prepare release

crossrepomove: Fix dbscripts path for [community] move to nymeria
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2025-09-13 18:06:19 +02:00 · 2012-11-15 14:38:03 +01:00 · 2012-11-15 14:32:34 +01:00 · 2012-11-15 14:28:50 +01:00 · 2012-11-15 14:27:20 +01:00 · 2012-11-12 18:44:26 +01:00
24 changed files with 484 additions and 251 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
 *~
-devtools-*.tar.gz
+devtools-*.tar.gz*
 archbuild
 archco
 archrelease
@@ -14,3 +14,4 @@ mkarchroot
 rebuildpkgs
 zsh_completion
 find-libdeps
 crossrepomove
--- a/20
+++ b/20
@@ -1,4 +1,4 @@
-V=20120206
+V=20121115
 PREFIX = /usr/local
@@ -12,7 +12,8 @@ BINPROGS = \
 	lddd \
 	finddeps \
 	rebuildpkgs \
-	find-libdeps
+	find-libdeps \
 	crossrepomove
 SBINPROGS = \
 	mkarchroot \
@@ -59,6 +60,14 @@ ARCHBUILD_LINKS = \
 	gnome-unstable-i686-build \
 	gnome-unstable-x86_64-build
 CROSSREPOMOVE_LINKS = \
 	extra2community \
 	community2extra
 BASHCOMPLETION_LINKS = \
 	archco \
 	communityco
 all: $(BINPROGS) $(SBINPROGS) bash_completion zsh_completion
 edit = sed -e "s|@pkgdatadir[@]|$(DESTDIR)$(PREFIX)/share/devtools|g"
@@ -82,8 +91,10 @@ install:
 	install -m0644 ${CONFIGFILES} $(DESTDIR)$(PREFIX)/share/devtools
 	for l in ${COMMITPKG_LINKS}; do ln -sf commitpkg $(DESTDIR)$(PREFIX)/bin/$$l; done
 	for l in ${ARCHBUILD_LINKS}; do ln -sf archbuild $(DESTDIR)$(PREFIX)/bin/$$l; done
 	for l in ${CROSSREPOMOVE_LINKS}; do ln -sf crossrepomove $(DESTDIR)$(PREFIX)/bin/$$l; done
 	ln -sf find-libdeps $(DESTDIR)$(PREFIX)/bin/find-libprovides
-	install -Dm0644 bash_completion $(DESTDIR)/etc/bash_completion.d/devtools
+	install -Dm0644 bash_completion $(DESTDIR)/usr/share/bash-completion/completions/devtools
 	for l in ${BASHCOMPLETION_LINKS}; do ln -sf devtools $(DESTDIR)/usr/share/bash-completion/completions/$$l; done
 	install -Dm0644 zsh_completion $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools
 	ln -sf archco $(DESTDIR)$(PREFIX)/bin/communityco
@@ -93,7 +104,8 @@ uninstall:
 	for f in ${CONFIGFILES}; do rm -f $(DESTDIR)$(PREFIX)/share/devtools/$$f; done
 	for l in ${COMMITPKG_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
 	for l in ${ARCHBUILD_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
-	rm $(DESTDIR)/etc/bash_completion.d/devtools
+	for l in ${CROSSREPOMOVE_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
 	rm $(DESTDIR)/usr/share/bash-completion/completions/devtools
 	rm $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools
 	rm -f $(DESTDIR)$(PREFIX)/bin/communityco
 	rm -f $(DESTDIR)$(PREFIX)/bin/find-libprovides
--- a/archbuild.in
+++ b/archbuild.in
@@ -14,7 +14,7 @@ else
 	repo=${tag%-*}
 	arch=${tag##*-}
 fi
-chroots='/var/tmp/archbuild'
+chroots='/var/lib/archbuild'
 clean_first=false
 usage() {
@@ -43,28 +43,31 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 		[[ -d $copy ]] || continue
 		msg2 "Deleting chroot copy '$(basename "${copy}")'..."
-		# Lock the copy
+		exec 9>"$copydir.lock"
-		exec 9>"${copy}.lock"
+		if ! flock -n 9; then
-		flock 9
+			stat_busy "Locking chroot copy '$copy'"
 			flock 9
 			stat_done
 		fi
 		{ type -P btrfs && btrfs subvolume delete "${copy}"; } &>/dev/null
-		rm -rf "${copy}"
+		rm -rf --one-file-system "${copy}"
 	done
 	exec 9>&-
-	rm -rf "${chroots}/${repo}-${arch}"
+	rm -rf --one-file-system "${chroots}/${repo}-${arch}"
 	mkdir -p "${chroots}/${repo}-${arch}"
 	setarch "${arch}" mkarchroot \
 		-C "@pkgdatadir@/pacman-${repo}.conf" \
 		-M "@pkgdatadir@/makepkg-${arch}.conf" \
 		"${chroots}/${repo}-${arch}/root" \
-		"${base_packages[@]}"
+		"${base_packages[@]}" || abort
 else
 	setarch ${arch} mkarchroot \
 		-u \
 		-C "@pkgdatadir@/pacman-${repo}.conf" \
 		-M "@pkgdatadir@/makepkg-${arch}.conf" \
-		"${chroots}/${repo}-${arch}/root"
+		"${chroots}/${repo}-${arch}/root" || abort
 fi
 msg "Building in chroot for [${repo}] (${arch})..."
--- a/archco.in
+++ b/archco.in
@@ -13,7 +13,7 @@ case $scriptname in
 	archco)
 		SVNURL="svn+ssh://gerolde.archlinux.org/srv/svn-packages";;
 	communityco)
-		SVNURL="svn+ssh://aur.archlinux.org/srv/svn-packages";;
+		SVNURL="svn+ssh://svn-community@nymeria.archlinux.org/srv/repos/svn-community/svn";;
 	*)
 		die "Couldn't find svn url for $scriptname"
 		;;
--- a/archrelease.in
+++ b/archrelease.in
@@ -1,13 +1,32 @@
 #!/bin/bash
 m4_include(lib/common.sh)
 m4_include(lib/valid-tags.sh)
-if [[ -z $1 ]]; then
+# parse command line options
-	echo 'Usage: archrelease <repo>...'
