chore(license): avoid sourcing PKGBUILD in check subcommand

We don't actually need any data from the package, except the pkgbase which is exclusively used during logging. Simply grep the pkgbase name and use the path during early code path issues. Component: pkgctl license check
2025-09-13 18:06:19 +02:00 · 2025-08-02 06:29:26 +02:00
5 changed files with 21 additions and 23 deletions
--- a/contrib/completion/bash/devtools.in
+++ b/contrib/completion/bash/devtools.in
@@ -150,7 +150,6 @@ _pkgctl_cmds=(
 	db
 	diff
 	issue
-	license
 	release
 	repo
 	search
--- a/src/commitpkg.in
+++ b/src/commitpkg.in
@@ -155,7 +155,7 @@ if (( ${#needsversioning[*]} )); then
 		if [[ ! -f "${file}" ]]; then
 			continue
 		fi
-		if ! git ls-files --error-unmatch "$file" >/dev/null; then
+		if ! git ls-files --error-unmatch "$file"; then
 			die "%s is not under version control" "$file"
 		fi
 	done
--- a/src/lib/license/check.sh
+++ b/src/lib/license/check.sh
@@ -94,19 +94,19 @@ pkgctl_license_check() {
 		pushd "${path}" >/dev/null

 		if [[ ! -f PKGBUILD ]]; then
-			msg_error "${BOLD}${pkgbase}:${ALL_OFF} no PKGBUILD found"
+			msg_error "${BOLD}${path}:${ALL_OFF} no PKGBUILD found"
 			return 1
 		fi

-		# reset common PKGBUILD variables
-		unset pkgbase
-
-		# shellcheck source=contrib/makepkg/PKGBUILD.proto
-		if ! . ./PKGBUILD; then
-			msg_error "${BOLD}${pkgbase}:${ALL_OFF} failed to source PKGBUILD"
+		if [[ ! -f .SRCINFO ]]; then
+			msg_error "${BOLD}${path}:${ALL_OFF} no .SRCINFO found"
+			return 1
+		fi
+
+		if ! pkgbase=$(grep --max-count=1 --extended-regexp "pkgbase = (.+)" .SRCINFO | awk '{print $3}'); then
+			msg_error "${BOLD}${path}:${ALL_OFF} pkgbase not found in .SRCINFO"
 			return 1
 		fi
-		pkgbase=${pkgbase:-$pkgname}

 		if [[ ! -e LICENSE ]]; then
 			msg_error "${BOLD}${pkgbase}:${ALL_OFF} is missing the LICENSE file"
--- a/src/lib/license/setup.sh
+++ b/src/lib/license/setup.sh
@@ -191,9 +191,7 @@ path = [
    ".nvchecker.toml",
    "*.install",
    "*.sysusers",
-    "*sysusers.conf",
    "*.tmpfiles",
-    "*tmpfiles.conf",
    "*.logrotate",
    "*.pam",
    "*.service",
--- a/src/makechrootpkg.in
+++ b/src/makechrootpkg.in
@@ -19,7 +19,7 @@ shopt -s nullglob

 default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg)
 makepkg_args=("${default_makepkg_args[@]}")
-verifysource_args=(--syncdeps --noconfirm --log)
+verifysource_args=()
 chrootdir=
 passeddir=
 makepkg_user=
@@ -175,7 +175,7 @@ prepare_chroot() {
 	printf >>"$copydir/etc/passwd" 'builduser:x:%d:%d:builduser:/build:/bin/bash\n' "$builduser_uid" "$builduser_gid"
 	printf >>"$copydir/etc/shadow" 'builduser:!!:%d::::::\n' "$(( $(date -u +%s) / 86400 ))"

-	$install -d "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest,verify/{gnupg,ssh}}
+	$install -d "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest}

 	sed -e '/^MAKEFLAGS=/d' -e '/^PACKAGER=/d' -i "$copydir/etc/makepkg.conf"
 	for x in BUILDDIR=/build PKGDEST=/pkgdest SRCPKGDEST=/srcpkgdest SRCDEST=/srcdest LOGDEST=/logdest \
@@ -247,10 +247,15 @@ _chrootnamcap() {
 	done
 }

-_download_sources() {
+download_sources() {
+	setup_workdir
+	chown "$makepkg_user:" "$WORKDIR"
+
 	# Ensure sources are downloaded
-	sudo -u builduser env SRCDEST="/srcdest" GNUPGHOME="/verify/gnupg" SSH_AUTH_SOCK="/verify/ssh" \
-		bash -c "cd /startdir; makepkg --config=/etc/makepkg.conf --verifysource -o ${verifysource_args[*]}"
+	sudo -u "$makepkg_user" --preserve-env=GNUPGHOME,SSH_AUTH_SOCK \
+		env SRCDEST="$SRCDEST" BUILDDIR="$WORKDIR" \
+		makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" ||
+		die "Could not download sources."
 }

 move_logfiles() {
@@ -347,7 +352,6 @@ umask 0022
 ORIG_HOME=$HOME
 IFS=: read -r _ _ _ _ _ HOME _ < <(getent passwd "${SUDO_USER:-$USER}")
 load_makepkg_config
-DEVTOOLS_GNUPGHOME="${GNUPGHOME:-$HOME/.gnupg}"
 HOME=$ORIG_HOME

 # Use PKGBUILD directory if these don't exist
@@ -379,6 +383,8 @@ if [[ "$(id -u "$makepkg_user")" == 0 ]]; then
 	exit 1
 fi

+download_sources
+
 prepare_chroot

 nspawn_build_args=(
@@ -390,11 +396,6 @@ nspawn_build_args=(
 	"${bindmounts_tmpfs[@]}"
 )

-arch-nspawn "$copydir" \
-	"${nspawn_build_args[@]}" --bind-ro="${DEVTOOLS_GNUPGHOME//:/\\:}:/verify/gnupg" --bind-ro="${SSH_AUTH_SOCK//:/\\:}:/verify/ssh" \
-	bash -c "$(declare -f _download_sources); verifysource_args=(${verifysource_args[*]}); _download_sources" ||
-	die "Could not download sources."
-
 if arch-nspawn "$copydir" \
 	"${nspawn_build_args[@]}" \
 	/chrootbuild "${makepkg_args[@]}"