summaryrefslogtreecommitdiff
path: root/makechrootpkg.in
AgeCommit message (Collapse)Author
2019-04-01arch-nspawn: don't delete the guest gpg configurationv20190329Eli Schwartz
It's important to ensure the guest has up to date data because updating a chroot after quite some time can potentially rely on updated archlinux-keyring, something which the host machine either kept up to date on or manually fixed, but it kills automation to mess around with chroot configs like that. Alternatively, signed packages added with -I need to work, and we assume the host is configured to accept these. That is *not* a good reason to completely nuke whatever is in the guest, though. A guest might have been manually configured to accept keys which aren't accepted by the host; one example of this happening in practice, is archlinux32 when building 32-bit packages from an archlinux host. A simple solution is to use pacman-key's native facility to dump the known keys and trust status from one gpg configuration, and import it into another. Use this to append to, rather than overwrite, the chrooted guest's pacman keyring. While we are at it, fix a bug where we didn't respect the host's pacman.conf settings for the GpgDir. While it isn't wildly likely a user will choose to customize this, it is a valid and supported use case and we must think about this ourselves.
2019-04-01makechrootpkg: bend to allow running solely namcap via "*-build -- -- ↵Erich Eckner
--verifysource"
2019-03-25makechrootpkg: keep *DEST, MAKEFLAGS & PACKAGERMatt Robinson
If makechrootpkg is called as non-root, the {SRC,SRCPKG,PKG,LOG}DEST, MAKEFLAGS and PACKAGER environment variables are lost in the call to check_root(). Add these to the passed keepenv list so that they are preserved instead.
2019-01-22remove empty tree if "--verifysource" failedErich Eckner
makechrootpkg's download_sources() leaves a stray directory if "makepkg --verifysource" failed. We use "setup_workdir" instead of "mktemp -d", because this ensures the correct garbage collection. Signed-off-by: Erich Eckner <git@eckner.net>
2018-05-31makechrootpkg: whitelist return code 14 from makepkgEli Schwartz via arch-projects
makepkg 5.1 implements error codes, and 14 means that installing the packages after they were built has failed. We don't care about this error and would like makechrootpkg to succeed regardless, e.g. for split packages that are mutually exclusive. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2018-05-16Do not assume the makechrootpkg user's groupname is the same as the username20180528Eli Schwartz
chown support "$user:$group" but also "$user:" which infers $group rather than leaving it as root. This looks up the group name in cases where the default group is e.g. "users" and users do not get their own unique groups.
2018-05-13makechrootpkg: Do not copy the user keyring into the chroot.Eli Schwartz
Since commit 75fdff1811a0487f82c75b2e260da905102b4eea we no longer run integrity checks inside the chroot anyway, so this is no longer needed and will never be used.
2018-05-12makechrootpkg: add /etc/shadow entry for builduserEvangelos Foutras
Without it, sudo 1.8.23 will return an error: sudo: PAM account management error: Authentication service cannot retrieve authentication info
2018-03-24makechrootpkg: fix verifysource with pacman-gitEli Schwartz
In pacman-git commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac makepkg started checking that the setuid/setgid bit could be removed on the $BUILDDIR in order to prevent this propagating to the packages themselves. Unfortunately, this requires the temporary builddir used during the --verifysource stage of makepkg, to be owned by $makepkg_user which was not the case as it is created as root using mktemp (and given world rwx in addition to the restricted deletion bit.) Obviously makepkg cannot chmod a directory that it does not own. Fix this by making $makepkg_user the owner of that directory, as should have been the case all along. (Giving world rwx is illogical on general principle. The fact that this is a workaround for makepkg demanding these directories be writable even when they are not going to be used for the makepkg options in question, is not justification for being careless.) Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2018-03-24makechrootpkg: respect GNUPGHOMEEmiel Wiedijk
Previously, makechrootpkg hardcoded ~/.gnupg. Therefore, if a user uses a custom GPG home directory, the siganture checking would fail. Now makechrootpkg uses $GNUPGHOME, with a fallback to ~/.gnupg. Signed-off-by: Emiel Wiedijk <me@aimileus.nl>
2018-01-21makechrootpkg: make sure that makepkg.conf is always parsed as textBartłomiej Piotrowski
2018-01-21makechrootpkg: Adjust to work properly with `set -e`Luke Shumaker
This worked properly until eab5aba.
