Compare commits

..

140 Commits

Author SHA1 Message Date
Monson Shao
669c88da7d more nosetarch_opt in makechrootpkg.in 2020-04-06 02:23:36 +08:00
Monson Shao
4b500415c2 enhance nosetarch all the way 2020-04-04 02:37:33 +08:00
Levente Polyak
5b1123e11f offload-build: retrieve the PKGBUILD in case makepkg changes it via pkgver
Building a package may change the PKGBUILD during update_pkgver. Let's
retrieve the PKGBUILD after building to ensure we have the very same
file as the one we used to build the package. Otherwise this may lead to
the inability to distribute the package during commitpkg in case the
expected and the actual hashsum mismatch.
2020-03-09 23:27:03 +01:00
Levente Polyak
a0f79fcce0 makerepropkg: prioritize downloading .zst packages over legacy format
First try a .zst location before falling back to legacy variants. This
should slightly speed up downloading of dependencies, especially over
time as .zst packages are or will be the dominant format.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2020-03-09 23:27:03 +01:00
Eli Schwartz
94b0413e13 arch-nspawn: fix up host_mirrors cachedir handling
This was incorrectly implemented in commit
0067176529, which added the host_mirrors
root directory as a cachedir, when we actually want to use the pool/*
subdirectories (the same ones installed on the build server's
/etc/pacman.conf).

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2020-02-27 14:50:27 +01:00
Eli Schwartz
e963b6da9e makechrootpkg: use the chroot database to find checkpkg packages
We don't want to check against the current version known to the host
system, because that will be incorrect in a wide variety of situations,
including:
- the build host hasn't done a full system upgrade yet
- we're building against staging, and want to see the delta between
  different staging versions
- we're building against extra, but the host runs testing which carries
  changes we don't want to visualize right now
- the chroot has a configured database not available to the host, and
  the package is only available there

Essentially, it's rarely 100% correct to run checkpkg on the host, but
we already have a database we *know* is correct, and that is the one we
just built the package against. So let's use that.

This also fixes a bug in the current logic, where in order to try
downloading fresh databases, we work in a non-cached temporary working
database to download the package files, but then let checkpkg default to
comparing packages in the system database. Since we are explicitly
trying to compare against packages that differ from the host's pacman
database, we need to pass the package files as options to checkpkg,
using the additional modes added in commit c14338c0fe

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2020-02-27 14:50:19 +01:00
Eli Schwartz
b2cbb8628e checkpkg: fix support for http:// url comparisons
Broken in commit c14338c0fe.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2020-02-27 14:50:14 +01:00
Eli Schwartz
6d273f79c3 zsh-completion: update for new makerepropkg options
Thanks to anthraxx for the guidance.

Original-patch-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2020-02-27 14:50:05 +01:00
Eli Schwartz
51842a1676 makerepropkg: support checking multiple split packages
By specifying multiple package files, we assume they are all from the
same PKGBUILD, and try to check them all against the produced artifacts.
Since the buildinfo should be comparable for all of them, we simply use
the first one passed on the command line.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2020-02-27 14:49:54 +01:00
Eli Schwartz
53fe5c67a1 makerepropkg: add support to check unreproducible packages using diffoscope
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2020-02-27 14:49:48 +01:00
Eli Schwartz
21d9984acc makerepropkg: fix wonky indent
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2020-02-27 14:49:33 +01:00
Levente Polyak
cb6484fe45 Version 20200213 2020-02-13 01:53:45 +01:00
Levente Polyak
bcb1b4a163 offload-build: handle user specific makepkg.conf on the remote host
This ensures we take user specific config values for PKGDEST into
account when printing the package list. This is required as devtools
archbuild_cmd puts packages potentially into the user defined PKGDEST
which the package list would otherwise miss.
2020-02-12 00:05:00 +01:00
Levente Polyak
57fb44b976 offload-build: take makepkg.conf from devtools for appropriate packagelist
This fixes an issue with the usage of makepkg --packagelist to get the
produced artifacts filenames according to the PKGEXT used in devtools'
makepkg.conf instead of the one defined in pacman.

One goal we want to preserve is that devtools configuration should be
self contained and not require any editing of non owned files like
the host /etc/makepkg.conf to produce expected results.

Additionally modify the archbuild_cmd override for multilib builds to
use an independent variable and not fiddle with the actual arch
variable to select the appropriate cmd.
2020-02-11 01:42:17 +01:00
Levente Polyak
9b4d8ae930 offload-build: convert to in-prog so we can perform pre-processing 2020-02-10 23:02:41 +01:00
Levente Polyak
4c206ab549 makerepropkg: take makepkg.conf from devtools pkgdatadir location
This ensures we use the same configuration for reproducing packages as
we use for building them via devtools.
One example of why we care about this are the COMPRESS* settings that
may differ from the guest's pacman shipped makepkg.conf that affect the
reproducibility of packages.
2020-02-10 23:02:16 +01:00
Eli Schwartz
4c08847bfa makerepropkg: correctly reproduce a pkgfile with any compression type
We don't want the default PKGEXT in the current version of devtools, we
want the PKGEXT we *know* the input file used.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-12-27 18:54:26 +01:00
Levente Polyak
74d7a70915 Version 20191227 2019-12-27 16:06:30 +01:00
Robin Broda
5eacb475cd makerepopkg: fix zstd extension (.zstd -> .zst) 2019-12-27 16:05:14 +01:00
Robin Broda
bcda211dd8 makepkg.conf: change default compression method to zstd 2019-12-27 16:04:56 +01:00
Levente Polyak
d4546c59ce Version 20191212 2019-12-12 01:01:44 +01:00
Levente Polyak
d6866e0544 lib: support arbitrary compressed package files
We need to modify the matching of valid package files to support formats
like zstd. Let's try to use an eager approach instead of a simple
whitelist in order to be functional for arbitrary formats that may be
introduced in the future without the need to adjust any code.

Allow any single fragment word as compression type but filter out known
non-package content like signature files.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-12-08 20:59:11 +01:00
Eli Schwartz
8edad22616 offload-build: return failure if no package files were found
This means that the remote command died at some stage earlier than the
printing of created files.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-12-05 23:34:23 +01:00
Levente Polyak
f20435643f makechrootpkg: sync databases for checkpkg off-site
Use pacman's --dbpath feature to sync fresh databases inside an isolated
location and split up the database sync and package location calls to
remove the need of weird grep calls.

It isn't nice of makechrootpkg to modify the host database state just by
building packages. No foreign program shall automatically modify
the host database other than by the explicit will of a system
maintainer, which is the major reason this changes get incorporated.

However, there is certain indoctrinated believe that using -Sy is
the prime evil. In fact it has been declared as a social rule to a
technical problem of not getting into potential partial upgrade states.
This is not a proper loophole less solution as there are multiple ways
and use cases that lead to such a state, like aborting a -Syu on the
prompt for whatever reason, what really matters is that it is not a
technically bullet proof solution to solve the problem.

Databases shall have the freedom to be as up to date as databases or
their owner wishes, allowing querying on latest database state without
fear. The only loophole-less contract that _really_ is from importance
is always using -Su instead of plain -S to install packages. Installing
packages is what actually brings one into a potential partial upgrade
state and by using -Su an outstanding upgrade is forced when installing
a new package. This properly solves all edge cases in a technical
manner instead of declaring people who abort the prompt of -Syu to be
the problem. In fact, using this simple contract allows whatever system
maintenance workflow a host owner wants to follow, which may still be to
always use -Syu and deal with system upgrades explicitly instead of the
time when installing new packages, but the -Su contract is the real safe
guard to guarantee no edge case can ever slip in. This magically also
opens up the freedom to people who wish to use -Sy to simply query on up
to date data as the currently indoctrinated "never do -Sy" stone plates
not only are not rock solid in technical terms but also make certain use
cases simply impossible and hence cripple the functionality without at
the very least being fully loophole free.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-12-05 22:50:11 +01:00
Levente Polyak
8d99df602d makechrootpkg: double quote array expansions for checkpkg locations
Avoid re-splitting remotepkg elements used for checkpkg conditions.
2019-11-30 13:44:02 +01:00
Levente Polyak
4c803b9db8 Version 20191130 2019-11-30 13:30:34 +01:00
Levente Polyak
104c5bc90e makechrootpkg: sync database for checkpkg to avoid nonexistent targets
For build servers or similar infrastructure its relatively common to not
sync/update the database regularly. This leads to problems properly
running checkpkg duo to nonexistent target files that we try to
download. As building on build servers is a very common use case, lets
ensure we sync the local database before trying to resolve the package
locations.
2019-11-30 13:25:06 +01:00
Levente Polyak
cee28a1b13 makechrootpkg: check local pkg versions before downloading for checkpkg
Avoid always trying to download and output the according message.
Add checks for packages either not being available in the repo or
all variants have up to date versions stored in the local cache.
2019-11-30 13:25:06 +01:00
Levente Polyak
e0f82d3947 completion: add makerepropkg zsh completion 2019-11-30 13:25:06 +01:00
Levente Polyak
74313db9ee completion: reflect new -U mkarchchroot option 2019-11-30 13:25:06 +01:00
Ivy Foster
2c611d20bd lib/common.sh: do not use colors when running on a dumb terminal 2019-11-30 13:25:05 +01:00
Eli Schwartz
ca4d348c86 doc: add manpage for the new makerepropkg tool
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Eli Schwartz
2fb1cc2dd2 makerepropkg: add new program to try to reproducibly build a package
This attempts to recreate a package that was probably created using
makechrootpkg, and see if it conforms to the
https://reproducible-builds.org/ specification.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Eli Schwartz
bcba566405 mkarchroot: support wrapping pacstrap -U
Needed to support reproducible builds.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Eli Schwartz
f8f2f02028 archbuild: use better umask
In commit 40a90e2cab we tried to protect
against system umasks resulting in unreadable chroots. However, we tried
to do this in a targeted manner due to not wanting to fiddle with
permissions for user-owned files. Unfortuantely, mkdir -p -m755 does not
actually work that way -- the parent directory is created with broken
permissions. We need umask.

Run umask and mkdir in a subshell to prevent leakage.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Eli Schwartz
68f0bff172 commitpkg: clearly delineate the commit message template and the rationale
In commit 75d23eec94 we moved to include
commitpkg arguments as the first line of the svn commit message, but we
simply dumped the result after the version number without separating the
two, increasing the cognitive burden of parsing the rationale. Since the
whole point of the change was to make it easier to see what happened
when using git log --oneline (reducing the cognitive burden of parsing
'pretty' output with author/date info), it makes sense to also delineate
the reason correctly.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Eli Schwartz
f85a58a0a6 arch-nspawn: rely on deduplication to avoid making multiple host_mirror mounts
Instead of comparing exact mirror urls to see if they are in
host_mirrors in order to "skip" the official mirrors

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Levente Polyak
20eec484fa offload-build: remove empty src dir when SRCDEST is set
Right now there is a bug in makepkg that leaves back an empty src
directory if SRCDEST is set. This is purely cosmetic, but lets just
politely try to rmdir it and fail silently if its empty or non-existent.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-30 13:21:23 +01:00
Levente Polyak
6fffbfbc8a offload-build: catch more signals to be sure SRCPKGDEST gets cleaned
It may be not enough to just listen on EXIT depending on the shell used
so lets make sure we clean up SRCPKGDEST by listening to more sigs.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-30 13:21:22 +01:00
Eli Schwartz
0017263379 Makefile: sort program names
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07 21:28:23 +01:00
Eli Schwartz
751093eff2 use libmakepkg to find and use variables in makepkg.conf
- drop homebrew function in makechrootpkg
- use better mock to find invoking user's $HOME
- make offload-build respect makepkg.conf to determine where to sync
  files, matching the behavior of makechrootpkg

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07 21:28:21 +01:00
Eli Schwartz
f43a86ee8a arch-nspawn: simplify cachedir/host_mirror parsing
consolidate logic flows in the same area for parsing and building
arrays. Don't bother having a special function just to build the
mount_args array, since we now use the same handling for adding any
cachedir (including host mirrors) to the mount arguments, this becomes a
trivial for loop -- and it really did not need to be delayed until after
the sanity check, anyway.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07 21:28:20 +01:00
Eli Schwartz
0067176529 arch-nspawn: restore cachedir handling for host_mirrors
In commit 27ff286ee7, we moved from
sourcing the primary cachedir via /etc/pacman.conf, to using the
pacman.conf in the workdir. One unanticipated side effect of this was
breaking the special host mirrors magic we used to turn a host mirror
into a cachedir. It was still processed as a server, but we relied on it
being in the host's cachedirs in order to be persisted, and this no
longer occurred.

Solve this by explicitly adding each host mirror root as a cachedir.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07 21:28:19 +01:00
Daniel M. Capella
75d23eec94 commitpkg: Include commit msg arg in first line
Commit messages belong on the first line, with optional "explanatory
text" starting after a blank line:
https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html

Referencing commit ee970f0bde

Signed-off-by: Daniel M. Capella <polyzen@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07 21:28:17 +01:00
Daniel M. Capella
6679c28625 conf: Sync with pacman 5.2.0-2
Signed-off-by: Daniel M. Capella <polyzen@archlinux.org>
2019-11-06 01:14:05 +01:00
Levente Polyak
2edee89b62 Version 20191016 2019-10-16 00:52:33 +02:00
Levente Polyak
901581936a ci: fix travis build using undocumented but reserved keyword
https://github.com/mikkeloscar/arch-travis/issues/65
2019-10-15 23:50:52 +02:00
jelle van der Waa
29c6fa8537 sogrep: redirect to destination mirror (#25)
Some mirrors redirect consumers to a near by mirror which isn't handled
by sogrep.
2019-10-15 23:30:23 +02:00
Levente Polyak
74f65db396 zsh_completion: add offload-build completion
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:16:25 +02:00
Levente Polyak
64b7d99504 zsh_completion: add sogrep completions
Transform sogrep into an in-prog so we can benefit from the m4 macro
to specify valid repos in a single place of truth.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:16:09 +02:00
Levente Polyak
f32a264796 commitpkg: prefer explicit signature+data parameters for gpg --verify
Lets prefer the explicit variant of gpg --verify by providing both, the
signature and the data file as parameters.
For the unlikely case there is a matching signature file already present
that was created outside of the toolchain and has an embedded signature
with data, we at least could detect it early with this check.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:16:07 +02:00
Levente Polyak
fd6e801cfb commitpkg: disallow if PKGBUILD hash mismatches package's enclosed hash
Several cases showed that we release packages that were built with
different PKGBUILDs than the one commited to the source tree. This is
bad for obvious reasons plus sploils reproducible builds.

We, under no circumstances, want to allow using commitpkg to publish and
release a packages whose PKGBUILD doesn't match the one to be commited.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:16:04 +02:00
Levente Polyak
a3868cf542 commitpkg: fix wrongly ordered find_cached_package call
The unknown packager check didn't worked so far as the wrongly ordered
call to find_cached_package lead to the enclosing block never being
executed.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:16:02 +02:00
Levente Polyak
62a2f118ce make: add target to tag a new version
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:15:56 +02:00
Levente Polyak
723ad23b48 zsh_completion: overhaul all completions to match actual options
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:15:54 +02:00
Levente Polyak
5dd90ef848 checkpkg: add option to print a warning in case of differences
Sometimes its desired to be explicitly made aware of differences
reporter by checkpkg via printing a warning instead of a regular
message.

