Age | Commit message (Collapse) | Author |
|
The change in arch-nspawn is subtle:
This was the source of "infamous" "it fails every other time" bug that
took me over a year to solve. <https://labs.parabola.nu/issues/435>
By having a repository of local packages (rather than simply running
`pacman -U`), we are inviting pacman to cache them in
`/var/cache/pacman/pkg`. Besides being needless disk writes, this
actually causes a real issue. If the package gets rebuilt, pacman
will balk, as the file no longer matches the cached signature.
So, how do we prevent pacman from caching these local packages?
Simple: include the directory they are already in in the
pacman.conf:CacheDir list. This will prevent pacman from copying
the files to one of the other cache directories.
|
|
|
|
|
|
|
|
Rather than them simply being named blocks of code with braces around
them.
That is: have them take things via arguments rather than global
variables.
Specific notes:
- download_sources:
Observation: if $SUDO_USER is set, then src_owner=$SUDO_USER.
So (for clarity), rather than checking if $SUDO_USER is set, check
if $src_owner is different than $USER.
This reduces how much we have to worry about global state.
- install_packages:
1. Receive the list of packages as arguments, rather than a global
variable.
2. Make the caller responsible for looking at PKGBUILD. From the
name and arguments, one would never expect it to look at PKGBUILD.
- create_chroot->sync_chroot:
I pulled the `if [[ ! -d $copydir ]] || $clean_first;` check out; it is
now the caller's responsibility to use that check when deciding if to
call sync_chroot.
|
|
|
|
|
|
|
|
Motivation:
tmpfiles.d(5) has directives to create btrfs subvolumes. This means
that systemd-tmpfiles (which may be called by an ALPM hook) might
create subvolumes. For instance, systemd's systemd-nspawn.conf
creates a subvolume at `/var/lib/machines/`.
This causes a problem when we go to delete the chroot. The command
`btrfs subvolume delete` won't recursively delete subvolumes; if a
child subvolume was created, it will fail with the fairly unhelpful
error message "directory not empty".
Solution:
Because the subvolume that gets mounted isn't necessarily the
toplevel subvolume, and `btrfs subvolume list` gives us paths
relative to the toplevel; we need to figure out how our path relates
to the toplevel. Figure out the mountpoint (which turns out to be
slightly tricky; see below), and call `btrfs subvolume list -a` on
it to get the list of subvolumes that are visible to us (and quite
possibly some that aren't; the logic for determining which ones it
shows is... absurd). This gives us a list of subvolumes with
numeric IDs, and paths relative to the toplevel (actually it gives
us more than that, and we use a hopefully-correct `sed` expression
to trim it down) So then we look at that list of pairs and find the
one that matches the ID of the subvolume we're trying to delete
(which is easy to get with `btrfs subvolume show`); once we've found
the path of our subvolume, we can use that to filter and trim the
complete list of paths. From there the remainder of the solution is
obvious.
Now, back to "figure out the mountpoint"; the normal `stat -c %m`
doesn't work. It gives the mounted path of the subvolume closest to
the path we give it, not the actual mountpoint. Now, it turns out
that `df` can figure out the correct mountpoint (though I haven't
investigated how it knows when stat doesn't; but I suspect it parses
`/proc/mounts`). So we are reduced to parsing `df`'s output.
Now, back to "hopefully-correct `sed` expression"; the output of
`btrfs subvolume list -a` is a space-separated sequence of
"key value key value...". Unfortunately both keys and values can
contain space, and there's no escaping or indication of when this
happens. With how we choose to parse it, a path containing a space
is truncated at the first space. This means that at least the
prefix is correct; if a path gets mangled, it just means that the
deletion fails. As "path" is (currently) the last key, it seems
tempting to allow it to simply run until the end of the line.
However, this creates the possibility of a path containing " path ",
which would cause the *prefix* to be trimmed, which means our
failure case is now unpredictable, and potentially harmful. While
we pretty much trust the user, that's still scary.
|
|
embedding.
|
|
It was displaing the value of the `makepkg_args` variable, which may
have already been changed by the argument parsing by the time it gets
to `-h`. Now there is a separate `default_makepkg_args` variable.
|
|
This involves extending the signature of lib/common.sh's `stat_busy()`,
`lock()`, and `slock()`. The `mesg=$1; shift` in stat_busy even suggests
that this is what was originally intended from it.
|
|
`lock_close FD` is easier to remember than 'exec FD>&-`; and is especially
easier if FD is a variable (though that isn't actually taken advantage of
here).
