So far all files in `needsversioning=(...)` have been printed to the
command line if they were found, which is not useful, especially now
that we have more files present there.
It makes sense however to keep the standard error output, as this gives
a actionable suggestion what one should to to fix the issue:
> error: pathspec 'PKGBUILD' did not match any file(s) known to git
> Did you forget to 'git add'?
Fixes#281
Signed-off-by: Christian Heusel <christian@heusel.eu>
While running a longer makechrootpkg session that involves many
packages, looking at the terminal output is not always sufficient to
tell which package makechrootpkg is currently processing.
In systemd version 256, a feature was introduced in `systemd-nspawn`,
which sets the window title from the container name. [1]
To improve makechrootpkg’s UX, take advantage of systemd-nspawn’s new
feature by setting the machine name (and thus, the terminal title) to
one of the following values, depending on the step makechrootpkg is at:
1. `makechrootpkg.building.mypkg`
2. `makechrootpkg.downloading.pkg1.pkg2.pkg3-git`
3. `makechrootpkg.installing.pkg1.pkg2.pkg3-git`
4. `makechrootpkg.updating`,
followed by a dot and the shell process id, instead of the generic
`arch-nspawn` title that arch-nspawn uses by default.
5. Special case for the inspection step:
As a special case, use a shorter title for the inspection step, because
it spawns a shell, which in turn usually sets the terminal title itself,
so its title would override the one set by systemd-nspawn.
Fortunately, the shell happens to use the first subdomain of the machine
name for its window title, so use a machine name of `inspecting` here,
followed by a hyphen and the shell PID.
[1]: ab03434aa7
This implements a part of RFC52. The new pkgctl license check subcommand calls reuse lint on
the provided directories while pkgctl license setup tries to make packages compliant with RFC40
by adding a LICENSE file and by generating a REUSE.toml.
Component: pkgctl license
readelf will pull in remote debug info if allowed to. This is not really
what we expect for diffoscope diffs, especially when our server only has
debug info for one side of the diff.
Previously we have only copied the passed makepkg.conf file into the
chroot, which misses build flags for additional language specific files
that makepkg supports. Fix this by extracting all conf.d makepkg config
files from the detected devtools archive.
Component: makerepropkg
Co-authored-by: Christian Heusel <christian@heusel.eu>
Previously we have only copied the passed makepkg.conf file into the
chroot, which misses build flags for additional language specific files
that makepkg supports. Fix this by also copying all config files that
match the `<file>.d/*.conf` glob.
Fixes#244
Component: arch-nspawn
Suggested-by: Rein Fernhout (Levitating) <me@levitati.ng>
Co-authored-by: Christian Heusel <christian@heusel.eu>
Vendor all language related makepkg.conf files which are also shipped by
makepkg itself. This makes sure we always have full control over the
build flags inside devtools and overlay any by the vendored config we
maintain in devtools.
Component: archbuild
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
For our own archbuild script which is used for package building from a
template chroot, automatically handle the case where the template root
is out of date. Check the version and enable the clean flag by default
in case a mismatch is detected.
Component: archbuild
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
We are currently facing reproducible builds issues as the
makepkg.conf.d/rust.conf file in the root chroot was leading to pacnew
files, which means the chroot did not use configs as expected from a
clean state. Work around this problem by bumping the chroot version and
ensure we get fresh chroots with expected configs
Component: archroot
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
As it turns out the Gitlab api is not guaranteed to return the
x-total-pages header for larger query result which previously resulted
in a division by zero for pkgctl search as the utlity function assumed
that this value would always be set to a positive integer.
Fixes#255
Link: https://gitlab.com/gitlab-org/gitlab/-/issues/436373
Component: gitlab.sh
Signed-off-by: Christian Heusel <christian@heusel.eu>
The nvchecker upstream version checks are expected to work as is on any
machines without the need of manual Git user configuration. However,
certain user configuration may have a side-effect on version checks.
Subsequently we try to avoid this situation by always disabling Git
config locations.
Component: pkgctl version check
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Fixes#259
Fixes: 0df36df ("feat(issue): add subcommand to list group and project issues")
Component: pkgctl issue view
Signed-off-by: Christian Heusel <christian@heusel.eu>
The pkgctl issue edit command is used to modify an existing issue in Arch Linux
packaging projects. This command allows users to update the issue's title,
description, and various attributes, ensuring that the issue information
remains accurate and up-to-date. It also provides a streamlined facility
for bug wranglers to categorize and prioritize issues efficiently.
By default, the command operates within the current directory, but users can
specify a different package base if needed.
In case of a failed run, the command can automatically recover to ensure that
the editing process is completed without losing any data.
Component: pkgctl issue edit
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The create command is used to create a new issue for an Arch Linux package.
This command is suitable for reporting bugs, regressions, feature requests, or
any other issues related to a package. It provides a flexible way to document
and track new issues within the project's issue tracking system.
By default, the command operates within the current directory, but users can
specify a different package base if needed.
Users can provide a title for the issue directly through the command line.
The command allows setting various labels and attributes for the issue, such as
confidentiality, priority, scope, severity, and status.
In case of a failed run, the command can automatically recover to ensure that
the issue creation process is completed without losing any data.
Component: pkgctl issue create
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The move command allows users to transfer an issue from one project to another
within the Arch Linux packaging group. This is useful when an issue is
identified to be more relevant or better handled in a different project.
By default, the command operates within the current directory, but users can
specify a different package base from which to move the issue.
Users must specify the issue ID (IID) and the destination package to which the
issue should be moved. A comment message explaining the reason for the move can
be provided directly through the command line.
Component: pkgctl issue move
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The reopen command is used to reopen a previously closed issue in Arch Linux
packaging projects. This command is useful when an issue needs to be revisited
or additional work is required after it was initially closed.
By default, the command operates within the current directory, but users can
specify a different package base if needed.
Users can provide a message directly through the command line to explain the
reason for reopening the issue.
Component: pkgctl issue reopen
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This command is used to close an issue in Arch Linux packaging projects. It
finalizes the issue by marking it as resolved and optionally providing a reason
for its closure.
By default, the command operates within the current directory, but users have
the option to specify a different package base.
Users can provide a message directly through the command line to explain the
reason for closing the issue. Additionally, a specific resolution label can be
set to categorize the closure reason, with the default label being "completed."
Component: pkgctl issue close
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This command allows users to add comments to an issue in Arch Linux packaging
projects. This command is useful for providing feedback, updates, or any
additional information related to an issue directly within the project's issue
tracking system.
By default, the command interacts with the current directory, but users can
specify a different package base if needed.
Component: pkgctl issue comment
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This command is designed to display detailed information about a specific issue
in Arch Linux packaging projects. It gathers and pretty prints all relevant
data about the issue, providing a comprehensive view that includes the issue's
description, status as well as labels and creation date.
By default, the command operates within the current directory, but users have
the option to specify a different package base. Additionally, users can choose
to view the issue in a web browser for a more interactive experience.
Component: pkgctl issue view
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The pkgctl issue list command is used to list issues associated with a specific
packaging project or the entire packaging subgroup in Arch Linux. This command
facilitates efficient issue management by allowing users to list and filter
issues based on various criteria.
Results can also be displayed directly in a web browser for easier navigation
and review.
Component: pkgctl issue list
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Instead of passing the command as one complex string to ssh, we create
an SSH master connection and use its control socket in multiple simpler
commands. The same socket is passed also to rsync to transfer the srcpkg
to the remote and to download the build artifacts.
Previously, the srcpkg was passed via stdin to ssh, which prevented
`pkgctl build --offload --inspect` from working. This change frees stdin
for proper remote ptty allocation.
However, it seems that ssh commands with and without the `-t` flag
cannot be multiplexed on a single connection, so there are technically
two SSH connections active for the offload-build execution.
Setup a blank config for packages without remote sources. This is
helpful so other commands like `pkgctl version check` operate gracefully
as well as we have easy way to find packages that miss nvchecker
config.
This must only be used for cases without an upstream, please reach out
to the developer team for guidance regarding upstream sources that are
hard to configure.
Component: pkgctl version setup
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This allows for tools and data visualization to interface against pkgctl
with a machine readable output.
Fixes#237
Component: pkgctl version check
Signed-off-by: Andreas Schleifer <segaja@archlinux.org>
Co-authored-by: Levente Polyak <anthraxx@archlinux.org>
From systemd-nspawn(1),
--timezone=
Configures how /etc/localtime inside of the container (i.e. local timezone synchronization from host to container) shall be handled. Takes one of "off", "copy", "bind", "symlink", "delete" or "auto". If set to "off" the /etc/localtime file in the container
is left as it is included in the image, and neither modified nor bind mounted over. If set to "copy" the /etc/localtime file of the host is copied into the container. Similarly, if "bind" is used, the file is bind mounted from the host into the container. If
set to "symlink", a symlink is created pointing from /etc/localtime in the container to the timezone file in the container that matches the timezone setting on the host. If set to "delete", the file in the container is deleted, should it exist. If set to
"auto" and the /etc/localtime file of the host is a symlink, then "symlink" mode is used, and "copy" otherwise, except if the image is read-only in which case "bind" is used instead. Defaults to "auto".
Added in version 239.
After this commit, we need to recreate all build environment to clean up
pollution already existed.
resolve#250
Signed-off-by: Celeste Liu <CoelacanthusHex@gmail.com>
Since commit 1d433f6 ("feat(db): confirm list of all packages that will be removed") packages need confirmation by default when being dropped from the db. If we make it to the DB drop phase the package already is pushed to the AUR, so it is safe to remove from the database and not removing it would create a somewhat broken state, so we assume that the package should unconditionally be removed from the db.
Component: pkgctl aur drop-from-repo
Signed-off-by: Christian Heusel <christian@heusel.eu>
It seems like nvchecker emits two log entries for errors:
$ nvchecker --logger json -c .nvchecker.toml
{"logger_name": "nvchecker.core", "name": "curl", "event": "token not given but it is required", "level": "error"}
{"logger_name": "nvchecker.core", "name": "curl", "error": "token not given but it is required", "event": "no-result", "level": "error"}
This leads to a double error message as described in the related issue,
which we fix by narrowing the selector to filter for the error entry.
Fixes#235
Component: pkgctl version check
Signed-off-by: Christian Heusel <christian@heusel.eu>
If the chroot was created in a way where it resides on a BTRFS file
system but "$copydir/root" is not a snapshot an error like the following
would be emitted:
$ makechrootpkg -r ~/chroot
==> Synchronizing chroot copy [/home/chris/chroot/root] -> [chris]...ERROR: Not a Btrfs subvolume: Invalid argument
==> ERROR: Unable to create subvolume /home/chris/chroot/chris
Fix this by adding an additional check, which detects if the folder is
actually the root of a BTRFS snapshot before attempting to clone it.
Related to https://gitlab.archlinux.org/archlinux/devtools/-/merge_requests/259
Signed-off-by: Christian Heusel <christian@heusel.eu>
Replace `sdiff` with `diff` (also from `diffutils`) with the following
parameters:
- `--side-by-side` for the `sdiff`-like output
- `--suppress-common-lines` for the `sdiff -s` behavior
- `--width="$COLUMNS"` to use the full terminal width (long lines are
still truncated but it is definitely better than the default width of
130 chars)
- `--color=auto` just because 😉
This avoids the unwanted removal of the folder if someone has already
pre-defined the variable.
Fixes#219
Suggested-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Christian Heusel <christian@heusel.eu>
Since version 2.15.1 nvchecker emits a warning for version strings that
it consideres invalid (e.g. in the case of PyPI).
These warning messages get in the way (the first version emitted via a
warning is used as version to compare against) of retrieving the latest
version of an upstream and therefore we ignore them.
Component: pkgctl version check
Signed-off-by: David Runge <dvzrv@archlinux.org>
The expected output for these tests has now changed since git smash
(which we test against) has changed their version scheme.
Component: pkgctl version setup
Signed-off-by: Christian Heusel <christian@heusel.eu>
Systemd 256 introduces functionality which colors the terminal
background on systemd-nspawn invocations which makes the pkgctl output
look weird.
Disable this bevaviour for pkgctl, so it stays active for arch-nspawn
(for now).
Component: pkgctl
Signed-off-by: Christian Heusel <christian@heusel.eu>
A .cache can be bind mounted into the container to save the caches for
reuse, but sometimes we want to exclude specific caches (because they
don't work well, e.g. bazel's).
Component: makechrootpkg
Git 2.45.1 expanded its security checks to deny cloning even local repos
that are owned by another user. Previously, this just affected network
filesystems.
On our buildserver, this prevents makepkg from cloning repos from our
shared srcdest into the srcdir, if these repos were created by another
packager.
To disable this check, set `safe.directory` to `*`. This looks like a
glob, but is really just a special value. The only other option would be
to add each Git repository in srcdest to the configuration.
