Version 20220609

The manpage doc has been added without a suffix which fails during
install.

.github/workflows/test.yml

@@ -1,15 +0,0 @@
-on: push
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    container: archlinux/archlinux:latest
-    steps:
-      - name: Install dependencies
-        run: pacman -Syu --noconfirm m4 make openssh subversion rsync arch-install-scripts git bzr mercurial diffutils asciidoc shellcheck
-      - uses: actions/checkout@v2
-      - name: Run tests
-        run: |
-           make PREFIX=/usr
-           make PREFIX=/usr DESTDIR="$(mktemp -d)" install
-           make check || true
-           SHELLCHECK_OPTS="-S error" make check

.gitignore

@@ -6,6 +6,8 @@ archrelease
 bash_completion
 checkpkg
 commitpkg
+diffpkg
+export-pkgbuild-keys
 finddeps
 lddd
 makechrootpkg

.gitlab-ci.yml

@@ -0,0 +1,21 @@
+image: "archlinux:latest"
+
+stages:
+  - build
+  - test
+
+build:
+  stage: build
+  needs: []
+  script:
+    - pacman -Syu --noconfirm m4 make openssh subversion rsync arch-install-scripts git bzr mercurial diffutils asciidoc
+    - make PREFIX=/usr
+    - make PREFIX=/usr DESTDIR=build install
+
+check:
+  stage: test
+  needs: []
+  script:
+    - pacman -Syu --noconfirm m4 make openssh subversion rsync arch-install-scripts git bzr mercurial diffutils asciidoc shellcheck
+    - make check || true
+    - SHELLCHECK_OPTS="-S error" make check

Makefile

@@ -1,4 +1,4 @@
-V=20211129
+V=20220609
 BUILDTOOLVER ?= $(V)
 
 PREFIX = /usr/local
@@ -12,6 +12,8 @@ IN_PROGS = \
 	checkpkg \
 	commitpkg \
 	crossrepomove\
+	diffpkg \
+	export-pkgbuild-keys \
 	finddeps \
 	find-libdeps \
 	lddd \
@@ -73,9 +75,11 @@ BASHCOMPLETION_LINKS = \
 MANS = \
 	doc/archbuild.1 \
 	doc/arch-nspawn.1 \
+	doc/export-pkgbuild-keys.1 \
 	doc/makechrootpkg.1 \
 	doc/lddd.1 \
 	doc/checkpkg.1 \
+	doc/diffpkg.1 \
 	doc/offload-build.1 \
 	doc/sogrep.1 \
 	doc/makerepropkg.1 \
@@ -116,8 +120,8 @@ install:
 	for l in ${ARCHBUILD_LINKS}; do ln -sf archbuild $(DESTDIR)$(PREFIX)/bin/$$l; done
 	for l in ${CROSSREPOMOVE_LINKS}; do ln -sf crossrepomove $(DESTDIR)$(PREFIX)/bin/$$l; done
 	ln -sf find-libdeps $(DESTDIR)$(PREFIX)/bin/find-libprovides
-	install -Dm0644 bash_completion $(DESTDIR)/usr/share/bash-completion/completions/devtools
-	for l in ${BASHCOMPLETION_LINKS}; do ln -sf devtools $(DESTDIR)/usr/share/bash-completion/completions/$$l; done
+	install -Dm0644 bash_completion $(DESTDIR)$(PREFIX)/share/bash-completion/completions/devtools
+	for l in ${BASHCOMPLETION_LINKS}; do ln -sf devtools $(DESTDIR)$(PREFIX)/share/bash-completion/completions/$$l; done
 	install -Dm0644 zsh_completion $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools
 	ln -sf archco $(DESTDIR)$(PREFIX)/bin/communityco
 	for manfile in $(MANS); do \
@@ -131,7 +135,8 @@ uninstall:
 	for l in ${COMMITPKG_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
 	for l in ${ARCHBUILD_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
 	for l in ${CROSSREPOMOVE_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/bin/$$l; done
-	rm $(DESTDIR)/usr/share/bash-completion/completions/devtools
+	for l in ${BASHCOMPLETION_LINKS}; do rm -f $(DESTDIR)$(PREFIX)/share/bash-completion/completions/$$l; done
+	rm $(DESTDIR)$(PREFIX)/share/bash-completion/completions/devtools
 	rm $(DESTDIR)$(PREFIX)/share/zsh/site-functions/_devtools
 	rm -f $(DESTDIR)$(PREFIX)/bin/communityco
 	rm -f $(DESTDIR)$(PREFIX)/bin/find-libprovides
@@ -146,7 +151,7 @@ tag:
 	@git tag --sign --message "Version $(TODAY)" $(TODAY)
 