Automatically use --warn for makechrootpkg builds so packagers are made
visibly aware of a soname bump by simply looking out for colors
indicating non success messages.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:15:51 +02:00
Levente Polyak
5246cb9aa5 checkpkg: add option to avoid keeping the tmp dir
In some cases, like default makechrootpkg execution, the temporary
directory used to assemble the differences is not required. Add an
option to checkpkg that allows to get rid of that directory after
run and call it automatically like that in makechrootpkg.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:15:48 +02:00
Levente Polyak
144f896660 makechrootpkg: run checkpkg automatically after build
Cache previous versions required for checkpkg via pacman to avoid
multiple downloads when running multiple times.

In case we can't download the packages, like while building out of repo
packages, print a warning instead of running checkpkg

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:15:33 +02:00
Levente Polyak
bbcff883d5 Version 20190912 2019-09-12 23:03:12 +02:00
Eli Schwartz
6e466ca654 Revert "makechrootpkg: with -n, check if the package failed to install"
This reverts commit be44b9cde1.

This was a nice idea in theory, because it means that we can catch
conflicting files before releasing them into the repos. In practice,
there were unanticipated side effects: single-package installs which
conflict against their own makedepends cannot be installed either.
Examples include:
- kernel modules which makedepend on their dkms equivalent
- jack2, which makedepends/optdepends on portaudio, which requires
  jack... but jack2 is a drop-in provides/conflicts jack.

We cannot reliably detect when makepkg --install will error out because
of dependency conflicts vs. packages which are simply broken. So, back
out this change for now.

Revisit this once pacutils has a new release, because it will add the
option --resolve-conflicts=all, allowing for much better scripted
responses to "foo conflicts with bar, remove bar? [y/N]" than simply
"--noconfirm and fail".

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-12 21:29:42 +02:00
Levente Polyak
d8d2e23247 Version 20190821 2019-08-21 19:23:03 +02:00
Eli Schwartz
be44b9cde1 makechrootpkg: with -n, check if the package failed to install
We previously whitelisted this return code because split packages can
frequently conflict each other, so makepkg -i is *expected* to fail in
such a case. However, there is no good reason to let this succeed if the
pkgbase only builds one pkgname -- that will always be a severe issue.

Add a check for how many split

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:54 +02:00
Eli Schwartz
7b0a11677a makechrootpkg: make the -U option work for the first time ever
The -U option was initially introduced in commit
cda9cf436b in order to enable running
makechrootpkg as root, delegating to another, manually selected, user to
perform various non-root tasks (given that makepkg was modified to throw
fatal errors when run as root without the option of --asroot to disable
that). However, it was only ever implemented for the --verifysource
option outside of the chroot, and the builduser inside the chroot is
created with the same uid as the makechrootpkg invoker. It needs to run
as the same uid, because it needs rw access to $startdir and $SRCDEST!
Additionally this lets the invoking user more easily inspect the build
directory in case of problems...

The correct solution for this is to properly implement the initial
intention of the -U option, and make it override the autodetection of
the "invoking user" which is normally done by inspecting $SUDO_USER.
This is then used as the single source of truth for "who am I pretending
to be".

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
93dbb14ab9 archrelease: actually fail in failure conditions
When svn ls fails due to network timeouts, this currently results in
archrelease deleting all files, then committing this as the changeset.
This causes data loss...

With bash 4.4 and using wait $! we can get return the return code of the
last backgrounded command -- which process substitution qualifies as.
Key off of this to make sure that `svn ls` actually succeeded.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
10c6efc440 archbuild: prefer repo/arch-specific configs if they exist
When mixing and matching different repos and architectures not present
in mainline archlinux, it is sometimes desirable to set up differing
presets with more granularity than devtools currently allows.

One example of this is when building for architectures that are only
supported by another project -- in order to coexist on a mainline
archlinux host, a different mirrorlist needs to be used.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
8e4293034b makechrootpkg: also downgrade packages when updating chroots
Packages should never be getting downgraded... unless a package is
pulled from testing, e.g. for example if gcc9 totally breaks the linux
kernel. In such cases, the master repo says there is a downgrade, so
we'd better go with that. Basically, ensure that packages match the repo
they are being built against. Consistency at all costs!

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
b7893a2ca8 makechrootpkg: when installing with -I, ensure package is installed
noconfirm is wrong here, as we don't want to accept the default answer
-- we want to install the new package, even if it conflicts and provides
an existing one. After all, we explicitly asked for it.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
bec29e632b arch-nspawn: unshare the gpg namespace to prevent zombie processes
gpg-agent is really annoying and leaves useless copies of itself around.
Using unshare ensures that all such processes are killed as soon as the
main gpg process dies.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
70f3b8ddb8 finddeps: suppress error messages for unreadable directories
If the find command cannot descend into a directory in order to search
for a PKGBUILD, it is likely a "$pkgdir" which makepkg sets as
unreadable. As far as finddeps is concerned, this error message is not
needed.

Also convert to using null-delimited paths on general principle to
prevent read from splitting on odd paths.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
5fcd90a212 makechrootpkg: accept arguments useful to verifysource
And pass them on to download_sources outside the chroot.

Fixes FS#35652

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
f6f4da26cb makechrootpkg: fix breakage in makepkg option parsing
In commit bd826752c9, support for short
options was added to the heuristic for --noextract, but in the process,
we changed to loop over the set of user options plus the builtin
defaults for inside the chroot. This was wrong, as we only care about
the user options -- moreover, it prevents us from adding verifysource
support *outside* the chroot, for options that are also chroot options,
like --holdver.

Also remove uselessly duplicated line.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
40a90e2cab ensure that sane umask is used where needed
If a user umask is restrictive, a chroot may be created as root without the
ability for the user to read it, which then causes makepkg
--verifysource to fail.

Do not set this in lib/common.sh, where it would apply to all scripts,
as we do not want to override the user's policy for things like $SRCDEST
files, svn checkouts, etc.

Fixes FS#47625

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
74a6641946 Escape paths with ":" that are passed to systemd-nspawn --bind
When parsing paths to automatically make available to the container, the
":" is used internally by systemd-nspawn to signify destinations in the
container. Replace automatically with "\:" for the mounts that we set
up, in order to safely handle a working directory etc. that contains
this character.

For bind options exposed to the user, it is assumed the user takes care
of passing systemd-nspawn compatible paths themselves.

Fixes FS#60845

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
69112171e5 arch-nspawn: support bind-mounting custom file:/// repositories
Fixes FS#45882

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
c14338c0fe checkpkg: implement comparison against alternative targets
This allows comparing the currently built set of packages against
targets named by filename, url, or pkgname. One example use is to
compare a package against a different version that was never in the
repos; another example use is to compare a *-git package against the
non-git version.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
8dbf95cdd4 makechrootpkg: check truthiness using shell arithmetic
Using the literal strings "true" and "false" is inaccurate and may
result in uncertainty of whether it is set when doing string comparison,
or simply rely on the shell implementation of treating the string as a
command builtin, then executing the value as a shell command. Emulate
makepkg, which makes heavy use of shell arithmetic for this purpose.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
46d614d91a Revert "makechrootpkg: Have functions be more function-y."
This reverts (the bulk of) commit 2fd5931a8c.

Reducing globals makes little sense in in a oneshot bash script, but
reduces code clarity and in fact resulted in bugs because even the
commit author couldn't keep track of the script state.

An exit was changed to a return, even though that made no sense outside
of a function, and has been duly returned to being an exit. This was
never tested and later papered over by wrapping the entire script in a
main() function and then calling the function for hysterical raisins.

The functiony nature of sync_chroot/delete_chroot is preserved, as those
functions demonstrate meaningfully standalone functionality -- who
knows? we may want to reuse this. Everything else is tightly bound to
the internal logic of makechrootpkg.

Completely separate functionality that was silently implemented in the
original commit is also preserved:
- declare a couple of variables as locals
- move the abort-on-no-PKGBUILD outside the install_packages function

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Eli Schwartz
df0d6b867b Revert "makechrootpkg: Avoid having code floating around outside of a function."
This reverts commit 49088b0860.

The fundamental intention was flawed and broken, it caused annoying
issues and regressions, and the self-avowed sole purpose of the change
was so that a downstream project could *post-modify the script and
source it as a library*.

That is not okay. You don't wrap non-factorable code in a function
called main() and call it a library. The only possible use for this is
to treat makechrootpkg *internals* as a library, which is not supported.

Downstream projects that wish to use the functionality of makechrootpkg
should treat makepkg as a command with a public API in the form of
command line options. That is kind of how commands of all kinds work,
since forever. That is how all users of makechrootpkg *except for
parabola* use it.

Arguments that "it saves us the cost of fork+exec to bash" are simply
invalid.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Eli Schwartz
8f5a02b23d Don't rely on $0 to determine script names.
Programs can freely define the value of argv0 and thus it means nothing.
Instead, use the bash-specific variable explicitly designed to safely
and accurately reference the name of the currently sourced file.

This also fixes the case where simple debugging mechanisms like using
"bash -x foo" tried to treat "foo" as the unqualified $0 and therefore
broke horribly due to lack of pathnames.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Eli Schwartz
e76d560477 Revert "mkarchroot: Don't let the environment affect pacstrap (sans proxy settings)."
This reverts commit 578a62f1e0.

mkarchroot is run as root (via check_root if needed) so the environment
should already be clean. If not, the user has broken their root
environment, and we cannot support this. It's unclear what environment
settings may or may not be messing with anything, ever, but the original
bug report happened on Parabola who perform extensive patching to
"libretools" such that the code no longer resembles devtools at all.
It's therefore likely any such bug is parabola specific, but we will
never know since the original commit message states that they don't know
why they do it either.

Parsing the user's entire exported environment via both sed and grep is
overkill for a non-bug, especially when it doesn't work for variables
declared -rx and doesn't work for things like:

export fooled_you=$'wow such hax\ndeclare -x http_proxy=lol'

Also if done properly this would rely on compgen -e to print all
exported shell variables. Or even better, loop through /proc/$$/environ
which is both null-delimited and easily parsed with the read builtin and
[[ ]]

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Brian Bidulock
27ff286ee7 arch-nspawn should not take pacman cache from host
Previously, arch-nspawn was using the hosts' pacman cache in
the chroot even when the chroot was set up with a different
cache by mkarchroot, unless specified with the -c flag.
Problem is that makechrootpkg passes no -C, -M nor -c flags
to arch-nspawn, so all values must be obtained from the
working directory.

This change take the cache directories from the pacman.conf
specified with the -C option unless the -c option was given
(as is the case when the chroot is set up with mkarchroot),
and, when neither -C nor -c is given (as is the case when
invoked by makechrootpkg), the cache directory is taken
from the pacman.conf in the working directory.

This wasn't such an issue when i686 was mainline, however,
which building packages in a chroot against archlinux32 on
an x86_64 platform, the cache of the host should _never_ be
used.

Rebased by eschwartz on top of cachedir reworking.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Eli Schwartz
2180aabc81 arch-nspawn: don't delete the guest gpg configuration
It's important to ensure the guest has up to date data because updating
a chroot after quite some time can potentially rely on updated
archlinux-keyring, something which the host machine either kept up to
date on or manually fixed, but it kills automation to mess around with
chroot configs like that. Alternatively, signed packages added with -I
need to work, and we assume the host is configured to accept these.

That is *not* a good reason to completely nuke whatever is in the guest,
though. A guest might have been manually configured to accept keys which
aren't accepted by the host; one example of this happening in practice,
is archlinux32 when building 32-bit packages from an archlinux host.

The right solution is to append to, rather thna overwrite, the chrooted
guest's pacman keyring.

To do this, we will use gpg's native facility to dump the keyring from
one GNUPGHOME and import it into another. We'd use pacman-key's --import
option directly, but this doesn't support passing custom options like
--import-options import-local-sigs
Finally use pacman-key's native facility to import the trust status from
the host.

While we are at it, fix a bug where we didn't respect the host's
pacman.conf settings for the GpgDir. While it isn't wildly likely a user
will choose to customize this, it is a valid and supported use case and
we must think about this ourselves.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Eli Schwartz
2f929c961f fixup commit "arch-nspawn: get all mirrors from host"
In commit d9b7350448, a line was deleted
that had a shellcheck ignore marker, but the marker itself was left in
(and had nothing to do). So, remove it.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:40:05 +02:00
Eli Schwartz
c2bbcbed64 mkarchroot: don't create a broken chroot by default
It's incorrect to make pacman completely useless inside the chroot by
starting off with no pacman keyring. Assuming that the only consumers of
a new chroot will be arch-nspawn (which copies over the hostconf) is
bad design, and furthermore makes it impossible to fix other issues in
arch-nspawn itself.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:40:05 +02:00
Eli Schwartz
b7ce90fefc makechrootpkg: load makepkg.conf variables correctly
Since makepkg.conf is a bash-compatible configuration file, it must be
sourced.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:40:05 +02:00
Eli Schwartz
f52002955c Makefile: don't inject DESTDIR into the pkgdatadir
In commit 46c4def073, we added support for
nonstandard PREFIX installations, but DESTDIR was and is never supposed
to be a part of that. While DESTDIR isn't terribly likely to be used
during `make all` invocations, that's no reason to break horribly if it
is used for some reason.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:40:05 +02:00
Eli Schwartz
58374246c4 Migrate pacman.conf CacheDir parsing to pacman-conf
And while we're at it, make this more consistent. Currently we
unnecessarily support only one -c /path/to/cachedir option.

This requires slightly more thorough handling in mkarchroot to ensure
all custom cachedirs are passed on to arch-nspawn. Rework
to simply forward all arguments to arch-nspawn (minus final arguments
used for pacman -Sy packagelist).

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:39:45 +02:00
Levente Polyak
f522ce2277 offload-build: disable shellcheck false-positive for shell-escape 2019-06-13 00:17:11 +02:00
Eli Schwartz via arch-projects
7747749610 doc: add manpage for the new offload-build tool
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-06-12 23:42:10 +02:00
Eli Schwartz via arch-projects
25b4ef2799 Add new tool: offload-build
This tool is useful for running makechrootpkg on a remote build server,
and is by default hooked up to send a PKGBUILD and initiate a build on
our shiny new build server "dragon".

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-06-12 23:42:10 +02:00
Eli Schwartz via arch-projects
ad4b66830a Revert "makechrootpkg: sync_chroot: Make more general."
This reverts commit 6d1992909c.

It has never worked. In commit c86823a2d4
it was noted that it compared the device numbers for [[ $1 = $1 ]] which
was a useless check and always returned true, for *any* btrfs
filesystem. Now that the function is corrected to compare [[ $1 = $2 ]]
the check is still useless, but this time because it always returns
false -- btrfs subvolumes on the same filesystem do *not* share device
numbers.

So let's go back to the original working implementation that only
matters in terms of makechrootpkg, and just checks if makechrootpkg's
root working directory is btrfs (in which case we know it will be a
subvolume because mkarchroot will create it that way).

This restores our special support for the btrfs filesystem.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-06-12 23:42:05 +02:00
Erich Eckner
321e998020 fix whitespace/indentation errors
Some lines are indented by spaces, while adjacent lines are indentet by tabs.
We should use tabs on both.

Signed-off-by: Erich Eckner <git@eckner.net>
2019-04-20 17:58:55 +02:00
Erich Eckner
c86823a2d4 is_same_fs() in lib/archroot.sh should use $1 and $2, not $1 and $1
The old behaviour would always evaluate to true - this is certainly not
what that function should do.

