Bump version to 20150606

This is needed in order to use GPG's auto-key-retrieve keyserver option,
otherwise the keyring will get copied to the chroot before the required
keys are retrieved during 'makepkg --verifysource'.

Makefile

@@ -1,4 +1,4 @@
-V=20131101
+V=20150606
 
 PREFIX = /usr/local
 

arch-nspawn.in

@@ -26,6 +26,8 @@ usage() {
 	exit 1
 }
 
+orig_argv=("$@")
+
 while getopts 'hC:M:c:' arg; do
 	case "$arg" in
 		C) pac_conf="$OPTARG" ;;
@@ -37,8 +39,8 @@ while getopts 'hC:M:c:' arg; do
 done
 shift $(($OPTIND - 1))
 
-(( $EUID != 0 )) && die 'This script must be run as root.'
 (( $# < 1 )) && die 'You must specify a directory.'
+check_root "$0" "${orig_argv[@]}"
 
 working_dir=$(readlink -f "$1")
 shift 1
@@ -84,7 +86,7 @@ umask 0022
 
 # Sanity check
 if [[ ! -f "$working_dir/.arch-chroot" ]]; then
-	die "'%s' does not appear to be a Arch chroot." "$working_dir"
+	die "'%s' does not appear to be an Arch chroot." "$working_dir"
 elif [[ $(cat "$working_dir/.arch-chroot") != $CHROOT_VERSION ]]; then
 	die "chroot '%s' is not at version %s. Please rebuild." "$working_dir" "$CHROOT_VERSION"
 fi
@@ -94,11 +96,8 @@ copy_hostconf
 
 eval $(grep '^CARCH=' "$working_dir/etc/makepkg.conf")
 
-machine_name="${working_dir//[![:alnum:]_-]/-}"
-machine_name="${machine_name#-}"
-
 exec ${CARCH:+setarch "$CARCH"} systemd-nspawn 2>/dev/null \
 	-D "$working_dir" \
-	--machine "$machine_name" \
+	--register=no \
 	"${mount_args[@]}" \
 	"$@"

archbuild.in

@@ -29,6 +29,8 @@ usage() {
 	exit 1
 }
 
+orig_argv=("$@")
+
 while getopts 'hcr:' arg; do
 	case "${arg}" in
 		c) clean_first=true ;;
@@ -37,13 +39,11 @@ while getopts 'hcr:' arg; do
 	esac
 done
 
+check_root "$0" "${orig_argv[@]}"
+
 # Pass all arguments after -- right to makepkg
 makechrootpkg_args+=("${@:$OPTIND}")
 
-if (( EUID )); then
-	die 'This script must be run as root.'
-fi
-
 if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 	msg "Creating chroot for [${repo}] (${arch})..."
 
@@ -51,7 +51,7 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 		[[ -d $copy ]] || continue
 		msg2 "Deleting chroot copy '$(basename "${copy}")'..."
 
-		lock 9 "$copydir.lock" "Locking chroot copy '$copy'"
+		lock 9 "$copy.lock" "Locking chroot copy '$copy'"
 
 		if [[ "$(stat -f -c %T "${copy}")" == btrfs ]]; then
 			{ type -P btrfs && btrfs subvolume delete "${copy}"; } &>/dev/null

checkpkg.in

@@ -63,12 +63,11 @@ for _pkgname in "${pkgname[@]}"; do
 
 	sdiff -s "$TEMPDIR/filelist-$_pkgname-old" "$TEMPDIR/filelist-$_pkgname"
 
-	if diff "$TEMPDIR/filelist-$_pkgname"{-old,} | grep '\.so' &>/dev/null; then
-		mkdir -p "$TEMPDIR/pkg"
-		bsdtar -x -C "$TEMPDIR" -f "$pkgfile" #> /dev/null
-		comm -13 <(sort "$TEMPDIR/filelist-$_pkgname-old") <(sort "$TEMPDIR/filelist-$_pkgname") | grep .so$ | while read i; do
-			echo "${i}: " "$(objdump -p "$TEMPDIR/$i" | grep SONAME)"
-		done
+	find-libprovides "$TEMPDIR/$oldpkg" 2>/dev/null | sort > "$TEMPDIR/libraries-$_pkgname-old"
+	find-libprovides "$pkgfile" 2>/dev/null | sort > "$TEMPDIR/libraries-$_pkgname"
+	if ! diff_output="$(sdiff -s "$TEMPDIR/libraries-$_pkgname-old" "$TEMPDIR/libraries-$_pkgname")"; then
+		msg "Sonames differ in $_pkgname!"
+		echo "$diff_output"
 	else
 		msg "No soname differences for $_pkgname."
 	fi

