By specifying multiple package files, we assume they are all from the same PKGBUILD, and try to check them all against the produced artifacts. Since the buildinfo should be comparable for all of them, we simply use the first one passed on the command line. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> --- doc/makerepropkg.1.asciidoc | 8 ++++++-- makerepropkg.in | 40 +++++++++++++++++++++---------------- 2 files changed, 29 insertions(+), 19 deletions(-) diff --git a/doc/makerepropkg.1.asciidoc b/doc/makerepropkg.1.asciidoc index 301b73e..0d7ddcb 100644 --- a/doc/makerepropkg.1.asciidoc +++ b/doc/makerepropkg.1.asciidoc @@ -7,12 +7,12 @@ makerepropkg - Rebuild a package to see if it is reproducible Synopsis -------- -makerepropkg [OPTIONS] <package_file> +makerepropkg [OPTIONS] <package_file>... Description ----------- -Given the path to a built pacman package, attempt to rebuild it using the +Given the path to a built pacman package(s), attempt to rebuild it using the PKGBUILD in the current directory. The package will be built in an environment as closely matching the environment of the initial package as possible, by building up a chroot to match the information exposed in the package's @@ -20,6 +20,10 @@ linkman:BUILDINFO[5] manifest. On success, the resulting package will be compared to the input package, and makerepropkg will report whether the artifacts are identical. +When given multiple packages, additional package files are assumed to be split +packages and will be treated as additional artifacts to compare during the +verification step. + This implements a verifier for pacman/libalpm packages in accordance with the link:https://reproducible-builds.org/[Reproducible Builds] project. diff --git a/makerepropkg.in b/makerepropkg.in index 60fee95..51c2dd2 100755 --- a/makerepropkg.in +++ b/makerepropkg.in @@ -117,10 +117,13 @@ check_root if [[ -n $1 ]]; then pkgfile="$1" - if ! bsdtar -tqf "${pkgfile}" .BUILDINFO >/dev/null 2>&1; then - error "file is not a valid pacman package: '%s'" "${pkgfile}" - exit 1 - fi + splitpkgs=("$@") + for f in "${splitpkgs[@]}"; do + if ! bsdtar -tqf "${f}" .BUILDINFO >/dev/null 2>&1; then + error "file is not a valid pacman package: '%s'" "${f}" + exit 1 + fi + done else error "no package file specified. Try '${BASH_SOURCE[0]##*/} -h' for more information. " exit 1 @@ -176,23 +179,26 @@ arch-nspawn "${buildroot}/${chroot}" \ --bind="${PWD}:/startdir" \ --bind="${SRCDEST}:/srcdest" \ /chrootbuild -C --noconfirm --log --holdver --skipinteg +ret=$? -if (( $? == 0 )); then +if (( ${ret} == 0 )); then msg2 "built succeeded! built packages can be found in ${buildroot}/${chroot}/pkgdest" msg "comparing artifacts..." - comparefiles=("${pkgfile}" "${buildroot}/${chroot}/pkgdest/${pkgfile##*/}") - if cmp -s "${comparefiles[@]}"; then - msg2 "Package successfully reproduced!" - exit 0 - else - warning "Package is not reproducible. :(" - sha256sum "${comparefiles[@]}" - if (( diffoscope )); then - diffoscope "${comparefiles[@]}" + for pkgfile in "${splitpkgs[@]}"; do + comparefiles=("${pkgfile}" "${buildroot}/${chroot}/pkgdest/${pkgfile##*/}") + if cmp -s "${comparefiles[@]}"; then + msg2 "Package '%s' successfully reproduced!" "${pkgfile}" + else + ret=1 + warning "Package '%s' is not reproducible. :(" "${pkgfile}" + sha256sum "${comparefiles[@]}" + if (( diffoscope )); then + diffoscope "${comparefiles[@]}" + fi fi - fi + done fi -# the package either failed to build, or was unreproducible -exit 1 +# return failure from chrootbuild, or the reproducibility status +exit ${ret} -- 2.24.1