index : devtools32 | |
Archlinux32 fork of devtools | gitolite user |
summaryrefslogtreecommitdiff |
-rw-r--r-- | makechrootpkg.in | 414 |
diff --git a/makechrootpkg.in b/makechrootpkg.in deleted file mode 100644 index 126d1da..0000000 --- a/makechrootpkg.in +++ /dev/null @@ -1,414 +0,0 @@ -#!/bin/bash -# -# SPDX-License-Identifier: GPL-3.0-or-later - -m4_include(lib/common.sh) -m4_include(lib/archroot.sh) - -source /usr/share/makepkg/util/config.sh - -shopt -s nullglob - -default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg) -makepkg_args=("${default_makepkg_args[@]}") -verifysource_args=() -chrootdir= -passeddir= -makepkg_user= -declare -a install_pkgs -declare -i ret=0 - -keepbuilddir=0 -update_first=0 -clean_first=0 -run_namcap=0 -run_checkpkg=0 -temp_chroot=0 - -bindmounts_ro=() -bindmounts_rw=() - -copy=$USER -[[ -n ${SUDO_USER:-} ]] && copy=$SUDO_USER -[[ -z "$copy" || $copy = root ]] && copy=copy -src_owner=${SUDO_USER:-$USER} - -usage() { - echo "Usage: ${0##*/} [options] -r <chrootdir> [--] [makepkg args]" - echo ' Run this script in a PKGBUILD dir to build a package inside a' - echo ' clean chroot. Arguments passed to this script after the' - echo ' end-of-options marker (--) will be passed to makepkg.' - echo '' - echo ' The chroot dir consists of the following directories:' - echo ' <chrootdir>/{root, copy} but only "root" is required' - echo ' by default. The working copy will be created as needed' - echo '' - echo 'The chroot "root" directory must be created via the following' - echo 'command:' - echo ' mkarchroot <chrootdir>/root base-devel' - echo '' - echo 'This script reads {SRC,SRCPKG,PKG,LOG}DEST, MAKEFLAGS and PACKAGER' - echo 'from makepkg.conf(5), if those variables are not part of the' - echo 'environment.' - echo '' - echo "Default makepkg args: ${default_makepkg_args[*]}" - echo '' - echo 'Flags:' - echo '-h This help' - echo '-c Clean the chroot before building' - echo '-d <dir> Bind directory into build chroot as read-write' - echo '-D <dir> Bind directory into build chroot as read-only' - echo '-u Update the working copy of the chroot before building' - echo ' This is useful for rebuilds without dirtying the pristine' - echo ' chroot' - echo '-r <dir> The chroot dir to use' - echo '-I <pkg> Install a package into the working copy of the chroot' - echo '-l <copy> The directory to use as the working copy of the chroot' - echo ' Useful for maintaining multiple copies' - echo " Default: $copy" - echo '-n Run namcap on the package' - echo '-C Run checkpkg on the package' - echo '-T Build in a temporary directory' - echo '-U Run makepkg as a specified user' - exit 1 -} - -# {{{ functions -# Usage: sync_chroot $chrootdir $copydir [$copy] -sync_chroot() { - local chrootdir=$1 - local copydir=$2 - local copy=${3:-$2} - - if [[ "$chrootdir/root" -ef "$copydir" ]]; then - error 'Cannot sync copy with itself: %s' "$copydir" - return 1 - fi - - # Get a read lock on the root chroot to make - # sure we don't clone a half-updated chroot - slock 8 "$chrootdir/root.lock" \ - "Locking clean chroot [%s]" "$chrootdir/root" - - stat_busy "Synchronizing chroot copy [%s] -> [%s]" "$chrootdir/root" "$copy" - if is_btrfs "$chrootdir" && ! mountpoint -q "$copydir"; then - subvolume_delete_recursive "$copydir" || - die "Unable to delete subvolume %s" "$copydir" - btrfs subvolume snapshot "$chrootdir/root" "$copydir" >/dev/null || - die "Unable to create subvolume %s" "$copydir" - else - mkdir -p "$copydir" - rsync -a --delete -q -W -x "$chrootdir/root/" "$copydir" - fi - stat_done - - # Drop the read lock again - lock_close 8 - - # Update mtime - touch "$copydir" -} - -# Usage: delete_chroot $copydir [$copy] -delete_chroot() { - local copydir=$1 - local copy=${1:-$2} - - stat_busy "Removing chroot copy [%s]" "$copy" - if is_subvolume "$copydir" && ! mountpoint -q "$copydir"; then - subvolume_delete_recursive "$copydir" || - die "Unable to delete subvolume %s" "$copydir" - else - # avoid change of filesystem in case of an umount failure - rm --recursive --force --one-file-system "$copydir" || - die "Unable