Prepare release

systemd-nspawn is capable of doing this as of systemd-198. Doing this
means we can remove all of our home grown chroot mount/umount logic, as
it's all performed by pacstrap or systemd-nspawn.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>

.gitignore

@@ -1,5 +1,5 @@
 *~
-devtools-*.tar.gz
+devtools-*.tar.gz*
 archbuild
 archco
 archrelease

Makefile

@@ -1,4 +1,4 @@
-V=20120611
+V=20130406
 
 PREFIX = /usr/local
 
@@ -64,6 +64,10 @@ CROSSREPOMOVE_LINKS = \
 	extra2community \
 	community2extra
 
+BASHCOMPLETION_LINKS = \
+	archco \
+	communityco
+
 all: $(BINPROGS) $(SBINPROGS) bash_completion zsh_completion
 
 edit = sed -e "s|@pkgdatadir[@]|$(DESTDIR)$(PREFIX)/share/devtools|g"
@@ -90,6 +94,7 @@ install:
 	for l in ${CROSSREPOMOVE_LINKS}; do ln -sf crossrepomove $(DESTDIR)$(PREFIX)/bin/$$l; done
 	ln -sf find-libdeps $(DESTDIR)$(PREFIX)/bin/find-libprovides
 	install -Dm0644 bash_completion $(DESTDIR)/usr/share/bash-completion/completions/devtools
+	for l in ${BASHCOMPLETION_LINKS}; do ln -sf devtools $(DESTDIR)/usr/share/bash-completion/completions/$$l; done
 	install -Dm0644 zsh_completion $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools
 	ln -sf archco $(DESTDIR)$(PREFIX)/bin/communityco
 
@@ -110,6 +115,6 @@ dist:
 	gpg --detach-sign --use-agent devtools-$(V).tar.gz
 
 upload:
-	scp devtools-$(V).tar.gz devtools-$(V).tar.gz.sig gerolde.archlinux.org:/srv/ftp/other/devtools/
+	scp devtools-$(V).tar.gz devtools-$(V).tar.gz.sig nymeria.archlinux.org:/srv/ftp/other/devtools/
 
 .PHONY: all clean install uninstall dist upload

archbuild.in

@@ -2,7 +2,8 @@
 
 m4_include(lib/common.sh)
 
-base_packages=(base base-devel sudo)
+base_packages=(base-devel)
+makechrootpkg_args=(-c -n)
 
 cmd="${0##*/}"
 if [[ "${cmd%%-*}" == 'multilib' ]]; then
@@ -14,17 +15,21 @@ else
 	repo=${tag%-*}
 	arch=${tag##*-}
 fi
-chroots='/var/tmp/archbuild'
+chroots='/var/lib/archbuild'
 clean_first=false
 
 usage() {
-	echo "usage $cmd"
+	echo "Usage: $cmd [options] -- [makechrootpkg args]"
+	echo '    -h         This help'
 	echo '    -c         Recreate the chroot before building'
 	echo '    -r <dir>   Create chroots in this directory'
+	echo ''
+	echo "Default makechrootpkg args: ${makechrootpkg_args[*]}"
+	echo ''
 	exit 1
 }
 
-while getopts 'cr:' arg; do
+while getopts 'hcr:' arg; do
 	case "${arg}" in
 		c) clean_first=true ;;
 		r) chroots="$OPTARG" ;;
@@ -32,7 +37,10 @@ while getopts 'cr:' arg; do
 	esac
 done
 
-if [[ "$EUID" != '0' ]]; then
+# Pass all arguments after -- right to makepkg
+makechrootpkg_args+=("${@:$OPTIND}")
+
+if (( EUID )); then
 	die 'This script must be run as root.'
 fi
 
@@ -43,29 +51,34 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 		[[ -d $copy ]] || continue
 		msg2 "Deleting chroot copy '$(basename "${copy}")'..."
 
-		# Lock the copy
-		exec 9>"${copy}.lock"
-		flock 9
+		exec 9>"$copydir.lock"
+		if ! flock -n 9; then
+			stat_busy "Locking chroot copy '$copy'"
+			flock 9
+			stat_done
+		fi
 
-		{ type -P btrfs && btrfs subvolume delete "${copy}"; } &>/dev/null
-		rm -rf "${copy}"
+		if [[ "$(stat -f -c %T "${copy}")" == btrfs ]]; then
+			{ type -P btrfs && btrfs subvolume delete "${copy}"; } &>/dev/null
+		fi
+		rm -rf --one-file-system "${copy}"
 	done
 	exec 9>&-
 
-	rm -rf "${chroots}/${repo}-${arch}"
+	rm -rf --one-file-system "${chroots}/${repo}-${arch}"
 	mkdir -p "${chroots}/${repo}-${arch}"
 	setarch "${arch}" mkarchroot \
 		-C "@pkgdatadir@/pacman-${repo}.conf" \
 		-M "@pkgdatadir@/makepkg-${arch}.conf" \
 		"${chroots}/${repo}-${arch}/root" \
-		"${base_packages[@]}"
+		"${base_packages[@]}" || abort
 else
 	setarch ${arch} mkarchroot \
 		-u \
 		-C "@pkgdatadir@/pacman-${repo}.conf" \
 		-M "@pkgdatadir@/makepkg-${arch}.conf" \
-		"${chroots}/${repo}-${arch}/root"
+		"${chroots}/${repo}-${arch}/root" || abort
 fi
 
