mirror of
https://gitlab.archlinux.org/archlinux/devtools.git
synced 2025-10-10 06:26:18 +02:00
Compare commits
2 Commits
run0
...
688d80f32c
| Author | SHA1 | Date | |
|---|---|---|---|
|
688d80f32c | ||
|
|
b6026320ad |
@@ -14,7 +14,7 @@ Description
|
|||||||
|
|
||||||
Build a PKGBUILD on a remote server using makechrootpkg. Requires a remote user
|
Build a PKGBUILD on a remote server using makechrootpkg. Requires a remote user
|
||||||
that can run archbuild in a non-interactive manner, e.g. must be able to
|
that can run archbuild in a non-interactive manner, e.g. must be able to
|
||||||
elevate permissions using passwordless run0.
|
elevate permissions using passwordless sudo.
|
||||||
|
|
||||||
Options
|
Options
|
||||||
-------
|
-------
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ pkgctl-auth(1)
|
|||||||
|
|
||||||
Name
|
Name
|
||||||
----
|
----
|
||||||
pkgctl-auth - Authenticate with services like GitLab.
|
pkgctl-auth - Authenticate with serivces like GitLab.
|
||||||
|
|
||||||
Synopsis
|
Synopsis
|
||||||
--------
|
--------
|
||||||
|
|||||||
@@ -15,11 +15,7 @@ check_root() {
|
|||||||
local orig_argv=("$@")
|
local orig_argv=("$@")
|
||||||
|
|
||||||
(( EUID == 0 )) && return
|
(( EUID == 0 )) && return
|
||||||
if type -P run0 >/dev/null; then
|
if type -P sudo >/dev/null; then
|
||||||
keepenv=",$keepenv"
|
|
||||||
command="run0 ${keepenv//,/ --setenv=}"
|
|
||||||
exec ${command} -- "${orig_argv[@]}"
|
|
||||||
elif type -P sudo >/dev/null; then
|
|
||||||
exec sudo --preserve-env="${keepenv}" -- "${orig_argv[@]}"
|
exec sudo --preserve-env="${keepenv}" -- "${orig_argv[@]}"
|
||||||
else
|
else
|
||||||
exec su root -c "$(printf ' %q' "${orig_argv[@]}")"
|
exec su root -c "$(printf ' %q' "${orig_argv[@]}")"
|
||||||
|
|||||||
@@ -185,18 +185,10 @@ prepare_chroot() {
|
|||||||
echo "$x" >>"$copydir/etc/makepkg.conf"
|
echo "$x" >>"$copydir/etc/makepkg.conf"
|
||||||
done
|
done
|
||||||
|
|
||||||
# TODO(gromit): check if this rule is sane
|
cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF
|
||||||
# TODO(gromit): this will require a full container
|
builduser ALL = NOPASSWD: /usr/bin/pacman
|
||||||
cat > "$copydir/etc/polkit-1/rules.d/10-systemd-nopasswd.rules" <<EOF
|
|
||||||
polkit.addRule(function(action, subject) {
|
|
||||||
if (action.id == "org.freedesktop.systemd1.manage-units") {
|
|
||||||
if (subject.isInGroup("wheel")) {
|
|
||||||
return polkit.Result.YES;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
});
|
|
||||||
EOF
|
EOF
|
||||||
chmod 440 "$copydir/etc/polkit-1/rules.d/10-systemd-nopasswd.rules"
|
chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"
|
||||||
|
|
||||||
cat > "$copydir/etc/gitconfig" <<EOF
|
cat > "$copydir/etc/gitconfig" <<EOF
|
||||||
[safe]
|
[safe]
|
||||||
@@ -230,14 +222,17 @@ _chrootbuild() {
|
|||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
. /etc/profile
|
. /etc/profile
|
||||||
|
|
||||||
run0 --setenv=SOURCE_DATE_EPOCH \
|
# Beware, there are some stupid arbitrary rules on how you can
|
||||||
--setenv=BUILDTOOL \
|
# use "$" in arguments to commands with "sudo -i". ${foo} or
|
||||||
--setenv=BUILDTOOLVER \
|
# ${1} is OK, but $foo or $1 isn't.
|
||||||
--via-shell --chdir='~' \
|
# https://bugzilla.sudo.ws/show_bug.cgi?id=765
|
||||||
--user=builduser -- bash -c 'cd /startdir; makepkg "$@"' -bash "$@"
|
sudo --preserve-env=SOURCE_DATE_EPOCH \
|
||||||
|
--preserve-env=BUILDTOOL \
|
||||||
|
--preserve-env=BUILDTOOLVER \
|
||||||
|
-iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@"
|
||||||
ret=$?
