From af6c0a0f6a7644f583f2d83ba7a61e82b77bdc37 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 1 Jun 2014 23:54:20 -0400 Subject: common.sh: propagate error through trap_exit Fixes a breakage introduced in 6db31cc16a80442 which leads to errors being masked from makechrootpkg. --- lib/common.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/common.sh b/lib/common.sh index b885080..104850b 100644 --- a/lib/common.sh +++ b/lib/common.sh @@ -79,8 +79,9 @@ trap_abort() { } trap_exit() { + local r=$? trap - EXIT INT QUIT TERM HUP - cleanup + cleanup $r } die() { -- cgit v1.2.3-54-g00ecf From d83805bc54b04d8c63982784e1a220a2bd87e3b0 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 31 Aug 2014 09:43:00 -0400 Subject: nspawn: skip machine registration No need to do this since we don't run an init system in the build root. --- arch-nspawn.in | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/arch-nspawn.in b/arch-nspawn.in index 4436a0e..1879442 100644 --- a/arch-nspawn.in +++ b/arch-nspawn.in @@ -94,11 +94,8 @@ copy_hostconf eval $(grep '^CARCH=' "$working_dir/etc/makepkg.conf") -machine_name="${working_dir//[![:alnum:]_-]/-}" -machine_name="${machine_name#-}" - exec ${CARCH:+setarch "$CARCH"} systemd-nspawn 2>/dev/null \ -D "$working_dir" \ - --machine "$machine_name" \ + --register=no \ "${mount_args[@]}" \ "$@" -- cgit v1.2.3-54-g00ecf From 651f8f834ff4076ece781d276cdc60137c961081 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 10 May 2014 22:22:03 -0400 Subject: arch-nspawn: Fix a grammar mistake (a/an) in an error message. --- arch-nspawn.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch-nspawn.in b/arch-nspawn.in index 1879442..b85d360 100644 --- a/arch-nspawn.in +++ b/arch-nspawn.in @@ -84,7 +84,7 @@ umask 0022 # Sanity check if [[ ! -f "$working_dir/.arch-chroot" ]]; then - die "'%s' does not appear to be a Arch chroot." "$working_dir" + die "'%s' does not appear to be an Arch chroot." "$working_dir" elif [[ $(cat "$working_dir/.arch-chroot") != $CHROOT_VERSION ]]; then die "chroot '%s' is not at version %s. Please rebuild." "$working_dir" "$CHROOT_VERSION" fi -- cgit v1.2.3-54-g00ecf From be00fcd47b9fa6ebdab7173372ab219514e0b88d Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 4 May 2014 15:43:50 -0400 Subject: makechrootpkg: use a simpler/safer expression with eval --- makechrootpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makechrootpkg.in b/makechrootpkg.in index 97c7780..5ed7390 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -113,7 +113,7 @@ for arg in "${@:OPTIND}"; do done if [[ -n $SUDO_USER ]]; then - USER_HOME=$(eval echo ~$SUDO_USER) + eval "USER_HOME=~$SUDO_USER" else USER_HOME=$HOME fi -- cgit v1.2.3-54-g00ecf From 98841eb694fa3cd575fde60e562586cf33415c5b Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sat, 10 May 2014 09:31:26 -0400 Subject: common: remove unreachable statement We run from a non-interactive shell, so the exec which is inevitably called will replace the current process and 'die' will never run under any circumstances. This also fixes a bug with the su fallback which would cause multiple arguments to be concatenated without any whitespace between them. --- lib/common.