commitpkg.in

@@ -147,7 +147,7 @@ for _arch in ${arch[@]}; do
 			if [[ -n $GPGKEY ]]; then
 				SIGNWITHKEY="-u ${GPGKEY}"
 			fi
-			gpg --detach-sign --use-agent ${SIGNWITHKEY} "${pkgfile}" || die
+			gpg --detach-sign --use-agent --no-armor ${SIGNWITHKEY} "${pkgfile}" || die
 		fi
 		if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
 			die "Signature %s.sig is incorrect!" "$pkgfile"

find-libdeps.in

@@ -32,11 +32,11 @@ else
 	setup_workdir
 
 	case ${script_mode} in
-		deps) bsdtar -C $WORKDIR -xf "$1";;
-		provides) bsdtar -C $WORKDIR -xf "$1" --include="*.so*";;
+		deps) bsdtar -C "$WORKDIR" -xf "$1";;
+		provides) bsdtar -C "$WORKDIR" -xf "$1" --include="*.so*";;
 	esac
 
-	pushd $WORKDIR >/dev/null
+	pushd "$WORKDIR" >/dev/null
 fi
 
 process_sofile() {
@@ -50,16 +50,16 @@ process_sofile() {
 	if ! in_array "${soname}=${soversion}-${soarch}" ${soobjects[@]}; then
 		# libfoo.so=1-64
 		echo "${soname}=${soversion}-${soarch}"
-		soobjects=(${soobjects[@]} "${soname}=${soversion}-${soarch}")
+		soobjects+=("${soname}=${soversion}-${soarch}")
 	fi
 }
 
 case $script_mode in
-	deps) find_args="-perm -u+x";;
-	provides) find_args="-name *.so*";;
+	deps) find_args=(-perm -u+x);;
+  provides) find_args=(-name '*.so*');;
 esac
 
-find . -type f $find_args | while read filename; do
+find . -type f "${find_args[@]}" | while read filename; do
 	if [[ $script_mode = "provides" ]]; then
 		# ignore if we don't have a shared object
 		if ! LC_ALL=C readelf -h "$filename" 2>/dev/null | grep -q '.*Type:.*DYN (Shared object file).*'; then

lib/common.sh

@@ -65,12 +65,12 @@ setup_workdir() {
 
 cleanup() {
 	[[ -n $WORKDIR ]] && rm -rf "$WORKDIR"
-	[[ $1 ]] && exit $1
+	exit ${1:-0}
 }
 
 abort() {
-	msg 'Aborting...'
-	cleanup 0
+	error 'Aborting...'
+	cleanup 255
 }
 
 trap_abort() {
@@ -79,13 +79,14 @@ trap_abort() {
 }
 
 trap_exit() {
+	local r=$?
 	trap - EXIT INT QUIT TERM HUP
-	cleanup
+	cleanup $r
 }
 
 die() {
 	(( $# )) && error "$@"
-	cleanup 1
+	cleanup 255
 }
 
 trap 'trap_abort' INT QUIT TERM HUP
@@ -114,7 +115,7 @@ get_full_version() {
 	pkgbase=${pkgbase:-${pkgname[0]}}
 	epoch=${epoch:-0}
 	if [[ -z $1 ]]; then
-		if [[ $epoch ]] && (( ! $epoch )); then
+		if (( ! epoch )); then
 			echo $pkgver-$pkgrel
 		else
 			echo $epoch:$pkgver-$pkgrel
@@ -181,7 +182,7 @@ pkgver_equal() {
 find_cached_package() {
 	local searchdirs=("$PWD" "$PKGDEST") results=()
 	local targetname=$1 targetver=$2 targetarch=$3
-	local dir pkg pkgbasename pkgparts name ver rel arch size results
+	local dir pkg pkgbasename pkgparts name ver rel arch size r results
 
 	for dir in "${searchdirs[@]}"; do
 		[[ -d $dir ]] || continue
@@ -189,6 +190,11 @@ find_cached_package() {
 		for pkg in "$dir"/*.pkg.tar?(.?z); do
 			[[ -f $pkg ]] || continue
 
