudoers file
 #
@@ -9,24 +12,30 @@
 # Currently uses $(pwd)/rebuilds as the directory for rebuilding...
 # TODO make this work for community too
 
-if [ $# -le 1 ]; then
-	echo "usage: $(basename $0) <chrootdir> <packages to rebuild>"
-	echo "  example: $(basename $0) ~/chroot readline bash foo bar baz"
+m4_include(lib/common.sh)
+
+if (( $# < 1 )); then
+	printf 'Usage: %s <chrootdir> <packages to rebuild>\n' "$(basename "${BASH_SOURCE[0]}")"
+	printf '  example: %s ~/chroot readline bash foo bar baz\n' "$(basename "${BASH_SOURCE[0]}")"
 	exit 1
 fi
 
 # Source makepkg.conf; fail if it is not found
-if [ -r '/etc/makepkg.conf' ]; then
+if [[ -r '/etc/makepkg.conf' ]]; then
+	# shellcheck source=makepkg-x86_64.conf
 	source '/etc/makepkg.conf'
 else
-	echo '/etc/makepkg.conf not found!'
-	exit 1
+	die '/etc/makepkg.conf not found!'
 fi
 
-die () {
-	echo $@ >&2
-	exit 1
-}
+# Source user-specific makepkg.conf overrides
+if [[ -r "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf"
+elif [[ -r "$HOME/.makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "$HOME/.makepkg.conf"
+fi
 
 bump_pkgrel() {
 	# Get the current pkgrel from SVN and update the working copy with it
@@ -35,9 +44,9 @@ bump_pkgrel() {
 	oldrel=$(grep 'pkgrel=' $pbuild | cut -d= -f2)
 
 	#remove decimals
-	rel=$(echo $oldrel | cut -d. -f1)
+	rel=${oldrel%%.*}
 
-	newrel=$(($rel + 1))
+	newrel=$((rel + 1))
 
 	sed -i "s/pkgrel=$oldrel/pkgrel=$newrel/" PKGBUILD
 }
@@ -45,15 +54,16 @@ bump_pkgrel() {
 pkg_from_pkgbuild() {
 	# we want the sourcing to be done in a subshell so we don't pollute our current namespace
 	export CARCH PKGEXT
+	# shellcheck source=PKGBUILD.proto
 	(source PKGBUILD; echo "$pkgname-$pkgver-$pkgrel-$CARCH$PKGEXT")
 }
 
 chrootdir="$1"; shift
-pkgs="$@"
+pkgs=("$@")
 
-SVNPATH='svn+ssh://gerolde.archlinux.org/srv/svn-packages'
+SVNPATH='svn+ssh://repos.archlinux.org/srv/repos/svn-packages/svn'
 
-echo ":: Work will be done in $(pwd)/rebuilds"
+msg "Work will be done in %s" "$(pwd)/rebuilds"
 
 REBUILD_ROOT="$(pwd)/rebuilds"
 mkdir -p "$REBUILD_ROOT"
@@ -62,14 +72,14 @@ cd "$REBUILD_ROOT"
 /usr/bin/svn co -N $SVNPATH
 
 FAILED=""
-for pkg in $pkgs; do
+for pkg in "${pkgs[@]}"; do
 	cd "$REBUILD_ROOT/svn-packages"
 
-	echo ":: Building '$pkg'"
+	msg2 "Building '%s'" "$pkg"
 	/usr/bin/svn update "$pkg"
-	if [ ! -d "$pkg/trunk" ]; then
+	if [[ ! -d "$pkg/trunk" ]]; then
 		FAILED="$FAILED $pkg"
-		echo ":: $pkg does not exist in SVN"
+		warning "%s does not exist in SVN" "$pkg"
 		continue
 	fi
 	cd "$pkg/trunk/"
@@ -78,24 +88,24 @@ for pkg in $pkgs; do
 
