From cd500d161fc174841486c6f204ae81d450086e92 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" Date: Tue, 12 Sep 2017 23:26:34 +0200 Subject: arch-nspawn: Pass --as-pid2 As not all commands we run are capable of reaping processes correctly. For example, pacman is not. --- arch-nspawn.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch-nspawn.in b/arch-nspawn.in index 5205bf4..c55f498 100644 --- a/arch-nspawn.in +++ b/arch-nspawn.in @@ -114,6 +114,6 @@ eval "$(grep '^CARCH=' "$working_dir/etc/makepkg.conf")" exec ${CARCH:+setarch "$CARCH"} systemd-nspawn -q \ -D "$working_dir" \ -E "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin" \ - --register=no --keep-unit \ + --register=no --keep-unit --as-pid2 \ "${mount_args[@]}" \ "$@" -- cgit v1.2.3-54-g00ecf From 6a7dcdeff9dee3c3b1192e61ad8e5a58f2215db0 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" Date: Wed, 13 Sep 2017 00:08:30 +0200 Subject: arch-nspawn: Hack to give the inner process a controlling terminal This was lost at some point. --- arch-nspawn.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch-nspawn.in b/arch-nspawn.in index c55f498..d25fa3b 100644 --- a/arch-nspawn.in +++ b/arch-nspawn.in @@ -116,4 +116,4 @@ exec ${CARCH:+setarch "$CARCH"} systemd-nspawn -q \ -E "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin" \ --register=no --keep-unit --as-pid2 \ "${mount_args[@]}" \ - "$@" + /bin/bash -c 'exec Date: Wed, 13 Sep 2017 00:25:06 +0200 Subject: Revert "arch-nspawn: Hack to give the inner process a controlling terminal" Whoops, this will of course mess with nspawn arguments passed to arch-nspawn. --- arch-nspawn.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch-nspawn.in b/arch-nspawn.in index d25fa3b..c55f498 100644 --- a/arch-nspawn.in +++ b/arch-nspawn.in @@ -116,4 +116,4 @@ exec ${CARCH:+setarch "$CARCH"} systemd-nspawn -q \ -E "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin" \ --register=no --keep-unit --as-pid2 \ "${mount_args[@]}" \ - /bin/bash -c 'exec Date: Thu, 14 Sep 2017 22:21:47 +0200 Subject: makechrootpkg: Prevent collecting coredumps Coredumps from build chroots are not generally useful. Prevent them from being generated. Avoids a lot of annoyance from the GCC testsuite spawning lots of systemd-coredump processes. Just set the soft limit so the user can still raise it in the PKGBUILD if they insist. --- makechrootpkg.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/makechrootpkg.in b/makechrootpkg.in index ef3f2ec..add87d3 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -241,8 +241,12 @@ EOF # These functions aren't run in makechrootpkg, # so no global variables _chrootbuild() { + # No coredumps + ulimit -c 0 + # shellcheck source=/dev/null . /etc/profile + # Beware, there are some stupid arbitrary rules on how you can # use "$" in arguments to commands with "sudo -i". ${foo} or # ${1} is OK, but $foo or $1 isn't. -- cgit v1.2.3-54-g00ecf From ddd508efc083fc9beb6f2c96e2537521b31c1e6f Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" Date: Thu, 14 Sep 2017 23:31:41 +0200 Subject: makechrootpkg: Reopen console to assign the CTTY nspawn does not give us a controlling terminal, hence we ignore interrupts. Apparently this was lost in systemd at some point. Hack around this by reopening the console to make it the controlling terminal. --- makechrootpkg.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makechrootpkg.in b/makechrootpkg.in index add87d3..8724355 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -241,6 +241,9 @@ EOF # These functions aren't run in makechrootpkg, # so no global variables _chrootbuild() { + # Work around nspawn not giving us a ctty + exec Date: Sat, 16 Sep 2017 17:52:39 -0400 Subject: makechrootpkg: move init_variables() to be part of main() The reason it wasn't moved before was just to keep the diffs (with --ignore-all-space) smaller, to make merging and rebasing work easier. Moving code around in a file tends to make that difficult. But, readability wise, it belongs in main(). --- makechrootpkg.in | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/makechrootpkg.in b/makechrootpkg.in index 8724355..f81c47e 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -15,29 +15,6 @@ m4_include(lib/archroot.sh) shopt -s nullglob -init_variables() { - default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg) - makepkg_args=("${default_makepkg_args[@]}") - keepbuilddir=false - update_first=false - clean_first=false - run_namcap=false - temp_chroot=false - chrootdir= - passeddir= - makepkg_user= - declare -ga install_pkgs - declare -gi ret=0 - - bindmounts_ro=() - bindmounts_rw=() - - copy=$USER - [[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER - [[ -z "$copy" || $copy = root ]] && copy=copy - src_owner=${SUDO_USER:-$USER} -} - usage() { echo "Usage: ${0##*/} [options] -r [--] [makepkg args]" echo ' Run this script in a PKGBUILD dir to build a package inside a' @@ -325,7 +302,26 @@ move_products() { # }}} main() { - init_variables + default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg) + makepkg_args=("${default_makepkg_args[@]}") + keepbuilddir=false + update_first=false + clean_first=false + run_namcap=false + temp_chroot=false + chrootdir= + passeddir= + makepkg_user= + declare -a install_pkgs + declare -i ret=0 + + bindmounts_ro=() + bindmounts_rw=() + + copy=$USER + [[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER + [[ -z "$copy" || $copy = root ]] && copy=copy + src_owner=${SUDO_USER:-$USER} while getopts 'hcur:I:l:nTD:d:U:' arg; do case "$arg" in -- cgit v1.2.3-54-g00ecf From 095e5305e45a32d4eee1e43a493200f4bc8455b3 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 16 Sep 2017 18:00:11 -0400 Subject: makechrootpkg: Fix function usage comments A couple of the comments noting which globals are used by functions are outdated/wrong. - download_sources() : Remove USER from the list. It was always wrong. Originally, it should have been SUDO_USER (not USER), but I should have removed it entirely in 4f23609. - move_products() : Add SRCPKGDEST to the list. Though the commit adding the comment was only recently upstreamed (as 2fd5931), it originated in 2013 in a commit that has since been rebased many times. Anyway, in this rebasing, it missed move_products() starting to pay attention to SRCPKGDEST in fd1be1b (since nothing made git think there was a "conflict"). --- makechrootpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makechrootpkg.in b/makechrootpkg.in index f81c47e..d4c293f 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -245,7 +245,6 @@ _chrootnamcap() { # Usage: download_sources $copydir $makepkg_user # Globals: # - SRCDEST -# - USER download_sources() { local copydir=$1 local makepkg_user=$2 @@ -267,6 +266,7 @@ download_sources() { # Globals: # - PKGDEST # - LOGDEST +# - SRCPKGDEST move_products() { local copydir=$1 local src_owner=$2 -- cgit v1.2.3-54-g00ecf From 94160d62b8d3de9d737f5ec70451fefa9ceda6d1 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 24 Sep 2017 18:56:32 -0400 Subject: use makepkg library instead of local function copies This mirrors dbscripts commit 625fa02 by Pierre Schmitz at 2017-04-18 14:20:49 --- lib/common.sh | 100 ++++------------------------------------------------------ 1 file changed, 7 insertions(+), 93 deletions(-) diff --git a/lib/common.sh b/lib/common.sh index 0fb93d9..a3c2ec2 100644 --- a/lib/common.sh +++ b/lib/common.sh @@ -6,62 +6,21 @@ [[ -z ${_INCLUDE_COMMON_SH:-} ]] || return 0 _INCLUDE_COMMON_SH=true +# shellcheck disable=1091 +. /usr/share/makepkg/util.sh + # Avoid any encoding problems export LANG=C shopt -s extglob # check if messages are to be printed using color -declare ALL_OFF='' BOLD='' BLUE='' GREEN='' RED='' YELLOW='' if [[ -t 2 ]]; then - # prefer terminal safe colored and bold text when tput is supported - if tput setaf 0 &>/dev/null; then - ALL_OFF="$(tput sgr0)" - BOLD="$(tput bold)" - BLUE="${BOLD}$(tput setaf 4)" - GREEN="${BOLD}$(tput setaf 2)" - RED="${BOLD}$(tput setaf 1)" - YELLOW="${BOLD}$(tput setaf 3)" - else - ALL_OFF="\e[1;0m" - BOLD="\e[1;1m" - BLUE="${BOLD}\e[1;34m" - GREEN="${BOLD}\e[1;32m" - RED="${BOLD}\e[1;31m" - YELLOW="${BOLD}\e[1;33m" - fi + colorize +else + # shellcheck disable=2034 + declare -gr ALL_OFF='' BOLD='' BLUE='' GREEN='' RED='' YELLOW='' fi -readonly ALL_OFF BOLD BLUE GREEN RED YELLOW - -plain() { - local mesg=$1; shift - # shellcheck disable=2059 - printf "${BOLD} ${mesg}${ALL_OFF}\n" "$@" >&2 -} - -msg() { - local mesg=$1; shift - # shellcheck disable=2059 - printf "${GREEN}==>${ALL_OFF}${BOLD} ${mesg}${ALL_OFF}\n" "$@" >&2 -} - -msg2() { - local mesg=$1; shift - # shellcheck disable=2059 - printf "${BLUE} ->${ALL_OFF}${BOLD} ${mesg}${ALL_OFF}\n" "$@" >&2 -} - -warning() { - local mesg=$1; shift - # shellcheck disable=2059 - printf "${YELLOW}==> WARNING:${ALL_OFF}${BOLD} ${mesg}${ALL_OFF}\n" "$@" >&2 -} - -error() { - local mesg=$1; shift - # shellcheck disable=2059 - printf "${RED}==> ERROR:${ALL_OFF}${BOLD} ${mesg}${ALL_OFF}\n" "$@" >&2 -} stat_busy() { local mesg=$1; shift @@ -110,51 +69,6 @@ die() { cleanup 255 } -## -# usage : in_array( $needle, $haystack ) -# return : 0 - found -# 1 - not found -## -in_array() { - local needle=$1; shift - local item - for item in "$@"; do - [[ $item = "$needle" ]] && return 0 # Found - done - return 1 # Not Found -} - -## -# usage : get_full_version( [$pkgname] ) -# return : full version spec, including epoch (if necessary), pkgver, pkgrel -## -get_full_version() { - # set defaults if they weren't specified in buildfile - local pkgbase=${pkgbase:-${pkgname[0]}} - local epoch=${epoch:-0} - local pkgver=${pkgver} - local pkgrel=${pkgrel} - if [[ -z $1 ]]; then - if (( ! epoch )); then - printf '%s\n' "$pkgver-$pkgrel" - else - printf '%s\n' "$epoch:$pkgver-$pkgrel" - fi - else - local pkgver_override='' pkgrel_override='' epoch_override='' - for i in pkgver pkgrel epoch; do - local indirect="${i}_override" - eval "$(declare -f "package_$1" | sed -n "s/\(^[[:space:]]*$i=\)/${i}_override=/p")" - [[ -z ${!indirect} ]] && eval ${indirect}=\"${!i}\" - done - if (( ! epoch_override )); then - printf '%s\n' "$pkgver_override-$pkgrel_override" - else - printf '%s\n' "$epoch_override:$pkgver_override-$pkgrel_override" - fi - fi -} - ## # usage : lock( $fd, $file, $message, [ $message_arguments... ] ) ## -- cgit v1.2.3-54-g00ecf From 7259e7def07a5f6ee04a34db61a87361ad0b5ac7 Mon Sep 17 00:00:00 2001 From: Bartłomiej Piotrowski Date: Wed, 31 May 2017 23:30:19 +0200 Subject: Remove i686 support --- Makefile | 6 --- commitpkg.in | 7 ++- lib/valid-tags.sh | 19 ++++--- makepkg-i686.conf | 150 ------------------------------------------------------ zsh_completion.in | 2 +- 5 files changed, 13 insertions(+), 171 deletions(-) delete mode 100644 makepkg-i686.conf diff --git a/Makefile b/Makefile index 4846aec..43cfc4d 100644 --- a/Makefile +++ b/Makefile @@ -19,7 +19,6 @@ BINPROGS = \ makechrootpkg CONFIGFILES = \ - makepkg-i686.conf \ makepkg-x86_64.conf \ pacman-extra.conf \ pacman-testing.conf \ @@ -45,18 +44,13 @@ COMMITPKG_LINKS = \ gnome-unstablepkg ARCHBUILD_LINKS = \ - extra-i686-build \ extra-x86_64-build \ - testing-i686-build \ testing-x86_64-build \ - staging-i686-build \ staging-x86_64-build \ multilib-build \ multilib-testing-build \ multilib-staging-build \ - kde-unstable-i686-build \ kde-unstable-x86_64-build \ - gnome-unstable-i686-build \ gnome-unstable-x86_64-build CROSSREPOMOVE_LINKS = \ diff --git a/commitpkg.in b/commitpkg.in index 53b6612..3fc3fa6 100644 --- a/commitpkg.in +++ b/commitpkg.in @@ -189,12 +189,11 @@ if [[ ${#uploads[*]} -gt 0 ]]; then fi if [[ "${arch[*]}" == 'any' ]]; then - if [[ -d ../repos/$repo-i686 && -d ../repos/$repo-x86_64 ]]; then + if [[ -d ../repos/$repo-x86_64 ]]; then pushd ../repos/ >/dev/null - stat_busy "Removing %s and %s" "$repo-i686" "$repo-x86_64" - svn rm -q "$repo-i686" + stat_busy "Removing %s" "$repo-x86_64" svn rm -q "$repo-x86_64" - svn commit -q -m "Removed $repo-i686 and $repo-x86_64 for $pkgname" + svn commit -q -m "Removed $repo-x86_64 for $pkgname" stat_done