+			# avoid adding duplicates of the same inode
+			for r in "${results[@]}"; do
+				[[ $r -ef $pkg ]] && continue 2
+			done
+
 			# split apart package filename into parts
 			pkgbasename=${pkg##*/}
 			pkgbasename=${pkgbasename%.pkg.tar?(.?z)}
@@ -219,7 +225,19 @@ find_cached_package() {
 			;;
 		*)
 			error 'Multiple packages found:'
-			printf '\t%s\n' "${results[@]}"
+			printf '\t%s\n' "${results[@]}" >&2
 			return 1
 	esac
 }
+
+##
+#  usage : check_root ("$0" "$@")
+##
+check_root() {
+	(( EUID == 0 )) && return
+	if type -P sudo >/dev/null; then
+		exec sudo -- "$@"
+	else
+		exec su root -c "$(printf ' %q' "$@")"
+	fi
+}

makechrootpkg.in

@@ -12,7 +12,7 @@ m4_include(lib/common.sh)
 
 shopt -s nullglob
 
-makepkg_args='-s --noconfirm -L --holdver'
+makepkg_args=(-s --noconfirm -L --holdver)
 repack=false
 update_first=false
 clean_first=false
@@ -35,8 +35,8 @@ src_owner=${SUDO_USER:-$USER}
 usage() {
 	echo "Usage: ${0##*/} [options] -r <chrootdir> [--] [makepkg args]"
 	echo ' Run this script in a PKGBUILD dir to build a package inside a'
-	echo ' clean chroot. All unrecognized arguments passed to this script'
-	echo ' will be passed to makepkg.'
+	echo ' clean chroot. Arguments passed to this script after the'
+	echo ' end-of-options marker (--) will be passed to makepkg.'
 	echo ''
 	echo ' The chroot dir consists of the following directories:'
 	echo ' <chrootdir>/{root, copy} but only "root" is required'
@@ -46,7 +46,7 @@ usage() {
 	echo 'command:'
 	echo '    mkarchroot <chrootdir>/root base-devel'
 	echo ''
-	echo "Default makepkg args: $makepkg_args"
+	echo "Default makepkg args: ${makepkg_args[*]}"
 	echo ''
 	echo 'Flags:'
 	echo '-h         This help'
@@ -66,66 +66,13 @@ usage() {
 	exit 1
 }
 
-while getopts 'hcur:I:l:nTD:d:' arg; do
-	case "$arg" in
-		h) usage ;;
-		c) clean_first=true ;;
-		D) bindmounts_ro+=(--bind-ro="$OPTARG") ;;
-		d) bindmounts_rw+=(--bind="$OPTARG") ;;
-		u) update_first=true ;;
-		r) passeddir="$OPTARG" ;;
-		I) install_pkgs+=("$OPTARG") ;;
-		l) copy="$OPTARG" ;;
-		n) run_namcap=true; makepkg_args="$makepkg_args -i" ;;
-		T) temp_chroot=true; copy+="-$$" ;;
-		*) makepkg_args="$makepkg_args -$arg $OPTARG" ;;
-	esac
-done
-
-(( EUID != 0 )) && die 'This script must be run as root.'
-
-[[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.'
-
-# Canonicalize chrootdir, getting rid of trailing /
-chrootdir=$(readlink -e "$passeddir")
-[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir"
-[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try using: mkarchroot %s/root base-devel" "$chrootdir"
-
-# Detect chrootdir filesystem type
-chroottype=$(stat -f -c %T "$chrootdir")
-
-if [[ ${copy:0:1} = / ]]; then
-	copydir=$copy
-else
-	copydir="$chrootdir/$copy"
-fi
-
-# Pass all arguments after -- right to makepkg
-makepkg_args="$makepkg_args ${*:$OPTIND}"
-
-# See if -R was passed to makepkg
-for arg in "${@:OPTIND}"; do
-	case ${arg%%=*} in
-		-*R*|--repackage)
-			repack=true
-			break 2
-			;;
-	esac
-done
-
-if [[ -n $SUDO_USER ]]; then
-	USER_HOME=$(eval echo ~$SUDO_USER)
-else
-	USER_HOME=$HOME
-fi
-
 # {{{ functions
 load_vars() {
 	local makepkg_conf="$1" var
 
