Age | Commit message (Collapse) | Author | Files | Lines |
|
settings)."
This reverts commit 578a62f1e0713b0df9722470146fb85fb819202c.
mkarchroot is run as root (via check_root if needed) so the environment
should already be clean. If not, the user has broken their root
environment, and we cannot support this. It's unclear what environment
settings may or may not be messing with anything, ever, but the original
bug report happened on Parabola who perform extensive patching to
"libretools" such that the code no longer resembles devtools at all.
It's therefore likely any such bug is parabola specific, but we will
never know since the original commit message states that they don't know
why they do it either.
Parsing the user's entire exported environment via both sed and grep is
overkill for a non-bug, especially when it doesn't work for variables
declared -rx and doesn't work for things like:
export fooled_you=$'wow such hax\ndeclare -x http_proxy=lol'
Also if done properly this would rely on compgen -e to print all
exported shell variables. Or even better, loop through /proc/$$/environ
which is both null-delimited and easily parsed with the read builtin and
[[ ]]
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Previously, arch-nspawn was using the hosts' pacman cache in
the chroot even when the chroot was set up with a different
cache by mkarchroot, unless specified with the -c flag.
Problem is that makechrootpkg passes no -C, -M nor -c flags
to arch-nspawn, so all values must be obtained from the
working directory.
This change take the cache directories from the pacman.conf
specified with the -C option unless the -c option was given
(as is the case when the chroot is set up with mkarchroot),
and, when neither -C nor -c is given (as is the case when
invoked by makechrootpkg), the cache directory is taken
from the pacman.conf in the working directory.
This wasn't such an issue when i686 was mainline, however,
which building packages in a chroot against archlinux32 on
an x86_64 platform, the cache of the host should _never_ be
used.
Rebased by eschwartz on top of cachedir reworking.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
It's important to ensure the guest has up to date data because updating
a chroot after quite some time can potentially rely on updated
archlinux-keyring, something which the host machine either kept up to
date on or manually fixed, but it kills automation to mess around with
chroot configs like that. Alternatively, signed packages added with -I
need to work, and we assume the host is configured to accept these.
That is *not* a good reason to completely nuke whatever is in the guest,
though. A guest might have been manually configured to accept keys which
aren't accepted by the host; one example of this happening in practice,
is archlinux32 when building 32-bit packages from an archlinux host.
The right solution is to append to, rather thna overwrite, the chrooted
guest's pacman keyring.
To do this, we will use gpg's native facility to dump the keyring from
one GNUPGHOME and import it into another. We'd use pacman-key's --import
option directly, but this doesn't support passing custom options like
--import-options import-local-sigs
Finally use pacman-key's native facility to import the trust status from
the host.
While we are at it, fix a bug where we didn't respect the host's
pacman.conf settings for the GpgDir. While it isn't wildly likely a user
will choose to customize this, it is a valid and supported use case and
we must think about this ourselves.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
In commit d9b73504484da7e185dc590ef13d5f31942f6051, a line was deleted
that had a shellcheck ignore marker, but the marker itself was left in
(and had nothing to do). So, remove it.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
It's incorrect to make pacman completely useless inside the chroot by
starting off with no pacman keyring. Assuming that the only consumers of
a new chroot will be arch-nspawn (which copies over the hostconf) is
bad design, and furthermore makes it impossible to fix other issues in
arch-nspawn itself.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Since makepkg.conf is a bash-compatible configuration file, it must be
sourced.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
In commit 46c4def0733a78ce08702d188e3e1a141fb07316, we added support for
nonstandard PREFIX installations, but DESTDIR was and is never supposed
to be a part of that. While DESTDIR isn't terribly likely to be used
during `make all` invocations, that's no reason to break horribly if it
is used for some reason.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
And while we're at it, make this more consistent. Currently we
unnecessarily support only one -c /path/to/cachedir option.
This requires slightly more thorough handling in mkarchroot to ensure
all custom cachedirs are passed on to arch-nspawn. Rework
to simply forward all arguments to arch-nspawn (minus final arguments
used for pacman -Sy packagelist).
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
This tool is useful for running makechrootpkg on a remote build server,
and is by default hooked up to send a PKGBUILD and initiate a build on
our shiny new build server "dragon".
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
This reverts commit 6d1992909cc46e293027ff488ae2632047603e66.
It has never worked. In commit c86823a2d4a4152c71faa1c3bab227756232996f
it was noted that it compared the device numbers for [[ $1 = $1 ]] which
was a useless check and always returned true, for *any* btrfs
filesystem. Now that the function is corrected to compare [[ $1 = $2 ]]
the check is still useless, but this time because it always returns
false -- btrfs subvolumes on the same filesystem do *not* share device
numbers.
So let's go back to the original working implementation that only
matters in terms of makechrootpkg, and just checks if makechrootpkg's
root working directory is btrfs (in which case we know it will be a
subvolume because mkarchroot will create it that way).
This restores our special support for the btrfs filesystem.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
Some lines are indented by spaces, while adjacent lines are indentet by tabs.