|
ret=$?
|
||||||
case $ret in
|
case $ret in
|
||||||
0)
|
0|14)
|
||||||
return 0;;
|
return 0;;
|
||||||
*)
|
*)
|
||||||
return $ret;;
|
return $ret;;
|
||||||
@@ -248,7 +243,7 @@ _chrootnamcap() {
|
|||||||
pacman -S --needed --noconfirm namcap
|
pacman -S --needed --noconfirm namcap
|
||||||
for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
|
for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
|
||||||
echo "Checking ${pkgfile##*/}"
|
echo "Checking ${pkgfile##*/}"
|
||||||
run0 --user=builduser -- namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
|
sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -257,12 +252,8 @@ download_sources() {
|
|||||||
chown "$makepkg_user:" "$WORKDIR"
|
chown "$makepkg_user:" "$WORKDIR"
|
||||||
|
|
||||||
# Ensure sources are downloaded
|
# Ensure sources are downloaded
|
||||||
run0 --user="$makepkg_user" \
|
sudo -u "$makepkg_user" --preserve-env=GNUPGHOME,SSH_AUTH_SOCK \
|
||||||
--setenv=GNUPGHOME \
|
env SRCDEST="$SRCDEST" BUILDDIR="$WORKDIR" \
|
||||||
--setenv=SSH_AUTH_SOCK \
|
|
||||||
--setenv=SRCDEST="$SRCDEST" \
|
|
||||||
--setenv=BUILDDIR="$WORKDIR" \
|
|
||||||
--chdir=. -- \
|
|
||||||
makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" ||
|
makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" ||
|
||||||
die "Could not download sources."
|
die "Could not download sources."
|
||||||
}
|
}
|
||||||
@@ -409,7 +400,7 @@ if arch-nspawn "$copydir" \
|
|||||||
"${nspawn_build_args[@]}" \
|
"${nspawn_build_args[@]}" \
|
||||||
/chrootbuild "${makepkg_args[@]}"
|
/chrootbuild "${makepkg_args[@]}"
|
||||||
then
|
then
|
||||||
mapfile -t pkgnames < <(run0 --user="$makepkg_user" -- bash -c 'source PKGBUILD; printf "%s\n" "${pkgname[@]}"')
|
mapfile -t pkgnames < <(sudo -u "$makepkg_user" bash -c 'source PKGBUILD; printf "%s\n" "${pkgname[@]}"')
|
||||||
move_products
|
move_products
|
||||||
else
|
else
|
||||||
(( ret += 1 ))
|
(( ret += 1 ))
|
||||||
@@ -462,7 +453,7 @@ else
|
|||||||
done
|
done
|
||||||
|
|
||||||
msg2 "Checking packages"
|
msg2 "Checking packages"
|
||||||
run0 --user="$makepkg_user" -- checkpkg --rmdir --warn --makepkg-config "$copydir/etc/makepkg.conf" "${remotepkgs[@]/#file:\/\//}"
|
sudo -u "$makepkg_user" checkpkg --rmdir --warn --makepkg-config "$copydir/etc/makepkg.conf" "${remotepkgs[@]/#file:\/\//}"
|
||||||
fi
|
fi
|
||||||
true
|
true
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -192,7 +192,7 @@ for p in "$@"; do
|
|||||||
pkgfile=${pkgfile_remote#file://}
|
pkgfile=${pkgfile_remote#file://}
|
||||||
if [[ ! -f ${pkgfile} ]]; then
|
if [[ ! -f ${pkgfile} ]]; then
|
||||||
msg "Downloading package '%s' into pacman's cache" "${pkgfile}"
|
msg "Downloading package '%s' into pacman's cache" "${pkgfile}"
|
||||||
run0 -- pacman -Swdd --noconfirm --logfile /dev/null "${p}" || exit 1
|
sudo pacman -Swdd --noconfirm --logfile /dev/null "${p}" || exit 1
|
||||||