 dist:
-	git archive --format=tar --prefix=devtools-$(V)/ $(V) | gzip -9 > devtools-$(V).tar.gz
+	git archive --format=tar --prefix=devtools-$(V)/ $(V) | gzip > devtools-$(V).tar.gz
 	gpg --detach-sign --use-agent devtools-$(V).tar.gz
 
 upload:

checkpkg.in

@@ -6,23 +6,6 @@ shopt -s extglob
 
 m4_include(lib/common.sh)
 
-# Source makepkg.conf; fail if it is not found
-if [[ -r '/etc/makepkg.conf' ]]; then
-	# shellcheck source=makepkg-x86_64.conf
-	source '/etc/makepkg.conf'
-else
-	die '/etc/makepkg.conf not found!'
-fi
-
-# Source user-specific makepkg.conf overrides
-if [[ -r "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf" ]]; then
-	# shellcheck source=/dev/null
-	source "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf"
-elif [[ -r "$HOME/.makepkg.conf" ]]; then
-	# shellcheck source=/dev/null
-	source "$HOME/.makepkg.conf"
-fi
-
 usage() {
     cat <<- _EOF_
 		Usage: ${BASH_SOURCE[0]##*/} [OPTIONS]
@@ -35,41 +18,66 @@ usage() {
 		list for both packages and a library list for both packages.
 
 		OPTIONS
-		    -r, --rmdir     Remove the temporary directory
-		    -w, --warn      Print a warning in case of differences
-		    -h, --help      Show this help text
+		    -r, --rmdir          Remove the temporary directory
+		    -w, --warn           Print a warning in case of differences
+		    -M, --makepkg-config Set an alternate makepkg configuration file
+		    -h, --help           Show this help text
 _EOF_
 }
 
 RMDIR=0
 WARN=0
+MAKEPKG_CONF=/etc/makepkg.conf
 
-OPT_SHORT='rwh'
-OPT_LONG=('rmdir' 'warn' 'help')
-if ! parseopts "$OPT_SHORT" "${OPT_LONG[@]}" -- "$@"; then
-    exit 1
-fi
-set  -- "${OPTRET[@]}"
-
-while :; do
-    case $1 in
-        -r|--rmdir)
-            RMDIR=1
-            ;;
-        -w|--warn)
-            WARN=1
-            ;;
-        -h|--help)
-            usage
-            exit 0
-            ;;
-        --)
-            shift; break
-            ;;
-    esac
-    shift
+# option checking
+while (( $# )); do
+	case $1 in
+		-h|--help)
+			usage
+			exit 0
+			;;
+		-r|--rmdir)
+			RMDIR=1
+			shift
+			;;
+		-w|--warn)
+			WARN=1
+			shift
+			;;
+		-M|--makepkg-config)
+			MAKEPKG_CONF="$2"
+			shift 2
+			;;
+		--)
+			shift
+			break
+			;;
+		-*,--*)
+			die "invalid argument: %s" "$1"
+			;;
+		*)
+			break
+			;;
+	esac
 done
 
