Age | Commit message (Collapse) | Author |
|
It's important to ensure the guest has up to date data because updating
a chroot after quite some time can potentially rely on updated
archlinux-keyring, something which the host machine either kept up to
date on or manually fixed, but it kills automation to mess around with
chroot configs like that. Alternatively, signed packages added with -I
need to work, and we assume the host is configured to accept these.
That is *not* a good reason to completely nuke whatever is in the guest,
though. A guest might have been manually configured to accept keys which
aren't accepted by the host; one example of this happening in practice,
is archlinux32 when building 32-bit packages from an archlinux host.
A simple solution is to use pacman-key's native facility to dump the
known keys and trust status from one gpg configuration, and import it
into another. Use this to append to, rather than overwrite, the chrooted
guest's pacman keyring.
While we are at it, fix a bug where we didn't respect the host's
pacman.conf settings for the GpgDir. While it isn't wildly likely a user
will choose to customize this, it is a valid and supported use case and
we must think about this ourselves.
|
|
Previously, arch-nspawn was using the hosts' pacman cache in
the chroot even when the chroot was set up with a different
cache by mkarchroot, unless specified with the -c flag.
Problem is that makechrootpkg passes no -C, -M nor -c flags
to arch-nspawn, so all values must be obtained from the
working directory.
This change take the cache directories from the pacman.conf
specified with the -C option unless the -c option was given
(as is the case when the chroot is set up with mkarchroot),
and, when neither -C nor -c is given (as is the case when
invoked by makechrootpkg), the cache directory is taken
from the pacman.conf in the working directory.
This wasn't such an issue when i686 was mainline, however,
which building packages in a chroot against archlinux32 on
an x86_64 platform, the cache of the host should _never_ be
used.
|
|
|
|
It is much nicer to use a proper configuration parser to retrieve the
primary mirror, rather than clever hacks using undocumented APIs,
especially when their behavior as used then breaks in later releases.
Fortunately, pacutils exists now and pacconf handles this quite
elegantly. It has since been moved to pacman-git proper.
Check if pacman-conf from a new enough version of pacman exists and
fallback on pacconf from pacutils.
|
|
cache"
This reverts commit eb6b0e3f11279b6512b1469ff042d2982eaaeef4.
This never worked, as pacman-git returns file urls from the cache anyway
and pacman stable doesn't have any problem at all. Having useless code
which makes people think the issue is solved when it really isn't, is
bloat, so remove it.
|
|
|
|
https://lists.parabola.nu/pipermail/dev/2017-June/005576.html
|
|
Whoops, this will of course mess with nspawn arguments passed to
arch-nspawn.
|
|
This was lost at some point.
|
|
As not all commands we run are capable of reaping processes correctly.
For example, pacman is not.
|
|
systemd-nspawn use a default environ PATH value of:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Since filesystem 2017.08, this is no more overrided by /etc/profile
to the Arch default:
PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
|
|
|
|
The added PKGBUILD.proto file is so that shellcheck can know know what
to expect that a PKGBUILD sets.
|
|
These changes are all strictly "slap some double-quotes in there".
Anything more than that is not included in this commit.
|
|
These are purely stylistic changes that make shellcheck complain less.
This does NOT include things like quoting currently unquoted variables.
|
|
This allows us to run an ARM chroot on an x86 box; as the binfmt
runner will set the architecture for us, and the x86
`/usr/bin/setarch` program won't know about the ARM architecture
string.
|
|
This allows us to copy in files like `qemu-arm-static`, which is
necessary for running an ARM chroot on an x86 box.
|
|
This involves extending the signature of lib/common.sh's `stat_busy()`,
`lock()`, and `slock()`. The `mesg=$1; shift` in stat_busy even suggests
that this is what was originally intended from it.
|
|
In cases where there is no license specified, the file is tagged as
"License: Unspecified". Obviously, that is not ideal, but it
highlights the fact, and I hope that it encourages whoever has the
authority to specify the license to do so.
On that note, to anyone who may have the authority to specify the
license of files in devtools: the current licence of many files is
GPLv2 with no option for later versions; I impore you to re-license
them to have the "or any later version" option.
|
|
Move the function and save the orig_argv right along it.
|
|
|
|
In order to have an UTF-8 locale in the build root. This is something
normally set on real machines but is not set from our chroots. Meson,
for example, loudly complains when the locale charset is not UTF-8.
I'd like to have C.UTF-8, as most other distributions do. Unfortunately,
it's not part of vanilla glibc; en_US.UTF-8 will have to do.
mkarchroot already creates roots with both en_US.UTF-8 and de_DE.UTF-8,
the latter because builds of gcc (perhaps used to) require it.
Bump the CHROOT_VERSION due to the setting change.
|
|
|
|
It is passed down to the container when stdin/stdout is not a tty; this
is the case when archbuild's output is redirected to a pipe or file.
|
|
Fixes FS#42277.
|
|
|
|
No need to do this since we don't run an init system in the build root.
|
|
In collaborative builder machine, these scripts are often allowed to become root
via sudo. This patch avoid to prefix them by sudo each time or call su.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
This fixes various errors one might encounter when trying to use a
build root or cachedir with whitespace in it.
Note that the cachedir fix is not a complete one, as pacman's output is
unreliable (and not meant for parsing here).
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
eval is no longer involved in the execution of systemd-nspawn, so we no
longer need a layer of escaping on the arguments.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Now that die() properly forwards arguments to error(), we can expect
that the first arg is a format string and not the entirety of the
output.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
systemd-nspawn always outputs some debug messages over stderr.
Both stdout and stderr from inside the chroot are sent through
a pty to stdout.
|
|
Allows calling makechrootpkg without worrying about the architecture
|
|
Recent changes to systemd-nspawn have it take the machine name from
the chroot dir name, which isn't unique enough for our setup.
|
|
Separates the two features of mkarchroot. Provides users of the new
arch-nspawn with the full feature set of systemd-nspawn.
For example, this can be used to bind custom directories into the chroot.
|