 msg "Building in chroot for [${repo}] (${arch})..."
-exec setarch "${arch}" makechrootpkg -c -n -r "${chroots}/${repo}-${arch}"
+exec setarch "${arch}" makechrootpkg "${makechrootpkg_args[@]}" -r "${chroots}/${repo}-${arch}"

archco.in

@@ -11,9 +11,9 @@ fi
 
 case $scriptname in
 	archco)
-		SVNURL="svn+ssh://gerolde.archlinux.org/srv/svn-packages";;
+		SVNURL="svn+ssh://svn-packages@nymeria.archlinux.org/srv/repos/svn-packages/svn";;
 	communityco)
-		SVNURL="svn+ssh://aur.archlinux.org/srv/svn-packages";;
+		SVNURL="svn+ssh://svn-community@nymeria.archlinux.org/srv/repos/svn-community/svn";;
 	*)
 		die "Couldn't find svn url for $scriptname"
 		;;

archrelease.in

@@ -66,7 +66,7 @@ for tag in "$@"; do
 		while read -r file; do
 			trash+=("repos/$tag/$file")
 		done < <(svn ls "repos/$tag")
-		[[ $trash ]] && svn rm -q "${trash[@]}"
+		[[ $trash ]] && svn rm -q "${trash[@]/%/@}"
 	else
 		mkdir -p "repos/$tag"
 		svn add --parents -q "repos/$tag"

checkpkg.in

@@ -58,7 +58,7 @@ for _pkgname in "${pkgname[@]}"; do
 		elif [[ -f "$STARTDIR/$oldpkg" ]]; then
 			ln -s "$STARTDIR/$oldpkg" "$oldpkg"
 		else
-			wget --quiet "$pkgurl"
+		        curl -fsLC - --retry 3 --retry-delay 3 -o "$oldpkg" "$pkgurl"
 		fi
 	fi
 

commitpkg.in

@@ -42,7 +42,7 @@ pkgbase=${pkgbase:-$pkgname}
 case "$cmd" in
 	commitpkg)
 		if (( $# == 0 )); then
-			die 'usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
+			die 'Usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
 		fi
 		repo="$1"
 		shift
@@ -51,7 +51,7 @@ case "$cmd" in
 		repo="${cmd%pkg}"
 		;;
 	*)
-		die 'usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
+		die 'Usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
 		;;
 esac
 
@@ -105,15 +105,7 @@ for _arch in ${arch[@]}; do
 done
 
 if [[ -z $server ]]; then
-	case "$repo" in
-		core|extra|testing|staging|kde-unstable|gnome-unstable)
-			server='gerolde.archlinux.org' ;;
-		community*|multilib*)
-			server='aur.archlinux.org' ;;
-		*)
-			server='gerolde.archlinux.org'
-			msg "Non-standard repository $repo in use, defaulting to server $server" ;;
-	esac
+	server='nymeria.archlinux.org'
 fi
 
 if [[ -n $(svn status -q) ]]; then
@@ -183,19 +175,21 @@ for _arch in ${arch[@]}; do
 		commit_arches+=($_arch)
 	fi
 done
-archrelease "${archreleaseopts[@]}" "${commit_arches[@]/#/$repo-}" || die
 
-new_uploads=()
-
-# convert to absolute paths so rsync can work with colons (epoch)
-while read -r -d '' upload; do
-	  new_uploads+=("$upload")
-done < <(realpath -z "${uploads[@]}")
-
-uploads=("${new_uploads[@]}")
-unset new_uploads
+if [[ ${#commit_arches[*]} -gt 0 ]]; then
+	archrelease "${archreleaseopts[@]}" "${commit_arches[@]/#/$repo-}" || die
+fi
 
 if [[ ${#uploads[*]} -gt 0 ]]; then
+	new_uploads=()
+
+	# convert to absolute paths so rsync can work with colons (epoch)
+	while read -r -d '' upload; do
+		new_uploads+=("$upload")
+	done < <(realpath -z "${uploads[@]}")
+
+	uploads=("${new_uploads[@]}")
+	unset new_uploads
 	msg 'Uploading all package and signature files'
 	rsync "${rsyncopts[@]}" "${uploads[@]}" "$server:staging/$repo/" || die
 fi

crossrepomove.in

@@ -11,26 +11,16 @@ fi
 
 pkgbase="${1}"
 
-packages_svn='svn+ssh://gerolde.archlinux.org/srv/svn-packages'
-packages_server='gerolde.archlinux.org'
-community_svn='svn+ssh://aur.archlinux.org/srv/svn-packages'
-community_server='aur.archlinux.org'
-mirror='http://mirrors.kernel.org/archlinux'
-
 case $scriptname in
 	extra2community)
-		source_svn="${packages_svn}"
-		target_svn="${community_svn}"
-		source_server="${packages_server}"
-		target_server="${community_server}"
+		source_name='packages'
+		target_name='community'
 		source_repo='extra'
 		target_repo='community'
 		;;
 	community2extra)
-		source_svn="${community_svn}"
-		target_svn="${packages_svn}"
-		source_server="${community_server}"
-		target_server="${packages_server}"
+		source_name='community'
+		target_name='packages'
 		source_repo='community'
 		target_repo='extra'
 		;;
@@ -39,6 +29,13 @@ case $scriptname in
 		;;
 esac
 