Component: makechrootpkg
This fixes issues with packages containing plus signs, that need to be
escaped in toml as well as the extended grep regex.
Component: pkgctl version check
Since logs from offloaded builds are collected in a temporary directory
on the remote server, it is rather difficult/error-prone to get to them,
because the path changes in each rebuild. Fetching logs from the server
into $LOGDEST makes it easier to investigate them and also brings the
behavior of offload-build closer to archbuild.
Log files are always downloaded, even for failed builds.
Component: offload-build
Signed-off-by: Jakub Klinkovský <lahwaacz@archlinux.org>
Co-authored-by: Levente Polyak <anthraxx@archlinux.org>
So far the commands would stop execution if one of the target
directories did not contain a PKGBUILD instead of just reporting failure
for that directory. Fix this by replacing the 'die' calls with setting
the error for the spinner facility.
Component: pkgctl version check
Component: pkgctl version upgrade
Signed-off-by: Christian Heusel <christian@heusel.eu>
This introduces the `pkgctl repo clean` command which removes every
untracked files from local package repositories (via `git clean`).
The usage is as simple as `pkgctl repo clean [OPTION] [PATH]` (where
"[PATH]" can be equal to a wildcard "*").
Component: pkgctl repo clean
pacman 6.1 added support for CacheServer which allows us to download
packages faster and reduce the burden on tier0 server.
They won't be used to fetch databases so it should be pretty safe in the
repository consistency context.
Component: arch-nspawn
Return an error and abort operation when an invalid target repo is
passed.
Component: pkgctl db remove
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Sometimes it isn't obvious which set of packages are removed from a
split package when the pkgbase matches also a subset of a pkgbase. This
can happen for example with bootstrapping packages, when the intention
is to just remove a partial part of the bootstrap pkgbase.
To make the intention more explicit, list all to be removed packages and
await for confirmation.
Component: pkgctl db remove
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
By default passing a pkgbase removes all split packages, debug packages
as well as entries from the state repo for all existing architectures.
When using the `--partial` option it may most likely lead to undesired
effects by leaving debug packages behind as well as dangling entries in
the state repository. However, for specific use cases its required to
get rid of old split package parts.
Fixes#218
Component: pkgctl db remove
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
systemd-nspawn sets up a pts in the container by default which build
scripts might use to ask for interactive input. This is only okay if
the host side is also a TTY. The 'autopipe' mode deals with this
situation appropriately.
The architecture definition of the variable was using invalid bash
syntax and was previously unused:
$ _binary_arch=${DEVTOOLS_VALID_ARCHES[*]:0:-1}
bash: -1: substring expression < 0
We therefore fix the definition of the variable and use it for the
autocompletion of the offload-build command.
Furthermore fix wrongly named architecture variables that have been
missed from previous refactoring.
Fixes#222
Component: completion
Fixes: f961e2e ("completion: implemented structured declarative bash completions")
Fixes: 4173e0a ("chore: refactor variable names in valid-{tags,repos}.sh")
Signed-off-by: Christian Heusel <christian@heusel.eu>
Co-authored-by: Levente Polyak <anthraxx@archlinux.org>
Use a central location in common.sh to define the default rsync options.
Switch to use batched uploads by targeting a partial directory which is
not taken into account by db update. Instead, once all packages that
belong to a split package group are uploaded into the .partial
directory, all artifacts are moved in one batch into the staging
directory of the repo server. This reduced the window of opportunity for
a partial release significantly to a tiny window.
Component: pkgctl release
This allows us to have more control over the output and status logs.
Using this method we are able to avoid cluttering the version upgrade
subcommand while downloading sources for updating the checksums.
Having this internally will also allow us in the future to have smart
checksums updating by only trying to change the checksums of sources
that have actually changed, for example when adjusting a patch file we
should avoid trying to overwrite the archive checksums unintentionally.
Component: pkgctl version upgrade
This commit aims to make 'pkgctl version upgrade' also update checksums
in addition of bumping the pkgver and reseting the pkgrel.
Component: pkgctl version upgrade
Originally fixed in b7893a2ca8, that approach created another bug when packages have several providers. In that case, pacman expects a number, so "yes" is not a valid answer, leading to an infinite loop.
Using the undocumented, but stable option "--ask=4" allows to selectively change the default answer for conflicts, therefore properly fixing the underlying issue.
See also: https://gitlab.archlinux.org/pacman/pacman/-/issues/60Fixes#163
Component: makechrootpkg
In certain scenarios, like when an URL is checked that asks for
credentials or other kind of input, the process blocks and waits for
stdin input. This isn't particularly useful during scripted execution
and in our cases also just an indicator for like a none existing GitHub
repository.
To avoid this situation, disable git terminal prompts.
Component: pkgctl version check
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Introduce a new version subcommand `setup` which does a best effort to
generate the most minimal required .nvchecker.toml file for specific
sources.
It supports a wide range of common sources like:
- Git, GitHub, GitLab, Hackage, NPM, PyPI, RubyGems, CPAN, crates.io
The creation logic is based on matching a domain for a source which is
something predictable and then simply passes an array of the url parts
for every source creator to extract the useful bits out of the url
array.
Component: pkgctl version setup
Co-authored-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
Asciidoc is the old reference implementation in Python, which has some
shortcoming. Specifically we are hitting cut off page names for long
subcommands. Fix this by switching to a more modern implementation named
asciidoctor.
During the migration, get rid of the explicit asciidoc.conf file that
was required to define a linkman macro, which is now supported out of
the box.
Fixes#170
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
If users have enabled push.followTags in their Git config then dropping
packages to the AUR spews errors because all the release tags from
official repos are rejected by AUR repos.
Several subcommands accept multiple paths in a way that passing a
wildcard is an expected use case. Previously this wasn't possible if the
main directory contained any text files or scripts.
Fix this by skipping none directory paths for such commands.
Component: pkgctl
Signed-off-by: Morten Linderud <foxboron@archlinux.org>
RFC-26 proposes to add -fno-omit-frame-pointer and
-mno-omit-leaf-frame-pointer to the default compilation flags
to improve the effectiveness of profiling and debugging tools.
See https://rfc.archlinux.page/0026-fno-omit-frame-pointer/
We can only update the local ref to the remote head from main to master
once we have actually pushed the master branch to the remote. If we do
this too early, the call will simply error out.
Instead, only update the local head for the configured remote after we
have successfully renamed the branch and pushed it to the AUR.
Fixes#212
Component: pkgctl aur drop-from-repo
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This avoids some corner cases that some applications behave ill when
TERM is completely unset. Instead, ensure we set TERM to dumb as a
fallback, which should serve better than not having any term defined.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The latest release of devtools has included some pretty printing
capabilities and fancy terminal stuff with the spinner and so on.
It seems like the existing safeguards to disable this for incapable
terminals were not enough though, therefore we saw two types of errors:
- offload-build:
```
==> Building in chroot for [extra] (x86_64)...
tput: unknown terminal "unknown"
tput: unknown terminal "unknown"
tput: unknown terminal "unknown"
```
- repro builders:
```
==> Successfully switched <package> to version <version>
tput: No value for $TERM and no -T specified
ERROR: Failed checkout <package>
```
The recently included fail option made this error populate to the
command level and therefore increased its impact from a not so nice
logging message to a more severe problem which made the command abort.
We fix this by checking if tput is supported or else use the raw escape
sequences instead of tput commands.
Fixes: fedfc80 ("feat(term): add terminal utils to handle a dynamic spinner")
Fixes: 66e83c9 ("feat(version): pretty print and group together version check results")
Fixes: d0dc0e1 ("feat(search): add optional plain output formatting")
Signed-off-by: Christian Heusel <christian@heusel.eu>
We should explicitly instruct makepkg to not sign the source package,
even when the BUILDENV array in makepkg.conf contains 'sign'. The
devtools workflow is to always sign separately from building, which is
different from makepkg and it should not depend on its configuration.
Furthermore, this function is currently used only in offload-build to
collect sources that are transferred to the server before the build
itself. Signing this source package does not provide any benefits.
We are depending on updpkgsums for the --update-checksums option used in
pkgctl build. Document this requirement.
Signed-off-by: Christian Heusel <christian@heusel.eu>
The adequate target repo options are not appropriately forwarded to the
release subcommand if the auto-release options is activated. Previously
we did not restrict the --repo option, which the build option has used
as a shortcut. Since last release, this option is restricted to new
packages that are not in any official repository yet.
Fix this issue by forwarding the same target repo options that have been
used during the build command and not forcefully the --repo options.
Fixes#209
Component: pkgctl build
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Since last release, offload building now has proper error handling
enabled. This unfortunately lead to a regression for packages, like any
packages, where makepkg claims debug packages are available during
--packagelist while none were actually built. This leads to the scp
command failing when trying to download the none existing packages
which ultimately leads to a termination of the build script.
Fix this by filtering out package files that do not exist before trying
to download them.
Fixes#208
Component: pkgctl build
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This works around the fact that we are currently not auto detecting
unstable repository targets while providing a stability layer option on
the subcommand. Soften the --repo option rules by allowing unstable
repositories to use that flag for building and releasing against the
unstable repositories.
This will be replaced in the near future by proper integration of target
repository auto-detection that in aware of unstable repositories while
providing a unstable stability layer options.
Component: pkgctl build
Component: pkgctl release
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Previously the behavior was inconsistent and not fully fulfilling its
purpose of only using --repo once when initially pushing a new and
unknown package to the official repositories.
Consolidate the behavior by only allowing to use --repo during the
initial packaging and disallow any subsequent usage. The expected user
experience is to subsequently use --testing or --staging to influence
the auto-detection of the build target. This avoids any kind of human
error which leads to releasing core packages to extra-testing by
accident.
Furthermore, allow the build subcommand to automatically fallback to
extra as the default stable repository target which greatly improves the
usability for AUR or local override builds.
Fixes#193Fixes#191
Component: pkgctl build
Component: pkgctl release
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This change introduces the new --install-to-host flag to pkgctl build,
which can be used with one of the modes 'all' or 'auto'. Depending on
the mode either all or just already installed packages are installed to
the host system.
BREAKING CHANGE: the --install flag is renamed to --install-to-chroot
to avoid confusion with the newly introduced flag.
Component: pkgctl build
Signed-off-by: Christian Heusel <christian@heusel.eu>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This helps people to be slightly more patient as the progress status
update includes the current percentage.
Component: pkgctl search
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Change 'none pkgbase' to 'non-pkgbase' as the sentence refers sections
that are not the pkgbase section, rather than an empty pkgbase section
or something of that sort that could be misconstrued by using the word
'none'.
Component: pkgctl version check
For pkgbases with '.' in the name, the TOML-section must be wrapped in
double quotes in order for it not to be parsed as a supersection and a
subsection. This case was not properly handled by checks for if the
TOML-file contains a pkgbase section, and for if the TOML-file contains
superfluous sections. Address this by handling optional double quotes in
the greps related to said checks.
This was discovered in the AUR package ruby-cool.io and the issue can be
reproduced with the following minimal PKGBUILD and .nvchecker.toml file:
$ cat PKGBUILD
pkgname=ruby-cool.io
pkgver=1.8.0
$ cat .nvchecker.toml
["ruby-cool.io"]
source = "gems"
gems = "cool.io"
Before the fix:
$ pkgctl version check
Failure
x ruby-cool.io: missing pkgbase section in .nvchecker.toml: ruby-cool.io
After the fix:
$ pkgctl version check
GEN lib/version/check.sh
Out-of-date
✓ ruby-cool.io: current version 1.8.0 is latest
Component: pkgctl version check
Enhanced and overhauled the documentation for the 'version' subcommand.
The improvements include comprehensive details on the subcommand's
behavior, usage, and a variety of scenarios it handles.
Added a central section within the pkgctl-version manpage that documents
the nvchecker configuration and rules.
Component: pkgctl version
Singled-off-by: Levente Polyak <anthraxx@archlinux.org>
It can be handy to have an exit code that allows better status
indication or chaining.
On exit, return one of the following codes:
- 0: Normal exit condition, all checked versions are up-to-date
- 1: Unknown cause of failure
- 2: Normal exit condition, but there are out-of-date versions
- 3: Failed to run some version checks
Component: pkgctl version check
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Sometimes it can be desired to get a results for each entry even if the
current version is up-to-date. Add a --verbose option to print this
optional detail.
Component: pkgctl version check
Component: pkgctl version upgrade
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
It may take quite some time to check a lot of upstream versions.
However, we still want to nicely group the results together. To avoid
just showing a static status message it makes much more sense to show a
dynamic spinner with a summary of the progress.
