Age | Commit message (Collapse) | Author |
|
This adds proper namespace locking as well to fix screwing up the
running makerepropkg process.
|
|
Use the recorded buildtool in order to download the matching dist
package and use the appropriate makepkg.conf for reproducing the
package. This is required as the flags are not recorded in the BUILDINFO
hence we need to provide the matching config that declared those flags.
|
|
Add the SPDX license identifier GPL-3.0-or-later to the header of all
scripts without a specific license and upgrading those that are stated
as GPL-2.0 to become GPL-3.0-or-later.
|
|
This helps to map the correct build tool configs that are required to
reproduce a specific package and have the appropriate *FLAGS etc.
|
|
|
|
We now accept:
1) # nothing
in which case we'll use the PKGBUILD to retrieve...
2) name, or repo/name
in which case we'll use pacman to cache the package and retrieve...
3) a filename
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
Teach get_pkgfile to call itself in local-only mode and find a cached
file no matter what its extension is. Avoids repetitively trying to curl
random files, fail with 404 errors, and proceed to discover a cache hit
under a different file extension.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
First try a .zst location before falling back to legacy variants. This
should slightly speed up downloading of dependencies, especially over
time as .zst packages are or will be the dominant format.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
By specifying multiple package files, we assume they are all from the
same PKGBUILD, and try to check them all against the produced artifacts.
Since the buildinfo should be comparable for all of them, we simply use
the first one passed on the command line.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
This ensures we use the same configuration for reproducing packages as
we use for building them via devtools.
One example of why we care about this are the COMPRESS* settings that
may differ from the guest's pacman shipped makepkg.conf that affect the
reproducibility of packages.
|
|
We don't want the default PKGEXT in the current version of devtools, we
want the PKGEXT we *know* the input file used.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
|
|
This attempts to recreate a package that was probably created using
makechrootpkg, and see if it conforms to the
https://reproducible-builds.org/ specification.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|