2018-01-21makechrootpkg: Fix anti-pattern when checking for enabled featuresEli Schwartz
Don't use error-prone logic e.g. foo=true; if $foo ... This completely fails to act as expected when the variable is unset because of unrelated bugs. While this merely causes the default behavior to be "false" rather than "true" in such cases, it is better to fail to enable explicitly requested behavior (which will be noticed by the user) than to simply upgrade to this behavior for free (which may not seem to have any obvious cause). Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2018-01-21makechrootpkg: Fix unconditionally running namcapEli Schwartz
Fixes regression in 2fd5931a8c67289a8a4acd327b3ce99a5d64c8c7 $run_namcap will always be set to "" `if $not_a_var; then ...; fi` is always truthful when $not_a_var is unset or equal to "" and the `then` clause will always be run. I'm not sure why global state variables need to be cloned locally for their sole explicit purpose. But for now this patch implements the minimum necessary work to properly pass the "do I want namcap" variable into prepare_chroot() according to the current logic flow. Note that I have still not thorougly tested makechrootpkg. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2017-12-27Revert "makechrootpkg: Reopen console to assign the CTTY"Evangelos Foutras
This reverts commit ddd508efc083fc9beb6f2c96e2537521b31c1e6f. The underlying bug (FS#56529) was fixed in glibc 2.26-9.
2017-11-22Support reproducible buildsEli Schwartz
Recent development versions of makepkg support reproducible builds through the environment variable SOURCE_DATE_EPOCH. Pass this variable through makechrootpkg to makepkg when available. Also initialize SOURCE_DATE_EPOCH whenever running archbuild to enforce reproducible builds for repository packages. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2017-10-30makechrootpkg: Fix function usage commentsLuke Shumaker
A couple of the comments noting which globals are used by functions are outdated/wrong. - download_sources() : Remove USER from the list. It was always wrong. Originally, it should have been SUDO_USER (not USER), but I should have removed it entirely in 4f23609. - move_products() : Add SRCPKGDEST to the list. Though the commit adding the comment was only recently upstreamed (as 2fd5931), it originated in 2013 in a commit that has since been rebased many times. Anyway, in this rebasing, it missed move_products() starting to pay attention to SRCPKGDEST in fd1be1b (since nothing made git think there was a "conflict").
2017-10-30makechrootpkg: move init_variables() to be part of main()Luke Shumaker
The reason it wasn't moved before was just to keep the diffs (with --ignore-all-space) smaller, to make merging and rebasing work easier. Moving code around in a file tends to make that difficult. But, readability wise, it belongs in main().
2017-09-14makechrootpkg: Reopen console to assign the CTTYJan Alexander Steffens (heftig)
nspawn does not give us a controlling terminal, hence we ignore interrupts. Apparently this was lost in systemd at some point. Hack around this by reopening the console to make it the controlling terminal.
2017-09-14makechrootpkg: Prevent collecting coredumpsJan Alexander Steffens (heftig)
Coredumps from build chroots are not generally useful. Prevent them from being generated. Avoids a lot of annoyance from the GCC testsuite spawning lots of systemd-coredump processes. Just set the soft limit so the user can still raise it in the PKGBUILD if they insist.
2017-08-24makechrootpkg: Also look for -e as --noextractJan Alexander Steffens (heftig)
2017-08-24makechrootpkg: Prevent removing build dir when --noextract specifiedMartchus
2017-07-13makechrootpkg: Skip integrity checks inside the chrootJan Alexander Steffens (heftig)
We've already done these during download_sources().
2017-07-13makechrootpkg: Use long args for makepkgJan Alexander Steffens (heftig)
Slightly more verbose, but also more understandable.
2017-07-13makechrootpkg: Move makepkg-as-root check to main()Jan Alexander Steffens (heftig)
download_sources(), while the first invocation of makepkg, is a rather odd place for this kind of guard.
2017-07-05makechrootpkg: Fix broken symlinks because of chroot SRCPKGDEST /srcpkgdestLuke Shumaker
Commit 58968cf fixed symlinks for package products in $startdir in light of the simplified chroot setup. However, a similar change needs to be made for source-package products. This was an easy omission to make because makechrootpkg does not produce source-pakcages by default.
