| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Makepkg used to use du --apparent-size to compute the size of the
package. Unfortunately, this would result in different sizes depending
on the filesystem used (e.g., btrfs vs ext4), which would affect
reproducible builds. Use a wc-based approach to compute sizes
Signed-off-by: Santiago Torres <santiago@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
coreutils 8.26 in December 2016 added this new hashing method which is
compatible with the existing md5sum and sha*sum tool usage, while using
the blake2 hash algorithm.
makepkg uses coreutils to provide source file integrity checks via
${integ}sum binaries and it makes sense to offer this as an additional
option.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We don't need to check the options twice, since it is the same check
both times. Instead, merge the conditionals.
As far as I can tell, the only reason the checks for:
- PACMAN_OPTS and
- whether to use sudo
were ever separated is due to the historic existence of --asroot, since
the second check included a check for (( ! ASROOT )) until it was
cleaned up in commit 61ba5c961e4a3536c4bbf41edb348987a9993fdb.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
When pacman is run as root to do -S, -U, or -R, it would immediately
abort if pacman is not ready for use. Instead, poll the lockfile and
wait until it becomes available.
Implements FS#28840
Original-patch-by: Georges Dubus <georges.dubus@compiletoi.net>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Refactor many of the different arrays of pkgbuild variables
into scripts/libmakepkg/util/schema.sh.in.
Signed-off-by: morganamilo <morganamilo@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This patch was inspired by FS#32723 which asks makepkg to install makedepends
before depends. The use case is to build a package depending on a virtual
package that is only provided by other packages (e.g. java-runtime in Arch
Linux), but wanting to build against a specific version. Installing makedepends
first (but not at the same time as depends) would allow specifying the version
to build against, instead of pacman resolving to the default version when
installing depends.
It turns out, we can already achieve installing makedepends first by specifying
dependencies only in the package function (and making sure makedepends includes
everything needed). The only issue is that if we use makepkg to install the
built package with the --install flag and along with the --rmdeps flag, we will
try to remove any installed dependencies that are specified in the depends
array in the package function. To counter this, we need to use the --unneeded
flag for the pacman call.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This is not really an error with a "user function".
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
paths can contain printf-unsafe chars, and printf -v is not somehow immune to this
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
There are state variables for everything else, and we use them to do
conditional checks on things, but it's currently a bit difficult to test
whether a package is being built, as it's the default action if *no*
options are specified.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Causes it to be reset (to $pkgdirbase/$pkgbase) between subpackages.
This shouldn't be visible.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Merge the similar code handling unsplit PKGBUILDs and individual
packages in a split PKGBUILD and make it a new function.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We don't need to re-backup the variables we restored on the previous
iteration.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This opens the door for third parties to provide libmakepkg
extentions for the purpose of altering the build environment.
Signed-off-by: Que Quotion <quequotion@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This opens the door for third parties who provide extensions to
libmakepkg to supply scripts that confirm the presence of their
dependant executables.
Signed-off-by: Que Quotion <quequotion@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
If a user has a makepkg.conf policy to enable debug builds, but a
PKGBUILD has disabled buildflags, we would unset the *FLAGS but then
later append the debug *FLAGS anyway, which would result in some *FLAGS
being used, against the wishes of the PKGBUILD author.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The respective write_* functions are low-level and shouldn't be
outputting statuses; move these to the logic flow where they are used.
This ensures the functions can be used in the future wherever, and also
solves an issue where, as fallout from the message.sh retrofitting in
commit 882e707e40bbade0111cf3bdedbdac4d4b70453b, the statuses got
redirected to the actual files.
The resulting package was technically correct, except that it contained
useless lines which pacman ignored, and repo-add also ignored but at the
same time generated an error message:
/usr/bin/repo-add: line 335: declare: `=-> Generating .PKGINFO file...': not a valid identifier
Thirdparty package tools with stricter parsers may abort with errors,
and "repose" is known to do so.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This behavior is confusing, since it means absolutely everything goes to
stderr and makepkg itself is a quiet program that produces no expected
output???
The only situation where messages should go to stderr rather than
stdout, is with --geninteg which is meant to return the checksums on
stdout (but we don't want to totally get rid of status messages when
redirecting the results elsewhere, or, worse, redirect status messages
to a PKGBUILD). For this specific case, redirect message output to
stderr in the --geninteg callers directly.
Implements FS#17173
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
- it comes with free collation when moving the LC_ALL declaration up a bit;
this fixes a bug where the .FILES were not being properly sorted and
their order depended on directory creation order, which broke
reproducible builds in the wild.
