Bump version to 20151002

Sync makepkg.conf files with pacman 4.2.1-4
Layer gnome-unstable above staging, not testing
2025-09-13 18:06:19 +02:00 · 2015-10-02 15:02:45 +03:00 · 2015-10-02 14:59:52 +03:00 · 2015-09-25 14:37:20 +03:00 · 2015-06-06 15:27:00 +03:00 · 2015-06-06 15:22:51 +03:00
27 changed files with 849 additions and 744 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@ rebuildpkgs
 zsh_completion
 find-libdeps
 crossrepomove
 arch-nspawn
--- a/17
+++ b/17
@@ -1,4 +1,4 @@
-V=20121115
+V=20151002
 PREFIX = /usr/local
@@ -13,9 +13,8 @@ BINPROGS = \
 	finddeps \
 	rebuildpkgs \
 	find-libdeps \
-	crossrepomove
+	crossrepomove\
-
+	arch-nspawn \
 SBINPROGS = \
 	mkarchroot \
 	makechrootpkg
@@ -68,7 +67,7 @@ BASHCOMPLETION_LINKS = \
 	archco \
 	communityco
-all: $(BINPROGS) $(SBINPROGS) bash_completion zsh_completion
+all: $(BINPROGS) bash_completion zsh_completion
 edit = sed -e "s|@pkgdatadir[@]|$(DESTDIR)$(PREFIX)/share/devtools|g"
@@ -78,16 +77,15 @@ edit = sed -e "s|@pkgdatadir[@]|$(DESTDIR)$(PREFIX)/share/devtools|g"
 	@m4 -P $@.in | $(edit) >$@
 	@chmod a-w "$@"
 	@chmod +x "$@"
 	@bash -O extglob -n "$@"
 clean:
-	rm -f $(BINPROGS) $(SBINPROGS) bash_completion zsh_completion
+	rm -f $(BINPROGS) bash_completion zsh_completion
 install:
 	install -dm0755 $(DESTDIR)$(PREFIX)/bin
 	install -dm0755 $(DESTDIR)$(PREFIX)/sbin
 	install -dm0755 $(DESTDIR)$(PREFIX)/share/devtools
 	install -m0755 ${BINPROGS} $(DESTDIR)$(PREFIX)/bin
 	install -m0755 ${SBINPROGS} $(DESTDIR)$(PREFIX)/sbin
 	install -m0644 ${CONFIGFILES} $(DESTDIR)$(PREFIX)/share/devtools
 	for l in ${COMMITPKG_LINKS}; do ln -sf commitpkg $(DESTDIR)$(PREFIX)/bin/$$l; done
 	for l in ${ARCHBUILD_LINKS}; do ln -sf archbuild $(DESTDIR)$(PREFIX)/bin/$$l; done
@@ -100,7 +98,6 @@ install:
 uninstall:
 	for f in ${BINPROGS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$f; done
 	for f in ${SBINPROGS}; do rm -f $(DESTDIR)$(PREFIX)/sbin/$$f; done
 	for f in ${CONFIGFILES}; do rm -f $(DESTDIR)$(PREFIX)/share/devtools/$$f; done
 	for l in ${COMMITPKG_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
 	for l in ${ARCHBUILD_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
@@ -115,6 +112,6 @@ dist:
 	gpg --detach-sign --use-agent devtools-$(V).tar.gz
 upload:
-	scp devtools-$(V).tar.gz devtools-$(V).tar.gz.sig gerolde.archlinux.org:/srv/ftp/other/devtools/
+	scp devtools-$(V).tar.gz devtools-$(V).tar.gz.sig nymeria.archlinux.org:/srv/ftp/other/devtools/
 .PHONY: all clean install uninstall dist upload
--- a/arch-nspawn.in
+++ b/arch-nspawn.in
@@ -0,0 +1,103 @@
 #!/bin/bash
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; version 2 of the License.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 m4_include(lib/common.sh)
 CHROOT_VERSION='v3'
 working_dir=''
 usage() {
 	echo "Usage: ${0##*/} [options] working-dir [systemd-nspawn arguments]"
 	echo "A wrapper around systemd-nspawn. Provides support for pacman."
 	echo
 	echo ' options:'
 	echo '    -C <file>     Location of a pacman config file'
 	echo '    -M <file>     Location of a makepkg config file'
 	echo '    -c <dir>      Set pacman cache'
 	echo '    -h            This message'
 	exit 1
 }
 orig_argv=("$@")
 while getopts 'hC:M:c:' arg; do
 	case "$arg" in
 		C) pac_conf="$OPTARG" ;;
 		M) makepkg_conf="$OPTARG" ;;
 		c) cache_dir="$OPTARG" ;;
 		h|?) usage ;;
 		*) error "invalid argument '$arg'"; usage ;;
 	esac
 done
 shift $(($OPTIND - 1))
 (( $# < 1 )) && die 'You must specify a directory.'
 check_root "$0" "${orig_argv[@]}"
 working_dir=$(readlink -f "$1")
 shift 1
 [[ -z $working_dir ]] && die 'Please specify a working directory.'
 if [[ -z $cache_dir ]]; then
 	cache_dirs=($(pacman -v 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g'))
 else
 	cache_dirs=("$cache_dir")
 fi
 host_mirror=$(pacman -Sddp extra/devtools 2>/dev/null | sed -r 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
 [[ $host_mirror == *file://* ]] && host_mirror_path=$(echo "$host_mirror" | sed -r 's#file://(/.*)/\$repo/os/\$arch#\1#g')
 # {{{ functions
 build_mount_args() {
 	declare -g mount_args=()
 	if [[ -n $host_mirror_path ]]; then
 		mount_args+=(--bind-ro="$host_mirror_path")
 	fi
 	mount_args+=(--bind="${cache_dirs[0]}")
 	for cache_dir in ${cache_dirs[@]:1}; do
 		mount_args+=(--bind-ro="$cache_dir")
 	done
 }
 copy_hostconf () {
 	cp -a /etc/pacman.d/gnupg "$working_dir/etc/pacman.d"
 	echo "Server = $host_mirror" >"$working_dir/etc/pacman.d/mirrorlist"
 	[[ -n $pac_conf ]] && cp $pac_conf "$working_dir/etc/pacman.conf"
 	[[ -n $makepkg_conf ]] && cp $makepkg_conf "$working_dir/etc/makepkg.conf"
 	sed -r "s|^#?\\s*CacheDir.+|CacheDir = $(echo -n ${cache_dirs[@]})|g" -i "$working_dir/etc/pacman.conf"
 }
 # }}}
 umask 0022
 # Sanity check
 if [[ ! -f "$working_dir/.arch-chroot" ]]; then
 	die "'%s' does not appear to be an Arch chroot." "$working_dir"
 elif [[ $(cat "$working_dir/.arch-chroot") != $CHROOT_VERSION ]]; then
 	die "chroot '%s' is not at version %s. Please rebuild." "$working_dir" "$CHROOT_VERSION"
 fi
 build_mount_args
 copy_hostconf
 eval $(grep '^CARCH=' "$working_dir/etc/makepkg.conf")
 exec ${CARCH:+setarch "$CARCH"} systemd-nspawn 2>/dev/null \
 	-D "$working_dir" \
 	--register=no \
 	"${mount_args[@]}" \
 	"$@"
--- a/archbuild.in
+++ b/archbuild.in
@@ -2,7 +2,8 @@
 m4_include(lib/common.sh)
-base_packages=(base base-devel sudo)
+base_packages=(base-devel)
 makechrootpkg_args=(-c -n)
 cmd="${0##*/}"
 if [[ "${cmd%%-*}" == 'multilib' ]]; then
@@ -18,13 +19,19 @@ chroots='/var/lib/archbuild'
 clean_first=false
 usage() {
-	echo "usage $cmd"
+	echo "Usage: $cmd [options] -- [makechrootpkg args]"
 	echo '    -h         This help'
 	echo '    -c         Recreate the chroot before building'
 	echo '    -r <dir>   Create chroots in this directory'
 	echo ''
 	echo "Default makechrootpkg args: ${makechrootpkg_args[*]}"
 	echo ''
 	exit 1
 }
-while getopts 'cr:' arg; do
+orig_argv=("$@")
 while getopts 'hcr:' arg; do
 	case "${arg}" in
 		c) clean_first=true ;;
 		r) chroots="$OPTARG" ;;
@@ -32,9 +39,10 @@ while getopts 'cr:' arg; do
 	esac
 done
-if [[ "$EUID" != '0' ]]; then
+check_root "$0" "${orig_argv[@]}"
-	die 'This script must be run as root.'
+
-fi
+# Pass all arguments after -- right to makepkg
 makechrootpkg_args+=("${@:$OPTIND}")
 if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 	msg "Creating chroot for [${repo}] (${arch})..."
@@ -43,14 +51,11 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 		[[ -d $copy ]] || continue
 		msg2 "Deleting chroot copy '$(basename "${copy}")'..."
-		exec 9>"$copydir.lock"
+		lock 9 "$copy.lock" "Locking chroot copy '$copy'"
 		if ! flock -n 9; then
 			stat_busy "Locking chroot copy '$copy'"
 			flock 9
 			stat_done
 		fi
 		if [[ "$(stat -f -c %T "${copy}")" == btrfs ]]; then
 			{ type -P btrfs && btrfs subvolume delete "${copy}"; } &>/dev/null
 		fi
 		rm -rf --one-file-system "${copy}"
 	done
 	exec 9>&-
@@ -63,12 +68,13 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 		"${chroots}/${repo}-${arch}/root" \
 		"${base_packages[@]}" || abort
 else
-	setarch ${arch} mkarchroot \
+	lock 9 "${chroots}/${repo}-${arch}/root.lock" "Locking clean chroot"
-		-u \
+	arch-nspawn \
 		-C "@pkgdatadir@/pacman-${repo}.conf" \
 		-M "@pkgdatadir@/makepkg-${arch}.conf" \
-		"${chroots}/${repo}-${arch}/root" || abort
+		"${chroots}/${repo}-${arch}/root" \
                pacman -Syu --noconfirm || abort
 fi
 msg "Building in chroot for [${repo}] (${arch})..."
