diff --git a/makechrootpkg.in b/makechrootpkg.in index 862e6bc..c7baf4d 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -237,34 +237,8 @@ EOF # This is a little gross, but this way the script is recreated every time in the # working copy - cat >"$copydir/chrootbuild" <&1 | tee "/logdest/\${pkgfile##*/}-namcap.log" - done -fi - -exit 0 -EOF + printf $'#!/bin/bash\n%s\n_chrootbuild %q %q' "$(declare -f _chrootbuild)" \ + "$makepkg_args" "$run_namcap" >"$copydir/chrootbuild" chmod +x "$copydir/chrootbuild" } @@ -287,6 +261,46 @@ download_sources() { rm -rf $builddir } +_chrootbuild() { + # This function isn't run in makechrootpkg, + # so no global variables + local makepkg_args="$1" + local run_namcap="$2" + + . /etc/profile + export HOME=/build + shopt -s nullglob + + # Workaround makepkg disliking read-only dirs + ln -sft /srcdest /srcdest_host/* + ln -sft /startdir /startdir_host/* + + cd /startdir + + # Keep PKGBUILD writable for pkgver() + rm PKGBUILD* + cp /startdir_host/PKGBUILD* . + chown nobody PKGBUILD* + + # Safety check + if [[ ! -w PKGBUILD ]]; then + echo "Can't write to PKGBUILD!" + exit 1 + fi + + sudo -u nobody makepkg $makepkg_args || exit 1 + + if $run_namcap; then + pacman -S --needed --noconfirm namcap + for pkgfile in /startdir/PKGBUILD /pkgdest/*; do + echo "Checking ${pkgfile##*/}" + sudo -u nobody namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log" + done + fi + + exit 0 +} + move_products() { for pkgfile in "$copydir"/pkgdest/*; do chown "$src_owner" "$pkgfile"