- it handles sorting null-delimited output everywhere, without sort -z;
this lets us get rid of sed hacks
- it is faster than invoking multiple find subprocesses
- dotfiles can be automatically printed *and the C locale sorts them first*
with a single ** glob
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We don't need to translate the "Copyright YEAR AUTHOR" part, no part of
it should probably be translated and it definitely shouldn't turn every
single license terms notice into a separate translation just because the
author/year is different.
Fixes FS#58452
Also consistently add a blank line after the copyright and before the
license terms.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This reverts commit 9cdfd18739cc4b0e2b2efeb9a92a3ea612c8505f.
We've never documented whirlpoolsums support in the manpage and no one
really seems to have realized we support it, let alone use it -- except
for a few parabola packages, being the contributor's motivation for
adding support.
The problem is that for two years the code has been broken. In commit
577701250d645d1fc1a505cde34aedbeb3208ea5 we moved to coreutils to
provide checksum commands, rather than openssl, but there is no
whirlpoolsums binary.
Properly fixing this would require re-adding a dependency on openssl,
independent of the libalpm crypto backend -- which defeats the purpose
of moving to coreutils in the general case. nettle-hash does not provide
a whirlpool algorithm any more than it does base64 (the original reason
for moving to coreutils).
Therefore, we should just drop support for this again.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
It's most likely a case where output is being captured, so we shouldn't
be interleaving status messages with function output regardless. Setting
the pkgver() status message (the one time we use it in a subshell)
separately also makes it safe to change whether message.sh functions write
to stdout or stderr.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
`run_function_safe pkgver` is evaluated in a subshell and therefore does
not abort when it should. Explicitly check the return outside of the
subshell and abort if necessary.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Both run_function and run_function_safe will save and restore `shopt -p`
but the former is only called from the latter. It makes sense to save
this as part of a "safe" runner, so let's just do it in one place, there
where we save and restore everything else too.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
When re-running makepkg for fakeroot, if `bash -x makepkg` was used this
is lost. Fix by encoding the current set of options explicitly in the
invocation, both for makepkg and for the wrapper used to test scripts
inside the source tree.
Also change to use ${BASH_SOURCE[0]} instead of $0 as the latter can be
anything the parent process wants, while the former is explicitly set by
bash itself to the filepath of the script.
See http://mywiki.wooledge.org/BashFAQ/028
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This causes package_$pkgname() to be preferred over package() in the
non-split case, but the behavior if both functions exist was
undocumented anyway.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The biggest issue is directly supplying the data within the format
string which can result in misinterpreting formatter sequences if a
printed variable contains an "%" in it. This character is currently
permitted in the pkgver field, though not in the pkgname. Also
pacman/libalpm itself has much looser limitations and this can appear
anywhere at all if a package was created by some other program.
For the package "iambroke-1%s-1-any.pkg.tar.xz", installed in the build
environment, the result is:
-> Generating .BUILDINFO file...
awk: cmd. line:3: (FILENAME=- FNR=1085) fatal: not enough arguments to satisfy format string
`-1%s-1'
^ ran out for this one
Followed by a .BUILDINFO which contains an LC_ALL=C sorted list of
$pkgname-${epoch:+$epoch:}$pkgver-$pkgrel-$arch ending in:
installed = iambroke
Which is cut short, then fails to list the succeeding packages. The
package itself successfully builds.
It's also unnecessary to save the output of pacman -Qq in order to get the
information for pacman -Qi, since the latter will, just like the former,
return information for all installed packages if not given a package
name(s).
While I am at it, pipe this directly to awk rather than keeping a copy
in an unnecessary local variable. This is slightly more efficient in
addition to preventing the <<< herestring from re-interpreting the
content of "$pkginfos" in ways that don't really matter for our usage.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This reverts commit 9e52a36794552b77ecf26f7f34b226d096978f1e.
The change to use declare for the split package metadata backup/restore
resulted in variables being declared at a local scope. When these variables
were unset (mostly noticed with debug packaging) this left the variable at
global scope defined. Revert back to the known good state.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
When comparing the $BUILDDIR to the $startdir, we used string equality
instead of testing whether they are the same location, and ended up
appending $pkgbase even though there's no reason to use it here.
In some cases, this could result in makepkg erroring when trying to
create $srcdir/$pkgdir, if a file with the same name as the $pkgbase
exists. This is expected behavior if a file "src" or "pkg" exists, but
decidedly less so for $pkgbase.
This could be fixed either by setting $startdir to an absolute path, or
by ensuring the test checks this directly; I've chosen to do both, since
the test should really be correctly checking the thing it actually cares
about, but since we ensure absolute paths are used everywhere else, this
might bite us elsewhere someday. It's also more consistent.