-exec setarch "${arch}" makechrootpkg -c -n -r "${chroots}/${repo}-${arch}"
+exec makechrootpkg -r "${chroots}/${repo}-${arch}" "${makechrootpkg_args[@]}"
--- a/archco.in
+++ b/archco.in
@@ -11,11 +11,11 @@ fi
 case $scriptname in
 	archco)
-		SVNURL="svn+ssh://gerolde.archlinux.org/srv/svn-packages";;
+		SVNURL="svn+ssh://svn-packages@nymeria.archlinux.org/srv/repos/svn-packages/svn";;
 	communityco)
 		SVNURL="svn+ssh://svn-community@nymeria.archlinux.org/srv/repos/svn-community/svn";;
 	*)
-		die "Couldn't find svn url for $scriptname"
+		die "Couldn't find svn url for %s" "$scriptname"
 		;;
 esac
--- a/archrelease.in
+++ b/archrelease.in
@@ -8,8 +8,8 @@ FORCE=
 while getopts ':f' flag; do
 	case $flag in
 		f) FORCE=1 ;;
-		:) die "Option requires an argument -- '$OPTARG'" ;;
+		:) die "Option requires an argument -- '%s'" "$OPTARG" ;;
-		\?) die "Invalid option -- '$OPTARG'" ;;
+		\?) die "Invalid option -- '%s'" "$OPTARG" ;;
 	esac
 done
 shift $(( OPTIND - 1 ))
@@ -23,7 +23,7 @@ fi
 if [[ -z $FORCE ]]; then
 	for tag in "$@"; do
 		if ! in_array "$tag" "${_tags[@]}"; then
-			die 'archrelease: Invalid tag: "'$tag'" (use -f to force release)'
+			die "archrelease: Invalid tag: '%s' (use -f to force release)" "$tag"
 		fi
 	done
 fi
--- a/bash_completion.in
+++ b/bash_completion.in
@@ -34,7 +34,7 @@ _makechrootpkg() {
  case $cur in
    -*)
-       COMPREPLY=( $( compgen -W '-I -c -d -h -l -r -u' -- "$cur" ) )
+       COMPREPLY=( $( compgen -W '-I -c -h -l -r -u' -- "$cur" ) )
       ;;
    *)
      _filedir
@@ -53,7 +53,7 @@ _mkarchroot() {
  case $cur in
    -*)
-       COMPREPLY=( $( compgen -W '-C -M -c -f -h -n -r -u' -- "$cur" ) )
+       COMPREPLY=( $( compgen -W '-C -M -c -h' -- "$cur" ) )
       ;;
    *)
      _filedir
@@ -65,5 +65,22 @@ _mkarchroot() {
 } &&
 complete -F _mkarchroot mkarchroot
 _arch-nspawn() {
  local cur
  COMPREPLY=()
  _get_comp_words_by_ref cur
  case $cur in
    -*)
       COMPREPLY=( $( compgen -W '-C -M -c -h' -- "$cur" ) )
       ;;
    *)
      _filedir
      return 0
      ;;
  esac
  true
 } &&
 complete -F _arch-nspawn arch-nspawn
 # ex:et ts=2 sw=2 ft=sh
--- a/checkpkg.in
+++ b/checkpkg.in
@@ -1,5 +1,7 @@
 #!/bin/bash
 shopt -s extglob
 m4_include(lib/common.sh)
 # Source makepkg.conf; fail if it is not found
@@ -18,63 +20,54 @@ if [[ ! -f PKGBUILD ]]; then
 	die 'This must be run in the directory of a built package.'
 fi
-. PKGBUILD
+. ./PKGBUILD
 if [[ $arch == 'any' ]]; then
 	CARCH='any'
 fi
 STARTDIR=$(pwd)
 TEMPDIR=$(mktemp -d --tmpdir checkpkg-script.XXXX)
 cd "$TEMPDIR"
 for _pkgname in "${pkgname[@]}"; do
-	pkgfile=${_pkgname}-$(get_full_version $_pkgname)-${CARCH}${PKGEXT}
+	target_pkgver=$(get_full_version "$_pkgname")
-
+	if ! pkgfile=$(find_cached_package "$_pkgname" "$target_pkgver" "$CARCH"); then
-	if [[ -f "$STARTDIR/$pkgfile" ]]; then
+		die 'tarball not found for package: %s' "${_pkgname}-$target_pkgver"
 		ln -s "$STARTDIR/$pkgfile" "$pkgfile"
 	elif [[ -f "$PKGDEST/$pkgfile" ]]; then
 		ln -s "$PKGDEST/$pkgfile" "$pkgfile"
 	else
 		die "File \"$pkgfile\" doesn't exist"
 	fi
 	ln -s "$pkgfile" "$TEMPDIR"
 	pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$_pkgname")
 	if [[ $? -ne 0 ]]; then
-		die "Couldn't download previous package for $_pkgname."
+		die "Couldn't download previous package for %s." "$_pkgname"
 	fi
 	oldpkg=${pkgurl##*://*/}
 	if [[ ${oldpkg##*/} = ${pkgfile##*/} ]]; then
-		die "The built package ($_pkgname) is the one in the repo right now!"
+		die "The built package (%s) is the one in the repo right now!" "$_pkgname"
 	fi
 	if [[ ! -f $oldpkg ]]; then
 	if [[ $pkgurl = file://* ]]; then
-			ln -s "${pkgurl#file://}" "${pkgurl##file://*/}"
+		ln -s "${pkgurl#file://}" "$TEMPDIR/$oldpkg"
 	elif [[ -f "$PKGDEST/$oldpkg" ]]; then
-			ln -s "$PKGDEST/$oldpkg" "$oldpkg"
+		ln -s "$PKGDEST/$oldpkg" "$TEMPDIR/$oldpkg"
 	elif [[ -f "$STARTDIR/$oldpkg" ]]; then
-			ln -s "$STARTDIR/$oldpkg" "$oldpkg"
+		ln -s "$STARTDIR/$oldpkg" "$TEMPDIR/$oldpkg"
 	else
-		        curl -fsLC - --retry 3 --retry-delay 3 -o "$oldpkg" "$pkgurl"
+		curl -fsLC - --retry 3 --retry-delay 3 -o "$TEMPDIR/$oldpkg" "$pkgurl"
 		fi
 	fi
-	bsdtar tf "$oldpkg" | sort > "filelist-$_pkgname-old"
+	bsdtar tf "$TEMPDIR/$oldpkg" | sort > "$TEMPDIR/filelist-$_pkgname-old"
-	bsdtar tf "$pkgfile" | sort > "filelist-$_pkgname"
+	bsdtar tf "$pkgfile" | sort > "$TEMPDIR/filelist-$_pkgname"
-	sdiff -s "filelist-$_pkgname-old" "filelist-$_pkgname"
+	sdiff -s "$TEMPDIR/filelist-$_pkgname-old" "$TEMPDIR/filelist-$_pkgname"
-	if diff "filelist-$_pkgname-old" "filelist-$_pkgname" | grep '\.so' > /dev/null 2>&1; then
+	find-libprovides "$TEMPDIR/$oldpkg" 2>/dev/null | sort > "$TEMPDIR/libraries-$_pkgname-old"
-		mkdir -p pkg
+	find-libprovides "$pkgfile" 2>/dev/null | sort > "$TEMPDIR/libraries-$_pkgname"
-		cd pkg
+	if ! diff_output="$(sdiff -s "$TEMPDIR/libraries-$_pkgname-old" "$TEMPDIR/libraries-$_pkgname")"; then
-		bsdtar xf ../"$pkgfile" > /dev/null
+		msg "Sonames differ in $_pkgname!"
-		diff "../filelist-$_pkgname-old" "../filelist-$_pkgname" | awk '/>.*\.so/{$1 = ""; print $0}' | while read i; do
+		echo "$diff_output"
 			echo "${i}: " "$(objdump -p "$i" | grep SONAME)"
 		done
 		cd ..
 	else
 		msg "No soname differences for $_pkgname."
 	fi
--- a/commitpkg.in
+++ b/commitpkg.in
@@ -2,22 +2,6 @@
 m4_include(lib/common.sh)
 getpkgfile() {
 	case $# in
 		0)
 			error 'No canonical package found!'
 			return 1
 			;;
 		[!1])
 			error 'Failed to canonicalize package name -- multiple packages found:'
 			msg2 '%s' "$@"
 			return 1
 			;;
 	esac
 	echo "$1"
 }
 # Source makepkg.conf; fail if it is not found
 if [[ -r '/etc/makepkg.conf' ]]; then
 	source '/etc/makepkg.conf'
@@ -36,13 +20,13 @@ if [[ ! -f PKGBUILD ]]; then
 	die 'No PKGBUILD file'
 fi
-. PKGBUILD
+. ./PKGBUILD
 pkgbase=${pkgbase:-$pkgname}
 case "$cmd" in
 	commitpkg)
 		if (( $# == 0 )); then
-			die 'usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
+			die 'Usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
 		fi
 		repo="$1"
 		shift
@@ -51,28 +35,32 @@ case "$cmd" in
 		repo="${cmd%pkg}"
 		;;
 	*)
-		die 'usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
+		die 'Usage: commitpkg <reponame> [-f] [-s server] [-l limit] [-a arch] [commit message]'
 		;;
 esac
-# check if all local source files are under version control
+# find files which should be under source control
 needsversioning=()
 for s in "${source[@]}"; do
-	if [[ $s != *://* ]] && ! svn status -v "$s@" | grep -q '^[ AMRX~]'; then
+	[[ $s != *://* ]] && needsversioning+=("$s")
 		die "$s is not under version control"
 	fi
 done
 # check if changelog and install files are under version control
 for i in 'changelog' 'install'; do
 	while read -r file; do
 		# evaluate any bash variables used
 		eval file=\"$(sed 's/^\(['\''"]\)\(.*\)\1$/\2/' <<< "$file")\"
-		if ! svn status -v "${file}" | grep -q '^[ AMRX~]'; then
+		needsversioning+=("$file")
 			die "${file} is not under version control"
 		fi
 	done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
 done
 # assert that they really are controlled by SVN
 if (( ${#needsversioning[*]} )); then
 	# svn status's output is only two columns when the status is unknown
 	while read -r status filename; do
 		[[ $status = '?' ]] && unversioned+=("$filename")
 	done < <(svn status -v "${needsversioning[@]}")
 	(( ${#unversioned[*]} )) && die "%s is not under version control" "${unversioned[@]}"
 fi
 rsyncopts=(-e ssh -p --chmod=ug=rw,o=r -c -h -L --progress --partial -y)
 archreleaseopts=()
 while getopts ':l:a:s:f' flag; do
@@ -81,8 +69,8 @@ while getopts ':l:a:s:f' flag; do
 		s) server=$OPTARG ;;
 		l) rsyncopts+=("--bwlimit=$OPTARG") ;;
 		a) commit_arch=$OPTARG ;;
-		:) die "Option requires an argument -- '$OPTARG'" ;;
+		:) die "Option requires an argument -- '%s'" "$OPTARG" ;;
-		\?) die "Invalid option -- '$OPTARG'" ;;
+		\?) die "Invalid option -- '%s'" "$OPTARG" ;;
 	esac
 done
 shift $(( OPTIND - 1 ))
@@ -95,9 +83,8 @@ for _arch in ${arch[@]}; do
 	for _pkgname in ${pkgname[@]}; do
 		fullver=$(get_full_version $_pkgname)
-		if pkgfile=$(shopt -s nullglob;
+		if pkgfile=$(find_cached_package "$_pkgname" "$_arch" "$fullver"); then
-				getpkgfile "${PKGDEST+$PKGDEST/}$_pkgname-$fullver-${_arch}".pkg.tar.?z); then
+			if grep -q "packager = Unknown Packager" <(bsdtar -xOqf "$pkgfile" .PKGINFO); then
 			if grep -q "packager = Unknown Packager" <(bsdtar -xOqf $pkgfile .PKGINFO); then
 				die "PACKAGER was not set when building package"
 			fi
 		fi
@@ -105,15 +92,7 @@ for _arch in ${arch[@]}; do
 done
 if [[ -z $server ]]; then
-	case "$repo" in
+	server='nymeria.archlinux.org'
 		core|extra|testing|staging|kde-unstable|gnome-unstable)
 			server='gerolde.archlinux.org' ;;
 		community*|multilib*)
 			server='nymeria.archlinux.org' ;;
 		*)
 			server='gerolde.archlinux.org'
 			msg "Non-standard repository $repo in use, defaulting to server $server" ;;
 	esac
 fi
 if [[ -n $(svn status -q) ]]; then
@@ -155,8 +134,7 @@ for _arch in ${arch[@]}; do
 	for _pkgname in ${pkgname[@]}; do
 		fullver=$(get_full_version $_pkgname)
-		if ! pkgfile=$(shopt -s nullglob;
+		if ! pkgfile=$(find_cached_package "$_pkgname" "$fullver" "${_arch}"); then
 				getpkgfile "${PKGDEST+$PKGDEST/}$_pkgname-$fullver-${_arch}".pkg.tar.?z); then
 			warning "Skipping $_pkgname-$fullver-$_arch: failed to locate package file"
 			skip_arches+=($_arch)
 			continue 2
@@ -169,10 +147,10 @@ for _arch in ${arch[@]}; do
 			if [[ -n $GPGKEY ]]; then
 				SIGNWITHKEY="-u ${GPGKEY}"
 			fi
-			gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || die
+			gpg --detach-sign --use-agent --no-armor ${SIGNWITHKEY} "${pkgfile}" || die
 		fi
 		if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
-			die "Signature ${pkgfile}.sig is incorrect!"