+FORCE=
 while getopts ':f' flag; do
 	case $flag in
 		f) FORCE=1 ;;
 		:) die "Option requires an argument -- '$OPTARG'" ;;
 		\?) die "Invalid option -- '$OPTARG'" ;;
 	esac
 done
 shift $(( OPTIND - 1 ))
 if ! (( $# )); then
 	echo 'Usage: archrelease [-f] <repo>...'
 	exit 1
 fi
-# TODO: validate repo is really repo-arch
+# validate repo is really repo-arch
 if [[ -z $FORCE ]]; then
 	for tag in "$@"; do
 		if ! in_array "$tag" "${_tags[@]}"; then
 			die 'archrelease: Invalid tag: "'$tag'" (use -f to force release)'
 		fi
 	done
 fi
 if [[ ! -f PKGBUILD ]]; then
 	die 'archrelease: PKGBUILD not found'
@@ -35,6 +54,9 @@ for file in "${known_files[@]}"; do
 	fi
 done
 # gracefully handle files containing an "@" character
 known_files=("${known_files[@]/%/@}")
 for tag in "$@"; do
 	stat_busy "Copying ${trunk} to ${tag}"
@@ -44,7 +66,7 @@ for tag in "$@"; do
 		while read -r file; do
 			trash+=("repos/$tag/$file")
 		done < <(svn ls "repos/$tag")
-		[[ $trash ]] && svn rm -q "${trash[@]}"
+		[[ $trash ]] && svn rm -q "${trash[@]/%/@}"
 	else
 		mkdir -p "repos/$tag"
 		svn add --parents -q "repos/$tag"
--- a/checkpkg.in
+++ b/checkpkg.in
@@ -58,7 +58,7 @@ for _pkgname in "${pkgname[@]}"; do
 		elif [[ -f "$STARTDIR/$oldpkg" ]]; then
 			ln -s "$STARTDIR/$oldpkg" "$oldpkg"
 		else
-			wget --quiet "$pkgurl"
+		        curl -fsLC - --retry 3 --retry-delay 3 -o "$oldpkg" "$pkgurl"
 		fi
 	fi
--- a/commitpkg.in
+++ b/commitpkg.in
@@ -42,7 +42,7 @@ pkgbase=${pkgbase:-$pkgname}
 case "$cmd" in
 	commitpkg)
 		if (( $# == 0 )); then
-			die 'usage: commitpkg <reponame> [-l limit] [-a arch] [commit message]'
+			die 'usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
 		fi
 		repo="$1"
 		shift
@@ -51,23 +51,13 @@ case "$cmd" in
 		repo="${cmd%pkg}"
 		;;
 	*)
-		die 'usage: commitpkg <reponame> [-l limit] [-a arch] [commit message]'
+		die 'usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
 		;;
 esac
 case "$repo" in
 	core|extra|testing|staging|kde-unstable|gnome-unstable)
 		server='gerolde.archlinux.org' ;;
 	community*|multilib*)
 		server='aur.archlinux.org' ;;
 	*)
 		server='gerolde.archlinux.org'
 		msg "Non-standard repository $repo in use, defaulting to server $server" ;;
 esac
 # check if all local source files are under version control
 for s in "${source[@]}"; do
-	if [[ $s != *://* ]] && ! svn status -v "$s" | grep -q '^[ AMRX~]'; then
+	if [[ $s != *://* ]] && ! svn status -v "$s@" | grep -q '^[ AMRX~]'; then
 		die "$s is not under version control"
 	fi
 done
@@ -83,18 +73,49 @@ for i in 'changelog' 'install'; do
 	done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
 done
 # see if any limit options were passed, we'll send them to rsync
 rsyncopts=(-e ssh -p --chmod=ug=rw,o=r -c -h -L --progress --partial -y)
-while getopts ':l:a:' flag; do
+archreleaseopts=()
 while getopts ':l:a:s:f' flag; do
 	case $flag in
-		l) rsyncopts+=("--bwlimit=$2") ;;
+		f) archreleaseopts+=('-f') ;;
-		a) commit_arch=$2 ;;
+		s) server=$OPTARG ;;
 		l) rsyncopts+=("--bwlimit=$OPTARG") ;;
 		a) commit_arch=$OPTARG ;;
 		:) die "Option requires an argument -- '$OPTARG'" ;;
 		\?) die "Invalid option -- '$OPTARG'" ;;
 	esac
 done
 shift $(( OPTIND - 1 ))
 # check packages have the packager field set
 for _arch in ${arch[@]}; do
 	if [[ -n $commit_arch && ${_arch} != "$commit_arch" ]]; then
 		continue
 	fi
 	for _pkgname in ${pkgname[@]}; do
 		fullver=$(get_full_version $_pkgname)
 		if pkgfile=$(shopt -s nullglob;
 				getpkgfile "${PKGDEST+$PKGDEST/}$_pkgname-$fullver-${_arch}".pkg.tar.?z); then
 			if grep -q "packager = Unknown Packager" <(bsdtar -xOqf $pkgfile .PKGINFO); then
 				die "PACKAGER was not set when building package"
 			fi
 		fi
 	done
 done
 if [[ -z $server ]]; then
 	case "$repo" in
 		core|extra|testing|staging|kde-unstable|gnome-unstable)
 			server='gerolde.archlinux.org' ;;
 		community*|multilib*)
 			server='nymeria.archlinux.org' ;;
 		*)
 			server='gerolde.archlinux.org'
 			msg "Non-standard repository $repo in use, defaulting to server $server" ;;
 	esac
 fi
 if [[ -n $(svn status -q) ]]; then
 	msgtemplate="upgpkg: $pkgbase $(get_full_version)"$'\n\n'
 	if [[ -n $1 ]]; then
@@ -143,21 +164,17 @@ for _arch in ${arch[@]}; do
 		uploads+=("$pkgfile")
 		sigfile="${pkgfile}.sig"
-		if [[ $SIGNPKG == 'y' && ! -f $sigfile ]]; then
+		if [[ ! -f $sigfile ]]; then
 			msg "Signing package ${pkgfile}..."
 			if [[ -n $GPGKEY ]]; then
 				SIGNWITHKEY="-u ${GPGKEY}"
 			fi
 			gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || die
 		fi
-		if [[ -f $sigfile ]]; then
+		if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
-			if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
+			die "Signature ${pkgfile}.sig is incorrect!"
 				die "Signature ${pkgfile}.sig is incorrect!"
