This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The official devtools repository".
The branch, master has been updated
via be44b9cde15f3228839253c0c0d7d56c124c4e26 (commit)
via 7b0a11677a7c5a3a9490a1d7f30f590265db7689 (commit)
via 93dbb14ab9f99e0ac6077637e444e1662ff09bd5 (commit)
via 10c6efc440c732b70c1f11302777987cdf7e31de (commit)
via 8e4293034b1d29fde3bbcb8398d014674d27b97f (commit)
via b7893a2ca8e09062197129881bce3fd6700a573a (commit)
via bec29e632b8c33d35a7629ac2127c4a9c1465377 (commit)
via 70f3b8ddb84d8bbfb44d250188667bb7ba0b1db3 (commit)
via 5fcd90a212d332fa2900ba4b1a1c12e2ab55ea44 (commit)
via f6f4da26cbe57c1c64ca11ce960277942148135b (commit)
via 40a90e2cab479cc64903a62b42eb617a8a7e5842 (commit)
via 74a664194602edf042b38869858e5a601e7f91dd (commit)
via 69112171e5de910331e46cf3f848866550125024 (commit)
via c14338c0fe71a74f5e56b4f3af7c548fe0928e15 (commit)
via 8dbf95cdd4858cccf43f7f176b44a0c1121df07b (commit)
via 46d614d91a90a60839280060f736dc3be8445502 (commit)
via df0d6b867b289ed98c4b9e7ced817dee155feb4f (commit)
via 8f5a02b23ddb2491c13553cb71276bdd088f63ac (commit)
via e76d56047719c88351492ace896c5899a6786e14 (commit)
via 27ff286ee78eb2faac803e3ef67f3171ddfa0098 (commit)
via 2180aabc816aae1fb4bb7c341fee53fe48ffa98e (commit)
via 2f929c961f5a7a22e681055987af05f096a067e0 (commit)
via c2bbcbed64e70b1e92c697be2f17a050a8341f87 (commit)
via b7ce90fefc371b47c9036d36d741139a4dd8efe2 (commit)
via f52002955c9d1c0809fa31d91d398c5a1fdcee0a (commit)
via 58374246c4e32d14354345aef516d49207881ce2 (commit)
from f522ce2277100a147baa2656753231b14cf1f71d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit be44b9cde15f3228839253c0c0d7d56c124c4e26
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Thu Aug 8 19:58:23 2019 -0400
makechrootpkg: with -n, check if the package failed to install
We previously whitelisted this return code because split packages can
frequently conflict each other, so makepkg -i is *expected* to fail in
such a case. However, there is no good reason to let this succeed if the
pkgbase only builds one pkgname -- that will always be a severe issue.
Add a check for how many split
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 7b0a11677a7c5a3a9490a1d7f30f590265db7689
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Sat Aug 3 23:05:17 2019 -0400
makechrootpkg: make the -U option work for the first time ever
The -U option was initially introduced in commit
cda9cf436b2897b063c1e40efb144404aad8b821 in order to enable running
makechrootpkg as root, delegating to another, manually selected, user to
perform various non-root tasks (given that makepkg was modified to throw
fatal errors when run as root without the option of --asroot to disable
that). However, it was only ever implemented for the --verifysource
option outside of the chroot, and the builduser inside the chroot is
created with the same uid as the makechrootpkg invoker. It needs to run
as the same uid, because it needs rw access to $startdir and $SRCDEST!
Additionally this lets the invoking user more easily inspect the build
directory in case of problems...
The correct solution for this is to properly implement the initial
intention of the -U option, and make it override the autodetection of
the "invoking user" which is normally done by inspecting $SUDO_USER.
This is then used as the single source of truth for "who am I pretending
to be".
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 93dbb14ab9f99e0ac6077637e444e1662ff09bd5
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Tue Jul 30 20:05:49 2019 -0400
archrelease: actually fail in failure conditions
When svn ls fails due to network timeouts, this currently results in
archrelease deleting all files, then committing this as the changeset.
This causes data loss...
With bash 4.4 and using wait $! we can get return the return code of the
last backgrounded command -- which process substitution qualifies as.
Key off of this to make sure that `svn ls` actually succeeded.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 10c6efc440c732b70c1f11302777987cdf7e31de
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Mon May 20 14:10:35 2019 -0400
archbuild: prefer repo/arch-specific configs if they exist
When mixing and matching different repos and architectures not present
in mainline archlinux, it is sometimes desirable to set up differing
presets with more granularity than devtools currently allows.
