diff options
author | Luke Shumaker <lukeshu@lukeshu.com> | 2018-08-03 00:25:24 -0400 |
---|---|---|
committer | Luke Shumaker <lukeshu@lukeshu.com> | 2018-08-04 12:59:20 -0400 |
commit | 646ac0258c3295943778142468aadfe5b04ad6d1 (patch) | |
tree | c4e0695cae1c0e24dd3ea542d2ad7f63ad48a218 /COPYING-GPLv2 | |
parent | 044b4e16b9bdd2b3c6622af6216888ddf0a16644 (diff) |
libremakepkg,chcleanup: Be stricter about network accessv20180804
Objectives:
- Once the source package has been created, never run makepkg with
networking enabled again, so that we can be 100% sure that the source
package has all of the sources that we need.
- Don't let makepkg edit the PKGBUILD (eg. by evaluating pkgver())
User-facing changes:
- libremakepkg now disables networking during prepare()
- libremakepkg no longer runs pkgver()
- chcleanup (and thus `librechroot clean-pkgs`) now also installs packages
Technical description of changes:
- In devtools (and not really in this commit):
* No longer split /chrootprepare off of /chrootbuild. The point of
splitting it was that we'd have prepare() run from /chrootprepare
and the rest later run from /chrootbuild, so that we could leave
networking enabled during prepare() but not the rest. Now that we're
disabling networking during prepare(), that's pointless.
* Have download_sources create a source package (rather than having
/chrootbuild create the source package at the same time that we create
the binary package). We adjust the caller to temporarily set
SRCPKGDEST to a temporary directory, so that we can get the file and
control the filename when we move it in to the real SRCPKGDEST.
- Have chcleanup install the dependencies. If we used the traditional
`makepkg --sync` to install the dependencies, then we'd be breaking the
"no networking for makepkg after source package creation" objective.
chcleanup already has all of the logic necessary to accomplish this.
If there's a discrepancy in chcleanup behavior and makepkg behavior, and
makepkg thinks it needs to install something, then that just means we'll
have to fix the bug in chcleanup, instead of letting it go for more than
a year (*cough* https://labs.parabola.nu/issues/1311 *cough*).
- Use files extracted from the source package (rather than files found in
the current directory) to build the package.
- We mount the temporary directory containing the extracted source package
files read-only, to be sure that makepkg doesn't modify the PKGBUILD.
This is necessary because --holdver only disables pkgver() if it's a VCS
package.
Diffstat (limited to 'COPYING-GPLv2')
0 files changed, 0 insertions, 0 deletions