 			fi
 			uploads+=("$sigfile")
 		else
 			die "Signature ${pkgfile}.sig was not found"
 		fi
 		uploads+=("$sigfile")
 	done
 done
@@ -166,19 +183,21 @@ for _arch in ${arch[@]}; do
 		commit_arches+=($_arch)
 	fi
 done
 archrelease "${commit_arches[@]/#/$repo-}" || die
-new_uploads=()
+if [[ ${#commit_arches[*]} -gt 0 ]]; then
-
+	archrelease "${archreleaseopts[@]}" "${commit_arches[@]/#/$repo-}" || die
-# convert to absolute paths so rsync can work with colons (epoch)
+fi
 while read -r -d '' upload; do
 	  new_uploads+=("$upload")
 done < <(realpath -z "${uploads[@]}")
 uploads=("${new_uploads[@]}")
 unset new_uploads
 if [[ ${#uploads[*]} -gt 0 ]]; then
 	new_uploads=()
 	# convert to absolute paths so rsync can work with colons (epoch)
 	while read -r -d '' upload; do
 		new_uploads+=("$upload")
 	done < <(realpath -z "${uploads[@]}")
 	uploads=("${new_uploads[@]}")
 	unset new_uploads
 	msg 'Uploading all package and signature files'
 	rsync "${rsyncopts[@]}" "${uploads[@]}" "$server:staging/$repo/" || die
 fi
--- a/crossrepomove.in
+++ b/crossrepomove.in
@@ -0,0 +1,98 @@
 #!/bin/bash
 m4_include(lib/common.sh)
 scriptname=${0##*/}
 if [[ -z $1 ]]; then
 	echo 'Usage: '$scriptname' [pkgbase]'
 	exit 1
 fi
 pkgbase="${1}"
 packages_svn='svn+ssh://gerolde.archlinux.org/srv/svn-packages'
 packages_server='gerolde.archlinux.org'
 community_svn='svn+ssh://svn-community@nymeria.archlinux.org/srv/repos/svn-community/svn'
 community_server='nymeria.archlinux.org'
 mirror='http://mirrors.kernel.org/archlinux'
 case $scriptname in
 	extra2community)
 		source_svn="${packages_svn}"
 		target_svn="${community_svn}"
 		source_server="${packages_server}"
 		target_server="${community_server}"
 		source_repo='extra'
 		target_repo='community'
 		;;
 	community2extra)
 		source_svn="${community_svn}"
 		target_svn="${packages_svn}"
 		source_server="${community_server}"
 		target_server="${packages_server}"
 		source_repo='community'
 		target_repo='extra'
 		;;
 	*)
 		die "Couldn't find configuration for $scriptname"
 		;;
 esac
 setup_workdir
 pushd $WORKDIR >/dev/null
 msg "Downloading sources for ${pkgbase}"
 svn -q checkout -N "${target_svn}" target_checkout
 mkdir -p "target_checkout/${pkgbase}/repos"
 svn -q export "${source_svn}/${pkgbase}/trunk" "target_checkout/${pkgbase}/trunk" || die
 . "target_checkout/${pkgbase}/trunk/PKGBUILD"
 msg "Downloading packages for ${pkgbase}"
 for _arch in ${arch[@]}; do
 	if [[ "${_arch[*]}" == 'any' ]]; then
 		repo_arch='x86_64'
 	else
 		repo_arch=${_arch}
 	fi
 	for _pkgname in ${pkgname[@]}; do
 		fullver=$(get_full_version $_pkgname)
 		# FIXME: this only works with .xz packages
 		ssh "${target_server}" "cd staging/${target_repo}
 			curl -O ${mirror}/${source_repo}/os/${repo_arch}/$_pkgname-$fullver-${_arch}.pkg.tar.xz
 			curl -O ${mirror}/${source_repo}/os/${repo_arch}/$_pkgname-$fullver-${_arch}.pkg.tar.xz.sig" || die
 	done
 done
 msg "Adding ${pkgbase} to ${target_repo}"
 svn -q add "target_checkout/${pkgbase}"
 svn -q propset svn:keywords 'Id' "target_checkout/${pkgbase}/trunk/PKGBUILD"
 svn -q commit -m"${scriptname}: Moving ${pkgbase} from ${source_repo} to ${target_repo}" target_checkout
 pushd "target_checkout/${pkgbase}/trunk" >/dev/null
 archrelease "${arch[@]/#/$target_repo-}" || die
 popd >/dev/null
 if [[ "${target_server}" == "${community_server}" ]]; then
        dbscripts_path='/srv/repos/svn-community/dbscripts'
 else
        dbscripts_path='/arch'
 fi
 ssh "${target_server}" "${dbscripts_path}/db-update" || die
 msg "Removing ${pkgbase} from ${source_repo}"
 if [[ "${source_server}" == "${community_server}" ]]; then
        dbscripts_path='/srv/repos/svn-community/dbscripts'
 else
        dbscripts_path='/arch'
 fi
 for _arch in ${arch[@]}; do
 	ssh "${source_server}" "${dbscripts_path}/db-remove ${source_repo} ${_arch} ${pkgbase}"
 done
 svn -q checkout -N "${source_svn}" source_checkout
 svn -q up "source_checkout/${pkgbase}"
 svn -q rm "source_checkout/${pkgbase}"
 svn -q commit -m"${scriptname}: Moving ${pkgbase} from ${source_repo} to ${target_repo}" source_checkout
 popd >/dev/null
--- a/find-libdeps.in
+++ b/find-libdeps.in
@@ -3,6 +3,7 @@
 m4_include(lib/common.sh)
 set -e
 shopt -s extglob
 IGNORE_INTERNAL=0
@@ -40,7 +41,7 @@ fi
 process_sofile() {
 	# extract the library name: libfoo.so
-	soname="${sofile%%\.so\.*}.so"
+	soname="${sofile%.so?(+(.+([0-9])))}".so
 	# extract the major version: 1
 	soversion="${sofile##*\.so\.}"
 	if [[ "$soversion" = "$sofile" ]] && (($IGNORE_INTERNAL)); then
--- a/lib/common.sh
+++ b/lib/common.sh
@@ -62,8 +62,6 @@ setup_workdir() {
 }
 cleanup() {
 	trap - EXIT INT QUIT TERM
 	[[ -n $WORKDIR ]] && rm -rf "$WORKDIR"
 	[[ $1 ]] && exit $1
 }
@@ -73,13 +71,23 @@ abort() {
 	cleanup 0
 }
 trap_abort() {
 	trap - EXIT INT QUIT TERM HUP
 	abort
 }
 trap_exit() {
 	trap - EXIT INT QUIT TERM HUP
 	cleanup
 }
 die() {
 	error "$*"
 	cleanup 1
 }
-trap abort INT QUIT TERM HUP
+trap 'trap_abort' INT QUIT TERM HUP
-trap 'cleanup 0' EXIT
+trap 'trap_exit' EXIT
 ##
 #  usage : in_array( $needle, $haystack )
--- a/lib/valid-tags.sh
+++ b/lib/valid-tags.sh
@@ -0,0 +1,20 @@
 _arch=(
 	i686
 	x86_64
 	any
 )
 _tags=(
 	core-i686 core-x86_64 core-any
 	extra-i686 extra-x86_64 extra-any
 	multilib-x86_64
 	staging-i686 staging-x86_64 staging-any
 	testing-i686 testing-x86_64 testing-any
 	multilib-testing-x86_64
 	multilib-staging-x86_64
 	community-i686 community-x86_64 community-any
 	community-staging-i686 community-staging-x86_64 community-staging-any
