diff options
author | bill-auger <mr.j.spam.me@gmail.com> | 2021-07-19 17:06:58 -0400 |
---|---|---|
committer | Andreas Grapentin <andreas@grapentin.org> | 2022-01-18 17:31:58 +0100 |
commit | 378b04548872e5632c7549485fa0a329be2dd372 (patch) | |
tree | 0f2fb5d4fb53363df09daf5399093205d8e6d7b9 | |
parent | 490d296453c42533dca93b1378edf1b3f7e3995d (diff) |
wip - multiple concernswip-2022-01
-rw-r--r-- | src/chroot-tools/chcleanup.in | 30 | ||||
-rwxr-xr-x | src/chroot-tools/libremakepkg | 13 | ||||
-rw-r--r-- | src/lib/conf.sh.in | 2 | ||||
-rwxr-xr-x | src/librefetch/librefetch | 143 | ||||
-rwxr-xr-x | src/librefetch/librefetchdir/libmakepkg/source.sh.gen | 4 |
5 files changed, 126 insertions, 66 deletions
diff --git a/src/chroot-tools/chcleanup.in b/src/chroot-tools/chcleanup.in index 89a25c4..65bfb15 100644 --- a/src/chroot-tools/chcleanup.in +++ b/src/chroot-tools/chcleanup.in @@ -66,9 +66,23 @@ fi # This is intentionally hard-coded. source /etc/libretools.d/chroot.conf # sets $CHROOTEXTRAPKG -# NOTE: ARM chroots require 'fakeroot-tcp' (BR #2775) +CHROOTPKG=( $( pacman -Sgq base-devel) ) +CHROOTPKG+=() # DEBUG: normally empty - mandatory core package-set +WHITELIST_PKGS=() # DEBUG: normally empty - optional packages, possibly insane + +# FIXME: ARM chroots require 'fakeroot-tcp' (BR #2775) +#CHROOTPKG+=( fakeroot-tcp ) # armv7h qemu fakeroot_pkg=fakeroot$( [[ "$(uname -m)" == 'armv7l' ]] && echo '-tcp' ) -CHROOTPKG=( $( pacman -Sgq base-devel | sed "s|fakeroot|${fakeroot_pkg}|" ) ) +CHROOTPKG=( ${CHROOTPKG[*]/fakeroot/${fakeroot_pkg}/} ) + +# FIXME: host<->chroot glibc mismatch +WHITELIST_PKGS+=( glibc-linux4 ) # BR #3038 +# $ wget https://repo.archlinuxcn.org/x86_64/glibc-linux4-2.33-4-x86_64.pkg.tar.zst.sig +# $ wget https://repo.archlinuxcn.org/x86_64/glibc-linux4-2.33-4-x86_64.pkg.tar.zst +# $ pacman-key --verify glibc-linux4-2.33-4-x86_64.pkg.tar.zst.sig +# $ sudo librechroot -n autobuilder install-file glibc-linux4-2.33-4-x86_64.pkg.tar.zst +# $ sudo cp glibc-linux4-2.33-4-x86_64.pkg.tar.zst* /var/lib/archbuild/autobuilder/bill-auger/ +# $ sudo librechroot -n autobuilder enter # If we're running makepkg if [[ -f ./PKGBUILD ]]; then @@ -132,10 +146,10 @@ done # This is done by installing those into a temporary pacman DB; # then querying the DB for it's complete package list. msg2 "Collecting the minimal set of packages needed ..." -"${pacman_cmd[@]}" -S --dbonly --noscriptlet --needed --noconfirm \ - -- ${CHROOTPKG[*]} ${CHROOTEXTRAPKG[*]} ${DEPENDS[*]} \ - <&- >& "$ERROR_PKGS_FILE" -if (( $? != 0 )); then +if ! "${pacman_cmd[@]}" -S --dbonly --noscriptlet --needed --noconfirm \ + -- ${CHROOTPKG[*]} ${CHROOTEXTRAPKG[*]} ${DEPENDS[*]} \ + <&- >& "$ERROR_PKGS_FILE" +then error "Could not create a full list of packages, exiting." plain "This is likely caused by a dependency that could not be found." sed 's/^/ > /' < "$ERROR_PKGS_FILE" >&2 @@ -159,9 +173,11 @@ fi # (via the libremakepkg '-I' option), and to exit otherwise, warning the user to upgrade. # If the '-I' option was detected (!SANE), the stale packages are added to the whitelist. "${pacman_cmd[@]}" -Qq > "$WHITELIST_PKGS_FILE" +# echo "${WHITELIST_PKGS[@]}" >> "$WHITELIST_PKGS_FILE" +cat >> "$WHITELIST_PKGS_FILE" <<<${WHITELIST_PKGS[@]} if (( ${#stale_pkgs[*]} > 0 )); then insane_msg_1="Some (%d) essential packages are out-of-sync with the database." - insane_msg_2="Consider upgrading the chroot system before building this package." + insane_msg_2="Consider upgrading the chroot system before building packages." if ! $SANE; then warning "$insane_msg_1" "${#stale_pkgs[*]}" ; plain "$insane_msg_2" ; plain "(ignoring, per the '-I' option)" ; diff --git a/src/chroot-tools/libremakepkg b/src/chroot-tools/libremakepkg index 3718166..945b8ae 100755 --- a/src/chroot-tools/libremakepkg +++ b/src/chroot-tools/libremakepkg @@ -110,6 +110,8 @@ chroot_cleanup() { } build() ( +DBG "libremakepkg::build() IN" + local copydir=$1 local srcpkg=$2 local repack=$3 @@ -134,11 +136,17 @@ build() ( fi $NONET || run_nnet=("${run_ynet[@]}") - prepare_chroot "$copydir" "$LIBREHOME" "$repack" false +DBG "libremakepkg::build() prepare_chroot" + + prepare_chroot "$copydir" "$LIBREHOME" "$repack" false # generates 'chrootbuild' + +DBG "libremakepkg::build() pre_build run_nnet=${run_nnet[*]}" run_hook pre_build "$copydir" trap "run_hook post_build ${copydir@Q}; rm -rf -- ${startdir@Q}" EXIT - "${run_nnet[@]}" /chrootbuild "${makepkg_args[@]}" </dev/null |& indent + "${run_nnet[@]}" /chrootbuild "${makepkg_args[@]}" < /dev/null |& indent + +DBG "libremakepkg::build() OUT" ) # The main program ############################################################# @@ -299,6 +307,7 @@ main() { msg 'Initializing the chroot...' librechroot "${librechroot_flags[@]}" make |& indent fi +DBG "libremakepkg::main() GUARD whoami=$(whoami) id=$(id)" ; return 1 # Set target CARCH # note that we waited until after locking/creating the chroot to do this diff --git a/src/lib/conf.sh.in b/src/lib/conf.sh.in index 110aa38..7b2e1ea 100644 --- a/src/lib/conf.sh.in +++ b/src/lib/conf.sh.in @@ -42,7 +42,7 @@ if [[ "$(id -u "${SUDO_USER:-root}")" == 0 ]]; then unset SUDO_USER fi LIBREUSER="${SUDO_USER:-$USER}" -REPOUSER="${REPOUSER:-LIBREUSER}" +REPOUSER="${REPOUSER:-$LIBREUSER}" if [[ -z "$LIBREHOME" ]]; then eval "LIBREHOME=~$LIBREUSER" fi diff --git a/src/librefetch/librefetch b/src/librefetch/librefetch index 19e6559..e9f07eb 100755 --- a/src/librefetch/librefetch +++ b/src/librefetch/librefetch @@ -36,6 +36,8 @@ source "$(librelib conf)" source "$(librelib messages)" +readonly SKIP_CREATE_SIGNATURE=1 # TODO: CLI option + setup_traps trap 'rm -f -- "${tmpfiles[@]}"; rm -rf -- "${tmpdirs[@]}"' EXIT @@ -50,39 +52,36 @@ usage() { print "Downloads or creates a liberated source tarball." echo prose "The default mode is to create OUTPUT_FILE, first by trying - download mode, then create mode." - echo - prose "If OUTPUT_FILE isn't specified, it defaults to the non-directory - part of SOURCE_URL, in the current directory." + 'download' mode, then 'create' mode." echo - prose "Unless '-C' is specified, if SOURCE_URL does not begin with a - configured mirror, create mode is inhibited." + prose "If no OUTPUT_FILE is specified, it defaults to the same filename + as SOURCE_URL, in the current directory. + The OUTPUT_FILE will be generated only if SOURCE_URL points to + a configured mirrorm or if the '-C' option given." echo - prose "In download mode, it simply tries to download SOURCE_URL. At the - beginning of a URL, 'libre://' expands to the first configured - mirror." + prose "In 'download' mode, the SOURCE_URL is fetched. A URL specifying the + 'libre://' protocol, expands to the first configured mirror." echo - prose "In create mode, it either looks at a build script and uses that - to create the source tarball, or it uses GPG to create a - signature (if OUTPUT_FILE ends with \`.sig\` or \`.sig.part\`). - If it is using GPG to create a signature, but the file which it is - trying to sign doesn't exist yet, it recurses on itself to first - create that file. SOURCE_URL is ignored, except that it is used - to set the default value of OUTPUT_FILE, and that it may be used - when recursing." + prose "In 'create' mode, the build recipe is sourced; and the libre + source-ball is generated using the 'mksource' sources, unless + OUTPUT_FILE indicates a signature file (\`*.sig\` or \`*.sig.part\`). + In the case of a signature file, the newly generated libre source-ball + is signed with GPG, unless the corrsponoding libre source-ball does + not