2017-07-05Add `# shellcheck` directives to quiet shellcheck, add PKGBUILD.protoLuke Shumaker
The added PKGBUILD.proto file is so that shellcheck can know know what to expect that a PKGBUILD sets.
2017-07-05Quote strings that shellcheck warns about.Luke Shumaker
These changes are all strictly "slap some double-quotes in there". Anything more than that is not included in this commit.
2017-07-05Make purely stylistic changes to make shellcheck happier.Luke Shumaker
These are purely stylistic changes that make shellcheck complain less. This does NOT include things like quoting currently unquoted variables.
2017-07-05makechrootpkg: Add a comment warning about a bug in "sudo -i"Luke Shumaker
The bug isn't currently triggered, but I accidentally did trigger when I was trying to modify the command a bit. I figure a "caution" sign would be helpful to any future developers.
2017-07-05makechroot: download_sources: Accept makepkg_owner as an argumentLuke Shumaker
What this is really doing is fixing a conflict that I had incorrectly resolved when rebasing what became 2fd5931 onto cda9cf4. Of course, because of dynamic scoping, everything worked out, and everything worked as intended. Before cda9cf4, it was appropriate for download_sources to take src_owner as an argument, but after cda9cf4, it is now appropriate to take makepkg_user as an argument. However, it still takes src_owner as an argument, but pays 0 attention to it; instead looking at makepkg_user which it happily inherited because of dynamic scoping. So change it to take makepkg_user as the argument.
2017-07-05makechrootpkg: sync_chroot: Make more general.Luke Shumaker
This is inspired by the thought that went in to the delete_chroot is_subvolume commit. sync_chroot($chrootdir, $copydir) copies `$chrootdir/root` to `$copydir`. That seems a little silly; why do we care about "$chrootdir"? Have it just be sync_chroot(source, destination) like every other sync/copy command. Where this becomes tricky is check to decide if we are going to use btrfs subvolumes or not. We don't care if "$source/.." is on btrfs; the root could be a directly-mounted subvolume, but and the destination could be another subvolume of the same btrfs mounted somewhere else. The things we do care about are: - The source is a btrfs subvolume (so that we can snapshot it) - The source is on the same filesystem as the directory that the copy will be created in. - If the destination exists: * that it is not a mountpoint (so that we can delete and recreate it) * that it is a btrfs subvolume (so that we can quickly delete it) On the last point, it isn't necessary for creating the new snapshot, just for quick deletion. That can be a separate check, where we use regular `rm` for deleting the existing copy, but use subvolume snapshots for creating the new one.
2017-07-05makechrootpkg: sync_chroot: make usage easier to understand.Luke Shumaker
Also, shorten the "Synchronizing" message to only include the full path to the copy if it was specified. The capslocked variable names in the Usage comment were references to things in Parabola's tools, that didn't make much sense here out of context.
2017-07-05makechrootpkg: delete_chroot: Fix the is-btrfs-subvolume check.Luke Shumaker
First of all, it ran `is_btrfs "$chrootdir"` to decide if it was on btrfs, but $chrootdir wasn't defined locally; it just happens to work because $chrootdir was defined in main(). (I noticed this because in Parabola, it is called differently, so $chrootdir was empty). So I was tempted to just change it to `is_btrfs "$copydir"`, but if $copydir is just a regular directory on a btrfs filesystem, then it It would leave much of $copydir intact. What we really care about is if $copydir is a btrfs subvolume; which we can check by combining the is_btrfs check with inspecting the inum of the directory. I put this combined check in lib/archroot.sh:is_subvolume. https://lists.archlinux.org/pipermail/arch-projects/2013-September/003901.html
2017-04-17makechrootpkg: Avoid having code floating around outside of a function.Luke Shumaker
This means wrapping variable initialization in init_variables(), and the main program routine in main(). I did NOT put `shopt -s nullglob` in to a function. It make make sense to move init_variables() down into the main() function, instead of having it as a separate function up top (if this done, then the `-g` flag passed to `declare` in init_variables() can be dropped). However, in interest of keeping the `diff -w` small, and merges/rebases simpler, this isn't done here.
2017-04-09makechrootpkg: Delete chroot subvols recursively when using -TJan Alexander Steffens (heftig)
I overlooked this one. Fixes FS#53513.
