Version 20190912

This reverts commit be44b9cde1.

This was a nice idea in theory, because it means that we can catch
conflicting files before releasing them into the repos. In practice,
there were unanticipated side effects: single-package installs which
conflict against their own makedepends cannot be installed either.
Examples include:
- kernel modules which makedepend on their dkms equivalent
- jack2, which makedepends/optdepends on portaudio, which requires
  jack... but jack2 is a drop-in provides/conflicts jack.

We cannot reliably detect when makepkg --install will error out because
of dependency conflicts vs. packages which are simply broken. So, back
out this change for now.

Revisit this once pacutils has a new release, because it will add the
option --resolve-conflicts=all, allowing for much better scripted
responses to "foo conflicts with bar, remove bar? [y/N]" than simply
"--noconfirm and fail".

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>

Makefile

@@ -1,4 +1,4 @@
-V=20190329
+V=20190912
 
 PREFIX = /usr/local
 MANDIR = $(PREFIX)/share/man
@@ -20,6 +20,7 @@ IN_PROGS = \
 
 BINPROGS = \
 	$(IN_PROGS) \
+	offload-build \
 	sogrep
 
 CONFIGFILES = \
@@ -68,6 +69,7 @@ BASHCOMPLETION_LINKS = \
 MANS = \
 	doc/lddd.1 \
 	doc/checkpkg.1 \
+	doc/offload-build.1 \
 	doc/sogrep.1 \
 	doc/mkarchroot.1 \
 	doc/find-libdeps.1 \
@@ -77,7 +79,7 @@ MANS = \
 all: $(BINPROGS) bash_completion zsh_completion man
 man: $(MANS)
 
-edit = sed -e "s|@pkgdatadir[@]|$(DESTDIR)$(PREFIX)/share/devtools|g"
+edit = sed -e "s|@pkgdatadir[@]|$(PREFIX)/share/devtools|g"
 
 %: %.in Makefile lib/common.sh
 	@echo "GEN $@"

arch-nspawn.in

@@ -13,6 +13,10 @@
 m4_include(lib/common.sh)
 m4_include(lib/archroot.sh)
 
+# umask might have been changed in /etc/profile
+# ensure that sane default is set again
+umask 0022
+
 working_dir=''
 
 files=()
@@ -35,7 +39,7 @@ while getopts 'hC:M:c:f:s' arg; do
 	case "$arg" in
 		C) pac_conf="$OPTARG" ;;
 		M) makepkg_conf="$OPTARG" ;;
-		c) cache_dir="$OPTARG" ;;
+		c) cache_dirs+=("$OPTARG") ;;
 		f) files+=("$OPTARG") ;;
 		s) nosetarch=1 ;;
 		h|?) usage ;;
@@ -52,16 +56,27 @@ shift 1
 
 [[ -z $working_dir ]] && die 'Please specify a working directory.'
 
-if [[ -z $cache_dir ]]; then
-	cache_dirs=($(pacman -v 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g'))
-else
-	cache_dirs=("$cache_dir")
+pacconf_cmd=$(command -v pacman-conf || command -v pacconf)
+
+if (( ${#cache_dirs[@]} == 0 )); then
+	mapfile -t cache_dirs < <($pacconf_cmd --config "${pac_conf:-$working_dir/etc/pacman.conf}" CacheDir)
 fi
 
-pacconf_cmd=$(command -v pacman-conf || command -v pacconf)
 # shellcheck disable=2016
 host_mirrors=($($pacconf_cmd --repo extra Server 2> /dev/null | sed -r 's#(.*/)extra/os/.*#\1$repo/os/$arch#'))
-# shellcheck disable=2016
+
+while read -r line; do
+	mapfile -t lines < <($pacconf_cmd --config "${pac_conf:-$working_dir/etc/pacman.conf}" \
+		--repo $line Server | sed -r 's#(.*/)[^/]+/os/.+#\1$repo/os/$arch#')
+	if [[ ${lines[0]} != ${host_mirrors[0]} ]]; then
+		for line in "${lines[@]}"; do
+			if [[ $line = file://* ]]; then
+				line=${line#file://}
+				in_array "$line" "${cache_dirs[@]}" || cache_dirs+=("$line")
+			fi
+		done
+	fi
+done < <($pacconf_cmd --config "${pac_conf:-$working_dir/etc/pacman.conf}" --repo-list)
 
 # {{{ functions
 build_mount_args() {
@@ -70,19 +85,20 @@ build_mount_args() {
 	for host_mirror in "${host_mirrors[@]}"; do
 		if [[ $host_mirror == *file://* ]]; then
 			host_mirror_path=$(echo "$host_mirror" | sed -r 's#file://(/.*)/\$repo/os/\$arch#\1#g')
-			mount_args+=("--bind-ro=$host_mirror_path")
+			mount_args+=("--bind-ro=${host_mirror_path//:/\\:}")
 		fi
 	done
 
