prepare release

* We use the host package cache configuration
* As only the first cache will be written to, we mount the others readonly

Makefile

@@ -1,4 +1,4 @@
-V=20120611
+V=20120612
 
 PREFIX = /usr/local
 

archbuild.in

@@ -14,7 +14,7 @@ else
 	repo=${tag%-*}
 	arch=${tag##*-}
 fi
-chroots='/var/tmp/archbuild'
+chroots='/var/lib/archbuild'
 clean_first=false
 
 usage() {

makechrootpkg.in

@@ -258,15 +258,11 @@ nobody ALL = NOPASSWD: /usr/bin/pacman
 EOF
 chmod 440 "$copydir/etc/sudoers.d/nobody-pacman"
 
-# Set this system wide as makepkg will source /etc/profile before calling build()
-echo 'LANG=C' > "$copydir/etc/locale.conf"
-
 # This is a little gross, but this way the script is recreated every time in the
 # working copy
 cat >"$copydir/chrootbuild" <<EOF
 #!/bin/bash
 . /etc/profile
-export LANG=C
 export HOME=/build
 
 cd /build

mkarchroot.in

@@ -10,10 +10,11 @@
 
 m4_include(lib/common.sh)
 
+CHROOT_VERSION='v2'
+
 FORCE='n'
 RUN=''
 NOCOPY='n'
-USE_DEVTMPFS='n'
 
 working_dir=''
 
@@ -29,13 +30,12 @@ usage() {
 	echo '    -C <file>     Location of a pacman config file'
 	echo '    -M <file>     Location of a makepkg config file'
 	echo '    -n            Do not copy config files into the chroot'
-	echo '    -c <dir>      Set pacman cache. Default: /var/cache/pacman/pkg'
-	echo '    -d            Use devtmpfs instead of minimal /dev (tmpfs)'
+	echo '    -c <dir>      Set pacman cache'
 	echo '    -h            This message'
 	exit 1
 }
 
-while getopts 'r:ufnhC:M:c:d' arg; do
+while getopts 'r:ufnhC:M:c:' arg; do
 	case "${arg}" in
 		r) RUN="$OPTARG" ;;
 		u) RUN='/bin/sh -c "pacman -Syu --noconfirm && (pacman -Qqu >/dev/null && pacman -Su --noconfirm || exit 0)"' ;;
@@ -44,7 +44,6 @@ while getopts 'r:ufnhC:M:c:d' arg; do
 		M) makepkg_conf="$OPTARG" ;;
 		n) NOCOPY='y' ;;
 		c) cache_dir="$OPTARG" ;;
-		d) USE_DEVTMPFS="y" ;;
 		h|?) usage 0 ;;
 		*) error "invalid argument '${arg}'"; usage ;;
 	esac
@@ -68,18 +67,12 @@ shift 1
 [[ -z $working_dir ]] && die 'Please specify a working directory.'
 
 if [[ -z $cache_dir ]]; then
-	cache_conf=${working_dir}/etc/pacman.conf
-	[[ ! -f $cache_conf ]] && cache_conf=${pac_conf:-/etc/pacman.conf}
-	cache_dir=$( (grep -m 1 '^CacheDir' $cache_conf || echo 'CacheDir = /var/cache/pacman/pkg') | sed 's/CacheDir\s*=\s*//')
-	unset cache_conf
+	cache_dirs=($(pacman -v $cache_conf 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g'))
+else
+	cache_dirs=(${cache_dir})
 fi
 