Component: pkgctl version check
Component: pkgctl version upgrade
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The spinner uses a status file that can be used to dynamically update
the message. The spinner itself buffers the output in a frame buffer
variable before flushing a frame in one go.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Collect all check results in arrays and pretty print the results after
grouping them together based on out-of-date, up-to-date and failures.
Print a summary that shows a brief statistic about the results when
processing multiple check items.
Component: pkgctl version check
Component: pkgctl version upgrade
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This adds support for global keyfile from the user config home
XDG_CONFIG_HOME which allows to set tokens for GitHub and GitLab for
certain nvchecker configuration.
When ~/.config/nvchecker/keyfile.toml exists, it will automatically be
appended as keyfile of the local .nvchecker.toml file.
Component: pkgctl version check
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Add defensive programming to the execution chain of the version check
subcommand for graceful error handling of subprocesses as well as errors
returned from nvchecker itself indicated in the returned JSON.
Furthermore this fixes a bug when processing multiple packages where the
pkgbase variable is stuck for subsequent packages that do not declare a
pkgbase variable itself.
Component: pkgctl version check
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This subcommand applies the detected upstream version upgrades to a
PKGBUILD.
Component: pkgctl version upgrade
Co-authored-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Christian Heusel <christian@heusel.eu>
The version subcommand handles pkgver related commands, the first
subcommand being `check`. Check runs nvchecker if a `.nvchecker.toml`
file exists and compares the current pkgver with the latest release.
Introduces nvchecker as optional dependency which has to be installed in
order to use this particular subcommand.
BREAKING CHANGE: formerly pkgctl version would output the version of the
pkgctl tool, now it is used as a version related subcommand.
Fixes#140
Component: pkgctl version
Component: pkgctl version check
Co-authored-by: Christian Heusel <christian@heusel.eu>
During certain operations like --edit, --pkgver etc the PKGBUILD
may change since last sourced. If a modified checksum of the PKGBUILD
is detected, re-source it before processing.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The srcinfo file is essentially a representation of the current build
recipes, hence generate an up to date version by adding it as secondary
build artifact to the build process.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Heavily improve the runtime of huge split packages, by creating an own
parallelized high level implementation of the makepkg low level building
blocks for srcinfo generation.
This reduces the runtine to generate the srcinfo file for thunderbird
from 24 seconds down to 1 second.
Add an aur command to interact with the Arch User Repository including
the drop-from-repo subommand which allows to drop packages from the
official repository to the Arch User Repository in one go.
Related to #143
Component: pkgctl aur drop-from-repo
Co-authored-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Christian Heusel <christian@heusel.eu>
Dashes are not supported in function names and underscores were not
automatically translated. Replace all dashes of the current completion
token, if it is an arg which allows subcommands to use underscores
instead of dashes to declare their completion handlers.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This allows to run the search command without bats, which is not used in
the default pretty output format.
Component: pkgctl search
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Previously if we opened a lock on an existing file with useful content
we overwrote it with an empty file. This is obviously not desired, hence
open the file handle in append mode preserving its content.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Search for an expression across the GitLab packaging group. To use a
filter, include it in your query. You may use wildcards (*) to use glob
matching. Available filters for the blobs scope: path, extension.
Every usage of the search command must be authenticated. Consult the
'pkgctl auth' command to authenticate with GitLab or view the
authentication status.
This command uses bats for pretty printing the results including line
numbers and syntax highlighting.
Component: pkgctl search
Co-authored-by: Christian Heusel <christian@heusel.eu>
Co-authored-by: Levente Polyak <anthraxx@archlinux.org>
The philosophy of our CLI is to provide options that better match human
expectations in an intuitive way rather than mimic wording of previous
tools with abbreviation.
Component: pkgctl build
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The fix separator contains a whitespace, which made the check never
match. We now trim the separator before checking, making it resilient
against any kind of spaces.
Fixes b7984c6073
BREAKING CHANGE: Increments the repo spec version which requires to
reconfigure all existing packaging repo clones.
Fixes#129
Component: pkgctl repo configure
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This is done to closer mimick the behaviour of git here, as it prefers
core.editor setting over the other editor options as per git-var(1):
> The order of preference is the $GIT_EDITOR environment variable, then
> core.editor configuration, then $VISUAL, then $EDITOR, and then the
> default chosen at compile time, which is usually vi.
Fixes#192
Signed-off-by: Christian Heusel <christian@heusel.eu>
There is a single endpoint now to list all pkgbases and their current
maintainers. Use this endpoint for speeding up the clone of all packages
of a maintainer by only issuing a single API call.
Component: pkgctl repo clone
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This moves relative relocations from the `.rela.dyn` section into a new
`.relr.dyn` section with a significantly more compact encoding,
supported since glibc 2.36, GNU Binutils 2.38 and LLVM 15.
This can reduce the size of libraries a lot, e.g. the installed size of
`libphonenumber` dropped from about 17 MB to 7 MB.
For more info, see
https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/23.
Signed-off-by: Jan Alexander Steffens (heftig) <heftig@archlinux.org>
This will separate logical flags with whitespace and make it easier to
split the flags across multiple lines.
Signed-off-by: Jan Alexander Steffens (heftig) <heftig@archlinux.org>
In certain situations, users may encounter limitations when unable to
utilize xdg-open (e.g., when connected to an Arch machine via SSH).
Consequently, this commit introduces the option to simply print the
repository link to copy or click on it.
Signed-off-by: Christian Heusel <christian@heusel.eu>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Add -n to allow running makepkg with --nocheck. This is useful to reduce
the time required to reproduce a package, as they should not depend on
running the check function for being reproducible.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Implement the -x option for makechrootpkg which allows to get an
interactive shell in the chroot after building the package. Useful to
ease the debugging of a package build.
Depending on the argument, the interactive shell is either always
spawned or only when an error occurred during build.
This option is also forwarded from `pkgctl build` via the `--inspect`
flag.
Component: pkgctl build
Component: makechrootpkg
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Specify the upstream instance hostname for glab using the `GITLAB_HOST`
environment variable.
Without it `glab` will use whatever is set as host using the `host`
key in its configuration and silently break the links of all uploaded
assets.
Signed-off-by: David Runge <dvzrv@archlinux.org>
Turns out the manpages of pkgctl db update and pkgctl db move were just switched without having the page title adjusted.
Fixing the initial error therefore turned out to create the same problem for the manpage of pkgctl db update, which this commit re-fixes.
Fixes: 5e3ab4b321 ("chore(docs): correct the manpage for pkgctl db move")
Fixes: f834fc4700 ("db: command for Pacman database modification like update, move etc")
Fixes#195
Component: pkgctl db update
Signed-off-by: Christian Heusel <christian@heusel.eu>
So far the manpage for pkgctl db move seemed to be a copy of the pkgctl db update manpage
which caused an error upon install as the move page was not created.
Instead compiling this manpage overwrote the one for pkgctl db update
which this commit fixes.
Fixes: f834fc4700 ("db: command for Pacman database modification like update, move etc")
Fixes#195
Component: pkgctl db move
Signed-off-by: Christian Heusel <christian@heusel.eu>
This is useful so people who update patches etc. can update their checksums on building.
The functionality itself was already implemented for --pkgver, but was not available separately.
Fixes#168
Component: pkgctl build
Signed-off-by: Christian Heusel <christian@heusel.eu>
Even though the variables in these files are globablly used they have a weirdly local sounding name.
This commit fixes this by refactoring all usages throughout our codebase.
Signed-off-by: Christian Heusel <christian@heusel.eu>
Anything that requires user input (such as a key unlock or hostkey
verify) will block the terminal and wait for input which will never
come.
When cloning or configuring a repo via ssh we therefore initially
connect to gitlab to warm the connection.
Afterwards users are expected to either have setup a ssh ControlMaster
or use something like a ssh agent.
Fixes#148
Component: pkgctl repo clone/configure
Co-Authored-by: Christian Heusel <christian@heusel.eu>
Signed-off-by: Christian Heusel <christian@heusel.eu>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This is done so that the generated changelog carries more information
(i.e. the scope of the change).
Co-Authored-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Christian Heusel <christian@heusel.eu>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
By default the sync operation enables dependency checks during the
preparation of the transaction. This isn't necessary for the print
option, but is done nevertheless, which leads to issues for example
during soname dependency problems. The result is a none functional
automatic repo detection.
Fix this by explicitly disabling dependency version checks. We specify
this option twice to skip all dependency checks.
Fixes#189
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
When releasing a package always generate a .SRCINFO file so we can build
tooling based upon these files instead of having to parse bash in a
non-bash language.
Some tests have shown around 30 seconds or generating the metadata on
packages like thunderbird. The implementation in makepkg becomes semi
slow for some split packages that provide a huge number of individual
packages, but it seems reasonably fast so we can instead have a uniform
state of always providing .SRCINFO files.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Currently we used grep -E, in a way that special characters in the
package name such as the '+' in 'ls++' also became part of the regex.
This commit switches this to become a literal string matching using awk.
Signed-off-by: Christian Heusel <christian@heusel.eu>
As the relative links are relative to the pkgctl invocations PWD and not
necessarily relative to the location where makechrootpkg is invoked from
this fails unexpectedly.
This commit fixes this by just using the full path when passing the
location to makechrootpkg.
Fixes https://gitlab.archlinux.org/archlinux/devtools/-/issues/181
Signed-off-by: Christian Heusel <christian@heusel.eu>
`--keep-unit` is really only for use in services like
`systemd-nspawn@.service`.
The parameter was added in commit 000ea6c7bb because
systemd-nspawn defaults the name of the machine (and thus the generated
scope) to the name of the working directory, which is not unique. Thus
spawning a container from `archbuild/extra-x86_64/foo` while
`archbuild/testing-x86_64/foo` is already running would fail.
We can avoid the unit conflict by giving the container a unique machine
name. Creating a scope also allows us to place the container in a slice
hierarchy for resource control.
This is done so that pkgctl can be better used to build aur packages
which can have arch=(...) settings for which we do not have a clean
chroot builder.
Signed-off-by: Christian Heusel <christian@heusel.eu>
Early exit in case the PKGBUILD is not yet properly under version
control, which can happen for freshly initialized repositories.
Furthermore print an appropriate error message including a hint how to
resolve this.
Fixes#154Fixes#167
Signed-off-by: Christian Heusel <christian@heusel.eu>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Ask for the next release version and automatically create a signed tag.
Furthermore add a simple release target to call glab for uploading the
required artifacts.
Not being in any official repo does not necessarily mean this is a new
package. One could simply be building an AUR or custom local package.
Make the message less confusing in such case.
Before porting commitpkg to Git, the code has checked the SVN status for
none commited files. During the port this has changed by straight
checking for any passed files if they were under version control or not.
In general the whole logic is very brittle as variables are searched by
regex and directly passed to eval while ignoring any function scoping.
This leads to missing files when they reference the $pkgname inside a
package function but also provide wrong ones when eval simply returns
the first $pkgname while ignoring and function scopes.
In the future this should completely be replaces by .SRCINFO processing.
Fixes#145
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
arch-nspawn, mkarchroot, makerepropkg all call "shift" after getopts
processing. Save the original args and pass on to check_root to prevent
options being discarded.
Fixes 41d4624879Fixes#149
Signed-off-by: Toolybird <toolybird@tuta.io>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This is a rather quick and simple implementation to override the current
logic and force clone with HTTPS. Allowing to explicitly clone over HTTPS
is currently required to unblock reproducible builds where no ssh keys
and GitLab user accounts are set up as of now. Hence this quick solution
comes into play to mitigate the regression on reproducible builds
builders.
Revisit the overall auto detection and protocol logic approach for a
later release related to some ideas floating around in pending
merge-requests.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This currently makes .SRCINFO files opt-in and helps to keep the file up
to date if already present.
Signed-off-by: Morten Linderud <foxboron@archlinux.org>
`diff_pkgs` needs to use a local variable for its options, otherwise
they will accumulate for each package diffed.
Whem comparing split packages this lead to earlier mutated DIFFOPTIONS
containing too many labels which resulted in a failure.
Check git status --porcelain, not --short.
`--short` is influenced by user configuration like `status.branch`
making it non-empty even on a clean tree. Use `--porcelain` to avoid
this.
Run up to N jobs in parallel. By default the number of jobs is equal to the
number of available processing units. For sequential processing this option
needs to be passed with 1.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Bumping the chroot version will result in the chroots checking against
the local version and force recreation in case they do not match.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
We only need to specifically use ssh:// protocol prefix if we want to
specify a special port. As we moved to support pulling directly over
port 22 from out GitLab instance we can change the url scheme to the
simple variant.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Before modularizing the repo layout, we used m4_include to assemble
together sources into a single file. Now, we properly use a library
layout without assembling multiple files, which means we cannot anymore
rely on BASH_SOURCE inside the library file. Hence, pass along the
actual command and argv from the check_root caller.
