Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
This allows signature verification by `makepkg --verifysource`, `git
verify-tag`, and such without requiring the user to manually retrieve
the keys first.
This is based off of devtools32 commit 009695b (2017-06-27) by
Erich Eckner <git@eckner.net>. There are 2 differences from that
commit:
- In this version, gpg.conf is owned by builduser, not by root
- In this version, we don't keep appending duplicate lines if we
re-use a chroot
|
|
This worked properly until eab5aba.
|
|
|
|
It also sets SRCEXT="-$pkgarch$SRCEXT", so that two runs of makechrootpkg on
different architectures don't overwrite eachothers source packages.
|
|
|
|
|
|
|
|
2017-02-15: (070092d) Import from libretools.
2017-02-19: (7c55e79) Tidy formatting (2018-01-02: erroneously
removing newlines that had been added to avoid confusing
xgettext).
2017-05-05: (c4d5957) Don't say "local var" and "var=$(subshell)" in
the same command (shellcheck complains about this).
2017-09-24: Update to work with loading the message
functions from /usr/share/makepkg/util.sh
2018-01-02: Avoid confusing xgettext.
|
|
The change in arch-nspawn is subtle:
This was the source of "infamous" "it fails every other time" bug that
took me over a year to solve. <https://labs.parabola.nu/issues/435>
By having a repository of local packages (rather than simply running
`pacman -U`), we are inviting pacman to cache them in
`/var/cache/pacman/pkg`. Besides being needless disk writes, this
actually causes a real issue. If the package gets rebuilt, pacman
will balk, as the file no longer matches the cached signature.
So, how do we prevent pacman from caching these local packages?
Simple: include the directory they are already in in the
pacman.conf:CacheDir list. This will prevent pacman from copying
the files to one of the other cache directories.
|
|
The table is just armv7h->armv7l for now.
|
|
|
|
This affects both the usage() text, and the error message if the
`/.arch-chroot` version doesn't match. The latter is the one that I
really care about, and motivates this change.
On Parabola, the `arch-nspawn` program isn't in PATH, it's somewhere
under `/usr/lib/`, and gets called as a helper to user-facing
programs; and the error message is displayed directly to the user.
These programs consistently put two spaces after a period when
printing a message to the terminal.
|
|
This allows signature verification by `makepkg --verifysource`, `git
verify-tag`, and such without requiring the user to manually retrieve
the keys first.
This is based off of devtools32 commit 009695b (2017-06-27) by
Erich Eckner <git@eckner.net>. There are 2 differences from that
commit:
- In this version, gpg.conf is owned by builduser, not by root
- In this version, we don't keep appending duplicate lines if we
re-use a chroot
|
|
This worked properly until eab5aba.
|
|
Support for working with `set -u` was broken by 94160d6. Egg on my
face; I'm the one who wants `set -u` support, and I'm the author of
that commit!
libmakepkg does not work with `set -u`; but mostly because of the include
guards! So we just need to temporarily disable `set -u` (nounset) while
loading libmakepkg. Instead of introducing a new variable, just store the
initial nounset status in _INCLUDE_COMMON_SH; rather than a useless
fixed-string "true".
While we're at it, disable POSIX-mode (just in case we're running as "sh"
instead of "bash"), since libmakepkg uses bash-isms that won't parse in
POSIX mode.
|
|
|
|
Don't use error-prone logic e.g.
foo=true; if $foo ...
This completely fails to act as expected when the variable is unset
because of unrelated bugs.
While this merely causes the default behavior to be "false" rather than
"true" in such cases, it is better to fail to enable explicitly
requested behavior (which will be noticed by the user) than to simply
upgrade to this behavior for free (which may not seem to have any
obvious cause).
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Reviewed-by: Luke Shumaker <lukeshu@parabola.nu>
|
|
Fixes regression in 2fd5931a8c67289a8a4acd327b3ce99a5d64c8c7
$run_namcap will always be set to ""
`if $not_a_var; then ...; fi` is always truthful when $not_a_var is
unset or equal to "" and the `then` clause will always be run.
I'm not sure why global state variables need to be cloned locally for
their sole explicit purpose.
But for now this patch implements the minimum necessary work to properly
pass the "do I want namcap" variable into prepare_chroot() according to
the current logic flow.
Note that I have still not thorougly tested makechrootpkg.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Reviewed-by: Luke Shumaker <lukeshu@parabola.nu>
|
|
|
|
Support for working with `set -u` was broken by 94160d6. Egg on my
face; I'm the one who wants `set -u` support, and I'm the author of
that commit!
libmakepkg does not work with `set -u`; but mostly because of the include
guards! So we just need to temporarily disable `set -u` (nounset) while
loading libmakepkg. Instead of introducing a new variable, just store the
initial nounset status in _INCLUDE_COMMON_SH; rather than a useless
fixed-string "true".
