Compare commits

..

73 Commits

Author SHA1 Message Date
Levente Polyak
d4546c59ce Version 20191212 2019-12-12 01:01:44 +01:00
Levente Polyak
d6866e0544 lib: support arbitrary compressed package files
We need to modify the matching of valid package files to support formats
like zstd. Let's try to use an eager approach instead of a simple
whitelist in order to be functional for arbitrary formats that may be
introduced in the future without the need to adjust any code.

Allow any single fragment word as compression type but filter out known
non-package content like signature files.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-12-08 20:59:11 +01:00
Eli Schwartz
8edad22616 offload-build: return failure if no package files were found
This means that the remote command died at some stage earlier than the
printing of created files.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-12-05 23:34:23 +01:00
Levente Polyak
f20435643f makechrootpkg: sync databases for checkpkg off-site
Use pacman's --dbpath feature to sync fresh databases inside an isolated
location and split up the database sync and package location calls to
remove the need of weird grep calls.

It isn't nice of makechrootpkg to modify the host database state just by
building packages. No foreign program shall automatically modify
the host database other than by the explicit will of a system
maintainer, which is the major reason this changes get incorporated.

However, there is certain indoctrinated believe that using -Sy is
the prime evil. In fact it has been declared as a social rule to a
technical problem of not getting into potential partial upgrade states.
This is not a proper loophole less solution as there are multiple ways
and use cases that lead to such a state, like aborting a -Syu on the
prompt for whatever reason, what really matters is that it is not a
technically bullet proof solution to solve the problem.

Databases shall have the freedom to be as up to date as databases or
their owner wishes, allowing querying on latest database state without
fear. The only loophole-less contract that _really_ is from importance
is always using -Su instead of plain -S to install packages. Installing
packages is what actually brings one into a potential partial upgrade
state and by using -Su an outstanding upgrade is forced when installing
a new package. This properly solves all edge cases in a technical
manner instead of declaring people who abort the prompt of -Syu to be
the problem. In fact, using this simple contract allows whatever system
maintenance workflow a host owner wants to follow, which may still be to
always use -Syu and deal with system upgrades explicitly instead of the
time when installing new packages, but the -Su contract is the real safe
guard to guarantee no edge case can ever slip in. This magically also
opens up the freedom to people who wish to use -Sy to simply query on up
to date data as the currently indoctrinated "never do -Sy" stone plates
not only are not rock solid in technical terms but also make certain use
cases simply impossible and hence cripple the functionality without at
the very least being fully loophole free.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-12-05 22:50:11 +01:00
Levente Polyak
8d99df602d makechrootpkg: double quote array expansions for checkpkg locations
Avoid re-splitting remotepkg elements used for checkpkg conditions.
2019-11-30 13:44:02 +01:00
Levente Polyak
4c803b9db8 Version 20191130 2019-11-30 13:30:34 +01:00
Levente Polyak
104c5bc90e makechrootpkg: sync database for checkpkg to avoid nonexistent targets
For build servers or similar infrastructure its relatively common to not
sync/update the database regularly. This leads to problems properly
running checkpkg duo to nonexistent target files that we try to
download. As building on build servers is a very common use case, lets
ensure we sync the local database before trying to resolve the package
locations.
2019-11-30 13:25:06 +01:00
Levente Polyak
cee28a1b13 makechrootpkg: check local pkg versions before downloading for checkpkg
Avoid always trying to download and output the according message.
Add checks for packages either not being available in the repo or
all variants have up to date versions stored in the local cache.
2019-11-30 13:25:06 +01:00
Levente Polyak
e0f82d3947 completion: add makerepropkg zsh completion 2019-11-30 13:25:06 +01:00
Levente Polyak
74313db9ee completion: reflect new -U mkarchchroot option 2019-11-30 13:25:06 +01:00
Ivy Foster
2c611d20bd lib/common.sh: do not use colors when running on a dumb terminal 2019-11-30 13:25:05 +01:00
Eli Schwartz
ca4d348c86 doc: add manpage for the new makerepropkg tool
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Eli Schwartz
2fb1cc2dd2 makerepropkg: add new program to try to reproducibly build a package
This attempts to recreate a package that was probably created using
makechrootpkg, and see if it conforms to the
https://reproducible-builds.org/ specification.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Eli Schwartz
bcba566405 mkarchroot: support wrapping pacstrap -U
Needed to support reproducible builds.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Eli Schwartz
f8f2f02028 archbuild: use better umask
In commit 40a90e2cab we tried to protect
against system umasks resulting in unreadable chroots. However, we tried
to do this in a targeted manner due to not wanting to fiddle with
permissions for user-owned files. Unfortuantely, mkdir -p -m755 does not
actually work that way -- the parent directory is created with broken
permissions. We need umask.

Run umask and mkdir in a subshell to prevent leakage.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Eli Schwartz
68f0bff172 commitpkg: clearly delineate the commit message template and the rationale
In commit 75d23eec94 we moved to include
commitpkg arguments as the first line of the svn commit message, but we
simply dumped the result after the version number without separating the
two, increasing the cognitive burden of parsing the rationale. Since the
whole point of the change was to make it easier to see what happened
when using git log --oneline (reducing the cognitive burden of parsing
'pretty' output with author/date info), it makes sense to also delineate
the reason correctly.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Eli Schwartz
f85a58a0a6 arch-nspawn: rely on deduplication to avoid making multiple host_mirror mounts
Instead of comparing exact mirror urls to see if they are in
host_mirrors in order to "skip" the official mirrors

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30 13:21:23 +01:00
Levente Polyak
20eec484fa offload-build: remove empty src dir when SRCDEST is set
Right now there is a bug in makepkg that leaves back an empty src
directory if SRCDEST is set. This is purely cosmetic, but lets just
politely try to rmdir it and fail silently if its empty or non-existent.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-30 13:21:23 +01:00
Levente Polyak
6fffbfbc8a offload-build: catch more signals to be sure SRCPKGDEST gets cleaned
It may be not enough to just listen on EXIT depending on the shell used
so lets make sure we clean up SRCPKGDEST by listening to more sigs.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-30 13:21:22 +01:00
Eli Schwartz
0017263379 Makefile: sort program names
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07 21:28:23 +01:00
Eli Schwartz
751093eff2 use libmakepkg to find and use variables in makepkg.conf
- drop homebrew function in makechrootpkg
- use better mock to find invoking user's $HOME
- make offload-build respect makepkg.conf to determine where to sync
  files, matching the behavior of makechrootpkg

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07 21:28:21 +01:00
Eli Schwartz
f43a86ee8a arch-nspawn: simplify cachedir/host_mirror parsing
consolidate logic flows in the same area for parsing and building
arrays. Don't bother having a special function just to build the
mount_args array, since we now use the same handling for adding any
cachedir (including host mirrors) to the mount arguments, this becomes a
trivial for loop -- and it really did not need to be delayed until after
the sanity check, anyway.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07 21:28:20 +01:00
Eli Schwartz
0067176529 arch-nspawn: restore cachedir handling for host_mirrors
In commit 27ff286ee7, we moved from
sourcing the primary cachedir via /etc/pacman.conf, to using the
pacman.conf in the workdir. One unanticipated side effect of this was
breaking the special host mirrors magic we used to turn a host mirror
into a cachedir. It was still processed as a server, but we relied on it
being in the host's cachedirs in order to be persisted, and this no
longer occurred.

Solve this by explicitly adding each host mirror root as a cachedir.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07 21:28:19 +01:00
Daniel M. Capella
75d23eec94 commitpkg: Include commit msg arg in first line
Commit messages belong on the first line, with optional "explanatory
text" starting after a blank line:
https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html

Referencing commit ee970f0bde

Signed-off-by: Daniel M. Capella <polyzen@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07 21:28:17 +01:00
Daniel M. Capella
6679c28625 conf: Sync with pacman 5.2.0-2
Signed-off-by: Daniel M. Capella <polyzen@archlinux.org>
2019-11-06 01:14:05 +01:00
Levente Polyak
2edee89b62 Version 20191016 2019-10-16 00:52:33 +02:00
Levente Polyak
901581936a ci: fix travis build using undocumented but reserved keyword
https://github.com/mikkeloscar/arch-travis/issues/65
2019-10-15 23:50:52 +02:00
jelle van der Waa
29c6fa8537 sogrep: redirect to destination mirror (#25)
Some mirrors redirect consumers to a near by mirror which isn't handled
by sogrep.
2019-10-15 23:30:23 +02:00
Levente Polyak
74f65db396 zsh_completion: add offload-build completion
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:16:25 +02:00
Levente Polyak
64b7d99504 zsh_completion: add sogrep completions
Transform sogrep into an in-prog so we can benefit from the m4 macro
to specify valid repos in a single place of truth.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:16:09 +02:00
Levente Polyak
f32a264796 commitpkg: prefer explicit signature+data parameters for gpg --verify
Lets prefer the explicit variant of gpg --verify by providing both, the
signature and the data file as parameters.
For the unlikely case there is a matching signature file already present
that was created outside of the toolchain and has an embedded signature
with data, we at least could detect it early with this check.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:16:07 +02:00
Levente Polyak
fd6e801cfb commitpkg: disallow if PKGBUILD hash mismatches package's enclosed hash
Several cases showed that we release packages that were built with
different PKGBUILDs than the one commited to the source tree. This is
bad for obvious reasons plus sploils reproducible builds.

We, under no circumstances, want to allow using commitpkg to publish and
release a packages whose PKGBUILD doesn't match the one to be commited.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:16:04 +02:00
Levente Polyak
a3868cf542 commitpkg: fix wrongly ordered find_cached_package call
The unknown packager check didn't worked so far as the wrongly ordered
call to find_cached_package lead to the enclosing block never being
executed.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:16:02 +02:00
Levente Polyak
62a2f118ce make: add target to tag a new version
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:15:56 +02:00
Levente Polyak
723ad23b48 zsh_completion: overhaul all completions to match actual options
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:15:54 +02:00
Levente Polyak
5dd90ef848 checkpkg: add option to print a warning in case of differences
Sometimes its desired to be explicitly made aware of differences
reporter by checkpkg via printing a warning instead of a regular
message.

