chore(license): avoid sourcing PKGBUILD in check subcommand

We don't actually need any data from the package, except the pkgbase
which is exclusively used during logging. Simply grep the pkgbase name
and use the path during early code path issues.

Component: pkgctl license check

src/lib/license/check.sh

@@ -94,19 +94,19 @@ pkgctl_license_check() {
 		pushd "${path}" >/dev/null
 
 		if [[ ! -f PKGBUILD ]]; then
-			msg_error "${BOLD}${pkgbase}:${ALL_OFF} no PKGBUILD found"
+			msg_error "${BOLD}${path}:${ALL_OFF} no PKGBUILD found"
 			return 1
 		fi
 
-		# reset common PKGBUILD variables
+		if [[ ! -f .SRCINFO ]]; then
-		unset pkgbase
+			msg_error "${BOLD}${path}:${ALL_OFF} no .SRCINFO found"
-
+			return 1
-		# shellcheck source=contrib/makepkg/PKGBUILD.proto
+		fi
-		if ! . ./PKGBUILD; then
+
-			msg_error "${BOLD}${pkgbase}:${ALL_OFF} failed to source PKGBUILD"
+		if ! pkgbase=$(grep --max-count=1 --extended-regexp "pkgbase = (.+)" .SRCINFO | awk '{print $3}'); then
+			msg_error "${BOLD}${path}:${ALL_OFF} pkgbase not found in .SRCINFO"
 			return 1
 		fi
-		pkgbase=${pkgbase:-$pkgname}
 
 		if [[ ! -e LICENSE ]]; then
 			msg_error "${BOLD}${pkgbase}:${ALL_OFF} is missing the LICENSE file"

src/makechrootpkg.in

@@ -19,7 +19,7 @@ shopt -s nullglob
 
 default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg)
 makepkg_args=("${default_makepkg_args[@]}")
-verifysource_args=(--syncdeps --noconfirm --log)
+verifysource_args=()
 chrootdir=
 passeddir=
 makepkg_user=
@@ -175,7 +175,7 @@ prepare_chroot() {
 	printf >>"$copydir/etc/passwd" 'builduser:x:%d:%d:builduser:/build:/bin/bash\n' "$builduser_uid" "$builduser_gid"
 	printf >>"$copydir/etc/shadow" 'builduser:!!:%d::::::\n' "$(( $(date -u +%s) / 86400 ))"
 
-	$install -d "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest,verify/{gnupg,ssh}}
+	$install -d "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest}
 
 	sed -e '/^MAKEFLAGS=/d' -e '/^PACKAGER=/d' -i "$copydir/etc/makepkg.conf"
 	for x in BUILDDIR=/build PKGDEST=/pkgdest SRCPKGDEST=/srcpkgdest SRCDEST=/srcdest LOGDEST=/logdest \
@@ -247,10 +247,15 @@ _chrootnamcap() {
 	done
 }
 
-_download_sources() {
+download_sources() {
+	setup_workdir
+	chown "$makepkg_user:" "$WORKDIR"
+
 	# Ensure sources are downloaded
-	sudo -u builduser env SRCDEST="/srcdest" GNUPGHOME="/verify/gnupg" SSH_AUTH_SOCK="/verify/ssh" \
+	sudo -u "$makepkg_user" --preserve-env=GNUPGHOME,SSH_AUTH_SOCK \
-		bash -c "cd /startdir; makepkg --config=/etc/makepkg.conf --verifysource -o ${verifysource_args[*]}"
+		env SRCDEST="$SRCDEST" BUILDDIR="$WORKDIR" \
+		makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" ||
+		die "Could not download sources."
 }
 
 move_logfiles() {
@@ -347,7 +352,6 @@ umask 0022
 ORIG_HOME=$HOME
 IFS=: read -r _ _ _ _ _ HOME _ < <(getent passwd "${SUDO_USER:-$USER}")
 load_makepkg_config
-DEVTOOLS_GNUPGHOME="${GNUPGHOME:-$HOME/.gnupg}"
 HOME=$ORIG_HOME
 
 # Use PKGBUILD directory if these don't exist
@@ -379,6 +383,8 @@ if [[ "$(id -u "$makepkg_user")" == 0 ]]; then
 	exit 1
 fi
 
+download_sources
+
 prepare_chroot
 
 nspawn_build_args=(
@@ -390,11 +396,6 @@ nspawn_build_args=(
 	"${bindmounts_tmpfs[@]}"
 )
 
-arch-nspawn "$copydir" \
-	"${nspawn_build_args[@]}" --bind-ro="${DEVTOOLS_GNUPGHOME//:/\\:}:/verify/gnupg" --bind-ro="${SSH_AUTH_SOCK//:/\\:}:/verify/ssh" \
-	bash -c "$(declare -f _download_sources); verifysource_args=(${verifysource_args[*]}); _download_sources" ||
-	die "Could not download sources."
-
 if arch-nspawn "$copydir" \
 	"${nspawn_build_args[@]}" \
 	/chrootbuild "${makepkg_args[@]}"