Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
it RW
A key aspect of libremakepkg is that it tries to be strict about many
things, in order to catch issues.
One issue is that sources are downloaded during build(), meaning that
they're missing from the .src.pkg.tar sourceball. So, by default
libremakepkg runs build() with networking disabled, to catch this
issue. If there is a problematic package, we have an -N flag to
enable networking, as an escape hatch; as we only have finite packager
time/effort.
One issue is when a package can't be rebuilt from the .src.pkg.tar
sourceball. If the PKGBUILD modifies itself, then it won't match
what's in the sourceball. This is what the
libremakepkg.bats:"libremakepkg does not run pkgver" test demonstrates
and tests-for; this failing demonstration testcase was added in
044b4e1 (test: libremakepkg: Add some failing tests [ci-skip],
2018-07-31, Luke Shumaker <lukeshu@lukeshu.com>). We solved by
mounting the $startdir read-only in 646ac02 (libremakepkg,chcleanup:
Be stricter about network access, 2018-08-03, Luke Shumaker
<lukeshu@lukeshu.com>). However, it turns out that this caused issues
for a few packages. So, this protection was reverted in a6f6ac4
(libremakepkg: fix building packages requring a rw startdir,
2019-05-17, Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>). This
is bad, it potentially lets many issues slip through undetected.
Instead, handle it like we do networking: Have the protection on by
default, say "PLEASE don't turn this off", but recognize the increased
cost in time and efforts and so provide the `-W` flag as an escape
hatch.
|
|
When leaving the fakeroot environment, the build fails with something like
kill: sending signal to 694 failed: No such process
/usr/bin/fakeroot: line 178: 686 User defined signal 1 FAKEROOTKEY=$FAKEROOTKEY LD_LIBRARY_PATH="$PATHS" LD_PRELOAD="$FAKEROOT_LIB" "$@"
What's happening is that:
1. the main makepkg process launches the `distcc-tool ideaemon`, which
binds to the TCP ports
2. then, the inferior in-fakeroot makepkg process tries to launch its own
`distcc-tool idaemon`, which immediately fails in the background
because it can't bind to those TCP ports.
3. Then, when the inferior in-fakeroot makepkg process exits it tries to
clean up after itself by `kill`ing the idaemon pid. This fails
because that pid died long ago.
I'm not entirely sure what broke it--I think either makepkg didn't used to
re-load makepkg.conf when entering the fakeroot environment, or Bash
`jobs -p` didn't used to list jobs that had terminated but hadn't been
`wait`ed for? IDK. Actually, the Bash one seems more likely.
Anyway, fix this by only launching the idaemon from the parent makepkg
process.
|
|
This documents all the contributions of the last few years, based on
the Git history.
|
|
Several packages require a read-write startdir:
- Some packages have a pkgver that is computed dynamically
through a pkgver function. This is the case for many packages
using git repositories. At the end of the package build, the
pkgver is automatically updated in the PKGBUILD, however,
without that fix that fails with libremakepkg as the PKGBUILD
was set read-only.
- Some packages like linux-libre are modifying the install=
script. This is done by creating a temporary install script
in the startdir that is then modified with sed. Once this is
done that install script is then dynamically selected.
As this also require to have read-write access to the
startdir to be read-write it fails to build the package if
it's not the case.
In both cases it's possible to modify the PKGBUILDs to
workaround the issue, however the Arch Linux distribution has
a read-write startdir, and modifying each affected packages
would significatively increase the cost (in time and efforts)
of maintaining Parabola.
This was broken by the commit 646ac0258c3295943778142468aadfe5b04ad6d1
("libremakepkg,chcleanup: Be stricter about network access").
Thanks to elibrokeit on the #parabola IRC channel on Freenode
for helping me identifying the cause of read-only mounts in
libremakepkg.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
"Ignore space change" might be helpful when viewing this diff.
|
|
"What is the alignment of the libremakepkg options section based on?", you
may ask. You'll see in the next commit!
|
|
- Drop `distcc-tool-idaemon.pid`; we can just check `jobs -p`
- _distcc_start_idaemon() and _distcc_stop_idaemon() are thereby
simplified to the point where they can just be inlined.
- Why did I keep doing `foo & wait`!?
- Don't forget to write DISTCC_HOSTS to makepkg.conf
- There was a typo in makepkg.conf; it said "_discc_start_idaemon"
|
|
I don't know what I was thinking when I wrote it that way.
For one, the "<&0" bit is a no-op. It redirects stdin to be stdin. Maybe
I had meant to write "<&-" and close it?
For two, just write it normally. It's simple enough, don't make it look
like magic.
|
|
- I'm pretty sure the "& trap 'jobs -p | xargs kill' EXIT; wait" bit is
100% superstition.