 	community-testing-i686 community-testing-x86_64 community-testing-any
 	kde-unstable-i686 kde-unstable-x86_64 kde-unstable-any
 	gnome-unstable-i686 gnome-unstable-x86_64 gnome-unstable-any
 )
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -25,6 +25,7 @@ passeddir=
 default_copy=$USER
 [[ -n $SUDO_USER ]] && default_copy=$SUDO_USER
 [[ -z $default_copy || $default_copy = root ]] && default_copy=copy
 src_owner=${SUDO_USER:-$USER}
 usage() {
 	echo "usage ${0##*/} [options] -r <chrootdir> [--] [makepkg args]"
@@ -67,7 +68,7 @@ while getopts 'hcudr:I:l:n' arg; do
 		r) passeddir="$OPTARG" ;;
 		I) install_pkg="$OPTARG" ;;
 		l) copy="$OPTARG" ;;
-		n) run_namcap=true ;;
+		n) run_namcap=true; makepkg_args="$makepkg_args -i" ;;
 		*) makepkg_args="$makepkg_args -$arg $OPTARG" ;;
 	esac
 done
@@ -212,12 +213,12 @@ if ! grep -q 'SRCDEST="/srcdest"' "$copydir/etc/makepkg.conf"; then
 	echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf"
 fi
-if [[ -n $MAKEFLAGS ]]; then 
+if [[ -n $MAKEFLAGS ]]; then
 	sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf"
 	echo "MAKEFLAGS='${MAKEFLAGS}'" >> "$copydir/etc/makepkg.conf"
 fi
-if [[ -n $PACKAGER ]]; then 
+if [[ -n $PACKAGER ]]; then
 	sed -i '/^PACKAGER=/d' "$copydir/etc/makepkg.conf"
 	echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf"
 fi
@@ -258,15 +259,11 @@ nobody ALL = NOPASSWD: /usr/bin/pacman
 EOF
 chmod 440 "$copydir/etc/sudoers.d/nobody-pacman"
 # Set this system wide as makepkg will source /etc/profile before calling build()
 echo 'LANG=C' > "$copydir/etc/locale.conf"
 # This is a little gross, but this way the script is recreated every time in the
 # working copy
 cat >"$copydir/chrootbuild" <<EOF
 #!/bin/bash
 . /etc/profile
 export LANG=C
 export HOME=/build
 cd /build
@@ -278,7 +275,7 @@ if $run_namcap; then
 	pacman -S --needed --noconfirm namcap
 	for pkgfile in /build/PKGBUILD /pkgdest/*.pkg.tar.?z; do
 		echo "Checking \${pkgfile##*/}"
-		namcap "\$pkgfile" 2>&1 | tee "/build/\${pkgfile##*/}-namcap.log"
+		sudo -u nobody namcap "\$pkgfile" 2>&1 | tee "/build/\${pkgfile##*/}-namcap.log"
 	done
 fi
@@ -296,10 +293,12 @@ if mkarchroot -r "/chrootbuild" "$copydir"; then
 			popd >/dev/null
 		fi
 		chown "$src_owner" "$pkgfile"
 		mv "$pkgfile" "$PKGDEST"
 	done
 	for l in "$copydir"/build/*-{build,check,namcap,package,package_*}.log; do
 		chown "$src_owner" "$l"
 		[[ -f $l ]] && mv "$l" .
 	done
 else
@@ -308,6 +307,7 @@ else
 fi
 for f in "$copydir"/srcdest/*; do
 	chown "$src_owner" "$f"
 	mv "$f" "$SRCDEST"
 done
--- a/makepkg-i686.conf
+++ b/makepkg-i686.conf
@@ -31,7 +31,7 @@ CHOST="i686-pc-linux-gnu"
 # -mtune optimizes for an architecture, but builds for whole processor family
 CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
 CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
-LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
--- a/makepkg-x86_64.conf
+++ b/makepkg-x86_64.conf
@@ -31,7 +31,7 @@ CHOST="x86_64-unknown-linux-gnu"
 # -mtune optimizes for an architecture, but builds for whole processor family
 CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
 CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
-LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
--- a/mkarchroot.in
+++ b/mkarchroot.in
@@ -10,6 +10,8 @@
 m4_include(lib/common.sh)
 CHROOT_VERSION='v2'
 FORCE='n'
 RUN=''
 NOCOPY='n'
@@ -28,7 +30,7 @@ usage() {
 	echo '    -C <file>     Location of a pacman config file'
 	echo '    -M <file>     Location of a makepkg config file'
 	echo '    -n            Do not copy config files into the chroot'
-	echo '    -c <dir>      Set pacman cache. Default: /var/cache/pacman/pkg'
+	echo '    -c <dir>      Set pacman cache'
 	echo '    -h            This message'
 	exit 1
 }
@@ -42,7 +44,7 @@ while getopts 'r:ufnhC:M:c:' arg; do
 		M) makepkg_conf="$OPTARG" ;;
 		n) NOCOPY='y' ;;
 		c) cache_dir="$OPTARG" ;;
-		h|?) usage 0 ;;
+		h|?) usage ;;
 		*) error "invalid argument '${arg}'"; usage ;;
 	esac
 done
@@ -65,68 +67,85 @@ shift 1
 [[ -z $working_dir ]] && die 'Please specify a working directory.'
 if [[ -z $cache_dir ]]; then
-	cache_conf=${working_dir}/etc/pacman.conf
+	cache_dirs=($(pacman -v $cache_conf 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g'))
-	[[ ! -f $cache_conf ]] && cache_conf=${pac_conf:-/etc/pacman.conf}
+else
-	cache_dir=$( (grep -m 1 '^CacheDir' $cache_conf || echo 'CacheDir = /var/cache/pacman/pkg') | sed 's/CacheDir\s*=\s*//')
+	cache_dirs=(${cache_dir})
 	unset cache_conf
 fi
-if [[ -f /etc/pacman.d/mirrorlist ]]; then
+host_mirror=$(pacman -Sddp extra/devtools 2>/dev/null | sed -E 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
 	host_mirror=$(pacman -Sddp extra/devtools 2>/dev/null | sed -E 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
 fi
 if [[ -z $host_mirror ]]; then
 	host_mirror='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
 fi
 if echo "${host_mirror}" | grep -q 'file://'; then
 	host_mirror_path=$(echo "${host_mirror}" | sed -E 's#file://(/.*)/\$repo/os/\$arch#\1#g')
 fi
 # {{{ functions
-chroot_mount() {
+bind_mount() {
-	[[ -e "${working_dir}/sys" ]] || mkdir "${working_dir}/sys"
+	local mode="${2:-rw}"
-	mount -t sysfs sysfs "${working_dir}/sys"
+	local target="${working_dir}${1}"
-	[[ -e "${working_dir}/proc" ]] || mkdir "${working_dir}/proc"
+	if [[ ! -e "$target" ]]; then
-	mount -t proc proc "${working_dir}/proc"
+		if [[ -d "$1" ]]; then
-
+			install -d "$target"
