prepare release 20141024

makechrootpkg: treat makepkg_args as array
makechrootpkg: don't run namcap if makepkg fails
2025-09-13 09:56:18 +02:00 · 2014-10-24 09:19:17 -04:00 · 2014-10-20 20:00:46 -04:00 · 2014-10-20 19:15:24 -04:00 · 2014-10-19 19:36:31 -04:00 · 2014-10-19 16:48:03 -04:00
9 changed files with 91 additions and 64 deletions
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-V=20131107
+V=20141024

 PREFIX = /usr/local

--- a/arch-nspawn.in
+++ b/arch-nspawn.in
@@ -26,6 +26,8 @@ usage() {
 	exit 1
 }

+orig_argv=("$@")
+
 while getopts 'hC:M:c:' arg; do
 	case "$arg" in
 		C) pac_conf="$OPTARG" ;;
@@ -37,8 +39,8 @@ while getopts 'hC:M:c:' arg; do
 done
 shift $(($OPTIND - 1))

-(( $EUID != 0 )) && die 'This script must be run as root.'
 (( $# < 1 )) && die 'You must specify a directory.'
+check_root "$0" "${orig_argv[@]}"

 working_dir=$(readlink -f "$1")
 shift 1
@@ -84,7 +86,7 @@ umask 0022

 # Sanity check
 if [[ ! -f "$working_dir/.arch-chroot" ]]; then
-	die "'%s' does not appear to be a Arch chroot." "$working_dir"
+	die "'%s' does not appear to be an Arch chroot." "$working_dir"
 elif [[ $(cat "$working_dir/.arch-chroot") != $CHROOT_VERSION ]]; then
 	die "chroot '%s' is not at version %s. Please rebuild." "$working_dir" "$CHROOT_VERSION"
 fi
@@ -94,11 +96,8 @@ copy_hostconf

 eval $(grep '^CARCH=' "$working_dir/etc/makepkg.conf")

-machine_name="${working_dir//[![:alnum:]_-]/-}"
-machine_name="${machine_name#-}"
-
 exec ${CARCH:+setarch "$CARCH"} systemd-nspawn 2>/dev/null \
 	-D "$working_dir" \
-	--machine "$machine_name" \
+	--register=no \
 	"${mount_args[@]}" \
 	"$@"
--- a/archbuild.in
+++ b/archbuild.in
@@ -29,6 +29,8 @@ usage() {
 	exit 1
 }

+orig_argv=("$@")
+
 while getopts 'hcr:' arg; do
 	case "${arg}" in
 		c) clean_first=true ;;
@@ -37,13 +39,11 @@ while getopts 'hcr:' arg; do
 	esac
 done

+check_root "$0" "${orig_argv[@]}"
+
 # Pass all arguments after -- right to makepkg
 makechrootpkg_args+=("${@:$OPTIND}")

-if (( EUID )); then
-	die 'This script must be run as root.'
-fi
-
 if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 	msg "Creating chroot for [${repo}] (${arch})..."

@@ -51,7 +51,7 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 		[[ -d $copy ]] || continue
 		msg2 "Deleting chroot copy '$(basename "${copy}")'..."

-		lock 9 "$copydir.lock" "Locking chroot copy '$copy'"
+		lock 9 "$copy.lock" "Locking chroot copy '$copy'"

 		if [[ "$(stat -f -c %T "${copy}")" == btrfs ]]; then
 			{ type -P btrfs && btrfs subvolume delete "${copy}"; } &>/dev/null
--- a/checkpkg.in
+++ b/checkpkg.in
@@ -63,12 +63,11 @@ for _pkgname in "${pkgname[@]}"; do

 	sdiff -s "$TEMPDIR/filelist-$_pkgname-old" "$TEMPDIR/filelist-$_pkgname"