Automatically use --warn for makechrootpkg builds so packagers are made
visibly aware of a soname bump by simply looking out for colors
indicating non success messages.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:15:51 +02:00
Levente Polyak
5246cb9aa5 checkpkg: add option to avoid keeping the tmp dir
In some cases, like default makechrootpkg execution, the temporary
directory used to assemble the differences is not required. Add an
option to checkpkg that allows to get rid of that directory after
run and call it automatically like that in makechrootpkg.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:15:48 +02:00
Levente Polyak
144f896660 makechrootpkg: run checkpkg automatically after build
Cache previous versions required for checkpkg via pacman to avoid
multiple downloads when running multiple times.

In case we can't download the packages, like while building out of repo
packages, print a warning instead of running checkpkg

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28 00:15:33 +02:00
Levente Polyak
bbcff883d5 Version 20190912 2019-09-12 23:03:12 +02:00
Eli Schwartz
6e466ca654 Revert "makechrootpkg: with -n, check if the package failed to install"
This reverts commit be44b9cde1.

This was a nice idea in theory, because it means that we can catch
conflicting files before releasing them into the repos. In practice,
there were unanticipated side effects: single-package installs which
conflict against their own makedepends cannot be installed either.
Examples include:
- kernel modules which makedepend on their dkms equivalent
- jack2, which makedepends/optdepends on portaudio, which requires
  jack... but jack2 is a drop-in provides/conflicts jack.

We cannot reliably detect when makepkg --install will error out because
of dependency conflicts vs. packages which are simply broken. So, back
out this change for now.

Revisit this once pacutils has a new release, because it will add the
option --resolve-conflicts=all, allowing for much better scripted
responses to "foo conflicts with bar, remove bar? [y/N]" than simply
"--noconfirm and fail".

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-12 21:29:42 +02:00
Levente Polyak
d8d2e23247 Version 20190821 2019-08-21 19:23:03 +02:00
Eli Schwartz
be44b9cde1 makechrootpkg: with -n, check if the package failed to install
We previously whitelisted this return code because split packages can
frequently conflict each other, so makepkg -i is *expected* to fail in
such a case. However, there is no good reason to let this succeed if the
pkgbase only builds one pkgname -- that will always be a severe issue.

Add a check for how many split

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:54 +02:00
Eli Schwartz
7b0a11677a makechrootpkg: make the -U option work for the first time ever
The -U option was initially introduced in commit
cda9cf436b in order to enable running
makechrootpkg as root, delegating to another, manually selected, user to
perform various non-root tasks (given that makepkg was modified to throw
fatal errors when run as root without the option of --asroot to disable
that). However, it was only ever implemented for the --verifysource
option outside of the chroot, and the builduser inside the chroot is
created with the same uid as the makechrootpkg invoker. It needs to run
as the same uid, because it needs rw access to $startdir and $SRCDEST!
Additionally this lets the invoking user more easily inspect the build
directory in case of problems...

The correct solution for this is to properly implement the initial
intention of the -U option, and make it override the autodetection of
the "invoking user" which is normally done by inspecting $SUDO_USER.
This is then used as the single source of truth for "who am I pretending
to be".

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
93dbb14ab9 archrelease: actually fail in failure conditions
When svn ls fails due to network timeouts, this currently results in
archrelease deleting all files, then committing this as the changeset.
This causes data loss...

With bash 4.4 and using wait $! we can get return the return code of the
last backgrounded command -- which process substitution qualifies as.
Key off of this to make sure that `svn ls` actually succeeded.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
10c6efc440 archbuild: prefer repo/arch-specific configs if they exist
When mixing and matching different repos and architectures not present
in mainline archlinux, it is sometimes desirable to set up differing
presets with more granularity than devtools currently allows.

One example of this is when building for architectures that are only
supported by another project -- in order to coexist on a mainline
archlinux host, a different mirrorlist needs to be used.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
8e4293034b makechrootpkg: also downgrade packages when updating chroots
Packages should never be getting downgraded... unless a package is
pulled from testing, e.g. for example if gcc9 totally breaks the linux
kernel. In such cases, the master repo says there is a downgrade, so
we'd better go with that. Basically, ensure that packages match the repo
they are being built against. Consistency at all costs!

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
b7893a2ca8 makechrootpkg: when installing with -I, ensure package is installed
noconfirm is wrong here, as we don't want to accept the default answer
-- we want to install the new package, even if it conflicts and provides
an existing one. After all, we explicitly asked for it.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
bec29e632b arch-nspawn: unshare the gpg namespace to prevent zombie processes
gpg-agent is really annoying and leaves useless copies of itself around.
Using unshare ensures that all such processes are killed as soon as the
main gpg process dies.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
70f3b8ddb8 finddeps: suppress error messages for unreadable directories
If the find command cannot descend into a directory in order to search
for a PKGBUILD, it is likely a "$pkgdir" which makepkg sets as
unreadable. As far as finddeps is concerned, this error message is not
needed.

Also convert to using null-delimited paths on general principle to
prevent read from splitting on odd paths.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:53 +02:00
Eli Schwartz
5fcd90a212 makechrootpkg: accept arguments useful to verifysource
And pass them on to download_sources outside the chroot.

Fixes FS#35652

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
f6f4da26cb makechrootpkg: fix breakage in makepkg option parsing
In commit bd826752c9, support for short
options was added to the heuristic for --noextract, but in the process,
we changed to loop over the set of user options plus the builtin
defaults for inside the chroot. This was wrong, as we only care about
the user options -- moreover, it prevents us from adding verifysource
support *outside* the chroot, for options that are also chroot options,
like --holdver.

Also remove uselessly duplicated line.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
40a90e2cab ensure that sane umask is used where needed
If a user umask is restrictive, a chroot may be created as root without the
ability for the user to read it, which then causes makepkg
--verifysource to fail.

Do not set this in lib/common.sh, where it would apply to all scripts,
as we do not want to override the user's policy for things like $SRCDEST
files, svn checkouts, etc.

Fixes FS#47625

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
74a6641946 Escape paths with ":" that are passed to systemd-nspawn --bind
When parsing paths to automatically make available to the container, the
":" is used internally by systemd-nspawn to signify destinations in the
container. Replace automatically with "\:" for the mounts that we set
up, in order to safely handle a working directory etc. that contains
this character.

For bind options exposed to the user, it is assumed the user takes care
of passing systemd-nspawn compatible paths themselves.

Fixes FS#60845

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
69112171e5 arch-nspawn: support bind-mounting custom file:/// repositories
Fixes FS#45882

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
c14338c0fe checkpkg: implement comparison against alternative targets
This allows comparing the currently built set of packages against
targets named by filename, url, or pkgname. One example use is to
compare a package against a different version that was never in the
repos; another example use is to compare a *-git package against the
non-git version.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
8dbf95cdd4 makechrootpkg: check truthiness using shell arithmetic
Using the literal strings "true" and "false" is inaccurate and may
result in uncertainty of whether it is set when doing string comparison,
or simply rely on the shell implementation of treating the string as a
command builtin, then executing the value as a shell command. Emulate
makepkg, which makes heavy use of shell arithmetic for this purpose.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:52 +02:00
Eli Schwartz
46d614d91a Revert "makechrootpkg: Have functions be more function-y."
This reverts (the bulk of) commit 2fd5931a8c.

Reducing globals makes little sense in in a oneshot bash script, but
reduces code clarity and in fact resulted in bugs because even the
commit author couldn't keep track of the script state.

An exit was changed to a return, even though that made no sense outside
of a function, and has been duly returned to being an exit. This was
never tested and later papered over by wrapping the entire script in a
main() function and then calling the function for hysterical raisins.

The functiony nature of sync_chroot/delete_chroot is preserved, as those
functions demonstrate meaningfully standalone functionality -- who
knows? we may want to reuse this. Everything else is tightly bound to
the internal logic of makechrootpkg.

Completely separate functionality that was silently implemented in the
original commit is also preserved:
- declare a couple of variables as locals
- move the abort-on-no-PKGBUILD outside the install_packages function

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Eli Schwartz
df0d6b867b Revert "makechrootpkg: Avoid having code floating around outside of a function."
This reverts commit 49088b0860.

The fundamental intention was flawed and broken, it caused annoying
issues and regressions, and the self-avowed sole purpose of the change
was so that a downstream project could *post-modify the script and
source it as a library*.

That is not okay. You don't wrap non-factorable code in a function
called main() and call it a library. The only possible use for this is
to treat makechrootpkg *internals* as a library, which is not supported.

Downstream projects that wish to use the functionality of makechrootpkg
should treat makepkg as a command with a public API in the form of
command line options. That is kind of how commands of all kinds work,
since forever. That is how all users of makechrootpkg *except for
parabola* use it.

Arguments that "it saves us the cost of fork+exec to bash" are simply
invalid.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Eli Schwartz
8f5a02b23d Don't rely on $0 to determine script names.
Programs can freely define the value of argv0 and thus it means nothing.
Instead, use the bash-specific variable explicitly designed to safely
and accurately reference the name of the currently sourced file.

This also fixes the case where simple debugging mechanisms like using
"bash -x foo" tried to treat "foo" as the unqualified $0 and therefore
broke horribly due to lack of pathnames.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Eli Schwartz
e76d560477 Revert "mkarchroot: Don't let the environment affect pacstrap (sans proxy settings)."
This reverts commit 578a62f1e0.

mkarchroot is run as root (via check_root if needed) so the environment
should already be clean. If not, the user has broken their root
environment, and we cannot support this. It's unclear what environment
settings may or may not be messing with anything, ever, but the original
bug report happened on Parabola who perform extensive patching to
"libretools" such that the code no longer resembles devtools at all.
It's therefore likely any such bug is parabola specific, but we will
never know since the original commit message states that they don't know
why they do it either.

Parsing the user's entire exported environment via both sed and grep is
overkill for a non-bug, especially when it doesn't work for variables
declared -rx and doesn't work for things like:

export fooled_you=$'wow such hax\ndeclare -x http_proxy=lol'

Also if done properly this would rely on compgen -e to print all
exported shell variables. Or even better, loop through /proc/$$/environ
which is both null-delimited and easily parsed with the read builtin and
[[ ]]

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Brian Bidulock
27ff286ee7 arch-nspawn should not take pacman cache from host
Previously, arch-nspawn was using the hosts' pacman cache in
the chroot even when the chroot was set up with a different
cache by mkarchroot, unless specified with the -c flag.
Problem is that makechrootpkg passes no -C, -M nor -c flags
to arch-nspawn, so all values must be obtained from the
working directory.