-if [[ -f /etc/pacman.d/mirrorlist ]]; then
-	host_mirror=$(pacman -Sddp extra/devtools 2>/dev/null | sed -E 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
-fi
-if [[ -z $host_mirror ]]; then
-	host_mirror='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
-fi
+host_mirror=$(pacman -Sddp extra/devtools 2>/dev/null | sed -E 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
 if echo "${host_mirror}" | grep -q 'file://'; then
 	host_mirror_path=$(echo "${host_mirror}" | sed -E 's#file://(/.*)/\$repo/os/\$arch#\1#g')
 fi
@@ -87,54 +80,65 @@ fi
 # {{{ functions
 chroot_mount() {
 	[[ -e "${working_dir}/sys" ]] || mkdir "${working_dir}/sys"
-	mount -t sysfs sysfs "${working_dir}/sys"
+	mount -o bind /sys "${working_dir}/sys"
+	mount -o remount,ro,bind "${working_dir}/sys"
 
 	[[ -e "${working_dir}/proc" ]] || mkdir "${working_dir}/proc"
-	mount -t proc proc "${working_dir}/proc"
+	mount -t proc proc -o nosuid,noexec,nodev "${working_dir}/proc"
+	mount -o bind /proc/sys "${working_dir}/proc/sys"
+	mount -o remount,ro,bind "${working_dir}/proc/sys"
 
 	[[ -e "${working_dir}/dev" ]] || mkdir "${working_dir}/dev"
-	if [[ ${USE_DEVTMPFS} = "y" ]]; then
-		mount -t devtmpfs dev "${working_dir}/dev" -o mode=0755,nosuid
-	else
-		mount -t tmpfs dev "${working_dir}/dev" -o mode=0755,size=10M,nosuid
-		mknod -m 666 "${working_dir}/dev/null" c 1 3
-		mknod -m 666 "${working_dir}/dev/zero" c 1 5
-		mknod -m 600 "${working_dir}/dev/console" c 5 1
-		mknod -m 644 "${working_dir}/dev/random" c 1 8
-		mknod -m 644 "${working_dir}/dev/urandom" c 1 9
-		mknod -m 666 "${working_dir}/dev/tty" c 5 0
-		mknod -m 666 "${working_dir}/dev/ptmx" c 5 2
-		mknod -m 666 "${working_dir}/dev/tty0" c 4 0
-		mknod -m 666 "${working_dir}/dev/full" c 1 7
-		ln -s /proc/kcore "${working_dir}/dev/core"
-		ln -s /proc/self/fd "${working_dir}/dev/fd"
-		ln -s /proc/self/fd/0 "${working_dir}/dev/stdin"
-		ln -s /proc/self/fd/1 "${working_dir}/dev/stdout"
-		ln -s /proc/self/fd/2 "${working_dir}/dev/stderr"
-	fi
+	mount -t tmpfs dev "${working_dir}/dev" -o mode=0755,size=10M,nosuid,strictatime
+	mknod -m 666 "${working_dir}/dev/null" c 1 3
+	mknod -m 666 "${working_dir}/dev/zero" c 1 5
+	mknod -m 600 "${working_dir}/dev/console" c 5 1
+	mknod -m 644 "${working_dir}/dev/random" c 1 8
+	mknod -m 644 "${working_dir}/dev/urandom" c 1 9
+	mknod -m 666 "${working_dir}/dev/tty" c 5 0
+	mknod -m 666 "${working_dir}/dev/ptmx" c 5 2
+	mknod -m 666 "${working_dir}/dev/tty0" c 4 0
+	mknod -m 666 "${working_dir}/dev/full" c 1 7
+	mknod -m 666 "${working_dir}/dev/rtc0" c 254 0
+	ln -s /proc/kcore "${working_dir}/dev/core"
+	ln -s /proc/self/fd "${working_dir}/dev/fd"
+	ln -s /proc/self/fd/0 "${working_dir}/dev/stdin"
+	ln -s /proc/self/fd/1 "${working_dir}/dev/stdout"
+	ln -s /proc/self/fd/2 "${working_dir}/dev/stderr"
 
 	[[ -e "${working_dir}/dev/shm" ]] || mkdir "${working_dir}/dev/shm"
 	mount -t tmpfs shm "${working_dir}/dev/shm" -o nodev,nosuid,size=128M
 