+server='nymeria.archlinux.org'
+mirror="http://${server}"
+source_svn="svn+ssh://svn-${source_name}@${server}/srv/repos/svn-${source_name}/svn"
+target_svn="svn+ssh://svn-${target_name}@${server}/srv/repos/svn-${target_name}/svn"
+source_dbscripts="/srv/repos/svn-${source_name}/dbscripts"
+target_dbscripts="/srv/repos/svn-${target_name}/dbscripts"
+
 setup_workdir
 
 pushd $WORKDIR >/dev/null
@@ -59,7 +56,7 @@ for _arch in ${arch[@]}; do
 	for _pkgname in ${pkgname[@]}; do
 		fullver=$(get_full_version $_pkgname)
 		# FIXME: this only works with .xz packages
-		ssh "${target_server}" "cd staging/${target_repo}
+		ssh "${server}" "cd staging/${target_repo}
 			curl -O ${mirror}/${source_repo}/os/${repo_arch}/$_pkgname-$fullver-${_arch}.pkg.tar.xz
 			curl -O ${mirror}/${source_repo}/os/${repo_arch}/$_pkgname-$fullver-${_arch}.pkg.tar.xz.sig" || die
 	done
@@ -72,11 +69,12 @@ svn -q commit -m"${scriptname}: Moving ${pkgbase} from ${source_repo} to ${targe
 pushd "target_checkout/${pkgbase}/trunk" >/dev/null
 archrelease "${arch[@]/#/$target_repo-}" || die
 popd >/dev/null
-ssh "${target_server}" '/arch/db-update' || die
+
+ssh "${server}" "${target_dbscripts}/db-update" || die
 
 msg "Removing ${pkgbase} from ${source_repo}"
 for _arch in ${arch[@]}; do
-	ssh "${source_server}" "/arch/db-remove ${source_repo} ${_arch} ${pkgbase}"
+	ssh "${server}" "${source_dbscripts}/db-remove ${source_repo} ${_arch} ${pkgbase}"
 done
 svn -q checkout -N "${source_svn}" source_checkout
 svn -q up "source_checkout/${pkgbase}"

finddeps.in

@@ -8,7 +8,7 @@ m4_include(lib/common.sh)
 match=$1
 
 if [[ -z $match ]]; then
-	echo 'usage: finddeps <depname>'
+	echo 'Usage: finddeps <depname>'
 	echo ''
 	echo 'Find packages that depend on a given depname.'
 	echo 'Run this script from the top-level directory of your ABS tree.'

lib/common.sh

@@ -62,8 +62,6 @@ setup_workdir() {
 }
 
 cleanup() {
-	trap - EXIT INT QUIT TERM
-
 	[[ -n $WORKDIR ]] && rm -rf "$WORKDIR"
 	[[ $1 ]] && exit $1
 }
@@ -73,13 +71,23 @@ abort() {
 	cleanup 0
 }
 
+trap_abort() {
+	trap - EXIT INT QUIT TERM HUP
+	abort
+}
+
+trap_exit() {
+	trap - EXIT INT QUIT TERM HUP
+	cleanup
+}
+
 die() {
 	error "$*"
 	cleanup 1
 }
 
-trap abort INT QUIT TERM HUP
-trap 'cleanup 0' EXIT
+trap 'trap_abort' INT QUIT TERM HUP
+trap 'trap_exit' EXIT
 
 ##
 #  usage : in_array( $needle, $haystack )

makechrootpkg.in

@@ -21,13 +21,16 @@ add_to_db=false
 run_namcap=false
 chrootdir=
 passeddir=
+declare -a install_pkgs
+declare -i ret=0
 
 default_copy=$USER
 [[ -n $SUDO_USER ]] && default_copy=$SUDO_USER
 [[ -z $default_copy || $default_copy = root ]] && default_copy=copy
+src_owner=${SUDO_USER:-$USER}
 
 usage() {
-	echo "usage ${0##*/} [options] -r <chrootdir> [--] [makepkg args]"
+	echo "Usage: ${0##*/} [options] -r <chrootdir> [--] [makepkg args]"
 	echo ' Run this script in a PKGBUILD dir to build a package inside a'
 	echo ' clean chroot. All unrecognized arguments passed to this script'
 	echo ' will be passed to makepkg.'
@@ -38,7 +41,7 @@ usage() {
 	echo ''
 	echo 'The chroot "root" directory must be created via the following'
 	echo 'command:'
-	echo '    mkarchroot <chrootdir>/root base base-devel sudo'
+	echo '    mkarchroot <chrootdir>/root base-devel'
 	echo ''
 	echo "Default makepkg args: $makepkg_args"
 	echo ''
@@ -65,7 +68,7 @@ while getopts 'hcudr:I:l:n' arg; do
 		u) update_first=true ;;
 		d) add_to_db=true ;;
 		r) passeddir="$OPTARG" ;;
-		I) install_pkg="$OPTARG" ;;
+		I) install_pkgs+=("$OPTARG") ;;
 		l) copy="$OPTARG" ;;
 		n) run_namcap=true; makepkg_args="$makepkg_args -i" ;;
 		*) makepkg_args="$makepkg_args -$arg $OPTARG" ;;
@@ -97,7 +100,7 @@ if (( EUID )); then
 	die 'This script must be run as root.'
 fi
 
-if [[ ! -f PKGBUILD && -z $install_pkg ]]; then
+if [[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]]; then
 	die 'This must be run in a directory containing a PKGBUILD.'
 fi
 
