| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pentium4 is unknown to setarch - we must replace it by i686 if used as argument to setarch
|
|
|
|
(http[s]://mirror.url/path/$arch/$repo)
|
|
We had trouble in the past with not properly initialized keyrings.
This change aims at fixing this.
|
|
|
|
--verifysource"
|
|
non-x86_64-build, so we do not use any-packages from x86_64 mirrors, and cross-mount inside to /var/cache/pacman/pkg
|
|
pacman-staging-with-build-support-i686.conf: reorder repositories and add repo build-support for i686
|
|
|
|
|
|
This reverts commit 7259e7def07a5f6ee04a34db61a87361ad0b5ac7, except for commitpkg.in
|
|
|
|
|
|
If arch-nspawn is called with -C, pacman inside the chroot will use
the provided configuration file. This should also be the case for
$pacconf_cmd and pacman outside the chroot.
If arch-nspawn is called without -C, pacman inside the chroot will
use $workdir/etc/pacman.conf -- again, $pacconf_cmd and pacman
outside the chroot should use that, too. So lets just set $pac_conf
in that case.
For example, Arch Linux 32 provides separate pacman configurations
inside /usr/share/devtools which use /etc/pacman.d/mirrorlist32 as
mirrorlist for their build commands (extra-i686-build, etc.). This
way, we can build i686 and x86_64 packages on the same x86_64 host
with very minimal changes to devtools.
|
|
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Transform sogrep into an in-prog so we can benefit from the m4 macro
to specify valid repos in a single place of truth.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Lets prefer the explicit variant of gpg --verify by providing both, the
signature and the data file as parameters.
For the unlikely case there is a matching signature file already present
that was created outside of the toolchain and has an embedded signature
with data, we at least could detect it early with this check.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Several cases showed that we release packages that were built with
different PKGBUILDs than the one commited to the source tree. This is
bad for obvious reasons plus sploils reproducible builds.
We, under no circumstances, want to allow using commitpkg to publish and
release a packages whose PKGBUILD doesn't match the one to be commited.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
The unknown packager check didn't worked so far as the wrongly ordered
call to find_cached_package lead to the enclosing block never being
executed.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Sometimes its desired to be explicitly made aware of differences
reporter by checkpkg via printing a warning instead of a regular
message.
Automatically use --warn for makechrootpkg builds so packagers are made
visibly aware of a soname bump by simply looking out for colors
indicating non success messages.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
In some cases, like default makechrootpkg execution, the temporary
directory used to assemble the differences is not required. Add an
option to checkpkg that allows to get rid of that directory after
run and call it automatically like that in makechrootpkg.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Cache previous versions required for checkpkg via pacman to avoid
multiple downloads when running multiple times.
In case we can't download the packages, like while building out of repo
packages, print a warning instead of running checkpkg
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
|
|
This reverts commit be44b9cde15f3228839253c0c0d7d56c124c4e26.
This was a nice idea in theory, because it means that we can catch
conflicting files before releasing them into the repos. In practice,
there were unanticipated side effects: single-package installs which
conflict against their own makedepends cannot be installed either.
Examples include:
- kernel modules which makedepend on their dkms equivalent
- jack2, which makedepends/optdepends on portaudio, which requires
jack... but jack2 is a drop-in provides/conflicts jack.
We cannot reliably detect when makepkg --install will error out because
of dependency conflicts vs. packages which are simply broken. So, back
out this change for now.
Revisit this once pacutils has a new release, because it will add the
option --resolve-conflicts=all, allowing for much better scripted
responses to "foo conflicts with bar, remove bar? [y/N]" than simply
"--noconfirm and fail".
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
|
|
We previously whitelisted this return code because split packages can
frequently conflict each other, so makepkg -i is *expected* to fail in
such a case. However, there is no good reason to let this succeed if the
pkgbase only builds one pkgname -- that will always be a severe issue.
Add a check for how many split
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
The -U option was initially introduced in commit
cda9cf436b2897b063c1e40efb144404aad8b821 in order to enable running
makechrootpkg as root, delegating to another, manually selected, user to
perform various non-root tasks (given that makepkg was modified to throw
fatal errors when run as root without the option of --asroot to disable
that). However, it was only ever implemented for the --verifysource
option outside of the chroot, and the builduser inside the chroot is
created with the same uid as the makechrootpkg invoker. It needs to run
as the same uid, because it needs rw access to $startdir and $SRCDEST!
Additionally this lets the invoking user more easily inspect the build
directory in case of problems...
The correct solution for this is to properly implement the initial
intention of the -U option, and make it override the autodetection of
the "invoking user" which is normally done by inspecting $SUDO_USER.
This is then used as the single source of truth for "who am I pretending
to be".
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
When svn ls fails due to network timeouts, this currently results in
archrelease deleting all files, then committing this as the changeset.
This causes data loss...
With bash 4.4 and using wait $! we can get return the return code of the
last backgrounded command -- which process substitution qualifies as.
Key off of this to make sure that `svn ls` actually succeeded.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
When mixing and matching different repos and architectures not present
in mainline archlinux, it is sometimes desirable to set up differing
presets with more granularity than devtools currently allows.
One example of this is when building for architectures that are only
supported by another project -- in order to coexist on a mainline
archlinux host, a different mirrorlist needs to be used.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
Packages should never be getting downgraded... unless a package is
pulled from testing, e.g. for example if gcc9 totally breaks the linux
kernel. In such cases, the master repo says there is a downgrade, so
we'd better go with that. Basically, ensure that packages match the repo
they are being built against. Consistency at all costs!
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
noconfirm is wrong here, as we don't want to accept the default answer
-- we want to install the new package, even if it conflicts and provides
an existing one. After all, we explicitly asked for it.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
gpg-agent is really annoying and leaves useless copies of itself around.
Using unshare ensures that all such processes are killed as soon as the
main gpg process dies.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
If the find command cannot descend into a directory in order to search
for a PKGBUILD, it is likely a "$pkgdir" which makepkg sets as
unreadable. As far as finddeps is concerned, this error message is not
needed.
Also convert to using null-delimited paths on general principle to
prevent read from splitting on odd paths.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
And pass them on to download_sources outside the chroot.
Fixes FS#35652
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
In commit bd826752c9dc8f01917ee831302b6220ad09603a, support for short
options was added to the heuristic for --noextract, but in the process,
we changed to loop over the set of user options plus the builtin
defaults for inside the chroot. This was wrong, as we only care about
the user options -- moreover, it prevents us from adding verifysource
support *outside* the chroot, for options that are also chroot options,
like --holdver.
Also remove uselessly duplicated line.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
If a user umask is restrictive, a chroot may be created as root without the
ability for the user to read it, which then causes makepkg
--verifysource to fail.
Do not set this in lib/common.sh, where it would apply to all scripts,
as we do not want to override the user's policy for things like $SRCDEST
files, svn checkouts, etc.
Fixes FS#47625
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
|
When parsing paths to automatically make available to the container, the
":" is used internally by systemd-nspawn to signify destinations in the
container. Replace automatically with "\:" for the mounts that we set
up, in order to safely handle a working directory etc. that contains
this character.
For bind options exposed to the user, it is assumed the user takes care
of passing systemd-nspawn compatible paths themselves.
Fixes FS#60845
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
|