Signed-off-by: Erich Eckner <git@eckner.net>
2019-04-20 17:55:31 +02:00
Levente Polyak
a49f55cbed Version 20190329 2019-03-29 21:40:28 +01:00
Levente Polyak
5c016c38f2 readme: fix faulty whitespace in release commands 2019-03-29 21:40:28 +01:00
Levente Polyak
1d4a60874b make: fix faulty install targets
This fixes a regression introduced in eeb1c0e59e
2019-03-29 21:40:28 +01:00
Eli Schwartz via arch-projects
b66ce081e7 fix up sogrep manpage to correspond with current sogrep command
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-03-28 21:17:55 +01:00
Eli Schwartz via arch-projects
1ab9b34c4c add sogrep command
This is the new and improved, canonical sogrep command, now with a valid
license.

The previous version of sogrep had several issues and inefficiencies,
and ultimately wasn't really the finished project I wanted it to be. Due
to a mistake in communication, I was totally unaware it was in the
process of being merged at all, nor that there was a licensing issue, or
I would have recommended waiting for both further improvements, and a
declaration of license intent; nevertheless, here it is now, and I
formally give this over into the GPLv2+ domain.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-03-28 21:17:55 +01:00
Eli Schwartz via arch-projects
ebba5a5885 sogrep: don't be templated when it is not templated
Partition the Makefile targets to only clean configured files, and make
the configured files be a subset of the bin programs.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-03-28 21:17:50 +01:00
Jelle van der Waa
c9b6f58f8e Create a general README
Introduce a README which describes where to send patches and how to
release a new version of devtools.

Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2019-03-25 23:32:16 +01:00
Matt Robinson
155798b8b1 makechrootpkg: keep *DEST, MAKEFLAGS & PACKAGER
If makechrootpkg is called as non-root, the {SRC,SRCPKG,PKG,LOG}DEST,
MAKEFLAGS and PACKAGER environment variables are lost in the call to
check_root().

Add these to the passed keepenv list so that they are preserved instead.
2019-03-25 23:32:13 +01:00
Christian Hesse
d9b7350448 arch-nspawn: get all mirrors from host
Now that pacconf gives us all mirrors we can use them, instead of just
the first one.

Signed-off-by: Christian Hesse <mail@eworm.de>
2019-03-25 23:32:04 +01:00
Jelle van der Waa
6645701cb1 sogrep: remove duplicate sogrep
The rename of sogrep to sogrep.in failed to remove sogrep and adding it
to .gitignore.

Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
2019-03-17 14:51:19 +01:00
Jelle van der Waa
657497c91a doc: Add myself as maintainer
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2019-03-16 18:35:21 +01:00
Jelle van der Waa
90bb423304 sogrep: rename to sogrep.in so make clean works
make clean removes all .in converted files to a file without .in which
in the make clean step is removed. So running make clean will remove
sogrep since it's specified as BINPROGS. In the future this steps should
be removed for sogrep since it is a standalone script.

Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2019-03-16 18:29:56 +01:00
Jelle van der Waa
23f248ccfb find-libdeps: fix indentation in case
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2019-03-16 18:27:13 +01:00
Jelle van der Waa
eeb1c0e59e doc: add man pages for find-{libdeps,libprovides}
Add a simple man page for find-libdeps and find-libprovides.

Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2019-03-16 18:25:55 +01:00
Jelle van der Waa
936ff8da2f doc: add Environment variables section to sogrep
Add a section about environment variables which influence sogrep's
behaviour.

Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2019-03-13 22:17:35 +01:00
Jelle van der Waa
d123fee8ec doc: add man page for mkarchroot 2019-03-13 22:13:51 +01:00
Jelle van der Waa
4a532e38e7 crossrepomove: do not set svn propset
svn propset's where determined to be non-reproducible and therefore
where removed from svn. Don't introduce them when moving packages
between repos.

Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2019-03-13 22:06:00 +01:00
Sven-Hendrik Haase
f61421a3f5 Add sogrep
This is from Eli's dotfiles after he'd cleaned it up but never actually went ahead and made this PR.
I figure it's time to add it.
2019-03-13 09:16:32 +01:00
Jelle van der Waa
26b2ffc665 remove arch rm as it's not really useful
archrm is a not much more fancy rm -rf and therefore not really useful
to ship.
2019-02-24 13:37:37 +01:00
Levente Polyak
62306018f2 conf: sync makepkg.conf with latest version from pacman package 2019-02-09 14:27:31 +01:00
Levente Polyak
65b50dac40 ci: adding travis support for basic check 2019-01-22 03:33:53 +01:00
Levente Polyak
799376904d find-libdeps: in functions use return instead of continue to abort
Even if continue would work, it does exactly the same as a return
in the way this function is being used.
2019-01-22 03:32:50 +01:00
Erich Eckner
8310abb348 remove empty tree if "--verifysource" failed
makechrootpkg's download_sources() leaves a stray directory if
"makepkg --verifysource" failed. We use "setup_workdir" instead
of "mktemp -d", because this ensures the correct garbage collection.

Signed-off-by: Erich Eckner <git@eckner.net>
2019-01-22 01:44:40 +01:00
Morten Linderud
7b09525003 Expand check_root keepenv variables
Les us source makepkg.conf settings from the environemnt. This also includes
`GNUPGHOME` which is present in `makechrootpkg`, but not included in archbuild.

Signed-off-by: Morten Linderud <foxboron@archlinux.org>
2019-01-22 01:29:06 +01:00
Jelle van der Waa
e9102b2ad8 doc: add find-libprovides man page 2018-09-09 21:02:45 +02:00
Jelle van der Waa
99969c67a9 doc: Add checkpkg man page 2018-09-09 21:02:44 +02:00
Jelle van der Waa
05c81038e5 doc: Add lddd man page 2018-09-09 21:02:43 +02:00
Jan Alexander Steffens (heftig)
6364b3c9b9 Version 20180531 2018-05-31 16:05:49 +02:00
Eli Schwartz via arch-projects
98ff92f467 makechrootpkg: whitelist return code 14 from makepkg
makepkg 5.1 implements error codes, and 14 means that installing the
packages after they were built has failed. We don't care about this
error and would like makechrootpkg to succeed regardless, e.g. for split
packages that are mutually exclusive.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2018-05-31 16:03:13 +02:00
Allan McRae
e414173f89 update makefile for current version
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-29 10:42:47 +10:00
Eli Schwartz
7fcf847bc3 Do not assume the makechrootpkg user's groupname is the same as the username
chown support "$user:$group" but also "$user:" which infers $group
rather than leaving it as root. This looks up the group name in cases
where the default group is e.g. "users" and users do not get their own
unique groups.
2018-05-16 10:37:55 -04:00
Eli Schwartz
5b3c14454a Proper fix for pacman-git returning file urls from the cache
It is much nicer to use a proper configuration parser to retrieve the
primary mirror, rather than clever hacks using undocumented APIs,
especially when their behavior as used then breaks in later releases.

Fortunately, pacutils exists now and pacconf handles this quite
elegantly. It has since been moved to pacman-git proper.

Check if pacman-conf from a new enough version of pacman exists and
fallback on pacconf from pacutils.
2018-05-13 09:16:20 -04:00
Eli Schwartz
4408bb2a15 Revert "arch-nspawn: Work around pacman master returning file-URLs from the cache"
This reverts commit eb6b0e3f11.

This never worked, as pacman-git returns file urls from the cache anyway
and pacman stable doesn't have any problem at all. Having useless code
which makes people think the issue is solved when it really isn't, is
bloat, so remove it.
2018-05-13 09:16:20 -04:00
Eli Schwartz
509c00ea23 makechrootpkg: Do not copy the user keyring into the chroot.
Since commit 75fdff1811 we no longer run
integrity checks inside the chroot anyway, so this is no longer needed
and will never be used.
2018-05-13 09:16:20 -04:00
Evangelos Foutras
5713cd629c makechrootpkg: add /etc/shadow entry for builduser
Without it, sudo 1.8.23 will return an error:

    sudo: PAM account management error: Authentication
    service cannot retrieve authentication info
2018-05-12 11:52:18 +03:00
Eli Schwartz
40f0179a5e makechrootpkg: fix verifysource with pacman-git
In pacman-git commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac makepkg
started checking that the setuid/setgid bit could be removed on the
$BUILDDIR in order to prevent this propagating to the packages
themselves.  Unfortunately, this requires the temporary builddir used
during the --verifysource stage of makepkg, to be owned by $makepkg_user
which was not the case as it is created as root using mktemp (and given
world rwx in addition to the restricted deletion bit.)

Obviously makepkg cannot chmod a directory that it does not own. Fix
this by making $makepkg_user the owner of that directory, as should have
been the case all along.

(Giving world rwx is illogical on general principle. The fact that this
is a workaround for makepkg demanding these directories be writable even
when they are not going to be used for the makepkg options in question,
is not justification for being careless.)

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2018-03-24 20:54:24 +01:00
Emiel Wiedijk
ffb5003fda makechrootpkg: respect GNUPGHOME
Previously, makechrootpkg hardcoded ~/.gnupg. Therefore, if a user
uses a custom GPG home directory, the siganture checking would fail.
Now makechrootpkg uses $GNUPGHOME, with a fallback to ~/.gnupg.

Signed-off-by: Emiel Wiedijk <me@aimileus.nl>
2018-03-24 20:54:17 +01:00
Bartłomiej Piotrowski
ab3368f061 Remove corepkg symlink
While still possible with 'commitpkg core', there is a chance it will
prevent accidental pushes straight to [core].
2018-03-24 20:35:09 +01:00
Bartłomiej Piotrowski
38c7a391b0 makechrootpkg: make sure that makepkg.conf is always parsed as text 2018-01-21 14:18:43 +01:00
Luke Shumaker
75ad2aca57 makechrootpkg: Adjust to work properly with set -e
This worked properly until eab5aba.
2018-01-21 14:16:10 +01:00
Luke Shumaker
aee72cae32 lib/common.sh: Adjust to work properly with set -u
Support for working with `set -u` was broken by 94160d6.  Egg on my
face; I'm the one who wants `set -u` support, and I'm the author of
that commit!

libmakepkg does not work with `set -u`; but mostly because of the include
guards!  So we just need to temporarily disable `set -u` (nounset) while
loading libmakepkg.  Instead of introducing a new variable, just store the
initial nounset status in _INCLUDE_COMMON_SH; rather than a useless
fixed-string "true".

While we're at it, disable POSIX-mode (just in case we're running as "sh"
instead of "bash"), since libmakepkg uses bash-isms that won't parse in
POSIX mode.
2018-01-21 14:16:10 +01:00
Luke Shumaker
5ab8f8430a arch-nspawn: Remove pointless $(echo ...) subshell 2018-01-21 14:16:10 +01:00
Luke Shumaker
c9e287e845 arch-nspawn: make sure that makepkg.conf is always parsed as text
https://lists.parabola.nu/pipermail/dev/2017-June/005576.html
2018-01-21 14:16:10 +01:00
Eli Schwartz
48b2f8dcc4 makechrootpkg: Fix anti-pattern when checking for enabled features
Don't use error-prone logic e.g.
foo=true; if $foo ...

This completely fails to act as expected when the variable is unset
because of unrelated bugs.

While this merely causes the default behavior to be "false" rather than
"true" in such cases, it is better to fail to enable explicitly
requested behavior (which will be noticed by the user) than to simply
upgrade to this behavior for free (which may not seem to have any
obvious cause).

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2018-01-21 14:16:10 +01:00
Eli Schwartz
3b725b5843 makechrootpkg: Fix unconditionally running namcap
Fixes regression in 2fd5931a8c

$run_namcap will always be set to ""
`if $not_a_var; then ...; fi` is always truthful when $not_a_var is
unset or equal to "" and the `then` clause will always be run.

I'm not sure why global state variables need to be cloned locally for
their sole explicit purpose.

But for now this patch implements the minimum necessary work to properly
pass the "do I want namcap" variable into prepare_chroot() according to
the current logic flow.
Note that I have still not thorougly tested makechrootpkg.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2018-01-21 14:16:10 +01:00
Evangelos Foutras
7a3c508501 Revert "makechrootpkg: Reopen console to assign the CTTY"
This reverts commit ddd508efc0.

The underlying bug (FS#56529) was fixed in glibc 2.26-9.
2017-12-27 23:33:45 +02:00
Eli Schwartz
eab5aba9b0 Support reproducible builds
Recent development versions of makepkg support reproducible builds
through the environment variable SOURCE_DATE_EPOCH. Pass this variable
through makechrootpkg to makepkg when available.

Also initialize SOURCE_DATE_EPOCH whenever running archbuild to enforce
reproducible builds for repository packages.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2017-11-22 16:35:25 +01:00
42 changed files with 1457 additions and 394 deletions

5
.gitignore vendored
View File

@@ -3,16 +3,19 @@ devtools-*.tar.gz*
archbuild
archco
archrelease
archrm
bash_completion
checkpkg
commitpkg
finddeps
lddd
makechrootpkg
makerepropkg
mkarchroot
offload-build
rebuildpkgs
zsh_completion
find-libdeps
crossrepomove
arch-nspawn
sogrep
doc/*.1

28
.travis.yml Normal file
View File

@@ -0,0 +1,28 @@
language: shell
sudo: required
services:
- docker
archlinux:
packages:
- openssh
- subversion
- rsync
- arch-install-scripts
- git
- bzr
- mercurial
- diffutils
- asciidoc
- shellcheck
script:
- sudo pacman -Syu --noconfirm --needed "${CONFIG_PACKAGES[@]}"
- make PREFIX=/usr
- make PREFIX=/usr DESTDIR="$(mktemp -d)" install
- make check || true
- SHELLCHECK_OPTS="-S error" make check
script: 'curl -s https://raw.githubusercontent.com/mikkeloscar/arch-travis/master/arch-travis.sh | bash'
# vim: ft=yaml ts=2 sw=2 et:

View File

@@ -1,22 +1,28 @@
V=20171108
V=20200213
PREFIX = /usr/local
MANDIR = $(PREFIX)/share/man
BINPROGS = \
IN_PROGS = \
archco \
arch-nspawn \
archrelease \
archbuild \
checkpkg \
commitpkg \
archco \
archrelease \
archrm \
archbuild \
lddd \
finddeps \
rebuildpkgs \
find-libdeps \
crossrepomove\
arch-nspawn \
finddeps \
find-libdeps \
lddd \
makerepropkg \
mkarchroot \
makechrootpkg
makechrootpkg \
offload-build \
rebuildpkgs \
sogrep
BINPROGS = \
$(IN_PROGS)
CONFIGFILES = \
makepkg-x86_64.conf \
@@ -31,7 +37,6 @@ CONFIGFILES = \
COMMITPKG_LINKS = \
extrapkg \
corepkg \
testingpkg \
stagingpkg \
communitypkg \
@@ -61,9 +66,22 @@ BASHCOMPLETION_LINKS = \
archco \
communityco
all: $(BINPROGS) bash_completion zsh_completion
edit = sed -e "s|@pkgdatadir[@]|$(DESTDIR)$(PREFIX)/share/devtools|g"
MANS = \
doc/lddd.1 \
doc/checkpkg.1 \
doc/offload-build.1 \
doc/sogrep.1 \
doc/makerepropkg.1 \
doc/mkarchroot.1 \
doc/find-libdeps.1 \
doc/find-libprovides.1
all: $(BINPROGS) bash_completion zsh_completion man
man: $(MANS)
edit = sed -e "s|@pkgdatadir[@]|$(PREFIX)/share/devtools|g"
%: %.in Makefile lib/common.sh
@echo "GEN $@"
@@ -73,8 +91,13 @@ edit = sed -e "s|@pkgdatadir[@]|$(DESTDIR)$(PREFIX)/share/devtools|g"
@chmod +x "$@"
@bash -O extglob -n "$@"
$(MANS): doc/asciidoc.conf doc/footer.asciidoc
doc/%: doc/%.asciidoc
a2x --no-xmllint --asciidoc-opts="-f doc/asciidoc.conf" -d manpage -f manpage -D doc $<
clean:
rm -f $(BINPROGS) bash_completion zsh_completion
rm -f $(IN_PROGS) bash_completion zsh_completion $(MANS)
install:
install -dm0755 $(DESTDIR)$(PREFIX)/bin
@@ -89,6 +112,9 @@ install:
for l in ${BASHCOMPLETION_LINKS}; do ln -sf devtools $(DESTDIR)/usr/share/bash-completion/completions/$$l; done
install -Dm0644 zsh_completion $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools
ln -sf archco $(DESTDIR)$(PREFIX)/bin/communityco
for manfile in $(MANS); do \
install -Dm644 $$manfile -t $(DESTDIR)$(MANDIR)/man$${manfile##*.}; \
done;
uninstall:
for f in ${BINPROGS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$f; done
@@ -100,6 +126,15 @@ uninstall:
rm $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools
rm -f $(DESTDIR)$(PREFIX)/bin/communityco
rm -f $(DESTDIR)$(PREFIX)/bin/find-libprovides
for manfile in $(MANS); do \
rm -f $(DESTDIR)$(MANDIR)/man$${manfile##*.}/$${manfile#doc/}; \
done;
TODAY=$(shell date +"%Y%m%d")
tag:
@sed -E "s|^V=[0-9]{8}|V=$(TODAY)|" -i Makefile
@git commit --gpg-sign --message "Version $(TODAY)" Makefile
@git tag --sign --message "Version $(TODAY)" $(TODAY)
dist:
git archive --format=tar --prefix=devtools-$(V)/ $(V) | gzip -9 > devtools-$(V).tar.gz
@@ -111,5 +146,5 @@ upload:
check: $(BINPROGS) bash_completion makepkg-x86_64.conf PKGBUILD.proto
shellcheck $^
.PHONY: all clean install uninstall dist upload check
.PHONY: all clean install uninstall dist upload check tag
.DELETE_ON_ERROR:

24
README.md Normal file
View File

@@ -0,0 +1,24 @@
# Devtools - development tools for Arch Linux
This repository contains tools for the Arch Linux distribution for building
and maintaining official repository packages.
## Patches
Patches can be send to arch-projects@archlinux.org or via a pull request on
Github. When sending patches to the mailing list make sure to set a valid
subjectprefix otherwise the email is denied by mailman. Git can be configured
as following.
```
git config format.subjectprefix 'devtools] [PATCH'
```
## Releasing
1. bump the version in the Makefile
2. Commit everything as ```Version $(date +"%Y%m%d")```
3. Create a new tag ```git tag -s $(date +"%Y%m%d")```
4. Push changes
5. Upload the source tarball with ```make dist upload```
6. Update the package

View File

@@ -13,9 +13,14 @@
m4_include(lib/common.sh)
m4_include(lib/archroot.sh)
# umask might have been changed in /etc/profile
# ensure that sane default is set again
umask 0022
working_dir=''
files=()
mount_args=()
usage() {
echo "Usage: ${0##*/} [options] working-dir [systemd-nspawn arguments]"
@@ -35,7 +40,7 @@ while getopts 'hC:M:c:f:s' arg; do
case "$arg" in
C) pac_conf="$OPTARG" ;;
M) makepkg_conf="$OPTARG" ;;
c) cache_dir="$OPTARG" ;;
c) cache_dirs+=("$OPTARG") ;;
f) files+=("$OPTARG") ;;
s) nosetarch=1 ;;
h|?) usage ;;
@@ -52,35 +57,47 @@ shift 1
[[ -z $working_dir ]] && die 'Please specify a working directory.'
if [[ -z $cache_dir ]]; then
cache_dirs=($(pacman -v 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g'))
else
cache_dirs=("$cache_dir")
pacconf_cmd=$(command -v pacman-conf || command -v pacconf)
if (( ${#cache_dirs[@]} == 0 )); then
mapfile -t cache_dirs < <($pacconf_cmd --config "${pac_conf:-$working_dir/etc/pacman.conf}" CacheDir)
fi
# shellcheck disable=2016
host_mirror=$(pacman --cachedir /doesnt/exist -Sddp extra/devtools 2>/dev/null | sed -r 's#(.*/)extra/os/.*#\1$repo/os/$arch#')
# shellcheck disable=2016
[[ $host_mirror == *file://* ]] && host_mirror_path=$(echo "$host_mirror" | sed -r 's#file://(/.*)/\$repo/os/\$arch#\1#g')
host_mirrors=($($pacconf_cmd --repo extra Server 2> /dev/null | sed -r 's#(.*/)extra/os/.*#\1$repo/os/$arch#'))
for host_mirror in "${host_mirrors[@]}"; do
if [[ $host_mirror == *file://* ]]; then
host_mirror=$(echo "$host_mirror" | sed -r 's#file://(/.*)/\$repo/os/\$arch#\1#g')
for m in "$host_mirror"/pool/*/; do
in_array "$m" "${cache_dirs[@]}" || cache_dirs+=("$m")
done
fi
done
while read -r line; do
mapfile -t lines < <($pacconf_cmd --config "${pac_conf:-$working_dir/etc/pacman.conf}" \
--repo $line Server | sed -r 's#(.*/)[^/]+/os/.+#\1#')
for line in "${lines[@]}"; do
if [[ $line = file://* ]]; then
line=${line#file://}
in_array "$line" "${cache_dirs[@]}" || cache_dirs+=("$line")
fi
done
done < <($pacconf_cmd --config "${pac_conf:-$working_dir/etc/pacman.conf}" --repo-list)
mount_args+=("--bind=${cache_dirs[0]//:/\\:}")
for cache_dir in "${cache_dirs[@]:1}"; do
mount_args+=("--bind-ro=${cache_dir//:/\\:}")
done
# {{{ functions
build_mount_args() {
declare -g mount_args=()
if [[ -n $host_mirror_path ]]; then
mount_args+=("--bind-ro=$host_mirror_path")
fi
mount_args+=("--bind=${cache_dirs[0]}")
for cache_dir in "${cache_dirs[@]:1}"; do
mount_args+=("--bind-ro=$cache_dir")
done
}
copy_hostconf () {
cp -a /etc/pacman.d/gnupg "$working_dir/etc/pacman.d"
echo "Server = $host_mirror" >"$working_dir/etc/pacman.d/mirrorlist"
unshare --fork --pid gpg --homedir "$working_dir"/etc/pacman.d/gnupg/ --no-permission-warning --quiet --batch --import --import-options import-local-sigs "$(pacman-conf GpgDir)"/pubring.gpg >/dev/null 2>&1
pacman-key --gpgdir "$working_dir"/etc/pacman.d/gnupg/ --import-trustdb "$(pacman-conf GpgDir)" >/dev/null 2>&1
printf 'Server = %s\n' "${host_mirrors[@]}" >"$working_dir/etc/pacman.d/mirrorlist"
[[ -n $pac_conf ]] && cp "$pac_conf" "$working_dir/etc/pacman.conf"
[[ -n $makepkg_conf ]] && cp "$makepkg_conf" "$working_dir/etc/makepkg.conf"
@@ -91,7 +108,7 @@ copy_hostconf () {
cp -T "$file" "$working_dir$file"
done
sed -r "s|^#?\\s*CacheDir.+|CacheDir = $(echo -n "${cache_dirs[@]}")|g" -i "$working_dir/etc/pacman.conf"
sed -r "s|^#?\\s*CacheDir.+|CacheDir = ${cache_dirs[*]}|g" -i "$working_dir/etc/pacman.conf"
}
# }}}
@@ -104,10 +121,9 @@ elif [[ $(cat "$working_dir/.arch-chroot") != "$CHROOT_VERSION" ]]; then
die "chroot '%s' is not at version %s. Please rebuild." "$working_dir" "$CHROOT_VERSION"
fi
build_mount_args
copy_hostconf
eval "$(grep '^CARCH=' "$working_dir/etc/makepkg.conf")"
eval "$(grep -a '^CARCH=' "$working_dir/etc/makepkg.conf")"
[[ -z $nosetarch ]] || unset CARCH

View File

@@ -5,7 +5,7 @@ m4_include(lib/common.sh)
m4_include(lib/archroot.sh)
base_packages=(base-devel)
makechrootpkg_args=(-c -n)
makechrootpkg_args=(-c -n -C)
cmd="${0##*/}"
if [[ "${cmd%%-*}" == 'multilib' ]]; then
@@ -20,29 +20,40 @@ fi
chroots='/var/lib/archbuild'
clean_first=false
pacman_config="@pkgdatadir@/pacman-${repo}.conf"
if [[ -f @pkgdatadir@/pacman-${repo}-${arch}.conf ]]; then
pacman_config="@pkgdatadir@/pacman-${repo}-${arch}.conf"
fi
makepkg_config="@pkgdatadir@/makepkg-${arch}.conf"
if [[ -f @pkgdatadir@/makepkg-${repo}-${arch}.conf ]]; then
makepkg_config="@pkgdatadir@/makepkg-${repo}-${arch}.conf"
fi
usage() {
echo "Usage: $cmd [options] -- [makechrootpkg args]"
echo ' -h This help'
echo ' -c Recreate the chroot before building'
echo ' -r <dir> Create chroots in this directory'
echo ' -s Do not run setarch'
echo ''
echo "Default makechrootpkg args: ${makechrootpkg_args[*]}"
echo ''
exit 1
}
while getopts 'hcr:' arg; do
while getopts 'hcr:s' arg; do
case "${arg}" in
c) clean_first=true ;;
r) chroots="$OPTARG" ;;
s) nosetarch_opt="-s" ;;
*) usage ;;
esac
done
check_root
check_root SOURCE_DATE_EPOCH,SRCDEST,SRCPKGDEST,PKGDEST,LOGDEST,MAKEFLAGS,PACKAGER,GNUPGHOME
# Pass all arguments after -- right to makepkg
makechrootpkg_args+=("${@:$OPTIND}")
makechrootpkg_args+=("${nosetarch_opt}" "${@:$OPTIND}")
if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
msg "Creating chroot for [%s] (%s)..." "${repo}" "${arch}"
@@ -59,19 +70,24 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
lock_close 9
rm -rf --one-file-system "${chroots}/${repo}-${arch}"
mkdir -p "${chroots}/${repo}-${arch}"
setarch "${arch}" mkarchroot \
-C "@pkgdatadir@/pacman-${repo}.conf" \
-M "@pkgdatadir@/makepkg-${arch}.conf" \
(umask 0022; mkdir -p "${chroots}/${repo}-${arch}")
mkarchroot ${nosetarch_opt} \
-C "${pacman_config}" \
-M "${makepkg_config}" \
"${chroots}/${repo}-${arch}/root" \
"${base_packages[@]}" || abort
else
lock 9 "${chroots}/${repo}-${arch}/root.lock" "Locking clean chroot"
arch-nspawn \
-C "@pkgdatadir@/pacman-${repo}.conf" \
-M "@pkgdatadir@/makepkg-${arch}.conf" \
arch-nspawn ${nosetarch_opt} \
-C "${pacman_config}" \
-M "${makepkg_config}" \
"${chroots}/${repo}-${arch}/root" \
pacman -Syu --noconfirm || abort
pacman -Syuu --noconfirm || abort
fi
# Always build official packages reproducibly
if [[ ! -v SOURCE_DATE_EPOCH ]]; then
export SOURCE_DATE_EPOCH=$(date +%s)
fi
msg "Building in chroot for [%s] (%s)..." "${repo}" "${arch}"

View File

@@ -48,7 +48,8 @@ if [[ $(svn status -q) ]]; then
fi
pushd .. >/dev/null
IFS=$'\n' read -r -d '' -a known_files < <(svn ls -r HEAD "$trunk")
mapfile -t known_files < <(svn ls -r HEAD "$trunk")
wait $! || die "failed to discover committed files"
for file in "${known_files[@]}"; do
if [[ ${file:(-1)} = '/' ]]; then
die "archrelease: subdirectories are not supported in package directories!"
@@ -65,12 +66,12 @@ for tag in "$@"; do
stat_busy "Copying %s to %s" "${trunk}" "${tag}"
if [[ -d repos/$tag ]]; then
declare -a trash
trash=()
while read -r file; do
trash+=("repos/$tag/$file")
done < <(svn ls "repos/$tag")
[[ ${#trash[@]} == 0 ]] || svn rm -q "${trash[@]/%/@}"
mapfile -t trash < <(svn ls "repos/$tag")
wait $! || die "failed to discover existing files"
if (( ${#trash[@]} )); then
trash=("${trash[@]/#/repos/$tag/}")
svn rm -q "${trash[@]/%/@}"
fi
else
mkdir -p "repos/$tag"
svn add --parents -q "repos/$tag"

View File

@@ -1,16 +0,0 @@
#!/bin/bash
# License: Unspecified
m4_include(lib/common.sh)
if [[ -z $1 ]]; then
echo 'Usage: archrm <path to checkout>'
exit 1
fi
# FIXME: Check if there are uncommited changes
#pushd $1
#
#popd
rm -rf "$1"

View File

@@ -22,6 +22,53 @@ elif [[ -r "$HOME/.makepkg.conf" ]]; then
source "$HOME/.makepkg.conf"
fi
usage() {
cat <<- _EOF_
Usage: ${BASH_SOURCE[0]##*/} [OPTIONS]
Searches for a locally built package corresponding to the PKGBUILD, and
downloads the last version of that package from the Pacman repositories.
It then compares the list of .so files provided by each version of the
package and outputs if there are soname differences for the new package.
A directory is also created using mktemp with files containing a file
list for both packages and a library list for both packages.
OPTIONS
-r, --rmdir Remove the temporary directory
-w, --warn Print a warning in case of differences
-h, --help Show this help text
_EOF_
}
RMDIR=0
WARN=0
OPT_SHORT='rwh'
OPT_LONG=('rmdir' 'warn' 'help')
if ! parseopts "$OPT_SHORT" "${OPT_LONG[@]}" -- "$@"; then
exit 1
fi
set -- "${OPTRET[@]}"
while :; do
case $1 in
-r|--rmdir)
RMDIR=1
;;
-w|--warn)
WARN=1
;;
-h|--help)
usage
exit 0
;;
--)
shift; break
;;
esac
shift
done
if [[ ! -f PKGBUILD ]]; then
die 'This must be run in the directory of a built package.'
fi
@@ -33,9 +80,12 @@ if [[ ${arch[0]} == 'any' ]]; then
fi
STARTDIR=$(pwd)
(( RMDIR )) && trap 'rm -rf $TEMPDIR' EXIT INT TERM QUIT
TEMPDIR=$(mktemp -d --tmpdir checkpkg-script.XXXX)
for _pkgname in "${pkgname[@]}"; do
comparepkg=$_pkgname
pkgurl=
target_pkgver=$(get_full_version "$_pkgname")
if ! pkgfile=$(find_cached_package "$_pkgname" "$target_pkgver" "$CARCH"); then
die 'tarball not found for package: %s' "${_pkgname}-$target_pkgver"
@@ -43,16 +93,31 @@ for _pkgname in "${pkgname[@]}"; do
ln -s "$pkgfile" "$TEMPDIR"
pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$_pkgname") ||
die "Couldn't download previous package for %s." "$_pkgname"
if (( $# )); then
case $1 in
*://*)
pkgurl=$1 ;;
/*|*/*)
pkgurl=$(readlink -m "$1") ;;
*.pkg.tar*)
pkgurl=$1 ;;
'')
;;
*)
comparepkg=$1 ;;
esac
shift
fi
[[ -n $pkgurl ]] || pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$comparepkg") ||
die "Couldn't download previous package for %s." "$comparepkg"
oldpkg=${pkgurl##*://*/}
oldpkg=${pkgurl##*/}
if [[ ${oldpkg##*/} = "${pkgfile##*/}" ]]; then
if [[ ${oldpkg} = "${pkgfile##*/}" ]]; then
die "The built package (%s) is the one in the repo right now!" "$_pkgname"
fi
if [[ $pkgurl = file://* ]]; then
if [[ $pkgurl = file://* || ( $pkgurl = /* && -f $pkgurl ) ]]; then
ln -s "${pkgurl#file://}" "$TEMPDIR/$oldpkg"
elif [[ -f "$PKGDEST/$oldpkg" ]]; then
ln -s "$PKGDEST/$oldpkg" "$TEMPDIR/$oldpkg"
@@ -70,11 +135,12 @@ for _pkgname in "${pkgname[@]}"; do
find-libprovides "$TEMPDIR/$oldpkg" 2>/dev/null | sort > "$TEMPDIR/libraries-$_pkgname-old"
find-libprovides "$pkgfile" 2>/dev/null | sort > "$TEMPDIR/libraries-$_pkgname"
if ! diff_output="$(sdiff -s "$TEMPDIR/libraries-$_pkgname-old" "$TEMPDIR/libraries-$_pkgname")"; then
msg "Sonames differ in $_pkgname!"
message="Sonames differ in $_pkgname!"
(( WARN )) && warning "$message" || msg "$message"
echo "$diff_output"
else
msg "No soname differences for %s." "$_pkgname"
fi
done
msg "Files saved to %s" "$TEMPDIR"
(( RMDIR )) || msg "Files saved to %s" "$TEMPDIR"