@@ -106,16 +109,19 @@ if [[ ! -d $chrootdir ]]; then
 fi
 
 if [[ ! -d $chrootdir/root ]]; then
-	die "Missing chroot dir root directory. Try using: mkarchroot $chrootdir/root base base-devel sudo"
+	die "Missing chroot dir root directory. Try using: mkarchroot $chrootdir/root base-devel"
 fi
 
 umask 0022
 
+# Detect chrootdir filesystem type
+chroottype=$(stat -f -c %T "$chrootdir")
+
 # Lock the chroot we want to use. We'll keep this lock until we exit.
 # Note this is the same FD number as in mkarchroot
 exec 9>"$copydir.lock"
 if ! flock -n 9; then
-	stat_busy "Locking chroot copy '$copy'"
+	stat_busy "Locking chroot copy [$copy]"
 	flock 9
 	stat_done
 fi
@@ -131,17 +137,15 @@ if [[ ! -d $copydir ]] || $clean_first; then
 		stat_done
 	fi
 
-	stat_busy 'Creating clean working copy'
-	use_rsync=false
-	if type -P btrfs >/dev/null; then
-		[[ -d $copydir ]] && btrfs subvolume delete "$copydir" &>/dev/null
-		btrfs subvolume snapshot "$chrootdir/root" "$copydir" &>/dev/null ||
-			use_rsync=true
+	stat_busy "Creating clean working copy [$copy]"
+	if [[ "$chroottype" == btrfs ]]; then
+		if [[ -d $copydir ]]; then
+			btrfs subvolume delete "$copydir" >/dev/null ||
+				die "Unable to delete subvolume $copydir"
+		fi
+		btrfs subvolume snapshot "$chrootdir/root" "$copydir" >/dev/null ||
+			die "Unable to create subvolume $copydir"
 	else
-		use_rsync=true
-	fi
-
-	if $use_rsync; then
 		mkdir -p "$copydir"
 		rsync -a --delete -q -W -x "$chrootdir/root/" "$copydir"
 	fi
@@ -151,17 +155,19 @@ if [[ ! -d $copydir ]] || $clean_first; then
 	exec 8>&-
 fi
 
-if [[ -n $install_pkg ]]; then
-	pkgname="${install_pkg##*/}"
-	cp "$install_pkg" "$copydir/$pkgname"
+if [[ -n "${install_pkgs[*]}" ]]; then
+	for install_pkg in "${install_pkgs[@]}"; do
+		pkgname="${install_pkg##*/}"
+		cp "$install_pkg" "$copydir/$pkgname"
 
-	mkarchroot -r "pacman -U /$pkgname --noconfirm" "$copydir"
-	ret=$?
+		mkarchroot -r "pacman -U /$pkgname --noconfirm" "$copydir"
+		(( ret += !! $? ))
 
-	rm "$copydir/$pkgname"
+		rm "$copydir/$pkgname"
+	done
 
-	# Exit early, we've done all we need to
-	exit $ret
+	# If there is no PKGBUILD we have done
+	[[ -f PKGBUILD ]] || exit $ret
 fi
 
 $update_first && mkarchroot -u "$copydir"
@@ -212,12 +218,12 @@ if ! grep -q 'SRCDEST="/srcdest"' "$copydir/etc/makepkg.conf"; then
 	echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf"
 fi
 
-if [[ -n $MAKEFLAGS ]]; then 
+if [[ -n $MAKEFLAGS ]]; then
 	sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf"
 	echo "MAKEFLAGS='${MAKEFLAGS}'" >> "$copydir/etc/makepkg.conf"
 fi
 
-if [[ -n $PACKAGER ]]; then 
+if [[ -n $PACKAGER ]]; then
 	sed -i '/^PACKAGER=/d' "$copydir/etc/makepkg.conf"
 	echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf"
 fi
@@ -258,27 +264,21 @@ nobody ALL = NOPASSWD: /usr/bin/pacman
 EOF
 chmod 440 "$copydir/etc/sudoers.d/nobody-pacman"
 
-# Set this system wide as makepkg will source /etc/profile before calling build()
-echo 'LANG=C' > "$copydir/etc/locale.conf"
-
 # This is a little gross, but this way the script is recreated every time in the
 # working copy
 cat >"$copydir/chrootbuild" <<EOF
 #!/bin/bash
 . /etc/profile
-export LANG=C
 export HOME=/build
 
 cd /build
-sudo -u nobody makepkg $makepkg_args || touch BUILD_FAILED
-
-[[ -f BUILD_FAILED ]] && exit 1
+sudo -u nobody makepkg $makepkg_args || exit 1
 
 if $run_namcap; then
 	pacman -S --needed --noconfirm namcap
 	for pkgfile in /build/PKGBUILD /pkgdest/*.pkg.tar.?z; do
 		echo "Checking \${pkgfile##*/}"
-		namcap "\$pkgfile" 2>&1 | tee "/build/\${pkgfile##*/}-namcap.log"
+		sudo -u nobody namcap "\$pkgfile" 2>&1 | tee "/build/\${pkgfile##*/}-namcap.log"
 	done
 fi
 
@@ -296,22 +296,24 @@ if mkarchroot -r "/chrootbuild" "$copydir"; then
 			popd >/dev/null
 		fi
 
+		chown "$src_owner" "$pkgfile"
 		mv "$pkgfile" "$PKGDEST"
 	done
 
 	for l in "$copydir"/build/*-{build,check,namcap,package,package_*}.log; do
+		chown "$src_owner" "$l"
 		[[ -f $l ]] && mv "$l" .
 	done
 else
 	# Just in case. We returned 1, make sure we fail
-	touch "$copydir/build/BUILD_FAILED"
+	ret=1
 fi
 
 for f in "$copydir"/srcdest/*; do
+	chown "$src_owner" "$f"
 	mv "$f" "$SRCDEST"
 done
 
