Merge branch 'machine-name' into 'master'

feat(makechrootpkg): use meaningful machine name

See merge request archlinux/devtools!269

doc/man/offload-build.1.asciidoc

@@ -14,7 +14,7 @@ Description
 
 Build a PKGBUILD on a remote server using makechrootpkg. Requires a remote user
 that can run archbuild in a non-interactive manner, e.g. must be able to
-elevate permissions using passwordless run0.
+elevate permissions using passwordless sudo.
 
 Options
 -------

doc/man/pkgctl-auth.1.asciidoc

@@ -3,7 +3,7 @@ pkgctl-auth(1)
 
 Name
 ----
-pkgctl-auth - Authenticate with services like GitLab.
+pkgctl-auth - Authenticate with serivces like GitLab.
 
 Synopsis
 --------

src/lib/archroot.sh

@@ -15,11 +15,7 @@ check_root() {
 	local orig_argv=("$@")
 
 	(( EUID == 0 )) && return
-	if type -P run0 >/dev/null; then
-		keepenv=",$keepenv"
-		command="run0 ${keepenv//,/ --setenv=}"
-		exec ${command} -- "${orig_argv[@]}"
-	elif type -P sudo >/dev/null; then
+	if type -P sudo >/dev/null; then
 		exec sudo --preserve-env="${keepenv}" -- "${orig_argv[@]}"
 	else
 		exec su root -c "$(printf ' %q' "${orig_argv[@]}")"

src/makechrootpkg.in

@@ -150,7 +150,9 @@ install_packages() {
 	pkgnames=("${install_pkgs[@]##*/}")
 
 	cp -- "${install_pkgs[@]}" "$copydir/root/"
-	arch-nspawn "$copydir" "${bindmounts_ro[@]}" "${bindmounts_rw[@]}" "${bindmounts_tmpfs[@]}" \
+	arch-nspawn "$copydir" \
+		--machine="$(display_name installing "${pkgnames[@]}")" \
+		"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" "${bindmounts_tmpfs[@]}" \
 		pacman -U --noconfirm --ask=4 -- "${pkgnames[@]/#//root/}"
 	ret=$?
 	rm -- "${pkgnames[@]/#/$copydir/root/}"
@@ -185,18 +187,10 @@ prepare_chroot() {
 		echo "$x" >>"$copydir/etc/makepkg.conf"
 	done
 
-	# TODO(gromit): check if this rule is sane
-	# TODO(gromit): this will require a full container
-	cat > "$copydir/etc/polkit-1/rules.d/10-systemd-nopasswd.rules" <<EOF
-polkit.addRule(function(action, subject) {
-    if (action.id == "org.freedesktop.systemd1.manage-units") {
-        if (subject.isInGroup("wheel")) {
-            return polkit.Result.YES;
-        }
-    }
-});
+	cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF
+builduser ALL = NOPASSWD: /usr/bin/pacman
 EOF
-	chmod 440 "$copydir/etc/polkit-1/rules.d/10-systemd-nopasswd.rules"
+	chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"
 
 	cat > "$copydir/etc/gitconfig" <<EOF
 [safe]
@@ -230,14 +224,17 @@ _chrootbuild() {
 	# shellcheck source=/dev/null
 	. /etc/profile
 
-	run0 --setenv=SOURCE_DATE_EPOCH \
-		 --setenv=BUILDTOOL \
-		 --setenv=BUILDTOOLVER \
-		 --via-shell --chdir='~' \
-		 --user=builduser -- bash -c 'cd /startdir; makepkg "$@"' -bash "$@"
+	# Beware, there are some stupid arbitrary rules on how you can
+	# use "$" in arguments to commands with "sudo -i".  ${foo} or
+	# ${1} is OK, but $foo or $1 isn't.
+	# https://bugzilla.sudo.ws/show_bug.cgi?id=765
+	sudo --preserve-env=SOURCE_DATE_EPOCH \
+		--preserve-env=BUILDTOOL \
+		--preserve-env=BUILDTOOLVER \
+		-iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@"
 	ret=$?
 	case $ret in
-		0)
+		0|14)
 			return 0;;
 		*)
 			return $ret;;
@@ -248,7 +245,7 @@ _chrootnamcap() {
 	pacman -S --needed --noconfirm namcap
 	for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
 		echo "Checking ${pkgfile##*/}"
-		run0 --user=builduser -- namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
+		sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
 	done
 }
 
@@ -257,12 +254,8 @@ download_sources() {
 	chown "$makepkg_user:" "$WORKDIR"
 