-	[[ -e "${working_dir}/dev" ]] || mkdir "${working_dir}/dev"
+		else
-	mount -t tmpfs dev "${working_dir}/dev" -o mode=0755,size=10M,nosuid
+			install -D /dev/null "$target"
-	mknod -m 666 "${working_dir}/dev/null" c 1 3
+		fi
 	mknod -m 666 "${working_dir}/dev/zero" c 1 5
 	mknod -m 600 "${working_dir}/dev/console" c 5 1
 	mknod -m 644 "${working_dir}/dev/random" c 1 8
 	mknod -m 644 "${working_dir}/dev/urandom" c 1 9
 	mknod -m 666 "${working_dir}/dev/tty" c 5 0
 	mknod -m 666 "${working_dir}/dev/tty0" c 4 0
 	mknod -m 666 "${working_dir}/dev/full" c 1 7
 	ln -s /proc/kcore "${working_dir}/dev/core"
 	ln -s /proc/self/fd "${working_dir}/dev/fd"
 	ln -s /proc/self/fd/0 "${working_dir}/dev/stdin"
 	ln -s /proc/self/fd/1 "${working_dir}/dev/stdout"
 	ln -s /proc/self/fd/2 "${working_dir}/dev/stderr"
 	[[ -e "${working_dir}/dev/shm" ]] || mkdir "${working_dir}/dev/shm"
 	mount -t tmpfs shm "${working_dir}/dev/shm" -o nodev,nosuid,size=128M
 	[[ -e "${working_dir}/dev/pts" ]] || mkdir "${working_dir}/dev/pts"
 	mount -t devpts devpts "${working_dir}/dev/pts" -o newinstance,ptmxmode=666
 	ln -s pts/ptmx "${working_dir}/dev/ptmx"
 	[[ -e $cache_dir ]] || mkdir -p "${cache_dir}"
 	[[ -e "${working_dir}/${cache_dir}" ]] || mkdir -p "${working_dir}/${cache_dir}"
 	mount -o bind "${cache_dir}" "${working_dir}/${cache_dir}"
 	if [[ -n $host_mirror_path ]]; then
 		[[ -e "${working_dir}/${host_mirror_path}" ]] || mkdir -p "${working_dir}/${host_mirror_path}"
 		mount -o bind "${host_mirror_path}" "${working_dir}/${host_mirror_path}"
 		mount -o remount,ro,bind "${host_mirror_path}" "${working_dir}/${host_mirror_path}"
 	fi
-	trap 'chroot_umount' EXIT INT QUIT TERM HUP
+	mount -o bind "$1" "$target"
 	mount -o remount,${mode},bind "$target"
 	mount --make-slave "$target"
 }
 chroot_mount() {
 	trap 'trap_chroot_umount' EXIT INT QUIT TERM HUP
 	if (( ! have_nspawn )); then
 		bind_mount /sys ro
 		[[ -e "${working_dir}/proc" ]] || mkdir "${working_dir}/proc"
 		mount -t proc proc -o nosuid,noexec,nodev "${working_dir}/proc"
 		bind_mount /proc/sys ro
 		[[ -e "${working_dir}/dev" ]] || mkdir "${working_dir}/dev"
 		mount -t tmpfs dev "${working_dir}/dev" -o mode=0755,size=10M,nosuid,strictatime
 		mknod -m 666 "${working_dir}/dev/null" c 1 3
 		mknod -m 666 "${working_dir}/dev/zero" c 1 5
 		mknod -m 600 "${working_dir}/dev/console" c 5 1
 		mknod -m 644 "${working_dir}/dev/random" c 1 8
 		mknod -m 644 "${working_dir}/dev/urandom" c 1 9
 		mknod -m 666 "${working_dir}/dev/tty" c 5 0
 		mknod -m 666 "${working_dir}/dev/ptmx" c 5 2
 		mknod -m 666 "${working_dir}/dev/tty0" c 4 0
 		mknod -m 666 "${working_dir}/dev/full" c 1 7
 		mknod -m 666 "${working_dir}/dev/rtc0" c 254 0
 		ln -s /proc/kcore "${working_dir}/dev/core"
 		ln -s /proc/self/fd "${working_dir}/dev/fd"
 		ln -s /proc/self/fd/0 "${working_dir}/dev/stdin"
 		ln -s /proc/self/fd/1 "${working_dir}/dev/stdout"
 		ln -s /proc/self/fd/2 "${working_dir}/dev/stderr"
 		[[ -e "${working_dir}/dev/shm" ]] || mkdir "${working_dir}/dev/shm"
 		mount -t tmpfs shm "${working_dir}/dev/shm" -o nodev,nosuid,size=128M
 		bind_mount /dev/pts
 		[[ -e "${working_dir}/run" ]] || mkdir "${working_dir}/run"
 		mount -t tmpfs tmpfs "${working_dir}/run" -o mode=0755,nodev,nosuid,strictatime,size=64M
 		for host_config in resolv.conf localtime; do
 			bind_mount /etc/$host_config ro
 		done
 	fi
 	[[ -n $host_mirror_path ]] && bind_mount "$host_mirror_path" ro
 	bind_mount "${cache_dirs[0]}"
 	for cache_dir in ${cache_dirs[@]:1}; do
 		bind_mount "$cache_dir" ro
 	done
 }
 copy_hostconf () {
-	cp /etc/resolv.conf "${working_dir}/etc/resolv.conf"
+	cp -a /etc/pacman.d/gnupg "${working_dir}/etc/pacman.d"
 	echo "Server = ${host_mirror}" > ${working_dir}/etc/pacman.d/mirrorlist
 	if [[ -n $pac_conf && $NOCOPY = 'n' ]]; then
@@ -136,16 +155,31 @@ copy_hostconf () {
 	if [[ -n $makepkg_conf && $NOCOPY = 'n' ]]; then
 		cp ${makepkg_conf} ${working_dir}/etc/makepkg.conf
 	fi
 	sed -r "s|^#?\\s*CacheDir.+|CacheDir = $(echo -n ${cache_dirs[@]})|g" -i ${working_dir}/etc/pacman.conf
 }
-chroot_umount () {
+trap_chroot_umount () {
-	umount "${working_dir}/proc"
+	trap 'trap_abort' INT QUIT TERM HUP
-	umount "${working_dir}/sys"
+	trap 'trap_exit' EXIT
-	umount "${working_dir}/dev/pts"
+
-	umount "${working_dir}/dev/shm"
+	for cache_dir in ${cache_dirs[@]}; do
-	umount "${working_dir}/dev"
+		umount "${working_dir}/${cache_dir}"
-	umount "${working_dir}/${cache_dir}"
+	done
 	[[ -n $host_mirror_path ]] && umount "${working_dir}/${host_mirror_path}"
 	if (( ! have_nspawn )); then
 		for host_config in resolv.conf localtime; do
 			umount "${working_dir}/etc/${host_config}"
 		done
 		umount "${working_dir}/proc/sys"
 		umount "${working_dir}/proc"
 		umount "${working_dir}/sys"
 		umount "${working_dir}/dev/pts"
 		umount "${working_dir}/dev/shm"
 		umount "${working_dir}/dev"
 		umount "${working_dir}/run"
 	fi
 }
 chroot_lock () {
@@ -161,21 +195,39 @@ chroot_lock () {
 		stat_done
 	fi
 }
 chroot_run() {
 	local dir=$1
 	shift
 	if (( have_nspawn)); then
 		eval systemd-nspawn -D "${dir}" -- ${@} 2>/dev/null
 	else
 		eval unshare -mui -- chroot "${dir}" ${@}
 	fi
 }
 # }}}
 # use systemd-nspawn if we have it available and systemd is running
 if type -P systemd-nspawn >/dev/null && mountpoint -q /sys/fs/cgroup/systemd; then
 	have_nspawn=1
 fi
 umask 0022
 if [[ -n $RUN ]]; then
 	# run chroot {{{
 	#Sanity check
 	if [[ ! -f "${working_dir}/.arch-chroot" ]]; then
 		die "'${working_dir}' does not appear to be a Arch chroot."