View File

@@ -83,7 +83,7 @@ while getopts ':l:a:s:f' flag; do
done
shift $(( OPTIND - 1 ))
# check packages have the packager field set
# check packages for validity
for _arch in "${arch[@]}"; do
if [[ -n $commit_arch && ${_arch} != "$commit_arch" ]]; then
continue
@@ -91,10 +91,15 @@ for _arch in "${arch[@]}"; do
for _pkgname in "${pkgname[@]}"; do
fullver=$(get_full_version "$_pkgname")
if pkgfile=$(find_cached_package "$_pkgname" "$_arch" "$fullver"); then
if pkgfile=$(find_cached_package "$_pkgname" "$fullver" "$_arch"); then
if grep -q "packager = Unknown Packager" <(bsdtar -xOqf "$pkgfile" .PKGINFO); then
die "PACKAGER was not set when building package"
fi
hashsum=sha256sum
pkgbuild_hash=$(awk -v"hashsum=$hashsum" -F' = ' '$1 == "pkgbuild_"hashsum {print $2}' <(bsdtar -xOqf "$pkgfile" .BUILDINFO))
if [[ "$pkgbuild_hash" != "$($hashsum PKGBUILD|cut -d' ' -f1)" ]]; then
die "PKGBUILD $hashsum mismatch: expected $pkgbuild_hash"
fi
fi
done
done
@@ -104,10 +109,10 @@ if [[ -z $server ]]; then
fi
if [[ -n $(svn status -q) ]]; then
msgtemplate="upgpkg: $pkgbase $(get_full_version)"$'\n\n'
msgtemplate="upgpkg: $pkgbase $(get_full_version)"
if [[ -n $1 ]]; then
stat_busy 'Committing changes to trunk'
svn commit -q -m "${msgtemplate}${1}" || die
svn commit -q -m "${msgtemplate}: ${1}" || die
stat_done
else
msgfile="$(mktemp)"
@@ -157,8 +162,8 @@ for _arch in "${arch[@]}"; do
fi
gpg --detach-sign --use-agent --no-armor "${SIGNWITHKEY[@]}" "${pkgfile}" || die
fi
if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
die "Signature %s.sig is incorrect!" "$pkgfile"
if ! gpg --verify "$sigfile" "$pkgfile" >/dev/null 2>&1; then
die "Signature %s is incorrect!" "$sigfile"
fi
uploads+=("$sigfile")
done

View File

@@ -64,7 +64,6 @@ done
msg "Adding %s to %s" "${pkgbase}" "${target_repo}"
svn -q add "target_checkout/${pkgbase}"
svn -q propset svn:keywords 'Id' "target_checkout/${pkgbase}/trunk/PKGBUILD"
svn -q commit -m"${scriptname}: Moving ${pkgbase} from ${source_repo} to ${target_repo}" target_checkout
pushd "target_checkout/${pkgbase}/trunk" >/dev/null
archrelease "${arch[@]/#/$target_repo-}" || die

37
doc/asciidoc.conf Normal file
View File

@@ -0,0 +1,37 @@
## linkman: macro
# Inspired by/borrowed from the GIT source tree at Documentation/asciidoc.conf
#
# Usage: linkman:command[manpage-section]
#
# Note, {0} is the manpage section, while {target} is the command.
#
# Show man link as: <command>(<section>); if section is defined, else just show
# the command.
[macros]
(?su)[\\]?(?P<name>linkman):(?P<target>\S*?)\[(?P<attrlist>.*?)\]=
[attributes]
asterisk=&#42;
plus=&#43;
caret=&#94;
startsb=&#91;
endsb=&#93;
backslash=&#92;
tilde=&#126;
apostrophe=&#39;
backtick=&#96;
litdd=&#45;&#45;
ifdef::backend-docbook[]
[linkman-inlinemacro]
{0%{target}}
{0#<citerefentry>}
{0#<refentrytitle>{target}</refentrytitle><manvolnum>{0}</manvolnum>}
{0#</citerefentry>}
endif::backend-docbook[]
ifdef::backend-xhtml11[]
[linkman-inlinemacro]
<a href="{target}.{0}.html">{target}{0?({0})}</a>
endif::backend-xhtml11[]

40
doc/checkpkg.1.asciidoc Normal file
View File

@@ -0,0 +1,40 @@
checkpkg(1)
===========
Name
----
checkpkg - Compare the current build package with the repository version
Synopsis
--------
checkpkg
Description
-----------
Searches for a locally built package corresponding to the PKGBUILD, and
downloads the last version of that package from the Pacman repositories. It
then compares the list of .so files provided by each version of the package and
outputs if there are soname differences for the new package. A directory is
also created using mktemp with files containing a file list for both packages
and a library list for both packages.
Options
-------
*-r, --rmdir*::
Remove the temporary directory created to contain the file and library list
of both packages.
*-w, --warn*::
Print a warning instead of a regular message in case of soname differences.
*-h, --help*::
Show a help text
See Also
--------
linkman:find-libprovides[1]
include::footer.asciidoc[]

View File

@@ -0,0 +1,24 @@
find-libdeps(1)
===============
Name
----
find-libdeps - Find soname dependencies for a package
Synopsis
--------
find-libdeps [options]
Description
-----------
Finds soname dependencies of a package and prints out a list in the following
format '<soname>=<soversion>-<soarch>'.
Options
-------
*--ignore-internal*::
Ignore internal libraries.
include::footer.asciidoc[]

View File

@@ -0,0 +1,24 @@
find-libprovides(1)
===================
Name
----
find-libprovides - Find soname's which are provided by a package
Synopsis
--------
find-libprovides [options]
Description
-----------
Finds soname's provided by a package and prints out a list in the following
format '<soname>=<soversion>-<soarch>'.
Options
-------
*--ignore-internal*::
Ignore internal libraries.
include::footer.asciidoc[]

29
doc/footer.asciidoc Normal file
View File

@@ -0,0 +1,29 @@
Bugs
----
Bugs can be reported on the bug tracker 'https://bugs.archlinux.org' in the Arch
Linux category and title prefixed with [devtools] or via
mailto:arch-projects@archlinux.org[].
Authors
-------
Maintainers:
* Aaron Griffin <aaronmgriffin@gmail.com>
* Allan McRae <allan@archlinux.org>
* Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
* Dan McGee <dan@archlinux.org>
* Dave Reisner <dreisner@archlinux.org>
* Evangelos Foutras <evangelos@foutrelis.com>
* Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
* Jelle van der Waa <jelle@archlinux.org>
* Levente Polyak <anthraxx@archlinux.org>
* Pierre Schmitz <pierre@archlinux.de>
* Sébastien Luttringer <seblu@seblu.net>
* Sven-Hendrik Haase <svenstaro@gmail.com>
* Thomas Bächler <thomas@archlinux.org>
For additional contributors, use `git shortlog -s` on the devtools.git
repository.

25
doc/lddd.1.asciidoc Normal file
View File

@@ -0,0 +1,25 @@
lddd(1)
=======
Name
----
lddd - Find broken library links on your system
Synopsis
--------
lddd
Description
-----------
Scans '$PATH', '/lib', '/usr/lib', '/usr/local/lib' and
'/etc/ld.so.conf.d/*.conf' directories for ELF files with references to missing
shared libraries, and suggests which packages might need to be rebuilt. The
collected data is written to a temporary directory created by mktemp.
See Also
--------
linkman:ldd[1]
include::footer.asciidoc[]

View File

@@ -0,0 +1,45 @@
makerepropkg(1)
================
Name
----
makerepropkg - Rebuild a package to see if it is reproducible
Synopsis
--------
makerepropkg [OPTIONS] <package_file>...
Description
-----------
Given the path to a built pacman package(s), attempt to rebuild it using the
PKGBUILD in the current directory. The package will be built in an environment
as closely matching the environment of the initial package as possible, by
building up a chroot to match the information exposed in the package's
linkman:BUILDINFO[5] manifest. On success, the resulting package will be
compared to the input package, and makerepropkg will report whether the
artifacts are identical.
When given multiple packages, additional package files are assumed to be split
packages and will be treated as additional artifacts to compare during the
verification step.
This implements a verifier for pacman/libalpm packages in accordance with the
link:https://reproducible-builds.org/[Reproducible Builds] project.
Options
-------
*-d*::
If packages are not reproducible, compare them using diffoscope.
*-c*::
Set the pacman cache directory.
*-M* <file>::
Location of a makepkg config file.
*-h*::
Show this usage message
include::footer.asciidoc[]

49
doc/mkarchroot.1.asciidoc Normal file
View File

@@ -0,0 +1,49 @@
mkarchroot(1)
==============
Name
----
mkarchroot - Creates an arch chroot in a specified location with a specified set of packages
Synopsis
--------
mkarchroot [options] [location] [packages]
Description
-----------
'mkarchroot' is a script to create an Arch Linux chroot at a specified location
with specified packages. Typically used by 'makechrootpkg' to create build
chroots. Apart from installing specified packages the chroot is created with an
en_US.UTF-8 and de_DE.UTF-8 locale and a generated machine-id.
Options
-------
*-U*::
Use 'pacman -U' to install packages.
*-C* <file>::
Location of a pacman config file.
*-M* <file>::
Location of a makepkg config file.
*-c* <dir>::
Set pacman cache.
*-f* <file>::
Copy file from the host to the chroot.
*-s*::
Do not run setarch.
*-h*::
Output command line options.
See Also
--------
linkman:pacman[1]
include::footer.asciidoc[]

View File

@@ -0,0 +1,52 @@
offload-build(1)
================
Name
----
offload-build - Build a PKGBUILD on a remote server using makechrootpkg
Synopsis
--------
offload-build [OPTIONS] -- [ARCHBUILD_OPTIONS]
Description
-----------
Build a PKGBUILD on a remote server using makechrootpkg. Requires a remote user
that can run archbuild in a non-interactive manner, e.g. must be able to
elevate permissions using passwordless sudo.
Options
-------
*-r, --repo* <reponame>::
Build against a specific repository. The default is `extra`, to build packages using
the stable repositories via extra-x86_64-build.
*-a, --arch* <architecture>::
Build against a specific architecture. The default is `x86_64`, the only
architecture officially supported by Arch Linux.
*-s, --server* <hostname>::
Offload to a specific build server. The default is dragon.archlinux.org
which is used as part of the build toolchain for the official Arch Linux
repos.
*-h, --help*::
Show a help text.
Passing options to archbuild
----------------------------
Options after a delimiting -- are passed on to archbuild on the remote.
archbuild in turn supports passing arguments on to makechrootpkg, which in turn
supports passing options to makepkg. Since each uses -- to delimit options that
are forwarded, make sure to escape them properly:
`offload-build offload-args -- archbuild-args -- makechrootpkg-args -- makepkg-args`
Example: To use a second `testing-x86_64-build` instance with another copydir:
`offload-build -r testing -- -- -l <chroot_copy>`
include::footer.asciidoc[]

48
doc/sogrep.1.asciidoc Normal file
View File

@@ -0,0 +1,48 @@
sogrep(1)
=========
Name
----
sogrep - Find shared library links in an Arch Linux repository
Synopsis
--------
sogrep [options] repo libname
Description
-----------
Check the soname links database for Arch Linux repositories containing packages
linked to a given shared library. If the repository specified is "all", then
all repositories will be searched, otherwise only the named repository will be
searched.
If the links database does not exist, it will be downloaded first.
Options
-------
*-v, --verbose*::
Provide detailed output containing the matched links for each package, the
repository it came from (in the event that all repositories are being
searched), and, in combination with `-r`, a progress bar for the links
database download.
*-r, --refresh*::
Refresh the links databases
*-h, --help*::
Show a help text
Environment Variables
---------------------
**SOLINKS_MIRROR**="https://mirror.foo.com"
Alternative mirror to use for downloading soname links database.
**SOCACHE_DIR**="/path/to/directory"::
Directory where soname links database is stored, overrides the default
directory set by the **XDG_CACHE_HOME** environment variable or the
**HOME** environment variable if **XDG_CACHE_HOME** is not set.
include::footer.asciidoc[]

View File

@@ -13,7 +13,7 @@ if [[ $1 = "--ignore-internal" ]]; then
shift
fi
script_mode=${0##*/find-lib}
script_mode=${BASH_SOURCE[0]##*/find-lib}
case $script_mode in
deps|provides) true;;
@@ -46,7 +46,7 @@ process_sofile() {
# extract the major version: 1
soversion="${sofile##*\.so\.}"
if [[ "$soversion" = "$sofile" ]] && ((IGNORE_INTERNAL)); then
continue
return
fi
if ! in_array "${soname}=${soversion}-${soarch}" "${soobjects[@]}"; then
# libfoo.so=1-64
@@ -57,7 +57,7 @@ process_sofile() {
case $script_mode in
deps) find_args=(-perm -u+x);;
provides) find_args=(-name '*.so*');;
provides) find_args=(-name '*.so*');;
esac
find . -type f "${find_args[@]}" | while read -r filename; do

View File

@@ -17,7 +17,7 @@ if [[ -z $match ]]; then
exit 1
fi
find . -type d | while read -r d; do
find . -type d -print0 2>/dev/null| while read -r -d '' d; do
if [[ -f "$d/PKGBUILD" ]]; then
pkgname=() depends=() makedepends=() optdepends=()
# shellcheck source=PKGBUILD.proto