2017-04-05makechrootpkg: Unindent as suggested in 2fd5931Jan Alexander Steffens (heftig)
2017-04-05makechrootpkg: Improve status messages.Luke Shumaker
In sync_chroot(), this makes the messages be a bit more precise with exactly which thing they are syncing where. This is based on my users expressing confusion at what is going on (especially when something is taking a long time, and they have to blame something for blocking). With these changes, I haven't gotten such confusion in a long time (but maybe my users just got used to it). In delete_chroot(), this changes "temporary copy" to "chroot copy", since in Parabola's version of the tools, the function can get called from other places, and it isn't necessarily operating on a temporary copy.
2017-04-05makechrootpkg: Adjust to have the functions work with `set -u`.Luke Shumaker
Even though main() doesn't call `set -u`; this way the functions will continue to work if copied into an environment with `set -u`, or so that we are ready if we ever want to start using `set -u`.
2017-04-05makechrootpkg: Have functions be more function-y.Luke Shumaker
Rather than them simply being named blocks of code with braces around them. That is: have them take things via arguments rather than global variables. Specific notes: - create_chroot->sync_chroot: I pulled out locking the destination chroot; getting that lock is now the caller's responsibility. It still handles locking the source chroot though. I pulled the `if [[ ! -d $copydir ]] || $clean_first;` check out; it is now the caller's responsibility to use that check when deciding if to call sync_chroot. However, when pulling that check out, I left it as `if true;`, to keep an indentation level. This patch has had to be rebased/merged many times, and changing the indentation is a sure way to make that go less smoothly; I'm not going to re-indent this block until I see the check removed in the git.archlinux.org/devtools.git repository. - install_packages: 1. Receive the list of packages as arguments, rather than a global variable. 2. Make the caller responsible for looking at PKGBUILD. From the name and arguments, one would never expect it to look at PKGBUILD.
2017-04-05makechrootpkg: install_pkg was an unused variableLuke Shumaker
2017-04-05makechrootpkg: Quote directory passed to `rm -rf`.Luke Shumaker
2017-04-05makechrootpkg: /chrootbuild: accept makepkg_args as arguments rather than ↵Luke Shumaker
embedding.
2017-04-05makechrootpkg: usage(): Display the actual default makepkg flags.Luke Shumaker
It was displaing the value of the `makepkg_args` variable, which may have already been changed by the argument parsing by the time it gets to `-h`. Now there is a separate `default_makepkg_args` variable.
2017-04-05Avoid using string interpolation; use printf format strings instead.Luke Shumaker
This involves extending the signature of lib/common.sh's `stat_busy()`, `lock()`, and `slock()`. The `mesg=$1; shift` in stat_busy even suggests that this is what was originally intended from it.
2017-04-05Add a "License:" tag to all code files.Luke Shumaker
In cases where there is no license specified, the file is tagged as "License: Unspecified". Obviously, that is not ideal, but it highlights the fact, and I hope that it encourages whoever has the authority to specify the license to do so. On that note, to anyone who may have the authority to specify the license of files in devtools: the current licence of many files is GPLv2 with no option for later versions; I impore you to re-license them to have the "or any later version" option.
2017-04-05lib/common.sh: add 'lock_close'; use it as appropriate.Luke Shumaker
`lock_close FD` is easier to remember than 'exec FD>&-`; and is especially easier if FD is a variable (though that isn't actually taken advantage of here). This uses Bash 4.1+ `exec {var}>&-`, rather than the clunkier `eval exec "$var>&-"` that was necessary in older versions of Bash. Thanks to Dave Reisner for pointing this new bit of syntax out to me the last time I submitted this (back in 2014, 4.1 had just come out).
2017-03-07archbuild/makechrootpkg: Delete subvolumes in rootsJan Alexander Steffens (heftig)
The systemd package creates a subvolume at /var/lib/machines (through tmpfiles), if it can. We need to delete this subvolume before we can delete the parent subvolume. Look through the root for inodes with the number 256. These identify subvolume roots.
2017-03-07lib/archroot.sh: Add is_btrfs helperJan Alexander Steffens (heftig)
2017-03-07lib/archroot.sh: Simplify check_rootJan Alexander Steffens (heftig)
Move the function and save the orig_argv right along it.