-	if diff "$TEMPDIR/filelist-$_pkgname"{-old,} | grep '\.so' &>/dev/null; then
-		mkdir -p "$TEMPDIR/pkg"
-		bsdtar -x -C "$TEMPDIR" -f "$pkgfile" #> /dev/null
-		comm -13 <(sort "$TEMPDIR/filelist-$_pkgname-old") <(sort "$TEMPDIR/filelist-$_pkgname") | grep .so$ | while read i; do
-			echo "${i}: " "$(objdump -p "$TEMPDIR/$i" | grep SONAME)"
-		done
+	find-libprovides "$TEMPDIR/$oldpkg" | sort > "$TEMPDIR/libraries-$_pkgname-old"
+	find-libprovides "$pkgfile" | sort > "$TEMPDIR/libraries-$_pkgname"
+	if ! diff_output="$(sdiff -s "$TEMPDIR/libraries-$_pkgname-old" "$TEMPDIR/libraries-$_pkgname")"; then
+		msg "Sonames differ in $_pkgname!"
+		echo "$diff_output"
 	else
 		msg "No soname differences for $_pkgname."
 	fi
--- a/lib/common.sh
+++ b/lib/common.sh
@@ -65,12 +65,12 @@ setup_workdir() {

 cleanup() {
 	[[ -n $WORKDIR ]] && rm -rf "$WORKDIR"
-	[[ $1 ]] && exit $1
+	exit ${1:-0}
 }

 abort() {
-	msg 'Aborting...'
-	cleanup 0
+	error 'Aborting...'
+	cleanup 255
 }

 trap_abort() {
@@ -79,13 +79,14 @@ trap_abort() {
 }

 trap_exit() {
+	local r=$?
 	trap - EXIT INT QUIT TERM HUP
-	cleanup
+	cleanup $r
 }

 die() {
 	(( $# )) && error "$@"
-	cleanup 1
+	cleanup 255
 }

 trap 'trap_abort' INT QUIT TERM HUP
@@ -114,7 +115,7 @@ get_full_version() {
 	pkgbase=${pkgbase:-${pkgname[0]}}
 	epoch=${epoch:-0}
 	if [[ -z $1 ]]; then
-		if [[ $epoch ]] && (( ! $epoch )); then
+		if (( ! epoch )); then
 			echo $pkgver-$pkgrel
 		else
 			echo $epoch:$pkgver-$pkgrel
@@ -228,3 +229,15 @@ find_cached_package() {
 			return 1
 	esac
 }
+
+##
+#  usage : check_root ("$0" "$@")
+##
+check_root() {
+	(( EUID == 0 )) && return
+	if type -P sudo >/dev/null; then
+		exec sudo -- "$@"
+	else
+		exec su root -c "$(printf ' %q' "$@")"
+	fi
+}
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -12,7 +12,7 @@ m4_include(lib/common.sh)

 shopt -s nullglob

-makepkg_args='-s --noconfirm -L --holdver'
+makepkg_args=(-s --noconfirm -L --holdver)
 repack=false
 update_first=false
 clean_first=false
@@ -35,8 +35,8 @@ src_owner=${SUDO_USER:-$USER}
 usage() {
 	echo "Usage: ${0##*/} [options] -r <chrootdir> [--] [makepkg args]"
 	echo ' Run this script in a PKGBUILD dir to build a package inside a'
-	echo ' clean chroot. All unrecognized arguments passed to this script'
-	echo ' will be passed to makepkg.'
+	echo ' clean chroot. Arguments passed to this script after the'
+	echo ' end-of-options marker (--) will be passed to makepkg.'
 	echo ''
 	echo ' The chroot dir consists of the following directories:'
 	echo ' <chrootdir>/{root, copy} but only "root" is required'
@@ -46,7 +46,7 @@ usage() {
 	echo 'command:'
 	echo '    mkarchroot <chrootdir>/root base-devel'
 	echo ''
-	echo "Default makepkg args: $makepkg_args"
+	echo "Default makepkg args: ${makepkg_args[*]}"
 	echo ''
 	echo 'Flags:'
 	echo '-h         This help'
@@ -66,9 +66,10 @@ usage() {
 	exit 1
 }

+orig_argv=("$@")
+
 while getopts 'hcur:I:l:nTD:d:' arg; do
 	case "$arg" in
-		h) usage ;;
 		c) clean_first=true ;;
 		D) bindmounts_ro+=(--bind-ro="$OPTARG") ;;
 		d) bindmounts_rw+=(--bind="$OPTARG") ;;
@@ -76,16 +77,16 @@ while getopts 'hcur:I:l:nTD:d:' arg; do
 		r) passeddir="$OPTARG" ;;
 		I) install_pkgs+=("$OPTARG") ;;
 		l) copy="$OPTARG" ;;
-		n) run_namcap=true; makepkg_args="$makepkg_args -i" ;;
+		n) run_namcap=true; makepkg_args+=(-i) ;;
 		T) temp_chroot=true; copy+="-$$" ;;
-		*) makepkg_args="$makepkg_args -$arg $OPTARG" ;;
+		h|*) usage ;;
 	esac
 done

-(( EUID != 0 )) && die 'This script must be run as root.'
-
 [[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.'