 	[[ -e "${working_dir}/dev/pts" ]] || mkdir "${working_dir}/dev/pts"
-	mount -t devpts devpts "${working_dir}/dev/pts" -o newinstance,ptmxmode=666
-	mount -o bind "${working_dir}/dev/pts/ptmx" "${working_dir}/dev/ptmx"
+	mount -o bind /dev/pts "${working_dir}/dev/pts"
 
-	[[ -e $cache_dir ]] || mkdir -p "${cache_dir}"
-	[[ -e "${working_dir}/${cache_dir}" ]] || mkdir -p "${working_dir}/${cache_dir}"
-	mount -o bind "${cache_dir}" "${working_dir}/${cache_dir}"
+	[[ -e "${working_dir}/run" ]] || mkdir "${working_dir}/run"
+	mount -t tmpfs tmpfs "${working_dir}/run" -o nodev,nosuid,strictatime,size=64M
 
 	if [[ -n $host_mirror_path ]]; then
 		[[ -e "${working_dir}/${host_mirror_path}" ]] || mkdir -p "${working_dir}/${host_mirror_path}"
 		mount -o bind "${host_mirror_path}" "${working_dir}/${host_mirror_path}"
-		mount -o remount,ro,bind "${host_mirror_path}" "${working_dir}/${host_mirror_path}"
+		mount -o remount,ro,bind "${working_dir}/${host_mirror_path}"
 	fi
 
+	local cache_dir_first=true
+	for cache_dir in ${cache_dirs[@]}; do
+		[[ -e $cache_dir ]] || mkdir -p "${cache_dir}"
+		[[ -e "${working_dir}/${cache_dir}" ]] || mkdir -p "${working_dir}/${cache_dir}"
+		mount -o bind "${cache_dir}" "${working_dir}/${cache_dir}"
+		if ! ${cache_dir_first}; then
+			mount -o remount,ro,bind "${working_dir}/${cache_dir}"
+		else
+			cache_dir_first=false
+		fi
+	done
+
 	trap 'chroot_umount' EXIT INT QUIT TERM HUP
 }
 
 copy_hostconf () {
 	cp /etc/resolv.conf "${working_dir}/etc/resolv.conf"
+	cp -a /etc/pacman.d/gnupg "${working_dir}/etc/pacman.d"
 	echo "Server = ${host_mirror}" > ${working_dir}/etc/pacman.d/mirrorlist
 
 	if [[ -n $pac_conf && $NOCOPY = 'n' ]]; then
@@ -144,16 +148,21 @@ copy_hostconf () {
 	if [[ -n $makepkg_conf && $NOCOPY = 'n' ]]; then
 		cp ${makepkg_conf} ${working_dir}/etc/makepkg.conf
 	fi
+
+	sed -r "s|^#?\\s*CacheDir.+|CacheDir = $(echo -n ${cache_dirs[@]})|g" -i ${working_dir}/etc/pacman.conf
 }
 
 chroot_umount () {
+	umount "${working_dir}/proc/sys"
 	umount "${working_dir}/proc"
 	umount "${working_dir}/sys"
-	umount "${working_dir}/dev/ptmx"
 	umount "${working_dir}/dev/pts"
 	umount "${working_dir}/dev/shm"
 	umount "${working_dir}/dev"
-	umount "${working_dir}/${cache_dir}"
+	umount "${working_dir}/run"
+	for cache_dir in ${cache_dirs[@]}; do
+		umount "${working_dir}/${cache_dir}"
+	done
 	[[ -n $host_mirror_path ]] && umount "${working_dir}/${host_mirror_path}"
 }
 