+# Source makepkg.conf; fail if it is not found
+if [[ -r "${MAKEPKG_CONF}" ]]; then
+	# shellcheck source=makepkg-x86_64.conf
+	source "${MAKEPKG_CONF}"
+else
+	die "${MAKEPKG_CONF} not found!"
+fi
+
+# Source user-specific makepkg.conf overrides
+if [[ -r "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf"
+elif [[ -r "$HOME/.makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "$HOME/.makepkg.conf"
+fi
+
 if [[ ! -f PKGBUILD ]]; then
 	die 'This must be run in the directory of a built package.'
 fi

commitpkg.in

@@ -48,6 +48,21 @@ case "$cmd" in
 		;;
 esac
 
+
+if (( ${#validpgpkeys[@]} != 0 )); then
+	if [[ -d keys ]]; then
+		for key in "${validpgpkeys[@]}"; do
+			if [[ ! -f keys/pgp/$key.asc ]]; then
+				export-pkgbuild-keys || die 'Failed to export valid PGP keys for source files'
+			fi
+		done
+	else
+		export-pkgbuild-keys || die 'Failed to export valid PGP keys for source files'
+	fi
+
+	svn add --parents --force keys/pgp/*
+fi
+
 # find files which should be under source control
 needsversioning=()
 for s in "${source[@]}"; do
@@ -60,6 +75,9 @@ for i in 'changelog' 'install'; do
 		needsversioning+=("$file")
 	done < <(sed -n "s/^[[:space:]]*$i=//p" PKGBUILD)
 done
+for key in "${validpgpkeys[@]}"; do
+	needsversioning+=("keys/pgp/$key.asc")
+done
 
 # assert that they really are controlled by SVN
 if (( ${#needsversioning[*]} )); then
@@ -93,16 +111,14 @@ for _arch in "${arch[@]}"; do
 		fullver=$(get_full_version "$_pkgname")
 
 		if pkgfile=$(find_cached_package "$_pkgname" "$fullver" "$_arch"); then
-			if grep -q "packager = Unknown Packager" <(bsdtar -xOqf "$pkgfile" .PKGINFO); then
-				die "PACKAGER was not set when building package"
-			fi
-			hashsum=sha256sum
-			pkgbuild_hash=$(awk -v"hashsum=$hashsum" -F' = ' '$1 == "pkgbuild_"hashsum {print $2}' <(bsdtar -xOqf "$pkgfile" .BUILDINFO))
-			if [[ "$pkgbuild_hash" != "$($hashsum PKGBUILD|cut -d' ' -f1)" ]]; then
-				die "PKGBUILD $hashsum mismatch: expected $pkgbuild_hash"
-			fi
+			check_package_validity "$pkgfile"
 		fi
 	done
+
+	fullver=$(get_full_version "$pkgbase")
+	if pkgfile=$(find_cached_package "$pkgbase-debug" "$fullver" "$_arch"); then
+		check_package_validity "$pkgfile"
+	fi
 done
 
 if [[ -z $server ]]; then
@@ -147,27 +163,37 @@ for _arch in "${arch[@]}"; do
 
 	for _pkgname in "${pkgname[@]}"; do
 		fullver=$(get_full_version "$_pkgname")
-
 		if ! pkgfile=$(find_cached_package "$_pkgname" "$fullver" "${_arch}"); then
 			warning "Skipping %s: failed to locate package file" "$_pkgname-$fullver-$_arch"
 			skip_arches+=("$_arch")
 			continue 2
 		fi
 		uploads+=("$pkgfile")
-
-		sigfile="${pkgfile}.sig"
-		if [[ ! -f $sigfile ]]; then
-			msg "Signing package %s..." "${pkgfile}"
-			if [[ -n $GPGKEY ]]; then
-				SIGNWITHKEY=(-u "${GPGKEY}")
-			fi
-			gpg --detach-sign --use-agent --no-armor "${SIGNWITHKEY[@]}" "${pkgfile}" || die
-		fi
-		if ! gpg --verify "$sigfile" "$pkgfile" >/dev/null 2>&1; then
-			die "Signature %s is incorrect!" "$sigfile"
-		fi
-		uploads+=("$sigfile")
 	done
+
+	fullver=$(get_full_version "$pkgbase")
+	if ! pkgfile=$(find_cached_package "$pkgbase-debug" "$fullver" "$_arch"); then
+		continue
+	fi
+	if ! is_debug_package "$pkgfile"; then
+		continue
+	fi
+	uploads+=("$pkgfile")
+done
+
+for pkgfile in "${uploads[@]}"; do
+	sigfile="${pkgfile}.sig"
+	if [[ ! -f $sigfile ]]; then
+		msg "Signing package %s..." "${pkgfile}"
+		if [[ -n $GPGKEY ]]; then
+			SIGNWITHKEY=(-u "${GPGKEY}")
+		fi
+		gpg --detach-sign --use-agent --no-armor "${SIGNWITHKEY[@]}" "${pkgfile}" || die
+	fi
+	if ! gpg --verify "$sigfile" "$pkgfile" >/dev/null 2>&1; then
+		die "Signature %s is incorrect!" "$sigfile"
+	fi
+	uploads+=("$sigfile")
 done
 