This change take the cache directories from the pacman.conf
specified with the -C option unless the -c option was given
(as is the case when the chroot is set up with mkarchroot),
and, when neither -C nor -c is given (as is the case when
invoked by makechrootpkg), the cache directory is taken
from the pacman.conf in the working directory.

This wasn't such an issue when i686 was mainline, however,
which building packages in a chroot against archlinux32 on
an x86_64 platform, the cache of the host should _never_ be
used.

Rebased by eschwartz on top of cachedir reworking.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Eli Schwartz
2180aabc81 arch-nspawn: don't delete the guest gpg configuration
It's important to ensure the guest has up to date data because updating
a chroot after quite some time can potentially rely on updated
archlinux-keyring, something which the host machine either kept up to
date on or manually fixed, but it kills automation to mess around with
chroot configs like that. Alternatively, signed packages added with -I
need to work, and we assume the host is configured to accept these.

That is *not* a good reason to completely nuke whatever is in the guest,
though. A guest might have been manually configured to accept keys which
aren't accepted by the host; one example of this happening in practice,
is archlinux32 when building 32-bit packages from an archlinux host.

The right solution is to append to, rather thna overwrite, the chrooted
guest's pacman keyring.

To do this, we will use gpg's native facility to dump the keyring from
one GNUPGHOME and import it into another. We'd use pacman-key's --import
option directly, but this doesn't support passing custom options like
--import-options import-local-sigs
Finally use pacman-key's native facility to import the trust status from
the host.

While we are at it, fix a bug where we didn't respect the host's
pacman.conf settings for the GpgDir. While it isn't wildly likely a user
will choose to customize this, it is a valid and supported use case and
we must think about this ourselves.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:41:51 +02:00
Eli Schwartz
2f929c961f fixup commit "arch-nspawn: get all mirrors from host"
In commit d9b7350448, a line was deleted
that had a shellcheck ignore marker, but the marker itself was left in
(and had nothing to do). So, remove it.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:40:05 +02:00
Eli Schwartz
c2bbcbed64 mkarchroot: don't create a broken chroot by default
It's incorrect to make pacman completely useless inside the chroot by
starting off with no pacman keyring. Assuming that the only consumers of
a new chroot will be arch-nspawn (which copies over the hostconf) is
bad design, and furthermore makes it impossible to fix other issues in
arch-nspawn itself.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:40:05 +02:00
Eli Schwartz
b7ce90fefc makechrootpkg: load makepkg.conf variables correctly
Since makepkg.conf is a bash-compatible configuration file, it must be
sourced.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:40:05 +02:00
Eli Schwartz
f52002955c Makefile: don't inject DESTDIR into the pkgdatadir
In commit 46c4def073, we added support for
nonstandard PREFIX installations, but DESTDIR was and is never supposed
to be a part of that. While DESTDIR isn't terribly likely to be used
during `make all` invocations, that's no reason to break horribly if it
is used for some reason.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:40:05 +02:00
Eli Schwartz
58374246c4 Migrate pacman.conf CacheDir parsing to pacman-conf
And while we're at it, make this more consistent. Currently we
unnecessarily support only one -c /path/to/cachedir option.

This requires slightly more thorough handling in mkarchroot to ensure
all custom cachedirs are passed on to arch-nspawn. Rework
to simply forward all arguments to arch-nspawn (minus final arguments
used for pacman -Sy packagelist).

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09 19:39:45 +02:00
Levente Polyak
f522ce2277 offload-build: disable shellcheck false-positive for shell-escape 2019-06-13 00:17:11 +02:00
Eli Schwartz via arch-projects
7747749610 doc: add manpage for the new offload-build tool
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-06-12 23:42:10 +02:00
Eli Schwartz via arch-projects
25b4ef2799 Add new tool: offload-build
This tool is useful for running makechrootpkg on a remote build server,
and is by default hooked up to send a PKGBUILD and initiate a build on
our shiny new build server "dragon".

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-06-12 23:42:10 +02:00
Eli Schwartz via arch-projects
ad4b66830a Revert "makechrootpkg: sync_chroot: Make more general."
This reverts commit 6d1992909c.

It has never worked. In commit c86823a2d4
it was noted that it compared the device numbers for [[ $1 = $1 ]] which
was a useless check and always returned true, for *any* btrfs
filesystem. Now that the function is corrected to compare [[ $1 = $2 ]]
the check is still useless, but this time because it always returns
false -- btrfs subvolumes on the same filesystem do *not* share device
numbers.

So let's go back to the original working implementation that only
matters in terms of makechrootpkg, and just checks if makechrootpkg's
root working directory is btrfs (in which case we know it will be a
subvolume because mkarchroot will create it that way).

This restores our special support for the btrfs filesystem.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-06-12 23:42:05 +02:00
Erich Eckner
321e998020 fix whitespace/indentation errors
Some lines are indented by spaces, while adjacent lines are indentet by tabs.
We should use tabs on both.

Signed-off-by: Erich Eckner <git@eckner.net>
2019-04-20 17:58:55 +02:00
Erich Eckner
c86823a2d4 is_same_fs() in lib/archroot.sh should use $1 and $2, not $1 and $1
The old behaviour would always evaluate to true - this is certainly not
what that function should do.

Signed-off-by: Erich Eckner <git@eckner.net>
2019-04-20 17:55:31 +02:00
33 changed files with 881 additions and 329 deletions

2
.gitignore vendored
View File

@@ -9,10 +9,12 @@ commitpkg
finddeps
lddd
makechrootpkg
makerepropkg
mkarchroot
rebuildpkgs
zsh_completion
find-libdeps
crossrepomove
arch-nspawn
sogrep
doc/*.1

View File

@@ -4,7 +4,7 @@ sudo: required
services:
- docker
arch:
archlinux:
packages:
- openssh
- subversion

View File

@@ -1,26 +1,28 @@
V=20190329
V=20191212
PREFIX = /usr/local
MANDIR = $(PREFIX)/share/man
IN_PROGS = \
checkpkg \
commitpkg \
archco \
arch-nspawn \
archrelease \
archbuild \
lddd \
finddeps \
rebuildpkgs \
find-libdeps \
checkpkg \
commitpkg \
crossrepomove\
arch-nspawn \
finddeps \
find-libdeps \
lddd \
makerepropkg \
mkarchroot \
makechrootpkg
makechrootpkg \
rebuildpkgs \
sogrep
BINPROGS = \
$(IN_PROGS) \
sogrep
offload-build \
CONFIGFILES = \
makepkg-x86_64.conf \
@@ -68,7 +70,9 @@ BASHCOMPLETION_LINKS = \
MANS = \
doc/lddd.1 \
doc/checkpkg.1 \
doc/offload-build.1 \
doc/sogrep.1 \
doc/makerepropkg.1 \
doc/mkarchroot.1 \
doc/find-libdeps.1 \
doc/find-libprovides.1
@@ -77,7 +81,7 @@ MANS = \
all: $(BINPROGS) bash_completion zsh_completion man
man: $(MANS)
edit = sed -e "s|@pkgdatadir[@]|$(DESTDIR)$(PREFIX)/share/devtools|g"
edit = sed -e "s|@pkgdatadir[@]|$(PREFIX)/share/devtools|g"
%: %.in Makefile lib/common.sh
@echo "GEN $@"
@@ -126,6 +130,12 @@ uninstall:
rm -f $(DESTDIR)$(MANDIR)/man$${manfile##*.}/$${manfile#doc/}; \
done;
TODAY=$(shell date +"%Y%m%d")
tag:
@sed -E "s|^V=[0-9]{8}|V=$(TODAY)|" -i Makefile
@git commit --gpg-sign --message "Version $(TODAY)" Makefile
@git tag --sign --message "Version $(TODAY)" $(TODAY)
dist:
git archive --format=tar --prefix=devtools-$(V)/ $(V) | gzip -9 > devtools-$(V).tar.gz
gpg --detach-sign --use-agent devtools-$(V).tar.gz
@@ -136,5 +146,5 @@ upload:
check: $(BINPROGS) bash_completion makepkg-x86_64.conf PKGBUILD.proto
shellcheck $^
.PHONY: all clean install uninstall dist upload check
.PHONY: all clean install uninstall dist upload check tag
.DELETE_ON_ERROR:

View File

@@ -13,9 +13,14 @@
m4_include(lib/common.sh)
m4_include(lib/archroot.sh)
# umask might have been changed in /etc/profile
# ensure that sane default is set again
umask 0022
working_dir=''
files=()
mount_args=()
usage() {
echo "Usage: ${0##*/} [options] working-dir [systemd-nspawn arguments]"
@@ -35,7 +40,7 @@ while getopts 'hC:M:c:f:s' arg; do
case "$arg" in
C) pac_conf="$OPTARG" ;;
M) makepkg_conf="$OPTARG" ;;
c) cache_dir="$OPTARG" ;;
c) cache_dirs+=("$OPTARG") ;;
f) files+=("$OPTARG") ;;
s) nosetarch=1 ;;
h|?) usage ;;
@@ -52,37 +57,44 @@ shift 1
[[ -z $working_dir ]] && die 'Please specify a working directory.'
if [[ -z $cache_dir ]]; then
cache_dirs=($(pacman -v 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g'))
else
cache_dirs=("$cache_dir")
pacconf_cmd=$(command -v pacman-conf || command -v pacconf)
if (( ${#cache_dirs[@]} == 0 )); then
mapfile -t cache_dirs < <($pacconf_cmd --config "${pac_conf:-$working_dir/etc/pacman.conf}" CacheDir)
fi
pacconf_cmd=$(command -v pacman-conf || command -v pacconf)
# shellcheck disable=2016
host_mirrors=($($pacconf_cmd --repo extra Server 2> /dev/null | sed -r 's#(.*/)extra/os/.*#\1$repo/os/$arch#'))
# shellcheck disable=2016
# {{{ functions
build_mount_args() {
declare -g mount_args=()
for host_mirror in "${host_mirrors[@]}"; do
if [[ $host_mirror == *file://* ]]; then
host_mirror_path=$(echo "$host_mirror" | sed -r 's#file://(/.*)/\$repo/os/\$arch#\1#g')
mount_args+=("--bind-ro=$host_mirror_path")
host_mirror=$(echo "$host_mirror" | sed -r 's#file://(/.*)/\$repo/os/\$arch#\1#g')
in_array "$host_mirror" "${cache_dirs[@]}" || cache_dirs+=("$host_mirror")
fi
done
mount_args+=("--bind=${cache_dirs[0]}")
while read -r line; do
mapfile -t lines < <($pacconf_cmd --config "${pac_conf:-$working_dir/etc/pacman.conf}" \
--repo $line Server | sed -r 's#(.*/)[^/]+/os/.+#\1#')
for line in "${lines[@]}"; do
if [[ $line = file://* ]]; then
line=${line#file://}
in_array "$line" "${cache_dirs[@]}" || cache_dirs+=("$line")
fi
done
done < <($pacconf_cmd --config "${pac_conf:-$working_dir/etc/pacman.conf}" --repo-list)
mount_args+=("--bind=${cache_dirs[0]//:/\\:}")
for cache_dir in "${cache_dirs[@]:1}"; do
mount_args+=("--bind-ro=$cache_dir")
mount_args+=("--bind-ro=${cache_dir//:/\\:}")
done
}
# {{{ functions
copy_hostconf () {
cp -a /etc/pacman.d/gnupg "$working_dir/etc/pacman.d"
unshare --fork --pid gpg --homedir "$working_dir"/etc/pacman.d/gnupg/ --no-permission-warning --quiet --batch --import --import-options import-local-sigs "$(pacman-conf GpgDir)"/pubring.gpg >/dev/null 2>&1
pacman-key --gpgdir "$working_dir"/etc/pacman.d/gnupg/ --import-trustdb "$(pacman-conf GpgDir)" >/dev/null 2>&1
printf 'Server = %s\n' "${host_mirrors[@]}" >"$working_dir/etc/pacman.d/mirrorlist"
[[ -n $pac_conf ]] && cp "$pac_conf" "$working_dir/etc/pacman.conf"
@@ -107,7 +119,6 @@ elif [[ $(cat "$working_dir/.arch-chroot") != "$CHROOT_VERSION" ]]; then
die "chroot '%s' is not at version %s. Please rebuild." "$working_dir" "$CHROOT_VERSION"
fi
build_mount_args
copy_hostconf
eval "$(grep -a '^CARCH=' "$working_dir/etc/makepkg.conf")"

View File

@@ -5,7 +5,7 @@ m4_include(lib/common.sh)
m4_include(lib/archroot.sh)
base_packages=(base-devel)
makechrootpkg_args=(-c -n)
makechrootpkg_args=(-c -n -C)
cmd="${0##*/}"
if [[ "${cmd%%-*}" == 'multilib' ]]; then
@@ -20,6 +20,15 @@ fi
chroots='/var/lib/archbuild'
clean_first=false
pacman_config="@pkgdatadir@/pacman-${repo}.conf"
if [[ -f @pkgdatadir@/pacman-${repo}-${arch}.conf ]]; then
pacman_config="@pkgdatadir@/pacman-${repo}-${arch}.conf"
fi
makepkg_config="@pkgdatadir@/makepkg-${arch}.conf"
if [[ -f @pkgdatadir@/makepkg-${repo}-${arch}.conf ]]; then
makepkg_config="@pkgdatadir@/makepkg-${repo}-${arch}.conf"
fi
usage() {
echo "Usage: $cmd [options] -- [makechrootpkg args]"
echo ' -h This help'
@@ -59,19 +68,19 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then
lock_close 9
rm -rf --one-file-system "${chroots}/${repo}-${arch}"
mkdir -p "${chroots}/${repo}-${arch}"
(umask 0022; mkdir -p "${chroots}/${repo}-${arch}")
setarch "${arch}" mkarchroot \
-C "@pkgdatadir@/pacman-${repo}.conf" \
-M "@pkgdatadir@/makepkg-${arch}.conf" \
-C "${pacman_config}" \
-M "${makepkg_config}" \
"${chroots}/${repo}-${arch}/root" \
"${base_packages[@]}" || abort
else
lock 9 "${chroots}/${repo}-${arch}/root.lock" "Locking clean chroot"
arch-nspawn \
-C "@pkgdatadir@/pacman-${repo}.conf" \
-M "@pkgdatadir@/makepkg-${arch}.conf" \
-C "${pacman_config}" \
-M "${makepkg_config}" \
"${chroots}/${repo}-${arch}/root" \
pacman -Syu --noconfirm || abort
pacman -Syuu --noconfirm || abort
fi
# Always build official packages reproducibly

View File

@@ -48,7 +48,8 @@ if [[ $(svn status -q) ]]; then
fi
pushd .. >/dev/null
IFS=$'\n' read -r -d '' -a known_files < <(svn ls -r HEAD "$trunk")
mapfile -t known_files < <(svn ls -r HEAD "$trunk")
wait $! || die "failed to discover committed files"
for file in "${known_files[@]}"; do
if [[ ${file:(-1)} = '/' ]]; then
die "archrelease: subdirectories are not supported in package directories!"
@@ -65,12 +66,12 @@ for tag in "$@"; do
stat_busy "Copying %s to %s" "${trunk}" "${tag}"
if [[ -d repos/$tag ]]; then
declare -a trash
trash=()
while read -r file; do
trash+=("repos/$tag/$file")
done < <(svn ls "repos/$tag")
[[ ${#trash[@]} == 0 ]] || svn rm -q "${trash[@]/%/@}"
mapfile -t trash < <(svn ls "repos/$tag")
wait $! || die "failed to discover existing files"
if (( ${#trash[@]} )); then
trash=("${trash[@]/#/repos/$tag/}")
svn rm -q "${trash[@]/%/@}"
fi
else
mkdir -p "repos/$tag"
svn add --parents -q "repos/$tag"

View File

@@ -22,6 +22,53 @@ elif [[ -r "$HOME/.makepkg.conf" ]]; then
source "$HOME/.makepkg.conf"
fi
usage() {
cat <<- _EOF_
Usage: ${BASH_SOURCE[0]##*/} [OPTIONS]
Searches for a locally built package corresponding to the PKGBUILD, and
downloads the last version of that package from the Pacman repositories.
It then compares the list of .so files provided by each version of the
package and outputs if there are soname differences for the new package.
A directory is also created using mktemp with files containing a file
list for both packages and a library list for both packages.
OPTIONS
-r, --rmdir Remove the temporary directory
-w, --warn Print a warning in case of differences
-h, --help Show this help text
_EOF_
}
RMDIR=0
WARN=0
OPT_SHORT='rwh'
OPT_LONG=('rmdir' 'warn' 'help')
if ! parseopts "$OPT_SHORT" "${OPT_LONG[@]}" -- "$@"; then
exit 1
fi
set -- "${OPTRET[@]}"
while :; do
case $1 in
-r|--rmdir)
RMDIR=1
;;
-w|--warn)
WARN=1
;;
-h|--help)
usage
exit 0
;;
--)
shift; break
;;
esac
shift
done
if [[ ! -f PKGBUILD ]]; then
die 'This must be run in the directory of a built package.'
fi
@@ -33,9 +80,12 @@ if [[ ${arch[0]} == 'any' ]]; then
fi
STARTDIR=$(pwd)
(( RMDIR )) && trap 'rm -rf $TEMPDIR' EXIT INT TERM QUIT
TEMPDIR=$(mktemp -d --tmpdir checkpkg-script.XXXX)
for _pkgname in "${pkgname[@]}"; do
comparepkg=$_pkgname
pkgurl=
target_pkgver=$(get_full_version "$_pkgname")
if ! pkgfile=$(find_cached_package "$_pkgname" "$target_pkgver" "$CARCH"); then
die 'tarball not found for package: %s' "${_pkgname}-$target_pkgver"
@@ -43,16 +93,29 @@ for _pkgname in "${pkgname[@]}"; do
ln -s "$pkgfile" "$TEMPDIR"
pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$_pkgname") ||
die "Couldn't download previous package for %s." "$_pkgname"
if (( $# )); then
case $1 in
/*|*/*)
pkgurl=file://$(readlink -m "$1") ;;
*.pkg.tar*)
pkgurl=$1 ;;
'')
;;
*)
comparepkg=$1 ;;
esac
shift
fi
[[ -n $pkgurl ]] || pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$comparepkg") ||
die "Couldn't download previous package for %s." "$comparepkg"
oldpkg=${pkgurl##*://*/}
oldpkg=${pkgurl##*/}
if [[ ${oldpkg##*/} = "${pkgfile##*/}" ]]; then
if [[ ${oldpkg} = "${pkgfile##*/}" ]]; then
die "The built package (%s) is the one in the repo right now!" "$_pkgname"
fi
if [[ $pkgurl = file://* ]]; then
if [[ $pkgurl = file://* || ( $pkgurl = /* && -f $pkgurl ) ]]; then
ln -s "${pkgurl#file://}" "$TEMPDIR/$oldpkg"
elif [[ -f "$PKGDEST/$oldpkg" ]]; then
ln -s "$PKGDEST/$oldpkg" "$TEMPDIR/$oldpkg"
@@ -70,11 +133,12 @@ for _pkgname in "${pkgname[@]}"; do
find-libprovides "$TEMPDIR/$oldpkg" 2>/dev/null | sort > "$TEMPDIR/libraries-$_pkgname-old"
find-libprovides "$pkgfile" 2>/dev/null | sort > "$TEMPDIR/libraries-$_pkgname"
if ! diff_output="$(sdiff -s "$TEMPDIR/libraries-$_pkgname-old" "$TEMPDIR/libraries-$_pkgname")"; then
msg "Sonames differ in $_pkgname!"
message="Sonames differ in $_pkgname!"
(( WARN )) && warning "$message" || msg "$message"
echo "$diff_output"
else
msg "No soname differences for %s." "$_pkgname"
fi
done
msg "Files saved to %s" "$TEMPDIR"
(( RMDIR )) || msg "Files saved to %s" "$TEMPDIR"