One example of this is when building for architectures that are only
supported by another project -- in order to coexist on a mainline
archlinux host, a different mirrorlist needs to be used.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 8e4293034b1d29fde3bbcb8398d014674d27b97f
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Sun May 26 16:42:38 2019 -0400
makechrootpkg: also downgrade packages when updating chroots
Packages should never be getting downgraded... unless a package is
pulled from testing, e.g. for example if gcc9 totally breaks the linux
kernel. In such cases, the master repo says there is a downgrade, so
we'd better go with that. Basically, ensure that packages match the repo
they are being built against. Consistency at all costs!
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit b7893a2ca8e09062197129881bce3fd6700a573a
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Sun May 26 16:41:21 2019 -0400
makechrootpkg: when installing with -I, ensure package is installed
noconfirm is wrong here, as we don't want to accept the default answer
-- we want to install the new package, even if it conflicts and provides
an existing one. After all, we explicitly asked for it.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit bec29e632b8c33d35a7629ac2127c4a9c1465377
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Mon May 6 14:51:28 2019 -0400
arch-nspawn: unshare the gpg namespace to prevent zombie processes
gpg-agent is really annoying and leaves useless copies of itself around.
Using unshare ensures that all such processes are killed as soon as the
main gpg process dies.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 70f3b8ddb84d8bbfb44d250188667bb7ba0b1db3
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Mon May 6 14:10:21 2019 -0400
finddeps: suppress error messages for unreadable directories
If the find command cannot descend into a directory in order to search
for a PKGBUILD, it is likely a "$pkgdir" which makepkg sets as
unreadable. As far as finddeps is concerned, this error message is not
needed.
Also convert to using null-delimited paths on general principle to
prevent read from splitting on odd paths.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 5fcd90a212d332fa2900ba4b1a1c12e2ab55ea44
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Thu Mar 28 18:04:32 2019 -0400
makechrootpkg: accept arguments useful to verifysource
And pass them on to download_sources outside the chroot.
Fixes FS#35652
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit f6f4da26cbe57c1c64ca11ce960277942148135b
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Thu Mar 28 19:41:30 2019 -0400
makechrootpkg: fix breakage in makepkg option parsing
In commit bd826752c9dc8f01917ee831302b6220ad09603a, support for short
options was added to the heuristic for --noextract, but in the process,
we changed to loop over the set of user options plus the builtin
defaults for inside the chroot. This was wrong, as we only care about
the user options -- moreover, it prevents us from adding verifysource
support *outside* the chroot, for options that are also chroot options,
like --holdver.
Also remove uselessly duplicated line.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 40a90e2cab479cc64903a62b42eb617a8a7e5842
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Thu Mar 28 17:40:47 2019 -0400
ensure that sane umask is used where needed
If a user umask is restrictive, a chroot may be created as root without the
ability for the user to read it, which then causes makepkg
--verifysource to fail.
Do not set this in lib/common.sh, where it would apply to all scripts,
as we do not want to override the user's policy for things like $SRCDEST
files, svn checkouts, etc.
Fixes FS#47625
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 74a664194602edf042b38869858e5a601e7f91dd
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Thu Mar 28 16:54:09 2019 -0400
Escape paths with ":" that are passed to systemd-nspawn --bind
When parsing paths to automatically make available to the container, the
":" is used internally by systemd-nspawn to signify destinations in the
container. Replace automatically with "\:" for the mounts that we set
up, in order to safely handle a working directory etc. that contains
this character.
For bind options exposed to the user, it is assumed the user takes care
of passing systemd-nspawn compatible paths themselves.
Fixes FS#60845
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 69112171e5de910331e46cf3f848866550125024
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Thu Mar 28 16:38:50 2019 -0400
arch-nspawn: support bind-mounting custom file:/// repositories
Fixes FS#45882
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit c14338c0fe71a74f5e56b4f3af7c548fe0928e15
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Thu Mar 7 21:31:58 2019 -0500
checkpkg: implement comparison against alternative targets
This allows comparing the currently built set of packages against
targets named by filename, url, or pkgname. One example use is to
compare a package against a different version that was never in the
repos; another example use is to compare a *-git package against the
non-git version.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 8dbf95cdd4858cccf43f7f176b44a0c1121df07b
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Wed Feb 13 02:45:36 2019 -0500
makechrootpkg: check truthiness using shell arithmetic
Using the literal strings "true" and "false" is inaccurate and may
result in uncertainty of whether it is set when doing string comparison,
or simply rely on the shell implementation of treating the string as a
command builtin, then executing the value as a shell command. Emulate
makepkg, which makes heavy use of shell arithmetic for this purpose.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 46d614d91a90a60839280060f736dc3be8445502
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Wed Feb 13 02:23:51 2019 -0500
Revert "makechrootpkg: Have functions be more function-y."