 	elif [[ $(cat "${working_dir}/.arch-chroot") != ${CHROOT_VERSION} ]]; then
 		die "'${working_dir}' is not compatible with ${APPNAME} version ${CHROOT_VERSION}. Please rebuild."
 	fi
 	chroot_lock
 	chroot_mount
 	copy_hostconf
-	eval chroot "${working_dir}" ${RUN}
+	chroot_run "${working_dir}" ${RUN}
 	# }}}
 else
@@ -188,40 +240,35 @@ else
 		chmod 0755 "${working_dir}"
 	fi
 	mkdir -p "${working_dir}/var/lib/pacman/sync"
 	mkdir -p "${working_dir}/etc/"
 	chroot_lock
 	chroot_mount
-	pacargs="--noconfirm --root=${working_dir} --cachedir=${cache_dir}"
+	pacargs="${cache_dirs[@]/#/--cachedir=}"
 	if [[ -n $pac_conf ]]; then
 		pacargs="$pacargs --config=${pac_conf}"
 	fi
 	if (( $# != 0 )); then
 		op='-Sy'
 		if [[ $FORCE = 'y' ]]; then
-			op="${op}f"
+			pacargs="$pacargs --force"
 		fi
-		if ! pacman ${op} ${pacargs} $@; then
+		if ! pacstrap -GMcd "${working_dir}" ${pacargs} $@; then
 			die 'Failed to install all packages'
 		fi
 	fi
 	if [[ -d "${working_dir}/lib/modules" ]]; then
-		ldconfig -r "${working_dir}"
+		chroot_run "${working_dir}" ldconfig
 	fi
 	if [[ -e "${working_dir}/etc/locale.gen" ]]; then
 		sed -i 's@^#\(en_US\|de_DE\)\(\.UTF-8\)@\1\2@' "${working_dir}/etc/locale.gen"
-		chroot "${working_dir}" /usr/sbin/locale-gen
+		chroot_run "${working_dir}" locale-gen
 	fi
 	echo 'LANG=C' > "${working_dir}/etc/locale.conf"
 	copy_hostconf
-	if [[ ! -e "${working_dir}/.arch-chroot" ]]; then
+	echo "${CHROOT_VERSION}" > "${working_dir}/.arch-chroot"
 		date +%s > "${working_dir}/.arch-chroot"
 	fi
 	# }}}
 fi
--- a/pacman-extra.conf
+++ b/pacman-extra.conf
@@ -37,18 +37,13 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
-# PGP signature checking
+# By default, pacman accepts packages signed by keys that its local keyring
-# NOTE: None of this will work without running `pacman-key --init` first.
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 # The compiled in default is equivalent to the following line. This requires
 # you to locally sign and trust packager keys using `pacman-key` for them to be
 # considered valid.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
+
-# the following line. This will treat any key imported into pacman's keyring as
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
-# trusted.
+# keyring can then be populated with the keys of all official Arch Linux
-#SigLevel = Optional TrustAll
+# packagers with `pacman-key --populate archlinux`.
 # For now, off by default unless you read the above.
 SigLevel = Never
 #
 # REPOSITORIES
@@ -74,18 +69,23 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 #[testing]
 #SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 #[community-testing]
 #SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/pacman-gnome-unstable.conf
+++ b/pacman-gnome-unstable.conf
@@ -37,18 +37,13 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
-# PGP signature checking
+# By default, pacman accepts packages signed by keys that its local keyring
-# NOTE: None of this will work without running `pacman-key --init` first.
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 # The compiled in default is equivalent to the following line. This requires
 # you to locally sign and trust packager keys using `pacman-key` for them to be
 # considered valid.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
+
-# the following line. This will treat any key imported into pacman's keyring as
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
-# trusted.
+# keyring can then be populated with the keys of all official Arch Linux
-#SigLevel = Optional TrustAll
+# packagers with `pacman-key --populate archlinux`.
 # For now, off by default unless you read the above.
 SigLevel = Never
 #
 # REPOSITORIES
@@ -74,21 +69,27 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 [gnome-unstable]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/pacman-kde-unstable.conf
+++ b/pacman-kde-unstable.conf
@@ -37,18 +37,13 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
-# PGP signature checking
+# By default, pacman accepts packages signed by keys that its local keyring
-# NOTE: None of this will work without running `pacman-key --init` first.
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 # The compiled in default is equivalent to the following line. This requires
 # you to locally sign and trust packager keys using `pacman-key` for them to be
 # considered valid.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
+
-# the following line. This will treat any key imported into pacman's keyring as
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
-# trusted.
+# keyring can then be populated with the keys of all official Arch Linux
-#SigLevel = Optional TrustAll
+# packagers with `pacman-key --populate archlinux`.
 # For now, off by default unless you read the above.
 SigLevel = Never
 #
 # REPOSITORIES
@@ -74,21 +69,27 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 [kde-unstable]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/pacman-multilib-staging.conf
+++ b/pacman-multilib-staging.conf
@@ -37,18 +37,13 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
-# PGP signature checking
+# By default, pacman accepts packages signed by keys that its local keyring
-# NOTE: None of this will work without running `pacman-key --init` first.
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 # The compiled in default is equivalent to the following line. This requires
 # you to locally sign and trust packager keys using `pacman-key` for them to be
 # considered valid.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
+
-# the following line. This will treat any key imported into pacman's keyring as
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
-# trusted.
+# keyring can then be populated with the keys of all official Arch Linux
-#SigLevel = Optional TrustAll
+# packagers with `pacman-key --populate archlinux`.
 # For now, off by default unless you read the above.
 SigLevel = Never
 #
 # REPOSITORIES
@@ -74,40 +69,50 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 [staging]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-staging]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
 [multilib-staging]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [multilib-testing]
-#SigLevel = Optional TrustAll
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [multilib]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
 #SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
--- a/pacman-multilib-testing.conf
+++ b/pacman-multilib-testing.conf
@@ -37,18 +37,13 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
-# PGP signature checking
+# By default, pacman accepts packages signed by keys that its local keyring
-# NOTE: None of this will work without running `pacman-key --init` first.
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 # The compiled in default is equivalent to the following line. This requires
 # you to locally sign and trust packager keys using `pacman-key` for them to be
 # considered valid.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
+
-# the following line. This will treat any key imported into pacman's keyring as
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
-# trusted.
+# keyring can then be populated with the keys of all official Arch Linux
-#SigLevel = Optional TrustAll
+# packagers with `pacman-key --populate archlinux`.
 # For now, off by default unless you read the above.
 SigLevel = Never
 #
 # REPOSITORIES
@@ -74,31 +69,38 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
 [multilib-testing]
-#SigLevel = Optional TrustAll
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [multilib]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
 #SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
--- a/pacman-multilib.conf
+++ b/pacman-multilib.conf
@@ -37,18 +37,13 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
-# PGP signature checking
+# By default, pacman accepts packages signed by keys that its local keyring
-# NOTE: None of this will work without running `pacman-key --init` first.