View File

@@ -83,7 +83,7 @@ while getopts ':l:a:s:f' flag; do
done
shift $(( OPTIND - 1 ))
# check packages have the packager field set
# check packages for validity
for _arch in "${arch[@]}"; do
if [[ -n $commit_arch && ${_arch} != "$commit_arch" ]]; then
continue
@@ -91,10 +91,15 @@ for _arch in "${arch[@]}"; do
for _pkgname in "${pkgname[@]}"; do
fullver=$(get_full_version "$_pkgname")
if pkgfile=$(find_cached_package "$_pkgname" "$_arch" "$fullver"); then
if pkgfile=$(find_cached_package "$_pkgname" "$fullver" "$_arch"); then
if grep -q "packager = Unknown Packager" <(bsdtar -xOqf "$pkgfile" .PKGINFO); then
die "PACKAGER was not set when building package"
fi
hashsum=sha256sum
pkgbuild_hash=$(awk -v"hashsum=$hashsum" -F' = ' '$1 == "pkgbuild_"hashsum {print $2}' <(bsdtar -xOqf "$pkgfile" .BUILDINFO))
if [[ "$pkgbuild_hash" != "$($hashsum PKGBUILD|cut -d' ' -f1)" ]]; then
die "PKGBUILD $hashsum mismatch: expected $pkgbuild_hash"
fi
fi
done
done
@@ -104,10 +109,10 @@ if [[ -z $server ]]; then
fi
if [[ -n $(svn status -q) ]]; then
msgtemplate="upgpkg: $pkgbase $(get_full_version)"$'\n\n'
msgtemplate="upgpkg: $pkgbase $(get_full_version)"
if [[ -n $1 ]]; then
stat_busy 'Committing changes to trunk'
svn commit -q -m "${msgtemplate}${1}" || die
svn commit -q -m "${msgtemplate}: ${1}" || die
stat_done
else
msgfile="$(mktemp)"
@@ -157,8 +162,8 @@ for _arch in "${arch[@]}"; do
fi
gpg --detach-sign --use-agent --no-armor "${SIGNWITHKEY[@]}" "${pkgfile}" || die
fi
if ! gpg --verify "$sigfile" >/dev/null 2>&1; then
die "Signature %s.sig is incorrect!" "$pkgfile"
if ! gpg --verify "$sigfile" "$pkgfile" >/dev/null 2>&1; then
die "Signature %s is incorrect!" "$sigfile"
fi
uploads+=("$sigfile")
done

View File

@@ -19,6 +19,19 @@ outputs if there are soname differences for the new package. A directory is
also created using mktemp with files containing a file list for both packages
and a library list for both packages.
Options
-------
*-r, --rmdir*::
Remove the temporary directory created to contain the file and library list
of both packages.
*-w, --warn*::
Print a warning instead of a regular message in case of soname differences.
*-h, --help*::
Show a help text
See Also
--------

View File

@@ -0,0 +1,38 @@
makerepropkg(1)
================
Name
----
makerepropkg - Rebuild a package to see if it is reproducible
Synopsis
--------
makerepropkg [OPTIONS] <package_file>
Description
-----------
Given the path to a built pacman package, attempt to rebuild it using the
PKGBUILD in the current directory. The package will be built in an environment
as closely matching the environment of the initial package as possible, by
building up a chroot to match the information exposed in the package's
linkman:BUILDINFO[5] manifest. On success, the resulting package will be
compared to the input package, and makerepropkg will report whether the
artifacts are identical.
This implements a verifier for pacman/libalpm packages in accordance with the
link:https://reproducible-builds.org/[Reproducible Builds] project.
Options
-------
*-c*::
Set the pacman cache directory.
*-M* <file>::
Location of a makepkg config file.
*-h*::
Show this usage message
include::footer.asciidoc[]

View File

@@ -20,6 +20,9 @@ en_US.UTF-8 and de_DE.UTF-8 locale and a generated machine-id.
Options
-------
*-U*::
Use 'pacman -U' to install packages.
*-C* <file>::
Location of a pacman config file.

View File

@@ -0,0 +1,52 @@
offload-build(1)
================
Name
----
offload-build - Build a PKGBUILD on a remote server using makechrootpkg
Synopsis
--------
offload-build [OPTIONS] -- [ARCHBUILD_OPTIONS]
Description
-----------
Build a PKGBUILD on a remote server using makechrootpkg. Requires a remote user
that can run archbuild in a non-interactive manner, e.g. must be able to
elevate permissions using passwordless sudo.
Options
-------
*-r, --repo* <reponame>::
Build against a specific repository. The default is `extra`, to build packages using
the stable repositories via extra-x86_64-build.
*-a, --arch* <architecture>::
Build against a specific architecture. The default is `x86_64`, the only
architecture officially supported by Arch Linux.
*-s, --server* <hostname>::
Offload to a specific build server. The default is dragon.archlinux.org
which is used as part of the build toolchain for the official Arch Linux
repos.
*-h, --help*::
Show a help text.
Passing options to archbuild
----------------------------
Options after a delimiting -- are passed on to archbuild on the remote.
archbuild in turn supports passing arguments on to makechrootpkg, which in turn
supports passing options to makepkg. Since each uses -- to delimit options that
are forwarded, make sure to escape them properly:
`offload-build offload-args -- archbuild-args -- makechrootpkg-args -- makepkg-args`
Example: To use a second `testing-x86_64-build` instance with another copydir:
`offload-build -r testing -- -- -l <chroot_copy>`
include::footer.asciidoc[]

View File

@@ -13,7 +13,7 @@ if [[ $1 = "--ignore-internal" ]]; then
shift
fi
script_mode=${0##*/find-lib}
script_mode=${BASH_SOURCE[0]##*/find-lib}
case $script_mode in
deps|provides) true;;

View File

@@ -17,7 +17,7 @@ if [[ -z $match ]]; then
exit 1
fi
find . -type d | while read -r d; do
find . -type d -print0 2>/dev/null| while read -r -d '' d; do
if [[ -f "$d/PKGBUILD" ]]; then
pkgname=() depends=() makedepends=() optdepends=()
# shellcheck source=PKGBUILD.proto

View File

@@ -8,7 +8,7 @@ CHROOT_VERSION='v4'
##
# usage : check_root $keepenv
##
orig_argv=("$0" "$@")
orig_argv=("${BASH_SOURCE[0]}" "$@")
check_root() {
local keepenv=$1
@@ -37,14 +37,6 @@ is_subvolume() {
[[ -e "$1" && "$(stat -f -c %T "$1")" == btrfs && "$(stat -c %i "$1")" == 256 ]]
}
##
# usage : is_same_fs( $path_a, $path_b )
# return : whether $path_a and $path_b are on the same filesystem
##
is_same_fs() {
[[ "$(stat -c %d "$1")" == "$(stat -c %d "$1")" ]]
}
##
# usage : subvolume_delete_recursive( $path )
#

View File

@@ -17,7 +17,7 @@ export LANG=C
shopt -s extglob
# check if messages are to be printed using color
if [[ -t 2 ]]; then
if [[ -t 2 && "$TERM" != dumb ]]; then
colorize
else
# shellcheck disable=2034
@@ -142,7 +142,7 @@ find_cached_package() {
for dir in "${searchdirs[@]}"; do
[[ -d $dir ]] || continue
for pkg in "$dir"/*.pkg.tar?(.?z); do
for pkg in "$dir"/*.pkg.tar?(.!(sig|*.*)); do
[[ -f $pkg ]] || continue
# avoid adding duplicates of the same inode
@@ -152,7 +152,7 @@ find_cached_package() {
# split apart package filename into parts
pkgbasename=${pkg##*/}
pkgbasename=${pkgbasename%.pkg.tar?(.?z)}
pkgbasename=${pkgbasename%.pkg.tar*}
arch=${pkgbasename##*-}
pkgbasename=${pkgbasename%-"$arch"}

31
lib/valid-repos.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/hint/bash
# License: Unspecified
:
# shellcheck disable=2034
_repos=(
staging
testing
core
extra
community-staging
community-testing
community
multilib-staging
multilib-testing
multilib
gnome-unstable
kde-unstable
)
# shellcheck disable=2034
_build_repos=(
staging
testing
extra
multilib-staging
multilib-testing
multilib
gnome-unstable
kde-unstable
)