-	mount_args+=("--bind=${cache_dirs[0]}")
+	mount_args+=("--bind=${cache_dirs[0]//:/\\:}")
 
 	for cache_dir in "${cache_dirs[@]:1}"; do
-		mount_args+=("--bind-ro=$cache_dir")
+		mount_args+=("--bind-ro=${cache_dir//:/\\:}")
 	done
 }
 
 copy_hostconf () {
-	cp -a /etc/pacman.d/gnupg "$working_dir/etc/pacman.d"
+	unshare --fork --pid gpg --homedir "$working_dir"/etc/pacman.d/gnupg/ --no-permission-warning --quiet --batch --import --import-options import-local-sigs "$(pacman-conf GpgDir)"/pubring.gpg >/dev/null 2>&1
+	pacman-key --gpgdir "$working_dir"/etc/pacman.d/gnupg/ --import-trustdb "$(pacman-conf GpgDir)" >/dev/null 2>&1
 	printf 'Server = %s\n' "${host_mirrors[@]}" >"$working_dir/etc/pacman.d/mirrorlist"
 
 	[[ -n $pac_conf ]] && cp "$pac_conf" "$working_dir/etc/pacman.conf"

archbuild.in

@@ -20,6 +20,15 @@ fi
 chroots='/var/lib/archbuild'
 clean_first=false
 
+pacman_config="@pkgdatadir@/pacman-${repo}.conf"
+if [[ -f @pkgdatadir@/pacman-${repo}-${arch}.conf ]]; then
+    pacman_config="@pkgdatadir@/pacman-${repo}-${arch}.conf"
+fi
+makepkg_config="@pkgdatadir@/makepkg-${arch}.conf"
+if [[ -f @pkgdatadir@/makepkg-${repo}-${arch}.conf ]]; then
+    makepkg_config="@pkgdatadir@/makepkg-${repo}-${arch}.conf"
+fi
+
 usage() {
 	echo "Usage: $cmd [options] -- [makechrootpkg args]"
 	echo '    -h         This help'
@@ -59,19 +68,19 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
 	lock_close 9
 
 	rm -rf --one-file-system "${chroots}/${repo}-${arch}"
-	mkdir -p "${chroots}/${repo}-${arch}"
+	mkdir -m755 -p "${chroots}/${repo}-${arch}"
 	setarch "${arch}" mkarchroot \
-		-C "@pkgdatadir@/pacman-${repo}.conf" \
-		-M "@pkgdatadir@/makepkg-${arch}.conf" \
+		-C "${pacman_config}" \
+		-M "${makepkg_config}" \
 		"${chroots}/${repo}-${arch}/root" \
 		"${base_packages[@]}" || abort
 else
 	lock 9 "${chroots}/${repo}-${arch}/root.lock" "Locking clean chroot"
 	arch-nspawn \
-		-C "@pkgdatadir@/pacman-${repo}.conf" \
-		-M "@pkgdatadir@/makepkg-${arch}.conf" \
+		-C "${pacman_config}" \
+		-M "${makepkg_config}" \
 		"${chroots}/${repo}-${arch}/root" \
-                pacman -Syu --noconfirm || abort
+		pacman -Syuu --noconfirm || abort
 fi
 
 # Always build official packages reproducibly

archrelease.in

@@ -48,7 +48,8 @@ if [[ $(svn status -q) ]]; then
 fi
 
 pushd .. >/dev/null
-IFS=$'\n' read -r -d '' -a known_files < <(svn ls -r HEAD "$trunk")
+mapfile -t known_files < <(svn ls -r HEAD "$trunk")
+wait $! || die "failed to discover committed files"
 for file in "${known_files[@]}"; do
 	if [[ ${file:(-1)} = '/' ]]; then
 		die "archrelease: subdirectories are not supported in package directories!"
@@ -65,12 +66,12 @@ for tag in "$@"; do
 	stat_busy "Copying %s to %s" "${trunk}" "${tag}"
 
 	if [[ -d repos/$tag ]]; then
-		declare -a trash
-		trash=()
-		while read -r file; do
-			trash+=("repos/$tag/$file")
-		done < <(svn ls "repos/$tag")
-		[[ ${#trash[@]} == 0 ]] || svn rm -q "${trash[@]/%/@}"
+		mapfile -t trash < <(svn ls "repos/$tag")
+		wait $! || die "failed to discover existing files"
+		if (( ${#trash[@]} )); then
+			trash=("${trash[@]/#/repos/$tag/}")
+			svn rm -q "${trash[@]/%/@}"
+		fi
 	else
 		mkdir -p "repos/$tag"
 		svn add --parents -q "repos/$tag"

checkpkg.in

@@ -36,6 +36,8 @@ STARTDIR=$(pwd)
 TEMPDIR=$(mktemp -d --tmpdir checkpkg-script.XXXX)
 
 for _pkgname in "${pkgname[@]}"; do
+	comparepkg=$_pkgname
+	pkgurl=
 	target_pkgver=$(get_full_version "$_pkgname")
 	if ! pkgfile=$(find_cached_package "$_pkgname" "$target_pkgver" "$CARCH"); then
 		die 'tarball not found for package: %s' "${_pkgname}-$target_pkgver"
@@ -43,16 +45,29 @@ for _pkgname in "${pkgname[@]}"; do
 
 	ln -s "$pkgfile" "$TEMPDIR"
 
