summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-12-05makechrootpkg: sync databases for checkpkg off-siteLevente Polyak
Use pacman's --dbpath feature to sync fresh databases inside an isolated location and split up the database sync and package location calls to remove the need of weird grep calls. It isn't nice of makechrootpkg to modify the host database state just by building packages. No foreign program shall automatically modify the host database other than by the explicit will of a system maintainer, which is the major reason this changes get incorporated. However, there is certain indoctrinated believe that using -Sy is the prime evil. In fact it has been declared as a social rule to a technical problem of not getting into potential partial upgrade states. This is not a proper loophole less solution as there are multiple ways and use cases that lead to such a state, like aborting a -Syu on the prompt for whatever reason, what really matters is that it is not a technically bullet proof solution to solve the problem. Databases shall have the freedom to be as up to date as databases or their owner wishes, allowing querying on latest database state without fear. The only loophole-less contract that _really_ is from importance is always using -Su instead of plain -S to install packages. Installing packages is what actually brings one into a potential partial upgrade state and by using -Su an outstanding upgrade is forced when installing a new package. This properly solves all edge cases in a technical manner instead of declaring people who abort the prompt of -Syu to be the problem. In fact, using this simple contract allows whatever system maintenance workflow a host owner wants to follow, which may still be to always use -Syu and deal with system upgrades explicitly instead of the time when installing new packages, but the -Su contract is the real safe guard to guarantee no edge case can ever slip in. This magically also opens up the freedom to people who wish to use -Sy to simply query on up to date data as the currently indoctrinated "never do -Sy" stone plates not only are not rock solid in technical terms but also make certain use cases simply impossible and hence cripple the functionality without at the very least being fully loophole free. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-30makechrootpkg: double quote array expansions for checkpkg locationsLevente Polyak
Avoid re-splitting remotepkg elements used for checkpkg conditions.
2019-11-30Version 2019113020191130Levente Polyak
2019-11-30makechrootpkg: sync database for checkpkg to avoid nonexistent targetsLevente Polyak
For build servers or similar infrastructure its relatively common to not sync/update the database regularly. This leads to problems properly running checkpkg duo to nonexistent target files that we try to download. As building on build servers is a very common use case, lets ensure we sync the local database before trying to resolve the package locations.
2019-11-30makechrootpkg: check local pkg versions before downloading for checkpkgLevente Polyak
Avoid always trying to download and output the according message. Add checks for packages either not being available in the repo or all variants have up to date versions stored in the local cache.
2019-11-30completion: add makerepropkg zsh completionLevente Polyak
2019-11-30completion: reflect new -U mkarchchroot optionLevente Polyak
2019-11-30lib/common.sh: do not use colors when running on a dumb terminalIvy Foster
2019-11-30doc: add manpage for the new makerepropkg toolEli Schwartz
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30makerepropkg: add new program to try to reproducibly build a packageEli Schwartz
This attempts to recreate a package that was probably created using makechrootpkg, and see if it conforms to the https://reproducible-builds.org/ specification. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30mkarchroot: support wrapping pacstrap -UEli Schwartz
Needed to support reproducible builds. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30archbuild: use better umaskEli Schwartz
In commit 40a90e2cab479cc64903a62b42eb617a8a7e5842 we tried to protect against system umasks resulting in unreadable chroots. However, we tried to do this in a targeted manner due to not wanting to fiddle with permissions for user-owned files. Unfortuantely, mkdir -p -m755 does not actually work that way -- the parent directory is created with broken permissions. We need umask. Run umask and mkdir in a subshell to prevent leakage. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30commitpkg: clearly delineate the commit message template and the rationaleEli Schwartz
In commit 75d23eec942e7160108ee194894b6b83ed3045d5 we moved to include commitpkg arguments as the first line of the svn commit message, but we simply dumped the result after the version number without separating the two, increasing the cognitive burden of parsing the rationale. Since the whole point of the change was to make it easier to see what happened when using git log --oneline (reducing the cognitive burden of parsing 'pretty' output with author/date info), it makes sense to also delineate the reason correctly. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30arch-nspawn: rely on deduplication to avoid making multiple host_mirror mountsEli Schwartz
Instead of comparing exact mirror urls to see if they are in host_mirrors in order to "skip" the official mirrors Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-11-30offload-build: remove empty src dir when SRCDEST is setLevente Polyak
Right now there is a bug in makepkg that leaves back an empty src directory if SRCDEST is set. This is purely cosmetic, but lets just politely try to rmdir it and fail silently if its empty or non-existent. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-30offload-build: catch more signals to be sure SRCPKGDEST gets cleanedLevente Polyak
It may be not enough to just listen on EXIT depending on the shell used so lets make sure we clean up SRCPKGDEST by listening to more sigs. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07Makefile: sort program namesEli Schwartz