 	[[ -f $makepkg_conf ]] || return 1
 
-	for var in {SRC,PKG,LOG}DEST MAKEFLAGS PACKAGER; do
+	for var in {SRC,SRCPKG,PKG,LOG}DEST MAKEFLAGS PACKAGER; do
 		[[ -z ${!var} ]] && eval $(grep "^${var}=" "$makepkg_conf")
 	done
 
@@ -158,11 +105,14 @@ create_chroot() {
 		# Drop the read lock again
 		exec 8>&-
 	fi
+
+	# Update mtime
+	touch "$copydir"
 }
 
 clean_temporary() {
 	stat_busy "Removing temporary copy [$copy]"
-	if [[ "$chroottype" == btrfs ]]; then
+	if [[ "$chroottype" == btrfs ]] && ! mountpoint -q "$copydir"; then
 		btrfs subvolume delete "$copydir" >/dev/null ||
 			die "Unable to delete subvolume %s" "$copydir"
 	else
@@ -203,10 +153,12 @@ prepare_chroot() {
 		echo 'BUILDDIR="/build"' >> "$copydir/etc/makepkg.conf"
 	fi
 
-	# Read .makepkg.conf and .gnupg/pubring.gpg even if called via sudo
-	if [[ -r "$USER_HOME/.gnupg/pubring.gpg" ]]; then
-		install -D "$USER_HOME/.gnupg/pubring.gpg" \
-			   "$copydir/build/.gnupg/pubring.gpg"
+	# Read .makepkg.conf and gnupg pubring
+	if [[ -r $USER_HOME/.gnupg/pubring.kbx ]]; then
+		install -D "$USER_HOME/.gnupg/pubring.kbx" "$copydir/build/.gnupg/pubring.kbx"
+	fi
+	if [[ -r $USER_HOME/.gnupg/pubring.gpg ]]; then
+		install -D "$USER_HOME/.gnupg/pubring.gpg" "$copydir/build/.gnupg/pubring.gpg"
 	fi
 
 	mkdir -p "$copydir/pkgdest"
@@ -214,6 +166,11 @@ prepare_chroot() {
 		echo 'PKGDEST="/pkgdest"' >> "$copydir/etc/makepkg.conf"
 	fi
 
+	mkdir -p "$copydir/srcpkgdest"
+	if ! grep -q 'SRCPKGDEST="/srcpkgdest"' "$copydir/etc/makepkg.conf"; then
+		echo 'SRCPKGDEST="/srcpkgdest"' >> "$copydir/etc/makepkg.conf"
+	fi
+
 	mkdir -p "$copydir/logdest"
 	if ! grep -q 'LOGDEST="/logdest"' "$copydir/etc/makepkg.conf"; then
 		echo 'LOGDEST="/logdest"' >> "$copydir/etc/makepkg.conf"
@@ -227,7 +184,13 @@ prepare_chroot() {
 		echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf"
 	fi
 
-	chown -R nobody "$copydir"/{build,pkgdest,logdest,srcdest,startdir}
+	builduser_uid=${SUDO_UID:-$UID}
+
+	# We can't use useradd without chrooting, otherwise it invokes PAM modules
+	# which we might not be able to load (i.e. when building i686 packages on
+	# an x86_64 host).
+	printf 'builduser:x:%d:100:builduser:/:/usr/bin/nologin\n' "$builduser_uid" >>"$copydir/etc/passwd"
+	chown -R "$builduser_uid" "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir}
 
 	if [[ -n $MAKEFLAGS ]]; then
 		sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf"
@@ -239,18 +202,33 @@ prepare_chroot() {
 		echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf"
 	fi
 
-	if [[ ! -f $copydir/etc/sudoers.d/nobody-pacman ]]; then
-		cat > "$copydir/etc/sudoers.d/nobody-pacman" <<EOF
+	if [[ ! -f $copydir/etc/sudoers.d/builduser-pacman ]]; then
+		cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF
 Defaults env_keep += "HOME"
-nobody ALL = NOPASSWD: /usr/bin/pacman
+builduser ALL = NOPASSWD: /usr/bin/pacman
 EOF
-		chmod 440 "$copydir/etc/sudoers.d/nobody-pacman"
+		chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"
 	fi
 