yet exist. In that case, the script recurses on itself, to firstly + create the libre source-ball. SOURCE_URL is ignored in that case, + but is passed to the recursive call." echo prose "The default build script is 'PKGBUILD', or 'SRCBUILD' if it exists." echo - prose "Other options, if they are valid \`makepkg\` options, are passed - straight to makepkg." + prose "Valid \`makepkg\` options may be given, and will be passed to makepkg." echo print "Example usage:" print ' $ %s https://repo.parabola.nu/other/mypackage/mypackage-1.0.tar.gz' "$cmd" echo flag 'Options (behavior):' \ - "-C" "Force create mode (don't download)" \ - "-D" "Force download mode (don't create)" \ + "-C" "Force 'create' mode (don't download)" \ + "-D" "Force 'download' mode (don't create)" \ "-p <$(_ FILE)>" "Use an alternate build script (instead of 'PKGBUILD'). If an SRCBUILD exists in the same directory, it is used instead" @@ -108,6 +107,8 @@ main() { } doit() { +DBG "librefetch::doit() mode=$mode" + # Mode: help ########################################################### if [[ $mode =~ help ]]; then @@ -178,7 +179,7 @@ doit() { if [[ $mode =~ download ]]; then load_conf librefetch.conf MIRRORS DOWNLOADER || exit - # Canonicalize $src + # Canonicalize $src (libre:// faux protocol) if [[ "$src" == libre://* ]]; then src="${MIRRORS[0]}/${src#libre://}" fi @@ -202,12 +203,12 @@ doit() { dlcmd="${dlcmd//\%o/\"\$dst\"}" dlcmd="${dlcmd//\%u/\"\$src\"}" -#DBG "librefetch::doit() mode==download dlcmd=$dlcmd" +DBG "librefetch::doit(download) mode==download dlcmd=%s" "$(sed "s|\"\$dst\"|\"$dst\"| ; s|\"\$src\"|\"$src\"|" <<<$dlcmd)" if { eval "$dlcmd"; } >&2; then exit $EXIT_SUCCESS fi -#DBG "librefetch::doit() we did not exit success inmirror=$inmirror" +DBG "librefetch::doit(download) \$dlcmd failed - inmirror=$inmirror mode=$mode" fi # Mode: create ######################################################### @@ -216,34 +217,52 @@ doit() { # The recursive `makepkg` invokation processes a modified PKGBUILD (per PKGBUILD_APPEND). if [[ $mode =~ create ]]; then - local base_dst=${dst%.part} - local suffix=${dst#"$base_dst"} - local src_missing_msg="Libre source not found. Attempting to create it from upstream sources." - local done_msg="Libre source created successfully" + local final_dst="${dst%.part}" + local suffix=${dst#"$final_dst"} + local src_missing_msg="Libre source-ball not found. Attempting to create it from upstream sources." + local done_msg="Libre source-ball created successfully" + +DBG "librefetch::doit(create) dst=$dst final_dst=$final_dst suffix=$suffix" ; # DBG "PKGBUILD=" ; cat $srcbuild ; -DBG "librefetch::doit(create) dst=$dst base_dst=${base_dst} suffix=$suffix" ; # DBG "PKGBUILD=" ; cat $srcbuild ; + if [[ "$final_dst" == *.sig ]]; then # handle missing libre source-ball signature + local src_file=${src%.sig} + local out_file="${final_dst%.sig}" + +DBG "librefetch::doit(create) IS_SIG src_file=$src_file out_file=$out_file" - if [[ $base_dst == *.sig ]]; then # recurse to create the libre source-ball, if it does not yet exist - # the libre source-ball signature is deferred to librerelease - if ! [[ -e ${base_dst%.sig} ]]; then - extra_opts=("${src%.sig}" "${base_dst%.sig}") + if ! [[ -e "$out_file" ]]; then + extra_opts=("$src_file" "$out_file") msg2 "${src_missing_msg}" doit || exit fi -DBG "librefetch::doit(create) IS_SIG" -# set -x -# FIXME: there is a note about this signature in usage() -# create_signature "${base_dst%.sig}" || exit -# if [[ -n $suffix ]]; then - if [[ -n $suffix && -f "$base_dst" ]]; then -DBG "librefetch::doit(create) RENAME" - mv -f "$base_dst" "$dst" -DBG "librefetch::doit(create) RENAMED" +DBG "librefetch::doit(create) IS_SIG suffix=$suffix exists=$( [[ -f "$final_dst" ]] && echo t || echo f) is_newly_created=$( [[ -f "$LIBRE_SRCBALL_CREATION_MARKER" ]] && echo t || echo f)" # ; set -x +# WIP: 'create_signature' normally entails manual password confirmation. +# in the case that a libre source-ball was just created, +# the build machine will not necessarily be able to sign it; +# and 'create_signature' would fail here, as a fatal error. +# however, librerelease will sign all tarballs, if necessary; +# so the current WIP defers the signature to librerelease +# see file.sh::download_file() +# TODO: adjust the usage() note about this signature if necessary + if rm $LIBRE_SRCBALL_CREATION_MARKER 2> /dev/null; then +DBG "librefetch::doit(create) IS_SIG create_signature" +# create_signature "${final_dst%.sig}" || exit + create_signature "${final_dst%.sig}" || true # WIP: + +# TODO: renaming here is probably not necessary; +# because the caller (file.sh::download_file()) will do it. +# are there other callers which would not? + if [[ -n $suffix && -f "$final_dst" ]]; then + mv -f "$final_dst" "$dst" + fi + else +DBG "librefetch::doit(create) IS_SIG FAIL" + return 1 fi - else + else # create libre source-ball export PKGDEST=${dst%/*} export pkg_file=$dst @@ -251,7 +270,13 @@ DBG "librefetch::doit(create) PKGEXT=$PKGEXT cmd=\"$makepkg\" \"${makepkg_opts[@ cd "$BUILDFILEDIR" msg2 "${src_missing_msg}" - "$makepkg" "${makepkg_opts[@]}" -p "$srcbuild" >&2 && msg2 "${done_msg}" || exit + rm -f $LIBRE_SRCBALL_CREATION_MARKER + if "$makepkg" "${makepkg_opts[@]}" -p "$srcbuild" >&2; then + msg2 "${done_msg}" + cd - > /dev/null ; touch $LIBRE_SRCBALL_CREATION_MARKER ; + else + exit + fi fi fi @@ -419,24 +444,30 @@ modified_srcbuild() { create_signature() { local filename="$1" local gpg_cmd=( gpg --detach-sign --use-agent --no-armor ) + local gpg_disabled_msg="Defering libre source-ball signature." local gpg_signing_msg="Signing libre source-ball..." local gpg_created_msg="Created signature file:" - local gpg_remind_msg="Ensure that your GPG key is referenced in the PKGBUILD 'validpgpkeys' array." local gpg_failed_msg="Failed to sign the libre source-ball!" - local gpg_sign_msg="If you can not sign it now on this machine, you can take it home, and run librerelease on it." - local ret + local gpg_sign_msg="The libre source-ball will be signed by librerelease later." + local gpg_remind_msg="Ensure that your GPG key is referenced in the PKGBUILD, before running librerelease." + local ret=0 - if [[ -n "${GPGKEY}" ]]; then - gpg_cmd=( --local-user "${GPGKEY}" ) - fi + if (( SKIP_CREATE_SIGNATURE )); then + msg2 "${gpg_disabled_msg}" ; prose "${gpg_sign_msg} ${gpg_remind_msg}" ; + else - msg "${gpg_signing_msg}" - ${gpg_cmd[@]} "${filename}" &> /dev/null ; ret=$? ; + if [[ -n "${GPGKEY}" ]]; then + gpg_cmd=( --local-user "${GPGKEY}" ) + fi - if (( ! ret )); then - msg2 "%s %s." "${gpg_created_msg}" "${filename}.sig" ; plain "${gpg_remind_msg}" ; - else - error "${gpg_failed_msg}" ; plain "${gpg_sign_msg}" ; plain "${gpg_remind_msg}" ; + msg "${gpg_signing_msg}" + ${gpg_cmd[@]} "${filename}" &> /dev/null ; ret=$? ; + + if (( ! ret )); then + msg2 "%s %s." "${gpg_created_msg}" "${filename}.sig" ; prose "${gpg_remind_msg}" ; + else + warning "${gpg_failed_msg}" ; prose "${gpg_sign_msg} ${gpg_remind_msg}" ; + fi fi return ${ret} diff --git a/src/librefetch/librefetchdir/libmakepkg/source.sh.gen b/src/librefetch/librefetchdir/libmakepkg/source.sh.gen index 7d848c3..0f43b05 100755 --- a/src/librefetch/librefetchdir/libmakepkg/source.sh.gen +++ b/src/librefetch/librefetchdir/libmakepkg/source.sh.gen @@ -25,3 +25,7 @@ } s|DBG "source.sh::|DBG "source.sh<SPECIAL>::| + + +s|source "$LIBRARY/util/source.sh"|source "$LIBRARY/util/source.sh" ; DBG "source.sh<SPECIAL> LIBRARY=$LIBRARY"| +s|source "$lib"|DBG "source.sh<SPECIAL> source $lib" ; source "$lib"| |