popd >/dev/null fi diff --git a/lib/valid-tags.sh b/lib/valid-tags.sh index 2916dc7..3cfe046 100644 --- a/lib/valid-tags.sh +++ b/lib/valid-tags.sh @@ -4,23 +4,22 @@ # shellcheck disable=2034 _arch=( - i686 x86_64 any ) # shellcheck disable=2034 _tags=( - core-i686 core-x86_64 core-any - extra-i686 extra-x86_64 extra-any + core-x86_64 core-any + extra-x86_64 extra-any multilib-x86_64 - staging-i686 staging-x86_64 staging-any - testing-i686 testing-x86_64 testing-any + staging-x86_64 staging-any + testing-x86_64 testing-any multilib-testing-x86_64 multilib-staging-x86_64 - community-i686 community-x86_64 community-any - community-staging-i686 community-staging-x86_64 community-staging-any - community-testing-i686 community-testing-x86_64 community-testing-any - kde-unstable-i686 kde-unstable-x86_64 kde-unstable-any - gnome-unstable-i686 gnome-unstable-x86_64 gnome-unstable-any + community-x86_64 community-any + community-staging-x86_64 community-staging-any + community-testing-x86_64 community-testing-any + kde-unstable-x86_64 kde-unstable-any + gnome-unstable-x86_64 gnome-unstable-any ) diff --git a/makepkg-i686.conf b/makepkg-i686.conf deleted file mode 100644 index f7ea2c2..0000000 --- a/makepkg-i686.conf +++ /dev/null @@ -1,150 +0,0 @@ -#!/hint/bash -# shellcheck disable=2034 - -# -# /etc/makepkg.conf -# - -######################################################################### -# SOURCE ACQUISITION -######################################################################### -# -#-- The download utilities that makepkg should use to acquire sources -# Format: 'protocol::agent' -DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u' - 'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u' - 'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u' - 'rsync::/usr/bin/rsync --no-motd -z %u %o' - 'scp::/usr/bin/scp -C %u %o') - -# Other common tools: -# /usr/bin/snarf -# /usr/bin/lftpget -c -# /usr/bin/wget - -#-- The package required by makepkg to download VCS sources -# Format: 'protocol::package' -VCSCLIENTS=('bzr::bzr' - 'git::git' - 'hg::mercurial' - 'svn::subversion') - -######################################################################### -# ARCHITECTURE, COMPILE FLAGS -######################################################################### -# -CARCH="i686" -CHOST="i686-pc-linux-gnu" - -#-- Compiler and Linker Flags -# -march (or -mcpu) builds exclusively for an architecture -# -mtune optimizes for an architecture, but builds for whole processor family -CPPFLAGS="-D_FORTIFY_SOURCE=2" -CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt" -CXXFLAGS="-march=i686 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt" -LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now" -#-- Make Flags: change this for DistCC/SMP systems -#MAKEFLAGS="-j2" -#-- Debugging flags -DEBUG_CFLAGS="-g -fvar-tracking-assignments" -DEBUG_CXXFLAGS="-g -fvar-tracking-assignments" - -######################################################################### -# BUILD ENVIRONMENT -######################################################################### -# -# Defaults: BUILDENV=(!distcc color !ccache check !sign) -# A negated environment option will do the opposite of the comments below. -# -#-- distcc: Use the Distributed C/C++/ObjC compiler -#-- color: Colorize output messages -#-- ccache: Use ccache to cache compilation -#-- check: Run the check() function if present in the PKGBUILD -#-- sign: Generate PGP signature file -# -BUILDENV=(!distcc color !ccache check !sign) -# -#-- If using DistCC, your MAKEFLAGS will also need modification. In addition, -#-- specify a space-delimited list of hosts running in the DistCC cluster. -#DISTCC_HOSTS="" -# -#-- Specify a directory for package building. -#BUILDDIR=/tmp/makepkg - -######################################################################### -# GLOBAL PACKAGE OPTIONS -# These are default values for the options=() settings -######################################################################### -# -# Default: OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !optipng !upx !debug) -# A negated option will do the opposite of the comments below. -# -#-- strip: Strip symbols from binaries/libraries -#-- docs: Save doc directories specified by DOC_DIRS -#-- libtool: Leave libtool (.la) files in packages -#-- staticlibs: Leave static library (.a) files in packages -#-- emptydirs: Leave empty directories in packages -#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip -#-- purge: Remove files specified by PURGE_TARGETS -#-- upx: Compress binary executable files using UPX -#-- optipng: Optimize PNG images with optipng -#-- debug: Add debugging flags as specified in DEBUG_* variables -# -OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !optipng !upx !debug) - -#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512 -INTEGRITY_CHECK=(md5) -#-- Options to be used when stripping binaries. See `man strip' for details. -STRIP_BINARIES="--strip-all" -#-- Options to be used when stripping shared libraries. See `man strip' for details. -STRIP_SHARED="--strip-unneeded" -#-- Options to be used when stripping static libraries. See `man strip' for details. -STRIP_STATIC="--strip-debug" -#-- Manual (man and info) directories to compress (if zipman is specified) -MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info}) -#-- Doc directories to remove (if !docs is specified) -DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc}) -#-- Files to be removed from all packages (if purge is specified) -PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod) - -######################################################################### -# PACKAGE OUTPUT -######################################################################### -# -# Default: put built package and cached source in build directory -# -#-- Destination: specify a fixed directory where all packages will be placed -#PKGDEST=/home/packages -#-- Source cache: specify a fixed directory where source files will be cached -#SRCDEST=/home/sources -#-- Source packages: specify a fixed directory where all src packages will be placed -#SRCPKGDEST=/home/srcpackages -#-- Log files: specify a fixed directory where all log files will be placed -#LOGDEST=/home/makepkglogs -#-- Packager: name/email of the person or organization building packages -#PACKAGER="John Doe " -#-- Specify a key to use for package signing -#GPGKEY="" - -######################################################################### -# COMPRESSION DEFAULTS -######################################################################### -# -COMPRESSGZ=(gzip -c -f -n) -COMPRESSBZ2=(bzip2 -c -f) -COMPRESSXZ=(xz -c -z -) -COMPRESSLRZ=(lrzip -q) -COMPRESSLZO=(lzop -q) -COMPRESSZ=(compress -c -f) - -######################################################################### -# EXTENSION DEFAULTS -######################################################################### -# -# WARNING: Do NOT modify these variables unless you know what you are -# doing. -# -PKGEXT='.pkg.tar.xz' -SRCEXT='.src.tar.gz' - -# vim: set ft=sh ts=2 sw=2 et: diff --git a/zsh_completion.in b/zsh_completion.in index 0f95a4c..3bd4c4d 100644 --- a/zsh_completion.in +++ b/zsh_completion.in @@ -1,4 +1,4 @@ -#compdef archbuild archco arch-nspawn archrelease archrm commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-i686-build=archbuild extra-x86_64-build=archbuild testing-i686-build=archbuild testing-x86_64-build=archbuild staging-i686-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-i686-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-i686-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco +#compdef archbuild archco arch-nspawn archrelease archrm commitpkg finddeps makechrootpkg mkarchroot rebuildpkgs extrapkg=commitpkg corepkg=commitpkg testingpkg=commitpkg stagingpkg=commitpkg communitypkg=commitpkg community-testingpkg=commitpkg community-stagingpkg=commitpkg multilibpkg=commitpkg multilib-testingpkg=commitpkg extra-x86_64-build=archbuild testing-x86_64-build=archbuild