From 0f3778c3d36028e5c9d4e5ec702c8f167e1cebba Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" Date: Thu, 14 Sep 2017 22:21:47 +0200 Subject: makechrootpkg: Prevent collecting coredumps Coredumps from build chroots are not generally useful. Prevent them from being generated. Avoids a lot of annoyance from the GCC testsuite spawning lots of systemd-coredump processes. Just set the soft limit so the user can still raise it in the PKGBUILD if they insist. --- makechrootpkg.in | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index ef3f2ec..add87d3 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -241,8 +241,12 @@ EOF # These functions aren't run in makechrootpkg, # so no global variables _chrootbuild() { + # No coredumps + ulimit -c 0 + # shellcheck source=/dev/null . /etc/profile + # Beware, there are some stupid arbitrary rules on how you can # use "$" in arguments to commands with "sudo -i". ${foo} or # ${1} is OK, but $foo or $1 isn't. -- cgit v1.2.3-70-g09d2 From ddd508efc083fc9beb6f2c96e2537521b31c1e6f Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" Date: Thu, 14 Sep 2017 23:31:41 +0200 Subject: makechrootpkg: Reopen console to assign the CTTY nspawn does not give us a controlling terminal, hence we ignore interrupts. Apparently this was lost in systemd at some point. Hack around this by reopening the console to make it the controlling terminal. --- makechrootpkg.in | 3 +++ 1 file changed, 3 insertions(+) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index add87d3..8724355 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -241,6 +241,9 @@ EOF # These functions aren't run in makechrootpkg, # so no global variables _chrootbuild() { + # Work around nspawn not giving us a ctty + exec Date: Sat, 16 Sep 2017 17:52:39 -0400 Subject: makechrootpkg: move init_variables() to be part of main() The reason it wasn't moved before was just to keep the diffs (with --ignore-all-space) smaller, to make merging and rebasing work easier. Moving code around in a file tends to make that difficult. But, readability wise, it belongs in main(). --- makechrootpkg.in | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index 8724355..f81c47e 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -15,29 +15,6 @@ m4_include(lib/archroot.sh) shopt -s nullglob -init_variables() { - default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg) - makepkg_args=("${default_makepkg_args[@]}") - keepbuilddir=false - update_first=false - clean_first=false - run_namcap=false - temp_chroot=false - chrootdir= - passeddir= - makepkg_user= - declare -ga install_pkgs - declare -gi ret=0 - - bindmounts_ro=() - bindmounts_rw=() - - copy=$USER - [[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER - [[ -z "$copy" || $copy = root ]] && copy=copy - src_owner=${SUDO_USER:-$USER} -} - usage() { echo "Usage: ${0##*/} [options] -r [--] [makepkg args]" echo ' Run this script in a PKGBUILD dir to build a package inside a' @@ -325,7 +302,26 @@ move_products() { # }}} main() { - init_variables + default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg) + makepkg_args=("${default_makepkg_args[@]}") + keepbuilddir=false + update_first=false + clean_first=false + run_namcap=false + temp_chroot=false + chrootdir= + passeddir= + makepkg_user= + declare -a install_pkgs + declare -i ret=0 + + bindmounts_ro=() + bindmounts_rw=() + + copy=$USER + [[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER + [[ -z "$copy" || $copy = root ]] && copy=copy + src_owner=${SUDO_USER:-$USER} while getopts 'hcur:I:l:nTD:d:U:' arg; do case "$arg" in -- cgit v1.2.3-70-g09d2 From 095e5305e45a32d4eee1e43a493200f4bc8455b3 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 16 Sep 2017 18:00:11 -0400 Subject: makechrootpkg: Fix function usage comments A couple of the comments noting which globals are used by functions are outdated/wrong. - download_sources() : Remove USER from the list. It was always wrong. Originally, it should have been SUDO_USER (not USER), but I should have removed it entirely in 4f23609. - move_products() : Add SRCPKGDEST to the list. Though the commit adding the comment was only recently upstreamed (as 