View File

@@ -6,13 +6,15 @@
CHROOT_VERSION='v4'
##
# usage : check_root
# usage : check_root $keepenv
##
orig_argv=("$0" "$@")
orig_argv=("${BASH_SOURCE[0]}" "$@")
check_root() {
local keepenv=$1
(( EUID == 0 )) && return
if type -P sudo >/dev/null; then
exec sudo -- "${orig_argv[@]}"
exec sudo --preserve-env=$keepenv -- "${orig_argv[@]}"
else
exec su root -c "$(printf ' %q' "${orig_argv[@]}")"
fi
@@ -35,14 +37,6 @@ is_subvolume() {
[[ -e "$1" && "$(stat -f -c %T "$1")" == btrfs && "$(stat -c %i "$1")" == 256 ]]
}
##
# usage : is_same_fs( $path_a, $path_b )
# return : whether $path_a and $path_b are on the same filesystem
##
is_same_fs() {
[[ "$(stat -c %d "$1")" == "$(stat -c %d "$1")" ]]
}
##
# usage : subvolume_delete_recursive( $path )
#

View File

@@ -4,10 +4,12 @@
# License: Unspecified
[[ -z ${_INCLUDE_COMMON_SH:-} ]] || return 0
_INCLUDE_COMMON_SH=true
_INCLUDE_COMMON_SH="$(set +o|grep nounset)"
set +u +o posix
# shellcheck disable=1091
. /usr/share/makepkg/util.sh
$_INCLUDE_COMMON_SH
# Avoid any encoding problems
export LANG=C
@@ -15,7 +17,7 @@ export LANG=C
shopt -s extglob
# check if messages are to be printed using color
if [[ -t 2 ]]; then
if [[ -t 2 && "$TERM" != dumb ]]; then
colorize
else
# shellcheck disable=2034
@@ -140,7 +142,7 @@ find_cached_package() {
for dir in "${searchdirs[@]}"; do
[[ -d $dir ]] || continue
for pkg in "$dir"/*.pkg.tar?(.?z); do
for pkg in "$dir"/*.pkg.tar?(.!(sig|*.*)); do
[[ -f $pkg ]] || continue
# avoid adding duplicates of the same inode
@@ -150,7 +152,7 @@ find_cached_package() {
# split apart package filename into parts
pkgbasename=${pkg##*/}
pkgbasename=${pkgbasename%.pkg.tar?(.?z)}
pkgbasename=${pkgbasename%.pkg.tar*}
arch=${pkgbasename##*-}
pkgbasename=${pkgbasename%-"$arch"}

31
lib/valid-repos.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/hint/bash
# License: Unspecified
:
# shellcheck disable=2034
_repos=(
staging
testing
core
extra
community-staging
community-testing
community
multilib-staging
multilib-testing
multilib
gnome-unstable
kde-unstable
)
# shellcheck disable=2034
_build_repos=(
staging
testing
extra
multilib-staging
multilib-testing
multilib
gnome-unstable
kde-unstable
)

View File

@@ -13,8 +13,34 @@
m4_include(lib/common.sh)
m4_include(lib/archroot.sh)
source /usr/share/makepkg/util/config.sh
shopt -s nullglob
default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg)
makepkg_args=("${default_makepkg_args[@]}")
verifysource_args=()
chrootdir=
passeddir=
makepkg_user=
declare -a install_pkgs
declare -i ret=0
keepbuilddir=0
update_first=0
clean_first=0
run_namcap=0
run_checkpkg=0
temp_chroot=0
bindmounts_ro=()
bindmounts_rw=()
copy=$USER
[[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER
[[ -z "$copy" || $copy = root ]] && copy=copy
src_owner=${SUDO_USER:-$USER}
usage() {
echo "Usage: ${0##*/} [options] -r <chrootdir> [--] [makepkg args]"
echo ' Run this script in a PKGBUILD dir to build a package inside a'
@@ -49,63 +75,39 @@ usage() {
echo ' Useful for maintaining multiple copies'
echo " Default: $copy"
echo '-n Run namcap on the package'
echo '-C Run checkpkg on the package'
echo '-T Build in a temporary directory'
echo '-U Run makepkg as a specified user'
echo '-s Do not run setarch'
exit 1
}
# {{{ functions
# Usage: load_vars $makepkg_conf
# Globals:
# - SRCDEST
# - SRCPKGDEST
# - PKGDEST
# - LOGDEST
# - MAKEFLAGS
# - PACKAGER
load_vars() {
local makepkg_conf="$1" var
[[ -f $makepkg_conf ]] || return 1
for var in {SRC,SRCPKG,PKG,LOG}DEST MAKEFLAGS PACKAGER; do
[[ -z ${!var:-} ]] && eval "$(grep "^${var}=" "$makepkg_conf")"
done
return 0
}
# Usage: sync_chroot $rootdir $copydir [$copy]
# Usage: sync_chroot $chrootdir $copydir [$copy]
sync_chroot() {
local rootdir=$1
local chrootdir=$1
local copydir=$2
local copy=${3:-$2}
if [[ "$rootdir" -ef "$copydir" ]]; then
if [[ "$chrootdir/root" -ef "$copydir" ]]; then
error 'Cannot sync copy with itself: %s' "$copydir"
return 1
fi
# Get a read lock on the root chroot to make
# sure we don't clone a half-updated chroot
slock 8 "$rootdir.lock" \
"Locking clean chroot [%s]" "$rootdir"
slock 8 "$chrootdir/root.lock" \
"Locking clean chroot [%s]" "$chrootdir/root"
stat_busy "Synchronizing chroot copy [%s] -> [%s]" "$rootdir" "$copy"
if is_subvolume "$rootdir" && is_same_fs "$rootdir" "$(dirname -- "$copydir")" && ! mountpoint -q "$copydir"; then
if is_subvolume "$copydir"; then
subvolume_delete_recursive "$copydir" ||
die "Unable to delete subvolume %s" "$copydir"
else
# avoid change of filesystem in case of an umount failure
rm --recursive --force --one-file-system "$copydir" ||
die "Unable to delete %s" "$copydir"
fi
btrfs subvolume snapshot "$rootdir" "$copydir" >/dev/null ||
stat_busy "Synchronizing chroot copy [%s] -> [%s]" "$chrootdir/root" "$copy"
if is_btrfs "$chrootdir" && ! mountpoint -q "$copydir"; then
subvolume_delete_recursive "$copydir" ||
die "Unable to delete subvolume %s" "$copydir"
btrfs subvolume snapshot "$chrootdir/root" "$copydir" >/dev/null ||
die "Unable to create subvolume %s" "$copydir"
else
mkdir -p "$copydir"
rsync -a --delete -q -W -x "$rootdir/" "$copydir"
rsync -a --delete -q -W -x "$chrootdir/root/" "$copydir"
fi
stat_done
@@ -136,56 +138,39 @@ delete_chroot() {
stat_done
}
# Usage: install_packages $copydir $pkgs...
install_packages() {
local copydir=$1
local install_pkgs=("${@:2}")
local -a pkgnames
local ret
pkgnames=("${install_pkgs[@]##*/}")
cp -- "${install_pkgs[@]}" "$copydir/root/"
arch-nspawn "$copydir" "${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
pacman -U --noconfirm -- "${pkgnames[@]/#//root/}"
arch-nspawn ${nosetarch_opt} "$copydir" "${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
bash -c 'yes y | pacman -U -- "$@"' -bash "${pkgnames[@]/#//root/}"
ret=$?
rm -- "${pkgnames[@]/#/$copydir/root/}"
return $ret
}
# Usage: prepare_chroot $copydir $HOME $keepbuilddir $run_namcap
# Globals:
# - MAKEFLAGS
# - PACKAGER
prepare_chroot() {
local copydir=$1
local USER_HOME=$2
local keepbuilddir=$3
local run_namcap=$4
$keepbuilddir || rm -rf "$copydir/build"
(( keepbuilddir )) || rm -rf "$copydir/build"
local builduser_uid builduser_gid
builduser_uid="${SUDO_UID:-$UID}"
builduser_gid="$(id -g "$builduser_uid")"
builduser_uid="$(id -u "$makepkg_user")"
builduser_gid="$(id -g "$makepkg_user")"
local install="install -o $builduser_uid -g $builduser_gid"
local x
# We can't use useradd without chrooting, otherwise it invokes PAM modules
# which we might not be able to load (i.e. when building i686 packages on
# an x86_64 host).
sed -e '/^builduser:/d' -i "$copydir"/etc/{passwd,group}
sed -e '/^builduser:/d' -i "$copydir"/etc/{passwd,shadow,group}
printf >>"$copydir/etc/group" 'builduser:x:%d:\n' "$builduser_gid"
printf >>"$copydir/etc/passwd" 'builduser:x:%d:%d:builduser:/build:/bin/bash\n' "$builduser_uid" "$builduser_gid"
printf >>"$copydir/etc/shadow" 'builduser:!!:%d::::::\n' "$(( $(date -u +%s) / 86400 ))"
$install -d "$copydir"/{build,build/.gnupg,startdir,{pkg,srcpkg,src,log}dest}
for x in .gnupg/pubring.{kbx,gpg}; do
[[ -r $USER_HOME/$x ]] || continue
$install -m 644 "$USER_HOME/$x" "$copydir/build/$x"
done
$install -d "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest}
sed -e '/^MAKEFLAGS=/d' -e '/^PACKAGER=/d' -i "$copydir/etc/makepkg.conf"
for x in BUILDDIR=/build PKGDEST=/pkgdest SRCPKGDEST=/srcpkgdest SRCDEST=/srcdest LOGDEST=/logdest \
@@ -205,9 +190,10 @@ EOF
{
printf '#!/bin/bash\n'
declare -f _chrootbuild
declare -p SOURCE_DATE_EPOCH 2>/dev/null || true
printf '_chrootbuild "$@" || exit\n'
if $run_namcap; then
if (( run_namcap )); then
declare -f _chrootnamcap
printf '_chrootnamcap || exit\n'
fi
@@ -218,9 +204,6 @@ EOF
# These functions aren't run in makechrootpkg,
# so no global variables
_chrootbuild() {
# Work around nspawn not giving us a ctty
exec </dev/console
# No coredumps
ulimit -c 0
@@ -231,7 +214,14 @@ _chrootbuild() {
# use "$" in arguments to commands with "sudo -i". ${foo} or
# ${1} is OK, but $foo or $1 isn't.
# https://bugzilla.sudo.ws/show_bug.cgi?id=765
sudo -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@"
sudo --preserve-env=SOURCE_DATE_EPOCH -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@"
ret=$?
case $ret in
0|14)
return 0;;
*)
return $ret;;
esac
}
_chrootnamcap() {
@@ -242,35 +232,18 @@ _chrootnamcap() {
done
}
# Usage: download_sources $copydir $makepkg_user
# Globals:
# - SRCDEST
download_sources() {
local copydir=$1
local makepkg_user=$2
local builddir
builddir="$(mktemp -d)"
chmod 1777 "$builddir"
setup_workdir
chown "$makepkg_user:" "$WORKDIR"
# Ensure sources are downloaded
sudo -u "$makepkg_user" env SRCDEST="$SRCDEST" BUILDDIR="$builddir" \
makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o ||
sudo -u "$makepkg_user" --preserve-env=GNUPGHOME \
env SRCDEST="$SRCDEST" BUILDDIR="$WORKDIR" \
makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" ||
die "Could not download sources."
# Clean up garbage from verifysource
rm -rf "$builddir"
}
# Usage: move_products $copydir $owner
# Globals:
# - PKGDEST
# - LOGDEST
# - SRCPKGDEST
move_products() {
local copydir=$1
local src_owner=$2
local pkgfile
for pkgfile in "$copydir"/pkgdest/*; do
chown "$src_owner" "$pkgfile"
@@ -301,140 +274,141 @@ move_products() {
}
# }}}
main() {
default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg)
makepkg_args=("${default_makepkg_args[@]}")
keepbuilddir=false
update_first=false
clean_first=false
run_namcap=false
temp_chroot=false
chrootdir=
passeddir=
makepkg_user=
declare -a install_pkgs
declare -i ret=0
while getopts 'hcur:I:l:nCTD:d:U:s' arg; do
case "$arg" in
c) clean_first=1 ;;
D) bindmounts_ro+=("--bind-ro=$OPTARG") ;;
d) bindmounts_rw+=("--bind=$OPTARG") ;;
u) update_first=1 ;;
r) passeddir="$OPTARG" ;;
I) install_pkgs+=("$OPTARG") ;;
l) copy="$OPTARG" ;;
n) run_namcap=1; makepkg_args+=(--install) ;;
C) run_checkpkg=1 ;;
T) temp_chroot=1; copy+="-$$" ;;
U) makepkg_user="$OPTARG" ;;
s) nosetarch_opt="-s" ;;
h|*) usage ;;
esac
done
bindmounts_ro=()
bindmounts_rw=()
[[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.'
[[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.'
makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}}
copy=$USER
[[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER
[[ -z "$copy" || $copy = root ]] && copy=copy
src_owner=${SUDO_USER:-$USER}
check_root SOURCE_DATE_EPOCH,GNUPGHOME,SRCDEST,SRCPKGDEST,PKGDEST,LOGDEST,MAKEFLAGS,PACKAGER
while getopts 'hcur:I:l:nTD:d:U:' arg; do
case "$arg" in
c) clean_first=true ;;
D) bindmounts_ro+=("--bind-ro=$OPTARG") ;;
d) bindmounts_rw+=("--bind=$OPTARG") ;;
u) update_first=true ;;
r) passeddir="$OPTARG" ;;
I) install_pkgs+=("$OPTARG") ;;
l) copy="$OPTARG" ;;
n) run_namcap=true; makepkg_args+=(--install) ;;
T) temp_chroot=true; copy+="-$$" ;;
U) makepkg_user="$OPTARG" ;;
h|*) usage ;;
esac
done
# Canonicalize chrootdir, getting rid of trailing /
chrootdir=$(readlink -e "$passeddir")
[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir"
[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try using: mkarchroot %s/root base-devel" "$chrootdir"
[[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.'
[[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.'
makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}}
if [[ ${copy:0:1} = / ]]; then
copydir=$copy
else
copydir="$chrootdir/$copy"
fi
check_root
# Pass all arguments after -- right to makepkg
makepkg_args+=("${@:$OPTIND}")
# Canonicalize chrootdir, getting rid of trailing /
chrootdir=$(readlink -e "$passeddir")
[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir"
[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try using: mkarchroot %s/root base-devel" "$chrootdir"
# See if -R or -e was passed to makepkg
for arg in "${@:$OPTIND}"; do
case ${arg%%=*} in
--skip*|--holdver) verifysource_args+=("$arg") ;;
--repackage|--noextract) keepbuilddir=1 ;;
--*) ;;
-*R*|-*e*) keepbuilddir=1 ;;
esac
done
if [[ ${copy:0:1} = / ]]; then
copydir=$copy
else
copydir="$chrootdir/$copy"
fi
umask 0022
# Pass all arguments after -- right to makepkg
makepkg_args+=("${@:$OPTIND}")
ORIG_HOME=$HOME
IFS=: read -r _ _ _ _ _ HOME _ < <(getent passwd "${SUDO_USER:-$USER}")
load_makepkg_config
HOME=$ORIG_HOME
# See if -R or -e was passed to makepkg
for arg in "${makepkg_args[@]}"; do
case ${arg%%=*} in
--repackage|--noextract) keepbuilddir=true; break ;;
--repackage|--noextract) keepbuilddir=true; break ;;
--*) ;;
-*R*|-*e*) keepbuilddir=true; break ;;
esac
done
# Use PKGBUILD directory if these don't exist
[[ -d $PKGDEST ]] || PKGDEST=$PWD
[[ -d $SRCDEST ]] || SRCDEST=$PWD
[[ -d $SRCPKGDEST ]] || SRCPKGDEST=$PWD
[[ -d $LOGDEST ]] || LOGDEST=$PWD
if [[ -n $SUDO_USER ]]; then
eval "USER_HOME=~$SUDO_USER"
else
USER_HOME=$HOME
fi
# Lock the chroot we want to use. We'll keep this lock until we exit.
lock 9 "$copydir.lock" "Locking chroot copy [%s]" "$copy"
umask 0022
if [[ ! -d $copydir ]] || (( clean_first )); then
sync_chroot "$chrootdir" "$copydir" "$copy"
fi
load_vars "${XDG_CONFIG_HOME:-$USER_HOME/.config}/pacman/makepkg.conf" || load_vars "$USER_HOME/.makepkg.conf"
load_vars /etc/makepkg.conf
# Use PKGBUILD directory if these don't exist
[[ -d $PKGDEST ]] || PKGDEST=$PWD
[[ -d $SRCDEST ]] || SRCDEST=$PWD
[[ -d $SRCPKGDEST ]] || SRCPKGDEST=$PWD
[[ -d $LOGDEST ]] || LOGDEST=$PWD
# Lock the chroot we want to use. We'll keep this lock until we exit.
lock 9 "$copydir.lock" "Locking chroot copy [%s]" "$copy"
if [[ ! -d $copydir ]] || $clean_first; then
sync_chroot "$chrootdir/root" "$copydir" "$copy"
fi
$update_first && arch-nspawn "$copydir" \
"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
pacman -Syu --noconfirm
if [[ -n ${install_pkgs[*]:-} ]]; then
install_packages "$copydir" "${install_pkgs[@]}"
ret=$?
# If there is no PKGBUILD we have done
[[ -f PKGBUILD ]] || return $ret
fi
if [[ "$(id -u "$makepkg_user")" == 0 ]]; then
error "Running makepkg as root is not allowed."
exit 1
fi
download_sources "$copydir" "$makepkg_user"
prepare_chroot "$copydir" "$USER_HOME" "$keepbuilddir"
if arch-nspawn "$copydir" \
--bind="$PWD:/startdir" \
--bind="$SRCDEST:/srcdest" \
(( update_first )) && arch-nspawn ${nosetarch_opt} "$copydir" \
"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
/chrootbuild "${makepkg_args[@]}"
then
move_products "$copydir" "$src_owner"
pacman -Syuu --noconfirm
if [[ -n ${install_pkgs[*]:-} ]]; then
install_packages
ret=$?
# If there is no PKGBUILD we are done
[[ -f PKGBUILD ]] || exit $ret
fi
if [[ "$(id -u "$makepkg_user")" == 0 ]]; then
error "Running makepkg as root is not allowed."
exit 1
fi
download_sources
prepare_chroot
if arch-nspawn ${nosetarch_opt} "$copydir" \
--bind="${PWD//:/\\:}:/startdir" \
--bind="${SRCDEST//:/\\:}:/srcdest" \
"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
/chrootbuild "${makepkg_args[@]}"
then
mapfile -t pkgnames < <(sudo -u "$makepkg_user" bash -c 'source PKGBUILD; printf "%s\n" "${pkgname[@]}"')
move_products
else
(( ret += 1 ))
fi
(( temp_chroot )) && delete_chroot "$copydir" "$copy"
if (( ret != 0 )); then
if (( temp_chroot )); then
die "Build failed"
else
(( ret += 1 ))
die "Build failed, check %s/build" "$copydir"
fi
else
if (( run_checkpkg )); then
msg "Running checkpkg"
$temp_chroot && delete_chroot "$copydir" "$copy"
mapfile -t remotepkgs < <(pacman --config "$copydir"/etc/pacman.conf \
--dbpath "$copydir"/var/lib/pacman \
-Sddp "${pkgnames[@]}")
if (( ret != 0 )); then
if $temp_chroot; then
die "Build failed"
else
die "Build failed, check %s/build" "$copydir"
if ! wait $!; then
warning "Skipped checkpkg due to missing repo packages"
exit 0
fi
else
true
fi
}
main "$@"
# download package files if any non-local location exists
for remotepkg in "${remotepkgs[@]}"; do
if [[ $remotepkg != file://* ]]; then
msg2 "Downloading current versions"
arch-nspawn ${nosetarch_opt} "$copydir" pacman --noconfirm -Swdd "${pkgnames[@]}"
mapfile -t remotepkgs < <(pacman --config "$copydir"/etc/pacman.conf \
--dbpath "$copydir"/var/lib/pacman \
-Sddp "${pkgnames[@]}")
break
fi
done
msg2 "Checking packages"
sudo -u "$makepkg_user" checkpkg --rmdir --warn "${remotepkgs[@]/#file:\/\//}"
fi
true
fi