+			die "Signature %s.sig is incorrect!" "$pkgfile"
 		fi
 		uploads+=("$sigfile")
 	done
--- a/crossrepomove.in
+++ b/crossrepomove.in
@@ -11,34 +11,30 @@ fi
 pkgbase="${1}"
 packages_svn='svn+ssh://gerolde.archlinux.org/srv/svn-packages'
 packages_server='gerolde.archlinux.org'
 community_svn='svn+ssh://svn-community@nymeria.archlinux.org/srv/repos/svn-community/svn'
 community_server='nymeria.archlinux.org'
 mirror='http://mirrors.kernel.org/archlinux'
 case $scriptname in
 	extra2community)
-		source_svn="${packages_svn}"
+		source_name='packages'
-		target_svn="${community_svn}"
+		target_name='community'
 		source_server="${packages_server}"
 		target_server="${community_server}"
 		source_repo='extra'
 		target_repo='community'
 		;;
 	community2extra)
-		source_svn="${community_svn}"
+		source_name='community'
-		target_svn="${packages_svn}"
+		target_name='packages'
 		source_server="${community_server}"
 		target_server="${packages_server}"
 		source_repo='community'
 		target_repo='extra'
 		;;
 	*)
-		die "Couldn't find configuration for $scriptname"
+		die "Couldn't find configuration for %s" "$scriptname"
 		;;
 esac
 server='nymeria.archlinux.org'
 source_svn="svn+ssh://svn-${source_name}@${server}/srv/repos/svn-${source_name}/svn"
 target_svn="svn+ssh://svn-${target_name}@${server}/srv/repos/svn-${target_name}/svn"
 source_dbscripts="/srv/repos/svn-${source_name}/dbscripts"
 target_dbscripts="/srv/repos/svn-${target_name}/dbscripts"
 setup_workdir
 pushd $WORKDIR >/dev/null
@@ -58,10 +54,8 @@ for _arch in ${arch[@]}; do
 	fi
 	for _pkgname in ${pkgname[@]}; do
 		fullver=$(get_full_version $_pkgname)
-		# FIXME: this only works with .xz packages
+		pkgpath="/srv/ftp/$source_repo/os/$repo_arch/$_pkgname-$fullver-${_arch}.pkg.tar.*"
-		ssh "${target_server}" "cd staging/${target_repo}
+		ssh "$server" "cp $pkgpath staging/$target_repo" || die
 			curl -O ${mirror}/${source_repo}/os/${repo_arch}/$_pkgname-$fullver-${_arch}.pkg.tar.xz
 			curl -O ${mirror}/${source_repo}/os/${repo_arch}/$_pkgname-$fullver-${_arch}.pkg.tar.xz.sig" || die
 	done
 done
@@ -73,22 +67,11 @@ pushd "target_checkout/${pkgbase}/trunk" >/dev/null
 archrelease "${arch[@]/#/$target_repo-}" || die
 popd >/dev/null
-if [[ "${target_server}" == "${community_server}" ]]; then
+ssh "${server}" "${target_dbscripts}/db-update" || die
        dbscripts_path='/srv/repos/svn-community/dbscripts'
 else
        dbscripts_path='/arch'
 fi
 ssh "${target_server}" "${dbscripts_path}/db-update" || die
 msg "Removing ${pkgbase} from ${source_repo}"
 if [[ "${source_server}" == "${community_server}" ]]; then
        dbscripts_path='/srv/repos/svn-community/dbscripts'
 else
        dbscripts_path='/arch'
 fi
 for _arch in ${arch[@]}; do
-	ssh "${source_server}" "${dbscripts_path}/db-remove ${source_repo} ${_arch} ${pkgbase}"
+	ssh "${server}" "${source_dbscripts}/db-remove ${source_repo} ${_arch} ${pkgbase}"
 done
 svn -q checkout -N "${source_svn}" source_checkout
 svn -q up "source_checkout/${pkgbase}"
--- a/find-libdeps.in
+++ b/find-libdeps.in
@@ -16,7 +16,7 @@ script_mode=${0##*/find-lib}
 case $script_mode in
 	deps|provides) true;;
-	*) die "Unknown mode $script_mode" ;;
+	*) die "Unknown mode %s" "$script_mode" ;;
 esac
 if [[ -z $1 ]]; then
@@ -32,11 +32,11 @@ else
 	setup_workdir
 	case ${script_mode} in
-		deps) bsdtar -C $WORKDIR -xf "$1";;
+		deps) bsdtar -C "$WORKDIR" -xf "$1";;
-		provides) bsdtar -C $WORKDIR -xf "$1" --include="*.so*";;
+		provides) bsdtar -C "$WORKDIR" -xf "$1" --include="*.so*";;
 	esac
-	pushd $WORKDIR >/dev/null
+	pushd "$WORKDIR" >/dev/null
 fi
 process_sofile() {
@@ -50,16 +50,16 @@ process_sofile() {
 	if ! in_array "${soname}=${soversion}-${soarch}" ${soobjects[@]}; then
 		# libfoo.so=1-64
 		echo "${soname}=${soversion}-${soarch}"
-		soobjects=(${soobjects[@]} "${soname}=${soversion}-${soarch}")
+		soobjects+=("${soname}=${soversion}-${soarch}")
 	fi
 }
 case $script_mode in
-	deps) find_args="-perm -u+x";;
+	deps) find_args=(-perm -u+x);;
-	provides) find_args="-name *.so*";;
+  provides) find_args=(-name '*.so*');;
 esac
-find . -type f $find_args | while read filename; do
+find . -type f "${find_args[@]}" | while read filename; do
 	if [[ $script_mode = "provides" ]]; then
 		# ignore if we don't have a shared object
 		if ! LC_ALL=C readelf -h "$filename" 2>/dev/null | grep -q '.*Type:.*DYN (Shared object file).*'; then
--- a/finddeps.in
+++ b/finddeps.in
@@ -8,7 +8,7 @@ m4_include(lib/common.sh)
 match=$1
 if [[ -z $match ]]; then
-	echo 'usage: finddeps <depname>'
+	echo 'Usage: finddeps <depname>'
 	echo ''
 	echo 'Find packages that depend on a given depname.'
 	echo 'Run this script from the top-level directory of your ABS tree.'
--- a/lib/common.sh
+++ b/lib/common.sh
@@ -1,6 +1,8 @@
 # Avoid any encoding problems
 export LANG=C
 shopt -s extglob
 # check if messages are to be printed using color
 unset ALL_OFF BOLD BLUE GREEN RED YELLOW
 if [[ -t 2 ]]; then
@@ -63,12 +65,12 @@ setup_workdir() {
 cleanup() {
 	[[ -n $WORKDIR ]] && rm -rf "$WORKDIR"
-	[[ $1 ]] && exit $1
+	exit ${1:-0}
 }
 abort() {
-	msg 'Aborting...'
+	error 'Aborting...'