+check_root "$0" "${orig_argv[@]}"
+
 # Canonicalize chrootdir, getting rid of trailing /
 chrootdir=$(readlink -e "$passeddir")
 [[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir"
@@ -101,7 +102,7 @@ else
 fi

 # Pass all arguments after -- right to makepkg
-makepkg_args="$makepkg_args ${*:$OPTIND}"
+makepkg_args+=("${@:$OPTIND}")

 # See if -R was passed to makepkg
 for arg in "${@:OPTIND}"; do
@@ -114,7 +115,7 @@ for arg in "${@:OPTIND}"; do
 done

 if [[ -n $SUDO_USER ]]; then
-	USER_HOME=$(eval echo ~$SUDO_USER)
+	eval "USER_HOME=~$SUDO_USER"
 else
 	USER_HOME=$HOME
 fi
@@ -158,11 +159,14 @@ create_chroot() {
 		# Drop the read lock again
 		exec 8>&-
 	fi
+
+	# Update mtime
+	touch "$copydir"
 }

 clean_temporary() {
 	stat_busy "Removing temporary copy [$copy]"
-	if [[ "$chroottype" == btrfs ]]; then
+	if [[ "$chroottype" == btrfs ]] && ! mountpoint -q "$copydir"; then
 		btrfs subvolume delete "$copydir" >/dev/null ||
 			die "Unable to delete subvolume %s" "$copydir"
 	else
@@ -232,7 +236,13 @@ prepare_chroot() {
 		echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf"
 	fi

-	chown -R nobody "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir}
+	builduser_uid=${SUDO_UID:-$UID}
+
+	# We can't use useradd without chrooting, otherwise it invokes PAM modules
+	# which we might not be able to load (i.e. when building i686 packages on
+	# an x86_64 host).
+	printf 'builduser:x:%d:100:builduser:/:/usr/bin/nologin\n' "$builduser_uid" >>"$copydir/etc/passwd"
+	chown -R "$builduser_uid" "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir}

 	if [[ -n $MAKEFLAGS ]]; then
 		sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf"
@@ -244,18 +254,33 @@ prepare_chroot() {
 		echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf"
 	fi

-	if [[ ! -f $copydir/etc/sudoers.d/nobody-pacman ]]; then
-		cat > "$copydir/etc/sudoers.d/nobody-pacman" <<EOF
+	if [[ ! -f $copydir/etc/sudoers.d/builduser-pacman ]]; then
+		cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF
 Defaults env_keep += "HOME"
-nobody ALL = NOPASSWD: /usr/bin/pacman
+builduser ALL = NOPASSWD: /usr/bin/pacman
 EOF
-		chmod 440 "$copydir/etc/sudoers.d/nobody-pacman"
+		chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"
 	fi

 	# This is a little gross, but this way the script is recreated every time in the
 	# working copy
-	printf $'#!/bin/bash\n%s\n_chrootbuild %q %q' "$(declare -f _chrootbuild)" \
-		"$makepkg_args" "$run_namcap" >"$copydir/chrootbuild"
+	{
+		printf '#!/bin/bash\n'
+		declare -f _chrootbuild
+		printf '_chrootbuild'
+		printf ' %q' "${makepkg_args[@]}"
+		printf ' || exit\n'
+
+		if $run_namcap; then
+			cat <<'EOF'
+pacman -S --needed --noconfirm namcap
+for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
+	echo "Checking ${pkgfile##*/}"
+	sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
+done
+EOF
+		fi
+	} >"$copydir/chrootbuild"
 	chmod +x "$copydir/chrootbuild"
 }