-	pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$_pkgname") ||
-		die "Couldn't download previous package for %s." "$_pkgname"
+	if (( $# )); then
+		case $1 in
+			/*|*/*)
+				pkgurl=file://$(readlink -m "$1") ;;
+			*.pkg.tar*)
+				pkgurl=$1 ;;
+			'')
+				;;
+			*)
+				comparepkg=$1 ;;
+		esac
+		shift
+	fi
+	[[ -n $pkgurl ]] || pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$comparepkg") ||
+		die "Couldn't download previous package for %s." "$comparepkg"
 
-	oldpkg=${pkgurl##*://*/}
+	oldpkg=${pkgurl##*/}
 
-	if [[ ${oldpkg##*/} = "${pkgfile##*/}" ]]; then
+	if [[ ${oldpkg} = "${pkgfile##*/}" ]]; then
 		die "The built package (%s) is the one in the repo right now!" "$_pkgname"
 	fi
 
-	if [[ $pkgurl = file://* ]]; then
+	if [[ $pkgurl = file://* || ( $pkgurl = /* && -f $pkgurl ) ]]; then
 		ln -s "${pkgurl#file://}" "$TEMPDIR/$oldpkg"
 	elif [[ -f "$PKGDEST/$oldpkg" ]]; then
 		ln -s "$PKGDEST/$oldpkg" "$TEMPDIR/$oldpkg"

doc/offload-build.1.asciidoc

@@ -0,0 +1,52 @@
+offload-build(1)
+================
+
+Name
+----
+offload-build - Build a PKGBUILD on a remote server using makechrootpkg
+
+Synopsis
+--------
+offload-build [OPTIONS] -- [ARCHBUILD_OPTIONS]
+
+Description
+-----------
+
+Build a PKGBUILD on a remote server using makechrootpkg. Requires a remote user
+that can run archbuild in a non-interactive manner, e.g. must be able to
+elevate permissions using passwordless sudo.
+
+Options
+-------
+
+*-r, --repo* <reponame>::
+	Build against a specific repository. The default is `extra`, to build packages using
+	the stable repositories via extra-x86_64-build.
+
+*-a, --arch* <architecture>::
+	Build against a specific architecture. The default is `x86_64`, the only
+	architecture officially supported by Arch Linux.
+
+*-s, --server* <hostname>::
+	Offload to a specific build server. The default is dragon.archlinux.org
+	which is used as part of the build toolchain for the official Arch Linux
+	repos.
+
+*-h, --help*::
+	Show a help text.
+
+Passing options to archbuild
+----------------------------
+
+Options after a delimiting -- are passed on to archbuild on the remote.
+archbuild in turn supports passing arguments on to makechrootpkg, which in turn
+supports passing options to makepkg. Since each uses -- to delimit options that
+are forwarded, make sure to escape them properly:
+
+	`offload-build offload-args -- archbuild-args -- makechrootpkg-args -- makepkg-args`
+
+Example: To use a second `testing-x86_64-build` instance with another copydir:
+
+	`offload-build -r testing -- -- -l <chroot_copy>`
+
+include::footer.asciidoc[]

find-libdeps.in

@@ -13,7 +13,7 @@ if [[ $1 = "--ignore-internal" ]]; then
 	shift
 fi
 
-script_mode=${0##*/find-lib}
+script_mode=${BASH_SOURCE[0]##*/find-lib}
 
 case $script_mode in
 	deps|provides) true;;
@@ -57,7 +57,7 @@ process_sofile() {
 
 case $script_mode in
 	deps) find_args=(-perm -u+x);;
-        provides) find_args=(-name '*.so*');;
+	provides) find_args=(-name '*.so*');;
 esac
 
 find . -type f "${find_args[@]}" | while read -r filename; do

finddeps.in

@@ -17,7 +17,7 @@ if [[ -z $match ]]; then
 	exit 1
 fi
 
-find . -type d | while read -r d; do
+find . -type d -print0 2>/dev/null| while read -r -d '' d; do
 	if [[ -f "$d/PKGBUILD" ]]; then
 		pkgname=() depends=() makedepends=() optdepends=()
 		# shellcheck source=PKGBUILD.proto

lib/archroot.sh

@@ -8,7 +8,7 @@ CHROOT_VERSION='v4'
 ##
 #  usage : check_root $keepenv
 ##
-orig_argv=("$0" "$@")
+orig_argv=("${BASH_SOURCE[0]}" "$@")
 check_root() {
 	local keepenv=$1
 