Fixes: src: modularize repo layout into a library
Signed-off-by: Morten Linderud <foxboron@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Allow overriding the worker slot with a dedicated option. Furthermore
detect if the current tty is no pts and fall back to choosing a random
worker slot between 1 and number of available processing units.
Fixes#137
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Git push will print its status, hence switch from a busy line
indicator to a single line message and allow Git to print its status
accordingly.
Otherwise we get:
==> Releasing package...Enumerating objects: 6, done.
Add an option to call the switch command after clone. Switch to a
specified version. The working tree and the index are updated to match
the version.
Signed-off-by: Christian Heusel <christian@heusel.eu>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
It leads to weird expectations when using --db-update or --message
without --release. Make the behavior more user friendly, by aborting the
operation and explaining that release options only work in conjunction
with the release option.
Fixes#131
Signed-off-by: Christian Heusel <christian@heusel.eu>
This will make it tremendously easier to add arguments, subcommands and
special positional option handling. Instead of the need to code the
nested structure via bash and switch cases, we can simply declare
functions and arrays with the matching names according to the
subcommands or argument labels.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This allows to show arguments on root level of commands that themselves
have subcommands available. Complete those when any - is used in the
completion word.
Normally the default in Arch is that all home directories are private.
However, this may have been changed locally. To make sure we never
expose secrets, lets use a umask of 0077 when writing the config.
Additionally add some temporary fixup code to migrate the file and
directory permissions of already existing paths.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This would allow to supply the gitlab tokens via the env var
DEVTOOLS_GITLAB_TOKEN and therefore allow users to choose whatever
program they want to fill this env var.
Closes#113
Signed-off-by: Christian Heusel <christian@heusel.eu>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Adds a check for the configured Git editor (git config core.editor) in
both commitpkg and build.sh.
Additionally, instead of blindly executing vi when all other options are
exhausted, remove it instead as it is a none standard installed editor
anyway.
Closes#106
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Instead of trying to port this ancient script, which doesn't even seem
to work with community, let's instead remove it. We will be adding a
replacement script in pkgctl soon with a smarter and more convenient UX.
The list of all maintainers that have worked so far on devtools is
exceeding a sane amount making each manpage convulsed. The authors can
be pulled from GitLab directly without occupying lots of space on every
manpage. We would like to express gratitude to all our maintainers.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Automatic path conversion is limited to GitLab API v4 and will be
removed in the future. It's expected that the caller does the path
conversion on caller side and only passes a valid path to the API within
its limitations.
Hence convert project names to valid paths:
1. replace single '+' between word boundaries with '-'
2. replace any other '+' with literal 'plus'
3. replace any special chars other than '_', '-' and '.' with '-'
4. replace consecutive '_-' chars with a single '-'
5. replace 'tree' with 'unix-tree' due to GitLab reserved keyword
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The remote protocol is automatically determined from the author email
address by choosing SSH for all official packager identities and
read-only HTTPS otherwise.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This ensures the repository we try to commit and release from uses the
latest distro specs for its local git config. The check errors out early
before touching anything and prints a recommendation how to update the
repo.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
For local development testing, there is a convenience wrapper for
`pkgctl` that will automatically build the project using make and proxy
all calls to the local build directory.
Either `./test/bin/pkgctl` can be run directly or the `test/bin`
directory can be added to the PATH.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
It's safest to probe for the validity of the remote origin and abort
early otherwise. This also allows to print some hints how to create or
configure new repositories at appropriate times.
Additionally fetch remote changes and check the local branch contains
the remote branch ref, otherwise abort and print a hint how to pull and
update the branch.
This should add all check needed for the average failure case that may
lead to a weird state or creation of a local tag that may not be
pushable.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
There is no reason anymore to use m4 since we got rid of the includes by
using library files. Let's replace the last usage of m4 and completely
red rid of it.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
We have used the datadir like a kitchen sink, lets clean up a bit by
having a better and well structured layout. Put makepkg and pacman
configs in separate directories: makepkg.conf.d and pacman.conf.d.
This is a smart and more convenient invocation of the classical
commitpkg and archrelease with auto-discovery for target repositories
and a shorthand option to directly call db-update.
We need to use API calls as we can't create repositories in protected
namespaces by simply pushing a none existing repository. For privacy
reasons this is limited to private personal repositories in GitLab.
This will greatly help us to structure the functionality and commands in
a more sane way. We will distribute the sources as actual libraries and
reuse code with imports instead of processing everything with m4 and
duplicating a lot of code.
This is the first step of a simple and highly structured unified
interface to devtools commands in a single wrapper.
The split is based on groups like `repo`, `build` and `diff`
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This can be quite handy if a packager quickly wants to check the GitLab
page for merge requests or but reports. Quickly calling a cli command
inside the current packaging clone or with the pkgname provided will
open the remote location inside the browser.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This can be very handy for cache warming on the repo server or
to perform mass operations on all PKGBUILDs.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
It makes a lot of sense to have them in a central place that can be
swapped and also re-used across different execution units. Hence lets
move the repos.archlinux.org host to lib/common.sh
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Query Archweb to retrieve a list of all packages of a maintainer by
their pkgbase. AFterwards loop through all packages and clone them.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Manages Git packaging repositories and helps with their configuration
according to distro specs.
Git author information and the used signing key is set up from
makepkg.conf read from any valid location like /etc or XDG_CONFIG_HOME.
The configure command can be used to synchronize the distro specs and
makepkg.conf settings for previously cloned repositories.
The unprivileged option can be used for cloning packaging repositories
without SSH access using read-only HTTPS.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This allows us to reuse the code and have the conversion in a single
place instead of cluttering rules across different execution units.
It also fixes the implementations according to the specs of
git-check-ref-format.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Do not allow uploads of source=() with only weak cryptographic hashing
algorithms but require at least one strong algorithm.
This doesn't 100% enforce it ofcourse, but it allows for an early
failure instead of failing in `db-update`.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Use the first mirror that is configured for each repo in pacman.conf.
With the default configuration, this means to use the first mirror from /etc/pacman.d/mirrorlist.
If a repo is not configured in pacman.conf, fall back to https://geo.mirror.pkgbuild.com.
The `extglob` option changes the behavior of the shell parser, since
extended glob patterns would otherwise be syntax errors. bash-5.2
changed the way a function definition is processed by calling the parser
instead of relying on the ad-hoc code in bash-5.1 and earlier versions.
This means, in bash-5.2 the shell function was parsed without `extglob`
being enabled because the `shopt` command to enable it was part of the
function body.
Add `shopt` options for `extglob` around function definitions to address
this issue and allow bash-5.2 to correctly parse the function.
Co-authored-by: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
Co-authored-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Adding such an entry is problematic as it results in locale -a showing:
C
C.UTF-8
C.utf8
POSIX
(other locales)
In the above, C.UTF-8 is built-in whereas C.utf8 comes from locale.gen.
The duplicate locale has the potential to expose undesired behavior in
upstream software: https://github.com/sudo-project/sudo/issues/241
Previously the script execution did not abort if the msg file editor
exited none-successfully leading to undesired commits with a potentially
unfinished message. Instead abort the commit if the msg file editor is
deliberately terminated with a failure code.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Use the workdir location which gets cleaned up automatically. Previously
this was leaking tmpfiles if the commitpkg command got aborted after
file creation.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
config path: @pkgdatadir@/mount.d/${arch}
config format:
Each line will start with 'ro' and 'rw' will be used, other lines will
be ignore, rest of line is out/path:in/path. e.g.
```
ro /some/path:/proc/cpuinfo
rw /some/some/path:/var/cache/pacman/pkg
```
For example, in the RISC-V port, if we use qemu-user to build, we need
to pass a parameter to makechrootpkg to map a correct /proc/cpuinfo, so
that software that relies on /proc/cpuinfo to obtain information can be
built normally.
Signed-off-by: Celeste Liu <CoelacanthusHex@gmail.com>
systemd by default limits the /tmp folder to be 10% of the host memory:
6f2cea06bf/src/shared/mount-util.h (L33)
This is problematic to our builds because many toolchains opt to put
build artifacts in /tmp, and expecting the host memory to be 10 times
larger is not optimal or even realistic sometimes.
This MR attempts to enlarge it to 50% memory as the host machine's
default value of /tmp. This should be a fair compromise between being
overly conservative and taking up too much memory to crash the system.
This enables DEBUG_RUSTFLAGS with the appropriate debuginfo settings.
The empty RUSTFLAGS variable is required workaround to avoid double
compilation during package function call. The issue is that the
behavior of the current implementation of buildenv_debugflags is not
idempotent, so consecutive calls will append the same flags again
leading to cargo consider the build inputs to have changed.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
`makerepropkg` has a hardcoded "x86_64", so fails to run on other
[unofficial] architectures, because it tries to use an x86_64-specific
makepkg config, which overrides CARCH=x86_64.
This patch addresses hardcoded half of the problem; ArchLinux derivates
still needs to ship a custom `devtools` package with their own
`makepkg-$CARCH.conf`. Usually, the only thing that really needs to be
changed in the per-architecture custom makepkg.conf is CARCH and CHOST.
See: https://lists.archlinux.org/archives/list/arch-projects@lists.archlinux.org/thread/XEEW5LXYFN3XXI5YXAUY5E4LZLMKOFTL/
Currently, when multiple short options are passed as a single argument,
only the one that matches the first case statement will be parsed. This
shall be fixed by using switch-case resume.
find_cached_package was unnecessarily looping over all packages which
uses a lot of CPU and could be exceptionally slow when PKGDEST contains
a lot of packages.
Fix this by adding the target pkgname, pkgver and arch to the glob and
only process potential candidates.
Instead only enable it for whatever operation requires them.
Example sides effects:
commitpkg can accidently execute PKGBUILD functions when sourcing the
PKGBUILD that has function names like package_libsigc++()
Fixes#87
Diffoscope has a different option, called --text-color which only
understands the verbose options. Hence we extend the --color shorthand
for --color=auto and pass the changed option name to diffoscope.
We did not copy over the optional debug packages to the staging
environment before db-updating the moved state. Afterwards the db-remove
call removed the debug packages from the source repo. This lead to
dropping debug packages when using crossrepomove.
This approach ensures we have a uniform shell to avoid shell glob
behavior inconsistencies. The copy of the package path is mandatory and
will error out if missing while the debug package path is optional as
reflected by a subshell that succeeds either way.
Fixes#92
On certain packaging machines where the pacman cache gets updated very
infrequently, the behavior of diffpkg may not function correctly as old
packages were to be downloaded as diff target. In such cases we look for
a pool directory first and search via a glob for an available pool
package sorted by version.
The pool search glob has three glob segments each disallowing the dash
delimiter to split across pkgrel, pkgver and arch. This will return the
correct package from the pool without considering overly eager wildcards
that potentially match different pkgnames.
The default pool search directory is /srv/ftp/pool
The magic values `columns` and `auto` allow to set specific aspects,
with 'auto' as the default value:
- auto: Set width to the maximum line length of all input files
- columns: Set width to the shell defined $COLUMNS env var
Furthermore any number can be passed to set a static width.
- Use wildcard for the lib directory for all binprogs
- Fix individual man page prerequisites for asciidoc.conf and footer
- Require all as prerequisite for the install target
This introduces a BUILDDIR make variable that is used as the target
directory. This gives us more flexibility and easier control of a none
dirty worktree by not polluting the main workdirs.
In case the validpgpkeys array is empty or undefined, the empty printf
line only included a single line break which lead to mapfile -t
consuming it as an array with 1 element consisting of an empty string.
Fix this by only calling the printf in case the validpgpkeys array is
not empty. Without any output, the mapfile -t will simply produce an
empty array.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
We need to support subdirectories for the `keys` directory used to
distribute PGP keys alongside the packaging sources.
This is achieved by using `svn ls` to list the files and directories
in the packaging root and leverage the behavior of `svn copy` to
consider subdirectories inside the root but only copy over files and
directories under the subdirectory that are already tracked by svn.
As a step in between, we now use `svn ls --recursive` to list all
tracked svn files in the current repos directory and remove all tracked
files in the staging area. Hence the `svn copy` in combination with the
`svn rm` will result in a sync behavior from the packaging root to the
repos directory.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This avoids the possibility to pollute the keys directory with temporary
files if the script is aborted in between.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Provide a tool to export keys listed in the PKGBUILDs validpgpkeys to
keys/pgp/$fingerprint.asc.
The presense of the "keys" directory alongside the PKGBUILD in trunk/
is tested during commitpkg. If the directory is abscent, keys are
exported and added to the commit. If the directory is present, a
check is made to ensure all valid PGP keys are provided.
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
systemd >= 251 is forcing nspawns to use LANG=C.UTF-8:
b626f6959b
It makes sense to generate the C.UTF-8 locate here when using it as the
default LANG value.