View File

@@ -11,9 +11,10 @@
#
#-- The download utilities that makepkg should use to acquire sources
# Format: 'protocol::agent'
DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
DLAGENTS=('file::/usr/bin/curl -gqC - -o %o %u'
'ftp::/usr/bin/curl -gqfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
'http::/usr/bin/curl -gqb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
'https::/usr/bin/curl -gqb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
'rsync::/usr/bin/rsync --no-motd -z %u %o'
'scp::/usr/bin/scp -C %u %o')
@@ -37,11 +38,9 @@ CARCH="x86_64"
CHOST="x86_64-pc-linux-gnu"
#-- Compiler and Linker Flags
# -march (or -mcpu) builds exclusively for an architecture
# -mtune optimizes for an architecture, but builds for whole processor family
CPPFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt"
CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt"
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt"
CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
#-- Make Flags: change this for DistCC/SMP systems
#MAKEFLAGS="-j2"
@@ -53,7 +52,7 @@ DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
# BUILD ENVIRONMENT
#########################################################################
#
# Defaults: BUILDENV=(!distcc color !ccache check !sign)
# Defaults: BUILDENV=(!distcc !color !ccache check !sign)
# A negated environment option will do the opposite of the comments below.
#
#-- distcc: Use the Distributed C/C++/ObjC compiler
@@ -76,7 +75,7 @@ BUILDENV=(!distcc color !ccache check !sign)
# These are default values for the options=() settings
#########################################################################
#
# Default: OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !optipng !upx !debug)
# Default: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug)
# A negated option will do the opposite of the comments below.
#
#-- strip: Strip symbols from binaries/libraries
@@ -86,11 +85,9 @@ BUILDENV=(!distcc color !ccache check !sign)
#-- emptydirs: Leave empty directories in packages
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
#-- purge: Remove files specified by PURGE_TARGETS
#-- upx: Compress binary executable files using UPX
#-- optipng: Optimize PNG images with optipng
#-- debug: Add debugging flags as specified in DEBUG_* variables
#
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !optipng !upx !debug)
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug)
#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
INTEGRITY_CHECK=(md5)
@@ -106,6 +103,8 @@ MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
#-- Files to be removed from all packages (if purge is specified)
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
#-- Directory to store source code in for debug packages
DBGSRCDIR="/usr/src/debug"
#########################################################################
# PACKAGE OUTPUT
@@ -133,18 +132,18 @@ PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
COMPRESSGZ=(gzip -c -f -n)
COMPRESSBZ2=(bzip2 -c -f)
COMPRESSXZ=(xz -c -z -)
COMPRESSZST=(zstd -c -T0 --ultra -20 -)
COMPRESSLRZ=(lrzip -q)
COMPRESSLZO=(lzop -q)
COMPRESSZ=(compress -c -f)
COMPRESSLZ4=(lz4 -q)
COMPRESSLZ=(lzip -c -f)
#########################################################################
# EXTENSION DEFAULTS
#########################################################################
#
# WARNING: Do NOT modify these variables unless you know what you are
# doing.
#
PKGEXT='.pkg.tar.xz'
PKGEXT='.pkg.tar.zst'
SRCEXT='.src.tar.gz'
# vim: set ft=sh ts=2 sw=2 et:

204
makerepropkg.in Executable file
View File

@@ -0,0 +1,204 @@
#!/bin/bash
# makerepropkg - rebuild a package to see if it is reproducible
#
# Copyright (c) 2019 by Eli Schwartz <eschwartz@archlinux.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
m4_include(lib/common.sh)
m4_include(lib/archroot.sh)
source /usr/share/makepkg/util/config.sh
source /usr/share/makepkg/util/message.sh
declare -A buildinfo
declare -a buildenv buildopts installed installpkgs
archiveurl='https://archive.archlinux.org/packages'
buildroot=/var/lib/archbuild/reproducible
chroot=testenv
diffoscope=0
parse_buildinfo() {
local line var val
while read -r line; do
var="${line%% = *}"
val="${line#* = }"
case ${var} in
buildenv)
buildenv+=("${val}")
;;
options)
buildopts+=("${val}")
;;
installed)
installed+=("${val}")
;;
*)
buildinfo["${var}"]="${val}"
;;
esac
done
}
get_pkgfile() {
local cdir=${cache_dirs[0]}
local pkgfilebase=${1}
local pkgname=${pkgfilebase%-*-*-*}
local pkgfile ext
for ext in .zst .xz ''; do
pkgfile=${pkgfilebase}.pkg.tar${ext}
for c in "${cache_dirs[@]}"; do
if [[ -f ${c}/${pkgfile} ]]; then
cdir=${c}
break
fi
done
for f in "${pkgfile}" "${pkgfile}.sig"; do
if [[ ! -f "${cdir}/${f}" ]]; then
msg2 "retrieving '%s'..." "${f}" >&2
curl -Llf -# -o "${cdir}/${f}" "${archiveurl}/${pkgname:0:1}/${pkgname}/${f}" || continue 2
fi
done
printf '%s\n' "file://${cdir}/${pkgfile}"
return 0
done
return 1
}
usage() {
cat << __EOF__
usage: ${BASH_SOURCE[0]##*/} [options] <package_file>
Run this script in a PKGBUILD dir to build a package inside a
clean chroot while attempting to reproduce it. The package file
will be used to derive metadata needed for reproducing the
package, including the .PKGINFO as well as the buildinfo.
For more details see https://reproducible-builds.org/
OPTIONS
-d Run diffoscope if the package is unreproducible
-c <dir> Set pacman cache
-M <file> Location of a makepkg config file
-h Show this usage message
__EOF__
}
while getopts 'dM:c:h' arg; do
case "$arg" in
d) diffoscope=1 ;;
M) archroot_args+=(-M "$OPTARG") ;;
c) cache_dirs+=("$OPTARG") ;;
h) usage; exit 0 ;;
*|?) usage; exit 1 ;;
esac
done
shift $((OPTIND - 1))
check_root
if [[ -n $1 ]]; then
pkgfile="$1"
splitpkgs=("$@")
for f in "${splitpkgs[@]}"; do
if ! bsdtar -tqf "${f}" .BUILDINFO >/dev/null 2>&1; then
error "file is not a valid pacman package: '%s'" "${f}"
exit 1
fi
done
else
error "no package file specified. Try '${BASH_SOURCE[0]##*/} -h' for more information. "
exit 1
fi
if (( ${#cache_dirs[@]} == 0 )); then
mapfile -t cache_dirs < <(pacman-conf CacheDir)
fi
ORIG_HOME=${HOME}
IFS=: read -r _ _ _ _ _ HOME _ < <(getent passwd "${SUDO_USER:-$USER}")
load_makepkg_config
HOME=${ORIG_HOME}
[[ -d ${SRCDEST} ]] || SRCDEST=${PWD}
parse_buildinfo < <(bsdtar -xOqf "${pkgfile}" .BUILDINFO)
export SOURCE_DATE_EPOCH="${buildinfo[builddate]}"
PACKAGER="${buildinfo[packager]}"
BUILDDIR="${buildinfo[builddir]}"
PKGEXT=${pkgfile#${pkgfile%.pkg.tar*}}
# nuke and restore reproducible testenv
for copy in "${buildroot}"/*/; do
[[ -d ${copy} ]] || continue
subvolume_delete_recursive "${copy}"
done
rm -rf --one-file-system "${buildroot}"
(umask 0022; mkdir -p "${buildroot}")
for fname in "${installed[@]}"; do
if ! allpkgfiles+=("$(get_pkgfile "${fname}")"); then
error "failed to retrieve ${fname}"
exit 1
fi
done
printf '%s\n' "${allpkgfiles[@]}" | mkarchroot -M @pkgdatadir@/makepkg-x86_64.conf -U "${archroot_args[@]}" "${buildroot}"/root - || exit 1
# use makechrootpkg to prep the build directory
makechrootpkg -r "${buildroot}" -l "${chroot}" -- --packagelist || exit 1
# set detected makepkg.conf options
{
for var in PACKAGER BUILDDIR PKGEXT; do
printf '%s=%s\n' "${var}" "${!var@Q}"
done
printf 'OPTIONS=(%s)\n' "${buildopts[*]@Q}"
printf 'BUILDENV=(%s)\n' "${buildenv[*]@Q}"
} >> "${buildroot}/${chroot}"/etc/makepkg.conf >> "${buildroot}/${chroot}"/etc/makepkg.conf
install -d -o "${SUDO_UID:-$UID}" -g "$(id -g "${SUDO_UID:-$UID}")" "${buildroot}/${chroot}/${BUILDDIR}"
# kick off the build
arch-nspawn "${buildroot}/${chroot}" \
--bind="${PWD}:/startdir" \
--bind="${SRCDEST}:/srcdest" \
/chrootbuild -C --noconfirm --log --holdver --skipinteg
ret=$?
if (( ${ret} == 0 )); then
msg2 "built succeeded! built packages can be found in ${buildroot}/${chroot}/pkgdest"
msg "comparing artifacts..."
for pkgfile in "${splitpkgs[@]}"; do
comparefiles=("${pkgfile}" "${buildroot}/${chroot}/pkgdest/${pkgfile##*/}")
if cmp -s "${comparefiles[@]}"; then
msg2 "Package '%s' successfully reproduced!" "${pkgfile}"
else
ret=1
warning "Package '%s' is not reproducible. :(" "${pkgfile}"
sha256sum "${comparefiles[@]}"
if (( diffoscope )); then
diffoscope "${comparefiles[@]}"
fi
fi
done
fi
# return failure from chrootbuild, or the reproducibility status
exit ${ret}