2fd5931), it originated in 2013 in a commit that has since been rebased many times. Anyway, in this rebasing, it missed move_products() starting to pay attention to SRCPKGDEST in fd1be1b (since nothing made git think there was a "conflict"). --- makechrootpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index f81c47e..d4c293f 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -245,7 +245,6 @@ _chrootnamcap() { # Usage: download_sources $copydir $makepkg_user # Globals: # - SRCDEST -# - USER download_sources() { local copydir=$1 local makepkg_user=$2 @@ -267,6 +266,7 @@ download_sources() { # Globals: # - PKGDEST # - LOGDEST +# - SRCPKGDEST move_products() { local copydir=$1 local src_owner=$2 -- cgit v1.2.3-70-g09d2 From eab5aba9b027a7689acaf2382a04ff69b5b8771e Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Mon, 30 Oct 2017 11:17:56 -0400 Subject: Support reproducible builds Recent development versions of makepkg support reproducible builds through the environment variable SOURCE_DATE_EPOCH. Pass this variable through makechrootpkg to makepkg when available. Also initialize SOURCE_DATE_EPOCH whenever running archbuild to enforce reproducible builds for repository packages. Signed-off-by: Eli Schwartz Signed-off-by: Levente Polyak --- archbuild.in | 7 ++++++- lib/archroot.sh | 6 ++++-- makechrootpkg.in | 5 +++-- 3 files changed, 13 insertions(+), 5 deletions(-) (limited to 'makechrootpkg.in') diff --git a/archbuild.in b/archbuild.in index 8339aef..1e5b582 100644 --- a/archbuild.in +++ b/archbuild.in @@ -39,7 +39,7 @@ while getopts 'hcr:' arg; do esac done -check_root +check_root SOURCE_DATE_EPOCH # Pass all arguments after -- right to makepkg makechrootpkg_args+=("${@:$OPTIND}") @@ -74,5 +74,10 @@ else pacman -Syu --noconfirm || abort fi +# Always build official packages reproducibly +if [[ ! -v SOURCE_DATE_EPOCH ]]; then + export SOURCE_DATE_EPOCH=$(date +%s) +fi + msg "Building in chroot for [%s] (%s)..." "${repo}" "${arch}" exec makechrootpkg -r "${chroots}/${repo}-${arch}" "${makechrootpkg_args[@]}" diff --git a/lib/archroot.sh b/lib/archroot.sh index 98fd2cf..f279603 100644 --- a/lib/archroot.sh +++ b/lib/archroot.sh @@ -6,13 +6,15 @@ CHROOT_VERSION='v4' ## -# usage : check_root +# usage : check_root $keepenv ## orig_argv=("$0" "$@") check_root() { + local keepenv=$1 + (( EUID == 0 )) && return if type -P sudo >/dev/null; then - exec sudo -- "${orig_argv[@]}" + exec sudo --preserve-env=$keepenv -- "${orig_argv[@]}" else exec su root -c "$(printf ' %q' "${orig_argv[@]}")" fi diff --git a/makechrootpkg.in b/makechrootpkg.in index d4c293f..9253544 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -205,6 +205,7 @@ EOF { printf '#!/bin/bash\n' declare -f _chrootbuild + declare -p SOURCE_DATE_EPOCH 2>/dev/null printf '_chrootbuild "$@" || exit\n' if $run_namcap; then @@ -231,7 +232,7 @@ _chrootbuild() { # use "$" in arguments to commands with "sudo -i". ${foo} or # ${1} is OK, but $foo or $1 isn't. # https://bugzilla.sudo.ws/show_bug.cgi?id=765 - sudo -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@" + sudo --preserve-env=SOURCE_DATE_EPOCH -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@" } _chrootnamcap() { @@ -343,7 +344,7 @@ main() { [[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.' makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}} - check_root + check_root SOURCE_DATE_EPOCH # Canonicalize chrootdir, getting rid of trailing / chrootdir=$(readlink -e "$passeddir") -- cgit v1.2.3-70-g09d2 From 7a3c5085017987b6ef934cf9d9b098b4994ba21a Mon Sep 17 00:00:00 2001 From: Evangelos Foutras Date: Wed, 27 Dec 2017 23:25:32 +0200 Subject: Revert "makechrootpkg: Reopen console to assign the CTTY" This reverts commit ddd508efc083fc9beb6f2c96e2537521b31c1e6f. The underlying bug (FS#56529) was fixed in glibc 2.26-9. --- makechrootpkg.in | 3 --- 1 file changed, 3 deletions(-) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index 9253544..511e519 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -219,9 +219,6 @@ EOF # These functions aren't run in makechrootpkg, # so no global variables _chrootbuild() { - # Work around nspawn not giving us a ctty - exec