 for _arch in "${arch[@]}"; do

diffpkg.in

@@ -0,0 +1,228 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+shopt -s extglob
+
+m4_include(lib/common.sh)
+
+usage() {
+    cat <<- _EOF_
+		Usage: ${BASH_SOURCE[0]##*/} [OPTIONS] [MODES] [FILE|PKGNAME...]
+
+		Searches for a locally built package corresponding to the PKGBUILD, and
+		downloads the last version of that package from the Pacman repositories.
+		It then compares the package archives using different modes while using
+		simple tar content list by default.
+
+		When given one package, use it to diff against the locally built one.
+		When given two packages, diff both packages against each other.
+
+		In either case, a package name will be converted to a filename from the
+		cache, and diffpkg will proceed as though this filename was initially
+		specified.
+
+		OPTIONS
+		    -M, --makepkg-config Set an alternate makepkg configuration file
+		    -v, --verbose        Provide more detailed/unfiltered output
+		    -h, --help           Show this help text
+
+		MODES
+		    -l, --list           Activate content list diff mode (default)
+		    -d, --diffoscope     Activate diffoscope diff mode
+		    -p, --pkginfo        Activate .PKGINFO diff mode
+		    -b, --buildinfo      Activate .BUILDINFO diff mode
+_EOF_
+}
+
+MAKEPKG_CONF=/etc/makepkg.conf
+VERBOSE=0
+TARLIST=0
+DIFFOSCOPE=0
+PKGINFO=0
+BUILDINFO=0
+
+# option checking
+while (( $# )); do
+	case $1 in
+		-h|--help)
+			usage
+			exit 0
+			;;
+		-M|--makepkg-config)
+			MAKEPKG_CONF="$2"
+			shift 2
+			;;
+		-l|--list)
+			TARLIST=1
+			shift
+			;;
+		-d|--diffoscope)
+			DIFFOSCOPE=1
+			shift
+			;;
+		-p|--pkginfo)
+			PKGINFO=1
+			shift
+			;;
+		-b|--buildinfo)
+			BUILDINFO=1
+			shift
+			;;
+		-v|--verbose)
+			VERBOSE=1
+			shift
+			;;
+		--)
+			shift
+			break
+			;;
+		-*,--*)
+			die "invalid argument: %s" "$1"
+			;;
+		*)
+			break
+			;;
+	esac
+done
+
+if ! (( DIFFOSCOPE || TARLIST || PKGINFO || BUILDINFO )); then
+	TARLIST=1
+fi
+
+# Source makepkg.conf; fail if it is not found
+if [[ -r "${MAKEPKG_CONF}" ]]; then
+	# shellcheck source=makepkg-x86_64.conf
+	source "${MAKEPKG_CONF}"
+else
+	die "${MAKEPKG_CONF} not found!"
+fi
+
+# Source user-specific makepkg.conf overrides
+if [[ -r "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "${XDG_CONFIG_HOME:-$HOME/.config}/pacman/makepkg.conf"
+elif [[ -r "$HOME/.makepkg.conf" ]]; then
+	# shellcheck source=/dev/null
+	source "$HOME/.makepkg.conf"
+fi
+
+STARTDIR=$(pwd)
+trap 'rm -rf $TMPDIR' EXIT INT TERM QUIT
+TMPDIR=$(mktemp -d --tmpdir diffpkg-script.XXXXXXXX)
+export TMPDIR
+
+tar_list() {
+	bsdtar tf "$*" | if (( VERBOSE )); then
+		cat
+	else
+		sed -E 's|^usr/lib/modules/[0-9][^/]+|usr/lib/modules/[…]|g'
+	fi | sort
+}
+
+diff_pkgs() {