Related to: https://bugs.archlinux.org/task/74864
While `extra-x86_64-build -c` is running `pacstrap` and has
`/var/lib/archbuild/extra-x86_64/root/run` mounted, another user logs
in, thus creating a new mountpoint `/run/user/$uid` that propagates into
`/var/lib/archbuild/extra-x86_64/root/run/user/$uid` leading to a broken
root chroot.
Successive `extra-x86_64-build -c` calls will result in cleanup errors:
```
$ extra-x86_64-build -c
==> Creating chroot for [extra] (x86_64)...
-> Deleting chroot copy 'root'...
rm: skipping '/var/lib/archbuild/extra-x86_64/root/run', since it's on a different device
rm: skipping '/var/lib/archbuild/extra-x86_64/root/run', since it's on a different device
==> ERROR: Working directory '/var/lib/archbuild/extra-x86_64/root' already exists
==> ERROR: Aborting...
```
Reported by and patch adjusted from archlinuxcn.
Fixes FS#64698
This adds support similar to diffpkg from the infrastructure repo
that is based on the assumption that two archives can be passed
to the tooling in order to compare them.
Include a new tool as alternative to checkpkg, this runs diffoscope on a
newly build package and the current repository package. This can be
useful for finding new files / binaries.
If the links database (for some reason) does not exist on the mirror,
curl will save the html 404 page as ${repo}.links.tar.gz in the cache,
and sogrep will later fail with a decompression error from bsdtar.
This patch adds -f to curl so it doesn't save the error page, and exit
after displaying an error in such case.
Fixes!88
Signed-off-by: Haochen Tong <i@hexchain.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
For use with pacman 6.0.1-4 which backports support for LTOFLAGS in
order to speed up builds that use gcc as the compiler. This is less
useful when clang is used, though a hack would be to specify in the
PKGBUILD `LTOFLAGS="-flto=thin"` (outside of any function).
According to gcc(1), this flag (like -fvar-tracking) is enabled by
default when compiling with optimization and debugging information.
As an additional benefit, packages building with the clang compiler
will work with the default flags without having to remove this flag
due to not being recognized by clang.
This implements the logic we need to properly figure out debug packages
when finding packages we are suppose to upload towards
repos.archlinux.org.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This implements our current debug package detection logic.
Mostly taken from our dbscripts project.
Signed-off-by: Morten Linderud <foxboron@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This allows us to extend the uploads array without having to duplicate
the current signing logic.
This doesn't change anything as we still exit on any failed packages.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
When building for an architecture different from the host, the correct
old package was downloaded as "$copydir"'s pacman was configured with
the target CARCH, but checkpkg doesn't know this and tries to search the
cache for host CARCH instead, producing the following error:
`==> ERROR: tarball not found for package: xxx`
This change fixes this by passing the appropriate makepkg config
explicitly, so that checkpkg behaves consistently.
Co-Authored-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Use the recorded buildtool in order to download the matching dist
package and use the appropriate makepkg.conf for reproducing the
package. This is required as the flags are not recorded in the BUILDINFO
hence we need to provide the matching config that declared those flags.
Includes the following hotfix:
> upgpkg: pacman 6.0.1-2: makepkg.conf: Pass -q as the first option to curl
>
> This is needed to disable reading the curlrc config file (if it exists).
>
> Same change submitted to upstream pacman:
> https://lists.archlinux.org/pipermail/pacman-dev/2021-September/025348.html
This reverts commit 594f972666.
We have not received a reply for the relicensing to GPL-3.0-or-later
from its author @drizzt, which is why we are removing this commit.
Add the SPDX license identifier GPL-3.0-or-later to the header of all
scripts without a specific license and upgrading those that are stated
as GPL-2.0 to become GPL-3.0-or-later.
This commit introduces the preservation of SSH_AUTH_SOCK within the
chroot environment, to support SSH-based operations, such as cloning
repositories via SSH.
Introduce setarch-aliases.d/ which gets installed inside
/usr/share/devtools. This allows to assign aliases which map one CARCH
to a different name which gets provided as argument for setarch. This is
necessary on archlinuxarm ("armv6h" -> "armv6l", "armv7h" -> "armv7l")
and allows for more fine-grained architectures (e.g. archlinux32 has
"i686" and "pentium4", which differ in the required cpu capabilities).
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The progress bar feature creates noisy log files, especially with
parallel downloads. Lets disable the progress bar and instead use
parallel downloads.
This effectively does nothing but keep the commented options in sync to
not deviate from the original file for no reason.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The only effective difference is that -Wp,-D_GLIBCXX_ASSERTIONS is now
only defined for CXXFLAGS as of pacman 6.0.0-1
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Outdated sogrep cache has already bit us once in the past. Finding one
or more databases older than a day is a good indication that a refresh
is in order, so do that automatically.
Extracting these databases is painfully slow on HDDs (especially laptop
ones). There shouldn't be a drawback to keeping the tarballs around and
extracting them to a temporary directory (usually tmpfs) to parse them.
The implemented update logic tries to avoid redownloading unchanged dbs.
After further followups always moving all products isn't actually
desired as they can theoretically be broken in various ways if
arch-nspawn exists non successful.
However, as we would like to always preserve the produced log files we
instead split out the logfiles into an own function and call that for
unsuccessful buils.
Fixes 4f305aa3
Commit 09e169b741 changed the default
build host from dragon.archlinux.org to build.archlinux.org - match
in documentation.
Signed-off-by: Christian Hesse <mail@eworm.de>
We now accept:
1) # nothing
in which case we'll use the PKGBUILD to retrieve...
2) name, or repo/name
in which case we'll use pacman to cache the package and retrieve...
3) a filename
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Teach get_pkgfile to call itself in local-only mode and find a cached
file no matter what its extension is. Avoids repetitively trying to curl
random files, fail with 404 errors, and proceed to discover a cache hit
under a different file extension.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Since move_products() function is fairly robust we can make it run for
failed build also to expose logs for packages that fails in build(),
prepare() or package(). It also exposes partially packaged split
packages if they fail in latter package_xxx().
Building a package may change the PKGBUILD during update_pkgver. Let's
retrieve the PKGBUILD after building to ensure we have the very same
file as the one we used to build the package. Otherwise this may lead to
the inability to distribute the package during commitpkg in case the
expected and the actual hashsum mismatch.
First try a .zst location before falling back to legacy variants. This
should slightly speed up downloading of dependencies, especially over
time as .zst packages are or will be the dominant format.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This was incorrectly implemented in commit
0067176529, which added the host_mirrors
root directory as a cachedir, when we actually want to use the pool/*
subdirectories (the same ones installed on the build server's
/etc/pacman.conf).
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
We don't want to check against the current version known to the host
system, because that will be incorrect in a wide variety of situations,
including:
- the build host hasn't done a full system upgrade yet
- we're building against staging, and want to see the delta between
different staging versions
- we're building against extra, but the host runs testing which carries
changes we don't want to visualize right now
- the chroot has a configured database not available to the host, and
the package is only available there
Essentially, it's rarely 100% correct to run checkpkg on the host, but
we already have a database we *know* is correct, and that is the one we
just built the package against. So let's use that.
This also fixes a bug in the current logic, where in order to try
downloading fresh databases, we work in a non-cached temporary working
database to download the package files, but then let checkpkg default to
comparing packages in the system database. Since we are explicitly
trying to compare against packages that differ from the host's pacman
database, we need to pass the package files as options to checkpkg,
using the additional modes added in commit c14338c0fe
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
By specifying multiple package files, we assume they are all from the
same PKGBUILD, and try to check them all against the produced artifacts.
Since the buildinfo should be comparable for all of them, we simply use
the first one passed on the command line.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This ensures we take user specific config values for PKGDEST into
account when printing the package list. This is required as devtools
archbuild_cmd puts packages potentially into the user defined PKGDEST
which the package list would otherwise miss.
This fixes an issue with the usage of makepkg --packagelist to get the
produced artifacts filenames according to the PKGEXT used in devtools'
makepkg.conf instead of the one defined in pacman.
One goal we want to preserve is that devtools configuration should be
self contained and not require any editing of non owned files like
the host /etc/makepkg.conf to produce expected results.
Additionally modify the archbuild_cmd override for multilib builds to
use an independent variable and not fiddle with the actual arch
variable to select the appropriate cmd.
This ensures we use the same configuration for reproducing packages as
we use for building them via devtools.
One example of why we care about this are the COMPRESS* settings that
may differ from the guest's pacman shipped makepkg.conf that affect the
reproducibility of packages.
We don't want the default PKGEXT in the current version of devtools, we
want the PKGEXT we *know* the input file used.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
We need to modify the matching of valid package files to support formats
like zstd. Let's try to use an eager approach instead of a simple
whitelist in order to be functional for arbitrary formats that may be
introduced in the future without the need to adjust any code.
Allow any single fragment word as compression type but filter out known
non-package content like signature files.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This means that the remote command died at some stage earlier than the
printing of created files.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Use pacman's --dbpath feature to sync fresh databases inside an isolated
location and split up the database sync and package location calls to
remove the need of weird grep calls.
It isn't nice of makechrootpkg to modify the host database state just by
building packages. No foreign program shall automatically modify
the host database other than by the explicit will of a system
maintainer, which is the major reason this changes get incorporated.
However, there is certain indoctrinated believe that using -Sy is
the prime evil. In fact it has been declared as a social rule to a
technical problem of not getting into potential partial upgrade states.
This is not a proper loophole less solution as there are multiple ways
and use cases that lead to such a state, like aborting a -Syu on the
prompt for whatever reason, what really matters is that it is not a
technically bullet proof solution to solve the problem.
Databases shall have the freedom to be as up to date as databases or
their owner wishes, allowing querying on latest database state without
fear. The only loophole-less contract that _really_ is from importance
is always using -Su instead of plain -S to install packages. Installing
packages is what actually brings one into a potential partial upgrade
state and by using -Su an outstanding upgrade is forced when installing
a new package. This properly solves all edge cases in a technical
manner instead of declaring people who abort the prompt of -Syu to be
the problem. In fact, using this simple contract allows whatever system
maintenance workflow a host owner wants to follow, which may still be to
always use -Syu and deal with system upgrades explicitly instead of the
time when installing new packages, but the -Su contract is the real safe
guard to guarantee no edge case can ever slip in. This magically also
opens up the freedom to people who wish to use -Sy to simply query on up
to date data as the currently indoctrinated "never do -Sy" stone plates
not only are not rock solid in technical terms but also make certain use
cases simply impossible and hence cripple the functionality without at
the very least being fully loophole free.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
For build servers or similar infrastructure its relatively common to not
sync/update the database regularly. This leads to problems properly
running checkpkg duo to nonexistent target files that we try to
download. As building on build servers is a very common use case, lets
ensure we sync the local database before trying to resolve the package
locations.
Avoid always trying to download and output the according message.
Add checks for packages either not being available in the repo or
all variants have up to date versions stored in the local cache.
In commit 40a90e2cab we tried to protect
against system umasks resulting in unreadable chroots. However, we tried
to do this in a targeted manner due to not wanting to fiddle with
permissions for user-owned files. Unfortuantely, mkdir -p -m755 does not
actually work that way -- the parent directory is created with broken
permissions. We need umask.
Run umask and mkdir in a subshell to prevent leakage.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
In commit 75d23eec94 we moved to include
commitpkg arguments as the first line of the svn commit message, but we
simply dumped the result after the version number without separating the
two, increasing the cognitive burden of parsing the rationale. Since the
whole point of the change was to make it easier to see what happened
when using git log --oneline (reducing the cognitive burden of parsing
'pretty' output with author/date info), it makes sense to also delineate
the reason correctly.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Instead of comparing exact mirror urls to see if they are in
host_mirrors in order to "skip" the official mirrors
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Right now there is a bug in makepkg that leaves back an empty src
directory if SRCDEST is set. This is purely cosmetic, but lets just
politely try to rmdir it and fail silently if its empty or non-existent.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
It may be not enough to just listen on EXIT depending on the shell used
so lets make sure we clean up SRCPKGDEST by listening to more sigs.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
- drop homebrew function in makechrootpkg
- use better mock to find invoking user's $HOME
- make offload-build respect makepkg.conf to determine where to sync
files, matching the behavior of makechrootpkg
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
consolidate logic flows in the same area for parsing and building
arrays. Don't bother having a special function just to build the
mount_args array, since we now use the same handling for adding any
cachedir (including host mirrors) to the mount arguments, this becomes a
trivial for loop -- and it really did not need to be delayed until after
the sanity check, anyway.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
In commit 27ff286ee7, we moved from
sourcing the primary cachedir via /etc/pacman.conf, to using the
pacman.conf in the workdir. One unanticipated side effect of this was
breaking the special host mirrors magic we used to turn a host mirror
into a cachedir. It was still processed as a server, but we relied on it
being in the host's cachedirs in order to be persisted, and this no
longer occurred.