@@ -37,14 +37,6 @@ is_subvolume() {
 	[[ -e "$1" && "$(stat -f -c %T "$1")" == btrfs && "$(stat -c %i "$1")" == 256 ]]
 }
 
-##
-#  usage : is_same_fs( $path_a, $path_b )
-# return : whether $path_a and $path_b are on the same filesystem
-##
-is_same_fs() {
-	[[ "$(stat -c %d "$1")" == "$(stat -c %d "$1")" ]]
-}
-
 ##
 #  usage : subvolume_delete_recursive( $path )
 #

makechrootpkg.in

@@ -15,6 +15,29 @@ m4_include(lib/archroot.sh)
 
 shopt -s nullglob
 
+default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg)
+makepkg_args=("${default_makepkg_args[@]}")
+verifysource_args=()
+chrootdir=
+passeddir=
+makepkg_user=
+declare -a install_pkgs
+declare -i ret=0
+
+keepbuilddir=0
+update_first=0
+clean_first=0
+run_namcap=0
+temp_chroot=0
+
+bindmounts_ro=()
+bindmounts_rw=()
+
+copy=$USER
+[[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER
+[[ -z "$copy" || $copy = root ]] && copy=copy
+src_owner=${SUDO_USER:-$USER}
+
 usage() {
 	echo "Usage: ${0##*/} [options] -r <chrootdir> [--] [makepkg args]"
 	echo ' Run this script in a PKGBUILD dir to build a package inside a'
@@ -69,43 +92,37 @@ load_vars() {
 	[[ -f $makepkg_conf ]] || return 1
 
 	for var in {SRC,SRCPKG,PKG,LOG}DEST MAKEFLAGS PACKAGER; do
-		[[ -z ${!var:-} ]] && eval "$(grep -a "^${var}=" "$makepkg_conf")"
+		[[ -z ${!var:-} ]] && eval "$(source "$makepkg_conf"; printf "%s='%s'" "$var" "${!var}")"
 	done
 
 	return 0
 }
 
-# Usage: sync_chroot $rootdir $copydir [$copy]
+# Usage: sync_chroot $chrootdir $copydir [$copy]
 sync_chroot() {
-	local rootdir=$1
+	local chrootdir=$1
 	local copydir=$2
 	local copy=${3:-$2}
 
-	if [[ "$rootdir" -ef "$copydir" ]]; then
+	if [[ "$chrootdir/root" -ef "$copydir" ]]; then
 		error 'Cannot sync copy with itself: %s' "$copydir"
 		return 1
 	fi
 
 	# Get a read lock on the root chroot to make
 	# sure we don't clone a half-updated chroot
-	slock 8 "$rootdir.lock" \
-		"Locking clean chroot [%s]" "$rootdir"
+	slock 8 "$chrootdir/root.lock" \
+		"Locking clean chroot [%s]" "$chrootdir/root"
 
-	stat_busy "Synchronizing chroot copy [%s] -> [%s]" "$rootdir" "$copy"
-	if is_subvolume "$rootdir" && is_same_fs "$rootdir" "$(dirname -- "$copydir")" && ! mountpoint -q "$copydir"; then
-		if is_subvolume "$copydir"; then
-			subvolume_delete_recursive "$copydir" ||
-				die "Unable to delete subvolume %s" "$copydir"
-		else
-			# avoid change of filesystem in case of an umount failure
-			rm --recursive --force --one-file-system "$copydir" ||
-				die "Unable to delete %s" "$copydir"
-		fi
-		btrfs subvolume snapshot "$rootdir" "$copydir" >/dev/null ||
+	stat_busy "Synchronizing chroot copy [%s] -> [%s]" "$chrootdir/root" "$copy"
+	if is_btrfs "$chrootdir" && ! mountpoint -q "$copydir"; then
+		subvolume_delete_recursive "$copydir" ||
+			die "Unable to delete subvolume %s" "$copydir"
+		btrfs subvolume snapshot "$chrootdir/root" "$copydir" >/dev/null ||
 			die "Unable to create subvolume %s" "$copydir"
 	else
 		mkdir -p "$copydir"
-		rsync -a --delete -q -W -x "$rootdir/" "$copydir"
+		rsync -a --delete -q -W -x "$chrootdir/root/" "$copydir"
 	fi
 	stat_done
 
@@ -136,11 +153,7 @@ delete_chroot() {
 	stat_done
 }
 
-# Usage: install_packages $copydir $pkgs...
 install_packages() {
-	local copydir=$1
-	local install_pkgs=("${@:2}")
-
 	local -a pkgnames
 	local ret
 