View File

@@ -13,13 +13,20 @@
m4_include(lib/common.sh)
m4_include(lib/archroot.sh)
# umask might have been changed in /etc/profile
# ensure that sane default is set again
umask 0022
working_dir=''
umode=''
files=()
nspawn_args=()
usage() {
echo "Usage: ${0##*/} [options] working-dir package-list..."
echo ' options:'
echo ' -U Use pacman -U to install packages'
echo ' -C <file> Location of a pacman config file'
echo ' -M <file> Location of a makepkg config file'
echo ' -c <dir> Set pacman cache'
@@ -29,16 +36,21 @@ usage() {
exit 1
}
while getopts 'hC:M:c:f:s' arg; do
while getopts 'hUC:M:c:f:s' arg; do
case "$arg" in
U) umode=U ;;
C) pac_conf="$OPTARG" ;;
M) makepkg_conf="$OPTARG" ;;
c) cache_dir="$OPTARG" ;;
c) cache_dirs+=("$OPTARG") ;;
f) files+=("$OPTARG") ;;
s) nosetarch=1 ;;
h|?) usage ;;
*) error "invalid argument '%s'" "$arg"; usage ;;
esac
if [[ $arg != U ]]; then
nspawn_args+=("-$arg")
[[ -v OPTARG ]] && nspawn_args+=("$OPTARG")
fi
done
shift $((OPTIND - 1))
@@ -51,10 +63,10 @@ shift 1
[[ -z $working_dir ]] && die 'Please specify a working directory.'
if [[ -z $cache_dir ]]; then
cache_dirs=($(pacman -v "$cache_conf" 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g'))
else
cache_dirs=(${cache_dir})
pacconf_cmd=$(command -v pacman-conf || command -v pacconf)
if (( ${#cache_dirs[@]} == 0 )); then
mapfile -t cache_dirs < <($pacconf_cmd CacheDir)
fi
umask 0022
@@ -78,13 +90,8 @@ for file in "${files[@]}"; do
cp "$file" "$working_dir$file"
done
_env=()
while read -r varname; do
_env+=("$varname=${!varname}")
done < <(declare -x | sed -r 's/^declare -x ([^=]*)=.*/\1/' | grep -i '_proxy$')
env -i "${_env[@]}" \
pacstrap -GMcd ${pac_conf:+-C "$pac_conf"} "$working_dir" \
"${cache_dirs[@]/#/--cachedir=}" "$@" || die 'Failed to install all packages'
pacstrap -${umode}Mcd ${pac_conf:+-C "$pac_conf"} "$working_dir" \
"${cache_dirs[@]/#/--cachedir=}" "$@" || die 'Failed to install all packages'
printf '%s.UTF-8 UTF-8\n' en_US de_DE > "$working_dir/etc/locale.gen"
echo 'LANG=en_US.UTF-8' > "$working_dir/etc/locale.conf"
@@ -93,8 +100,5 @@ echo "$CHROOT_VERSION" > "$working_dir/.arch-chroot"
systemd-machine-id-setup --root="$working_dir"
exec arch-nspawn \
${nosetarch:+-s} \
${pac_conf:+-C "$pac_conf"} \
${makepkg_conf:+-M "$makepkg_conf"} \
${cache_dir:+-c "$cache_dir"} \
"${nspawn_args[@]}" \
"$working_dir" locale-gen

131
offload-build.in Executable file
View File

@@ -0,0 +1,131 @@
#!/bin/bash
#
# offload-build - build a PKGBUILD on a remote server using makechrootpkg.
#
# Copyright (c) 2019 by Eli Schwartz <eschwartz@archlinux.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
source /usr/share/makepkg/util/config.sh
# global defaults suitable for use by Arch staff
repo=extra
arch=x86_64
server=dragon.archlinux.org
die() { printf "error: $1\n" "${@:2}"; exit 1; }
usage() {
cat <<- _EOF_
Usage: ${BASH_SOURCE[0]##*/} [--repo REPO] [--arch ARCHITECTURE] [--server SERVER] -- [ARCHBUILD_ARGS]
Build a PKGBUILD on a remote server using makechrootpkg. Requires a remote user
that can run archbuild without password auth. Options passed after a -- are
passed on to archbuild, and eventually to makechrootpkg.
OPTIONS
-r, --repo Build against a specific repository (current: $repo)
-a, --arch Build against a specific architecture (current: $arch)
-s, --server Offload to a specific build server (current: $server)
-h, --help Show this help text
_EOF_
}
# option checking
while (( $# )); do
case $1 in
-h|--help)
usage
exit 0
;;
-r|--repo)
repo=$2
shift 2
;;
-a|--arch)
arch=$2
shift 2
;;
-s|--server)
server=$2
shift 2
;;
--)
shift
break
;;
*)
die "invalid argument: %s" "$1"
;;
esac
done
# multilib must be handled specially
archbuild_arch="${arch}"
if [[ $repo = multilib* ]]; then
archbuild_arch=
fi
archbuild_cmd=("${repo}${archbuild_arch:+-$archbuild_arch}-build" "$@")
trap 'rm -rf $TEMPDIR' EXIT INT TERM QUIT
# Use a source-only tarball as an intermediate to transfer files. This
# guarantees the checksums are okay, and guarantees that all needed files are
# transferred, including local sources, install scripts, and changelogs.
export TEMPDIR=$(mktemp -d --tmpdir offload-build.XXXXXXXXXX)
export SRCPKGDEST=${TEMPDIR}
makepkg --source || die "unable to make source package"
# Temporary cosmetic workaround makepkg if SRCDEST is set somewhere else
# but an empty src dir is created in PWD. Remove once fixed in makepkg.
rmdir --ignore-fail-on-non-empty src 2>/dev/null || true
mapfile -t files < <(
# This is sort of bash golfing but it allows running a mildly complex
# command over ssh with a single connection.
# shellcheck disable=SC2145
cat "$SRCPKGDEST"/*.src.tar.gz |
ssh $server '
temp="${XDG_CACHE_HOME:-$HOME/.cache}/offload-build" &&
mkdir -p "$temp" &&
temp=$(mktemp -d -p "$temp") &&
cd "$temp" &&
{
bsdtar --strip-components 1 -xvf - &&
script -qefc "'"${archbuild_cmd[@]@Q}"'" /dev/null &&
printf "%s\n" "" "-> build complete" &&
printf "\t%s\n" "$temp"/*
} >&2 &&
makepkg_user_config="${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf" &&
makepkg_config="/usr/share/devtools/makepkg-'"${arch}"'.conf" &&
if [[ -f /usr/share/devtools/makepkg-'"${repo}"'-'"${arch}"'.conf ]]; then
makepkg_config="/usr/share/devtools/makepkg-'"${repo}"'-'"${arch}"'.conf"
fi &&
makepkg --config <(cat "${makepkg_user_config}" "${makepkg_config}" 2>/dev/null) --packagelist &&
printf "%s\n" "${temp}/PKGBUILD"
')
if (( ${#files[@]} )); then
printf '%s\n' '' '-> copying files...'
load_makepkg_config
scp "${files[@]/#/$server:}" "${TEMPDIR}/"
mv "${TEMPDIR}"/*.pkg.tar* "${PKGDEST:-${PWD}}/"
mv "${TEMPDIR}/PKGBUILD" "${PWD}/"
else
exit 1
fi

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -90,4 +89,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -99,4 +98,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -93,4 +92,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -107,4 +106,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -98,4 +97,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -99,4 +98,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -96,4 +95,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -90,4 +89,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -14,8 +14,8 @@
m4_include(lib/common.sh)
if (( $# < 1 )); then
printf 'Usage: %s <chrootdir> <packages to rebuild>\n' "$(basename "$0")"
printf ' example: %s ~/chroot readline bash foo bar baz\n' "$(basename "$0")"
printf 'Usage: %s <chrootdir> <packages to rebuild>\n' "$(basename "${BASH_SOURCE[0]}")"
printf ' example: %s ~/chroot readline bash foo bar baz\n' "$(basename "${BASH_SOURCE[0]}")"
exit 1
fi

147
sogrep.in Executable file
View File

@@ -0,0 +1,147 @@
#!/bin/bash
#
# sogrep - find shared library links in an Arch Linux repository.
#
# Copyright (c) 2019 by Eli Schwartz <eschwartz@archlinux.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# globals
: ${SOLINKS_MIRROR:="https://mirror.pkgbuild.com"}
: ${SOCACHE_DIR:="${XDG_CACHE_HOME:-${HOME}/.cache}/sogrep"}
m4_include(lib/valid-repos.sh)
arches=('x86_64')
# options
REFRESH=0
VERBOSE=0
source /usr/share/makepkg/util/parseopts.sh
source /usr/share/makepkg/util/util.sh
recache() {
local repo arch verbosity=-s
(( VERBOSE )) && verbosity=--progress-bar
for repo in "${_repos[@]}"; do
for arch in "${arches[@]}"; do
rm -rf "${SOCACHE_DIR}/${arch}/${repo}"
mkdir -p "${SOCACHE_DIR}/${arch}/${repo}"
curl -L "$verbosity" "${SOLINKS_MIRROR}/${repo}/os/${arch}/${repo}.links.tar.gz" | bsdtar -xf - -C "${SOCACHE_DIR}/${arch}/${repo}"
done
done
}
search() {
local repo=$1 arch lib=$2 srepos=("${_repos[@]}")
if [[ $repo != all ]]; then
if ! in_array "${repo}" "${_repos[@]}"; then
echo "${BASH_SOURCE[0]##*/}: unrecognized repo '$repo'"
echo "Try '${BASH_SOURCE[0]##*/} --help' for more information."
exit 1
fi
srepos=("${repo}")
fi
for arch in "${arches[@]}"; do
for repo in "${srepos[@]}"; do
local prefix=
(( VERBOSE && ${#srepos[@]} > 1 )) && prefix=${repo}/
db=${SOCACHE_DIR}/${arch}/${repo}/
if [[ -d ${db} ]]; then
while read -rd '' pkg; do
read -r match
pkg=${pkg#${db}}
pkg="${prefix}${pkg%-*-*/links}"
if (( VERBOSE )); then
printf '%-35s %s\n' "${pkg}" "${match}"
else
printf '%s\n' "${pkg}"
fi
done < <(grep -rZ "${lib}" "${db}") | sort -u
fi
done
done | resort
}
usage() {
cat <<- _EOF_
Usage: ${BASH_SOURCE[0]##*/} [OPTIONS] REPO LIBNAME
Check the soname links database for Arch Linux repositories containing
packages linked to a given shared library. If the repository specified
is "all", then all repositories will be searched, otherwise only the
named repository will be searched.
If the links database does not exist, it will be downloaded first.
OPTIONS
-v, --verbose Show matched links in addition to pkgname
-r, --refresh Refresh the links databases
-h, --help Show this help text
_EOF_
}
# utility function to resort with multiple repos + no-verbose
resort() { sort -u; }
if (( $# == 0 )); then
echo "error: No arguments passed."
echo "Try '${BASH_SOURCE[0]##*/} --help' for more information."
exit 1
fi
OPT_SHORT='vrh'
OPT_LONG=('verbose' 'refresh' 'help')
if ! parseopts "$OPT_SHORT" "${OPT_LONG[@]}" -- "$@"; then
exit 1
fi
set -- "${OPTRET[@]}"
while :; do
case $1 in
-v|--verbose)
resort() { cat; }
VERBOSE=1
;;
-r|--refresh)
REFRESH=1
;;
-h|--help)
usage
exit 0
;;
--)
shift; break
;;
esac
shift
done
if ! (( ( REFRESH && $# == 0 ) || $# == 2 )); then
echo "error: Incorrect number of arguments passed."
echo "Try '${BASH_SOURCE[0]##*/} --help' for more information."
exit 1
fi
if (( REFRESH )) || [[ ! -d ${SOCACHE_DIR} ]]; then
recache
(( $# == 2 )) || exit 0
fi
search "$@"

View File

@@ -1,11 +1,15 @@
#compdef archbuild archco arch-nspawn archrelease archrm commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-x86_64-build=archbuild testing-x86_64-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco
#compdef archbuild archco arch-nspawn archrelease commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-x86_64-build=archbuild testing-x86_64-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco checkpkg sogrep offload-build makerepropkg
# License: Unspecified
m4_include(lib/valid-tags.sh)
m4_include(lib/valid-repos.sh)
_binary_arch=${_arch[*]:0:-1}
_archbuild_args=(
'-c[Recreate the chroot before building]'
'-r[Create chroots in this directory]:base_dir:_files -/'
'-h[Display usage]'
)
_archco_args=(
@@ -13,23 +17,25 @@ _archco_args=(
)
_arch_nspawn_args=(
'-C[Location of a pacman config file]:pacman_config:_files'
'-M[Location of a makepkg config file]:makepkg_config:_files'
'-C[Location of a pacman config file]:pacman_config:_files -g "*.conf(.)"'
'-M[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
'-c[Set pacman cache]:pacman_cache:_files -/'
'-f[Copy file from the host to the chroot]:copy_file:_files'
'-s[Do not run setarch]'
'-h[Display usage]'
'1:chroot_dir:_files -/'
)
_archrelease_args=(
'-f[Force release without checks]'
"*:arch:($_tags[*])"
)
_archrm_args=(
'1:path:_files -/'
)
_commitpkg_args=(
"-a[Release to a specific architecture only]:arch:($_arch[*])"
'-f[Force release without checks]'
'-s[Target repo server]'
'-l[Set bandwidth limit]:limit'
"-a[Release to a specific architecture only]:arch:($_arch[*])"
'1:commit_msg'
)
@@ -38,19 +44,27 @@ _finddeps_args=(
)
_makechrootpkg_args=(
'-I[Install a package into the working copy]:target:_files -g "*.pkg.tar.*(.)"'
'-c[Clean the chroot before building]'
'-h[Display usage]'
'-l[The directory to use as the working copy]:copy_dir:_files -/'
'-r[The chroot dir to use]:chroot_dir:_files -/'
'-c[Clean the chroot before building]'
'-d[Bind directory into build chroot as read-write]:bind_dir_rw:_files -/'
'-D[Bind directory into build chroot as read-only]:bind_dir_ro:_files -/'
'-u[Update the working copy of the chroot before building]'
'-r[The chroot dir to use]:chroot_dir:_files -/'
'-I[Install a package into the working copy]:target:_files -g "*.pkg.tar.*(.)"'
'-l[The directory to use as the working copy]:copy_dir:_files -/'
'-n[Run namcap on the package]'
'-T[Build in a temporary directory]'
'-U[Run makepkg as a specified user]:makepkg_user'
)
_mkarchroot_args=(
'-C[Location of a pacman config file]:pacman_config:_files'
'-M[Location of a makepkg config file]:makepkg_config:_files'
'-U[Install a package into the working copy]:target:_files -g "*.pkg.tar.*(.)"'
'-C[Location of a pacman config file]:pacman_config:_files -g "*.conf(.)"'
'-M[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
'-c[Set pacman cache]:pacman_cache:_files -/'
'-h[Display usage]'
'1:working_dir:_files -/'
'*:packages:_devtools_completions_all_packages'
)
_rebuildpkgs_args=(
@@ -58,6 +72,35 @@ _rebuildpkgs_args=(
'*:packages:_devtools_completions_all_packages'
)
_checkpkg_args=(
'(-r --rmdir)'{-r,--rmdir}'[Remove the temporary directory]'
'(-w --warn)'{-w,--warn}'[Print a warning in case of differences]'
'(-h --help)'{-h,--help}'[Display usage]'
)
_sogrep_args=(
'(-v --verbose)'{-v,--verbose}'[Show matched links in addition to pkgname]'
'(-r --refresh)'{-r,--refresh}'[Refresh the links databases]'
'(-h --help)'{-h,--help}'[Display usage]'
'1:repo:(all $_repos[*])'
'2:libname'
)
_offload_build_args=(
'(-r --repo)'{-r,--repo}'[Build against a specific repository]:repo:($_build_repos[*])'
'(-a --arch)'{-a,--arch}'[Build against a specific architecture]:arch:(${_binary_arch[*]})'
'(-s --server)'{-s,--server}'[Offload to a specific Build server]:server:'
'(-h --help)'{-h,--help}'[Display usage]'
)
_makerepropkg_args=(
'-d[Run diffoscope if the package is unreproducible]'
'-c[Set pacman cache]:pacman_cache:_files -/'
'-M[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
'-h[Display usage]'
'*:working_dir:_files -g "*.pkg.tar.*(.)"'
)
_devtools_completions_all_packages() {
typeset -U packages
packages=($(_call_program packages pacman -Sql))