This reverts (the bulk of) commit 2fd5931a8c67289a8a4acd327b3ce99a5d64c8c7.
Reducing globals makes little sense in in a oneshot bash script, but
reduces code clarity and in fact resulted in bugs because even the
commit author couldn't keep track of the script state.
An exit was changed to a return, even though that made no sense outside
of a function, and has been duly returned to being an exit. This was
never tested and later papered over by wrapping the entire script in a
main() function and then calling the function for hysterical raisins.
The functiony nature of sync_chroot/delete_chroot is preserved, as those
functions demonstrate meaningfully standalone functionality -- who
knows? we may want to reuse this. Everything else is tightly bound to
the internal logic of makechrootpkg.
Completely separate functionality that was silently implemented in the
original commit is also preserved:
- declare a couple of variables as locals
- move the abort-on-no-PKGBUILD outside the install_packages function
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit df0d6b867b289ed98c4b9e7ced817dee155feb4f
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Wed Feb 13 02:02:40 2019 -0500
Revert "makechrootpkg: Avoid having code floating around outside of a function."
This reverts commit 49088b0860276c664933c2b3e36a2fef714b7a07.
The fundamental intention was flawed and broken, it caused annoying
issues and regressions, and the self-avowed sole purpose of the change
was so that a downstream project could *post-modify the script and
source it as a library*.
That is not okay. You don't wrap non-factorable code in a function
called main() and call it a library. The only possible use for this is
to treat makechrootpkg *internals* as a library, which is not supported.
Downstream projects that wish to use the functionality of makechrootpkg
should treat makepkg as a command with a public API in the form of
command line options. That is kind of how commands of all kinds work,
since forever. That is how all users of makechrootpkg *except for
parabola* use it.
Arguments that "it saves us the cost of fork+exec to bash" are simply
invalid.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 8f5a02b23ddb2491c13553cb71276bdd088f63ac
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Wed Feb 13 01:32:03 2019 -0500
Don't rely on $0 to determine script names.
Programs can freely define the value of argv0 and thus it means nothing.
Instead, use the bash-specific variable explicitly designed to safely
and accurately reference the name of the currently sourced file.
This also fixes the case where simple debugging mechanisms like using
"bash -x foo" tried to treat "foo" as the unqualified $0 and therefore
broke horribly due to lack of pathnames.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit e76d56047719c88351492ace896c5899a6786e14
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Sat Dec 1 21:07:39 2018 -0500
Revert "mkarchroot: Don't let the environment affect pacstrap (sans proxy settings)."
This reverts commit 578a62f1e0713b0df9722470146fb85fb819202c.
mkarchroot is run as root (via check_root if needed) so the environment
should already be clean. If not, the user has broken their root
environment, and we cannot support this. It's unclear what environment
settings may or may not be messing with anything, ever, but the original
bug report happened on Parabola who perform extensive patching to
"libretools" such that the code no longer resembles devtools at all.
It's therefore likely any such bug is parabola specific, but we will
never know since the original commit message states that they don't know
why they do it either.
Parsing the user's entire exported environment via both sed and grep is
overkill for a non-bug, especially when it doesn't work for variables
declared -rx and doesn't work for things like:
export fooled_you=$'wow such hax\ndeclare -x http_proxy=lol'
Also if done properly this would rely on compgen -e to print all
exported shell variables. Or even better, loop through /proc/$$/environ
which is both null-delimited and easily parsed with the read builtin and
[[ ]]
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 27ff286ee78eb2faac803e3ef67f3171ddfa0098
Author: Brian Bidulock <bidulock(a)openss7.org>
Date: Sat Nov 18 22:53:37 2017 -0700
arch-nspawn should not take pacman cache from host
Previously, arch-nspawn was using the hosts' pacman cache in
the chroot even when the chroot was set up with a different
cache by mkarchroot, unless specified with the -c flag.
Problem is that makechrootpkg passes no -C, -M nor -c flags
to arch-nspawn, so all values must be obtained from the
working directory.
This change take the cache directories from the pacman.conf
specified with the -C option unless the -c option was given
(as is the case when the chroot is set up with mkarchroot),
and, when neither -C nor -c is given (as is the case when
invoked by makechrootpkg), the cache directory is taken
from the pacman.conf in the working directory.