to delete %s" "$copydir" - fi - - # remove lock file - rm -f "$copydir.lock" - stat_done -} - -install_packages() { - local -a pkgnames - local ret - - pkgnames=("${install_pkgs[@]##*/}") - - cp -- "${install_pkgs[@]}" "$copydir/root/" - arch-nspawn "$copydir" "${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \ - bash -c 'yes y | pacman -U -- "$@"' -bash "${pkgnames[@]/#//root/}" - ret=$? - rm -- "${pkgnames[@]/#/$copydir/root/}" - - return $ret -} - -prepare_chroot() { - (( keepbuilddir )) || rm -rf "$copydir/build" - - local builduser_uid builduser_gid - builduser_uid="$(id -u "$makepkg_user")" - builduser_gid="$(id -g "$makepkg_user")" - local install="install -o $builduser_uid -g $builduser_gid" - local x - - # We can't use useradd without chrooting, otherwise it invokes PAM modules - # which we might not be able to load (i.e. when building i686 packages on - # an x86_64 host). - sed -e '/^builduser:/d' -i "$copydir"/etc/{passwd,shadow,group} - printf >>"$copydir/etc/group" 'builduser:x:%d:\n' "$builduser_gid" - printf >>"$copydir/etc/passwd" 'builduser:x:%d:%d:builduser:/build:/bin/bash\n' "$builduser_uid" "$builduser_gid" - printf >>"$copydir/etc/shadow" 'builduser:!!:%d::::::\n' "$(( $(date -u +%s) / 86400 ))" - - $install -d "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest} - - sed -e '/^MAKEFLAGS=/d' -e '/^PACKAGER=/d' -i "$copydir/etc/makepkg.conf" - for x in BUILDDIR=/build PKGDEST=/pkgdest SRCPKGDEST=/srcpkgdest SRCDEST=/srcdest LOGDEST=/logdest \ - "MAKEFLAGS='${MAKEFLAGS:-}'" "PACKAGER='${PACKAGER:-}'" - do - grep -q "^$x" "$copydir/etc/makepkg.conf" && continue - echo "$x" >>"$copydir/etc/makepkg.conf" - done - - cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF -builduser ALL = NOPASSWD: /usr/bin/pacman -EOF - chmod 440 "$copydir/etc/sudoers.d/builduser-pacman" - - # This is a little gross, but this way the script is recreated every time in the - # working copy - { - printf '#!/bin/bash\n' - declare -f _chrootbuild - declare -p SOURCE_DATE_EPOCH 2>/dev/null || true - declare -p BUILDTOOL 2>/dev/null - declare -p BUILDTOOLVER 2>/dev/null - printf '_chrootbuild "$@" || exit\n' - - if (( run_namcap )); then - declare -f _chrootnamcap - printf '_chrootnamcap || exit\n' - fi - } >"$copydir/chrootbuild" - chmod +x "$copydir/chrootbuild" -} - -# These functions aren't run in makechrootpkg, -# so no global variables -_chrootbuild() { - # No coredumps - ulimit -c 0 - - # shellcheck source=/dev/null - . /etc/profile - - # Beware, there are some stupid arbitrary rules on how you can - # use "$" in arguments to commands with "sudo -i". ${foo} or - # ${1} is OK, but $foo or $1 isn't. - # https://bugzilla.sudo.ws/show_bug.cgi?id=765 - sudo --preserve-env=SOURCE_DATE_EPOCH \ - --preserve-env=BUILDTOOL \ - --preserve-env=BUILDTOOLVER \ - -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@" - ret=$? - case $ret in - 0|14) - return 0;; - *) - return $ret;; - esac -} - -_chrootnamcap() { - pacman -S --needed --noconfirm namcap - for pkgfile in /startdir/PKGBUILD /pkgdest/*; do - echo "Checking ${pkgfile##*/}" - sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log" - done -} - -download_sources() { - setup_workdir - chown "$makepkg_user:" "$WORKDIR" - - # Ensure sources are downloaded - sudo -u "$makepkg_user" --preserve-env=GNUPGHOME,SSH_AUTH_SOCK \ - env SRCDEST="$SRCDEST" BUILDDIR="$WORKDIR" \ - makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" || - die "Could not download sources." -} - -move_logfiles() { - local l - for l in "$copydir"/logdest/*; do - [[ $l == */logpipe.