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/common.sh b/lib/common.sh index 104850b..f6aea93 100644 --- a/lib/common.sh +++ b/lib/common.sh @@ -238,7 +238,6 @@ check_root() { if type -P sudo >/dev/null; then exec sudo -- "$@" else - exec su root -c "$(printf '%q' "$@")" + exec su root -c "$(printf ' %q' "$@")" fi - die 'This script must be run as root.' } -- cgit v1.2.3-54-g00ecf From 6dce935b99389713cf5b8a5b698b1abd6670c916 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 10 May 2014 22:22:04 -0400 Subject: archbuild: Fix a variable name mistake. ($copydir -> $copy) It tried to lock `$copydir.lock`, which was the ONLY mention of $copydir in the entire file. Surely it meant `$copy.lock`; the line was probably originally copy/pasted from makechrootpkg or similar, where $copydir is used. --- archbuild.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archbuild.in b/archbuild.in index ae2f511..dc45c7f 100644 --- a/archbuild.in +++ b/archbuild.in @@ -49,7 +49,7 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then [[ -d $copy ]] || continue msg2 "Deleting chroot copy '$(basename "${copy}")'..." - lock 9 "$copydir.lock" "Locking chroot copy '$copy'" + lock 9 "$copy.lock" "Locking chroot copy '$copy'" if [[ "$(stat -f -c %T "${copy}")" == btrfs ]]; then { type -P btrfs && btrfs subvolume delete "${copy}"; } &>/dev/null -- cgit v1.2.3-54-g00ecf From 625e6bd41206c5018b1a9e11c5cc2b3aef55a66e Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 10 May 2014 22:22:05 -0400 Subject: mkarchroot: Correct "Usage:" text. The "app" hasn't been an option since arch-nspawn was created. --- mkarchroot.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkarchroot.in b/mkarchroot.in index fb472bc..5f3d6fe 100644 --- a/mkarchroot.in +++ b/mkarchroot.in @@ -15,7 +15,7 @@ CHROOT_VERSION='v3' working_dir='' usage() { - echo "Usage: ${0##*/} [options] working-dir [package-list | app]" + echo "Usage: ${0##*/} [options] working-dir package-list..." echo ' options:' echo ' -C Location of a pacman config file' echo ' -M Location of a makepkg config file' -- cgit v1.2.3-54-g00ecf From 12a1300694272928e70408f4ce2fe85bacd19eb4 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 10 May 2014 22:22:06 -0400 Subject: makechrootpkg: Use the btrfs mountpoint/subvolume check consistently. Commit 59e348fc3c5dd086331d884a6dd76fb43a92b7eb added a btrfs subvolume check, but only used it in create_chroot(); it missed clean_temporary(). --- makechrootpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makechrootpkg.in b/makechrootpkg.in index 5ed7390..8bc18a4 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -164,7 +164,7 @@ create_chroot() { clean_temporary() { stat_busy "Removing temporary copy [$copy]" - if [[ "$chroottype" == btrfs ]]; then + if [[ "$chroottype" == btrfs ]] && ! mountpoint -q "$copydir"; then btrfs subvolume delete "$copydir" >/dev/null || die "Unable to delete subvolume %s" "$copydir" else -- cgit v1.2.3-54-g00ecf From a78bdb841dbe7839c8afd7184d821ed42dd334cc Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 21 Sep 2014 15:03:28 -0400 Subject: makechrootpkg: build as same UID as invoker Changing UID to that of 'nobody' is arbitrary at best, and an information leak at worst. Let's just drop back to the same UID of the invoker. --- makechrootpkg.in | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/makechrootpkg.in b/makechrootpkg.in index 8bc18a4..b82c2a2 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -234,7 +234,13 @@ prepare_chroot() { echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf" fi - chown -R nobody "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir} + builduser_uid=${SUDO_UID:-$UID} + + # We can't use useradd