@@ -281,8 +306,6 @@ download_sources() {
 _chrootbuild() {
 	# This function isn't run in makechrootpkg,
 	# so no global variables
-	local makepkg_args="$1"
-	local run_namcap="$2"

 	. /etc/profile
 	export HOME=/build
@@ -300,7 +323,7 @@ _chrootbuild() {
 			for vcsdir in */.$vcs; do
 				rm "${vcsdir%/.$vcs}"
 				cp -a "${dir}_host/${vcsdir%/.$vcs}" .
-				chown -R nobody "${vcsdir%/.$vcs}"
+				chown -R builduser "${vcsdir%/.$vcs}"
 			done
 		done
 	done
@@ -310,7 +333,7 @@ _chrootbuild() {
 	# XXX: Keep PKGBUILD writable for pkgver()
 	rm PKGBUILD*
 	cp /startdir_host/PKGBUILD* .
-	chown nobody PKGBUILD*
+	chown builduser PKGBUILD*

 	# Safety check
 	if [[ ! -w PKGBUILD ]]; then
@@ -318,17 +341,7 @@ _chrootbuild() {
 		exit 1
 	fi

-	sudo -u nobody makepkg $makepkg_args || exit 1
-
-	if $run_namcap; then
-		pacman -S --needed --noconfirm namcap
-		for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
-			echo "Checking ${pkgfile##*/}"
-			sudo -u nobody namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
-		done
-	fi
-
-	exit 0
+	sudo -u builduser makepkg "$@"
 }

 move_products() {
--- a/makepkg-i686.conf
+++ b/makepkg-i686.conf
@@ -30,8 +30,8 @@ CHOST="i686-pc-linux-gnu"
 # -march (or -mcpu) builds exclusively for an architecture
 # -mtune optimizes for an architecture, but builds for whole processor family
 CPPFLAGS="-D_FORTIFY_SOURCE=2"
-CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
-CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
+CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4"
+CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4"
 LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
--- a/makepkg-x86_64.conf
+++ b/makepkg-x86_64.conf
@@ -30,8 +30,8 @@ CHOST="x86_64-unknown-linux-gnu"
 # -march (or -mcpu) builds exclusively for an architecture
 # -mtune optimizes for an architecture, but builds for whole processor family
 CPPFLAGS="-D_FORTIFY_SOURCE=2"
-CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
-CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
+CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4"
+CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4"
 LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
--- a/mkarchroot.in
+++ b/mkarchroot.in
@@ -15,7 +15,7 @@ CHROOT_VERSION='v3'
 working_dir=''

 usage() {
-	echo "Usage: ${0##*/} [options] working-dir [package-list | app]"
+	echo "Usage: ${0##*/} [options] working-dir package-list..."
 	echo ' options:'
 	echo '    -C <file>     Location of a pacman config file'
 	echo '    -M <file>     Location of a makepkg config file'
@@ -24,6 +24,8 @@ usage() {
 	exit 1
 }

+orig_argv=("$@")
+
 while getopts 'hC:M:c:' arg; do
 	case "$arg" in
 		C) pac_conf="$OPTARG" ;;
@@ -35,9 +37,10 @@ while getopts 'hC:M:c:' arg; do
 done
 shift $(($OPTIND - 1))

-(( $EUID != 0 )) && die 'This script must be run as root.'
 (( $# < 2 )) && die 'You must specify a directory and one or more packages.'