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 # The compiled in default is equivalent to the following line. This requires
 # you to locally sign and trust packager keys using `pacman-key` for them to be
 # considered valid.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
+
-# the following line. This will treat any key imported into pacman's keyring as
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
-# trusted.
+# keyring can then be populated with the keys of all official Arch Linux
-#SigLevel = Optional TrustAll
+# packagers with `pacman-key --populate archlinux`.
 # For now, off by default unless you read the above.
 SigLevel = Never
 #
 # REPOSITORIES
@@ -74,28 +69,39 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 #[testing]
 #SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 #[community-testing]
 #SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
 #[multilib-testing]
 #SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 [multilib]
-#SigLevel = Optional TrustAll
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
 #SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
--- a/pacman-staging.conf
+++ b/pacman-staging.conf
@@ -37,18 +37,13 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
-# PGP signature checking
+# By default, pacman accepts packages signed by keys that its local keyring
-# NOTE: None of this will work without running `pacman-key --init` first.
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 # The compiled in default is equivalent to the following line. This requires
 # you to locally sign and trust packager keys using `pacman-key` for them to be
 # considered valid.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
+
-# the following line. This will treat any key imported into pacman's keyring as
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
-# trusted.
+# keyring can then be populated with the keys of all official Arch Linux
-#SigLevel = Optional TrustAll
+# packagers with `pacman-key --populate archlinux`.
 # For now, off by default unless you read the above.
 SigLevel = Never
 #
 # REPOSITORIES
@@ -74,29 +69,36 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 [staging]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-staging]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 #SigLevel = Optional TrustAll
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
 #SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
--- a/pacman-testing.conf
+++ b/pacman-testing.conf
@@ -37,18 +37,13 @@ Architecture = auto
 #CheckSpace
 #VerbosePkgLists
-# PGP signature checking
+# By default, pacman accepts packages signed by keys that its local keyring
-# NOTE: None of this will work without running `pacman-key --init` first.
+# trusts (see pacman-key and its man page), as well as unsigned packages.
 # The compiled in default is equivalent to the following line. This requires
 # you to locally sign and trust packager keys using `pacman-key` for them to be
 # considered valid.
 #SigLevel = Optional TrustedOnly
-# If you wish to check signatures but avoid local sign and trust issues, use
+
-# the following line. This will treat any key imported into pacman's keyring as
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
-# trusted.
+# keyring can then be populated with the keys of all official Arch Linux
-#SigLevel = Optional TrustAll
+# packagers with `pacman-key --populate archlinux`.
 # For now, off by default unless you read the above.
 SigLevel = Never
 #
 # REPOSITORIES
@@ -74,18 +69,23 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/zsh_completion.in
+++ b/zsh_completion.in
@@ -1,21 +1,6 @@
 #compdef archbuild archco archrelease archrm commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-i686-build=archbuild extra-x86_64-build=archbuild testing-i686-build=archbuild testing-x86_64-build=archbuild staging-i686-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-i686-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-i686-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco
-_arch=(i686 x86_64 any)
+m4_include(lib/valid-tags.sh)
 _tags=(
 	core-i686 core-x86_64 core-any
 	extra-i686 extra-x86_64 extra-any
 	multilib-i686 multilib-x86_64 multilib-any
 	staging-i686 staging-x86_64 staging-any
 	testing-i686 testing-x86_64 testing-any
 	multilib-testing-i686 multilib-testing-x86_64 multilib-testing-any
 	multilib-staging-i686 multilib-staging-x86_64 multilib-staging-any
 	community-i686 community-x86_64 community-any
 	community-staging-i686 community-staging-x86_64 community-staging-any
 	community-testing-i686 community-testing-x86_64 community-testing-any
 	kde-unstable-i686 kde-unstable-x86_64 kde-unstable-any
 	gnome-unstable-i686 gnome-unstable-x86_64 gnome-unstable-any
 )
 _archbuild_args=(
 	'-c[Recreate the chroot before building]'
Author	SHA1	Message	Date
Pierre Schmitz	2020fb406a	prepare release	2012-11-15 14:38:03 +01:00
Eric Bélanger	4427b80aba	crossrepomove: Fix dbscripts path for [community] move to nymeria Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-11-15 14:32:34 +01:00
Eric Bélanger	41b54bdde5	mkarchroot: Remove unnecessary parameter for usage function Fixes FS#28973 Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-11-15 14:28:50 +01:00
Eric Bélanger	54bad4c91d	checkpkg: replace wget usage by curl Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-11-15 14:27:20 +01:00
Pierre Schmitz	fc95a57556	prepare release	2012-11-12 18:44:26 +01:00
Pierre Schmitz	21458bd07b	For now only packages and svn from sigurd will be moved to nymeria	2012-11-11 21:07:34 +01:00
Pierre Schmitz	a05969b29d	prepare release	2012-11-03 18:26:45 +01:00
Pierre Schmitz	fdeaed894a	Use nymeria.archlinux.org as shared host for developers and trusted users	2012-11-03 17:32:33 +01:00
Pierre Schmitz	3699321904	Prepare release	2012-10-27 20:31:05 +02:00
Pierre Schmitz	d8ec9c9066	Use sigurd.archlinux.org instead of the now moved aur.archlinux.org hostname	2012-10-27 20:30:24 +02:00
Jan Alexander Steffens (heftig)	fbb2bd2b8e	Fix return code handling Stop trap_exit from forcing a 0 exit code. This fixes makechrootpkg, which used to always return success, even if the build failed. Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-10-27 20:27:39 +02:00
Pierre Schmitz	d5c6bc7656	prepare release	2012-10-13 21:06:31 +02:00
Dan McGee	f7615fe7d7	Fix releasing files with '@' in name SVN treats '@' as a revision specifier, so with the addition of systemd spawning service files, we need to ensure it doesn't screw things up. Signed-off-by: Dan McGee <dan@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-10-13 20:40:09 +02:00
Pierre Schmitz	1703b92e1a	mkarchroot: do not try to bind /etc/timezone from host /etc/timezone is no longer used. We only need /etc/localtime. This fixes FS#31929	2012-10-13 20:33:53 +02:00
Pierre Schmitz	cfd81ab563	prepare release	2012-10-04 21:19:31 +02:00
Pierre Schmitz	ac1ee41e4d	mkarchroot: use a helper function to simplify bind mounts	2012-10-04 19:57:19 +02:00
Pierre Schmitz	ecae65e7fd	prepare release	2012-10-03 12:46:07 +02:00
Pierre Schmitz	c617c67ff8	mkarchroot: Use systemd's nspawn if available * If we are running systemd use nspawn instead of our own chroot setup * Use pacstrap to setup our chroot environment * Make sure the common trap is still called * Bind resolve.conf, timezone and lcoaltime from the host if nspawn is not used * Run ldconfig within the chroot	2012-10-03 12:38:33 +02:00