Solve this by explicitly adding each host mirror root as a cachedir.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Transform sogrep into an in-prog so we can benefit from the m4 macro
to specify valid repos in a single place of truth.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Lets prefer the explicit variant of gpg --verify by providing both, the
signature and the data file as parameters.
For the unlikely case there is a matching signature file already present
that was created outside of the toolchain and has an embedded signature
with data, we at least could detect it early with this check.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Several cases showed that we release packages that were built with
different PKGBUILDs than the one commited to the source tree. This is
bad for obvious reasons plus sploils reproducible builds.
We, under no circumstances, want to allow using commitpkg to publish and
release a packages whose PKGBUILD doesn't match the one to be commited.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The unknown packager check didn't worked so far as the wrongly ordered
call to find_cached_package lead to the enclosing block never being
executed.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Sometimes its desired to be explicitly made aware of differences
reporter by checkpkg via printing a warning instead of a regular
message.
Automatically use --warn for makechrootpkg builds so packagers are made
visibly aware of a soname bump by simply looking out for colors
indicating non success messages.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
In some cases, like default makechrootpkg execution, the temporary
directory used to assemble the differences is not required. Add an
option to checkpkg that allows to get rid of that directory after
run and call it automatically like that in makechrootpkg.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Cache previous versions required for checkpkg via pacman to avoid
multiple downloads when running multiple times.
In case we can't download the packages, like while building out of repo
packages, print a warning instead of running checkpkg
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This reverts commit be44b9cde1.
This was a nice idea in theory, because it means that we can catch
conflicting files before releasing them into the repos. In practice,
there were unanticipated side effects: single-package installs which
conflict against their own makedepends cannot be installed either.
Examples include:
- kernel modules which makedepend on their dkms equivalent
- jack2, which makedepends/optdepends on portaudio, which requires
jack... but jack2 is a drop-in provides/conflicts jack.
We cannot reliably detect when makepkg --install will error out because
of dependency conflicts vs. packages which are simply broken. So, back
out this change for now.
Revisit this once pacutils has a new release, because it will add the
option --resolve-conflicts=all, allowing for much better scripted
responses to "foo conflicts with bar, remove bar? [y/N]" than simply
"--noconfirm and fail".
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
We previously whitelisted this return code because split packages can
frequently conflict each other, so makepkg -i is *expected* to fail in
such a case. However, there is no good reason to let this succeed if the
pkgbase only builds one pkgname -- that will always be a severe issue.
Add a check for how many split
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
The -U option was initially introduced in commit
cda9cf436b in order to enable running
makechrootpkg as root, delegating to another, manually selected, user to
perform various non-root tasks (given that makepkg was modified to throw
fatal errors when run as root without the option of --asroot to disable
that). However, it was only ever implemented for the --verifysource
option outside of the chroot, and the builduser inside the chroot is
created with the same uid as the makechrootpkg invoker. It needs to run
as the same uid, because it needs rw access to $startdir and $SRCDEST!
Additionally this lets the invoking user more easily inspect the build
directory in case of problems...
The correct solution for this is to properly implement the initial
intention of the -U option, and make it override the autodetection of
the "invoking user" which is normally done by inspecting $SUDO_USER.
This is then used as the single source of truth for "who am I pretending
to be".
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
When svn ls fails due to network timeouts, this currently results in
archrelease deleting all files, then committing this as the changeset.
This causes data loss...
With bash 4.4 and using wait $! we can get return the return code of the
last backgrounded command -- which process substitution qualifies as.
Key off of this to make sure that `svn ls` actually succeeded.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
When mixing and matching different repos and architectures not present
in mainline archlinux, it is sometimes desirable to set up differing
presets with more granularity than devtools currently allows.
One example of this is when building for architectures that are only
supported by another project -- in order to coexist on a mainline
archlinux host, a different mirrorlist needs to be used.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Packages should never be getting downgraded... unless a package is
pulled from testing, e.g. for example if gcc9 totally breaks the linux
kernel. In such cases, the master repo says there is a downgrade, so
we'd better go with that. Basically, ensure that packages match the repo
they are being built against. Consistency at all costs!
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
noconfirm is wrong here, as we don't want to accept the default answer
-- we want to install the new package, even if it conflicts and provides
an existing one. After all, we explicitly asked for it.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
gpg-agent is really annoying and leaves useless copies of itself around.
Using unshare ensures that all such processes are killed as soon as the
main gpg process dies.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
If the find command cannot descend into a directory in order to search
for a PKGBUILD, it is likely a "$pkgdir" which makepkg sets as
unreadable. As far as finddeps is concerned, this error message is not
needed.
Also convert to using null-delimited paths on general principle to
prevent read from splitting on odd paths.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
And pass them on to download_sources outside the chroot.
Fixes FS#35652
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
In commit bd826752c9, support for short
options was added to the heuristic for --noextract, but in the process,
we changed to loop over the set of user options plus the builtin
defaults for inside the chroot. This was wrong, as we only care about
the user options -- moreover, it prevents us from adding verifysource
support *outside* the chroot, for options that are also chroot options,
like --holdver.
Also remove uselessly duplicated line.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
If a user umask is restrictive, a chroot may be created as root without the
ability for the user to read it, which then causes makepkg
--verifysource to fail.
Do not set this in lib/common.sh, where it would apply to all scripts,
as we do not want to override the user's policy for things like $SRCDEST
files, svn checkouts, etc.
Fixes FS#47625
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
When parsing paths to automatically make available to the container, the
":" is used internally by systemd-nspawn to signify destinations in the
container. Replace automatically with "\:" for the mounts that we set
up, in order to safely handle a working directory etc. that contains
this character.
For bind options exposed to the user, it is assumed the user takes care
of passing systemd-nspawn compatible paths themselves.
Fixes FS#60845
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This allows comparing the currently built set of packages against
targets named by filename, url, or pkgname. One example use is to
compare a package against a different version that was never in the
repos; another example use is to compare a *-git package against the
non-git version.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Using the literal strings "true" and "false" is inaccurate and may
result in uncertainty of whether it is set when doing string comparison,
or simply rely on the shell implementation of treating the string as a
command builtin, then executing the value as a shell command. Emulate
makepkg, which makes heavy use of shell arithmetic for this purpose.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This reverts (the bulk of) commit 2fd5931a8c.
Reducing globals makes little sense in in a oneshot bash script, but
reduces code clarity and in fact resulted in bugs because even the
commit author couldn't keep track of the script state.
An exit was changed to a return, even though that made no sense outside
of a function, and has been duly returned to being an exit. This was
never tested and later papered over by wrapping the entire script in a
main() function and then calling the function for hysterical raisins.
The functiony nature of sync_chroot/delete_chroot is preserved, as those
functions demonstrate meaningfully standalone functionality -- who
knows? we may want to reuse this. Everything else is tightly bound to
the internal logic of makechrootpkg.
Completely separate functionality that was silently implemented in the
original commit is also preserved:
- declare a couple of variables as locals
- move the abort-on-no-PKGBUILD outside the install_packages function
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This reverts commit 49088b0860.
The fundamental intention was flawed and broken, it caused annoying
issues and regressions, and the self-avowed sole purpose of the change
was so that a downstream project could *post-modify the script and
source it as a library*.
That is not okay. You don't wrap non-factorable code in a function
called main() and call it a library. The only possible use for this is
to treat makechrootpkg *internals* as a library, which is not supported.
Downstream projects that wish to use the functionality of makechrootpkg
should treat makepkg as a command with a public API in the form of
command line options. That is kind of how commands of all kinds work,
since forever. That is how all users of makechrootpkg *except for
parabola* use it.
Arguments that "it saves us the cost of fork+exec to bash" are simply
invalid.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Programs can freely define the value of argv0 and thus it means nothing.
Instead, use the bash-specific variable explicitly designed to safely
and accurately reference the name of the currently sourced file.
This also fixes the case where simple debugging mechanisms like using
"bash -x foo" tried to treat "foo" as the unqualified $0 and therefore
broke horribly due to lack of pathnames.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This reverts commit 578a62f1e0.
mkarchroot is run as root (via check_root if needed) so the environment
should already be clean. If not, the user has broken their root
environment, and we cannot support this. It's unclear what environment
settings may or may not be messing with anything, ever, but the original
bug report happened on Parabola who perform extensive patching to
"libretools" such that the code no longer resembles devtools at all.
It's therefore likely any such bug is parabola specific, but we will
never know since the original commit message states that they don't know
why they do it either.
Parsing the user's entire exported environment via both sed and grep is
overkill for a non-bug, especially when it doesn't work for variables
declared -rx and doesn't work for things like:
export fooled_you=$'wow such hax\ndeclare -x http_proxy=lol'
Also if done properly this would rely on compgen -e to print all
exported shell variables. Or even better, loop through /proc/$$/environ
which is both null-delimited and easily parsed with the read builtin and
[[ ]]
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Previously, arch-nspawn was using the hosts' pacman cache in
the chroot even when the chroot was set up with a different
cache by mkarchroot, unless specified with the -c flag.
Problem is that makechrootpkg passes no -C, -M nor -c flags
to arch-nspawn, so all values must be obtained from the
working directory.
This change take the cache directories from the pacman.conf
specified with the -C option unless the -c option was given
(as is the case when the chroot is set up with mkarchroot),
and, when neither -C nor -c is given (as is the case when
invoked by makechrootpkg), the cache directory is taken
from the pacman.conf in the working directory.
This wasn't such an issue when i686 was mainline, however,
which building packages in a chroot against archlinux32 on
an x86_64 platform, the cache of the host should _never_ be
used.
Rebased by eschwartz on top of cachedir reworking.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
It's important to ensure the guest has up to date data because updating
a chroot after quite some time can potentially rely on updated
archlinux-keyring, something which the host machine either kept up to
date on or manually fixed, but it kills automation to mess around with
chroot configs like that. Alternatively, signed packages added with -I
need to work, and we assume the host is configured to accept these.
That is *not* a good reason to completely nuke whatever is in the guest,
though. A guest might have been manually configured to accept keys which
aren't accepted by the host; one example of this happening in practice,
is archlinux32 when building 32-bit packages from an archlinux host.
The right solution is to append to, rather thna overwrite, the chrooted
guest's pacman keyring.
To do this, we will use gpg's native facility to dump the keyring from
one GNUPGHOME and import it into another. We'd use pacman-key's --import
option directly, but this doesn't support passing custom options like
--import-options import-local-sigs
Finally use pacman-key's native facility to import the trust status from
the host.
While we are at it, fix a bug where we didn't respect the host's
pacman.conf settings for the GpgDir. While it isn't wildly likely a user
will choose to customize this, it is a valid and supported use case and
we must think about this ourselves.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
In commit d9b7350448, a line was deleted
that had a shellcheck ignore marker, but the marker itself was left in
(and had nothing to do). So, remove it.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
It's incorrect to make pacman completely useless inside the chroot by
starting off with no pacman keyring. Assuming that the only consumers of
a new chroot will be arch-nspawn (which copies over the hostconf) is
bad design, and furthermore makes it impossible to fix other issues in
arch-nspawn itself.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Since makepkg.conf is a bash-compatible configuration file, it must be
sourced.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
In commit 46c4def073, we added support for
nonstandard PREFIX installations, but DESTDIR was and is never supposed
to be a part of that. While DESTDIR isn't terribly likely to be used
during `make all` invocations, that's no reason to break horribly if it
is used for some reason.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
And while we're at it, make this more consistent. Currently we
unnecessarily support only one -c /path/to/cachedir option.
This requires slightly more thorough handling in mkarchroot to ensure
all custom cachedirs are passed on to arch-nspawn. Rework
to simply forward all arguments to arch-nspawn (minus final arguments
used for pacman -Sy packagelist).
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This tool is useful for running makechrootpkg on a remote build server,
and is by default hooked up to send a PKGBUILD and initiate a build on
our shiny new build server "dragon".
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
This reverts commit 6d1992909c.
It has never worked. In commit c86823a2d4
it was noted that it compared the device numbers for [[ $1 = $1 ]] which
was a useless check and always returned true, for *any* btrfs
filesystem. Now that the function is corrected to compare [[ $1 = $2 ]]
the check is still useless, but this time because it always returns
false -- btrfs subvolumes on the same filesystem do *not* share device
numbers.
So let's go back to the original working implementation that only
matters in terms of makechrootpkg, and just checks if makechrootpkg's
root working directory is btrfs (in which case we know it will be a
subvolume because mkarchroot will create it that way).
This restores our special support for the btrfs filesystem.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
This is the new and improved, canonical sogrep command, now with a valid
license.