 	if ! sudo makechrootpkg -u -d -r "$chrootdir" -- --noconfirm; then
 		FAILED="$FAILED $pkg"
-		echo ":: $pkg Failed!"
+		error "%s Failed!" "$pkg"
 	else
 		pkgfile=$(pkg_from_pkgbuild)
-		if [ -e "$pkgfile" ]; then
-			echo ":: $pkg Complete"
+		if [[ -e $pkgfile ]]; then
+			msg2 "%s Complete" "$pkg"
 		else
 			FAILED="$FAILED $pkg"
-			echo ":: $pkg Failed, no package built!"
+			error "%s Failed, no package built!" "$pkg"
 		fi
 	fi
 done
 
 cd "$REBUILD_ROOT"
-if [ "$FAILED" != "" ]; then
-	echo 'Packages failed:'
+if [[ -n $FAILED ]]; then
+	msg 'Packages failed:'
 	for pkg in $FAILED; do
-		echo -e "\t$pkg"
+		msg2 "%s" "$pkg"
 	done
 fi
 
-echo 'SVN pkgbumps in svn-packages/ - commit when ready'
+msg 'SVN pkgbumps in svn-packages/ - commit when ready'

sogrep.in

@@ -0,0 +1,170 @@
+#!/bin/bash
+#
+# sogrep - find shared library links in an Arch Linux repository.
+#
+# Copyright (c) 2019 by Eli Schwartz <eschwartz@archlinux.org>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+
+# globals
+: ${SOLINKS_MIRROR:="https://mirror.pkgbuild.com"}
+: ${SOCACHE_DIR:="${XDG_CACHE_HOME:-${HOME}/.cache}/sogrep"}
+
+m4_include(lib/valid-repos.sh)
+arches=('x86_64')
+
+# options
+REFRESH=0
+VERBOSE=0
+
+source /usr/share/makepkg/util/parseopts.sh
+source /usr/share/makepkg/util/util.sh
+
+recache() {
+    local repo arch verbosity=-s
+
+    (( VERBOSE )) && verbosity=--progress-bar
+
+    for repo in "${_repos[@]}"; do
+        for arch in "${arches[@]}"; do
+            # delete extracted tarballs from previous sogrep versions
+            rm -rf "${SOCACHE_DIR}/${arch}/${repo}"
+
+            # fetch repo links database if newer than our cached copy
+            local dbpath=${SOCACHE_DIR}/${arch}/${repo}.links.tar.gz
+            mkdir -p "${dbpath%/*}"
+            (( VERBOSE )) && echo "Fetching ${repo}.links.tar.gz..."
+            if ! curl -fLR "${verbosity}" -o "${dbpath}" -z "${dbpath}" \
+                    "${SOLINKS_MIRROR}/${repo}/os/${arch}/${repo}.links.tar.gz"; then
+                echo "error: failed to download links database for repo ${repo}"
+                exit 1
+            fi
+        done
+    done
+}
+
+is_outdated_cache() {
+    local repo arch
+
+    # links databases are generated at about the same time every day; we should
+    # attempt to check for new database files if any of them are over a day old
+
+    for repo in "${_repos[@]}"; do
+        for arch in "${arches[@]}"; do
+            local dbpath=${SOCACHE_DIR}/${arch}/${repo}.links.tar.gz
+            if [[ ! -f ${dbpath} ]] || [[ $(find "${dbpath}" -mtime +0) ]]; then
+                return 0
+            fi
+        done
+    done
+
+    return 1
+}
+
+search() {
+    local repo=$1 arch lib=$2 srepos=("${_repos[@]}")
+
+    if [[ $repo != all ]]; then
+        if ! in_array "${repo}" "${_repos[@]}"; then
+            echo "${BASH_SOURCE[0]##*/}: unrecognized repo '$repo'"