@@ -148,28 +161,19 @@ install_packages() {
 
 	cp -- "${install_pkgs[@]}" "$copydir/root/"
 	arch-nspawn "$copydir" "${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
-		pacman -U --noconfirm -- "${pkgnames[@]/#//root/}"
+		bash -c 'yes y | pacman -U -- "$@"' -bash "${pkgnames[@]/#//root/}"
 	ret=$?
 	rm -- "${pkgnames[@]/#/$copydir/root/}"
 
 	return $ret
 }
 
-# Usage: prepare_chroot $copydir $HOME $keepbuilddir $run_namcap
-# Globals:
-#  - MAKEFLAGS
-#  - PACKAGER
 prepare_chroot() {
-	local copydir=$1
-	local USER_HOME=$2
-	local keepbuilddir=$3
-	local run_namcap=$4
-
-	[[ $keepbuilddir = true ]] || rm -rf "$copydir/build"
+	(( keepbuilddir )) || rm -rf "$copydir/build"
 
 	local builduser_uid builduser_gid
-	builduser_uid="${SUDO_UID:-$UID}"
-	builduser_gid="$(id -g "$builduser_uid")"
+	builduser_uid="$(id -u "$makepkg_user")"
+	builduser_gid="$(id -g "$makepkg_user")"
 	local install="install -o $builduser_uid -g $builduser_gid"
 	local x
 
@@ -204,7 +208,7 @@ EOF
 		declare -p SOURCE_DATE_EPOCH 2>/dev/null || true
 		printf '_chrootbuild "$@" || exit\n'
 
-		if [[ $run_namcap = true ]]; then
+		if (( run_namcap )); then
 			declare -f _chrootnamcap
 			printf '_chrootnamcap || exit\n'
 		fi
@@ -243,32 +247,18 @@ _chrootnamcap() {
 	done
 }
 
-# Usage: download_sources $copydir $makepkg_user
-# Globals:
-#  - SRCDEST
 download_sources() {
-	local copydir=$1
-	local makepkg_user=$2
-
 	setup_workdir
 	chown "$makepkg_user:" "$WORKDIR"
 
 	# Ensure sources are downloaded
 	sudo -u "$makepkg_user" --preserve-env=GNUPGHOME \
 		env SRCDEST="$SRCDEST" BUILDDIR="$WORKDIR" \
-		makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o ||
+		makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" ||
 		die "Could not download sources."
 }
 
-# Usage: move_products $copydir $owner
-# Globals:
-#  - PKGDEST
-#  - LOGDEST
-#  - SRCPKGDEST
 move_products() {
-	local copydir=$1
-	local src_owner=$2
-
 	local pkgfile
 	for pkgfile in "$copydir"/pkgdest/*; do
 		chown "$src_owner" "$pkgfile"
@@ -299,140 +289,115 @@ move_products() {
 }
 # }}}
 
-main() {
-	default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg)
-	makepkg_args=("${default_makepkg_args[@]}")
-	keepbuilddir=false
-	update_first=false
-	clean_first=false
-	run_namcap=false
-	temp_chroot=false
-	chrootdir=
-	passeddir=
-	makepkg_user=
-	declare -a install_pkgs
-	declare -i ret=0
+while getopts 'hcur:I:l:nTD:d:U:' arg; do
+	case "$arg" in
+		c) clean_first=1 ;;
+		D) bindmounts_ro+=("--bind-ro=$OPTARG") ;;
+		d) bindmounts_rw+=("--bind=$OPTARG") ;;
+		u) update_first=1 ;;
+		r) passeddir="$OPTARG" ;;
+		I) install_pkgs+=("$OPTARG") ;;
+		l) copy="$OPTARG" ;;
+		n) run_namcap=1; makepkg_args+=(--install) ;;
+		T) temp_chroot=1; copy+="-$$" ;;
+		U) makepkg_user="$OPTARG" ;;
+		h|*) usage ;;
+	esac
+done
 
-	bindmounts_ro=()
-	bindmounts_rw=()
+[[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.'
+[[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.'
+makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}}
 
-	copy=$USER
-	[[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER
-	[[ -z "$copy" || $copy = root ]] && copy=copy
-	src_owner=${SUDO_USER:-$USER}
+check_root SOURCE_DATE_EPOCH,GNUPGHOME,SRCDEST,SRCPKGDEST,PKGDEST,LOGDEST,MAKEFLAGS,PACKAGER
 