-if [[ -e $copydir/build/BUILD_FAILED ]]; then
-	rm "$copydir/build/BUILD_FAILED"
+if (( ret != 0 )); then
 	die "Build failed, check $copydir/build"
 fi

makepkg-i686.conf

@@ -11,7 +11,7 @@
 DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
           'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
           'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
-          'rsync::/usr/bin/rsync -z %u %o'
+          'rsync::/usr/bin/rsync --no-motd -z %u %o'
           'scp::/usr/bin/scp -C %u %o')
 
 # Other common tools:
@@ -29,11 +29,15 @@ CHOST="i686-pc-linux-gnu"
 #-- Compiler and Linker Flags
 # -march (or -mcpu) builds exclusively for an architecture
 # -mtune optimizes for an architecture, but builds for whole processor family
-CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
-CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
+CPPFLAGS="-D_FORTIFY_SOURCE=2"
+CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
+CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
 LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
+#-- Debugging flags
+DEBUG_CFLAGS="-g -fvar-tracking-assignments"
+DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
 
 #########################################################################
 # BUILD ENVIRONMENT
@@ -63,18 +67,20 @@ BUILDENV=(fakeroot !distcc color !ccache check !sign)
 #   These are default values for the options=() settings
 #########################################################################
 #
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
+# Default: OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !upx !debug)
 #  A negated option will do the opposite of the comments below.
 #
-#-- strip:     Strip symbols from binaries/libraries
-#-- docs:      Save doc directories specified by DOC_DIRS
-#-- libtool:   Leave libtool (.la) files in packages
-#-- emptydirs: Leave empty directories in packages
-#-- zipman:    Compress manual (man and info) pages in MAN_DIRS with gzip
-#-- purge:     Remove files specified by PURGE_TARGETS
-#-- upx:       Compress binary executable files using UPX
+#-- strip:      Strip symbols from binaries/libraries
+#-- docs:       Save doc directories specified by DOC_DIRS
+#-- libtool:    Leave libtool (.la) files in packages
+#-- staticlibs: Leave static library (.a) files in packages
+#-- emptydirs:  Leave empty directories in packages
+#-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
+#-- purge:      Remove files specified by PURGE_TARGETS
+#-- upx:        Compress binary executable files using UPX
+#-- debug:      Add debugging flags as specified in DEBUG_* variables
 #
-OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
+OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !upx !debug)
 
 #-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
 INTEGRITY_CHECK=(md5)
@@ -108,6 +114,17 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
 #-- Specify a key to use for package signing
 #GPGKEY=""
 
+#########################################################################
+# COMPRESSION DEFAULTS
+#########################################################################
+#
+COMPRESSGZ=(gzip -c -f -n)
+COMPRESSBZ2=(bzip2 -c -f)
+COMPRESSXZ=(xz -c -z -)
+COMPRESSLRZ=(lrzip -q)
+COMPRESSLZO=(lzop -q)
+COMPRESSZ=(compress -c -f)
+
 #########################################################################
 # EXTENSION DEFAULTS
 #########################################################################

makepkg-x86_64.conf

@@ -11,7 +11,7 @@
 DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
           'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
           'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
-          'rsync::/usr/bin/rsync -z %u %o'
+          'rsync::/usr/bin/rsync --no-motd -z %u %o'
           'scp::/usr/bin/scp -C %u %o')
 
 # Other common tools:
@@ -29,11 +29,15 @@ CHOST="x86_64-unknown-linux-gnu"
 #-- Compiler and Linker Flags
 # -march (or -mcpu) builds exclusively for an architecture
 # -mtune optimizes for an architecture, but builds for whole processor family
-CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
-CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
+CPPFLAGS="-D_FORTIFY_SOURCE=2"
+CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
+CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
 LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
+#-- Debugging flags
+DEBUG_CFLAGS="-g -fvar-tracking-assignments"
+DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
 
 #########################################################################
 # BUILD ENVIRONMENT
@@ -63,18 +67,20 @@ BUILDENV=(fakeroot !distcc color !ccache check !sign)
 #   These are default values for the options=() settings
 #########################################################################
 #
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
+# Default: OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !upx !debug)
 #  A negated option will do the opposite of the comments below.
 #
-#-- strip:     Strip symbols from binaries/libraries
-#-- docs:      Save doc directories specified by DOC_DIRS
-#-- libtool:   Leave libtool (.la) files in packages
-#-- emptydirs: Leave empty directories in packages
-#-- zipman:    Compress manual (man and info) pages in MAN_DIRS with gzip
-#-- purge:     Remove files specified by PURGE_TARGETS
-#-- upx:       Compress binary executable files using UPX
+#-- strip:      Strip symbols from binaries/libraries
+#-- docs:       Save doc directories specified by DOC_DIRS
+#-- libtool:    Leave libtool (.la) files in packages
+#-- staticlibs: Leave static library (.a) files in packages
+#-- emptydirs:  Leave empty directories in packages
+#-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
+#-- purge:      Remove files specified by PURGE_TARGETS
+#-- upx:        Compress binary executable files using UPX
+#-- debug:      Add debugging flags as specified in DEBUG_* variables
 #
-OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
+OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !upx !debug)
 
 #-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
 INTEGRITY_CHECK=(md5)
@@ -108,6 +114,17 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
 #-- Specify a key to use for package signing
 #GPGKEY=""
 