Pierre Schmitz	7228cc00e8	Use dedicated trap functions to avoid unsetting the trap when e.g. cleanup is called	2012-10-03 12:35:40 +02:00
Pierre Schmitz	a26416dca3	makechrootpkg: do not run namcap as root	2012-10-03 12:32:55 +02:00
Pierre Schmitz	37bb1d33a7	archbuild: abort if update or creation of the chroot fails	2012-10-03 12:32:03 +02:00
Florian Pritz	dbef0b91bf	Fix ownership when copying files from chroot to system Previously files were always owned by nobody which means trying to write to them directly would fail because only the owner has +w. Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-09-14 16:01:01 +02:00
Pierre Schmitz	499f20071a	prepare release	2012-07-20 23:29:43 +02:00
Eric Bélanger	0d3d63e3aa	Fix bash completions With bash-completion 2.0, the completion must have the same name as the binary. Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-06-25 00:01:32 +02:00
Pierre Schmitz	d2ec5ab67d	prepare release	2012-06-16 17:06:15 +02:00
Pierre Schmitz	a23d93ce7f	commitpkg: check if there are any packages to process before doing so	2012-06-16 16:56:42 +02:00
Pierre Schmitz	246b8ead60	mkarchroot: reset trap so it wont be called twice	2012-06-16 16:21:55 +02:00
Pierre Schmitz	b14a1b1bcc	archbuild: do not cross filesystems when removing the chroot copies	2012-06-16 15:28:52 +02:00
Pierre Schmitz	0cd9e1ae7e	archbuild: use flock -n as we do elsewhere	2012-06-16 15:24:16 +02:00
Allan McRae	3734c80bf7	Fix /run permissions in chroot Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-06-15 09:27:27 +02:00
Pierre Schmitz	7b696f6f8d	prepare release	2012-06-12 18:22:37 +02:00
Pierre Schmitz	ed9d5a16e3	Support multiple package cache directories * We use the host package cache configuration * As only the first cache will be written to, we mount the others readonly	2012-06-12 08:17:58 +02:00
Pierre Schmitz	e44c49aebb	archbuild: Store chroots in /var/lib instead of /var/tmp /var/tmp is cleaned up by tmpfiels by default which we cannot handle gracefully.	2012-06-12 06:53:11 +02:00
Pierre Schmitz	c5cd72c085	Remove no longer used option	2012-06-11 23:44:30 +02:00
Pierre Schmitz	8bedb89fd6	Add a version number to each chroot so we can tell the user when a rebuild is needed	2012-06-11 17:04:17 +02:00
Pierre Schmitz	c7cda47342	Enable signature checking within build environment * bind /sys and /dev/pts from host * drop support for devtmpfs as it is no longer needed * add /run and /dev/rtc0 * clone own ipc, uts and mount namespaces for chroot * set localtime, timezone and locale within chroot environment * copy /etc/pacman.d/gnupg from host	2012-06-11 16:44:23 +02:00
Pierre Schmitz	41b39c3e78	prepare release	2012-06-11 11:39:42 +02:00
Pierre Schmitz	6743c97383	update makepkg.conf and pacman.conf	2012-06-11 11:32:05 +02:00
Gerardo Exequiel Pozzi	231496c82a	mkarchroot: use bind mount instead of symlink for /dev/ptmx We need /dev/ptmx -> /dev/pts/ptmx (for devpts -o newinstance) Other way to do this thing is via bind mount (as said kernel doc[devpts.txt]). This should be done in this way at least for /dev as devtmpfs in the chroot. Since we can not touch /dev (devtmpfs), because devtmpfs is "singleton", just use bind method and avoid interference. Do it the same for both modes of /dev (tmpfs) and (devtmpfs) to keep it simple. Currently devpts in chroot is not working without this when using /dev as devtmpfs, this fixes this issue (opening /dev/ptmx, creates devices nodes on outside /dev/pts) Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-06-10 12:57:14 +02:00
Lukas Fleischer	fda394f1a0	Gracefully handle files containing an "@" The "@" sign in file names in SVN marks the beginning of a pegged version number -- from the Subversion book: Peg revisions are specified to the Subversion command-line client using at syntax, so called because the syntax involves appending an “at sign” (@) and the peg revision to the end of the path with which the revision is associated. The trivial workaround is to always append an at sign to the end of the path in the version control checks. Before: $ community-stagingpkg 'Add systemd units.' ==> ERROR: exim-submission@.service is not under version control $ svn status -v \| grep 'exim-submission@.service' A - ? ? exim-submission@.service After: $ community-stagingpkg 'Add systemd units.' ==> Committing changes to trunk...done ==> Signing package exim-4.80-2-x86_64.pkg.tar.xz... [...] Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-06-10 12:47:40 +02:00
Allan McRae	addea828fe	Prevent packages being uploaded with "Unknown Packager" Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-06-10 12:46:32 +02:00
Pierre Schmitz	acbbe8cb90	Move bash_completion to /usr/share/bash-completion/completions/	2012-03-21 07:32:44 +01:00
Pierre Schmitz	9840730880	Prepare release	2012-03-05 18:02:22 +01:00
Pierre Schmitz	502813a107	commitpkg: Pass through the -f parameter to archrelease so unofficial repos can be used	2012-03-05 16:48:19 +01:00
Pierre Schmitz	181646d03b	makechrootpkg: Install the built packages before running namcap to reduce false positives and check inter split package dependencies.	2012-03-05 16:28:09 +01:00
Gerardo Exequiel Pozzi	2d9a99ee15	Add -d param to optionally support devtmpfs The main intention of this patch is to take advantage of /dev/loop-control and loop devices. Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-03-05 14:30:26 +01:00
Pierre Schmitz	cecd257786	Add script to move packages between [extra] and [community]	2012-03-05 01:48:27 +01:00
Pierre Schmitz	82dcc19ff9	commitpkg: Add ability to override the server This might be useful for unofficial repos	2012-03-04 22:38:07 +01:00
Florian Pritz	c5893672a6	find-libdeps: fix extraction of soname libperl.so results in soname="libperl.so.so" which is wrong. This returns the correct string: "libperl.so" Fix-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-03-04 22:25:22 +01:00
Pierre Schmitz	73d61f43c7	prepare release	2012-02-15 11:33:12 +01:00
Allan McRae	afc93f3430	Always sign unsigned packages We do not allow packages to be uploaded without signatures so force all unsigned packages to be signed. This has the bonus of not breaking makepkg signing support by requiring you use an internal makepkg variable. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-02-15 11:25:49 +01:00
Lukas Fleischer	9ab0d94578	archrelease: Validate tags before releasing Compare every single tag with a list of valid tags. This prevents broken releases which occurred whenever someone made a typo on the command line: $ ./archrelease community i686 ==> ERROR: archrelease: Invalid tag: "community" (use -f to force release) Since the list is used in the ZSH completion as well, break it out to a separate file and move it to "lib/". Also, add a command line parameter to allow for releasing to an unknown repository when necessary. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-02-12 12:35:14 +01:00
Lukas Fleischer	5e8cb67603	zsh_completion: Remove multilib*-{i686, any} These tags make no sense. Remove them from our valid tag array that is used for tab completion. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2012-02-08 12:53:13 +01:00