While we're at it, disable POSIX-mode (just in case we're running as "sh"
instead of "bash"), since libmakepkg uses bash-isms that won't parse in
POSIX mode.
|
|
|
|
https://lists.parabola.nu/pipermail/dev/2017-June/005576.html
|
|
Don't use error-prone logic e.g.
foo=true; if $foo ...
This completely fails to act as expected when the variable is unset
because of unrelated bugs.
While this merely causes the default behavior to be "false" rather than
"true" in such cases, it is better to fail to enable explicitly
requested behavior (which will be noticed by the user) than to simply
upgrade to this behavior for free (which may not seem to have any
obvious cause).
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Reviewed-by: Luke Shumaker <lukeshu@parabola.nu>
|
|
Fixes regression in 2fd5931a8c67289a8a4acd327b3ce99a5d64c8c7
$run_namcap will always be set to ""
`if $not_a_var; then ...; fi` is always truthful when $not_a_var is
unset or equal to "" and the `then` clause will always be run.
I'm not sure why global state variables need to be cloned locally for
their sole explicit purpose.
But for now this patch implements the minimum necessary work to properly
pass the "do I want namcap" variable into prepare_chroot() according to
the current logic flow.
Note that I have still not thorougly tested makechrootpkg.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Reviewed-by: Luke Shumaker <lukeshu@parabola.nu>
|
|
This reverts commit ddd508efc083fc9beb6f2c96e2537521b31c1e6f.
The underlying bug (FS#56529) was fixed in glibc 2.26-9.
|
|
Recent development versions of makepkg support reproducible builds
through the environment variable SOURCE_DATE_EPOCH. Pass this variable
through makechrootpkg to makepkg when available.
Also initialize SOURCE_DATE_EPOCH whenever running archbuild to enforce
reproducible builds for repository packages.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
|
|
|
|
This mirrors dbscripts commit
625fa02 by Pierre Schmitz <pierre@archlinux.de> at 2017-04-18 14:20:49
|
|
A couple of the comments noting which globals are used by functions are
outdated/wrong.
- download_sources() : Remove USER from the list. It was always wrong.
Originally, it should have been SUDO_USER (not USER), but I should have
removed it entirely in 4f23609.
- move_products() : Add SRCPKGDEST to the list. Though the commit adding
the comment was only recently upstreamed (as 2fd5931), it originated in
2013 in a commit that has since been rebased many times. Anyway, in
this rebasing, it missed move_products() starting to pay attention to
SRCPKGDEST in fd1be1b (since nothing made git think there was a
"conflict").
|
|
The reason it wasn't moved before was just to keep the diffs
(with --ignore-all-space) smaller, to make merging and rebasing work
easier. Moving code around in a file tends to make that difficult.
But, readability wise, it belongs in main().
|
|
nspawn does not give us a controlling terminal, hence we ignore
interrupts. Apparently this was lost in systemd at some point.
Hack around this by reopening the console to make it the controlling
terminal.
|
|
Coredumps from build chroots are not generally useful. Prevent
them from being generated.
Avoids a lot of annoyance from the GCC testsuite spawning lots of
systemd-coredump processes.
Just set the soft limit so the user can still raise it in the PKGBUILD
if they insist.
|
|
|
|
https://lists.parabola.nu/pipermail/dev/2017-June/005576.html
|
|
|
|
It also sets SRCEXT="-$pkgarch$SRCEXT", so that two runs of makechrootpkg on
different architectures don't overwrite eachothers source packages.
|
|
|
|
|
|
|
|
|
|
The change in arch-nspawn is subtle:
This was the source of "infamous" "it fails every other time" bug that
took me over a year to solve. <https://labs.parabola.nu/issues/435>
By having a repository of local packages (rather than simply running
`pacman -U`), we are inviting pacman to cache them in
`/var/cache/pacman/pkg`. Besides being needless disk writes, this
actually causes a real issue. If the package gets rebuilt, pacman
will balk, as the file no longer matches the cached signature.
So, how do we prevent pacman from caching these local packages?
Simple: include the directory they are already in in the
pacman.conf:CacheDir list. This will prevent pacman from copying
the files to one of the other cache directories.
|
|
The table is just armv7h->armv7l for now.
|
|
|
|
This affects both the usage() text, and the error message if the
`/.arch-chroot` version doesn't match. The latter is the one that I
really care about, and motivates this change.
On Parabola, the `arch-nspawn` program isn't in PATH, it's somewhere
under `/usr/lib/`, and gets called as a helper to user-facing
programs; and the error message is displayed directly to the user.
These programs consistently put two spaces after a period when
printing a message to the terminal.
|
|
Whoops, this will of course mess with nspawn arguments passed to
arch-nspawn.
|
|
This was lost at some point.
|