path: root/src/chroot-tools/librechroot
diff options
authorLuke Shumaker <>2018-08-03 00:25:24 -0400
committerLuke Shumaker <>2018-08-04 12:59:20 -0400
commit646ac0258c3295943778142468aadfe5b04ad6d1 (patch)
treec4e0695cae1c0e24dd3ea542d2ad7f63ad48a218 /src/chroot-tools/librechroot
parent044b4e16b9bdd2b3c6622af6216888ddf0a16644 (diff)
libremakepkg,chcleanup: Be stricter about network accessv20180804
Objectives: - Once the source package has been created, never run makepkg with networking enabled again, so that we can be 100% sure that the source package has all of the sources that we need. - Don't let makepkg edit the PKGBUILD (eg. by evaluating pkgver()) User-facing changes: - libremakepkg now disables networking during prepare() - libremakepkg no longer runs pkgver() - chcleanup (and thus `librechroot clean-pkgs`) now also installs packages Technical description of changes: - In devtools (and not really in this commit): * No longer split /chrootprepare off of /chrootbuild. The point of splitting it was that we'd have prepare() run from /chrootprepare and the rest later run from /chrootbuild, so that we could leave networking enabled during prepare() but not the rest. Now that we're disabling networking during prepare(), that's pointless. * Have download_sources create a source package (rather than having /chrootbuild create the source package at the same time that we create the binary package). We adjust the caller to temporarily set SRCPKGDEST to a temporary directory, so that we can get the file and control the filename when we move it in to the real SRCPKGDEST. - Have chcleanup install the dependencies. If we used the traditional `makepkg --sync` to install the dependencies, then we'd be breaking the "no networking for makepkg after source package creation" objective. chcleanup already has all of the logic necessary to accomplish this. If there's a discrepancy in chcleanup behavior and makepkg behavior, and makepkg thinks it needs to install something, then that just means we'll have to fix the bug in chcleanup, instead of letting it go for more than a year (*cough* *cough*). - Use files extracted from the source package (rather than files found in the current directory) to build the package. - We mount the temporary directory containing the extracted source package files read-only, to be sure that makepkg doesn't modify the PKGBUILD. This is necessary because --holdver only disables pkgver() if it's a VCS package.
Diffstat (limited to 'src/chroot-tools/librechroot')
1 files changed, 2 insertions, 1 deletions
diff --git a/src/chroot-tools/librechroot b/src/chroot-tools/librechroot
index 6db11a8..923b818 100755
--- a/src/chroot-tools/librechroot
+++ b/src/chroot-tools/librechroot
@@ -274,7 +274,8 @@ usage() {
flag 'clean-pkgs' 'Remove all packages from the chroot copy that
are not in base-devel, $CHROOTEXTRAPKG, or named
as a dependency in the file `/startdir/PKGBUILD`
- in the chroot copy'
+ in the chroot copy; and install all packages
+ that are.'
print ' Other:'
flag "run $(_ CMD...)" 'Run CMD in the chroot copy'
flag 'enter' 'Enter an interactive shell in the chroot copy'