Version 20170304

This removes the preservation of HOME being /build just for the pacman
sudo call. Former leads to unbuildable packages when an to be installed
dependency writes something into the HOME dir (f.e. .config). The
resulting directories won't be writable by the builduser as they are
owned by root:root and ultimately will fail to build anything that
requires so.

Makefile

@@ -1,4 +1,4 @@
-V=20151129
+V=20170304
 
 PREFIX = /usr/local
 

arch-nspawn.in

@@ -10,7 +10,7 @@
 
 m4_include(lib/common.sh)
 
-CHROOT_VERSION='v3'
+CHROOT_VERSION='v4'
 
 working_dir=''
 
@@ -53,7 +53,7 @@ else
 	cache_dirs=("$cache_dir")
 fi
 
-host_mirror=$(pacman -Sddp extra/devtools 2>/dev/null | sed -r 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
+host_mirror=$(pacman --cachedir /doesnt/exist -Sddp extra/devtools 2>/dev/null | sed -r 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
 [[ $host_mirror == *file://* ]] && host_mirror_path=$(echo "$host_mirror" | sed -r 's#file://(/.*)/\$repo/os/\$arch#\1#g')
 
 # {{{ functions

lib/common.sh

@@ -162,8 +162,6 @@ slock() {
 # usage: pkgver_equal( $pkgver1, $pkgver2 )
 ##
 pkgver_equal() {
-	local left right
-
 	if [[ $1 = *-* && $2 = *-* ]]; then
 		# if both versions have a pkgrel, then they must be an exact match
 		[[ $1 = "$2" ]]
@@ -182,7 +180,7 @@ pkgver_equal() {
 find_cached_package() {
 	local searchdirs=("$PWD" "$PKGDEST") results=()
 	local targetname=$1 targetver=$2 targetarch=$3
-	local dir pkg pkgbasename pkgparts name ver rel arch size r results
+	local dir pkg pkgbasename name ver rel arch r results
 
 	for dir in "${searchdirs[@]}"; do
 		[[ -d $dir ]] || continue

makechrootpkg.in

@@ -127,19 +127,16 @@ clean_temporary() {
 }
 
 install_packages() {
-	local pkgname
+	local -a pkgnames
+	local ret
 
-	for install_pkg in "${install_pkgs[@]}"; do
-		pkgname="${install_pkg##*/}"
-		cp "$install_pkg" "$copydir/$pkgname"
+	pkgnames=("${install_pkgs[@]##*/}")
 
-		arch-nspawn "$copydir" \
-			"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
-			pacman -U /$pkgname --noconfirm
-		(( ret += !! $? ))
-
-		rm "$copydir/$pkgname"
-	done
+	cp -- "${install_pkgs[@]}" "$copydir/root/"
+	arch-nspawn "$copydir" "${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
+		pacman -U --noconfirm -- "${pkgnames[@]/#//root/}"
+	ret=$?
+	rm -- "${pkgnames[@]/#/$copydir/root/}"
 
 	# If there is no PKGBUILD we are done
 	[[ -f PKGBUILD ]] || exit $ret
@@ -148,67 +145,37 @@ install_packages() {
 prepare_chroot() {
 	$repack || rm -rf "$copydir/build"
 
-	mkdir -p "$copydir/build"
-	if ! grep -q 'BUILDDIR="/build"' "$copydir/etc/makepkg.conf"; then
-		echo 'BUILDDIR="/build"' >> "$copydir/etc/makepkg.conf"
-	fi
-
-	# Read .makepkg.conf and gnupg pubring
-	if [[ -r $USER_HOME/.gnupg/pubring.kbx ]]; then
-		install -D "$USER_HOME/.gnupg/pubring.kbx" "$copydir/build/.gnupg/pubring.kbx"
-	fi
-	if [[ -r $USER_HOME/.gnupg/pubring.gpg ]]; then
-		install -D "$USER_HOME/.gnupg/pubring.gpg" "$copydir/build/.gnupg/pubring.gpg"
-	fi
-
-	mkdir -p "$copydir/pkgdest"
-	if ! grep -q 'PKGDEST="/pkgdest"' "$copydir/etc/makepkg.conf"; then
-		echo 'PKGDEST="/pkgdest"' >> "$copydir/etc/makepkg.conf"
-	fi
-
-	mkdir -p "$copydir/srcpkgdest"
-	if ! grep -q 'SRCPKGDEST="/srcpkgdest"' "$copydir/etc/makepkg.conf"; then
-		echo 'SRCPKGDEST="/srcpkgdest"' >> "$copydir/etc/makepkg.conf"
-	fi
-
-	mkdir -p "$copydir/logdest"
-	if ! grep -q 'LOGDEST="/logdest"' "$copydir/etc/makepkg.conf"; then
-		echo 'LOGDEST="/logdest"' >> "$copydir/etc/makepkg.conf"
-	fi
-
-	# These two get bind-mounted read-only
-	# XXX: makepkg dislikes having these dirs read-only, so separate them
-	mkdir -p "$copydir/startdir" "$copydir/startdir_host"
-	mkdir -p "$copydir/srcdest" "$copydir/srcdest_host"
-	if ! grep -q 'SRCDEST="/srcdest"' "$copydir/etc/makepkg.conf"; then
-		echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf"
-	fi
-
-	builduser_uid=${SUDO_UID:-$UID}
+	local builduser_uid="${SUDO_UID:-$UID}"
+	local builduser_gid="$(id -g "$builduser_uid")"
+	local install="install -o $builduser_uid -g $builduser_gid"
+	local x
 