-	cleanup 0
+	cleanup 255
 }
 trap_abort() {
@@ -77,13 +79,14 @@ trap_abort() {
 }
 trap_exit() {
 	local r=$?
 	trap - EXIT INT QUIT TERM HUP
-	cleanup
+	cleanup $r
 }
 die() {
-	error "$*"
+	(( $# )) && error "$@"
-	cleanup 1
+	cleanup 255
 }
 trap 'trap_abort' INT QUIT TERM HUP
@@ -112,7 +115,7 @@ get_full_version() {
 	pkgbase=${pkgbase:-${pkgname[0]}}
 	epoch=${epoch:-0}
 	if [[ -z $1 ]]; then
-		if [[ $epoch ]] && (( ! $epoch )); then
+		if (( ! epoch )); then
 			echo $pkgver-$pkgrel
 		else
 			echo $epoch:$pkgver-$pkgrel
@@ -130,3 +133,111 @@ get_full_version() {
 		fi
 	fi
 }
 ##
 #  usage : lock( $fd, $file, $message )
 ##
 lock() {
 	eval "exec $1>"'"$2"'
 	if ! flock -n $1; then
 		stat_busy "$3"
 		flock $1
 		stat_done
 	fi
 }
 ##
 #  usage : slock( $fd, $file, $message )
 ##
 slock() {
 	eval "exec $1>"'"$2"'
 	if ! flock -sn $1; then
 		stat_busy "$3"
 		flock -s $1
 		stat_done
 	fi
 }
 ##
 # usage: pkgver_equal( $pkgver1, $pkgver2 )
 ##
 pkgver_equal() {
 	local left right
 	if [[ $1 = *-* && $2 = *-* ]]; then
 		# if both versions have a pkgrel, then they must be an exact match
 		[[ $1 = "$2" ]]
 	else
 		# otherwise, trim any pkgrel and compare the bare version.
 		[[ ${1%%-*} = "${2%%-*}" ]]
 	fi
 }
 ##
 #  usage: find_cached_package( $pkgname, $pkgver, $arch )
 #
 #    $pkgver can be supplied with or without a pkgrel appended.
 #    If not supplied, any pkgrel will be matched.
 ##
 find_cached_package() {
 	local searchdirs=("$PWD" "$PKGDEST") results=()
 	local targetname=$1 targetver=$2 targetarch=$3
 	local dir pkg pkgbasename pkgparts name ver rel arch size r results
 	for dir in "${searchdirs[@]}"; do
 		[[ -d $dir ]] || continue
 		for pkg in "$dir"/*.pkg.tar?(.?z); do
 			[[ -f $pkg ]] || continue
 			# avoid adding duplicates of the same inode
 			for r in "${results[@]}"; do
 				[[ $r -ef $pkg ]] && continue 2
 			done
 			# split apart package filename into parts
 			pkgbasename=${pkg##*/}
 			pkgbasename=${pkgbasename%.pkg.tar?(.?z)}
 			arch=${pkgbasename##*-}
 			pkgbasename=${pkgbasename%-"$arch"}
 			rel=${pkgbasename##*-}
 			pkgbasename=${pkgbasename%-"$rel"}
 			ver=${pkgbasename##*-}
 			name=${pkgbasename%-"$ver"}
 			if [[ $targetname = "$name" && $targetarch = "$arch" ]] &&
 					pkgver_equal "$targetver" "$ver-$rel"; then
 				results+=("$pkg")
 			fi
 		done
 	done
 	case ${#results[*]} in
 		0)
 			return 1
 			;;
 		1)
 			printf '%s\n' "$results"
 			return 0
 			;;
 		*)
 			error 'Multiple packages found:'
 			printf '\t%s\n' "${results[@]}" >&2
 			return 1
 	esac
 }
 ##
 #  usage : check_root ("$0" "$@")
 ##
 check_root() {
 	(( EUID == 0 )) && return
 	if type -P sudo >/dev/null; then
 		exec sudo -- "$@"
 	else
 		exec su root -c "$(printf ' %q' "$@")"
 	fi
 }
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -12,26 +12,31 @@ m4_include(lib/common.sh)
 shopt -s nullglob
-makepkg_args='-s --noconfirm -L'
+makepkg_args=(-s --noconfirm -L --holdver)
 repack=false
 update_first=false
 clean_first=false
 install_pkg=
 add_to_db=false
 run_namcap=false
 temp_chroot=false
 chrootdir=
 passeddir=
 declare -a install_pkgs
 declare -i ret=0
-default_copy=$USER
+bindmounts_ro=()
-[[ -n $SUDO_USER ]] && default_copy=$SUDO_USER
+bindmounts_rw=()
-[[ -z $default_copy || $default_copy = root ]] && default_copy=copy
+
 copy=$USER
 [[ -n $SUDO_USER ]] && copy=$SUDO_USER
 [[ -z "$copy" || $copy = root ]] && copy=copy
 src_owner=${SUDO_USER:-$USER}
 usage() {
-	echo "usage ${0##*/} [options] -r <chrootdir> [--] [makepkg args]"
+	echo "Usage: ${0##*/} [options] -r <chrootdir> [--] [makepkg args]"
 	echo ' Run this script in a PKGBUILD dir to build a package inside a'
-	echo ' clean chroot. All unrecognized arguments passed to this script'
+	echo ' clean chroot. Arguments passed to this script after the'
-	echo ' will be passed to makepkg.'
+	echo ' end-of-options marker (--) will be passed to makepkg.'
 	echo ''
 	echo ' The chroot dir consists of the following directories:'
 	echo ' <chrootdir>/{root, copy} but only "root" is required'
@@ -39,110 +44,59 @@ usage() {
 	echo ''
 	echo 'The chroot "root" directory must be created via the following'
 	echo 'command:'
-	echo '    mkarchroot <chrootdir>/root base base-devel sudo'
+	echo '    mkarchroot <chrootdir>/root base-devel'
 	echo ''
-	echo "Default makepkg args: $makepkg_args"
+	echo "Default makepkg args: ${makepkg_args[*]}"
 	echo ''
 	echo 'Flags:'
 	echo '-h         This help'
 	echo '-c         Clean the chroot before building'
 	echo '-d <dir>   Bind directory into build chroot as read-write'
 	echo '-D <dir>   Bind directory into build chroot as read-only'
 	echo '-u         Update the working copy of the chroot before building'
 	echo '           This is useful for rebuilds without dirtying the pristine'
 	echo '           chroot'
 	echo '-d         Add the package to a local db at /repo after building'
 	echo '-r <dir>   The chroot dir to use'
 	echo '-I <pkg>   Install a package into the working copy of the chroot'
 	echo '-l <copy>  The directory to use as the working copy of the chroot'
-	echo '           Useful for maintaining multiple copies.'
+	echo '           Useful for maintaining multiple copies'
-	echo "           Default: $default_copy"
+	echo "           Default: $copy"
 	echo '-n         Run namcap on the package'
 	echo '-T         Build in a temporary directory'
 	exit 1
 }
-while getopts 'hcudr:I:l:n' arg; do
+# {{{ functions
-	case "$arg" in
+load_vars() {
-		h) usage ;;
+	local makepkg_conf="$1" var
 		c) clean_first=true ;;
 		u) update_first=true ;;
 		d) add_to_db=true ;;
 		r) passeddir="$OPTARG" ;;
 		I) install_pkg="$OPTARG" ;;
 		l) copy="$OPTARG" ;;
 		n) run_namcap=true; makepkg_args="$makepkg_args -i" ;;
 		*) makepkg_args="$makepkg_args -$arg $OPTARG" ;;
 	esac
 done
-# Canonicalize chrootdir, getting rid of trailing /
+	[[ -f $makepkg_conf ]] || return 1
 chrootdir=$(readlink -e "$passeddir")
-if [[ ${copy:0:1} = / ]]; then
+	for var in {SRC,SRCPKG,PKG,LOG}DEST MAKEFLAGS PACKAGER; do
-	copydir=$copy
+		[[ -z ${!var} ]] && eval $(grep "^${var}=" "$makepkg_conf")
-else
+	done
 	[[ -z $copy ]] && copy=$default_copy
 	copydir="$chrootdir/$copy"
 fi
-# Pass all arguments after -- right to makepkg
+	return 0
-makepkg_args="$makepkg_args ${*:$OPTIND}"
+}
-# See if -R was passed to makepkg
+create_chroot() {
-for arg in ${*:$OPTIND}; do
+	# Lock the chroot we want to use. We'll keep this lock until we exit.
-	if [[ $arg = -R ]]; then
+	lock 9 "$copydir.lock" "Locking chroot copy [$copy]"
 		repack=true
 		break
 	fi
 done
-if (( EUID )); then
+	if [[ ! -d $copydir ]] || $clean_first; then
 	die 'This script must be run as root.'
 fi
 if [[ ! -f PKGBUILD && -z $install_pkg ]]; then
 	die 'This must be run in a directory containing a PKGBUILD.'
 fi
 if [[ ! -d $chrootdir ]]; then
 	die "No chroot dir defined, or invalid path '$passeddir'"
 fi
 if [[ ! -d $chrootdir/root ]]; then
 	die "Missing chroot dir root directory. Try using: mkarchroot $chrootdir/root base base-devel sudo"
 fi
 umask 0022
 # Lock the chroot we want to use. We'll keep this lock until we exit.
 # Note this is the same FD number as in mkarchroot
 exec 9>"$copydir.lock"
 if ! flock -n 9; then
 	stat_busy "Locking chroot copy '$copy'"
 	flock 9
 	stat_done
 fi
 if [[ ! -d $copydir ]] || $clean_first; then
 		# Get a read lock on the root chroot to make
 		# sure we don't clone a half-updated chroot
-	exec 8>"$chrootdir/root.lock"
+		slock 8 "$chrootdir/root.lock" "Locking clean chroot"
-	if ! flock -sn 8; then
+		stat_busy "Creating clean working copy [$copy]"
-		stat_busy "Locking clean chroot"
+		if [[ "$chroottype" == btrfs ]] && ! mountpoint -q "$copydir"; then
-		flock -s 8
+			if [[ -d $copydir ]]; then
-		stat_done
+				btrfs subvolume delete "$copydir" >/dev/null ||
 					die "Unable to delete subvolume %s" "$copydir"
 			fi
-
+			btrfs subvolume snapshot "$chrootdir/root" "$copydir" >/dev/null ||
-	stat_busy 'Creating clean working copy'
+				die "Unable to create subvolume %s" "$copydir"
 	use_rsync=false
 	if type -P btrfs >/dev/null; then
 		[[ -d $copydir ]] && btrfs subvolume delete "$copydir" &>/dev/null
 		btrfs subvolume snapshot "$chrootdir/root" "$copydir" &>/dev/null ||
 			use_rsync=true
 		else
 		use_rsync=true
 	fi
 	if $use_rsync; then
 			mkdir -p "$copydir"
 			rsync -a --delete -q -W -x "$chrootdir/root/" "$copydir"
 		fi
@@ -150,168 +104,309 @@ if [[ ! -d $copydir ]] || $clean_first; then
 		# Drop the read lock again
 		exec 8>&-
-fi
+	fi
-if [[ -n $install_pkg ]]; then
+	# Update mtime
 	touch "$copydir"
 }
 clean_temporary() {
 	stat_busy "Removing temporary copy [$copy]"
 	if [[ "$chroottype" == btrfs ]] && ! mountpoint -q "$copydir"; then
 		btrfs subvolume delete "$copydir" >/dev/null ||
 			die "Unable to delete subvolume %s" "$copydir"
 	else
 		# avoid change of filesystem in case of an umount failure
 		rm --recursive --force --one-file-system "$copydir" ||
 			die "Unable to delete %s" "$copydir"
 	fi
 	# remove lock file
 	rm -f "$copydir.lock"
 	stat_done
 }
 install_packages() {
 	local pkgname
 	for install_pkg in "${install_pkgs[@]}"; do
 		pkgname="${install_pkg##*/}"
 		cp "$install_pkg" "$copydir/$pkgname"
-	mkarchroot -r "pacman -U /$pkgname --noconfirm" "$copydir"
+		arch-nspawn "$copydir" \
-	ret=$?