pkgfile_remote=$(pacman -Sddp "${p}" 2>/dev/null)
|
pkgfile_remote=$(pacman -Sddp "${p}" 2>/dev/null)
|
||||||
pkgfile="${pkgfile_remote#file://}"
|
pkgfile="${pkgfile_remote#file://}"
|
||||||
fi
|
fi
|
||||||
|
|||||||
4
test/Justfile
Normal file
4
test/Justfile
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
install:
|
||||||
|
rm -rf src/devtools-local
|
||||||
|
makepkg -f
|
||||||
|
sudo pacman --noconfirm -U $(makepkg --packagelist | head -1)
|
||||||
67
test/PKGBUILD
Normal file
67
test/PKGBUILD
Normal file
@@ -0,0 +1,67 @@
|
|||||||
|
# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
|
||||||
|
# Contributor: Pierre Schmitz <pierre@archlinux.de>
|
||||||
|
|
||||||
|
pkgname=devtools
|
||||||
|
branch=master
|
||||||
|
pkgver=1.3.1.r4.g79c3162
|
||||||
|
pkgrel=1
|
||||||
|
pkgdesc='Tools for Arch Linux package maintainers'
|
||||||
|
arch=('any')
|
||||||
|
license=('GPL')
|
||||||
|
url='https://gitlab.archlinux.org/archlinux/devtools'
|
||||||
|
depends=(
|
||||||
|
arch-install-scripts
|
||||||
|
awk
|
||||||
|
bash
|
||||||
|
binutils
|
||||||
|
coreutils
|
||||||
|
diffutils
|
||||||
|
fakeroot
|
||||||
|
findutils
|
||||||
|
grep
|
||||||
|
jq
|
||||||
|
openssh
|
||||||
|
parallel
|
||||||
|
rsync
|
||||||
|
sed
|
||||||
|
util-linux
|
||||||
|
|
||||||
|
bzr
|
||||||
|
git
|
||||||
|
mercurial
|
||||||
|
subversion
|
||||||
|
)
|
||||||
|
makedepends=(
|
||||||
|
asciidoc
|
||||||
|
shellcheck
|
||||||
|
)
|
||||||
|
optdepends=('btrfs-progs: btrfs support')
|
||||||
|
source=(devtools-local::"git+file://$PWD/../.git#branch=${branch}")
|
||||||
|
validpgpkeys=(
|
||||||
|
'4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC' # Pierre Schmitz <pierre@archlinux.org>
|
||||||
|
'86CFFCA918CF3AF47147588051E8B148A9999C34' # Evangelos Foutras <foutrelis@archlinux.org>
|
||||||
|
'8FC15A064950A99DD1BD14DD39E4B877E62EB915' # Sven-Hendrik Haase <svenstaro@archlinux.org>
|
||||||
|
'A2FF3A36AAA56654109064AB19802F8B0D70FC30' # Jan Alexander Steffens (heftig) <heftig@archlinux.org>
|
||||||
|
'B81B051F2D7FC867AAFF35A58DBD63B82072D77A' # Sébastien Luttringer <seblu@archlinux.org>
|
||||||
|
'6645B0A8C7005E78DB1D7864F99FFE0FEAE999BD' # Allan McRae (Developer) <allan@archlinux.org>
|
||||||
|
'E240B57E2C4630BA768E2F26FC1B547C8D8172C8' # Levente Polyak <anthraxx@archlinux.org>
|
||||||
|
)
|
||||||
|
sha256sums=('SKIP')
|
||||||
|
b2sums=('SKIP')
|
||||||
|
|
||||||
|
pkgver() {
|
||||||
|
cd ${pkgname}-local
|
||||||
|
git describe --long --tags | sed -E 's,^[^0-9]*,,;s,([^-]*-g),r\1,;s,-,.,g'
|
||||||
|
}
|
||||||
|
|
||||||
|
build() {
|
||||||
|
cd ${pkgname}-local
|
||||||
|
make BUILDTOOLVER="${epoch}:${pkgver}-${pkgrel}-${arch}" PREFIX=/usr
|
||||||
|
}
|
||||||
|
|
||||||
|
package() {
|
||||||
|
cd ${pkgname}-local
|
||||||
|
make PREFIX=/usr DESTDIR="${pkgdir}" install
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim: ts=2 sw=2 et:
|
||||||
Reference in New Issue
Block a user