View File

@@ -13,8 +13,34 @@
m4_include(lib/common.sh)
m4_include(lib/archroot.sh)
source /usr/share/makepkg/util/config.sh
shopt -s nullglob
default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg)
makepkg_args=("${default_makepkg_args[@]}")
verifysource_args=()
chrootdir=
passeddir=
makepkg_user=
declare -a install_pkgs
declare -i ret=0
keepbuilddir=0
update_first=0
clean_first=0
run_namcap=0
run_checkpkg=0
temp_chroot=0
bindmounts_ro=()
bindmounts_rw=()
copy=$USER
[[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER
[[ -z "$copy" || $copy = root ]] && copy=copy
src_owner=${SUDO_USER:-$USER}
usage() {
echo "Usage: ${0##*/} [options] -r <chrootdir> [--] [makepkg args]"
echo ' Run this script in a PKGBUILD dir to build a package inside a'
@@ -49,63 +75,38 @@ usage() {
echo ' Useful for maintaining multiple copies'
echo " Default: $copy"
echo '-n Run namcap on the package'
echo '-C Run checkpkg on the package'
echo '-T Build in a temporary directory'
echo '-U Run makepkg as a specified user'
exit 1
}
# {{{ functions
# Usage: load_vars $makepkg_conf
# Globals:
# - SRCDEST
# - SRCPKGDEST
# - PKGDEST
# - LOGDEST
# - MAKEFLAGS
# - PACKAGER
load_vars() {
local makepkg_conf="$1" var
[[ -f $makepkg_conf ]] || return 1
for var in {SRC,SRCPKG,PKG,LOG}DEST MAKEFLAGS PACKAGER; do
[[ -z ${!var:-} ]] && eval "$(grep -a "^${var}=" "$makepkg_conf")"
done
return 0
}
# Usage: sync_chroot $rootdir $copydir [$copy]
# Usage: sync_chroot $chrootdir $copydir [$copy]
sync_chroot() {
local rootdir=$1
local chrootdir=$1
local copydir=$2
local copy=${3:-$2}
if [[ "$rootdir" -ef "$copydir" ]]; then
if [[ "$chrootdir/root" -ef "$copydir" ]]; then
error 'Cannot sync copy with itself: %s' "$copydir"
return 1
fi
# Get a read lock on the root chroot to make
# sure we don't clone a half-updated chroot
slock 8 "$rootdir.lock" \
"Locking clean chroot [%s]" "$rootdir"
slock 8 "$chrootdir/root.lock" \
"Locking clean chroot [%s]" "$chrootdir/root"
stat_busy "Synchronizing chroot copy [%s] -> [%s]" "$rootdir" "$copy"
if is_subvolume "$rootdir" && is_same_fs "$rootdir" "$(dirname -- "$copydir")" && ! mountpoint -q "$copydir"; then
if is_subvolume "$copydir"; then
stat_busy "Synchronizing chroot copy [%s] -> [%s]" "$chrootdir/root" "$copy"
if is_btrfs "$chrootdir" && ! mountpoint -q "$copydir"; then
subvolume_delete_recursive "$copydir" ||
die "Unable to delete subvolume %s" "$copydir"
else
# avoid change of filesystem in case of an umount failure
rm --recursive --force --one-file-system "$copydir" ||
die "Unable to delete %s" "$copydir"
fi
btrfs subvolume snapshot "$rootdir" "$copydir" >/dev/null ||
btrfs subvolume snapshot "$chrootdir/root" "$copydir" >/dev/null ||
die "Unable to create subvolume %s" "$copydir"
else
mkdir -p "$copydir"
rsync -a --delete -q -W -x "$rootdir/" "$copydir"
rsync -a --delete -q -W -x "$chrootdir/root/" "$copydir"
fi
stat_done
@@ -136,11 +137,7 @@ delete_chroot() {
stat_done
}
# Usage: install_packages $copydir $pkgs...
install_packages() {
local copydir=$1
local install_pkgs=("${@:2}")
local -a pkgnames
local ret
@@ -148,28 +145,19 @@ install_packages() {
cp -- "${install_pkgs[@]}" "$copydir/root/"
arch-nspawn "$copydir" "${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
pacman -U --noconfirm -- "${pkgnames[@]/#//root/}"
bash -c 'yes y | pacman -U -- "$@"' -bash "${pkgnames[@]/#//root/}"
ret=$?
rm -- "${pkgnames[@]/#/$copydir/root/}"
return $ret
}
# Usage: prepare_chroot $copydir $HOME $keepbuilddir $run_namcap
# Globals:
# - MAKEFLAGS
# - PACKAGER
prepare_chroot() {
local copydir=$1
local USER_HOME=$2
local keepbuilddir=$3
local run_namcap=$4
[[ $keepbuilddir = true ]] || rm -rf "$copydir/build"
(( keepbuilddir )) || rm -rf "$copydir/build"
local builduser_uid builduser_gid
builduser_uid="${SUDO_UID:-$UID}"
builduser_gid="$(id -g "$builduser_uid")"
builduser_uid="$(id -u "$makepkg_user")"
builduser_gid="$(id -g "$makepkg_user")"
local install="install -o $builduser_uid -g $builduser_gid"
local x
@@ -204,7 +192,7 @@ EOF
declare -p SOURCE_DATE_EPOCH 2>/dev/null || true
printf '_chrootbuild "$@" || exit\n'
if [[ $run_namcap = true ]]; then
if (( run_namcap )); then
declare -f _chrootnamcap
printf '_chrootnamcap || exit\n'
fi
@@ -243,32 +231,18 @@ _chrootnamcap() {
done
}
# Usage: download_sources $copydir $makepkg_user
# Globals:
# - SRCDEST
download_sources() {
local copydir=$1
local makepkg_user=$2
setup_workdir
chown "$makepkg_user:" "$WORKDIR"
# Ensure sources are downloaded
sudo -u "$makepkg_user" --preserve-env=GNUPGHOME \
env SRCDEST="$SRCDEST" BUILDDIR="$WORKDIR" \
makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o ||
makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" ||
die "Could not download sources."
}
# Usage: move_products $copydir $owner
# Globals:
# - PKGDEST
# - LOGDEST
# - SRCPKGDEST
move_products() {
local copydir=$1
local src_owner=$2
local pkgfile
for pkgfile in "$copydir"/pkgdest/*; do
chown "$src_owner" "$pkgfile"
@@ -299,39 +273,18 @@ move_products() {
}
# }}}
main() {
default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg)
makepkg_args=("${default_makepkg_args[@]}")
keepbuilddir=false
update_first=false
clean_first=false
run_namcap=false
temp_chroot=false
chrootdir=
passeddir=
makepkg_user=
declare -a install_pkgs
declare -i ret=0
bindmounts_ro=()
bindmounts_rw=()
copy=$USER
[[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER
[[ -z "$copy" || $copy = root ]] && copy=copy
src_owner=${SUDO_USER:-$USER}
while getopts 'hcur:I:l:nTD:d:U:' arg; do
while getopts 'hcur:I:l:nCTD:d:U:' arg; do
case "$arg" in
c) clean_first=true ;;
c) clean_first=1 ;;
D) bindmounts_ro+=("--bind-ro=$OPTARG") ;;
d) bindmounts_rw+=("--bind=$OPTARG") ;;
u) update_first=true ;;
u) update_first=1 ;;
r) passeddir="$OPTARG" ;;
I) install_pkgs+=("$OPTARG") ;;
l) copy="$OPTARG" ;;
n) run_namcap=true; makepkg_args+=(--install) ;;
T) temp_chroot=true; copy+="-$$" ;;
n) run_namcap=1; makepkg_args+=(--install) ;;
C) run_checkpkg=1 ;;
T) temp_chroot=1; copy+="-$$" ;;
U) makepkg_user="$OPTARG" ;;
h|*) usage ;;
esac
@@ -358,25 +311,21 @@ main() {
makepkg_args+=("${@:$OPTIND}")
# See if -R or -e was passed to makepkg
for arg in "${makepkg_args[@]}"; do
for arg in "${@:$OPTIND}"; do
case ${arg%%=*} in
--repackage|--noextract) keepbuilddir=true; break ;;
--repackage|--noextract) keepbuilddir=true; break ;;
--skip*|--holdver) verifysource_args+=("$arg") ;;
--repackage|--noextract) keepbuilddir=1 ;;
--*) ;;
-*R*|-*e*) keepbuilddir=true; break ;;
-*R*|-*e*) keepbuilddir=1 ;;
esac
done
if [[ -n $SUDO_USER ]]; then
eval "USER_HOME=~$SUDO_USER"
else
USER_HOME=$HOME
fi
umask 0022
load_vars "${XDG_CONFIG_HOME:-$USER_HOME/.config}/pacman/makepkg.conf" || load_vars "$USER_HOME/.makepkg.conf"
load_vars /etc/makepkg.conf
ORIG_HOME=$HOME
IFS=: read -r _ _ _ _ _ HOME _ < <(getent passwd "${SUDO_USER:-$USER}")
load_makepkg_config
HOME=$ORIG_HOME
# Use PKGBUILD directory if these don't exist
[[ -d $PKGDEST ]] || PKGDEST=$PWD
@@ -387,19 +336,19 @@ main() {
# Lock the chroot we want to use. We'll keep this lock until we exit.
lock 9 "$copydir.lock" "Locking chroot copy [%s]" "$copy"
if [[ ! -d $copydir ]] || $clean_first; then
sync_chroot "$chrootdir/root" "$copydir" "$copy"
if [[ ! -d $copydir ]] || (( clean_first )); then
sync_chroot "$chrootdir" "$copydir" "$copy"
fi
$update_first && arch-nspawn "$copydir" \
(( update_first )) && arch-nspawn "$copydir" \
"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
pacman -Syu --noconfirm
pacman -Syuu --noconfirm
if [[ -n ${install_pkgs[*]:-} ]]; then
install_packages "$copydir" "${install_pkgs[@]}"
install_packages
ret=$?
# If there is no PKGBUILD we have done
[[ -f PKGBUILD ]] || return $ret
# If there is no PKGBUILD we are done
[[ -f PKGBUILD ]] || exit $ret
fi
if [[ "$(id -u "$makepkg_user")" == 0 ]]; then
@@ -407,32 +356,61 @@ main() {
exit 1
fi
download_sources "$copydir" "$makepkg_user"
download_sources
prepare_chroot "$copydir" "$USER_HOME" "$keepbuilddir" "$run_namcap"
prepare_chroot
if arch-nspawn "$copydir" \
--bind="$PWD:/startdir" \
--bind="$SRCDEST:/srcdest" \
--bind="${PWD//:/\\:}:/startdir" \
--bind="${SRCDEST//:/\\:}:/srcdest" \
"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
/chrootbuild "${makepkg_args[@]}"
then
move_products "$copydir" "$src_owner"
pkgnames=()
for pkgfile in "$copydir"/pkgdest/*; do
pkgfile=${pkgfile##*/};
pkgnames+=("${pkgfile%-*-*-*}");
done
move_products
else
(( ret += 1 ))
fi
$temp_chroot && delete_chroot "$copydir" "$copy"
(( temp_chroot )) && delete_chroot "$copydir" "$copy"
if (( ret != 0 )); then
if $temp_chroot; then
if (( temp_chroot )); then
die "Build failed"
else
die "Build failed, check %s/build" "$copydir"
fi
else
if (( run_checkpkg )); then
msg "Running checkpkg"
# sync off-site databases for up-to-date queries
trap 'rm -rf $dbpath; cleanup' EXIT INT TERM QUIT
dbpath=$(mktemp -d --tmpdir makechrootpkg-database.XXXXXXXXXX)
mkdir -p "$dbpath"
pacman -Sy --dbpath "$dbpath" --logfile /dev/null
# query current package locations
remotepkgs=($(pacman -Sddp --dbpath "$dbpath" --logfile /dev/null "${pkgnames[@]}"))
if (( $? )); then
warning "Skipped checkpkg due to missing repo packages"
exit 0
fi
# download package files if any non-local location exists
for remotepkg in "${remotepkgs[@]}"; do
[[ $remotepkg == file://* ]] && continue
msg2 "Downloading current versions"
pacman --noconfirm -Swdd --dbpath "$dbpath" --logfile /dev/null "${pkgnames[@]}"
break
done
msg2 "Checking packages"
sudo -u "$makepkg_user" checkpkg --rmdir --warn
fi
true
fi
}
main "$@"