without chrooting, otherwise it invokes PAM modules + # which we might not be able to load (i.e. when building i686 packages on + # an x86_64 host). + printf 'builduser:x:%d:100:builduser:/:/usr/bin/nologin\n' "$builduser_uid" >>"$copydir/etc/passwd" + chown -R "$builduser_uid" "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir} if [[ -n $MAKEFLAGS ]]; then sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf" @@ -246,12 +252,12 @@ prepare_chroot() { echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf" fi - if [[ ! -f $copydir/etc/sudoers.d/nobody-pacman ]]; then - cat > "$copydir/etc/sudoers.d/nobody-pacman" < "$copydir/etc/sudoers.d/builduser-pacman" <&1 | tee "/logdest/${pkgfile##*/}-namcap.log" + sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log" done fi -- cgit v1.2.3-54-g00ecf From 285a4e94cdee62cae155abcec4daeeffd709e900 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Tue, 23 Sep 2014 07:57:43 -0400 Subject: makechrootpkg: make running namcap a "compile time" choice We don't need to pass _chrootbuild this information at runtime -- we can just generate the build script to do exactly what we want. --- makechrootpkg.in | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/makechrootpkg.in b/makechrootpkg.in index b82c2a2..a340116 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -262,8 +262,19 @@ EOF # This is a little gross, but this way the script is recreated every time in the # working copy - printf $'#!/bin/bash\n%s\n_chrootbuild %q %q' "$(declare -f _chrootbuild)" \ - "$makepkg_args" "$run_namcap" >"$copydir/chrootbuild" + { + printf $'#!/bin/bash\n%s\n_chrootbuild %q %q\n' "$(declare -f _chrootbuild)" \ + "$makepkg_args" "$run_namcap" + if $run_namcap; then + cat <<'EOF' +pacman -S --needed --noconfirm namcap +for pkgfile in /startdir/PKGBUILD /pkgdest/*; do + echo "Checking ${pkgfile##*/}" + sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log" +done +EOF + fi + } >"$copydir/chrootbuild" chmod +x "$copydir/chrootbuild" } @@ -290,7 +301,6 @@ _chrootbuild() { # This function isn't run in makechrootpkg, # so no global variables local makepkg_args="$1" - local run_namcap="$2" . /etc/profile export HOME=/build @@ -326,17 +336,7 @@ _chrootbuild() { exit 1 fi - sudo -u builduser makepkg $makepkg_args || exit 1 - - if $run_namcap; then - pacman -S --needed --noconfirm namcap - for pkgfile in /startdir/PKGBUILD /pkgdest/*; do - echo "Checking ${pkgfile##*/}" - sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log" - done - fi - - exit 0 + sudo -u builduser makepkg $makepkg_args } move_products() { -- cgit v1.2.3-54-g00ecf From cae954ddb5d35877eaaea588b84f932863714568 Mon Sep 17 00:00:00 2001 From: Doug Newgard Date: Sun, 21 Sep 2014 16:21:18 -0500 Subject: checkpkg: improve soname checking This makes soname checking much more robust and is explicit when a soname change is found. --- checkpkg.in | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/checkpkg.in b/checkpkg.in index ccbbecd..6ba04ed 100644 --- a/checkpkg.in +++ b/checkpkg.in @@ -63,12 +63,11 @@ for _pkgname in "${pkgname[@]}"; do sdiff -s "$TEMPDIR/filelist-$_pkgname-old" "$TEMPDIR/filelist-$_pkgname" - if diff "$TEMPDIR/filelist-$_pkgname"{-old,} | grep '\.so' &>/dev/null; then - mkdir -p "$TEMPDIR/pkg" - bsdtar -x -C "$TEMPDIR" -f "$pkgfile" #> /dev/null - comm -13 <(sort "$TEMPDIR/filelist-$_pkgname-old") <(sort "$TEMPDIR/filelist-$_pkgname") | grep .so$ | while read i; do - echo "${i}: " "$(objdump -p "$TEMPDIR/$i" | grep SONAME)" - done + find-libprovides "$TEMPDIR/$oldpkg" | sort > "$TEMPDIR/libraries-$_pkgname-old" + find-libprovides "$pkgfile" | sort > "$TEMPDIR/libraries-$_pkgname" + if ! diff_output="$(sdiff -s "$TEMPDIR/libraries-$_pkgname-old" "$TEMPDIR/libraries-$_pkgname")"; then + msg "Sonames differ in $_pkgname!" + echo "$diff_output" else msg "No soname differences for $_pkgname." fi -- cgit v1.2.3-54-g00ecf From bf7dc83bab4f002a29866fd30b1574b6fbca36aa Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 19 Oct 2014 16:06:31 -0400 Subject: save and reuse original argv when auto-elevating Fixes FS#42277. --- arch-nspawn.in | 4 +++- archbuild.in | 6 ++++-- makechrootpkg.in | 6 ++++-- mkarchroot.in | 4 +++- 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/arch-nspawn.in b/arch-nspawn.in index b85d360..19f1410 100644 --- a/arch-nspawn.in +++ b/arch-nspawn.in @@ -26,6 +26,8 @@ usage() { exit 1 } +orig_argv=("$@") + while getopts 'hC:M:c:' arg; do case "$arg" in C) pac_conf="$OPTARG" ;; @@ -38,7 +40,7 @@ done shift $(($OPTIND - 1)) (( $# < 1 )) && die 'You must specify a directory.' -check_root "$0" "$@" +check_root "$0" "${orig_argv[@]}" working_dir=$(readlink -f "$1") shift 1 diff --git a/archbuild.in b/archbuild.in index dc45c7f..9c5d706 100644 --- a/archbuild.in +++ b/archbuild.in @@ -29,6 +29,8 @@ usage() { exit 1 } +orig_argv=("$@") + while getopts 'hcr:' arg; do case "${arg}" in c) clean_first=true ;; @@ -37,11 +39,11 @@ while getopts 'hcr:' arg; do esac done +check_root "$0" "${orig_argv[@]}" + # Pass all arguments after -- right to makepkg makechrootpkg_args+=("${@:$OPTIND}") -check_root "$0" "$@" - if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then msg "Creating chroot for [${repo}] (${arch})..." diff --git a/makechrootpkg.in b/makechrootpkg.in index a340116..8957974 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -66,6 +66,8 @@ usage() { exit 1 } +orig_argv=("$@") + while getopts 'hcur:I:l:nTD:d:' arg; do case "$arg" in h) usage ;; @@ -81,10 +83,10 @@ while getopts 'hcur:I:l:nTD:d:' arg; do esac done -check_root "$0" "$@" - [[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.' +check_root "$0" "${orig_argv[@]}" + # Canonicalize chrootdir, getting rid of trailing / chrootdir=$(readlink -e "$passeddir") [[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir" diff --git a/mkarchroot.in b/mkarchroot.in index 5f3d6fe..78384da 100644 --- a/mkarchroot.in +++ b/mkarchroot.in @@ -24,6 +24,8 @@ usage() { exit 1 } +orig_argv=("$@") + while getopts 'hC:M:c:' arg; do case "$arg" in C) pac_conf="$OPTARG" ;; @@ -37,7 +39,7 @@ shift $(($OPTIND - 1)) (( $# < 2 )) && die 'You must specify a directory and one or more packages.' -check_root "$0" "$@" +check_root "$0" "${orig_argv[@]}" working_dir="$(readlink -f $1)" shift 1 -- cgit v1.2.3-54-g00ecf From 28140068ce22cc15fc155570f33e0bdaae22de9c Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 19 Oct 2014 16:43:13 -0400 Subject: makechroot: die if we encounter an unexpected option --- makechrootpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makechrootpkg.in b/makechrootpkg.in index 8957974..1fbd3b4 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -70,7 +70,6 @@ orig_argv=("$@") while getopts 'hcur:I:l:nTD:d:' arg; do case "$arg" in - h) usage ;; c) clean_first=true ;; D) bindmounts_ro+=(--bind-ro="$OPTARG") ;; d) bindmounts_rw+=(--bind="$OPTARG") ;; @@ -80,6 +79,7 @@ while getopts 'hcur:I:l:nTD:d:' arg; do