Fixes FS#58865
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
It's especially dangerous in trap handlers since the return value of the
function becomes the return value of the last command before the trap,
not the last command in the current function. This applies to any
function executed in a trap handler, nested functions included.
In one case, install_packages failed (via return 14), which was inside a
conditional that then ran exit 14, which triggered the EXIT handler,
which called clean_up, which called remove_deps, which had !RMDEPS and
thus returned. The return value of remove_deps became the return value
of install_packages, triggering the ERR handler, which (due to another
problem) was still the user function handler, which then printed a
misleading error message and overrode the exit code with 4.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit 8ff03868a37b1f9c447784ae2fd639a49e426399 PACMAN_OPTS was
turned into an array. Unfortunately, that array was generated by
treating the "--color never" option as one string, instead of an
array of two strings...
Fixes FS#58820
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
$restoretrap is empty if the trap was not set. This caused the trap
handler to remain and override later exit codes.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac the write permission
checks were refactored. Initially we intended to drop this chmod in the
process, but due to some confusion about whether it was needed, I ended
up submitting patches both to preserve and to remove it... but it's not
needed after all. We do it on the individual $srcdir/$pkgdir, later on.
Then, we used the wrong version, which causes unnecessary restrictions.
See FS#58790
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Reported-by: Rafael Ascensão <rafa.almas@gmail.com>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit d8591dd3418d55c5736022ef003891fc03b953e0 when teaching
--packagelist to print the full filepath for built arches only, I forgot
to update the helptext at the same time as I updated the manpage.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit 5698d7b66daa2a0bc99cab7a989cef1c806c3bf6 a new non-root use of
pacman was added -- previously we used -T or -Qq, and run_pacman did not
know how to special-case -Qi to skip being prepended with sudo.
The result is:
-> Generating .BUILDINFO file...
ERROR: ld.so: object 'libfakeroot.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
[sudo] password for eschwartz:
-> Adding changelog file...
Fix this by using a more generic glob since neither -Q nor -T will ever
need sudo or PACMAN_OPTS
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Many of these are pointless (e.g. there is no need to explicitly turn on
spellchecking and language dictionaries for the manpages by default).
The only useful modelines are the ones enforcing the project coding
standards for indentation style (and "maybe" filetype/syntax, but
everything except the asciidoc manpages and makepkg.conf is already
autodetected), and indent style can be applied more easily with
.editorconfig
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Adding the architecture to the 'installed' elements of the .BUILDINFO
file makes it easier to retrieve the packages needed to reconstruct
the build environment.
Signed-off-by: Robin Broda <robin@broda.me>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Architecture information is required for repro tooling
This is a revised version of https://patchwork.archlinux.org/patch/475/
Signed-off-by: Robin Broda <robin@broda.me>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
micro-optimization: We only care about temporarily enforcing extglob, so
that is the only one we need to explicitly restore.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Some scripts are using `break 2` to break out of the option parsing
loop.
Since a single `break` is sufficient in these cases, remove the extra
argument.
Signed-off-by: Rafael Ascensão <rafa.almas@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Rather than manually crafting foo_backup in a loop and eval'ing them
with a complicated escape pattern, store every splitpkg_overrides
element into a single variable via the eval-friendly `declare` builtin.
An alternative to eval would be using `printf -v` but this does not work
for arrays.
This has the additional benefit of reducing the number of
variables/arrays floating around in the environment.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Currently the only things we check are:
- Things that should be arrays, are not strings, and vice versa (this
was mostly copy-pasted from the similar code in lint_pkgbuild).
- Variables that are meant to contain pathname components cannot contain
a newline character, because newline characters in pathnames are weird
and also don't play well with future changes intended for the
--packagelist option.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Followup on c6b04c04653ba9933fe978829148312e412a9ea7 which refactored
the signing function to run outside of fakeroot, and in the process
moved the status message to outside the $SIGNPKG check.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Additionally provide a separate error for failure to create the
directory vs lack of write permissions on a pre-existing directory.
This also means we now consistently try to create any nonexistent *DEST
directories as needed before aborting with E_FS_PERMISSIONS. Previously
only $BUILDDIR received that kindness.
Fixes FS#43537
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
make update-copyright OLD=2017 NEW=201
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
makepkg configures the umask 0022 as a sane default for building
packages. After installing dependencies, it sources `/etc/profile`
again. If the user configured a umask other than Arch's default of
0022 (or 022) in `/etc/profile`, this sane default is now gone and
needs to be set again.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