* ]] && continue - chown "$src_owner" "$l" - mv "$l" "$LOGDEST" - done -} - -move_products() { - local pkgfile - for pkgfile in "$copydir"/pkgdest/*; do - chown "$src_owner" "$pkgfile" - mv "$pkgfile" "$PKGDEST" - - # Fix broken symlink because of temporary chroot PKGDEST /pkgdest - if [[ "$PWD" != "$PKGDEST" && -L "$PWD/${pkgfile##*/}" ]]; then - ln -sf "$PKGDEST/${pkgfile##*/}" - fi - done - - move_logfiles - - for s in "$copydir"/srcpkgdest/*; do - chown "$src_owner" "$s" - mv "$s" "$SRCPKGDEST" - - # Fix broken symlink because of temporary chroot SRCPKGDEST /srcpkgdest - if [[ "$PWD" != "$SRCPKGDEST" && -L "$PWD/${s##*/}" ]]; then - ln -sf "$SRCPKGDEST/${s##*/}" - fi - done -} -# }}} - -while getopts 'hcur:I:l:nCTD:d:U:' arg; do - case "$arg" in - c) clean_first=1 ;; - D) bindmounts_ro+=("--bind-ro=$OPTARG") ;; - d) bindmounts_rw+=("--bind=$OPTARG") ;; - u) update_first=1 ;; - r) passeddir="$OPTARG" ;; - I) install_pkgs+=("$OPTARG") ;; - l) copy="$OPTARG" ;; - n) run_namcap=1; makepkg_args+=(--install) ;; - C) run_checkpkg=1 ;; - T) temp_chroot=1; copy+="-$$" ;; - U) makepkg_user="$OPTARG" ;; - h|*) usage ;; - esac -done - -[[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.' -[[ -n $makepkg_user && -z $(id -u "$makepkg_user") ]] && die 'Invalid makepkg user.' -makepkg_user=${makepkg_user:-${SUDO_USER:-$USER}} - -check_root SOURCE_DATE_EPOCH,BUILDTOOL,BUILDTOOLVER,GNUPGHOME,SRCDEST,SRCPKGDEST,PKGDEST,LOGDEST,MAKEFLAGS,PACKAGER - -# Canonicalize chrootdir, getting rid of trailing / -chrootdir=$(readlink -e "$passeddir") -[[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir" -[[ ! -d $chrootdir/root ]] && die "Missing chroot dir root directory. Try using: mkarchroot %s/root base-devel" "$chrootdir" - -if [[ ${copy:0:1} = / ]]; then - copydir=$copy -else - copydir="$chrootdir/$copy" -fi - -# Pass all arguments after -- right to makepkg -makepkg_args+=("${@:$OPTIND}") - -# See if -R or -e was passed to makepkg -for arg in "${@:$OPTIND}"; do - case ${arg%%=*} in - --skip*|--holdver) verifysource_args+=("$arg") ;; - --repackage|--noextract) keepbuilddir=1 ;; - --*) ;; - -*R*|-*e*) keepbuilddir=1 ;; - esac -done - -umask 0022 - -ORIG_HOME=$HOME -IFS=: read -r _ _ _ _ _ HOME _ < <(getent passwd "${SUDO_USER:-$USER}") -load_makepkg_config -HOME=$ORIG_HOME - -# Use PKGBUILD directory if these don't exist -[[ -d $PKGDEST ]] || PKGDEST=$PWD -[[ -d $SRCDEST ]] || SRCDEST=$PWD -[[ -d $SRCPKGDEST ]] || SRCPKGDEST=$PWD -[[ -d $LOGDEST ]] || LOGDEST=$PWD - -# Lock the chroot we want to use. We'll keep this lock until we exit. -lock 9 "$copydir.lock" "Locking chroot copy [%s]" "$copy" - -if [[ ! -d $copydir ]] || (( clean_first )); then - sync_chroot "$chrootdir" "$copydir" "$copy" -fi - -(( update_first )) && arch-nspawn "$copydir" \ - "${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \ - pacman -Syuu --noconfirm - -if [[ -n ${install_pkgs[*]:-} ]]; then - install_packages - ret=$? - # If there is no PKGBUILD we are done - [[ -f PKGBUILD ]] || exit $ret -fi - -if [[ "$(id -u "$makepkg_user")" == 0 ]]; then - error "Running makepkg as root is not allowed." - exit 1 -fi - -download_sources - -prepare_chroot - -if arch-nspawn "$copydir" \ - --bind="${PWD//:/\\:}:/startdir" \ - --bind="${SRCDEST//:/\\:}:/srcdest" \ - "${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \ - /chrootbuild "${makepkg_args[@]}" -then - mapfile -t pkgnames < <(sudo -u "$makepkg_user" bash -c 'source PKGBUILD; printf "%s\n" "${pkgname[@]}"') - move_products -else - (( ret += 1 )) - move_logfiles -fi - -(( temp_chroot )) && delete_chroot "$copydir" "$copy" - -if (( ret != 0 )); then - if (( temp_chroot )); then - die "Build failed" - else - die "Build failed, check %s/build" "$copydir" - fi -else - if (( run_checkpkg )); then - msg "Running checkpkg" - - mapfile -t remotepkgs < <(pacman --config "$copydir"/etc/pacman.conf \ - --dbpath "$copydir"/var/lib/pacman \ - -Sddp "${pkgnames[@]}") - - if ! wait $!; then - warning "Skipped checkpkg due to missing repo packages" - exit 0 - fi - - # download package files if any non-local location exists - for remotepkg in "${remotepkgs[@]}"; do - if [[ $remotepkg != file://* ]]; then - msg2 "Downloading current versions" - arch-nspawn "$copydir" pacman --noconfirm -Swdd "${pkgnames[@]}" - mapfile -t remotepkgs < <(pacman --config "$copydir"/etc/pacman.conf \ - --dbpath "$copydir"/var/lib/pacman \ - -Sddp "${pkgnames[@]}") - break - fi - done - - msg2 "Checking packages" - sudo -u "$makepkg_user" checkpkg --rmdir --warn --makepkg-config "$copydir/etc/makepkg.conf" "${remotepkgs[@]/#file:\/\//}" - fi - true -fi |