 	# Ensure sources are downloaded
-	run0 --user="$makepkg_user" \
-		--setenv=GNUPGHOME \
-		--setenv=SSH_AUTH_SOCK \
-		--setenv=SRCDEST="$SRCDEST" \
-		--setenv=BUILDDIR="$WORKDIR" \
-		--chdir=. -- \
+	sudo -u "$makepkg_user" --preserve-env=GNUPGHOME,SSH_AUTH_SOCK \
+		env SRCDEST="$SRCDEST" BUILDDIR="$WORKDIR" \
 		makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" ||
 		die "Could not download sources."
 }
@@ -300,6 +293,33 @@ move_products() {
 		fi
 	done
 }
+
+# Usage: display_name verb pkgname [pkgname...]
+display_name() {
+	local max_hostname max_pkgnames_length max_pid_digits pkgnames tool verb
+
+	max_hostname=64  # see gethostname(2)
+	num_joiner_chars=3  # see template string below
+	max_pid_digits=7  # ceil(log(2^22, 10))
+
+	tool="${0##*/}"
+	verb="${1?}"
+	shift
+	max_pkgnames_length=$((
+		max_hostname - num_joiner_chars - max_pid_digits - "${#tool}" - "${#verb}"
+	))
+	# Normalize the package name so it doubles as a valid hostname
+	# https://github.com/systemd/systemd/blob/v256/src/basic/hostname-util.c#L83-L136
+	pkgnames="$(
+		tr -s -c 'a-z0-9 ' - <<< "$*" | tr ' ' . | head -c ${max_pkgnames_length}
+	)"
+
+	if [[ $# -eq 0 ]]; then
+		printf '%s.%s.%s' "${tool}" "${verb}" $$
+	else
+		printf '%s.%s.%s.%s' "${tool}" "${verb}" "${pkgnames%%-}" $$
+	fi
+}
 # }}}
 
 while getopts 'hcur:I:l:nCTD:d:U:x:t:' arg; do
@@ -377,6 +397,7 @@ if [[ ! -d $copydir ]] || (( clean_first )); then
 fi
 
 (( update_first )) && arch-nspawn "$copydir" \
+		--machine="$(display_name updating)" \
 		"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" "${bindmounts_tmpfs[@]}" \
 		pacman -Syuu --noconfirm
 
@@ -405,11 +426,19 @@ nspawn_build_args=(
 	"${bindmounts_tmpfs[@]}"
 )
 
+{
+	read -r -d $'\n' pkgbase
+	mapfile -t pkgnames
+} < <(sudo -u "$makepkg_user" bash -c '
+		source PKGBUILD
+		printf "%s\n" "${pkgbase:-${pkgname}}" "${pkgname[@]}"
+')
+
 if arch-nspawn "$copydir" \
 	"${nspawn_build_args[@]}" \
+	--machine="$(display_name building "${pkgbase}")" \
 	/chrootbuild "${makepkg_args[@]}"
 then
-	mapfile -t pkgnames < <(run0 --user="$makepkg_user" -- bash -c 'source PKGBUILD; printf "%s\n" "${pkgname[@]}"')
 	move_products
 else
 	(( ret += 1 ))
@@ -422,8 +451,11 @@ if [[ $inspect == always ]] || ( [[ $inspect == failure ]] && (( ret != 0 )) );
 	else
 		error "Build failed, inspecting %s" "$copydir"
 	fi
+	# Use a short machine name without dots so the shell picks it up
+	# as part of the window title
 	arch-nspawn "$copydir" \
 		"${nspawn_build_args[@]}" \
+		--machine="inspecting-$$" \
 		--user=builduser \
 		--chdir=/build
 fi
@@ -453,7 +485,9 @@ else
 		for remotepkg in "${remotepkgs[@]}"; do
 			if [[ $remotepkg != file://* ]]; then
 				msg2 "Downloading current versions"
-				arch-nspawn "$copydir" pacman --noconfirm -Swdd "${pkgnames[@]}"
+				arch-nspawn "$copydir" \
+					--machine="$(display_name downloading "${pkgnames[@]}")" \
+					pacman --noconfirm -Swdd "${pkgnames[@]}"
 				mapfile -t remotepkgs < <(pacman --config "$copydir"/etc/pacman.conf \
 					--dbpath "$copydir"/var/lib/pacman \
 					-Sddp "${pkgnames[@]}")
@@ -462,7 +496,7 @@ else
 		done
 
 		msg2 "Checking packages"
-		run0 --user="$makepkg_user" -- checkpkg --rmdir --warn --makepkg-config "$copydir/etc/makepkg.conf" "${remotepkgs[@]/#file:\/\//}"
+		sudo -u "$makepkg_user" checkpkg --rmdir --warn --makepkg-config "$copydir/etc/makepkg.conf" "${remotepkgs[@]/#file:\/\//}"
 	fi
 	true
 fi

src/makerepropkg.in

@@ -192,7 +192,7 @@ for p in "$@"; do
         pkgfile=${pkgfile_remote#file://}
         if [[ ! -f ${pkgfile} ]]; then
             msg "Downloading package '%s' into pacman's cache" "${pkgfile}"
-            run0 -- pacman -Swdd --noconfirm --logfile /dev/null "${p}" || exit 1
+            sudo pacman -Swdd --noconfirm --logfile /dev/null "${p}" || exit 1
             pkgfile_remote=$(pacman -Sddp "${p}" 2>/dev/null)
             pkgfile="${pkgfile_remote#file://}"
         fi