This uses Bash 4.1+ `exec {var}>&-`, rather than the clunkier
`eval exec "$var>&-"` that was necessary in older versions of Bash.
Thanks to Dave Reisner for pointing this new bit of syntax out to me
the last time I submitted this (back in 2014, 4.1 had just come out).
|
|
The gnustep-base package ships a profile.d script that adds
"$HOME/GNUstep/Tools" to the PATH, which breaks when the user changes
and causes meson to exit with a "permission denied" error.
|
|
Make use of load_vars returning 1 when the file is missing. Avoids
introducing another variable.
|
|
Implemented the same way as in makepkg.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
|
|
Avoids having to specify them in dependency order.
|
|
Copy both UID and primary GID of the invoker to the builduser. Mount
srcdest and startdir read-write.
v2: Fixed GnuPG keyring owner and moved running namcap from a heredoc
to a function.
|
|
Having it set to nologin breaks a couple of tests in Git and Python.
|
|
This way the HOME dir is writable and no ugly hacks are required
in the PKGBUILD if $HOME is accessed (f.e. maven, gradle and also
some python tests etc.)
|
|
This is needed in order to use GPG's auto-key-retrieve keyserver option,
otherwise the keyring will get copied to the chroot before the required
keys are retrieved during 'makepkg --verifysource'.
|
|
Chances are that pubring.kbx has been created by gpgsm but pubring.gpg
is still around with valid data. We do not know what file contains what
we need, so just copy both.
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
|
|
|
|
|
|
Fixes a regression introduced by 285a4e94cd, which made namcap a
"compile time" option.
|
|
|
|
Fixes FS#42277.
|
|
We don't need to pass _chrootbuild this information at runtime -- we
can just generate the build script to do exactly what we want.
|
|
Changing UID to that of 'nobody' is arbitrary at best, and an
information leak at worst. Let's just drop back to the same UID of the
invoker.
|
|
Commit 59e348fc3c5dd086331d884a6dd76fb43a92b7eb added a btrfs subvolume
check, but only used it in create_chroot(); it missed clean_temporary().
|
|
|
|
In collaborative builder machine, these scripts are often allowed to become root
via sudo. This patch avoid to prefix them by sudo each time or call su.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Makes the chroot mtime a useful indicator of last usage.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
If getopts comes across an unknown argument, $arg it set to '?' and
$OPTARG is unset. Therefore the getopts line detecting unknown arguments
doesn't work. Arguments to pass to makepkg are already handled by
passing all the aguments after the end-of-options marker (--), but this
wasn't documented in the usage text.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Signed-off-by: Markus M. May <mmay@javafreedom.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Fixes FS#36654: https://bugs.archlinux.org/task/36654.
Signed-off-by: Maxime Gauduin <alucryd@gmail.com>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
We shouldn't be in the business of reparsing makepkg's arguments, but
since we have to treat the case of repackaging separately, do a better
job of trying to find signs of it happening. This change lets you pass
the longopt, --repackage, or multiple shortopts such as -RA, and still
get the intended effect.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Piggyback on systemd-nspawn's --bind and --bind-ro flags to allow
arbitrary mount points to be added to the build container.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Now that die() properly forwards arguments to error(), we can expect
that the first arg is a format string and not the entirety of the
output.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
|
|
|
|
Now syntax highlighting works properly! :D
|
|
For pkgver updates.
|
|
- Ensure sources are available before entering chroot
- Bind STARTDIR and SRCDEST into the chroot read-only
- Refactor makechrootpkg and introduce meaningful functions
Avoids copying stuff from/to the chroot as much as possible. With
VCS sources these copies can get quite expensive.
|
|
I don't think this is much use in our common workflow. Our pacman
configs don't even make a reference to /repo.
|
|
Reduces code duplication.
With makechrootpkg not calling mkarchroot anymore,
the lock handover protocol is unneeded.
arch-nspawn does not do any locking, so add protection to archbuild.
|
|
Separates the two features of mkarchroot. Provides users of the new
arch-nspawn with the full feature set of systemd-nspawn.
For example, this can be used to bind custom directories into the chroot.
|