+            echo "Try '${BASH_SOURCE[0]##*/} --help' for more information."
+            exit 1
+        fi
+        srepos=("${repo}")
+    fi
+
+    setup_workdir
+
+    for arch in "${arches[@]}"; do
+        for repo in "${srepos[@]}"; do
+            local prefix=
+            (( VERBOSE && ${#srepos[@]} > 1 )) && prefix=${repo}/
+            local db=${SOCACHE_DIR}/${arch}/${repo}.links.tar.gz
+            if [[ -f ${db} ]]; then
+                local extracted=${WORKDIR}/${arch}/${repo}
+                mkdir -p "${extracted}"
+                bsdtar -C "${extracted}" -xf "${db}"
+                while read -rd '' pkg; do
+                    read -r match
+                    pkg=${pkg#${extracted}/}
+                    pkg="${prefix}${pkg%-*-*/links}"
+
+                    if (( VERBOSE )); then
+                        printf '%-35s %s\n' "${pkg}" "${match}"
+                    else
+                        printf '%s\n' "${pkg}"
+                    fi
+                done < <(grep -rZ "${lib}" "${extracted}") | sort -u
+            fi
+        done
+    done | resort
+}
+
+usage() {
+    cat <<- _EOF_
+		Usage: ${BASH_SOURCE[0]##*/} [OPTIONS] REPO LIBNAME
+
+		Check the soname links database for Arch Linux repositories containing
+		packages linked to a given shared library. If the repository specified
+		is "all", then all repositories will be searched, otherwise only the
+		named repository will be searched.
+
+		If the links database does not exist, it will be downloaded first.
+
+		OPTIONS
+		    -v, --verbose   Show matched links in addition to pkgname
+		    -r, --refresh   Refresh the links databases
+		    -h, --help      Show this help text
+_EOF_
+}
+
+# utility function to resort with multiple repos + no-verbose
+resort() { sort -u; }
+
+if (( $# == 0 )); then
+    echo "error: No arguments passed."
+    echo "Try '${BASH_SOURCE[0]##*/} --help' for more information."
+    exit 1
+fi
+OPT_SHORT='vrh'
+OPT_LONG=('verbose' 'refresh' 'help')
+if ! parseopts "$OPT_SHORT" "${OPT_LONG[@]}" -- "$@"; then
+    exit 1
+fi
+set  -- "${OPTRET[@]}"
+
+while :; do
+    case $1 in
+        -v|--verbose)
+            resort() { cat; }
+            VERBOSE=1
+            ;;
+        -r|--refresh)
+            REFRESH=1
+            ;;
+        -h|--help)
+            usage
+            exit 0
+            ;;
+        --)
+            shift; break
+            ;;
+    esac
+    shift
+done
+
+if ! (( ( REFRESH && $# == 0 ) || $# == 2 )); then
+    echo "error: Incorrect number of arguments passed."
+    echo "Try '${BASH_SOURCE[0]##*/} --help' for more information."
+    exit 1
+fi
+
+# trigger a refresh if requested explicitly or the cached dbs might be outdated
+if (( REFRESH )) || [[ ! -d ${SOCACHE_DIR} ]] || is_outdated_cache; then
+    recache
+    (( $# == 2 )) || exit 0
+fi
+
+search "$@"