+check_root "$0" "${orig_argv[@]}"
+
 working_dir="$(readlink -f $1)"
 shift 1
Author	SHA1	Message	Date
Dave Reisner	98166e3454	prepare release `20141024`	2014-10-24 09:19:17 -04:00
Dave Reisner	273d5a7a43	makechrootpkg: treat makepkg_args as array	2014-10-20 20:00:46 -04:00
Dave Reisner	e5fe74102d	makechrootpkg: don't run namcap if makepkg fails Fixes a regression introduced by `285a4e94cd`, which made namcap a "compile time" option.	2014-10-20 19:15:24 -04:00
Dave Reisner	28140068ce	makechroot: die if we encounter an unexpected option	2014-10-19 19:36:31 -04:00
Dave Reisner	bf7dc83bab	save and reuse original argv when auto-elevating Fixes FS#42277.	2014-10-19 16:48:03 -04:00
Doug Newgard	cae954ddb5	checkpkg: improve soname checking This makes soname checking much more robust and is explicit when a soname change is found.	2014-10-01 20:25:59 -04:00
Dave Reisner	285a4e94cd	makechrootpkg: make running namcap a "compile time" choice We don't need to pass _chrootbuild this information at runtime -- we can just generate the build script to do exactly what we want.	2014-09-30 19:28:47 -04:00
Dave Reisner	a78bdb841d	makechrootpkg: build as same UID as invoker Changing UID to that of 'nobody' is arbitrary at best, and an information leak at worst. Let's just drop back to the same UID of the invoker.	2014-09-30 19:28:47 -04:00
Luke Shumaker	12a1300694	makechrootpkg: Use the btrfs mountpoint/subvolume check consistently. Commit `59e348fc3c` added a btrfs subvolume check, but only used it in create_chroot(); it missed clean_temporary().	2014-09-22 08:25:43 -04:00
Luke Shumaker	625e6bd412	mkarchroot: Correct "Usage:" text. The "app" hasn't been an option since arch-nspawn was created.	2014-09-22 08:25:43 -04:00
Luke Shumaker	6dce935b99	archbuild: Fix a variable name mistake. ($copydir -> $copy) It tried to lock `$copydir.lock`, which was the ONLY mention of $copydir in the entire file. Surely it meant `$copy.lock`; the line was probably originally copy/pasted from makechrootpkg or similar, where $copydir is used.	2014-09-22 08:25:43 -04:00
Dave Reisner	98841eb694	common: remove unreachable statement We run from a non-interactive shell, so the exec which is inevitably called will replace the current process and 'die' will never run under any circumstances. This also fixes a bug with the su fallback which would cause multiple arguments to be concatenated without any whitespace between them.	2014-09-22 08:25:43 -04:00
Dave Reisner	be00fcd47b	makechrootpkg: use a simpler/safer expression with eval	2014-09-22 08:25:43 -04:00
Luke Shumaker	651f8f834f	arch-nspawn: Fix a grammar mistake (a/an) in an error message.	2014-09-22 08:25:43 -04:00
Dave Reisner	d83805bc54	nspawn: skip machine registration No need to do this since we don't run an init system in the build root.	2014-09-22 08:25:43 -04:00
Dave Reisner	af6c0a0f6a	common.sh: propagate error through trap_exit Fixes a breakage introduced in `6db31cc16a` which leads to errors being masked from makechrootpkg.	2014-09-22 08:25:42 -04:00
Pierre Schmitz	905198295d	Prepare release	2014-05-10 08:09:49 +02:00
Sébastien Luttringer	03611dc63e	Switch to root when started as regular user In collaborative builder machine, these scripts are often allowed to become root via sudo. This patch avoid to prefix them by sudo each time or call su. Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2014-05-10 08:05:08 +02:00
BlackEagle	7aac293d76	get_full_version :: remove duplicated epoch check Signed-off-by: BlackEagle <ike.devolder@gmail.com> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2014-05-10 08:04:51 +02:00
BlackEagle	6db31cc16a	when cleanup is called without code exit with 0 Signed-off-by: BlackEagle <ike.devolder@gmail.com> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2014-05-10 08:04:24 +02:00
BlackEagle	4ee45fe6d4	abort and die are serious errors so throw 255 out Signed-off-by: BlackEagle <ike.devolder@gmail.com> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2014-05-10 08:03:58 +02:00
Jan Alexander Steffens (heftig)	0b2ae245f1	Update mtime of chroot when building Makes the chroot mtime a useful indicator of last usage. Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2014-05-10 08:01:41 +02:00
Joel Teichroeb	fdd079f3d5	Remove broken unknown arguments check and fix usage If getopts comes across an unknown argument, $arg it set to '?' and $OPTARG is unset. Therefore the getopts line detecting unknown arguments doesn't work. Arguments to pass to makepkg are already handled by passing all the aguments after the end-of-options marker (--), but this wasn't documented in the usage text. Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2014-05-10 08:00:56 +02:00
Allan McRae	9f7ba3d407	Use -fstack-protector-strong Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>	2014-05-04 07:39:54 +02:00