+#########################################################################
+# COMPRESSION DEFAULTS
+#########################################################################
+#
+COMPRESSGZ=(gzip -c -f -n)
+COMPRESSBZ2=(bzip2 -c -f)
+COMPRESSXZ=(xz -c -z -)
+COMPRESSLRZ=(lrzip -q)
+COMPRESSLZO=(lzop -q)
+COMPRESSZ=(compress -c -f)
+
 #########################################################################
 # EXTENSION DEFAULTS
 #########################################################################

mkarchroot.in

@@ -10,10 +10,11 @@
 
 m4_include(lib/common.sh)
 
+CHROOT_VERSION='v3'
+
 FORCE='n'
 RUN=''
 NOCOPY='n'
-USE_DEVTMPFS='n'
 
 working_dir=''
 
@@ -21,7 +22,7 @@ APPNAME=$(basename "${0}")
 
 # usage: usage <exitvalue>
 usage() {
-	echo "usage ${APPNAME} [options] working-dir [package-list | app]"
+	echo "Usage: ${APPNAME} [options] working-dir [package-list | app]"
 	echo ' options:'
 	echo '    -r <app>      Run "app" within the context of the chroot'
 	echo '    -u            Update the chroot via pacman'
@@ -29,23 +30,21 @@ usage() {
 	echo '    -C <file>     Location of a pacman config file'
 	echo '    -M <file>     Location of a makepkg config file'
 	echo '    -n            Do not copy config files into the chroot'
-	echo '    -c <dir>      Set pacman cache. Default: /var/cache/pacman/pkg'
-	echo '    -d            Use devtmpfs instead of minimal /dev (tmpfs)'
+	echo '    -c <dir>      Set pacman cache'
 	echo '    -h            This message'
 	exit 1
 }
 
-while getopts 'r:ufnhC:M:c:d' arg; do
+while getopts 'r:ufnhC:M:c:' arg; do
 	case "${arg}" in
 		r) RUN="$OPTARG" ;;
-		u) RUN='/bin/sh -c "pacman -Syu --noconfirm && (pacman -Qqu >/dev/null && pacman -Su --noconfirm || exit 0)"' ;;
+		u) RUN='pacman -Syu --noconfirm' ;;
 		f) FORCE='y' ;;
 		C) pac_conf="$OPTARG" ;;
 		M) makepkg_conf="$OPTARG" ;;
 		n) NOCOPY='y' ;;
 		c) cache_dir="$OPTARG" ;;
-		d) USE_DEVTMPFS="y" ;;
-		h|?) usage 0 ;;
+		h|?) usage ;;
 		*) error "invalid argument '${arg}'"; usage ;;
 	esac
 done
@@ -68,73 +67,37 @@ shift 1
 [[ -z $working_dir ]] && die 'Please specify a working directory.'
 
 if [[ -z $cache_dir ]]; then
-	cache_conf=${working_dir}/etc/pacman.conf
-	[[ ! -f $cache_conf ]] && cache_conf=${pac_conf:-/etc/pacman.conf}
-	cache_dir=$( (grep -m 1 '^CacheDir' $cache_conf || echo 'CacheDir = /var/cache/pacman/pkg') | sed 's/CacheDir\s*=\s*//')
-	unset cache_conf
+	cache_dirs=($(pacman -v $cache_conf 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g'))
+else
+	cache_dirs=(${cache_dir})
 fi
 
-if [[ -f /etc/pacman.d/mirrorlist ]]; then
-	host_mirror=$(pacman -Sddp extra/devtools 2>/dev/null | sed -E 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
-fi
-if [[ -z $host_mirror ]]; then
-	host_mirror='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
-fi
+host_mirror=$(pacman -Sddp extra/devtools 2>/dev/null | sed -E 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
 if echo "${host_mirror}" | grep -q 'file://'; then
 	host_mirror_path=$(echo "${host_mirror}" | sed -E 's#file://(/.*)/\$repo/os/\$arch#\1#g')
 fi
 
 # {{{ functions
-chroot_mount() {
-	[[ -e "${working_dir}/sys" ]] || mkdir "${working_dir}/sys"
-	mount -t sysfs sysfs "${working_dir}/sys"
-
-	[[ -e "${working_dir}/proc" ]] || mkdir "${working_dir}/proc"
-	mount -t proc proc "${working_dir}/proc"
-
-	[[ -e "${working_dir}/dev" ]] || mkdir "${working_dir}/dev"
-	if [[ ${USE_DEVTMPFS} = "y" ]]; then
-		mount -t devtmpfs dev "${working_dir}/dev" -o mode=0755,nosuid
-	else
-		mount -t tmpfs dev "${working_dir}/dev" -o mode=0755,size=10M,nosuid
-		mknod -m 666 "${working_dir}/dev/null" c 1 3
-		mknod -m 666 "${working_dir}/dev/zero" c 1 5
-		mknod -m 600 "${working_dir}/dev/console" c 5 1
-		mknod -m 644 "${working_dir}/dev/random" c 1 8
-		mknod -m 644 "${working_dir}/dev/urandom" c 1 9
-		mknod -m 666 "${working_dir}/dev/tty" c 5 0
-		mknod -m 666 "${working_dir}/dev/ptmx" c 5 2
-		mknod -m 666 "${working_dir}/dev/tty0" c 4 0
-		mknod -m 666 "${working_dir}/dev/full" c 1 7
-		ln -s /proc/kcore "${working_dir}/dev/core"
-		ln -s /proc/self/fd "${working_dir}/dev/fd"
-		ln -s /proc/self/fd/0 "${working_dir}/dev/stdin"
-		ln -s /proc/self/fd/1 "${working_dir}/dev/stdout"
-		ln -s /proc/self/fd/2 "${working_dir}/dev/stderr"
-	fi
-
-	[[ -e "${working_dir}/dev/shm" ]] || mkdir "${working_dir}/dev/shm"
-	mount -t tmpfs shm "${working_dir}/dev/shm" -o nodev,nosuid,size=128M
-
-	[[ -e "${working_dir}/dev/pts" ]] || mkdir "${working_dir}/dev/pts"
-	mount -t devpts devpts "${working_dir}/dev/pts" -o newinstance,ptmxmode=666
-	mount -o bind "${working_dir}/dev/pts/ptmx" "${working_dir}/dev/ptmx"
-
-	[[ -e $cache_dir ]] || mkdir -p "${cache_dir}"
-	[[ -e "${working_dir}/${cache_dir}" ]] || mkdir -p "${working_dir}/${cache_dir}"
-	mount -o bind "${cache_dir}" "${working_dir}/${cache_dir}"
+build_mount_args() {
+	local p
+	declare -g mount_args=()
 