The previous version of sogrep had several issues and inefficiencies,
and ultimately wasn't really the finished project I wanted it to be. Due
to a mistake in communication, I was totally unaware it was in the
process of being merged at all, nor that there was a licensing issue, or
I would have recommended waiting for both further improvements, and a
declaration of license intent; nevertheless, here it is now, and I
formally give this over into the GPLv2+ domain.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Partition the Makefile targets to only clean configured files, and make
the configured files be a subset of the bin programs.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Introduce a README which describes where to send patches and how to
release a new version of devtools.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
If makechrootpkg is called as non-root, the {SRC,SRCPKG,PKG,LOG}DEST,
MAKEFLAGS and PACKAGER environment variables are lost in the call to
check_root().
Add these to the passed keepenv list so that they are preserved instead.
make clean removes all .in converted files to a file without .in which
in the make clean step is removed. So running make clean will remove
sogrep since it's specified as BINPROGS. In the future this steps should
be removed for sogrep since it is a standalone script.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
svn propset's where determined to be non-reproducible and therefore
where removed from svn. Don't introduce them when moving packages
between repos.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
makechrootpkg's download_sources() leaves a stray directory if
"makepkg --verifysource" failed. We use "setup_workdir" instead
of "mktemp -d", because this ensures the correct garbage collection.
Signed-off-by: Erich Eckner <git@eckner.net>
Les us source makepkg.conf settings from the environemnt. This also includes
`GNUPGHOME` which is present in `makechrootpkg`, but not included in archbuild.
Signed-off-by: Morten Linderud <foxboron@archlinux.org>
makepkg 5.1 implements error codes, and 14 means that installing the
packages after they were built has failed. We don't care about this
error and would like makechrootpkg to succeed regardless, e.g. for split
packages that are mutually exclusive.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
chown support "$user:$group" but also "$user:" which infers $group
rather than leaving it as root. This looks up the group name in cases
where the default group is e.g. "users" and users do not get their own
unique groups.
It is much nicer to use a proper configuration parser to retrieve the
primary mirror, rather than clever hacks using undocumented APIs,
especially when their behavior as used then breaks in later releases.
Fortunately, pacutils exists now and pacconf handles this quite
elegantly. It has since been moved to pacman-git proper.
Check if pacman-conf from a new enough version of pacman exists and
fallback on pacconf from pacutils.
This reverts commit eb6b0e3f11.
This never worked, as pacman-git returns file urls from the cache anyway
and pacman stable doesn't have any problem at all. Having useless code
which makes people think the issue is solved when it really isn't, is
bloat, so remove it.
In pacman-git commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac makepkg
started checking that the setuid/setgid bit could be removed on the
$BUILDDIR in order to prevent this propagating to the packages
themselves. Unfortunately, this requires the temporary builddir used
during the --verifysource stage of makepkg, to be owned by $makepkg_user
which was not the case as it is created as root using mktemp (and given
world rwx in addition to the restricted deletion bit.)
Obviously makepkg cannot chmod a directory that it does not own. Fix
this by making $makepkg_user the owner of that directory, as should have
been the case all along.
(Giving world rwx is illogical on general principle. The fact that this
is a workaround for makepkg demanding these directories be writable even
when they are not going to be used for the makepkg options in question,
is not justification for being careless.)
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Previously, makechrootpkg hardcoded ~/.gnupg. Therefore, if a user
uses a custom GPG home directory, the siganture checking would fail.
Now makechrootpkg uses $GNUPGHOME, with a fallback to ~/.gnupg.
Signed-off-by: Emiel Wiedijk <me@aimileus.nl>
Support for working with `set -u` was broken by 94160d6. Egg on my
face; I'm the one who wants `set -u` support, and I'm the author of
that commit!
libmakepkg does not work with `set -u`; but mostly because of the include
guards! So we just need to temporarily disable `set -u` (nounset) while
loading libmakepkg. Instead of introducing a new variable, just store the
initial nounset status in _INCLUDE_COMMON_SH; rather than a useless
fixed-string "true".
While we're at it, disable POSIX-mode (just in case we're running as "sh"
instead of "bash"), since libmakepkg uses bash-isms that won't parse in
POSIX mode.
Don't use error-prone logic e.g.
foo=true; if $foo ...
This completely fails to act as expected when the variable is unset
because of unrelated bugs.
While this merely causes the default behavior to be "false" rather than
"true" in such cases, it is better to fail to enable explicitly
requested behavior (which will be noticed by the user) than to simply
upgrade to this behavior for free (which may not seem to have any
obvious cause).
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Fixes regression in 2fd5931a8c
$run_namcap will always be set to ""
`if $not_a_var; then ...; fi` is always truthful when $not_a_var is
unset or equal to "" and the `then` clause will always be run.
I'm not sure why global state variables need to be cloned locally for
their sole explicit purpose.
But for now this patch implements the minimum necessary work to properly
pass the "do I want namcap" variable into prepare_chroot() according to
the current logic flow.
Note that I have still not thorougly tested makechrootpkg.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Recent development versions of makepkg support reproducible builds
through the environment variable SOURCE_DATE_EPOCH. Pass this variable
through makechrootpkg to makepkg when available.
Also initialize SOURCE_DATE_EPOCH whenever running archbuild to enforce
reproducible builds for repository packages.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
A couple of the comments noting which globals are used by functions are
outdated/wrong.
- download_sources() : Remove USER from the list. It was always wrong.
Originally, it should have been SUDO_USER (not USER), but I should have
removed it entirely in 4f23609.
- move_products() : Add SRCPKGDEST to the list. Though the commit adding
the comment was only recently upstreamed (as 2fd5931), it originated in
2013 in a commit that has since been rebased many times. Anyway, in
this rebasing, it missed move_products() starting to pay attention to
SRCPKGDEST in fd1be1b (since nothing made git think there was a
"conflict").
The reason it wasn't moved before was just to keep the diffs
(with --ignore-all-space) smaller, to make merging and rebasing work
easier. Moving code around in a file tends to make that difficult.
But, readability wise, it belongs in main().
nspawn does not give us a controlling terminal, hence we ignore
interrupts. Apparently this was lost in systemd at some point.
Hack around this by reopening the console to make it the controlling
terminal.
Coredumps from build chroots are not generally useful. Prevent
them from being generated.
Avoids a lot of annoyance from the GCC testsuite spawning lots of
systemd-coredump processes.
Just set the soft limit so the user can still raise it in the PKGBUILD
if they insist.
systemd-nspawn use a default environ PATH value of:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Since filesystem 2017.08, this is no more overrided by /etc/profile
to the Arch default:
PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
Commit 58968cf fixed symlinks for package products in $startdir in
light of the simplified chroot setup. However, a similar change needs
to be made for source-package products. This was an easy omission to
make because makechrootpkg does not produce source-pakcages by
default.
- Use `read -r` instead of other forms of read or looping
- Use arrays instead of strings with whitespaces.
- In one instance, use ${var%%.*} instead of $(echo $var|cut -f. -d1)
The bug isn't currently triggered, but I accidentally did trigger when I
was trying to modify the command a bit. I figure a "caution" sign would be
helpful to any future developers.
The default m4 quote characters: `QUOTE' are troublesome, because ` is
fairly likely to pop up in a shell script (if not for a subshell, because
it is a useful character in comments and user-facing messages).
So, this changes it to [[[QUOTE]]], as it is unlikely to see three braces
together like that, let alone in unbalanced sets.
What this is really doing is fixing a conflict that I had incorrectly
resolved when rebasing what became 2fd5931 onto cda9cf4. Of course,
because of dynamic scoping, everything worked out, and everything worked as
intended.
Before cda9cf4, it was appropriate for download_sources to take src_owner
as an argument, but after cda9cf4, it is now appropriate to take
makepkg_user as an argument. However, it still takes src_owner as an
argument, but pays 0 attention to it; instead looking at makepkg_user which
it happily inherited because of dynamic scoping.
So change it to take makepkg_user as the argument.
The `-xdev` flag to `find` makes it not recurse over subvolumes; so it only
supports recursion with depth=1. Fix this by having the function
recursively call itself.
This is inspired by the thought that went in to the delete_chroot
is_subvolume commit.
sync_chroot($chrootdir, $copydir) copies `$chrootdir/root` to `$copydir`.
That seems a little silly; why do we care about "$chrootdir"? Have it just
be sync_chroot(source, destination) like every other sync/copy command.
Where this becomes tricky is check to decide if we are going to use btrfs
subvolumes or not. We don't care if "$source/.." is on btrfs; the root
could be a directly-mounted subvolume, but and the destination could be
another subvolume of the same btrfs mounted somewhere else.
The things we do care about are:
- The source is a btrfs subvolume (so that we can snapshot it)
- The source is on the same filesystem as the directory that the copy will
be created in.
- If the destination exists:
* that it is not a mountpoint (so that we can delete and recreate it)
* that it is a btrfs subvolume (so that we can quickly delete it)
On the last point, it isn't necessary for creating the new snapshot, just
for quick deletion. That can be a separate check, where we use regular
`rm` for deleting the existing copy, but use subvolume snapshots for
creating the new one.
Also, shorten the "Synchronizing" message to only include the full path
to the copy if it was specified.
The capslocked variable names in the Usage comment were references to
things in Parabola's tools, that didn't make much sense here out of
context.
First of all, it ran `is_btrfs "$chrootdir"` to decide if it was on
btrfs, but $chrootdir wasn't defined locally; it just happens to work
because $chrootdir was defined in main(). (I noticed this because in
Parabola, it is called differently, so $chrootdir was empty).
So I was tempted to just change it to `is_btrfs "$copydir"`, but if
$copydir is just a regular directory on a btrfs filesystem, then it
It would leave much of $copydir intact. What we really care about is
if $copydir is a btrfs subvolume; which we can check by combining the
is_btrfs check with inspecting the inum of the directory.
I put this combined check in lib/archroot.sh:is_subvolume.
https://lists.archlinux.org/pipermail/arch-projects/2013-September/003901.html
This means wrapping variable initialization in init_variables(), and the
main program routine in main().
I did NOT put `shopt -s nullglob` in to a function.
It make make sense to move init_variables() down into the main()
function, instead of having it as a separate function up top (if this
done, then the `-g` flag passed to `declare` in init_variables() can
be dropped). However, in interest of keeping the `diff -w` small, and
merges/rebases simpler, this isn't done here.
A previous iteration of this change (libretools commit d7dcce53396d)
simply inserted `env -i` to clear the environment.
However, that lead to it ignoring proxy settings, which some users had
problems with:
https://labs.parabola.nu/issues/487:
> To fix other bugs, the pacstrap environment is blank, which also
> means that the proxy settings are blank.
So (in libretools commit d17d1d82349f), I changed it to use `declare
-x` to inspect the environment, and create a version of it only
consisting of variables ending with "_proxy" (case-insensitive).
I honestly don't remember what "other bugs" prompted me to clear the
environment in the first place.
In sync_chroot(), this makes the messages be a bit more precise with
exactly which thing they are syncing where. This is based on my users
expressing confusion at what is going on (especially when something is
taking a long time, and they have to blame something for blocking).
With these changes, I haven't gotten such confusion in a long time
(but maybe my users just got used to it).
In delete_chroot(), this changes "temporary copy" to "chroot copy",
since in Parabola's version of the tools, the function can get called
from other places, and it isn't necessarily operating on a temporary
copy.
This allows us to run an ARM chroot on an x86 box; as the binfmt
runner will set the architecture for us, and the x86
`/usr/bin/setarch` program won't know about the ARM architecture
string.
Even though main() doesn't call `set -u`; this way the functions will
continue to work if copied into an environment with `set -u`, or so
that we are ready if we ever want to start using `set -u`.
Rather than them simply being named blocks of code with braces around
them.
That is: have them take things via arguments rather than global
variables.
Specific notes:
- create_chroot->sync_chroot:
I pulled out locking the destination chroot; getting that lock is
now the caller's responsibility. It still handles locking the
source chroot though.
I pulled the `if [[ ! -d $copydir ]] || $clean_first;` check out; it is
now the caller's responsibility to use that check when deciding if to
call sync_chroot.
However, when pulling that check out, I left it as `if true;`, to
keep an indentation level. This patch has had to be rebased/merged
many times, and changing the indentation is a sure way to make that
go less smoothly; I'm not going to re-indent this block until I see
the check removed in the git.archlinux.org/devtools.git repository.
- install_packages:
1. Receive the list of packages as arguments, rather than a global
variable.
2. Make the caller responsible for looking at PKGBUILD. From the
name and arguments, one would never expect it to look at PKGBUILD.
This is similar to common C #ifdef guards.