We should use tabs on both.
Signed-off-by: Erich Eckner <git@eckner.net>
|
|
The old behaviour would always evaluate to true - this is certainly not
what that function should do.
Signed-off-by: Erich Eckner <git@eckner.net>
|
|
|
|
|
|
This fixes a regression introduced in eeb1c0e59ee8a5f7be4a6742ba6689af54e9ac7d
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
This is the new and improved, canonical sogrep command, now with a valid
license.
The previous version of sogrep had several issues and inefficiencies,
and ultimately wasn't really the finished project I wanted it to be. Due
to a mistake in communication, I was totally unaware it was in the
process of being merged at all, nor that there was a licensing issue, or
I would have recommended waiting for both further improvements, and a
declaration of license intent; nevertheless, here it is now, and I
formally give this over into the GPLv2+ domain.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
Partition the Makefile targets to only clean configured files, and make
the configured files be a subset of the bin programs.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
Introduce a README which describes where to send patches and how to
release a new version of devtools.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
If makechrootpkg is called as non-root, the {SRC,SRCPKG,PKG,LOG}DEST,
MAKEFLAGS and PACKAGER environment variables are lost in the call to
check_root().
Add these to the passed keepenv list so that they are preserved instead.
|
|
Now that pacconf gives us all mirrors we can use them, instead of just
the first one.
Signed-off-by: Christian Hesse <mail@eworm.de>
|
|
The rename of sogrep to sogrep.in failed to remove sogrep and adding it
to .gitignore.
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
|
|
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
make clean removes all .in converted files to a file without .in which
in the make clean step is removed. So running make clean will remove
sogrep since it's specified as BINPROGS. In the future this steps should
be removed for sogrep since it is a standalone script.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
Add a simple man page for find-libdeps and find-libprovides.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
Add a section about environment variables which influence sogrep's
behaviour.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
|
|
svn propset's where determined to be non-reproducible and therefore
where removed from svn. Don't introduce them when moving packages
between repos.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
This is from Eli's dotfiles after he'd cleaned it up but never actually went ahead and made this PR.
I figure it's time to add it.
|
|
archrm is a not much more fancy rm -rf and therefore not really useful
to ship.
|
|
|
|
|
|
Even if continue would work, it does exactly the same as a return
in the way this function is being used.
|
|
makechrootpkg's download_sources() leaves a stray directory if
"makepkg --verifysource" failed. We use "setup_workdir" instead
of "mktemp -d", because this ensures the correct garbage collection.
Signed-off-by: Erich Eckner <git@eckner.net>
|
|
Les us source makepkg.conf settings from the environemnt. This also includes
`GNUPGHOME` which is present in `makechrootpkg`, but not included in archbuild.
Signed-off-by: Morten Linderud <foxboron@archlinux.org>
|
|
|
|
|
|
|
|
|
|
makepkg 5.1 implements error codes, and 14 means that installing the
packages after they were built has failed. We don't care about this
error and would like makechrootpkg to succeed regardless, e.g. for split
packages that are mutually exclusive.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
chown support "$user:$group" but also "$user:" which infers $group
rather than leaving it as root. This looks up the group name in cases
where the default group is e.g. "users" and users do not get their own
unique groups.
|
|
It is much nicer to use a proper configuration parser to retrieve the
primary mirror, rather than clever hacks using undocumented APIs,
especially when their behavior as used then breaks in later releases.
Fortunately, pacutils exists now and pacconf handles this quite
elegantly. It has since been moved to pacman-git proper.
Check if pacman-conf from a new enough version of pacman exists and
fallback on pacconf from pacutils.
|
|
cache"
This reverts commit eb6b0e3f11279b6512b1469ff042d2982eaaeef4.
This never worked, as pacman-git returns file urls from the cache anyway
and pacman stable doesn't have any problem at all. Having useless code
which makes people think the issue is solved when it really isn't, is
bloat, so remove it.
|
|
Since commit 75fdff1811a0487f82c75b2e260da905102b4eea we no longer run
integrity checks inside the chroot anyway, so this is no longer needed
and will never be used.
|
|
Without it, sudo 1.8.23 will return an error:
sudo: PAM account management error: Authentication
service cannot retrieve authentication info
|
|
In pacman-git commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac makepkg
started checking that the setuid/setgid bit could be removed on the
$BUILDDIR in order to prevent this propagating to the packages
themselves. Unfortunately, this requires the temporary builddir used
during the --verifysource stage of makepkg, to be owned by $makepkg_user
which was not the case as it is created as root using mktemp (and given
world rwx in addition to the restricted deletion bit.)
Obviously makepkg cannot chmod a directory that it does not own. Fix
this by making $makepkg_user the owner of that directory, as should have
been the case all along.
(Giving world rwx is illogical on general principle. The fact that this
is a workaround for makepkg demanding these directories be writable even
when they are not going to be used for the makepkg options in question,
is not justification for being careless.)
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|