 	# This is a little gross, but this way the script is recreated every time in the
 	# working copy
-	printf $'#!/bin/bash\n%s\n_chrootbuild %q %q' "$(declare -f _chrootbuild)" \
-		"$makepkg_args" "$run_namcap" >"$copydir/chrootbuild"
+	{
+		printf '#!/bin/bash\n'
+		declare -f _chrootbuild
+		printf '_chrootbuild'
+		printf ' %q' "${makepkg_args[@]}"
+		printf ' || exit\n'
+
+		if $run_namcap; then
+			cat <<'EOF'
+pacman -S --needed --noconfirm namcap
+for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
+	echo "Checking ${pkgfile##*/}"
+	sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
+done
+EOF
+		fi
+	} >"$copydir/chrootbuild"
 	chmod +x "$copydir/chrootbuild"
 }
 
@@ -276,8 +254,6 @@ download_sources() {
 _chrootbuild() {
 	# This function isn't run in makechrootpkg,
 	# so no global variables
-	local makepkg_args="$1"
-	local run_namcap="$2"
 
 	. /etc/profile
 	export HOME=/build
@@ -295,7 +271,7 @@ _chrootbuild() {
 			for vcsdir in */.$vcs; do
 				rm "${vcsdir%/.$vcs}"
 				cp -a "${dir}_host/${vcsdir%/.$vcs}" .
-				chown -R nobody "${vcsdir%/.$vcs}"
+				chown -R builduser "${vcsdir%/.$vcs}"
 			done
 		done
 	done
@@ -305,7 +281,7 @@ _chrootbuild() {
 	# XXX: Keep PKGBUILD writable for pkgver()
 	rm PKGBUILD*
 	cp /startdir_host/PKGBUILD* .
-	chown nobody PKGBUILD*
+	chown builduser PKGBUILD*
 
 	# Safety check
 	if [[ ! -w PKGBUILD ]]; then
@@ -313,17 +289,7 @@ _chrootbuild() {
 		exit 1
 	fi
 
-	sudo -u nobody makepkg $makepkg_args || exit 1
-
-	if $run_namcap; then
-		pacman -S --needed --noconfirm namcap
-		for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
-			echo "Checking ${pkgfile##*/}"
-			sudo -u nobody namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
-		done
-	fi
-
-	exit 0
+	sudo -u builduser makepkg "$@"
 }
 
 move_products() {
@@ -333,21 +299,82 @@ move_products() {
 	done
 
 	for l in "$copydir"/logdest/*; do
+		[[ $l == */logpipe.* ]] && continue
 		chown "$src_owner" "$l"
 		mv "$l" "$LOGDEST"
 	done
+
+	for s in "$copydir"/srcpkgdest/*; do
+		chown "$src_owner" "$s"
+		mv "$s" "$SRCPKGDEST"
+	done
 }
 # }}}
 
+orig_argv=("$@")
+
+while getopts 'hcur:I:l:nTD:d:' arg; do
+	case "$arg" in
+		c) clean_first=true ;;
+		D) bindmounts_ro+=(--bind-ro="$OPTARG") ;;
+		d) bindmounts_rw+=(--bind="$OPTARG") ;;
+		u) update_first=true ;;
+		r) passeddir="$OPTARG" ;;
+		I) install_pkgs+=("$OPTARG") ;;
+		l) copy="$OPTARG" ;;
+		n) run_namcap=true; makepkg_args+=(-i) ;;
+		T) temp_chroot=true; copy+="-$$" ;;
+		h|*) usage ;;
+	esac
+done
+
+[[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.'
+
+check_root "$0" "${orig_argv[@]}"
+
+# Canonicalize chrootdir, getting rid of trailing /
+chrootdir=$(readlink -e "$passeddir")
+[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir"
+[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try using: mkarchroot %s/root base-devel" "$chrootdir"
+
+# Detect chrootdir filesystem type
+chroottype=$(stat -f -c %T "$chrootdir")
+
+if [[ ${copy:0:1} = / ]]; then
+	copydir=$copy
+else
+	copydir="$chrootdir/$copy"
+fi
+
+# Pass all arguments after -- right to makepkg
+makepkg_args+=("${@:$OPTIND}")
+
+# See if -R was passed to makepkg
+for arg in "${@:OPTIND}"; do
+	case ${arg%%=*} in
+		-*R*|--repackage)
+			repack=true
+			break 2
+			;;
+	esac
+done
+
+if [[ -n $SUDO_USER ]]; then
+	eval "USER_HOME=~$SUDO_USER"
+else
+	USER_HOME=$HOME
+fi
+
 umask 0022
 