+	local oldpkg newpkg
+	oldpkg=$(readlink -m "$1")
+	newpkg=$(readlink -m "$2")
+
+	[[ -f $oldpkg ]] || die "No such file: %s" "${oldpkg}"
+	[[ -f $newpkg ]] || die "No such file: %s" "${newpkg}"
+
+	if (( TARLIST )); then
+		tar_list "$oldpkg" > "$TMPDIR/filelist-old"
+		tar_list "$newpkg" > "$TMPDIR/filelist"
+
+		sdiff -s "$TMPDIR/filelist-old" "$TMPDIR/filelist"
+	fi
+
+	if (( PKGINFO )); then
+		bsdtar xOqf "$oldpkg" .PKGINFO > "$TMPDIR/pkginfo-old"
+		bsdtar xOqf "$newpkg" .PKGINFO > "$TMPDIR/pkginfo"
+
+		sdiff -s "$TMPDIR/pkginfo-old" "$TMPDIR/pkginfo"
+	fi
+
+	if (( BUILDINFO )); then
+		bsdtar xOqf "$oldpkg" .BUILDINFO > "$TMPDIR/buildinfo-old"
+		bsdtar xOqf "$newpkg" .BUILDINFO > "$TMPDIR/buildinfo"
+
+		sdiff -s "$TMPDIR/buildinfo-old" "$TMPDIR/buildinfo"
+	fi
+
+	if (( DIFFOSCOPE )); then
+		diffoscope "$oldpkg" "$newpkg"
+	fi
+}
+
+fetch_pkg() {
+	local pkg pkgdest pkgurl
+	case $1 in
+		*://*)
+			pkgurl=$1 ;;
+		/*|*/*)
+			pkgurl=$(readlink -m "$1") ;;
+		*.pkg.tar*)
+			pkgurl=$1 ;;
+		'')
+			;;
+		*)
+			pkg=$1 ;;
+	esac
+
+	[[ -n $pkgurl ]] || pkgurl=$(pacman -Spdd --print-format '%l' --noconfirm "$pkg") ||
+		die "Couldn't download previous package for %s." "$pkg"
+
+	pkg=${pkgurl##*/}
+	pkgdest=$(mktemp -t -d "${pkg}-XXXXXX")/${pkg}
+
+	if [[ $pkgurl = file://* || ( $pkgurl = /* && -f $pkgurl ) ]]; then
+		ln -sf "${pkgurl#file://}" "$pkgdest"
+	elif [[ -f "$PKGDEST/$pkg" ]]; then
+		ln -sf "$PKGDEST/$pkg" "$pkgdest"
+	elif [[ -f "$STARTDIR/$pkg" ]]; then
+		ln -sf "$STARTDIR/$pkg" "$pkgdest"
+	elif [[ $pkgurl = *://* ]]; then
+		curl -fsLC - --retry 3 --retry-delay 3 -o "$pkgdest" "$pkgurl" || \
+			die "Couldn't download %s" "$pkgurl"
+	else
+		die "File not found: %s" "$pkgurl"
+	fi
+
+	echo "$pkgdest"
+}
+
+if (( $# < 2 )); then
+	if [[ ! -f PKGBUILD ]]; then
+		die "This must be run in the directory of a built package.\nTry '$(basename "$0") --help' for more information."
+	fi
+
+	# shellcheck source=PKGBUILD.proto
+	. ./PKGBUILD
+	if [[ ${arch[0]} == 'any' ]]; then
+		CARCH='any'
+	fi
+
+	for _pkgname in "${pkgname[@]}"; do
+		comparepkg=$_pkgname
+		pkgurl=
+		target_pkgver=$(get_full_version "$_pkgname")
+		if ! pkgfile=$(find_cached_package "$_pkgname" "$target_pkgver" "$CARCH"); then
+			die 'tarball not found for package: %s' "${_pkgname}-$target_pkgver"
+		fi
+
+		ln -s "$pkgfile" "$TMPDIR"
+
+		if (( $# )); then
+			comparepkg="$1"
+		fi
+
+		oldpkg=$(fetch_pkg "$comparepkg") || exit 1
+
+		diff_pkgs "$oldpkg" "$pkgfile"
+	done
+else
+	file1=$(fetch_pkg "$1") || exit 1
+	file2=$(fetch_pkg "$2") || exit 1
+
+	diff_pkgs "$file1" "$file2"
+fi

doc/checkpkg.1.asciidoc

@@ -29,6 +29,9 @@ Options
 *-w, --warn*::
 	Print a warning instead of a regular message in case of soname differences.
 