I was tempted to wrap the entire thing in the if/fi, rather than use
'return' to bail early. However, that means it won't execute anything
until after it reaches 'fi'. And if `shopt -s extglob` isn't executed
before parsing, then it will syntax-error on the extended globs. One
solution would have been to move `shopt -s extglob` up above the
include-guard. But the committed solution is all-around simpler.
It was displaing the value of the `makepkg_args` variable, which may
have already been changed by the argument parsing by the time it gets
to `-h`. Now there is a separate `default_makepkg_args` variable.
This involves extending the signature of lib/common.sh's `stat_busy()`,
`lock()`, and `slock()`. The `mesg=$1; shift` in stat_busy even suggests
that this is what was originally intended from it.
In cases where there is no license specified, the file is tagged as
"License: Unspecified". Obviously, that is not ideal, but it
highlights the fact, and I hope that it encourages whoever has the
authority to specify the license to do so.
On that note, to anyone who may have the authority to specify the
license of files in devtools: the current licence of many files is
GPLv2 with no option for later versions; I impore you to re-license
them to have the "or any later version" option.
Allow for locks to be inherited. Inheriting the lock is something that
mkarchroot could do previously, but has since lost the ability to do. This
allows for the programs to be more compos-able.
Do this by instead of unconditionally opening $file on $fd, first check if
$file is already open on $fd; and go ahead use it if it is.
The naive way of doing this would be to `$(readlink /dev/fd/$fd)` and
compare that to `$file`. However, if `$file` is itself a symlink; or there
is a symlink somewhere in the path to `$file`, then this could easily fail.
Instead, check `[[ "/dev/fd/$fd" -ef "$file" ]]`. Even though the Bash
documentation (`help test`) says that `-ef` checks for if the two files are
hard links to eachother, because it uses stat(3) (which resolves symlinks)
to do this check, it also works with the /dev/fd/ soft links.
`lock_close FD` is easier to remember than 'exec FD>&-`; and is especially
easier if FD is a variable (though that isn't actually taken advantage of
here).
This uses Bash 4.1+ `exec {var}>&-`, rather than the clunkier
`eval exec "$var>&-"` that was necessary in older versions of Bash.
Thanks to Dave Reisner for pointing this new bit of syntax out to me
the last time I submitted this (back in 2014, 4.1 had just come out).
The systemd package creates a subvolume at /var/lib/machines (through
tmpfiles), if it can. We need to delete this subvolume before we can
delete the parent subvolume.
Look through the root for inodes with the number 256. These identify
subvolume roots.
The way in which makechrootpkg reads variables from makepkg.conf(5) is
different from makepkg, in that it reads a subset of defined
variables, and only if the were not set in the environment before.
Mention this in the usage text.
Fixes FS#44827
This removes the preservation of HOME being /build just for the pacman
sudo call. Former leads to unbuildable packages when an to be installed
dependency writes something into the HOME dir (f.e. .config). The
resulting directories won't be writable by the builduser as they are
owned by root:root and ultimately will fail to build anything that
requires so.
In order to have an UTF-8 locale in the build root. This is something
normally set on real machines but is not set from our chroots. Meson,
for example, loudly complains when the locale charset is not UTF-8.
I'd like to have C.UTF-8, as most other distributions do. Unfortunately,
it's not part of vanilla glibc; en_US.UTF-8 will have to do.
mkarchroot already creates roots with both en_US.UTF-8 and de_DE.UTF-8,
the latter because builds of gcc (perhaps used to) require it.
Bump the CHROOT_VERSION due to the setting change.
The gnustep-base package ships a profile.d script that adds
"$HOME/GNUstep/Tools" to the PATH, which breaks when the user changes
and causes meson to exit with a "permission denied" error.
Copy both UID and primary GID of the invoker to the builduser. Mount
srcdest and startdir read-write.
v2: Fixed GnuPG keyring owner and moved running namcap from a heredoc
to a function.
This way the HOME dir is writable and no ugly hacks are required
in the PKGBUILD if $HOME is accessed (f.e. maven, gradle and also
some python tests etc.)
This is needed in order to use GPG's auto-key-retrieve keyserver option,
otherwise the keyring will get copied to the chroot before the required
keys are retrieved during 'makepkg --verifysource'.
Chances are that pubring.kbx has been created by gpgsm but pubring.gpg
is still around with valid data. We do not know what file contains what
we need, so just copy both.
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
bsdtar doesn't consider it an error when your --include doesn't match
anything in the archive, so we're forced to dump stderr to /dev/null
here.
Fixes: https://bugs.archlinux.org/task/42551
It tried to lock `$copydir.lock`, which was the ONLY mention of $copydir in
the entire file. Surely it meant `$copy.lock`; the line was probably
originally copy/pasted from makechrootpkg or similar, where $copydir is
used.
We run from a non-interactive shell, so the exec which is inevitably
called will replace the current process and 'die' will never run under
any circumstances.
This also fixes a bug with the su fallback which would cause multiple
arguments to be concatenated without any whitespace between them.
In collaborative builder machine, these scripts are often allowed to become root
via sudo. This patch avoid to prefix them by sudo each time or call su.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
If getopts comes across an unknown argument, $arg it set to '?' and
$OPTARG is unset. Therefore the getopts line detecting unknown arguments
doesn't work. Arguments to pass to makepkg are already handled by
passing all the aguments after the end-of-options marker (--), but this
wasn't documented in the usage text.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
If PKGDEST is set when makepkg was run, the package will be present in
find_cached_package's search path by default, causing an error.
This also fixes a display bug which causes no output to be shown when
multiple packages are found.
Fixes FS#37626.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
This function (currently) searches through $PWD and $PKGDEST looking
for a tarball matching the requested package name, architecture, and
pkgver. If found, it writes the full path to the located package to
stdout and returns 0, else 1. If more than 1 match is found, it's
treated as an error and the user will need to figure out what to do.
Use this in checkpkg and commitpkg, which previously implemented their
own less complete logic, to locate the build artifacts they rely on.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Instead of dying at the first sight of an unversioned file, this lets
commitpkg dump all known unversioned files at once.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
We shouldn't be in the business of reparsing makepkg's arguments, but
since we have to treat the case of repackaging separately, do a better
job of trying to find signs of it happening. This change lets you pass
the longopt, --repackage, or multiple shortopts such as -RA, and still
get the intended effect.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
The bsdtar options were in the incorrect order and objdump couldn't find the files.
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Piggyback on systemd-nspawn's --bind and --bind-ro flags to allow
arbitrary mount points to be added to the build container.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
We can't rely on PKGEXT since it's not sourced from a controlled
location. Case in point, if a user sets PKGEXT=.pkg.tar.gz, checkpkg
fails and offers no easy workaround.
Instead, use glob expansion to resolve the name of the tarball, bailing
if it can't be found definitively. This involves some refactoring to
avoid modifying PWD (which is advisable regardless).
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
This fixes various errors one might encounter when trying to use a
build root or cachedir with whitespace in it.
Note that the cachedir fix is not a complete one, as pacman's output is
unreliable (and not meant for parsing here).
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
eval is no longer involved in the execution of systemd-nspawn, so we no
longer need a layer of escaping on the arguments.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
For example...
$ make
GEN checkpkg
GEN commitpkg
GEN archco
archco: line 179: unexpected EOF while looking for matching `"'
archco: line 181: syntax error: unexpected end of file
make: *** [archco] Error 2
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Now that die() properly forwards arguments to error(), we can expect
that the first arg is a format string and not the entirety of the
output.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Also allow this function to be called without arguments, in which case,
don't call error at all. Some uses of this function wrongly assumed
that this was already allowed.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
- Ensure sources are available before entering chroot
- Bind STARTDIR and SRCDEST into the chroot read-only
- Refactor makechrootpkg and introduce meaningful functions
Avoids copying stuff from/to the chroot as much as possible. With
VCS sources these copies can get quite expensive.
Reduces code duplication.
With makechrootpkg not calling mkarchroot anymore,
the lock handover protocol is unneeded.
arch-nspawn does not do any locking, so add protection to archbuild.
Separates the two features of mkarchroot. Provides users of the new
arch-nspawn with the full feature set of systemd-nspawn.
For example, this can be used to bind custom directories into the chroot.
Add option -T to build in a temporary chroot. This apply to any kind of
filesytem and allow to easily parrallelize builds.
This patch also simplify how $default_copy and $copy are defined.
Signed-off-by: Sébastien Luttringer <seblu@seblu.net>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
systemd-nspawn is capable of doing this as of systemd-198. Doing this
means we can remove all of our home grown chroot mount/umount logic, as
it's all performed by pacstrap or systemd-nspawn.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Move detection of chrootdir type after have check if the directory exists.
This avoid the following messages when -r is not given
stat: cannot read file system information for '': No such file or directory
Signed-off-by: Sébastien Luttringer <seblu@seblu.net>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Enable btrfs features only if the underlying filesystem is btrfs and not rely
on the presence of the btrfs tools.
Signed-off-by: Sébastien Luttringer <seblu@seblu.net>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Since commit cb3a6ce, running makechroot 2 times to insert a package in a build
directory require to find a directory without PKGBUILD
cd /var/empty
makechrootpkg -cu -I virtualbox-host-dkms-*-i686.pkg.tar.xz -r <dir>
makechrootpkg -I virtualbox-host-dkms-*-i686.pkg.tar.xz -r <dir>
cd -
makechrootpkg -n -r <dir>
This patch allow makechrootpkg to handle more than one package to be installed
before the build is run and simplify the previous case in
makechrootpkg -ncu -I virtualbox-host-dkms-*-i686.pkg.tar.xz -I virtualbox-guest-dkms-*-i686.pkg.tar.xz -r <dir>
Signed-off-by: Sébastien Luttringer <seblu@seblu.net>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
This allow to build in one shot a package depending of a missing package
Signed-off-by: Sébastien Luttringer <seblu@seblu.net>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
This will allow, by example, to easily build a package with a custom pkg.
staging-x86_64-build -- -cI /var/cache/pacman/pkg/ldoc-1.2.0-1-any.pkg.tar.xz
staging-x86_64-build -- -n
Signed-off-by: Sébastien Luttringer <seblu@seblu.net>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
The usage messages now begins with a "Usage:", i.e. capitalized and with a colon. Fixes FS#26956.
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Stop trap_exit from forcing a 0 exit code. This fixes makechrootpkg,
which used to always return success, even if the build failed.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
SVN treats '@' as a revision specifier, so with the addition of systemd
spawning service files, we need to ensure it doesn't screw things up.
Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
* If we are running systemd use nspawn instead of our own chroot setup
* Use pacstrap to setup our chroot environment
* Make sure the common trap is still called
* Bind resolve.conf, timezone and lcoaltime from the host if nspawn is not used
* Run ldconfig within the chroot
Previously files were always owned by nobody which means trying to write
to them directly would fail because only the owner has +w.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
With bash-completion 2.0, the completion must have the same name as the binary.
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2012-06-25 00:01:32 +02:00
241 changed files with 18932 additions and 1971 deletions
archbuild - a script to build an Arch Linux package inside a clean chroot.
Synopsis
--------
archbuild [options] -- [makechrootpkg args]
Description
-----------
'archbuild' is a script to build an Arch Linux package. archbuild is part of devtools but should only be used via one of the included symlinks:
* extra-x86_64-build
* gnome-unstable-x86_64-build
* kde-unstable-x86_64-build
* multilib-build
* multilib-staging-build
* multilib-testing-build
* staging-x86_64-build
* testing-x86_64-build
The symlink used to run it will be inspected by archbuild, to determine which target you want it to use. It will load the available pacman configuration from 'reponame-arch.conf' with a fallback to 'reponame.conf' from {pkgdatadir}/pacman.conf.d. The makepkg configuration is loaded from 'repo-arch.conf' with a fallback to 'reponame.conf' from {pkgdatadir}/makepkg.conf.d.
It will also load the bind mount configuration from 'mount.d/arch' in {pkgdatadir}. The file format is that each line starting with ro and rw will be used, other lines will be ignored, and the rest of the used line is out/path:in/path preceded by a space as a separator. ro means it is a read-only mount, rw means a read-write mount.
pkgctl-repo-create - Create a new GitLab package repository
Synopsis
--------
pkgctl repo create [OPTIONS] [PKGBASE...]
Description
-----------
Create a new Git packaging repository in the canonical GitLab namespace.
This command requires a valid GitLab API authentication. To setup a new
GitLab token or check the currently configured one please consult the
'auth' subcommand for further instructions.
If invoked without a parameter, try to create a packaging repository
based on the 'PKGBUILD' from the current working directory.
Options
-------
*-c, --clone*::
Clone the Git repository after creation
*-h, --help*::
Show a help text
See Also
--------
pkgctl-auth(1)
pkgctl-repo-clone(1)
pkgctl-repo-configure(1)
include::include/footer.asciidoc[]
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.