 	# We can't use useradd without chrooting, otherwise it invokes PAM modules
 	# which we might not be able to load (i.e. when building i686 packages on
 	# an x86_64 host).
-	printf 'builduser:x:%d:100:builduser:/build:/bin/bash\n' "$builduser_uid" >>"$copydir/etc/passwd"
-	chown -R "$builduser_uid" "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir}
+	sed -e '/^builduser:/d' -i "$copydir"/etc/{passwd,group}
+	printf >>"$copydir/etc/group"  'builduser:x:%d:\n' $builduser_gid
+	printf >>"$copydir/etc/passwd" 'builduser:x:%d:%d:builduser:/build:/bin/bash\n' $builduser_uid $builduser_gid
 
-	if [[ -n $MAKEFLAGS ]]; then
-		sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf"
-		echo "MAKEFLAGS='${MAKEFLAGS}'" >> "$copydir/etc/makepkg.conf"
-	fi
+	$install -d "$copydir"/{build,build/.gnupg,startdir,{pkg,srcpkg,src,log}dest}
 
-	if [[ -n $PACKAGER ]]; then
-		sed -i '/^PACKAGER=/d' "$copydir/etc/makepkg.conf"
-		echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf"
-	fi
+	for x in .gnupg/pubring.{kbx,gpg}; do
+		[[ -r $USER_HOME/$x ]] || continue
+		$install -m 644 "$USER_HOME/$x" "$copydir/build/$x"
+	done
 
-	if [[ ! -f $copydir/etc/sudoers.d/builduser-pacman ]]; then
-		cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF
-Defaults env_keep += "HOME"
+	sed -e '/^MAKEFLAGS=/d' -e '/^PACKAGER=/d' -i "$copydir/etc/makepkg.conf"
+	for x in BUILDDIR=/build PKGDEST=/pkgdest SRCPKGDEST=/srcpkgdest SRCDEST=/srcdest LOGDEST=/logdest \
+		"MAKEFLAGS='$MAKEFLAGS'" "PACKAGER='$PACKAGER'"
+	do
+		grep -q "^$x" "$copydir/etc/makepkg.conf" && continue
+		echo "$x" >>"$copydir/etc/makepkg.conf"
+	done
+
+	cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF
 builduser ALL = NOPASSWD: /usr/bin/pacman
 EOF
-		chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"
-	fi
+	chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"
 
 	# This is a little gross, but this way the script is recreated every time in the
 	# working copy
@@ -220,18 +187,28 @@ EOF
 		printf ' || exit\n'
 
 		if $run_namcap; then
-			cat <<'EOF'
-pacman -S --needed --noconfirm namcap
-for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
-	echo "Checking ${pkgfile##*/}"
-	sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
-done
-EOF
+			declare -f _chrootnamcap
+			printf '_chrootnamcap || exit\n'
 		fi
 	} >"$copydir/chrootbuild"
 	chmod +x "$copydir/chrootbuild"
 }
 
+# These functions aren't run in makechrootpkg,
+# so no global variables
+_chrootbuild() {
+	. /etc/profile
+	sudo -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@"
+}
+
+_chrootnamcap() {
+	pacman -S --needed --noconfirm namcap
+	for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
+		echo "Checking ${pkgfile##*/}"
+		sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
+	done
+}
+
 download_sources() {
 	local builddir="$(mktemp -d)"
 	chmod 1777 "$builddir"
@@ -251,51 +228,15 @@ download_sources() {
 	rm -rf $builddir
 }
 