View File

@@ -132,17 +132,17 @@ DBGSRCDIR="/usr/src/debug"
COMPRESSGZ=(gzip -c -f -n)
COMPRESSBZ2=(bzip2 -c -f)
COMPRESSXZ=(xz -c -z -)
COMPRESSZST=(zstd -c -z -q -)
COMPRESSLRZ=(lrzip -q)
COMPRESSLZO=(lzop -q)
COMPRESSZ=(compress -c -f)
COMPRESSLZ4=(lz4 -q)
COMPRESSLZ=(lzip -c -f)
#########################################################################
# EXTENSION DEFAULTS
#########################################################################
#
# WARNING: Do NOT modify these variables unless you know what you are
# doing.
#
PKGEXT='.pkg.tar.xz'
SRCEXT='.src.tar.gz'

190
makerepropkg.in Executable file
View File

@@ -0,0 +1,190 @@
#!/bin/bash
# makerepropkg - rebuild a package to see if it is reproducible
#
# Copyright (c) 2019 by Eli Schwartz <eschwartz@archlinux.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
m4_include(lib/common.sh)
m4_include(lib/archroot.sh)
source /usr/share/makepkg/util/config.sh
source /usr/share/makepkg/util/message.sh
declare -A buildinfo
declare -a buildenv buildopts installed installpkgs
archiveurl='https://archive.archlinux.org/packages'
buildroot=/var/lib/archbuild/reproducible
chroot=testenv
parse_buildinfo() {
local line var val
while read -r line; do
var="${line%% = *}"
val="${line#* = }"
case ${var} in
buildenv)
buildenv+=("${val}")
;;
options)
buildopts+=("${val}")
;;
installed)
installed+=("${val}")
;;
*)
buildinfo["${var}"]="${val}"
;;
esac
done
}
get_pkgfile() {
local cdir=${cache_dirs[0]}
local pkgfilebase=${1}
local pkgname=${pkgfilebase%-*-*-*}
local pkgfile ext
for ext in .xz .zstd ''; do
pkgfile=${pkgfilebase}.pkg.tar${ext}
for c in "${cache_dirs[@]}"; do
if [[ -f ${c}/${pkgfile} ]]; then
cdir=${c}
break
fi
done
for f in "${pkgfile}" "${pkgfile}.sig"; do
if [[ ! -f "${cdir}/${f}" ]]; then
msg2 "retrieving '%s'..." "${f}" >&2
curl -Llf -# -o "${cdir}/${f}" "${archiveurl}/${pkgname:0:1}/${pkgname}/${f}" || continue 2
fi
done
printf '%s\n' "file://${cdir}/${pkgfile}"
return 0
done
return 1
}
usage() {
cat << __EOF__
usage: ${BASH_SOURCE[0]##*/} [options] <package_file>
Run this script in a PKGBUILD dir to build a package inside a
clean chroot while attempting to reproduce it. The package file
will be used to derive metadata needed for reproducing the
package, including the .PKGINFO as well as the buildinfo.
For more details see https://reproducible-builds.org/
OPTIONS
-c <dir> Set pacman cache
-M <file> Location of a makepkg config file
-h Show this usage message
__EOF__
}
while getopts 'M:c:h' arg; do
case "$arg" in
M) archroot_args+=(-M "$OPTARG") ;;
c) cache_dirs+=("$OPTARG") ;;
h) usage; exit 0 ;;
*|?) usage; exit 1 ;;
esac
done
shift $((OPTIND - 1))
check_root
if [[ -n $1 ]]; then
pkgfile="$1"
if ! bsdtar -tqf "${pkgfile}" .BUILDINFO >/dev/null 2>&1; then
error "file is not a valid pacman package: '%s'" "${pkgfile}"
exit 1
fi
else
error "no package file specified. Try '${BASH_SOURCE[0]##*/} -h' for more information. "
exit 1
fi
if (( ${#cache_dirs[@]} == 0 )); then
mapfile -t cache_dirs < <(pacman-conf CacheDir)
fi
ORIG_HOME=${HOME}
IFS=: read -r _ _ _ _ _ HOME _ < <(getent passwd "${SUDO_USER:-$USER}")
load_makepkg_config
HOME=${ORIG_HOME}
[[ -d ${SRCDEST} ]] || SRCDEST=${PWD}
parse_buildinfo < <(bsdtar -xOqf "${pkgfile}" .BUILDINFO)
export SOURCE_DATE_EPOCH="${buildinfo[builddate]}"
PACKAGER="${buildinfo[packager]}"
BUILDDIR="${buildinfo[builddir]}"
# nuke and restore reproducible testenv
for copy in "${buildroot}"/*/; do
[[ -d ${copy} ]] || continue
subvolume_delete_recursive "${copy}"
done
rm -rf --one-file-system "${buildroot}"
(umask 0022; mkdir -p "${buildroot}")
for fname in "${installed[@]}"; do
if ! allpkgfiles+=("$(get_pkgfile "${fname}")"); then
error "failed to retrieve ${fname}"
exit 1
fi
done
printf '%s\n' "${allpkgfiles[@]}" | mkarchroot -U "${archroot_args[@]}" "${buildroot}"/root - || exit 1
# use makechrootpkg to prep the build directory
makechrootpkg -r "${buildroot}" -l "${chroot}" -- --packagelist || exit 1
# set detected makepkg.conf options
{
for var in PACKAGER BUILDDIR; do
printf '%s=%s\n' "${var}" "${!var@Q}"
done
printf 'OPTIONS=(%s)\n' "${buildopts[*]@Q}"
printf 'BUILDENV=(%s)\n' "${buildenv[*]@Q}"
} >> "${buildroot}/${chroot}"/etc/makepkg.conf >> "${buildroot}/${chroot}"/etc/makepkg.conf
install -d -o "${SUDO_UID:-$UID}" -g "$(id -g "${SUDO_UID:-$UID}")" "${buildroot}/${chroot}/${BUILDDIR}"
# kick off the build
arch-nspawn "${buildroot}/${chroot}" \
--bind="${PWD}:/startdir" \
--bind="${SRCDEST}:/srcdest" \
/chrootbuild -C --noconfirm --log --holdver --skipinteg
if (( $? == 0 )); then
msg2 "built succeeded! built packages can be found in ${buildroot}/${chroot}/pkgdest"
msg "comparing artifacts..."
if cmp -s "${pkgfile}" "${buildroot}/${chroot}/pkgdest/${pkgfile##*/}"; then
msg2 "Package successfully reproduced!"
exit 0
else
warning "Package is not reproducible. :("
sha256sum "${pkgfile}" "${buildroot}/${chroot}/pkgdest/${pkgfile##*/}"
fi
fi
# the package either failed to build, or was unreproducible
exit 1

View File

@@ -13,13 +13,20 @@
m4_include(lib/common.sh)
m4_include(lib/archroot.sh)
# umask might have been changed in /etc/profile
# ensure that sane default is set again
umask 0022
working_dir=''
umode=''
files=()
nspawn_args=()
usage() {
echo "Usage: ${0##*/} [options] working-dir package-list..."
echo ' options:'
echo ' -U Use pacman -U to install packages'
echo ' -C <file> Location of a pacman config file'
echo ' -M <file> Location of a makepkg config file'
echo ' -c <dir> Set pacman cache'
@@ -29,16 +36,21 @@ usage() {
exit 1
}
while getopts 'hC:M:c:f:s' arg; do
while getopts 'hUC:M:c:f:s' arg; do
case "$arg" in
U) umode=U ;;
C) pac_conf="$OPTARG" ;;
M) makepkg_conf="$OPTARG" ;;
c) cache_dir="$OPTARG" ;;
c) cache_dirs+=("$OPTARG") ;;
f) files+=("$OPTARG") ;;
s) nosetarch=1 ;;
h|?) usage ;;
*) error "invalid argument '%s'" "$arg"; usage ;;
esac
if [[ $arg != U ]]; then
nspawn_args+=("-$arg")
[[ -v OPTARG ]] && nspawn_args+=("$OPTARG")
fi
done
shift $((OPTIND - 1))
@@ -51,10 +63,10 @@ shift 1
[[ -z $working_dir ]] && die 'Please specify a working directory.'
if [[ -z $cache_dir ]]; then
cache_dirs=($(pacman -v "$cache_conf" 2>&1 | grep '^Cache Dirs:' | sed 's/Cache Dirs:\s*//g'))
else
cache_dirs=(${cache_dir})
pacconf_cmd=$(command -v pacman-conf || command -v pacconf)
if (( ${#cache_dirs[@]} == 0 )); then
mapfile -t cache_dirs < <($pacconf_cmd CacheDir)
fi
umask 0022
@@ -78,12 +90,7 @@ for file in "${files[@]}"; do
cp "$file" "$working_dir$file"
done
_env=()
while read -r varname; do
_env+=("$varname=${!varname}")
done < <(declare -x | sed -r 's/^declare -x ([^=]*)=.*/\1/' | grep -i '_proxy$')
env -i "${_env[@]}" \
pacstrap -GMcd ${pac_conf:+-C "$pac_conf"} "$working_dir" \
pacstrap -${umode}Mcd ${pac_conf:+-C "$pac_conf"} "$working_dir" \
"${cache_dirs[@]/#/--cachedir=}" "$@" || die 'Failed to install all packages'
printf '%s.UTF-8 UTF-8\n' en_US de_DE > "$working_dir/etc/locale.gen"
@@ -93,8 +100,5 @@ echo "$CHROOT_VERSION" > "$working_dir/.arch-chroot"
systemd-machine-id-setup --root="$working_dir"
exec arch-nspawn \
${nosetarch:+-s} \
${pac_conf:+-C "$pac_conf"} \
${makepkg_conf:+-M "$makepkg_conf"} \
${cache_dir:+-c "$cache_dir"} \
"${nspawn_args[@]}" \
"$working_dir" locale-gen