+			"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
 			pacman -U /$pkgname --noconfirm
 		(( ret += !! $? ))
 		rm "$copydir/$pkgname"
 	done
-	# Exit early, we've done all we need to
+	# If there is no PKGBUILD we are done
-	exit $ret
+	[[ -f PKGBUILD ]] || exit $ret
-fi
+}
-$update_first && mkarchroot -u "$copydir"
+prepare_chroot() {
 	$repack || rm -rf "$copydir/build"
-mkdir -p "$copydir/build"
+	mkdir -p "$copydir/build"
-
+	if ! grep -q 'BUILDDIR="/build"' "$copydir/etc/makepkg.conf"; then
-# Remove anything in there UNLESS -R (repack) was passed to makepkg
+		echo 'BUILDDIR="/build"' >> "$copydir/etc/makepkg.conf"
 $repack || rm -rf "$copydir"/build/*
 # Read .makepkg.conf and .gnupg/pubring.gpg even if called via sudo
 if [[ -n $SUDO_USER ]]; then
 	SUDO_HOME="$(eval echo ~$SUDO_USER)"
 	makepkg_conf="$SUDO_HOME/.makepkg.conf"
 	if [[ -r "$SUDO_HOME/.gnupg/pubring.gpg" ]]; then
 		install -D "$SUDO_HOME/.gnupg/pubring.gpg" "$copydir/build/.gnupg/pubring.gpg"
 	fi
-else
+
-	makepkg_conf="$HOME/.makepkg.conf"
+	# Read .makepkg.conf and gnupg pubring
-	if [[ -r "$HOME/.gnupg/pubring.gpg" ]]; then
+	if [[ -r $USER_HOME/.gnupg/pubring.kbx ]]; then
-		install -D "$HOME/.gnupg/pubring.gpg" "$copydir/build/.gnupg/pubring.gpg"
+		install -D "$USER_HOME/.gnupg/pubring.kbx" "$copydir/build/.gnupg/pubring.kbx"
 	fi
 	if [[ -r $USER_HOME/.gnupg/pubring.gpg ]]; then
 		install -D "$USER_HOME/.gnupg/pubring.gpg" "$copydir/build/.gnupg/pubring.gpg"
 	fi
 fi
-# Get SRC/PKGDEST from makepkg.conf
+	mkdir -p "$copydir/pkgdest"
-if [[ -f $makepkg_conf ]]; then
+	if ! grep -q 'PKGDEST="/pkgdest"' "$copydir/etc/makepkg.conf"; then
 	eval $(grep '^SRCDEST=' "$makepkg_conf")
 	eval $(grep '^PKGDEST=' "$makepkg_conf")
 	eval $(grep '^MAKEFLAGS=' "$makepkg_conf")
 	eval $(grep '^PACKAGER=' "$makepkg_conf")
 fi
 [[ -z $SRCDEST ]] && eval $(grep '^SRCDEST=' /etc/makepkg.conf)
 [[ -z $PKGDEST ]] && eval $(grep '^PKGDEST=' /etc/makepkg.conf)
 [[ -z $MAKEFLAGS ]] && eval $(grep '^MAKEFLAGS=' /etc/makepkg.conf)
 [[ -z $PACKAGER ]] && eval $(grep '^PACKAGER=' /etc/makepkg.conf)
 # Use PKGBUILD directory if PKGDEST or SRCDEST don't exist
 [[ -d $PKGDEST ]] || PKGDEST=.
 [[ -d $SRCDEST ]] || SRCDEST=.
 mkdir -p "$copydir/pkgdest"
 if ! grep -q 'PKGDEST="/pkgdest"' "$copydir/etc/makepkg.conf"; then
 		echo 'PKGDEST="/pkgdest"' >> "$copydir/etc/makepkg.conf"
-fi
+	fi
-mkdir -p "$copydir/srcdest"
+	mkdir -p "$copydir/srcpkgdest"
-if ! grep -q 'SRCDEST="/srcdest"' "$copydir/etc/makepkg.conf"; then
+	if ! grep -q 'SRCPKGDEST="/srcpkgdest"' "$copydir/etc/makepkg.conf"; then
 		echo 'SRCPKGDEST="/srcpkgdest"' >> "$copydir/etc/makepkg.conf"
 	fi
 	mkdir -p "$copydir/logdest"
 	if ! grep -q 'LOGDEST="/logdest"' "$copydir/etc/makepkg.conf"; then
 		echo 'LOGDEST="/logdest"' >> "$copydir/etc/makepkg.conf"
 	fi
 	# These two get bind-mounted read-only
 	# XXX: makepkg dislikes having these dirs read-only, so separate them
 	mkdir -p "$copydir/startdir" "$copydir/startdir_host"
 	mkdir -p "$copydir/srcdest" "$copydir/srcdest_host"
 	if ! grep -q 'SRCDEST="/srcdest"' "$copydir/etc/makepkg.conf"; then
 		echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf"
-fi
+	fi
-if [[ -n $MAKEFLAGS ]]; then
+	builduser_uid=${SUDO_UID:-$UID}
 	# We can't use useradd without chrooting, otherwise it invokes PAM modules
 	# which we might not be able to load (i.e. when building i686 packages on
 	# an x86_64 host).
 	printf 'builduser:x:%d:100:builduser:/:/usr/bin/nologin\n' "$builduser_uid" >>"$copydir/etc/passwd"
 	chown -R "$builduser_uid" "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir}
 	if [[ -n $MAKEFLAGS ]]; then
 		sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf"
 		echo "MAKEFLAGS='${MAKEFLAGS}'" >> "$copydir/etc/makepkg.conf"
-fi
+	fi
-if [[ -n $PACKAGER ]]; then
+	if [[ -n $PACKAGER ]]; then
 		sed -i '/^PACKAGER=/d' "$copydir/etc/makepkg.conf"
 		echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf"
 fi
 # Set target CARCH as it might be used within the PKGBUILD to select correct sources
 eval $(grep '^CARCH=' "$copydir/etc/makepkg.conf")
 export CARCH
 # Copy PKGBUILD and sources
 cp PKGBUILD "$copydir/build/"
 (
 	source PKGBUILD
 	for file in "${source[@]}"; do
 		file="${file%%::*}"
 		file="${file##*://*/}"
 		if [[ -f $file ]]; then
 			cp "$file" "$copydir/srcdest/"
 		elif [[ -f $SRCDEST/$file ]]; then
 			cp "$SRCDEST/$file" "$copydir/srcdest/"
 	fi
 	done
-	# Find all changelog and install files, even inside functions
+	if [[ ! -f $copydir/etc/sudoers.d/builduser-pacman ]]; then
-	for i in 'changelog' 'install'; do
+		cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF
 		while read -r file; do
 			# evaluate any bash variables used
 			eval file=\"$(sed 's/^\(['\''"]\)\(.*\)\1$/\2/' <<< "$file")\"
 			[[ -f $file ]] && cp "$file" "$copydir/build/"
 		done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
 	done
 )
 chown -R nobody "$copydir"/{build,pkgdest,srcdest}
 cat > "$copydir/etc/sudoers.d/nobody-pacman" <<EOF
 Defaults env_keep += "HOME"
-nobody ALL = NOPASSWD: /usr/bin/pacman
+builduser ALL = NOPASSWD: /usr/bin/pacman
 EOF
-chmod 440 "$copydir/etc/sudoers.d/nobody-pacman"
+		chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"
 # This is a little gross, but this way the script is recreated every time in the
 # working copy
 cat >"$copydir/chrootbuild" <<EOF
 #!/bin/bash
 . /etc/profile
 export HOME=/build
 cd /build
 sudo -u nobody makepkg $makepkg_args || touch BUILD_FAILED
 [[ -f BUILD_FAILED ]] && exit 1
 if $run_namcap; then
 	pacman -S --needed --noconfirm namcap
 	for pkgfile in /build/PKGBUILD /pkgdest/*.pkg.tar.?z; do
 		echo "Checking \${pkgfile##*/}"
 		sudo -u nobody namcap "\$pkgfile" 2>&1 | tee "/build/\${pkgfile##*/}-namcap.log"
 	done
 fi
 exit 0
 EOF
 chmod +x "$copydir/chrootbuild"
 if mkarchroot -r "/chrootbuild" "$copydir"; then
 	for pkgfile in "$copydir"/pkgdest/*.pkg.tar.?z; do
 		if $add_to_db; then
 			mkdir -p "$copydir/repo"
 			pushd "$copydir/repo" >/dev/null
 			cp "$pkgfile" .
 			repo-add repo.db.tar.gz "${pkgfile##*/}"
 			popd >/dev/null
 	fi
 	# This is a little gross, but this way the script is recreated every time in the
 	# working copy
 	{
 		printf '#!/bin/bash\n'
 		declare -f _chrootbuild
 		printf '_chrootbuild'
 		printf ' %q' "${makepkg_args[@]}"
 		printf ' || exit\n'
 		if $run_namcap; then
 			cat <<'EOF'
 pacman -S --needed --noconfirm namcap
 for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
 	echo "Checking ${pkgfile##*/}"
 	sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
 done
 EOF
 		fi
 	} >"$copydir/chrootbuild"
 	chmod +x "$copydir/chrootbuild"
 }
 download_sources() {
 	local builddir="$(mktemp -d)"
 	chmod 1777 "$builddir"
 	# Ensure sources are downloaded
 	if [[ -n $SUDO_USER ]]; then
 		sudo -u $SUDO_USER env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
 			makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o
 	else
 		( export SRCDEST BUILDDIR="$builddir"
 			makepkg --asroot --config="$copydir/etc/makepkg.conf" --verifysource -o
 		)
 	fi
 	(( $? != 0 )) && die "Could not download sources."