-	while getopts 'hcur:I:l:nTD:d:U:' arg; do
-		case "$arg" in
-			c) clean_first=true ;;
-			D) bindmounts_ro+=("--bind-ro=$OPTARG") ;;
-			d) bindmounts_rw+=("--bind=$OPTARG") ;;
-			u) update_first=true ;;
-			r) passeddir="$OPTARG" ;;
-			I) install_pkgs+=("$OPTARG") ;;
-			l) copy="$OPTARG" ;;
-			n) run_namcap=true; makepkg_args+=(--install) ;;
-			T) temp_chroot=true; copy+="-$$" ;;
-			U) makepkg_user="$OPTARG" ;;
-			h|*) usage ;;
-		esac
-	done
+# Canonicalize chrootdir, getting rid of trailing /
+chrootdir=$(readlink -e "$passeddir")
+[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir"
+[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try using: mkarchroot %s/root base-devel" "$chrootdir"
 
-	[[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.'
-	[[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.'
-	makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}}
+if [[ ${copy:0:1} = / ]]; then
+	copydir=$copy
+else
+	copydir="$chrootdir/$copy"
+fi
 
-	check_root SOURCE_DATE_EPOCH,GNUPGHOME,SRCDEST,SRCPKGDEST,PKGDEST,LOGDEST,MAKEFLAGS,PACKAGER
+# Pass all arguments after -- right to makepkg
+makepkg_args+=("${@:$OPTIND}")
 
-	# Canonicalize chrootdir, getting rid of trailing /
-	chrootdir=$(readlink -e "$passeddir")
-	[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir"
-	[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try using: mkarchroot %s/root base-devel" "$chrootdir"
+# See if -R or -e was passed to makepkg
+for arg in "${@:$OPTIND}"; do
+	case ${arg%%=*} in
+		--skip*|--holdver) verifysource_args+=("$arg") ;;
+		--repackage|--noextract) keepbuilddir=1 ;;
+		--*) ;;
+		-*R*|-*e*) keepbuilddir=1 ;;
+	esac
+done
 
-	if [[ ${copy:0:1} = / ]]; then
-		copydir=$copy
-	else
-		copydir="$chrootdir/$copy"
-	fi
+if [[ -n $SUDO_USER ]]; then
+	eval "USER_HOME=~$SUDO_USER"
+else
+	USER_HOME=$HOME
+fi
 
-	# Pass all arguments after -- right to makepkg
-	makepkg_args+=("${@:$OPTIND}")
+umask 0022
 
-	# See if -R or -e was passed to makepkg
-	for arg in "${makepkg_args[@]}"; do
-		case ${arg%%=*} in
-			--repackage|--noextract) keepbuilddir=true; break ;;
-			--repackage|--noextract) keepbuilddir=true; break ;;
-			--*) ;;
-			-*R*|-*e*) keepbuilddir=true; break ;;
-		esac
-	done
+load_vars "${XDG_CONFIG_HOME:-$USER_HOME/.config}/pacman/makepkg.conf" || load_vars "$USER_HOME/.makepkg.conf"
+load_vars /etc/makepkg.conf
 
-	if [[ -n $SUDO_USER ]]; then
-		eval "USER_HOME=~$SUDO_USER"
-	else
-		USER_HOME=$HOME
-	fi
+# Use PKGBUILD directory if these don't exist
+[[ -d $PKGDEST ]]    || PKGDEST=$PWD
+[[ -d $SRCDEST ]]    || SRCDEST=$PWD
+[[ -d $SRCPKGDEST ]] || SRCPKGDEST=$PWD
+[[ -d $LOGDEST ]]    || LOGDEST=$PWD
 
-	umask 0022
+# Lock the chroot we want to use. We'll keep this lock until we exit.
+lock 9 "$copydir.lock" "Locking chroot copy [%s]" "$copy"
 
-	load_vars "${XDG_CONFIG_HOME:-$USER_HOME/.config}/pacman/makepkg.conf" || load_vars "$USER_HOME/.makepkg.conf"
-	load_vars /etc/makepkg.conf
+if [[ ! -d $copydir ]] || (( clean_first )); then
+	sync_chroot "$chrootdir" "$copydir" "$copy"
+fi
 