staging-x86_64-build=archbuild multilib-build=archbuild multilib-testing-build=archbuild multilib-staging-build=archbuild kde-unstable-x86_64-build=archbuild gnome-unstable-x86_64-build=archbuild communityco=archco # License: Unspecified m4_include(lib/valid-tags.sh) -- cgit v1.2.3-54-g00ecf From 2a308821b3de179ca1946051d7733362ed45ed04 Mon Sep 17 00:00:00 2001 From: Bartłomiej Piotrowski Date: Wed, 8 Nov 2017 14:23:26 +0100 Subject: Version 20171108 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 43cfc4d..1debf53 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -V=20170911 +V=20171108 PREFIX = /usr/local -- cgit v1.2.3-54-g00ecf From eab5aba9b027a7689acaf2382a04ff69b5b8771e Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Mon, 30 Oct 2017 11:17:56 -0400 Subject: Support reproducible builds Recent development versions of makepkg support reproducible builds through the environment variable SOURCE_DATE_EPOCH. Pass this variable through makechrootpkg to makepkg when available. Also initialize SOURCE_DATE_EPOCH whenever running archbuild to enforce reproducible builds for repository packages. Signed-off-by: Eli Schwartz Signed-off-by: Levente Polyak --- archbuild.in | 7 ++++++- lib/archroot.sh | 6 ++++-- makechrootpkg.in | 5 +++-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/archbuild.in b/archbuild.in index 8339aef..1e5b582 100644 --- a/archbuild.in +++ b/archbuild.in @@ -39,7 +39,7 @@ while getopts 'hcr:' arg; do esac done -check_root +check_root SOURCE_DATE_EPOCH # Pass all arguments after -- right to makepkg makechrootpkg_args+=("${@:$OPTIND}") @@ -74,5 +74,10 @@ else pacman -Syu --noconfirm || abort fi +# Always build official packages reproducibly +if [[ ! -v SOURCE_DATE_EPOCH ]]; then + export SOURCE_DATE_EPOCH=$(date +%s) +fi + msg "Building in chroot for [%s] (%s)..." "${repo}" "${arch}" exec makechrootpkg -r "${chroots}/${repo}-${arch}" "${makechrootpkg_args[@]}" diff --git a/lib/archroot.sh b/lib/archroot.sh index 98fd2cf..f279603 100644 --- a/lib/archroot.sh +++ b/lib/archroot.sh @@ -6,13 +6,15 @@ CHROOT_VERSION='v4' ## -# usage : check_root +# usage : check_root $keepenv ## orig_argv=("$0" "$@") check_root() { + local keepenv=$1 + (( EUID == 0 )) && return if type -P sudo >/dev/null; then - exec sudo -- "${orig_argv[@]}" + exec sudo --preserve-env=$keepenv -- "${orig_argv[@]}" else exec su root -c "$(printf ' %q' "${orig_argv[@]}")" fi diff --git a/makechrootpkg.in b/makechrootpkg.in index d4c293f..9253544 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -205,6 +205,7 @@ EOF { printf '#!/bin/bash\n' declare -f _chrootbuild + declare -p SOURCE_DATE_EPOCH 2>/dev/null printf '_chrootbuild "$@" || exit\n' if $run_namcap; then @@ -231,7 +232,7 @@ _chrootbuild() { # use "$" in arguments to commands with "sudo -i". ${foo} or # ${1} is OK, but $foo or $1 isn't. # https://bugzilla.sudo.ws/show_bug.cgi?id=765 - sudo -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@" + sudo --preserve-env=SOURCE_DATE_EPOCH -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@" } _chrootnamcap() { @@ -343,7 +344,7 @@ main() { [[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.' makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}} - check_root + check_root SOURCE_DATE_EPOCH # Canonicalize chrootdir, getting rid of trailing / chrootdir=$(readlink -e "$passeddir") -- cgit v1.2.3-54-g00ecf From 7a3c5085017987b6ef934cf9d9b098b4994ba21a Mon Sep 17 00:00:00 2001 From: Evangelos Foutras Date: Wed, 27 Dec 2017 23:25:32 +0200 Subject: Revert "makechrootpkg: Reopen console to assign the CTTY" This reverts commit ddd508efc083fc9beb6f2c96e2537521b31c1e6f. The underlying bug (FS#56529) was fixed in glibc 2.26-9. --- makechrootpkg.in | 3 --- 1 file changed, 3 deletions(-) diff --git a/makechrootpkg.in b/makechrootpkg.in index 9253544..511e519 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -219,9 +219,6 @@ EOF # These functions aren't run in makechrootpkg, # so no global variables _chrootbuild() { - # Work around nspawn not giving us a ctty - exec