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07use libmakepkg to find and use variables in makepkg.confEli Schwartz
- drop homebrew function in makechrootpkg - use better mock to find invoking user's $HOME - make offload-build respect makepkg.conf to determine where to sync files, matching the behavior of makechrootpkg Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07arch-nspawn: simplify cachedir/host_mirror parsingEli Schwartz
consolidate logic flows in the same area for parsing and building arrays. Don't bother having a special function just to build the mount_args array, since we now use the same handling for adding any cachedir (including host mirrors) to the mount arguments, this becomes a trivial for loop -- and it really did not need to be delayed until after the sanity check, anyway. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07arch-nspawn: restore cachedir handling for host_mirrorsEli Schwartz
In commit 27ff286ee78eb2faac803e3ef67f3171ddfa0098, we moved from sourcing the primary cachedir via /etc/pacman.conf, to using the pacman.conf in the workdir. One unanticipated side effect of this was breaking the special host mirrors magic we used to turn a host mirror into a cachedir. It was still processed as a server, but we relied on it being in the host's cachedirs in order to be persisted, and this no longer occurred. Solve this by explicitly adding each host mirror root as a cachedir. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-07commitpkg: Include commit msg arg in first lineDaniel M. Capella
Commit messages belong on the first line, with optional "explanatory text" starting after a blank line: https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html Referencing commit ee970f0bde3c90a0dff909c366d4ab1a1bff9b9d Signed-off-by: Daniel M. Capella <polyzen@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-11-06conf: Sync with pacman 5.2.0-2Daniel M. Capella
Signed-off-by: Daniel M. Capella <polyzen@archlinux.org>
2019-10-16Version 2019101620191016Levente Polyak
2019-10-15ci: fix travis build using undocumented but reserved keywordLevente Polyak
https://github.com/mikkeloscar/arch-travis/issues/65
2019-10-15sogrep: redirect to destination mirror (#25)jelle van der Waa
Some mirrors redirect consumers to a near by mirror which isn't handled by sogrep.
2019-09-28zsh_completion: add offload-build completionLevente Polyak
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28zsh_completion: add sogrep completionsLevente Polyak
Transform sogrep into an in-prog so we can benefit from the m4 macro to specify valid repos in a single place of truth. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28commitpkg: prefer explicit signature+data parameters for gpg --verifyLevente Polyak
Lets prefer the explicit variant of gpg --verify by providing both, the signature and the data file as parameters. For the unlikely case there is a matching signature file already present that was created outside of the toolchain and has an embedded signature with data, we at least could detect it early with this check. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28commitpkg: disallow if PKGBUILD hash mismatches package's enclosed hashLevente Polyak
Several cases showed that we release packages that were built with different PKGBUILDs than the one commited to the source tree. This is bad for obvious reasons plus sploils reproducible builds. We, under no circumstances, want to allow using commitpkg to publish and release a packages whose PKGBUILD doesn't match the one to be commited. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28commitpkg: fix wrongly ordered find_cached_package callLevente Polyak
The unknown packager check didn't worked so far as the wrongly ordered call to find_cached_package lead to the enclosing block never being executed. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28make: add target to tag a new versionLevente Polyak
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28zsh_completion: overhaul all completions to match actual optionsLevente Polyak
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28checkpkg: add option to print a warning in case of differencesLevente Polyak
Sometimes its desired to be explicitly made aware of differences reporter by checkpkg via printing a warning instead of a regular message. Automatically use --warn for makechrootpkg builds so packagers are made visibly aware of a soname bump by simply looking out for colors indicating non success messages. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28checkpkg: add option to avoid keeping the tmp dirLevente Polyak
In some cases, like default makechrootpkg execution, the temporary directory used to assemble the differences is not required. Add an option to checkpkg that allows to get rid of that directory after run and call it automatically like that in makechrootpkg. Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-28makechrootpkg: run checkpkg automatically after buildLevente Polyak
Cache previous versions required for checkpkg via pacman to avoid multiple downloads when running multiple times. In case we can't download the packages, like while building out of repo packages, print a warning instead of running checkpkg Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-09-12Version 2019091220190912Levente Polyak
2019-09-12Revert "makechrootpkg: with -n, check if the package failed to install"Eli Schwartz
This reverts commit be44b9cde15f3228839253c0c0d7d56c124c4e26. This was a nice idea in theory, because it means that we can catch conflicting files before releasing them into the repos. In practice, there were unanticipated side effects: single-package installs which conflict against their own makedepends cannot be installed either. Examples include: - kernel modules which makedepend on their dkms equivalent - jack2, which makedepends/optdepends on portaudio, which requires jack... but jack2 is a drop-in provides/conflicts jack. We cannot reliably detect when makepkg --install will error out because of dependency conflicts vs. packages which are simply broken. So, back out this change for now. Revisit this once pacutils has a new release, because it will add the option --resolve-conflicts=all, allowing for much better scripted responses to "foo conflicts with bar, remove bar? [y/N]" than simply "--noconfirm and fail". Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-21Version 2019082120190821Levente Polyak