 load_vars "$USER_HOME/.makepkg.conf"
 load_vars /etc/makepkg.conf
 
 # Use PKGBUILD directory if these don't exist
-[[ -d $PKGDEST ]] || PKGDEST=$PWD
-[[ -d $SRCDEST ]] || SRCDEST=$PWD
-[[ -d $LOGDEST ]] || LOGDEST=$PWD
+[[ -d $PKGDEST ]]    || PKGDEST=$PWD
+[[ -d $SRCDEST ]]    || SRCDEST=$PWD
+[[ -d $SRCPKGDEST ]] || SRCPKGDEST=$PWD
+[[ -d $LOGDEST ]]    || LOGDEST=$PWD
 
 create_chroot
 
@@ -357,10 +384,10 @@ $update_first && arch-nspawn "$copydir" \
 
 [[ -n ${install_pkgs[*]} ]] && install_packages
 
-prepare_chroot
-
 download_sources
 
+prepare_chroot
+
 if arch-nspawn "$copydir" \
 	--bind-ro="$PWD:/startdir_host" \
 	--bind-ro="$SRCDEST:/srcdest_host" \

makepkg-i686.conf

@@ -19,6 +19,13 @@ DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %
 # /usr/bin/lftpget -c
 # /usr/bin/wget
 
+#-- The the package required by makepkg to download VCS sources
+#  Format: 'protocol::package'
+VCSCLIENTS=('bzr::bzr'
+            'git::git'
+            'hg::mercurial'
+            'svn::subversion')
+
 #########################################################################
 # ARCHITECTURE, COMPILE FLAGS
 #########################################################################
@@ -30,8 +37,8 @@ CHOST="i686-pc-linux-gnu"
 # -march (or -mcpu) builds exclusively for an architecture
 # -mtune optimizes for an architecture, but builds for whole processor family
 CPPFLAGS="-D_FORTIFY_SOURCE=2"
-CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
-CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
+CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4"
+CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4"
 LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"

makepkg-x86_64.conf

@@ -19,6 +19,13 @@ DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %
 # /usr/bin/lftpget -c
 # /usr/bin/wget
 
+#-- The the package required by makepkg to download VCS sources
+#  Format: 'protocol::package'
+VCSCLIENTS=('bzr::bzr'
+            'git::git'
+            'hg::mercurial'
+            'svn::subversion')
+
 #########################################################################
 # ARCHITECTURE, COMPILE FLAGS
 #########################################################################
@@ -30,8 +37,8 @@ CHOST="x86_64-unknown-linux-gnu"
 # -march (or -mcpu) builds exclusively for an architecture
 # -mtune optimizes for an architecture, but builds for whole processor family
 CPPFLAGS="-D_FORTIFY_SOURCE=2"
-CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
-CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
+CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4"
+CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4"
 LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"

mkarchroot.in

@@ -15,7 +15,7 @@ CHROOT_VERSION='v3'
 working_dir=''
 
 usage() {
-	echo "Usage: ${0##*/} [options] working-dir [package-list | app]"
+	echo "Usage: ${0##*/} [options] working-dir package-list..."
 	echo ' options:'
 	echo '    -C <file>     Location of a pacman config file'
 	echo '    -M <file>     Location of a makepkg config file'
@@ -24,6 +24,8 @@ usage() {
 	exit 1
 }
 
+orig_argv=("$@")
+
 while getopts 'hC:M:c:' arg; do
 	case "$arg" in
 		C) pac_conf="$OPTARG" ;;
@@ -35,9 +37,10 @@ while getopts 'hC:M:c:' arg; do
 done
 shift $(($OPTIND - 1))
 
-(( $EUID != 0 )) && die 'This script must be run as root.'
 (( $# < 2 )) && die 'You must specify a directory and one or more packages.'
 
+check_root "$0" "${orig_argv[@]}"
+
 working_dir="$(readlink -f $1)"
 shift 1