 	# Clean up garbage from verifysource
 	rm -rf $builddir
 }
 _chrootbuild() {
 	# This function isn't run in makechrootpkg,
 	# so no global variables
 	. /etc/profile
 	export HOME=/build
 	shopt -s nullglob
 	# XXX: Workaround makepkg disliking read-only dirs
 	ln -sft /srcdest /srcdest_host/*
 	ln -sft /startdir /startdir_host/*
 	# XXX: Keep bzr and svn sources writable
 	# Since makepkg 4.1.1 they get checked out via cp -a, copying the symlink
 	for dir in /srcdest /startdir; do
 		for vcs in bzr svn; do
 			cd "$dir"
 			for vcsdir in */.$vcs; do
 				rm "${vcsdir%/.$vcs}"
 				cp -a "${dir}_host/${vcsdir%/.$vcs}" .
 				chown -R builduser "${vcsdir%/.$vcs}"
 			done
 		done
 	done
 	cd /startdir
 	# XXX: Keep PKGBUILD writable for pkgver()
 	rm PKGBUILD*
 	cp /startdir_host/PKGBUILD* .
 	chown builduser PKGBUILD*
 	# Safety check
 	if [[ ! -w PKGBUILD ]]; then
 		echo "Can't write to PKGBUILD!"
 		exit 1
 	fi
 	sudo -u builduser makepkg "$@"
 }
 move_products() {
 	for pkgfile in "$copydir"/pkgdest/*; do
 		chown "$src_owner" "$pkgfile"
 		mv "$pkgfile" "$PKGDEST"
 	done
-	for l in "$copydir"/build/*-{build,check,namcap,package,package_*}.log; do
+	for l in "$copydir"/logdest/*; do
 		[[ $l == */logpipe.* ]] && continue
 		chown "$src_owner" "$l"
-		[[ -f $l ]] && mv "$l" .
+		mv "$l" "$LOGDEST"
 	done
 else
 	# Just in case. We returned 1, make sure we fail
 	touch "$copydir/build/BUILD_FAILED"
 fi
-for f in "$copydir"/srcdest/*; do
+	for s in "$copydir"/srcpkgdest/*; do
-	chown "$src_owner" "$f"
+		chown "$src_owner" "$s"
-	mv "$f" "$SRCDEST"
+		mv "$s" "$SRCPKGDEST"
 	done
 }
 # }}}
 orig_argv=("$@")
 while getopts 'hcur:I:l:nTD:d:' arg; do
 	case "$arg" in
 		c) clean_first=true ;;
 		D) bindmounts_ro+=(--bind-ro="$OPTARG") ;;
 		d) bindmounts_rw+=(--bind="$OPTARG") ;;
 		u) update_first=true ;;
 		r) passeddir="$OPTARG" ;;
 		I) install_pkgs+=("$OPTARG") ;;
 		l) copy="$OPTARG" ;;
 		n) run_namcap=true; makepkg_args+=(-i) ;;
 		T) temp_chroot=true; copy+="-$$" ;;
 		h|*) usage ;;
 	esac
 done
-if [[ -e $copydir/build/BUILD_FAILED ]]; then
+[[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.'
-	rm "$copydir/build/BUILD_FAILED"
+
-	die "Build failed, check $copydir/build"
+check_root "$0" "${orig_argv[@]}"
 # Canonicalize chrootdir, getting rid of trailing /
 chrootdir=$(readlink -e "$passeddir")
 [[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir"
 [[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try using: mkarchroot %s/root base-devel" "$chrootdir"
 # Detect chrootdir filesystem type
 chroottype=$(stat -f -c %T "$chrootdir")
 if [[ ${copy:0:1} = / ]]; then
 	copydir=$copy
 else
 	copydir="$chrootdir/$copy"
 fi
 # Pass all arguments after -- right to makepkg
 makepkg_args+=("${@:$OPTIND}")
 # See if -R was passed to makepkg
 for arg in "${@:OPTIND}"; do
 	case ${arg%%=*} in
 		-*R*|--repackage)
 			repack=true
 			break 2
 			;;
 	esac
 done
 if [[ -n $SUDO_USER ]]; then
 	eval "USER_HOME=~$SUDO_USER"
 else
 	USER_HOME=$HOME
 fi
 umask 0022
 load_vars "$USER_HOME/.makepkg.conf"
 load_vars /etc/makepkg.conf
 # Use PKGBUILD directory if these don't exist
 [[ -d $PKGDEST ]]    || PKGDEST=$PWD
 [[ -d $SRCDEST ]]    || SRCDEST=$PWD
 [[ -d $SRCPKGDEST ]] || SRCPKGDEST=$PWD
 [[ -d $LOGDEST ]]    || LOGDEST=$PWD
 create_chroot
 $update_first && arch-nspawn "$copydir" \
 		"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
 		pacman -Syu --noconfirm
 [[ -n ${install_pkgs[*]} ]] && install_packages
 download_sources
 prepare_chroot
 if arch-nspawn "$copydir" \
 	--bind-ro="$PWD:/startdir_host" \
 	--bind-ro="$SRCDEST:/srcdest_host" \
 	"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
 	/chrootbuild
 then
 	move_products
 else
 	(( ret += 1 ))
 fi
 $temp_chroot && clean_temporary
 if (( ret != 0 )); then
 	if $temp_chroot; then
 		die "Build failed"
 	else
 		die "Build failed, check %s/build" "$copydir"
 	fi
 else
 	true
 fi
--- a/makepkg-i686.conf
+++ b/makepkg-i686.conf
@@ -11,7 +11,7 @@
 DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
          'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
          'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
-          'rsync::/usr/bin/rsync -z %u %o'
+          'rsync::/usr/bin/rsync --no-motd -z %u %o'
          'scp::/usr/bin/scp -C %u %o')
 # Other common tools:
@@ -19,6 +19,13 @@ DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %
 # /usr/bin/lftpget -c
 # /usr/bin/wget
 #-- The package required by makepkg to download VCS sources
 #  Format: 'protocol::package'
 VCSCLIENTS=('bzr::bzr'
            'git::git'
            'hg::mercurial'
            'svn::subversion')
 #########################################################################
 # ARCHITECTURE, COMPILE FLAGS
 #########################################################################
@@ -29,27 +36,30 @@ CHOST="i686-pc-linux-gnu"
 #-- Compiler and Linker Flags
 # -march (or -mcpu) builds exclusively for an architecture
 # -mtune optimizes for an architecture, but builds for whole processor family
-CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
+CPPFLAGS="-D_FORTIFY_SOURCE=2"
-CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
+CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector-strong"
 CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector-strong"
 LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
 #########################################################################
 # BUILD ENVIRONMENT
 #########################################################################
 #
-# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
+# Defaults: BUILDENV=(!distcc color !ccache check !sign)
 #  A negated environment option will do the opposite of the comments below.
 #
 #-- fakeroot: Allow building packages as a non-root user
 #-- distcc:   Use the Distributed C/C++/ObjC compiler
 #-- color:    Colorize output messages
 #-- ccache:   Use ccache to cache compilation
 #-- check:    Run the check() function if present in the PKGBUILD
 #-- sign:     Generate PGP signature file
 #
-BUILDENV=(fakeroot !distcc color !ccache check !sign)
+BUILDENV=(!distcc color !ccache check !sign)
 #
 #-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
 #-- specify a space-delimited list of hosts running in the DistCC cluster.
@@ -63,18 +73,20 @@ BUILDENV=(fakeroot !distcc color !ccache check !sign)
 #   These are default values for the options=() settings
 #########################################################################
 #
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
+# Default: OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
 #  A negated option will do the opposite of the comments below.
 #
 #-- strip:      Strip symbols from binaries/libraries
 #-- docs:       Save doc directories specified by DOC_DIRS
 #-- libtool:    Leave libtool (.la) files in packages
 #-- staticlibs: Leave static library (.a) files in packages
 #-- emptydirs:  Leave empty directories in packages
 #-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
 #-- purge:      Remove files specified by PURGE_TARGETS
 #-- upx:        Compress binary executable files using UPX
 #-- debug:      Add debugging flags as specified in DEBUG_* variables
 #
-OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
 #-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
 INTEGRITY_CHECK=(md5)
@@ -103,11 +115,24 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
 #SRCDEST=/home/sources
 #-- Source packages: specify a fixed directory where all src packages will be placed
 #SRCPKGDEST=/home/srcpackages
 #-- Log files: specify a fixed directory where all log files will be placed
 #LOGDEST=/home/makepkglogs
 #-- Packager: name/email of the person or organization building packages
 #PACKAGER="John Doe <john@doe.com>"
 #-- Specify a key to use for package signing
 #GPGKEY=""
 #########################################################################
 # COMPRESSION DEFAULTS
 #########################################################################
 #
 COMPRESSGZ=(gzip -c -f -n)
 COMPRESSBZ2=(bzip2 -c -f)
 COMPRESSXZ=(xz -c -z -)
 COMPRESSLRZ=(lrzip -q)
 COMPRESSLZO=(lzop -q)
 COMPRESSZ=(compress -c -f)
 #########################################################################
 # EXTENSION DEFAULTS
 #########################################################################
--- a/makepkg-x86_64.conf
+++ b/makepkg-x86_64.conf
@@ -11,7 +11,7 @@
 DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
          'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
          'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
-          'rsync::/usr/bin/rsync -z %u %o'
+          'rsync::/usr/bin/rsync --no-motd -z %u %o'
          'scp::/usr/bin/scp -C %u %o')
 # Other common tools:
@@ -19,6 +19,13 @@ DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %
 # /usr/bin/lftpget -c
 # /usr/bin/wget
 #-- The package required by makepkg to download VCS sources
 #  Format: 'protocol::package'
 VCSCLIENTS=('bzr::bzr'
            'git::git'
            'hg::mercurial'
            'svn::subversion')
 #########################################################################
 # ARCHITECTURE, COMPILE FLAGS
 #########################################################################
@@ -29,27 +36,30 @@ CHOST="x86_64-unknown-linux-gnu"
 #-- Compiler and Linker Flags
 # -march (or -mcpu) builds exclusively for an architecture
 # -mtune optimizes for an architecture, but builds for whole processor family
-CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
+CPPFLAGS="-D_FORTIFY_SOURCE=2"
-CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
+CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong"
 CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong"
 LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
 #-- Debugging flags
 DEBUG_CFLAGS="-g -fvar-tracking-assignments"
 DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
 #########################################################################
 # BUILD ENVIRONMENT
 #########################################################################
 #
-# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
+# Defaults: BUILDENV=(!distcc color !ccache check !sign)
 #  A negated environment option will do the opposite of the comments below.
 #
 #-- fakeroot: Allow building packages as a non-root user
 #-- distcc:   Use the Distributed C/C++/ObjC compiler
 #-- color:    Colorize output messages
 #-- ccache:   Use ccache to cache compilation
 #-- check:    Run the check() function if present in the PKGBUILD
 #-- sign:     Generate PGP signature file
 #
-BUILDENV=(fakeroot !distcc color !ccache check !sign)
+BUILDENV=(!distcc color !ccache check !sign)
 #
 #-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
 #-- specify a space-delimited list of hosts running in the DistCC cluster.