+*-M, --makepkg-config*::
+	Set an alternate makepkg configuration file.
+
 *-h, --help*::
 	Show a help text
 

doc/diffpkg.1.asciidoc

@@ -0,0 +1,57 @@
+diffpkg(1)
+===========
+
+Name
+----
+diffpkg - Compare package files using different modes.
+
+Synopsis
+--------
+diffpkg [OPTIONS] [MODES] [FILE|PKGNAME...]
+
+Description
+-----------
+
+Searches for a locally built package corresponding to the PKGBUILD, and
+downloads the last version of that package from the Pacman repositories.
+It then compares the package archives using different modes while using
+simple tar content list by default.
+
+When given one package, use it to diff against the locally built one.
+When given two packages, diff both packages against each other.
+
+In either case, a package name will be converted to a filename from the
+cache, and diffpkg will proceed as though this filename was initially
+specified.
+
+Options
+-------
+
+*-M, --makepkg-config*::
+	Set an alternate makepkg configuration file
+
+*-v, --verbose*::
+	Provide more detailed/unfiltered output
+
+*-h, --help*::
+	Show a help text
+
+Modes
+-----
+
+*-l, --list*::
+	Activate tar content list diff mode (default)
+
+*-d, --diffoscope*::
+	Activate diffoscope diff mode
+
+*-p, --pkginfo*::
+	Activate .PKGINFO diff mode
+
+*-b, --buildinfo*::
+	Activate .BUILDINFO diff mode
+
+See Also
+--------
+
+include::footer.asciidoc[]

doc/export-pkgbuild-keys.1.asciidoc

@@ -0,0 +1,25 @@
+export-pkgbuild-keys(1)
+=======================
+
+Name
+----
+export-pkgbuild-keys - Export valid source signing keys from a PKGBUILD
+
+Synopsis
+--------
+export-pkgbuild-keys
+
+Description
+-----------
+
+Export the PGP keys from a PKGBUILDs validpgpkeys array into the keys/pgp/
+subdirectory. Useful for distributing packager validated source signing
+keys alongside PKGBUILDs.
+
+Options
+-------
+
+*-h, --help*::
+	Show a help text.
+
+include::footer.asciidoc[]

export-pkgbuild-keys.in

@@ -0,0 +1,73 @@
+#!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+m4_include(lib/common.sh)
+
+usage() {
+	cat <<- _EOF_
+		Usage: ${BASH_SOURCE[0]##*/}
+
+		Export the PGP keys from a PKGBUILDs validpgpkeys array into the keys/pgp/
+		subdirectory. Useful for distributing packager validated source signing
+		keys alongside PKGBUILDs.
+
+		OPTIONS
+		    -h, --help      Show this help text
+_EOF_
+}
+
+# option checking
+while (( $# )); do
+	case $1 in
+		-h|--help)
+			usage
+			exit 0
+			;;
+		*)
+			die "invalid argument: %s" "$1"
+			;;
+	esac
+done
+
+if [[ ! -f PKGBUILD ]]; then
+	die "This must be run a directory containing a PKGBUILD."
+fi
+
+mapfile -t validpgpkeys < <(
+	# shellcheck source=PKGBUILD.proto
+	. ./PKGBUILD
+	printf "%s\n" "${validpgpkeys[@]}"
+)
+
+msg "Exporting ${#validpgpkeys[@]} PGP keys..."
+if (( ${#validpgpkeys[@]} == 0 )); then
+	exit 0
+fi
+
+trap 'rm -rf $TEMPDIR' EXIT INT TERM QUIT
+TEMPDIR=$(mktemp -d --tmpdir export-pkgbuild-keys.XXXXXXXXXX)
+
+mkdir -p keys/pgp
+error=0
+
+for key in "${validpgpkeys[@]}"; do
+	gpg --output "$TEMPDIR/$key.asc" --armor --export --export-options export-minimal "$key" 2>/dev/null
+
+	# gpg does not give a non-zero return value if it fails to export...
+	if [[ -f $TEMPDIR/$key.asc ]]; then
+		msg2 "Exported $key"
+		mv "$TEMPDIR/$key.asc" "keys/pgp/$key.asc"
+	else
+		if [[ -f keys/pgp/$key.asc ]]; then
+			warning "Failed to update key: $key"
+		else
+			error "Key unavailable: $key"
+			error=1
+		fi
+	fi
+done
+
+if (( error )); then
+	die "Failed to export all \'validpgpkeys\' entries."
+fi

