Age | Commit message (Collapse) | Author | Files | Lines |
|
Needed to support reproducible builds.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
If a user umask is restrictive, a chroot may be created as root without the
ability for the user to read it, which then causes makepkg
--verifysource to fail.
Do not set this in lib/common.sh, where it would apply to all scripts,
as we do not want to override the user's policy for things like $SRCDEST
files, svn checkouts, etc.
Fixes FS#47625
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
settings)."
This reverts commit 578a62f1e0713b0df9722470146fb85fb819202c.
mkarchroot is run as root (via check_root if needed) so the environment
should already be clean. If not, the user has broken their root
environment, and we cannot support this. It's unclear what environment
settings may or may not be messing with anything, ever, but the original
bug report happened on Parabola who perform extensive patching to
"libretools" such that the code no longer resembles devtools at all.
It's therefore likely any such bug is parabola specific, but we will
never know since the original commit message states that they don't know
why they do it either.
Parsing the user's entire exported environment via both sed and grep is
overkill for a non-bug, especially when it doesn't work for variables
declared -rx and doesn't work for things like:
export fooled_you=$'wow such hax\ndeclare -x http_proxy=lol'
Also if done properly this would rely on compgen -e to print all
exported shell variables. Or even better, loop through /proc/$$/environ
which is both null-delimited and easily parsed with the read builtin and
[[ ]]
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
It's incorrect to make pacman completely useless inside the chroot by
starting off with no pacman keyring. Assuming that the only consumers of
a new chroot will be arch-nspawn (which copies over the hostconf) is
bad design, and furthermore makes it impossible to fix other issues in
arch-nspawn itself.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
And while we're at it, make this more consistent. Currently we
unnecessarily support only one -c /path/to/cachedir option.
This requires slightly more thorough handling in mkarchroot to ensure
all custom cachedirs are passed on to arch-nspawn. Rework
to simply forward all arguments to arch-nspawn (minus final arguments
used for pacman -Sy packagelist).
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Some lines are indented by spaces, while adjacent lines are indentet by tabs.
We should use tabs on both.
Signed-off-by: Erich Eckner <git@eckner.net>
|
|
These changes are all strictly "slap some double-quotes in there".
Anything more than that is not included in this commit.
|
|
These are purely stylistic changes that make shellcheck complain less.
This does NOT include things like quoting currently unquoted variables.
|
|
A previous iteration of this change (libretools commit d7dcce53396d)
simply inserted `env -i` to clear the environment.
However, that lead to it ignoring proxy settings, which some users had
problems with:
https://labs.parabola.nu/issues/487:
> To fix other bugs, the pacstrap environment is blank, which also
> means that the proxy settings are blank.
So (in libretools commit d17d1d82349f), I changed it to use `declare
-x` to inspect the environment, and create a version of it only
consisting of variables ending with "_proxy" (case-insensitive).
I honestly don't remember what "other bugs" prompted me to clear the
environment in the first place.
|
|
This allows us to run an ARM chroot on an x86 box; as the binfmt
runner will set the architecture for us, and the x86
`/usr/bin/setarch` program won't know about the ARM architecture
string.
|
|
This allows us to copy in files like `qemu-arm-static`, which is
necessary for running an ARM chroot on an x86 box.
|
|
This involves extending the signature of lib/common.sh's `stat_busy()`,
`lock()`, and `slock()`. The `mesg=$1; shift` in stat_busy even suggests
that this is what was originally intended from it.
|
|
In cases where there is no license specified, the file is tagged as
"License: Unspecified". Obviously, that is not ideal, but it
highlights the fact, and I hope that it encourages whoever has the
authority to specify the license to do so.
On that note, to anyone who may have the authority to specify the
license of files in devtools: the current licence of many files is
GPLv2 with no option for later versions; I impore you to re-license
them to have the "or any later version" option.
|
|
|
|
Move the function and save the orig_argv right along it.
|
|
|
|
In order to have an UTF-8 locale in the build root. This is something
normally set on real machines but is not set from our chroots. Meson,
for example, loudly complains when the locale charset is not UTF-8.