@@ -63,18 +73,20 @@ BUILDENV=(fakeroot !distcc color !ccache check !sign)
 #   These are default values for the options=() settings
 #########################################################################
 #
-# Default: OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
+# Default: OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
 #  A negated option will do the opposite of the comments below.
 #
 #-- strip:      Strip symbols from binaries/libraries
 #-- docs:       Save doc directories specified by DOC_DIRS
 #-- libtool:    Leave libtool (.la) files in packages
 #-- staticlibs: Leave static library (.a) files in packages
 #-- emptydirs:  Leave empty directories in packages
 #-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
 #-- purge:      Remove files specified by PURGE_TARGETS
 #-- upx:        Compress binary executable files using UPX
 #-- debug:      Add debugging flags as specified in DEBUG_* variables
 #
-OPTIONS=(strip docs libtool emptydirs zipman purge !upx)
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
 #-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
 INTEGRITY_CHECK=(md5)
@@ -103,11 +115,24 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
 #SRCDEST=/home/sources
 #-- Source packages: specify a fixed directory where all src packages will be placed
 #SRCPKGDEST=/home/srcpackages
 #-- Log files: specify a fixed directory where all log files will be placed
 #LOGDEST=/home/makepkglogs
 #-- Packager: name/email of the person or organization building packages
 #PACKAGER="John Doe <john@doe.com>"
 #-- Specify a key to use for package signing
 #GPGKEY=""
 #########################################################################
 # COMPRESSION DEFAULTS
 #########################################################################
 #
 COMPRESSGZ=(gzip -c -f -n)
 COMPRESSBZ2=(bzip2 -c -f)
 COMPRESSXZ=(xz -c -z -)
 COMPRESSLRZ=(lrzip -q)
 COMPRESSLZO=(lzop -q)
 COMPRESSZ=(compress -c -f)
 #########################################################################
 # EXTENSION DEFAULTS
 #########################################################################
--- a/mkarchroot.in
+++ b/mkarchroot.in
@@ -10,58 +10,38 @@
 m4_include(lib/common.sh)
-CHROOT_VERSION='v2'
+CHROOT_VERSION='v3'
 FORCE='n'
 RUN=''
 NOCOPY='n'
 working_dir=''
 APPNAME=$(basename "${0}")
 # usage: usage <exitvalue>
 usage() {
-	echo "usage ${APPNAME} [options] working-dir [package-list | app]"
+	echo "Usage: ${0##*/} [options] working-dir package-list..."
 	echo ' options:'
 	echo '    -r <app>      Run "app" within the context of the chroot'
 	echo '    -u            Update the chroot via pacman'
 	echo '    -f            Force overwrite of files in the working-dir'
 	echo '    -C <file>     Location of a pacman config file'
 	echo '    -M <file>     Location of a makepkg config file'
 	echo '    -n            Do not copy config files into the chroot'
 	echo '    -c <dir>      Set pacman cache'
 	echo '    -h            This message'
 	exit 1
 }
-while getopts 'r:ufnhC:M:c:' arg; do
+orig_argv=("$@")
-	case "${arg}" in
+
-		r) RUN="$OPTARG" ;;
+while getopts 'hC:M:c:' arg; do
-		u) RUN='/bin/sh -c "pacman -Syu --noconfirm && (pacman -Qqu >/dev/null && pacman -Su --noconfirm || exit 0)"' ;;
+	case "$arg" in
 		f) FORCE='y' ;;
 		C) pac_conf="$OPTARG" ;;
 		M) makepkg_conf="$OPTARG" ;;
 		n) NOCOPY='y' ;;
 		c) cache_dir="$OPTARG" ;;
 		h|?) usage ;;
-		*) error "invalid argument '${arg}'"; usage ;;
+		*) error "invalid argument '$arg'"; usage ;;
 	esac
 done
 if (( $EUID != 0 )); then
 	die 'This script must be run as root.'
 fi
 shift $(($OPTIND - 1))
-if [[ -z $RUN ]] && (( $# < 2 )); then
+(( $# < 2 )) && die 'You must specify a directory and one or more packages.'
 	die 'You must specify a directory and one or more packages.'
 elif (( $# < 1 )); then
 	die 'You must specify a directory.'
 fi
-working_dir="$(readlink -f ${1})"
+check_root "$0" "${orig_argv[@]}"
 working_dir="$(readlink -f $1)"
 shift 1
 [[ -z $working_dir ]] && die 'Please specify a working directory.'
@@ -72,203 +52,31 @@ else
 	cache_dirs=(${cache_dir})
 fi
 host_mirror=$(pacman -Sddp extra/devtools 2>/dev/null | sed -E 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
 if echo "${host_mirror}" | grep -q 'file://'; then
 	host_mirror_path=$(echo "${host_mirror}" | sed -E 's#file://(/.*)/\$repo/os/\$arch#\1#g')
 fi
 # {{{ functions
 bind_mount() {
 	local mode="${2:-rw}"
 	local target="${working_dir}${1}"
 	if [[ ! -e "$target" ]]; then
 		if [[ -d "$1" ]]; then
 			install -d "$target"
 		else
 			install -D /dev/null "$target"
 		fi
 	fi
 	mount -o bind "$1" "$target"
 	mount -o remount,${mode},bind "$target"
 	mount --make-slave "$target"
 }
 chroot_mount() {
 	trap 'trap_chroot_umount' EXIT INT QUIT TERM HUP
 	if (( ! have_nspawn )); then
 		bind_mount /sys ro
 		[[ -e "${working_dir}/proc" ]] || mkdir "${working_dir}/proc"
 		mount -t proc proc -o nosuid,noexec,nodev "${working_dir}/proc"
 		bind_mount /proc/sys ro
 		[[ -e "${working_dir}/dev" ]] || mkdir "${working_dir}/dev"
 		mount -t tmpfs dev "${working_dir}/dev" -o mode=0755,size=10M,nosuid,strictatime
 		mknod -m 666 "${working_dir}/dev/null" c 1 3
 		mknod -m 666 "${working_dir}/dev/zero" c 1 5
 		mknod -m 600 "${working_dir}/dev/console" c 5 1
 		mknod -m 644 "${working_dir}/dev/random" c 1 8
 		mknod -m 644 "${working_dir}/dev/urandom" c 1 9
 		mknod -m 666 "${working_dir}/dev/tty" c 5 0
 		mknod -m 666 "${working_dir}/dev/ptmx" c 5 2
 		mknod -m 666 "${working_dir}/dev/tty0" c 4 0
 		mknod -m 666 "${working_dir}/dev/full" c 1 7
 		mknod -m 666 "${working_dir}/dev/rtc0" c 254 0
 		ln -s /proc/kcore "${working_dir}/dev/core"
 		ln -s /proc/self/fd "${working_dir}/dev/fd"
 		ln -s /proc/self/fd/0 "${working_dir}/dev/stdin"
 		ln -s /proc/self/fd/1 "${working_dir}/dev/stdout"
 		ln -s /proc/self/fd/2 "${working_dir}/dev/stderr"
 		[[ -e "${working_dir}/dev/shm" ]] || mkdir "${working_dir}/dev/shm"
 		mount -t tmpfs shm "${working_dir}/dev/shm" -o nodev,nosuid,size=128M
 		bind_mount /dev/pts
 		[[ -e "${working_dir}/run" ]] || mkdir "${working_dir}/run"
 		mount -t tmpfs tmpfs "${working_dir}/run" -o mode=0755,nodev,nosuid,strictatime,size=64M
 		for host_config in resolv.conf localtime; do
 			bind_mount /etc/$host_config ro
 		done
 	fi
 	[[ -n $host_mirror_path ]] && bind_mount "$host_mirror_path" ro
 	bind_mount "${cache_dirs[0]}"
 	for cache_dir in ${cache_dirs[@]:1}; do
 		bind_mount "$cache_dir" ro
 	done
 }
 copy_hostconf () {
 	cp -a /etc/pacman.d/gnupg "${working_dir}/etc/pacman.d"
 	echo "Server = ${host_mirror}" > ${working_dir}/etc/pacman.d/mirrorlist
 	if [[ -n $pac_conf && $NOCOPY = 'n' ]]; then
 		cp ${pac_conf} ${working_dir}/etc/pacman.conf
 	fi
 	if [[ -n $makepkg_conf && $NOCOPY = 'n' ]]; then
 		cp ${makepkg_conf} ${working_dir}/etc/makepkg.conf
 	fi
 	sed -r "s|^#?\\s*CacheDir.+|CacheDir = $(echo -n ${cache_dirs[@]})|g" -i ${working_dir}/etc/pacman.conf
 }
 trap_chroot_umount () {
 	trap 'trap_abort' INT QUIT TERM HUP
 	trap 'trap_exit' EXIT
 	for cache_dir in ${cache_dirs[@]}; do
 		umount "${working_dir}/${cache_dir}"
 	done
 	[[ -n $host_mirror_path ]] && umount "${working_dir}/${host_mirror_path}"
 	if (( ! have_nspawn )); then
 		for host_config in resolv.conf localtime; do
 			umount "${working_dir}/etc/${host_config}"
 		done
 		umount "${working_dir}/proc/sys"
 		umount "${working_dir}/proc"
 		umount "${working_dir}/sys"
 		umount "${working_dir}/dev/pts"
 		umount "${working_dir}/dev/shm"
 		umount "${working_dir}/dev"
 		umount "${working_dir}/run"
 	fi
 }
 chroot_lock () {
 	# Only reopen the FD if it wasn't handed to us
 	if [[ $(readlink -f /dev/fd/9) != "${working_dir}.lock" ]]; then
 	  exec 9>"${working_dir}.lock"
 	fi
 	# Lock the chroot. Take note of the FD number.
 	if ! flock -n 9; then
 		stat_busy "Locking chroot"
 		flock 9
 		stat_done
 	fi
 }
 chroot_run() {
 	local dir=$1
 	shift
 	if (( have_nspawn)); then
 		eval systemd-nspawn -D "${dir}" -- ${@} 2>/dev/null
 	else
 		eval unshare -mui -- chroot "${dir}" ${@}
 	fi
 }
 # }}}
 # use systemd-nspawn if we have it available and systemd is running
 if type -P systemd-nspawn >/dev/null && mountpoint -q /sys/fs/cgroup/systemd; then
 	have_nspawn=1
 fi
 umask 0022
-if [[ -n $RUN ]]; then
+
-	# run chroot {{{
+[[ -e $working_dir ]] && die "Working directory '%s' already exists" "$working_dir"
-	#Sanity check
+
-	if [[ ! -f "${working_dir}/.arch-chroot" ]]; then
+mkdir -p "$working_dir"
-		die "'${working_dir}' does not appear to be a Arch chroot."