 	if [[ -n $host_mirror_path ]]; then
-		[[ -e "${working_dir}/${host_mirror_path}" ]] || mkdir -p "${working_dir}/${host_mirror_path}"
-		mount -o bind "${host_mirror_path}" "${working_dir}/${host_mirror_path}"
-		mount -o remount,ro,bind "${host_mirror_path}" "${working_dir}/${host_mirror_path}"
+		printf -v p '%q' "$host_mirror_path"
+		mount_args+=(--bind-ro="$p")
 	fi
 
-	trap 'chroot_umount' EXIT INT QUIT TERM HUP
+	printf -v p '%q' "${cache_dirs[0]}"
+	mount_args+=(--bind="$p")
+
+	for cache_dir in ${cache_dirs[@]:1}; do
+		printf -v p '%q' "$cache_dir"
+		mount_args+=(--bind-ro="$p")
+	done
 }
 
 copy_hostconf () {
-	cp /etc/resolv.conf "${working_dir}/etc/resolv.conf"
+	cp -a /etc/pacman.d/gnupg "${working_dir}/etc/pacman.d"
 	echo "Server = ${host_mirror}" > ${working_dir}/etc/pacman.d/mirrorlist
 
 	if [[ -n $pac_conf && $NOCOPY = 'n' ]]; then
@@ -144,17 +107,8 @@ copy_hostconf () {
 	if [[ -n $makepkg_conf && $NOCOPY = 'n' ]]; then
 		cp ${makepkg_conf} ${working_dir}/etc/makepkg.conf
 	fi
-}
 
-chroot_umount () {
-	umount "${working_dir}/proc"
-	umount "${working_dir}/sys"
-	umount "${working_dir}/dev/ptmx"
-	umount "${working_dir}/dev/pts"
-	umount "${working_dir}/dev/shm"
-	umount "${working_dir}/dev"
-	umount "${working_dir}/${cache_dir}"
-	[[ -n $host_mirror_path ]] && umount "${working_dir}/${host_mirror_path}"
+	sed -r "s|^#?\\s*CacheDir.+|CacheDir = $(echo -n ${cache_dirs[@]})|g" -i ${working_dir}/etc/pacman.conf
 }
 
 chroot_lock () {
@@ -170,6 +124,13 @@ chroot_lock () {
 		stat_done
 	fi
 }
+
+chroot_run() {
+	local dir=$1
+	shift
+	systemd-nspawn -D "${dir}" "${mount_args[@]}" -- ${@} 2>/dev/null
+}
+
 # }}}
 
 umask 0022
@@ -178,13 +139,15 @@ if [[ -n $RUN ]]; then
 	#Sanity check
 	if [[ ! -f "${working_dir}/.arch-chroot" ]]; then
 		die "'${working_dir}' does not appear to be a Arch chroot."
+	elif [[ $(cat "${working_dir}/.arch-chroot") != ${CHROOT_VERSION} ]]; then
+		die "'${working_dir}' is not compatible with ${APPNAME} version ${CHROOT_VERSION}. Please rebuild."
 	fi
 
 	chroot_lock
-	chroot_mount
+	build_mount_args
 	copy_hostconf
 
-	eval chroot "${working_dir}" ${RUN}
+	chroot_run "${working_dir}" ${RUN}
 
 	# }}}
 else
@@ -193,44 +156,36 @@ else
 		die "Working directory '${working_dir}' already exists - try using -f"
 	fi
 
-	if { type -P btrfs && btrfs subvolume create "${working_dir}"; } &>/dev/null; then
-		chmod 0755 "${working_dir}"
+	if [[ ! -d "${working_dir}" ]]; then
+		mkdir -p "${working_dir}"
 	fi
 
-	mkdir -p "${working_dir}/var/lib/pacman/sync"
-	mkdir -p "${working_dir}/etc/"
+	if [[ "$(stat -f -c %T "${working_dir}")" == btrfs ]]; then
+		if { type -P btrfs && btrfs subvolume create "${working_dir}"; } &>/dev/null; then
+			chmod 0755 "${working_dir}"
+		fi
+	fi
 
 	chroot_lock
-	chroot_mount
 
-	pacargs="--noconfirm --root=${working_dir} --cachedir=${cache_dir}"
+	pacargs=("${cache_dirs[@]/#/--cachedir=}")
 	if [[ -n $pac_conf ]]; then
-		pacargs="$pacargs --config=${pac_conf}"
+		pacargs+=("--config=${pac_conf}")
 	fi
 