This wasn't such an issue when i686 was mainline, however,
which building packages in a chroot against archlinux32 on
an x86_64 platform, the cache of the host should _never_ be
used.
Rebased by eschwartz on top of cachedir reworking.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 2180aabc816aae1fb4bb7c341fee53fe48ffa98e
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Sat Dec 1 19:36:23 2018 -0500
arch-nspawn: don't delete the guest gpg configuration
It's important to ensure the guest has up to date data because updating
a chroot after quite some time can potentially rely on updated
archlinux-keyring, something which the host machine either kept up to
date on or manually fixed, but it kills automation to mess around with
chroot configs like that. Alternatively, signed packages added with -I
need to work, and we assume the host is configured to accept these.
That is *not* a good reason to completely nuke whatever is in the guest,
though. A guest might have been manually configured to accept keys which
aren't accepted by the host; one example of this happening in practice,
is archlinux32 when building 32-bit packages from an archlinux host.
The right solution is to append to, rather thna overwrite, the chrooted
guest's pacman keyring.
To do this, we will use gpg's native facility to dump the keyring from
one GNUPGHOME and import it into another. We'd use pacman-key's --import
option directly, but this doesn't support passing custom options like
--import-options import-local-sigs
Finally use pacman-key's native facility to import the trust status from
the host.
While we are at it, fix a bug where we didn't respect the host's
pacman.conf settings for the GpgDir. While it isn't wildly likely a user
will choose to customize this, it is a valid and supported use case and
we must think about this ourselves.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 2f929c961f5a7a22e681055987af05f096a067e0
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Tue Aug 6 20:09:03 2019 -0400
fixup commit "arch-nspawn: get all mirrors from host"
In commit d9b73504484da7e185dc590ef13d5f31942f6051, a line was deleted
that had a shellcheck ignore marker, but the marker itself was left in
(and had nothing to do). So, remove it.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit c2bbcbed64e70b1e92c697be2f17a050a8341f87
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Tue Dec 4 18:06:44 2018 -0500
mkarchroot: don't create a broken chroot by default
It's incorrect to make pacman completely useless inside the chroot by
starting off with no pacman keyring. Assuming that the only consumers of
a new chroot will be arch-nspawn (which copies over the hostconf) is
bad design, and furthermore makes it impossible to fix other issues in
arch-nspawn itself.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit b7ce90fefc371b47c9036d36d741139a4dd8efe2
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Tue Oct 16 01:58:31 2018 -0400
makechrootpkg: load makepkg.conf variables correctly
Since makepkg.conf is a bash-compatible configuration file, it must be
sourced.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit f52002955c9d1c0809fa31d91d398c5a1fdcee0a
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Mon Oct 15 18:32:03 2018 -0400
Makefile: don't inject DESTDIR into the pkgdatadir
In commit 46c4def0733a78ce08702d188e3e1a141fb07316, we added support for
nonstandard PREFIX installations, but DESTDIR was and is never supposed
to be a part of that. While DESTDIR isn't terribly likely to be used
during `make all` invocations, that's no reason to break horribly if it
is used for some reason.
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
commit 58374246c4e32d14354345aef516d49207881ce2
Author: Eli Schwartz <eschwartz(a)archlinux.org>
Date: Sun Jun 10 17:20:48 2018 -0400
Migrate pacman.conf CacheDir parsing to pacman-conf
And while we're at it, make this more consistent. Currently we
unnecessarily support only one -c /path/to/cachedir option.
This requires slightly more thorough handling in mkarchroot to ensure
all custom cachedirs are passed on to arch-nspawn. Rework
to simply forward all arguments to arch-nspawn (minus final arguments
used for pacman -Sy packagelist).
Signed-off-by: Eli Schwartz <eschwartz(a)archlinux.org>
Signed-off-by: Levente Polyak <anthraxx(a)archlinux.org>
-----------------------------------------------------------------------
Summary of changes:
Makefile | 2 +-
arch-nspawn.in | 38 +++++---
archbuild.in | 21 ++--
archrelease.in | 15 +--
checkpkg.in | 25 ++++-
find-libdeps.in | 2 +-
finddeps.in | 2 +-
lib/archroot.sh | 2 +-
makechrootpkg.in | 290 +++++++++++++++++++++++++------------------------------
mkarchroot.in | 29 +++---
rebuildpkgs.in | 6 +-
11 files changed, 225 insertions(+), 207 deletions(-)
hooks/post-receive
--
The official devtools repository