+
-	elif [[ $(cat "${working_dir}/.arch-chroot") != ${CHROOT_VERSION} ]]; then
+lock 9 "${working_dir}.lock" "Locking chroot"
-		die "'${working_dir}' is not compatible with ${APPNAME} version ${CHROOT_VERSION}. Please rebuild."
+
 if [[ $(stat -f -c %T "$working_dir") == btrfs ]]; then
 	rmdir "$working_dir"
 	if ! btrfs subvolume create "$working_dir"; then
 		die "Couldn't create subvolume for '%s'" "$working_dir"
 	fi
-
+	chmod 0755 "$working_dir"
 	chroot_lock
 	chroot_mount
 	copy_hostconf
 	chroot_run "${working_dir}" ${RUN}
 	# }}}
 else
 	# {{{ build chroot
 	if [[ -e $working_dir && $FORCE = 'n' ]]; then
 		die "Working directory '${working_dir}' already exists - try using -f"
 	fi
 	if { type -P btrfs && btrfs subvolume create "${working_dir}"; } &>/dev/null; then
 		chmod 0755 "${working_dir}"
 	fi
 	chroot_lock
 	chroot_mount
 	pacargs="${cache_dirs[@]/#/--cachedir=}"
 	if [[ -n $pac_conf ]]; then
 		pacargs="$pacargs --config=${pac_conf}"
 	fi
 	if (( $# != 0 )); then
 		if [[ $FORCE = 'y' ]]; then
 			pacargs="$pacargs --force"
 		fi
 		if ! pacstrap -GMcd "${working_dir}" ${pacargs} $@; then
 			die 'Failed to install all packages'
 		fi
 	fi
 	if [[ -d "${working_dir}/lib/modules" ]]; then
 		chroot_run "${working_dir}" ldconfig
 	fi
 	if [[ -e "${working_dir}/etc/locale.gen" ]]; then
 		sed -i 's@^#\(en_US\|de_DE\)\(\.UTF-8\)@\1\2@' "${working_dir}/etc/locale.gen"
 		chroot_run "${working_dir}" locale-gen
 	fi
 	echo 'LANG=C' > "${working_dir}/etc/locale.conf"
 	copy_hostconf
 	echo "${CHROOT_VERSION}" > "${working_dir}/.arch-chroot"
 	# }}}
 fi
 pacstrap -GMcd ${pac_conf:+-C "$pac_conf"} "$working_dir" \
  "${cache_dirs[@]/#/--cachedir=}" "$@" || die 'Failed to install all packages'
 printf '%s.UTF-8 UTF-8\n' en_US de_DE > "$working_dir/etc/locale.gen"
 echo 'LANG=C' > "$working_dir/etc/locale.conf"
 echo "$CHROOT_VERSION" > "$working_dir/.arch-chroot"
 exec arch-nspawn \
 	${pac_conf:+-C "$pac_conf"} \
 	${makepkg_conf:+-M "$makepkg_conf"} \
 	${cache_dir:+-c "$cache_dir"} \
 	"$working_dir" locale-gen
--- a/pacman-extra.conf
+++ b/pacman-extra.conf
@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 #UseDelta    = 0.7
 Architecture = auto
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,7 +38,9 @@ Architecture = auto
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
@@ -69,23 +70,18 @@ Architecture = auto
 # after the header, and they will be used before the default mirrors.
 #[testing]
 #SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 #[community-testing]
 #SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/pacman-gnome-unstable.conf
+++ b/pacman-gnome-unstable.conf
@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 #UseDelta    = 0.7
 Architecture = auto
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,7 +38,9 @@ Architecture = auto
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
@@ -69,27 +70,27 @@ Architecture = auto
 # after the header, and they will be used before the default mirrors.
 [gnome-unstable]
-SigLevel = PackageRequired
+Include = /etc/pacman.d/mirrorlist
 [staging]
 Include = /etc/pacman.d/mirrorlist
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
-SigLevel = PackageRequired
+Include = /etc/pacman.d/mirrorlist
 [community-staging]
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/pacman-kde-unstable.conf
+++ b/pacman-kde-unstable.conf
@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 #UseDelta    = 0.7
 Architecture = auto
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,7 +38,9 @@ Architecture = auto
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
@@ -69,27 +70,21 @@ Architecture = auto
 # after the header, and they will be used before the default mirrors.
 [kde-unstable]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/pacman-multilib-staging.conf
+++ b/pacman-multilib-staging.conf
@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 #UseDelta    = 0.7
 Architecture = auto
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,7 +38,9 @@ Architecture = auto
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
@@ -69,45 +70,35 @@ Architecture = auto
 # after the header, and they will be used before the default mirrors.
 [staging]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-staging]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # If you want to run 32 bit applications on your x86_64 system,
 # enable the multilib repositories as required here.
 [multilib-staging]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [multilib-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [multilib]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/pacman-multilib-testing.conf
+++ b/pacman-multilib-testing.conf
@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 #UseDelta    = 0.7
 Architecture = auto
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,7 +38,9 @@ Architecture = auto
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
@@ -69,33 +70,26 @@ Architecture = auto
 # after the header, and they will be used before the default mirrors.
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # If you want to run 32 bit applications on your x86_64 system,
 # enable the multilib repositories as required here.
 [multilib-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [multilib]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/pacman-multilib.conf
+++ b/pacman-multilib.conf
@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 #UseDelta    = 0.7
 Architecture = auto
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,7 +38,9 @@ Architecture = auto
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
@@ -69,34 +70,27 @@ Architecture = auto
 # after the header, and they will be used before the default mirrors.
 #[testing]
 #SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 #[community-testing]
 #SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # If you want to run 32 bit applications on your x86_64 system,
 # enable the multilib repositories as required here.
 #[multilib-testing]
 #SigLevel = PackageRequired
 #Include = /etc/pacman.d/mirrorlist
 [multilib]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/pacman-staging.conf
+++ b/pacman-staging.conf
@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 #UseDelta    = 0.7
 Architecture = auto
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,7 +38,9 @@ Architecture = auto
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
@@ -69,31 +70,24 @@ Architecture = auto
 # after the header, and they will be used before the default mirrors.
 [staging]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-staging]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/pacman-testing.conf
+++ b/pacman-testing.conf
@@ -15,11 +15,10 @@
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 HoldPkg     = pacman glibc
 # If upgrades are available for these packages they will be asked for first
 SyncFirst   = pacman
 #XferCommand = /usr/bin/curl -C - -f %u > %o
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
 #UseDelta    = 0.7
 Architecture = auto
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -31,7 +30,7 @@ Architecture = auto
 # Misc options
 #UseSyslog
-#UseDelta
+#Color
 #TotalDownload
 # We cannot check disk space from within a chroot environment
 #CheckSpace
@@ -39,7 +38,9 @@ Architecture = auto
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-#SigLevel = Optional TrustedOnly
+SigLevel    = Required DatabaseOptional
 LocalFileSigLevel = Optional
 #RemoteFileSigLevel = Required
 # NOTE: You must run `pacman-key --init` before first using pacman; the local
 # keyring can then be populated with the keys of all official Arch Linux
@@ -69,23 +70,18 @@ Architecture = auto
 # after the header, and they will be used before the default mirrors.
 [testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [core]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [extra]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community-testing]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 [community]
 SigLevel = PackageRequired
 Include = /etc/pacman.d/mirrorlist
 # An example of a custom package repository.  See the pacman manpage for
--- a/rebuildpkgs.in
+++ b/rebuildpkgs.in
@@ -12,7 +12,7 @@
 m4_include(lib/common.sh)
 if (( $# < 1 )); then
-	echo "usage: $(basename $0) <chrootdir> <packages to rebuild>"
+	echo "Usage: $(basename $0) <chrootdir> <packages to rebuild>"
 	echo "  example: $(basename $0) ~/chroot readline bash foo bar baz"
 	exit 1
 fi
@@ -47,7 +47,7 @@ pkg_from_pkgbuild() {
 chrootdir="$1"; shift
 pkgs="$@"
-SVNPATH='svn+ssh://gerolde.archlinux.org/srv/svn-packages'
+SVNPATH='svn+ssh://nymeria.archlinux.org/srv/repos/svn-packages/svn'
 msg "Work will be done in $(pwd)/rebuilds"
--- a/zsh_completion.in
+++ b/zsh_completion.in
@@ -1,4 +1,4 @@
-#compdef archbuild archco archrelease archrm commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-i686-build=archbuild extra-x86_64-build=archbuild testing-i686-build=archbuild testing-x86_64-build=archbuild staging-i686-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-i686-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-i686-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco
+#compdef archbuild archco arch-nspawn archrelease archrm commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-i686-build=archbuild extra-x86_64-build=archbuild testing-i686-build=archbuild testing-x86_64-build=archbuild staging-i686-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-i686-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-i686-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco
 m4_include(lib/valid-tags.sh)
@@ -11,6 +11,13 @@ _archco_args=(
 	'*:packages:_devtools_completions_all_packages'
 )
 _arch_nspawn_args=(
 	'-C[Location of a pacman config file]:pacman_config:_files'
 	'-M[Location of a makepkg config file]:makepkg_config:_files'
 	'-c[Set pacman cache]:pacman_cache:_files -/'
 	'-h[Display usage]'
 )
 _archrelease_args=(
 	"*:arch:($_tags[*])"
 )
@@ -32,7 +39,6 @@ _finddeps_args=(
 _makechrootpkg_args=(
 	'-I[Install a package into the working copy]:target:_files -g "*.pkg.tar.*(.)"'
 	'-c[Clean the chroot before building]'
 	'-d[Add the package to a local db at /repo after building]'
 	'-h[Display usage]'
 	'-l[The directory to use as the working copy]:copy_dir:_files -/'
 	'-r[The chroot dir to use]:chroot_dir:_files -/'
@@ -40,12 +46,8 @@ _makechrootpkg_args=(
 )
 _mkarchroot_args=(
 	'-r[Run a program within the context of the chroot]:app'
 	'-u[Update the chroot via pacman]'
 	'-f[Force overwrite of files in the working-dir]'
 	'-C[Location of a pacman config file]:pacman_config:_files'
 	'-M[Location of a makepkg config file]:makepkg_config:_files'
 	'-n[Do not copy config files into the chroot]'
 	'-c[Set pacman cache]:pacman_cache:_files -/'
 	'-h[Display usage]'
 )
@@ -62,7 +64,7 @@ _devtools_completions_all_packages() {
 }
 _devtools() {
-	local argname="_${service}_args[@]"
+	local argname="_${service//-/_}_args[@]"
 	_arguments -s "${(P)argname}"
 }