lib/common.sh

@@ -189,3 +189,73 @@ find_cached_package() {
 			return 1
 	esac
 }
+
+
+check_package_validity(){
+	local pkgfile=$1
+	if grep -q "packager = Unknown Packager" <(bsdtar -xOqf "$pkgfile" .PKGINFO); then
+		die "PACKAGER was not set when building package"
+	fi
+	hashsum=sha256sum
+	pkgbuild_hash=$(awk -v"hashsum=$hashsum" -F' = ' '$1 == "pkgbuild_"hashsum {print $2}' <(bsdtar -xOqf "$pkgfile" .BUILDINFO))
+	if [[ "$pkgbuild_hash" != "$($hashsum PKGBUILD|cut -d' ' -f1)" ]]; then
+		die "PKGBUILD $hashsum mismatch: expected $pkgbuild_hash"
+	fi
+}
+
+
+# usage: grep_pkginfo pkgfile pattern
+grep_pkginfo() {
+	local _ret=()
+	mapfile -t _ret < <(bsdtar -xOqf "$1" ".PKGINFO" | grep "^${2} = ")
+	printf '%s\n' "${_ret[@]#${2} = }"
+}
+
+
+# Get the package name
+getpkgname() {
+	local _name
+
+	_name="$(grep_pkginfo "$1" "pkgname")"
+	if [[ -z $_name ]]; then
+		error "Package '%s' has no pkgname in the PKGINFO. Fail!" "$1"
+		exit 1
+	fi
+
+	echo "$_name"
+}
+
+
+# Get the package base or name as fallback
+getpkgbase() {
+	local _base
+
+	_base="$(grep_pkginfo "$1" "pkgbase")"
+	if [[ -z $_base ]]; then
+		getpkgname "$1"
+	else
+		echo "$_base"
+	fi
+}
+
+
+getpkgdesc() {
+	local _desc
+
+	_desc="$(grep_pkginfo "$1" "pkgdesc")"
+	if [[ -z $_desc ]]; then
+		error "Package '%s' has no pkgdesc in the PKGINFO. Fail!" "$1"
+		exit 1
+	fi
+
+	echo "$_desc"
+}
+
+
+is_debug_package() {
+	local pkgfile=${1} pkgbase pkgname pkgdesc
+	pkgbase="$(getpkgbase "${pkgfile}")"
+	pkgname="$(getpkgname "${pkgfile}")"
+	pkgdesc="$(getpkgdesc "${pkgfile}")"
+	[[ ${pkgdesc} == "Detached debugging symbols for "* && ${pkgbase}-debug = "${pkgname}" ]]
+}

makechrootpkg.in

@@ -408,7 +408,7 @@ else
 		done
 
 		msg2 "Checking packages"
-		sudo -u "$makepkg_user" checkpkg --rmdir --warn "${remotepkgs[@]/#file:\/\//}"
+		sudo -u "$makepkg_user" checkpkg --rmdir --warn --makepkg-config "$copydir/etc/makepkg.conf" "${remotepkgs[@]/#file:\/\//}"
 	fi
 	true
 fi

makepkg-x86_64.conf

@@ -45,12 +45,13 @@ CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
         -fstack-clash-protection -fcf-protection"
 CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
 LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+LTOFLAGS="-flto=auto"
 #RUSTFLAGS="-C opt-level=2"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
 #-- Debugging flags
-DEBUG_CFLAGS="-g -fvar-tracking-assignments"
-DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
+DEBUG_CFLAGS="-g"
+DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
 #DEBUG_RUSTFLAGS="-C debuginfo=2"
 
