From fd01e709dca462a052fec404a7887545b635223d Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Wed, 18 May 2022 21:23:22 +0200 Subject: make linter happy --- bin/check-opcodes | 2 +- bin/create-build-support-package | 2 +- bin/local-build-package | 2 +- bin/manage-slaves | 23 ++++++++++------------- bin/nit-picker | 4 ++-- bin/return-assignment | 12 ++++++------ lib/common-functions | 5 +++-- 7 files changed, 24 insertions(+), 26 deletions(-) diff --git a/bin/check-opcodes b/bin/check-opcodes index e8bb807..2949819 100755 --- a/bin/check-opcodes +++ b/bin/check-opcodes @@ -122,7 +122,7 @@ debug "Checking for architecture: $ARCH ($OPCODE_ARGS).." # shellcheck disable=SC2044 for absfile in $(find $tmp_dir \( -regextype grep -regex '.*\.so\(\.[0-9.]\+\)\?' -type f \) -o \( -executable -type f \) ); do file=$(basename $absfile) - relfile=${absfile#$tmp_dir} + relfile=${absfile#"${tmp_dir}"} debug "Checking file: $relfile" if ! readelf -a $absfile > $tmp_dir/$file.elf 2>/dev/null; then debug "readelf failed, ignoring file" diff --git a/bin/create-build-support-package b/bin/create-build-support-package index 09374ec..43fb592 100755 --- a/bin/create-build-support-package +++ b/bin/create-build-support-package @@ -169,7 +169,7 @@ if [ -n "${source_package}" ]; then fi new_pkg="${pkg%-*-*-*}" - new_pkg="${new_pkg}-shim${pkg#${new_pkg}}" + new_pkg="${new_pkg}-shim${pkg#"${new_pkg}"}" failsafe_rsync \ "${master_mirror_rsync_directory}/pool/${pkg}" \ diff --git a/bin/local-build-package b/bin/local-build-package index c6fb029..97cc998 100755 --- a/bin/local-build-package +++ b/bin/local-build-package @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # build one package to test if modifications are ok (before opening a pull # request in https://github.com/archlinux32/packages) diff --git a/bin/manage-slaves b/bin/manage-slaves index 3dbd83a..32883a3 100755 --- a/bin/manage-slaves +++ b/bin/manage-slaves @@ -35,19 +35,16 @@ fi case "$1" in 'list') - infos=$( - # shellcheck disable=SC2016 - { - printf 'SELECT' - printf ' name, CASE WHEN access_allowed = 1 THEN "enabled" ELSE "disabled" END ' - printf ' name, CASE WHEN is_sane = 1 THEN "sane" ELSE "not sane" END ' - printf ' FROM build_slaves' - printf ';\n' - } | \ - mysql_run_query | \ - tr '\t' ' ' - ) - echo "${infos[@]}" + # shellcheck disable=SC2016 + { + printf 'SELECT' + printf ' name, CASE WHEN access_allowed = 1 THEN "enabled" ELSE "disabled" END ' + printf ' name, CASE WHEN is_sane = 1 THEN "sane" ELSE "not sane" END ' + printf ' FROM build_slaves' + printf ';\n' + } | \ + mysql_run_query | \ + tr '\t' ' ' ;; 'add') shift diff --git a/bin/nit-picker b/bin/nit-picker index 8dd0156..56321b9 100755 --- a/bin/nit-picker +++ b/bin/nit-picker @@ -281,9 +281,9 @@ while pgrep -x ii >/dev/null \ case "${action}" in 'commit') # check whether a given commit is present in the git repo git_repo="${parameters%% *}" - git_rev="${parameters#${git_repo} }" + git_rev="${parameters#"${git_repo}" }" git_head="${git_rev%% *}" - git_rev="${git_rev#${git_head} }" + git_rev="${git_rev#"${git_head}" }" # shellcheck disable=SC2016 eval "$( printf 'git_dir="${repo_paths__%s}"\n' \ diff --git a/bin/return-assignment b/bin/return-assignment index a0cbbbb..eca5af7 100755 --- a/bin/return-assignment +++ b/bin/return-assignment @@ -142,25 +142,25 @@ if [ "$6" = 'ERROR' ]; then exit 2 fi build_assignment_architecture="${infos##* }" - infos="${infos% ${build_assignment_architecture}}" + infos="${infos% "${build_assignment_architecture}"}" pkgrel="${infos##* }" - infos="${infos% ${pkgrel}}" + infos="${infos% "${pkgrel}"}" epoch="${infos##* }" - infos="${infos% ${epoch}}" + infos="${infos% "${epoch}"}" pkgver="${infos##* }" - infos="${infos% ${pkgver}}" + infos="${infos% "${pkgver}"}" pkgver=$( printf '%s' "${pkgver}" \ | base64 -d ) upstream_flag_date="${infos##* }" - infos="${infos% ${upstream_flag_date}}" + infos="${infos% "${upstream_flag_date}"}" upstream_flag_date=$( printf '%s' "${upstream_flag_date}" \ | base64 -d ) was_broken_before="${infos##* }" - build_assignment_id="${infos% ${was_broken_before}}" + build_assignment_id="${infos% "${was_broken_before}"}" # save sent build logs saved_build_logs=$( diff --git a/lib/common-functions b/lib/common-functions index d16c61d..eb61e9e 100755 --- a/lib/common-functions +++ b/lib/common-functions @@ -277,8 +277,8 @@ remove_old_package_versions() { # wait between minimum and minimum+diff seconds (diff defaults to 30) wait_some_time() { - local minimum=$1 - local diff=$2 + local minimum="$1" + local diff="$2" local random if [ -z "${diff}" ]; then @@ -358,6 +358,7 @@ make_source_info() { p ' "${tmp_dir}/SRCINFO" )" + # shellcheck disable=SC2031 sed -i ' /^pkgname = /! b /= gtk-doc$/ b -- cgit v1.2.3-54-g00ecf From 8e8978be5008688350dbdf0f0cc12a760d9042e3 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Wed, 18 May 2022 21:25:42 +0200 Subject: bin/build-packages: new straw :on_x86_64: * this allows to build "any" packages with the x86_64 toolchain * only applicaple with -p (for security reasons) --- bin/build-packages | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/bin/build-packages b/bin/build-packages index 8405579..16c9008 100755 --- a/bin/build-packages +++ b/bin/build-packages @@ -78,6 +78,8 @@ usage() { >&2 echo ' compile from source tarbal from sources.archlinux.org if possible' >&2 echo ' :mirrored_source_by_hash:' >&2 echo ' download sources from sources.archlinux32.org by hash if possible' + >&2 echo ' :on_x86_64:' + >&2 echo ' build any package with x86_64 arch' >&2 echo ' :without_check:' >&2 echo ' run makepkg with "--no-check"' >&2 echo ' :without_systemd_nspawn:' @@ -291,6 +293,9 @@ while [ "${count}" -ne 0 ] && \ package="${package% *}" if [ "${arch}" = 'any' ]; then arch="${my_arch}" + assignment_was_any=true + else + assignment_was_any=false fi if [ -n "${diff_source_dir}" ] && @@ -485,6 +490,28 @@ while [ "${count}" -ne 0 ] && \ outerParameters="${innerParameters} -fcrs --asdeps --noconfirm --holdver" middleParameters='' innerParameters='' + elif echo "${straw}" | \ + grep -qF ':on_x86_64:'; then + if [ -z "${prefered_package}" ]; then + >&2 echo 'straw :on_x86_64: only allowed with -p' + exit 2 + fi + if [ "${prefered_package}" != "${package}" ]; then + >&2 echo 'The prefered package was not handed out.' + >&2 echo 'Because straw :on_x86_64: is active, I will abort.' + # shellcheck disable=SC2029 + ssh \ + -i "${master_build_server_identity}" \ + -p "${master_build_server_port}" \ + "${master_build_server_user}@${master_build_server}" \ + 'return-assignment' 'ABORT' + exit 2 + fi + if ! ${assignment_was_any}; then + >&2 printf 'Can only build "any" packages with :on_x86_64:, but got a "%s" package.\n' "${arch}" + exit 2 + fi + build_command='staging-x86_64-build' else build_command='staging-'"${arch}"'-build' fi -- cgit v1.2.3-54-g00ecf From a2e2eed8f3d9b7b8a2b4149cba69063e6e8ab132 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Sun, 29 May 2022 11:22:20 +0200 Subject: avoid password-authentication for ssh --- bin/build-packages | 14 +++++++------- bin/harvest-commit-times | 8 ++++---- bin/local-build-package | 2 +- bin/nit-picker | 2 +- bin/ping-to-master | 2 +- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/bin/build-packages b/bin/build-packages index 16c9008..de01478 100755 --- a/bin/build-packages +++ b/bin/build-packages @@ -251,7 +251,7 @@ while [ "${count}" -ne 0 ] && \ if [ -z "${forced_package}" ]; then package=$( # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -303,7 +303,7 @@ while [ "${count}" -ne 0 ] && \ >&2 echo 'The prefered package was not handed out.' >&2 echo 'Because -d was given, I will abort.' # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -388,7 +388,7 @@ while [ "${count}" -ne 0 ] && \ ! apply_trunk_patch "${tmp_dir}" "${diff_source_dir}"; then # report local failure (probably a missing commit) to build-master # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -464,7 +464,7 @@ while [ "${count}" -ne 0 ] && \ >&2 echo 'The prefered package was not handed out.' >&2 echo 'Because straw :without_systemd_nspawn: is active, I will abort.' # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -500,7 +500,7 @@ while [ "${count}" -ne 0 ] && \ >&2 echo 'The prefered package was not handed out.' >&2 echo 'Because straw :on_x86_64: is active, I will abort.' # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -1050,7 +1050,7 @@ while [ "${count}" -ne 0 ] && \ while ${upload_to_build_master}; do err=0 # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -1113,7 +1113,7 @@ while [ "${count}" -ne 0 ] && \ while true; do err=0 # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ diff --git a/bin/harvest-commit-times b/bin/harvest-commit-times index a978b41..7546aa4 100755 --- a/bin/harvest-commit-times +++ b/bin/harvest-commit-times @@ -76,9 +76,9 @@ trap 'rm "${tmp_file}"' EXIT if ! ${i_am_the_master}; then tmp_remote_file=$( - ssh buildmaster "mktemp 'tmp.harvest-commit-times.remotely.XXXXXXXXXX' --tmpdir" + ssh -o PasswordAuthentication=No buildmaster "mktemp 'tmp.harvest-commit-times.remotely.XXXXXXXXXX' --tmpdir" ) - trap 'rm "${tmp_file}"; ssh buildmaster rm "${tmp_remote_file}"' EXIT + trap 'rm "${tmp_file}"; ssh -o PasswordAuthentication=No buildmaster rm "${tmp_remote_file}"' EXIT fi while true; do @@ -127,7 +127,7 @@ while true; do if [ -s "${tmp_file}" ]; then if ! ${i_am_the_master}; then - ssh buildmaster 'cat > "'"${tmp_remote_file}"'"' < \ + ssh -o PasswordAuthentication=No buildmaster 'cat > "'"${tmp_remote_file}"'"' < \ "${tmp_file}" fi # shellcheck disable=SC2016 @@ -149,7 +149,7 @@ while true; do if ${i_am_the_master}; then mysql_run_query 'unimportant' else - ssh buildmaster 'mysql buildmaster -N --raw --batch' + ssh -o PasswordAuthentication=No buildmaster 'mysql buildmaster -N --raw --batch' fi else >&2 printf '\n' diff --git a/bin/local-build-package b/bin/local-build-package index 97cc998..e0b02dc 100755 --- a/bin/local-build-package +++ b/bin/local-build-package @@ -231,7 +231,7 @@ if ${bootstrap}; then esac scp -P "${bootstrap_port}" -rC "${tmp_dir}/"*"-${arch}.pkg.tar.zst" "${tmp_dir}/"*"-${arch}.pkg.tar.zst.sig" "${bootstrap_host}:${bootstrap_dir}/${staging_repo}/." - ssh -p "${bootstrap_port}" "${bootstrap_host}" bash -l -c "'cd ${bootstrap_dir}/${staging_repo} && repo-add -n bootstrap-${staging_repo}.db.tar.gz *-${arch}.pkg.tar.zst'" + ssh -o PasswordAuthentication=No -p "${bootstrap_port}" "${bootstrap_host}" bash -l -c "'cd ${bootstrap_dir}/${staging_repo} && repo-add -n bootstrap-${staging_repo}.db.tar.gz *-${arch}.pkg.tar.zst'" fi # do not delete build reports, why might actually to want to have a look for things diff --git a/bin/nit-picker b/bin/nit-picker index 56321b9..ed5b7da 100755 --- a/bin/nit-picker +++ b/bin/nit-picker @@ -881,6 +881,6 @@ done printf ';\n' fi } \ -| ifne ssh buildmaster 'mysql buildmaster +| ifne ssh -o PasswordAuthentication=No buildmaster 'mysql buildmaster rm -f "/tmp/add-those-dependencies" ' diff --git a/bin/ping-to-master b/bin/ping-to-master index b1539cc..0b72935 100755 --- a/bin/ping-to-master +++ b/bin/ping-to-master @@ -27,7 +27,7 @@ while kill -0 "${parent_pid}" && \ -name '*.build-log' \ -exec wc -l {} \; | \ sed 's, .*/, ,' | \ - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ -- cgit v1.2.3-54-g00ecf