l) copy="$OPTARG" ;; n) run_namcap=true; makepkg_args="$makepkg_args -i" ;; T) temp_chroot=true; copy+="-$$" ;; + h|*) usage ;; esac done -- cgit v1.2.3-54-g00ecf From e5fe74102dee0dc1b7343666f3b9d41446e7cf86 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Mon, 20 Oct 2014 19:13:57 -0400 Subject: makechrootpkg: don't run namcap if makepkg fails Fixes a regression introduced by 285a4e94cd, which made namcap a "compile time" option. --- makechrootpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makechrootpkg.in b/makechrootpkg.in index 1fbd3b4..c8cb169 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -265,7 +265,7 @@ EOF # This is a little gross, but this way the script is recreated every time in the # working copy { - printf $'#!/bin/bash\n%s\n_chrootbuild %q %q\n' "$(declare -f _chrootbuild)" \ + printf $'#!/bin/bash\n%s\n_chrootbuild %q %q || exit\n' "$(declare -f _chrootbuild)" \ "$makepkg_args" "$run_namcap" if $run_namcap; then cat <<'EOF' -- cgit v1.2.3-54-g00ecf From 273d5a7a4325b830fc0038abdc7fc8a1bb55bfd9 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 19 Oct 2014 19:49:02 -0400 Subject: makechrootpkg: treat makepkg_args as array --- makechrootpkg.in | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/makechrootpkg.in b/makechrootpkg.in index c8cb169..26deaca 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -12,7 +12,7 @@ m4_include(lib/common.sh) shopt -s nullglob -makepkg_args='-s --noconfirm -L --holdver' +makepkg_args=(-s --noconfirm -L --holdver) repack=false update_first=false clean_first=false @@ -46,7 +46,7 @@ usage() { echo 'command:' echo ' mkarchroot /root base-devel' echo '' - echo "Default makepkg args: $makepkg_args" + echo "Default makepkg args: ${makepkg_args[*]}" echo '' echo 'Flags:' echo '-h This help' @@ -77,7 +77,7 @@ while getopts 'hcur:I:l:nTD:d:' arg; do r) passeddir="$OPTARG" ;; I) install_pkgs+=("$OPTARG") ;; l) copy="$OPTARG" ;; - n) run_namcap=true; makepkg_args="$makepkg_args -i" ;; + n) run_namcap=true; makepkg_args+=(-i) ;; T) temp_chroot=true; copy+="-$$" ;; h|*) usage ;; esac @@ -102,7 +102,7 @@ else fi # Pass all arguments after -- right to makepkg -makepkg_args="$makepkg_args ${*:$OPTIND}" +makepkg_args+=("${@:$OPTIND}") # See if -R was passed to makepkg for arg in "${@:OPTIND}"; do @@ -265,8 +265,12 @@ EOF # This is a little gross, but this way the script is recreated every time in the # working copy { - printf $'#!/bin/bash\n%s\n_chrootbuild %q %q || exit\n' "$(declare -f _chrootbuild)" \ - "$makepkg_args" "$run_namcap" + printf '#!/bin/bash\n' + declare -f _chrootbuild + printf '_chrootbuild' + printf ' %q' "${makepkg_args[@]}" + printf ' || exit\n' + if $run_namcap; then cat <<'EOF' pacman -S --needed --noconfirm namcap @@ -302,7 +306,6 @@ download_sources() { _chrootbuild() { # This function isn't run in makechrootpkg, # so no global variables - local makepkg_args="$1" . /etc/profile export HOME=/build @@ -338,7 +341,7 @@ _chrootbuild() { exit 1 fi - sudo -u builduser makepkg $makepkg_args + sudo -u builduser makepkg "$@" } move_products() { -- cgit v1.2.3-54-g00ecf From 98166e3454139918304b3e0a314e41628dd0c61c Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Fri, 24 Oct 2014 09:19:17 -0400 Subject: prepare release 20141024 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 82a7362..244a791 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -V=20140510 +V=20141024 PREFIX = /usr/local -- cgit v1.2.3-54-g00ecf