 #########################################################################

mkarchroot.in

@@ -81,11 +81,11 @@ for file in "${files[@]}"; do
 	cp "$file" "$working_dir$file"
 done
 
-pacstrap -${umode}Mcd ${pac_conf:+-C "$pac_conf"} "$working_dir" \
+unshare --mount pacstrap -${umode}Mcd ${pac_conf:+-C "$pac_conf"} "$working_dir" \
 	"${cache_dirs[@]/#/--cachedir=}" "$@" || die 'Failed to install all packages'
 
-printf '%s.UTF-8 UTF-8\n' en_US de_DE > "$working_dir/etc/locale.gen"
-echo 'LANG=en_US.UTF-8' > "$working_dir/etc/locale.conf"
+printf '%s.UTF-8 UTF-8\n' C en_US de_DE > "$working_dir/etc/locale.gen"
+echo 'LANG=C.UTF-8' > "$working_dir/etc/locale.conf"
 echo "$CHROOT_VERSION" > "$working_dir/.arch-chroot"
 
 systemd-machine-id-setup --root="$working_dir"

sogrep.in

@@ -36,8 +36,11 @@ recache() {
             local dbpath=${SOCACHE_DIR}/${arch}/${repo}.links.tar.gz
             mkdir -p "${dbpath%/*}"
             (( VERBOSE )) && echo "Fetching ${repo}.links.tar.gz..."
-            curl -LR "${verbosity}" -o "${dbpath}" -z "${dbpath}" \
-                "${SOLINKS_MIRROR}/${repo}/os/${arch}/${repo}.links.tar.gz"
+            if ! curl -fLR "${verbosity}" -o "${dbpath}" -z "${dbpath}" \
+                    "${SOLINKS_MIRROR}/${repo}/os/${arch}/${repo}.links.tar.gz"; then
+                echo "error: failed to download links database for repo ${repo}"
+                exit 1
+            fi
         done
     done
 }

zsh_completion.in

@@ -1,4 +1,4 @@
-#compdef archbuild archco arch-nspawn archrelease commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-x86_64-build=archbuild testing-x86_64-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco checkpkg sogrep offload-build makerepropkg
+#compdef archbuild archco arch-nspawn archrelease commitpkg diffpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-x86_64-build=archbuild testing-x86_64-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco checkpkg sogrep offload-build makerepropkg
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
 
@@ -41,6 +41,17 @@ _commitpkg_args=(
 	'1:commit_msg'
 )
 
+_diffpkg_args=(
+	'(-l --list)'{-l,--list}'[Tar content list diff mode]'
+	'(-d --diffoscope)'{-d,--diffoscope}'[Diffoscope diff mode]'
+	'(-p --pkginfo)'{-p,--pkginfo}'[.PKGINFO diff mode]'
+	'(-b --buildinfo)'{-b,--buildinfo}'[.BUILDINFO diff mode]'
+	'(-m --makepkg-config)'{-m,--makepkg-config}'[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
+	'(-v --verbose)'{-v,--verbose}'[Provide more detailed/unfiltered output]'
+	'(-h --help)'{-h,--help}'[Display usage]'
+	'*:packages:_devtools_completions_all_packages'
+)
+
 _finddeps_args=(
 	'1:packages:_devtools_completions_all_packages'
 )
@@ -77,6 +88,7 @@ _rebuildpkgs_args=(
 _checkpkg_args=(
 	'(-r --rmdir)'{-r,--rmdir}'[Remove the temporary directory]'
 	'(-w --warn)'{-w,--warn}'[Print a warning in case of differences]'
+	'(-M --makepkg-config)'{-M,--makepkg-config}'[Location of a makepkg config file]:makepkg_config:_files -g "*.conf(.)"'
 	'(-h --help)'{-h,--help}'[Display usage]'
 )