2019-08-09makechrootpkg: with -n, check if the package failed to installEli Schwartz
We previously whitelisted this return code because split packages can frequently conflict each other, so makepkg -i is *expected* to fail in such a case. However, there is no good reason to let this succeed if the pkgbase only builds one pkgname -- that will always be a severe issue. Add a check for how many split Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09makechrootpkg: make the -U option work for the first time everEli Schwartz
The -U option was initially introduced in commit cda9cf436b2897b063c1e40efb144404aad8b821 in order to enable running makechrootpkg as root, delegating to another, manually selected, user to perform various non-root tasks (given that makepkg was modified to throw fatal errors when run as root without the option of --asroot to disable that). However, it was only ever implemented for the --verifysource option outside of the chroot, and the builduser inside the chroot is created with the same uid as the makechrootpkg invoker. It needs to run as the same uid, because it needs rw access to $startdir and $SRCDEST! Additionally this lets the invoking user more easily inspect the build directory in case of problems... The correct solution for this is to properly implement the initial intention of the -U option, and make it override the autodetection of the "invoking user" which is normally done by inspecting $SUDO_USER. This is then used as the single source of truth for "who am I pretending to be". Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09archrelease: actually fail in failure conditionsEli Schwartz
When svn ls fails due to network timeouts, this currently results in archrelease deleting all files, then committing this as the changeset. This causes data loss... With bash 4.4 and using wait $! we can get return the return code of the last backgrounded command -- which process substitution qualifies as. Key off of this to make sure that `svn ls` actually succeeded. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09archbuild: prefer repo/arch-specific configs if they existEli Schwartz
When mixing and matching different repos and architectures not present in mainline archlinux, it is sometimes desirable to set up differing presets with more granularity than devtools currently allows. One example of this is when building for architectures that are only supported by another project -- in order to coexist on a mainline archlinux host, a different mirrorlist needs to be used. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09makechrootpkg: also downgrade packages when updating chrootsEli Schwartz
Packages should never be getting downgraded... unless a package is pulled from testing, e.g. for example if gcc9 totally breaks the linux kernel. In such cases, the master repo says there is a downgrade, so we'd better go with that. Basically, ensure that packages match the repo they are being built against. Consistency at all costs! Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09makechrootpkg: when installing with -I, ensure package is installedEli Schwartz
noconfirm is wrong here, as we don't want to accept the default answer -- we want to install the new package, even if it conflicts and provides an existing one. After all, we explicitly asked for it. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09arch-nspawn: unshare the gpg namespace to prevent zombie processesEli Schwartz
gpg-agent is really annoying and leaves useless copies of itself around. Using unshare ensures that all such processes are killed as soon as the main gpg process dies. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09finddeps: suppress error messages for unreadable directoriesEli Schwartz
If the find command cannot descend into a directory in order to search for a PKGBUILD, it is likely a "$pkgdir" which makepkg sets as unreadable. As far as finddeps is concerned, this error message is not needed. Also convert to using null-delimited paths on general principle to prevent read from splitting on odd paths. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09makechrootpkg: accept arguments useful to verifysourceEli Schwartz
And pass them on to download_sources outside the chroot. Fixes FS#35652 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09makechrootpkg: fix breakage in makepkg option parsingEli Schwartz
In commit bd826752c9dc8f01917ee831302b6220ad09603a, support for short options was added to the heuristic for --noextract, but in the process, we changed to loop over the set of user options plus the builtin defaults for inside the chroot. This was wrong, as we only care about the user options -- moreover, it prevents us from adding verifysource support *outside* the chroot, for options that are also chroot options, like --holdver. Also remove uselessly duplicated line. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09ensure that sane umask is used where neededEli Schwartz
If a user umask is restrictive, a chroot may be created as root without the ability for the user to read it, which then causes makepkg --verifysource to fail. Do not set this in lib/common.sh, where it would apply to all scripts, as we do not want to override the user's policy for things like $SRCDEST files, svn checkouts, etc. Fixes FS#47625 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09Escape paths with ":" that are passed to systemd-nspawn --bindEli Schwartz
When parsing paths to automatically make available to the container, the ":" is used internally by systemd-nspawn to signify destinations in the container. Replace automatically with "\:" for the mounts that we set up, in order to safely handle a working directory etc. that contains this character. For bind options exposed to the user, it is assumed the user takes care of passing systemd-nspawn compatible paths themselves. Fixes FS#60845 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>