zsh_completion.in

@@ -0,0 +1,134 @@
+#compdef archbuild archco arch-nspawn archrelease commitpkg devtools-config diffpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-x86_64-build=archbuild testing-x86_64-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco checkpkg sogrep offload-build makerepropkg
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/valid-tags.sh)
+m4_include(lib/valid-repos.sh)
+
+_binary_arch=${_arch[*]:0:-1}
+
+_archbuild_args=(
+	'-c[Recreate the chroot before building]'
+	'-r[Create chroots in this directory]:base_dir:_files -/'
+	'-h[Display usage]'
+	'--[Introduce makechrootpkg options]:*::makechrootpkg options:=  _dispatch makechrootpkg makechrootpkg'
+)
+
+_archco_args=(
+	'*:packages:_devtools_completions_all_packages'
+)
+
+_arch_nspawn_args=(
+	'-C[Location of a pacman config file]:pacman_config:_files -g "*.conf(.)"'
+	'-M[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
+	'-c[Set pacman cache]:pacman_cache:_files -/'
+	'-f[Copy file from the host to the chroot]:copy_file:_files'
+	'-s[Do not run setarch]'
+	'-h[Display usage]'
+	'1:chroot_dir:_files -/'
+)
+
+_archrelease_args=(
+	'-f[Force release without checks]'
+	"*:arch:($_tags[*])"
+)
+
+_commitpkg_args=(
+	'-f[Force release without checks]'
+	'-s[Target repo server]'
+	'-l[Set bandwidth limit]:limit'
+	"-a[Release to a specific architecture only]:arch:($_arch[*])"
+	'1:commit_msg'
+)
+
+_devtools_config_args=(
+	'(--pkgdatadir)'{--pkgdatadir}'[Print pkgdatadir location]'
+	'(-h --help)'{-h,--help}'[Display usage]'
+)
+
+_diffpkg_args=(
+	'(-l --list)'{-l,--list}'[Tar content list diff mode]'
+	'(-d --diffoscope)'{-d,--diffoscope}'[Diffoscope diff mode]'
+	'(-p --pkginfo)'{-p,--pkginfo}'[.PKGINFO diff mode]'
+	'(-b --buildinfo)'{-b,--buildinfo}'[.BUILDINFO diff mode]'
+	'(-m --makepkg-config)'{-m,--makepkg-config}'[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
+	'(-v --verbose)'{-v,--verbose}'[Provide more detailed/unfiltered output]'
+	'(-h --help)'{-h,--help}'[Display usage]'
+	'*:packages:_devtools_completions_all_packages'
+)
+
+_finddeps_args=(
+	'1:packages:_devtools_completions_all_packages'
+)
+
+_makechrootpkg_args=(
+	'-h[Display usage]'
+	'-c[Clean the chroot before building]'
+	'-d[Bind directory into build chroot as read-write]:bind_dir_rw:_files -/'
+	'-D[Bind directory into build chroot as read-only]:bind_dir_ro:_files -/'
+	'-u[Update the working copy of the chroot before building]'
+	'-r[The chroot dir to use]:chroot_dir:_files -/'
+	'-I[Install a package into the working copy]:target:_files -g "*.pkg.tar.*(.)"'
+	'-l[The directory to use as the working copy]:copy_dir:_files -/'
+	'-n[Run namcap on the package]'
+	'-T[Build in a temporary directory]'
+	'-U[Run makepkg as a specified user]:makepkg_user'
+)
+
+_mkarchroot_args=(
+	'-U[Install a package into the working copy]:target:_files -g "*.pkg.tar.*(.)"'
+	'-C[Location of a pacman config file]:pacman_config:_files -g "*.conf(.)"'
+	'-M[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
+	'-c[Set pacman cache]:pacman_cache:_files -/'
+	'-h[Display usage]'
+	'1:working_dir:_files -/'
+	'*:packages:_devtools_completions_all_packages'
+)
+
+_rebuildpkgs_args=(
+	'1:chroot_dir:_files -/'
+	'*:packages:_devtools_completions_all_packages'
+)
+
+_checkpkg_args=(
+	'(-r --rmdir)'{-r,--rmdir}'[Remove the temporary directory]'
+	'(-w --warn)'{-w,--warn}'[Print a warning in case of differences]'
+	'(-M --makepkg-config)'{-M,--makepkg-config}'[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
+	'(-h --help)'{-h,--help}'[Display usage]'
+)
+
+_sogrep_args=(
+	'(-v --verbose)'{-v,--verbose}'[Show matched links in addition to pkgname]'
+	'(-r --refresh)'{-r,--refresh}'[Refresh the links databases]'
+	'(-h --help)'{-h,--help}'[Display usage]'
+	'1:repo:(all $_repos[*])'
+	'2:libname'
+)
+
+_offload_build_args=(
+	'(-r --repo)'{-r,--repo}'[Build against a specific repository]:repo:($_build_repos[*])'
+	'(-a --arch)'{-a,--arch}'[Build against a specific architecture]:arch:(${_binary_arch[*]})'
+	'(-s --server)'{-s,--server}'[Offload to a specific Build server]:server:'
+	'(-h --help)'{-h,--help}'[Display usage]'
+)
+
+_makerepropkg_args=(
+	'-d[Run diffoscope if the package is unreproducible]'
+	'-c[Set pacman cache]:pacman_cache:_files -/'
+	'-M[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
+	'-h[Display usage]'
+	'*:working_dir:_files -g "*.pkg.tar.*(.)"'
+)
+
+_devtools_completions_all_packages() {
+	typeset -U packages
+	packages=($(_call_program packages pacman -Sql))
+	compadd - "${(@)packages}"
+}
+
+_devtools() {
+	local argname="_${service//-/_}_args[@]"
+	_arguments -s "${(P)argname}"
+}
+
+_devtools