-_chrootbuild() {
-	# This function isn't run in makechrootpkg,
-	# so no global variables
-
-	. /etc/profile
-	export HOME=/build
-	shopt -s nullglob
-
-	# XXX: Workaround makepkg disliking read-only dirs
-	ln -sft /srcdest /srcdest_host/*
-	ln -sft /startdir /startdir_host/*
-
-	# XXX: Keep bzr and svn sources writable
-	# Since makepkg 4.1.1 they get checked out via cp -a, copying the symlink
-	for dir in /srcdest /startdir; do
-		for vcs in bzr svn; do
-			cd "$dir"
-			for vcsdir in */.$vcs; do
-				rm "${vcsdir%/.$vcs}"
-				cp -a "${dir}_host/${vcsdir%/.$vcs}" .
-				chown -R builduser "${vcsdir%/.$vcs}"
-			done
-		done
-	done
-
-	cd /startdir
-
-	# XXX: Keep PKGBUILD writable for pkgver()
-	rm PKGBUILD*
-	cp /startdir_host/PKGBUILD* .
-	chown builduser PKGBUILD*
-
-	# Safety check
-	if [[ ! -w PKGBUILD ]]; then
-		echo "Can't write to PKGBUILD!"
-		exit 1
-	fi
-
-	sudo -u builduser makepkg "$@"
-}
-
 move_products() {
 	for pkgfile in "$copydir"/pkgdest/*; do
 		chown "$src_owner" "$pkgfile"
 		mv "$pkgfile" "$PKGDEST"
+
+		# Fix broken symlink because of temporary chroot PKGDEST /pkgdest
+		if [[ "$PWD" != "$PKGDEST" && -L "$PWD/${pkgfile##*/}" ]]; then
+			ln -sf "$PKGDEST/${pkgfile##*/}"
+		fi
 	done
 
 	for l in "$copydir"/logdest/*; do
@@ -367,7 +308,7 @@ fi
 
 umask 0022
 
-load_vars "$USER_HOME/.makepkg.conf"
+load_vars "${XDG_CONFIG_HOME:-$USER_HOME/.config}/pacman/makepkg.conf" || load_vars "$USER_HOME/.makepkg.conf"
 load_vars /etc/makepkg.conf
 
 # Use PKGBUILD directory if these don't exist
@@ -389,8 +330,8 @@ download_sources
 prepare_chroot
 
 if arch-nspawn "$copydir" \
-	--bind-ro="$PWD:/startdir_host" \
-	--bind-ro="$SRCDEST:/srcdest_host" \
+	--bind="$PWD:/startdir" \
+	--bind="$SRCDEST:/srcdest" \
 	"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
 	/chrootbuild
 then

makepkg-x86_64.conf

@@ -31,7 +31,7 @@ VCSCLIENTS=('bzr::bzr'
 #########################################################################
 #
 CARCH="x86_64"
-CHOST="x86_64-unknown-linux-gnu"
+CHOST="x86_64-pc-linux-gnu"
 
 #-- Compiler and Linker Flags
 # -march (or -mcpu) builds exclusively for an architecture

mkarchroot.in

@@ -10,7 +10,7 @@
 
 m4_include(lib/common.sh)
 
-CHROOT_VERSION='v3'
+CHROOT_VERSION='v4'
 
 working_dir=''
 
@@ -72,9 +72,11 @@ pacstrap -GMcd ${pac_conf:+-C "$pac_conf"} "$working_dir" \
   "${cache_dirs[@]/#/--cachedir=}" "$@" || die 'Failed to install all packages'
 
 printf '%s.UTF-8 UTF-8\n' en_US de_DE > "$working_dir/etc/locale.gen"
-echo 'LANG=C' > "$working_dir/etc/locale.conf"
+echo 'LANG=en_US.UTF-8' > "$working_dir/etc/locale.conf"
 echo "$CHROOT_VERSION" > "$working_dir/.arch-chroot"
 
+systemd-machine-id-setup --root="$working_dir"
+
 exec arch-nspawn \
 	${pac_conf:+-C "$pac_conf"} \
 	${makepkg_conf:+-M "$makepkg_conf"} \