-	# Use PKGBUILD directory if these don't exist
-	[[ -d $PKGDEST ]]    || PKGDEST=$PWD
-	[[ -d $SRCDEST ]]    || SRCDEST=$PWD
-	[[ -d $SRCPKGDEST ]] || SRCPKGDEST=$PWD
-	[[ -d $LOGDEST ]]    || LOGDEST=$PWD
-
-	# Lock the chroot we want to use. We'll keep this lock until we exit.
-	lock 9 "$copydir.lock" "Locking chroot copy [%s]" "$copy"
-
-	if [[ ! -d $copydir ]] || $clean_first; then
-		sync_chroot "$chrootdir/root" "$copydir" "$copy"
-	fi
-
-	$update_first && arch-nspawn "$copydir" \
-			"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
-			pacman -Syu --noconfirm
-
-	if [[ -n ${install_pkgs[*]:-} ]]; then
-		install_packages "$copydir" "${install_pkgs[@]}"
-		ret=$?
-		# If there is no PKGBUILD we have done
-		[[ -f PKGBUILD ]] || return $ret
-	fi
-
-	if [[ "$(id -u "$makepkg_user")" == 0 ]]; then
-		error "Running makepkg as root is not allowed."
-		exit 1
-	fi
-
-	download_sources "$copydir" "$makepkg_user"
-
-	prepare_chroot "$copydir" "$USER_HOME" "$keepbuilddir" "$run_namcap"
-
-	if arch-nspawn "$copydir" \
-		--bind="$PWD:/startdir" \
-		--bind="$SRCDEST:/srcdest" \
+(( update_first )) && arch-nspawn "$copydir" \
 		"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
-		/chrootbuild "${makepkg_args[@]}"
-	then
-		move_products "$copydir" "$src_owner"
+		pacman -Syuu --noconfirm
+
+if [[ -n ${install_pkgs[*]:-} ]]; then
+	install_packages
+	ret=$?
+	# If there is no PKGBUILD we are done
+	[[ -f PKGBUILD ]] || exit $ret
+fi
+
+if [[ "$(id -u "$makepkg_user")" == 0 ]]; then
+	error "Running makepkg as root is not allowed."
+	exit 1
+fi
+
+download_sources
+
+prepare_chroot
+
+if arch-nspawn "$copydir" \
+	--bind="${PWD//:/\\:}:/startdir" \
+	--bind="${SRCDEST//:/\\:}:/srcdest" \
+	"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
+	/chrootbuild "${makepkg_args[@]}"
+then
+	move_products
+else
+	(( ret += 1 ))
+fi
+
+(( temp_chroot )) && delete_chroot "$copydir" "$copy"
+
+if (( ret != 0 )); then
+	if (( temp_chroot )); then
+		die "Build failed"
 	else
-		(( ret += 1 ))
+		die "Build failed, check %s/build" "$copydir"
 	fi
-
-	$temp_chroot && delete_chroot "$copydir" "$copy"
-
-	if (( ret != 0 )); then
-		if $temp_chroot; then
-			die "Build failed"
-		else
-			die "Build failed, check %s/build" "$copydir"
-		fi
-	else
-		true
-	fi
-}
-
-main "$@"
+else
+	true
+fi

mkarchroot.in

@@ -13,9 +13,14 @@
 m4_include(lib/common.sh)
 m4_include(lib/archroot.sh)
 
+# umask might have been changed in /etc/profile
+# ensure that sane default is set again
+umask 0022
+
 working_dir=''
 
 files=()
+nspawn_args=()
 
 usage() {
 	echo "Usage: ${0##*/} [options] working-dir package-list..."
@@ -33,12 +38,14 @@ while getopts 'hC:M:c:f:s' arg; do
 	case "$arg" in
 		C) pac_conf="$OPTARG" ;;
 		M) makepkg_conf="$OPTARG" ;;
-		c) cache_dir="$OPTARG" ;;
+		c) cache_dirs+=("$OPTARG") ;;
 		f) files+=("$OPTARG") ;;
 		s) nosetarch=1 ;;
 		h|?) usage ;;
 		*) error "invalid argument '%s'" "$arg"; usage ;;
 	esac
+    nspawn_args+=("-$arg")
+    [[ -v OPTARG ]] && nspawn_args+=("$OPTARG")
 done
 shift $((OPTIND - 1))
 
@@ -51,10 +58,10 @@ shift 1
 
 [[ -z $working_dir ]] && die 'Please specify a working directory.'
 
-if [[ -z $cache_dir ]]; then
-	cache_dirs=($(pacman -v "$cache_conf" 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g'))
-else
-	cache_dirs=(${cache_dir})
+pacconf_cmd=$(command -v pacman-conf || command -v pacconf)
+
+if (( ${#cache_dirs[@]} == 0 )); then
+	mapfile -t cache_dirs < <($pacconf_cmd CacheDir)
 fi
 
 umask 0022
@@ -78,13 +85,8 @@ for file in "${files[@]}"; do
 	cp "$file" "$working_dir$file"
 done
 