I'd like to have C.UTF-8, as most other distributions do. Unfortunately,
it's not part of vanilla glibc; en_US.UTF-8 will have to do.
mkarchroot already creates roots with both en_US.UTF-8 and de_DE.UTF-8,
the latter because builds of gcc (perhaps used to) require it.
Bump the CHROOT_VERSION due to the setting change.
|
|
|
|
Fixes FS#42277.
|
|
The "app" hasn't been an option since arch-nspawn was created.
|
|
In collaborative builder machine, these scripts are often allowed to become root
via sudo. This patch avoid to prefix them by sudo each time or call su.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Now that die() properly forwards arguments to error(), we can expect
that the first arg is a format string and not the entirety of the
output.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Reduces code duplication.
With makechrootpkg not calling mkarchroot anymore,
the lock handover protocol is unneeded.
arch-nspawn does not do any locking, so add protection to archbuild.
|
|
Separates the two features of mkarchroot. Provides users of the new
arch-nspawn with the full feature set of systemd-nspawn.
For example, this can be used to bind custom directories into the chroot.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
systemd-nspawn is capable of doing this as of systemd-198. Doing this
means we can remove all of our home grown chroot mount/umount logic, as
it's all performed by pacstrap or systemd-nspawn.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
|
|
The usage messages now begins with a "Usage:", i.e. capitalized and with a colon. Fixes FS#26956.
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Fixes FS#28973
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
Stop trap_exit from forcing a 0 exit code. This fixes makechrootpkg,
which used to always return success, even if the build failed.
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
/etc/timezone is no longer used. We only need /etc/localtime.
This fixes FS#31929
|
|
|
|
* If we are running systemd use nspawn instead of our own chroot setup
* Use pacstrap to setup our chroot environment
* Make sure the common trap is still called
* Bind resolve.conf, timezone and lcoaltime from the host if nspawn is not used
* Run ldconfig within the chroot
|
|
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
* We use the host package cache configuration
* As only the first cache will be written to, we mount the others readonly
|
|
|
|
is needed
|
|
* bind /sys and /dev/pts from host
* drop support for devtmpfs as it is no longer needed
* add /run and /dev/rtc0
* clone own ipc, uts and mount namespaces for chroot
* set localtime, timezone and locale within chroot environment
* copy /etc/pacman.d/gnupg from host
|
|
We need /dev/ptmx -> /dev/pts/ptmx (for devpts -o newinstance)
Other way to do this thing is via bind mount (as said kernel doc[devpts.txt]).
This should be done in this way at least for /dev as devtmpfs in the chroot.
Since we can not touch /dev (devtmpfs), because devtmpfs is "singleton",
just use bind method and avoid interference.
Do it the same for both modes of /dev (tmpfs) and (devtmpfs) to keep it simple.
Currently devpts in chroot is not working without this when using /dev as devtmpfs,
this fixes this issue (opening /dev/ptmx, creates devices nodes on outside /dev/pts)
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
The main intention of this patch is to take advantage of
/dev/loop-control and loop devices.
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
As of filesystem-2011.12 this is not needed anylonger, and indeed blocks the
chroot from being upgraded. As a workaround, recreating the chroot fixes the
problem.
Fixes FS#27640.
Reported-by: Andrea Scarpino <andrea@archlinux.org>
Signed-off-by: Tom Gundersen <teg@jklm.no>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|
|
We already fixed a couple of these in previous patches - this one should
replace all remaining uses of single brackets ("[") by double brackets.
Also, use arithmetic evaluation instead of conditional expressions where
appropriate and make use of "-z" and "-n" instead of comparing variables
to empty strings.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
|
|
Some of the output/error messages were capitalized, some were
not. This patch capitalize everything for consistency sake. Other
minor changes were done to the messages like removing the superfluous
"error:" from die messages and adding a final period to messages that
were complete sentences as appropriate.
Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com>
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
|