@@ -178,13 +187,15 @@ if [[ -n $RUN ]]; then
 	#Sanity check
 	if [[ ! -f "${working_dir}/.arch-chroot" ]]; then
 		die "'${working_dir}' does not appear to be a Arch chroot."
+	elif [[ $(cat "${working_dir}/.arch-chroot") != ${CHROOT_VERSION} ]]; then
+		die "'${working_dir}' is not compatible with ${APPNAME} version ${CHROOT_VERSION}. Please rebuild."
 	fi
 
 	chroot_lock
 	chroot_mount
 	copy_hostconf
 
-	eval chroot "${working_dir}" ${RUN}
+	eval unshare -mui -- chroot "${working_dir}" ${RUN}
 
 	# }}}
 else
@@ -203,7 +214,7 @@ else
 	chroot_lock
 	chroot_mount
 
-	pacargs="--noconfirm --root=${working_dir} --cachedir=${cache_dir}"
+	pacargs="--noconfirm --root=${working_dir} ${cache_dirs[@]/#/--cachedir=}"
 	if [[ -n $pac_conf ]]; then
 		pacargs="$pacargs --config=${pac_conf}"
 	fi
@@ -226,11 +237,12 @@ else
 		sed -i 's@^#\(en_US\|de_DE\)\(\.UTF-8\)@\1\2@' "${working_dir}/etc/locale.gen"
 		chroot "${working_dir}" /usr/sbin/locale-gen
 	fi
+	echo 'UTC' > "${working_dir}/etc/timezone"
+	ln -s /usr/share/zoneinfo/UTC "${working_dir}/etc/localtime"
+	echo 'LANG=C' > "${working_dir}/etc/locale.conf"
 
 	copy_hostconf
 
-	if [[ ! -e "${working_dir}/.arch-chroot" ]]; then
-		date +%s > "${working_dir}/.arch-chroot"
-	fi
+	echo "${CHROOT_VERSION}" > "${working_dir}/.arch-chroot"
 	# }}}
 fi

pacman-extra.conf

@@ -45,9 +45,6 @@ Architecture = auto
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -72,18 +69,23 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 
 #[testing]
+#SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 
 [core]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [extra]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 #[community-testing]
+#SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 
 [community]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for

pacman-gnome-unstable.conf

@@ -45,9 +45,6 @@ Architecture = auto
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -72,21 +69,27 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 
 [gnome-unstable]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [core]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [extra]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community-testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for

pacman-kde-unstable.conf

@@ -45,9 +45,6 @@ Architecture = auto
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -72,21 +69,27 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 
 [kde-unstable]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [core]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [extra]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community-testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for

pacman-multilib-staging.conf

@@ -45,9 +45,6 @@ Architecture = auto
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -72,40 +69,50 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 
 [staging]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [core]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [extra]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community-staging]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community-testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
 [multilib-staging]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [multilib-testing]
-#SigLevel = Optional TrustAll
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [multilib]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
 

pacman-multilib-testing.conf

@@ -45,9 +45,6 @@ Architecture = auto
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -72,31 +69,38 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 
 [testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [core]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [extra]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community-testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
 [multilib-testing]
-#SigLevel = Optional TrustAll
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [multilib]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
 

pacman-multilib.conf

@@ -45,9 +45,6 @@ Architecture = auto
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -72,28 +69,39 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 
 #[testing]
+#SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 
 [core]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [extra]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 #[community-testing]
+#SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 
 [community]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
+
+#[multilib-testing]
+#SigLevel = PackageRequired
+#Include = /etc/pacman.d/mirrorlist
+
 [multilib]
-#SigLevel = Optional TrustAll
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
 

pacman-staging.conf

@@ -45,9 +45,6 @@ Architecture = auto
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -72,29 +69,36 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 
 [staging]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [core]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [extra]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community-staging]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community-testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
-#SigLevel = Optional TrustAll
 [community]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
 

pacman-testing.conf

@@ -45,9 +45,6 @@ Architecture = auto
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -72,18 +69,23 @@ SigLevel = Never
 # after the header, and they will be used before the default mirrors.
 
 [testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [core]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [extra]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community-testing]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 [community]
+SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for