-	if (( $# != 0 )); then
-		op='-Sy'
-		if [[ $FORCE = 'y' ]]; then
-			op="${op}f"
-		fi
-		if ! pacman ${op} ${pacargs} $@; then
-			die 'Failed to install all packages'
-		fi
+	if [[ $FORCE = 'y' ]]; then
+		pacargs+=("--force")
+	fi
+	if ! pacstrap -GMcd "${working_dir}" "${pacargs[@]}" "$@"; then
+		die 'Failed to install all packages'
 	fi
 
-	if [[ -d "${working_dir}/lib/modules" ]]; then
-		ldconfig -r "${working_dir}"
-	fi
-
-	if [[ -e "${working_dir}/etc/locale.gen" ]]; then
-		sed -i 's@^#\(en_US\|de_DE\)\(\.UTF-8\)@\1\2@' "${working_dir}/etc/locale.gen"
-		chroot "${working_dir}" /usr/sbin/locale-gen
-	fi
+	printf '%s.UTF-8 UTF-8\n' en_US de_DE > "${working_dir}/etc/locale.gen"
+	chroot_run "${working_dir}" locale-gen
+	echo 'LANG=C' > "${working_dir}/etc/locale.conf"
 
 	copy_hostconf
 
-	if [[ ! -e "${working_dir}/.arch-chroot" ]]; then
-		date +%s > "${working_dir}/.arch-chroot"
-	fi
+	echo "${CHROOT_VERSION}" > "${working_dir}/.arch-chroot"
 	# }}}
 fi

pacman-extra.conf

@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
+#UseDelta    = 0.7
 Architecture = auto
 
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,15 +38,14 @@ Architecture = auto
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
 
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file

pacman-gnome-unstable.conf

@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
+#UseDelta    = 0.7
 Architecture = auto
 
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,15 +38,14 @@ Architecture = auto
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
 
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file

pacman-kde-unstable.conf

@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
+#UseDelta    = 0.7
 Architecture = auto
 
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,15 +38,14 @@ Architecture = auto
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
 
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file

pacman-multilib-staging.conf

@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
+#UseDelta    = 0.7
 Architecture = auto
 
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,15 +38,14 @@ Architecture = auto
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
 
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -93,12 +91,11 @@ Include = /etc/pacman.d/mirrorlist
 Include = /etc/pacman.d/mirrorlist
 
 # If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
 [multilib-staging]
 Include = /etc/pacman.d/mirrorlist
 
 [multilib-testing]
-#SigLevel = Optional TrustAll
 Include = /etc/pacman.d/mirrorlist
 
 [multilib]
@@ -107,5 +104,6 @@ Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
 

pacman-multilib-testing.conf

@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
+#UseDelta    = 0.7
 Architecture = auto
 
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,15 +38,14 @@ Architecture = auto
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
 
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -87,9 +85,8 @@ Include = /etc/pacman.d/mirrorlist
 Include = /etc/pacman.d/mirrorlist
 
 # If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
 [multilib-testing]
-#SigLevel = Optional TrustAll
 Include = /etc/pacman.d/mirrorlist
 
 [multilib]
@@ -98,5 +95,6 @@ Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
 

pacman-multilib.conf

@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
+#UseDelta    = 0.7
 Architecture = auto
 
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,15 +38,14 @@ Architecture = auto
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
 
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -87,13 +85,17 @@ Include = /etc/pacman.d/mirrorlist
 Include = /etc/pacman.d/mirrorlist
 
 # If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
+
+#[multilib-testing]
+#Include = /etc/pacman.d/mirrorlist
+
 [multilib]
-#SigLevel = Optional TrustAll
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
 

pacman-staging.conf

@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
+#UseDelta    = 0.7
 Architecture = auto
 
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,15 +38,14 @@ Architecture = auto
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
 
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file
@@ -89,12 +87,12 @@ Include = /etc/pacman.d/mirrorlist
 [community-testing]
 Include = /etc/pacman.d/mirrorlist
 
-#SigLevel = Optional TrustAll
 [community]
 Include = /etc/pacman.d/mirrorlist
 
 # An example of a custom package repository.  See the pacman manpage for
 # tips on creating your own repositories.
 #[custom]
+#SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
 

pacman-testing.conf

@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
-# If upgrades are available for these packages they will be asked for first
-SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
+#UseDelta    = 0.7
 Architecture = auto
 
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,15 +38,14 @@ Architecture = auto
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
 
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
 # packagers with `pacman-key --populate archlinux`.
 
-# Signature checking does not work within our chroot
-SigLevel = Never
-
 #
 # REPOSITORIES
 #   - can be defined here or included from another file

rebuildpkgs.in

@@ -12,7 +12,7 @@
 m4_include(lib/common.sh)
 
 if (( $# < 1 )); then
-	echo "usage: $(basename $0) <chrootdir> <packages to rebuild>"
+	echo "Usage: $(basename $0) <chrootdir> <packages to rebuild>"
 	echo "  example: $(basename $0) ~/chroot readline bash foo bar baz"
 	exit 1
 fi
@@ -47,7 +47,7 @@ pkg_from_pkgbuild() {
 chrootdir="$1"; shift
 pkgs="$@"
 
-SVNPATH='svn+ssh://gerolde.archlinux.org/srv/svn-packages'
+SVNPATH='svn+ssh://nymeria.archlinux.org/srv/repos/svn-packages/svn'
 
 msg "Work will be done in $(pwd)/rebuilds"