- Sprinkle `exec` in there to use fewer PIDs
- Don't bother with variables for short constant values, just hard-code
them
- Use `sleep infinity` instead of a dumb socat if we need to sleep
forever without doing anything.
|
|
|
|
This really messed me up while debugging, I don't want to fall for that
again!
|
|
The maximum socket name length is surprising short. So `cd` and use a
short relative path.
|
|
- `-A`: Comment out the `Include = /etc/pacman.d/*.conf` line that is
present in the /usr/share/pacman/defaults/ files since pacman
5.1.1-1.parabola4
- Pass --hookdir="$copydir/etc/pacman.d/hooks" to mkarchroot's pacman to
avoid inheriting the host's hooks.
https://bugs.archlinux.org/task/49347
I should maybe add tests for both of those things, but they both rely on
the actual contents of /etc/pacman.d/...
|
|
That file hasn't been created since 646ac025 (2018-08-04).
|
|
|
|
the chroot
The /bin/chcleanup file that it installs will clash with the package-owned
/usr/bin/chcleanup (since /bin is a symlink)
|
|
|
|
expect input
If stdin is a TTY, systemd-nspawn will create a proxy PTY, and pump the
data from real stdin through the proxy PTY. Because the PTY acts as a
buffer, that means that it eats stdin, EVEN IF THE PROGRAM DOESN'T ACTUALLY
READ IT. This is surprising to the user.
We can't know if the command to `librechroot run` is going to read from
stdin, but for most uses of librechroot we do know. So, set stdin to
/dev/null for those cases.
|
|
|
|
https://labs.parabola.nu/issues/431
|
|
|
|
This results in user confusion, like https://labs.parabola.nu/issues/1938
|
|
|
|
|
|
|
|
- Move a few lines around
- Add comments
- Don't bother checking [[ -n $TEXTDOMAIN ]]/TEXTDOMAINDIR, they're never
set.
- Put the pacman db at "$TEMPDIR/db", not "$TEMPDIR".
- Create a pacman=() variable for storing all of our scratch flags
- Drop the pkglist='' variable; expand it out where used
Altogether, there should be no user-visible changes here
|
|
|
|
This avoids something like a dep on 'systemd-tools' from resolving to
'notsystemd', causing a conflict with 'systemd' in 'base-devel', which
had the 'systemd-tools' dep already filled.
On the downside, this is much slower.
|
|
|
|
Objectives:
- Once the source package has been created, never run makepkg with
networking enabled again, so that we can be 100% sure that the source
package has all of the sources that we need.
- Don't let makepkg edit the PKGBUILD (eg. by evaluating pkgver())
User-facing changes:
- libremakepkg now disables networking during prepare()
- libremakepkg no longer runs pkgver()
- chcleanup (and thus `librechroot clean-pkgs`) now also installs packages
Technical description of changes:
- In devtools (and not really in this commit):
* No longer split /chrootprepare off of /chrootbuild. The point of
splitting it was that we'd have prepare() run from /chrootprepare
and the rest later run from /chrootbuild, so that we could leave
networking enabled during prepare() but not the rest. Now that we're
disabling networking during prepare(), that's pointless.
* Have download_sources create a source package (rather than having
/chrootbuild create the source package at the same time that we create
the binary package). We adjust the caller to temporarily set
SRCPKGDEST to a temporary directory, so that we can get the file and
control the filename when we move it in to the real SRCPKGDEST.
- Have chcleanup install the dependencies. If we used the traditional
`makepkg --sync` to install the dependencies, then we'd be breaking the
"no networking for makepkg after source package creation" objective.
chcleanup already has all of the logic necessary to accomplish this.
If there's a discrepancy in chcleanup behavior and makepkg behavior, and
makepkg thinks it needs to install something, then that just means we'll
have to fix the bug in chcleanup, instead of letting it go for more than
a year (*cough* https://labs.parabola.nu/issues/1311 *cough*).
- Use files extracted from the source package (rather than files found in
the current directory) to build the package.
- We mount the temporary directory containing the extracted source package
files read-only, to be sure that makepkg doesn't modify the PKGBUILD.
This is necessary because --holdver only disables pkgver() if it's a VCS
package.
|
|
|
|
|
|
|
|
Also, don't parse PKGBUILD ourself; use .SRCINFO to extract
information from the PKGBUILD.
|
|
|
|
db-import-pkg now makes sure that that doesn't happen.
|
|
libremakepkg defined a cleanup() function, which overrode
common.sh:cleanup(), which meant that common.sh:die() exited with a
'0' status.
|
|
Do this by syncing makepkg_args with makechrootpkg's
default_makepkg_args; recent devtools have makechrootpkg not copy the
keyring in to the chroot.
This incorporates 3 commits from Arch devtools:
7ca4eb82d (2017-05-02): add --holdver
0cbc179d2 (2017-07-13): use long options; `-s`→`--syncdeps`, `-L`→`--log`
75fdff181 (2017-07-13): add --skipinteg
|
|
|
|
I intend to have xbs-abs have separate libdir / libexecdir s.
|
|
This should have been in 314f2c9b1daac8c47d78754569a7310d0b77e22b.
|
|
in the light of my attempts to create a riscv64 parabola port, I would
like to see the following changes made to librechroot.
The patch removes the hard-coded arm cross arch checks in favour of a
more general approach, that works for more architectures. As a side
effect, this now also would behave correctly when creating x86 chroots
on arm, although why anyone would choose to do this is beyond me.
Reviewed-By: Luke Shumaker <lukeshu@parabola.nu>
[LS: Added quotes]
|
|
|
|
|
|
|
|
|