-_env=()
-while read -r varname; do
-	_env+=("$varname=${!varname}")
-done < <(declare -x | sed -r 's/^declare -x ([^=]*)=.*/\1/' | grep -i '_proxy$')
-env -i "${_env[@]}" \
-pacstrap -GMcd ${pac_conf:+-C "$pac_conf"} "$working_dir" \
-  "${cache_dirs[@]/#/--cachedir=}" "$@" || die 'Failed to install all packages'
+pacstrap -Mcd ${pac_conf:+-C "$pac_conf"} "$working_dir" \
+	"${cache_dirs[@]/#/--cachedir=}" "$@" || die 'Failed to install all packages'
 
 printf '%s.UTF-8 UTF-8\n' en_US de_DE > "$working_dir/etc/locale.gen"
 echo 'LANG=en_US.UTF-8' > "$working_dir/etc/locale.conf"
@@ -93,8 +95,5 @@ echo "$CHROOT_VERSION" > "$working_dir/.arch-chroot"
 systemd-machine-id-setup --root="$working_dir"
 
 exec arch-nspawn \
-	${nosetarch:+-s} \
-	${pac_conf:+-C "$pac_conf"} \
-	${makepkg_conf:+-M "$makepkg_conf"} \
-	${cache_dir:+-c "$cache_dir"} \
+	"${nspawn_args[@]}" \
 	"$working_dir" locale-gen

offload-build

@@ -0,0 +1,108 @@
+#!/bin/bash
+#
+#   offload-build - build a PKGBUILD on a remote server using makechrootpkg.
+#
+#   Copyright (c) 2019 by Eli Schwartz <eschwartz@archlinux.org>
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+
+# global defaults suitable for use by Arch staff
+repo=extra
+arch=x86_64
+server=dragon.archlinux.org
+
+die() { printf "error: $1\n" "${@:2}"; exit 1; }
+
+usage() {
+    cat <<- _EOF_
+		Usage: ${BASH_SOURCE[0]##*/} [--repo REPO] [--arch ARCHITECTURE] [--server SERVER] -- [ARCHBUILD_ARGS]
+
+		Build a PKGBUILD on a remote server using makechrootpkg. Requires a remote user
+		that can run archbuild without password auth. Options passed after a -- are
+		passed on to archbuild, and eventually to makechrootpkg.
+
+		OPTIONS
+		    -r, --repo      Build against a specific repository (current: $repo)
+		    -a, --arch      Build against a specific architecture (current: $arch)
+		    -s, --server    Offload to a specific build server (current: $server)
+		    -h, --help      Show this help text
+_EOF_
+}
+
+# option checking
+while (( $# )); do
+    case $1 in
+        -h|--help)
+            usage
+            exit 0
+            ;;
+        -r|--repo)
+            repo=$2
+            shift 2
+            ;;
+        -a|--arch)
+            arch=$2
+            shift 2
+            ;;
+        -s|--server)
+            server=$2
+            shift 2
+            ;;
+        --)
+            shift
+            break
+            ;;
+        *)
+            die "invalid argument: %s" "$1"
+            ;;
+    esac
+done
+
+# multilib must be handled specially
+if [[ $repo = multilib* ]]; then
+    arch=
+fi
+
+archbuild_cmd=("${repo}${arch:+-$arch}-build" "$@")
+
+trap 'rm -rf $SRCPKGDEST' EXIT
+
+# Use a source-only tarball as an intermediate to transfer files. This
+# guarantees the checksums are okay, and guarantees that all needed files are
+# transferred, including local sources, install scripts, and changelogs.
+export SRCPKGDEST=$(mktemp -d)
+makepkg --source || die "unable to make source package"
+
+mapfile -t files < <(
+    # This is sort of bash golfing but it allows running a mildly complex
+    # command over ssh with a single connection.
+    # shellcheck disable=SC2145
+    cat "$SRCPKGDEST"/*.src.tar.gz |
+        ssh $server '
+            temp="${XDG_CACHE_HOME:-$HOME/.cache}/offload-build" &&
+            mkdir -p "$temp" &&
+            temp=$(mktemp -d -p "$temp") &&
+            cd "$temp" &&
+            {
+                bsdtar --strip-components 1 -xvf - &&
+                script -qefc "'"${archbuild_cmd[@]@Q}"'" /dev/null &&
+                printf "%s\n" "" "-> build complete" &&
+                printf "\t%s\n" "$temp"/*
+            } >&2 &&
+            makepkg --packagelist
+')
+
+(( ${#files[@]} )) && printf '%s\n' '' '-> copying files...' && scp "${files[@]/#/$server:}" .

rebuildpkgs.in

@@ -3,7 +3,7 @@
 #
 # This script rebuilds a list of packages in order
 # and reports anything that fails
-# 
+#
 # Due to sudo usage, it is recommended to allow makechrootpkg
 # to be run with NOPASSWD in your sudoers file
 #
@@ -14,8 +14,8 @@
 m4_include(lib/common.sh)
 
 if (( $# < 1 )); then
-	printf 'Usage: %s <chrootdir> <packages to rebuild>\n' "$(basename "$0")"
-	printf '  example: %s ~/chroot readline bash foo bar baz\n' "$(basename "$0")"
+	printf 'Usage: %s <chrootdir> <packages to rebuild>\n' "$(basename "${BASH_SOURCE[0]}")"
+	printf '  example: %s ~/chroot readline bash foo bar baz\n' "$(basename "${BASH_SOURCE[0]}")"
 	exit 1
 fi