121
offload-build Executable file
View File

@@ -0,0 +1,121 @@
#!/bin/bash
#
# offload-build - build a PKGBUILD on a remote server using makechrootpkg.
#
# Copyright (c) 2019 by Eli Schwartz <eschwartz@archlinux.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
source /usr/share/makepkg/util/config.sh
# global defaults suitable for use by Arch staff
repo=extra
arch=x86_64
server=dragon.archlinux.org
die() { printf "error: $1\n" "${@:2}"; exit 1; }
usage() {
cat <<- _EOF_
Usage: ${BASH_SOURCE[0]##*/} [--repo REPO] [--arch ARCHITECTURE] [--server SERVER] -- [ARCHBUILD_ARGS]
Build a PKGBUILD on a remote server using makechrootpkg. Requires a remote user
that can run archbuild without password auth. Options passed after a -- are
passed on to archbuild, and eventually to makechrootpkg.
OPTIONS
-r, --repo Build against a specific repository (current: $repo)
-a, --arch Build against a specific architecture (current: $arch)
-s, --server Offload to a specific build server (current: $server)
-h, --help Show this help text
_EOF_
}
# option checking
while (( $# )); do
case $1 in
-h|--help)
usage
exit 0
;;
-r|--repo)
repo=$2
shift 2
;;
-a|--arch)
arch=$2
shift 2
;;
-s|--server)
server=$2
shift 2
;;
--)
shift
break
;;
*)
die "invalid argument: %s" "$1"
;;
esac
done
# multilib must be handled specially
if [[ $repo = multilib* ]]; then
arch=
fi
archbuild_cmd=("${repo}${arch:+-$arch}-build" "$@")
trap 'rm -rf $SRCPKGDEST' EXIT INT TERM QUIT
# Use a source-only tarball as an intermediate to transfer files. This
# guarantees the checksums are okay, and guarantees that all needed files are
# transferred, including local sources, install scripts, and changelogs.
export SRCPKGDEST=$(mktemp -d)
makepkg --source || die "unable to make source package"
# Temporary cosmetic workaround makepkg if SRCDEST is set somewhere else
# but an empty src dir is created in PWD. Remove once fixed in makepkg.
rmdir --ignore-fail-on-non-empty src 2>/dev/null || true
mapfile -t files < <(
# This is sort of bash golfing but it allows running a mildly complex
# command over ssh with a single connection.
# shellcheck disable=SC2145
cat "$SRCPKGDEST"/*.src.tar.gz |
ssh $server '
temp="${XDG_CACHE_HOME:-$HOME/.cache}/offload-build" &&
mkdir -p "$temp" &&
temp=$(mktemp -d -p "$temp") &&
cd "$temp" &&
{
bsdtar --strip-components 1 -xvf - &&
script -qefc "'"${archbuild_cmd[@]@Q}"'" /dev/null &&
printf "%s\n" "" "-> build complete" &&
printf "\t%s\n" "$temp"/*
} >&2 &&
makepkg --packagelist
')
if (( ${#files[@]} )); then
printf '%s\n' '' '-> copying files...'
load_makepkg_config
scp "${files[@]/#/$server:}" "${PKGDEST:-${PWD}}/"
else
exit 1
fi

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -90,4 +89,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -99,4 +98,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -93,4 +92,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -107,4 +106,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -98,4 +97,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -99,4 +98,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -96,4 +95,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -16,10 +16,9 @@
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@@ -90,4 +89,3 @@ Include = /etc/pacman.d/mirrorlist
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

View File

@@ -14,8 +14,8 @@
m4_include(lib/common.sh)
if (( $# < 1 )); then
printf 'Usage: %s <chrootdir> <packages to rebuild>\n' "$(basename "$0")"
printf ' example: %s ~/chroot readline bash foo bar baz\n' "$(basename "$0")"
printf 'Usage: %s <chrootdir> <packages to rebuild>\n' "$(basename "${BASH_SOURCE[0]}")"
printf ' example: %s ~/chroot readline bash foo bar baz\n' "$(basename "${BASH_SOURCE[0]}")"
exit 1
fi

View File

@@ -21,10 +21,8 @@
# globals
: ${SOLINKS_MIRROR:="https://mirror.pkgbuild.com"}
: ${SOCACHE_DIR:="${XDG_CACHE_HOME:-${HOME}/.cache}/sogrep"}
repos=('staging' 'testing' 'core' 'extra'
'community-staging' 'community-testing' 'community'
'multilib-staging' 'multilib-testing' 'multilib'
'gnome-unstable' 'kde-unstable')
m4_include(lib/valid-repos.sh)
arches=('x86_64')
# options
@@ -39,20 +37,20 @@ recache() {
(( VERBOSE )) && verbosity=--progress-bar
for repo in "${repos[@]}"; do
for repo in "${_repos[@]}"; do
for arch in "${arches[@]}"; do
rm -rf "${SOCACHE_DIR}/${arch}/${repo}"
mkdir -p "${SOCACHE_DIR}/${arch}/${repo}"
curl "$verbosity" "${SOLINKS_MIRROR}/${repo}/os/${arch}/${repo}.links.tar.gz" | bsdtar -xf - -C "${SOCACHE_DIR}/${arch}/${repo}"
curl -L "$verbosity" "${SOLINKS_MIRROR}/${repo}/os/${arch}/${repo}.links.tar.gz" | bsdtar -xf - -C "${SOCACHE_DIR}/${arch}/${repo}"
done
done
}
search() {
local repo=$1 arch lib=$2 srepos=("${repos[@]}")
local repo=$1 arch lib=$2 srepos=("${_repos[@]}")
if [[ $repo != all ]]; then
if ! in_array "${repo}" "${repos[@]}"; then
if ! in_array "${repo}" "${_repos[@]}"; then
echo "${BASH_SOURCE[0]##*/}: unrecognized repo '$repo'"
echo "Try '${BASH_SOURCE[0]##*/} --help' for more information."
exit 1

View File

@@ -1,11 +1,15 @@
#compdef archbuild archco arch-nspawn archrelease commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-x86_64-build=archbuild testing-x86_64-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco
#compdef archbuild archco arch-nspawn archrelease commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-x86_64-build=archbuild testing-x86_64-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco checkpkg sogrep offload-build makerepropkg
# License: Unspecified
m4_include(lib/valid-tags.sh)
m4_include(lib/valid-repos.sh)
_binary_arch=${_arch[*]:0:-1}
_archbuild_args=(
'-c[Recreate the chroot before building]'
'-r[Create chroots in this directory]:base_dir:_files -/'
'-h[Display usage]'
)
_archco_args=(
@@ -13,19 +17,25 @@ _archco_args=(
)
_arch_nspawn_args=(
'-C[Location of a pacman config file]:pacman_config:_files'
'-M[Location of a makepkg config file]:makepkg_config:_files'
'-C[Location of a pacman config file]:pacman_config:_files -g "*.conf(.)"'
'-M[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
'-c[Set pacman cache]:pacman_cache:_files -/'
'-f[Copy file from the host to the chroot]:copy_file:_files'
'-s[Do not run setarch]'
'-h[Display usage]'
'1:chroot_dir:_files -/'
)
_archrelease_args=(
'-f[Force release without checks]'
"*:arch:($_tags[*])"
)
_commitpkg_args=(
"-a[Release to a specific architecture only]:arch:($_arch[*])"
'-f[Force release without checks]'
'-s[Target repo server]'
'-l[Set bandwidth limit]:limit'
"-a[Release to a specific architecture only]:arch:($_arch[*])"
'1:commit_msg'
)
@@ -34,19 +44,27 @@ _finddeps_args=(
)
_makechrootpkg_args=(
'-I[Install a package into the working copy]:target:_files -g "*.pkg.tar.*(.)"'
'-c[Clean the chroot before building]'
'-h[Display usage]'
'-l[The directory to use as the working copy]:copy_dir:_files -/'
'-r[The chroot dir to use]:chroot_dir:_files -/'
'-c[Clean the chroot before building]'
'-d[Bind directory into build chroot as read-write]:bind_dir_rw:_files -/'
'-D[Bind directory into build chroot as read-only]:bind_dir_ro:_files -/'
'-u[Update the working copy of the chroot before building]'
'-r[The chroot dir to use]:chroot_dir:_files -/'
'-I[Install a package into the working copy]:target:_files -g "*.pkg.tar.*(.)"'
'-l[The directory to use as the working copy]:copy_dir:_files -/'
'-n[Run namcap on the package]'
'-T[Build in a temporary directory]'
'-U[Run makepkg as a specified user]:makepkg_user'
)
_mkarchroot_args=(
'-C[Location of a pacman config file]:pacman_config:_files'
'-M[Location of a makepkg config file]:makepkg_config:_files'
'-U[Install a package into the working copy]:target:_files -g "*.pkg.tar.*(.)"'
'-C[Location of a pacman config file]:pacman_config:_files -g "*.conf(.)"'
'-M[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
'-c[Set pacman cache]:pacman_cache:_files -/'
'-h[Display usage]'
'1:working_dir:_files -/'
'*:packages:_devtools_completions_all_packages'
)
_rebuildpkgs_args=(
@@ -54,6 +72,34 @@ _rebuildpkgs_args=(
'*:packages:_devtools_completions_all_packages'
)
_checkpkg_args=(
'(-r --rmdir)'{-r,--rmdir}'[Remove the temporary directory]'
'(-w --warn)'{-w,--warn}'[Print a warning in case of differences]'
'(-h --help)'{-h,--help}'[Display usage]'
)
_sogrep_args=(
'(-v --verbose)'{-v,--verbose}'[Show matched links in addition to pkgname]'
'(-r --refresh)'{-r,--refresh}'[Refresh the links databases]'
'(-h --help)'{-h,--help}'[Display usage]'
'1:repo:(all $_repos[*])'
'2:libname'
)
_offload_build_args=(
'(-r --repo)'{-r,--repo}'[Build against a specific repository]:repo:($_build_repos[*])'
'(-a --arch)'{-a,--arch}'[Build against a specific architecture]:arch:(${_binary_arch[*]})'
'(-s --server)'{-s,--server}'[Offload to a specific Build server]:server:'
'(-h --help)'{-h,--help}'[Display usage]'
)
_makerepropkg_args=(
'-c[Set pacman cache]:pacman_cache:_files -/'
'-M[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
'-h[Display usage]'
'1:working_dir:_files -g "*.pkg.tar.*(.)"'
)
_devtools_completions_all_packages() {
typeset -U packages
packages=($(_call_program packages pacman -Sql))