After further followups always moving all products isn't actually
desired as they can theoretically be broken in various ways if
arch-nspawn exists non successful.
However, as we would like to always preserve the produced log files we
instead split out the logfiles into an own function and call that for
unsuccessful buils.
Fixes 4f305aa3
Commit 09e169b741 changed the default
build host from dragon.archlinux.org to build.archlinux.org - match
in documentation.
Signed-off-by: Christian Hesse <mail@eworm.de>
We now accept:
1) # nothing
in which case we'll use the PKGBUILD to retrieve...
2) name, or repo/name
in which case we'll use pacman to cache the package and retrieve...
3) a filename
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Teach get_pkgfile to call itself in local-only mode and find a cached
file no matter what its extension is. Avoids repetitively trying to curl
random files, fail with 404 errors, and proceed to discover a cache hit
under a different file extension.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Since move_products() function is fairly robust we can make it run for
failed build also to expose logs for packages that fails in build(),
prepare() or package(). It also exposes partially packaged split
packages if they fail in latter package_xxx().
Building a package may change the PKGBUILD during update_pkgver. Let's
retrieve the PKGBUILD after building to ensure we have the very same
file as the one we used to build the package. Otherwise this may lead to
the inability to distribute the package during commitpkg in case the
expected and the actual hashsum mismatch.
First try a .zst location before falling back to legacy variants. This
should slightly speed up downloading of dependencies, especially over
time as .zst packages are or will be the dominant format.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This was incorrectly implemented in commit
0067176529, which added the host_mirrors
root directory as a cachedir, when we actually want to use the pool/*
subdirectories (the same ones installed on the build server's
/etc/pacman.conf).
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
We don't want to check against the current version known to the host
system, because that will be incorrect in a wide variety of situations,
including:
- the build host hasn't done a full system upgrade yet
- we're building against staging, and want to see the delta between
different staging versions
- we're building against extra, but the host runs testing which carries
changes we don't want to visualize right now
- the chroot has a configured database not available to the host, and
the package is only available there
Essentially, it's rarely 100% correct to run checkpkg on the host, but
we already have a database we *know* is correct, and that is the one we
just built the package against. So let's use that.
This also fixes a bug in the current logic, where in order to try
downloading fresh databases, we work in a non-cached temporary working
database to download the package files, but then let checkpkg default to
comparing packages in the system database. Since we are explicitly
trying to compare against packages that differ from the host's pacman
database, we need to pass the package files as options to checkpkg,
using the additional modes added in commit c14338c0fe
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Thanks to anthraxx for the guidance.
Original-patch-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
By specifying multiple package files, we assume they are all from the
same PKGBUILD, and try to check them all against the produced artifacts.
Since the buildinfo should be comparable for all of them, we simply use
the first one passed on the command line.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This ensures we take user specific config values for PKGDEST into
account when printing the package list. This is required as devtools
archbuild_cmd puts packages potentially into the user defined PKGDEST
which the package list would otherwise miss.
This fixes an issue with the usage of makepkg --packagelist to get the
produced artifacts filenames according to the PKGEXT used in devtools'
makepkg.conf instead of the one defined in pacman.
One goal we want to preserve is that devtools configuration should be
self contained and not require any editing of non owned files like
the host /etc/makepkg.conf to produce expected results.
Additionally modify the archbuild_cmd override for multilib builds to
use an independent variable and not fiddle with the actual arch
variable to select the appropriate cmd.
This ensures we use the same configuration for reproducing packages as
we use for building them via devtools.
One example of why we care about this are the COMPRESS* settings that
may differ from the guest's pacman shipped makepkg.conf that affect the
reproducibility of packages.
We don't want the default PKGEXT in the current version of devtools, we
want the PKGEXT we *know* the input file used.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
We need to modify the matching of valid package files to support formats
like zstd. Let's try to use an eager approach instead of a simple
whitelist in order to be functional for arbitrary formats that may be
introduced in the future without the need to adjust any code.
Allow any single fragment word as compression type but filter out known
non-package content like signature files.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
This means that the remote command died at some stage earlier than the
printing of created files.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Use pacman's --dbpath feature to sync fresh databases inside an isolated
location and split up the database sync and package location calls to
remove the need of weird grep calls.
It isn't nice of makechrootpkg to modify the host database state just by
building packages. No foreign program shall automatically modify
the host database other than by the explicit will of a system
maintainer, which is the major reason this changes get incorporated.
However, there is certain indoctrinated believe that using -Sy is
the prime evil. In fact it has been declared as a social rule to a
technical problem of not getting into potential partial upgrade states.
This is not a proper loophole less solution as there are multiple ways
and use cases that lead to such a state, like aborting a -Syu on the
prompt for whatever reason, what really matters is that it is not a
technically bullet proof solution to solve the problem.
Databases shall have the freedom to be as up to date as databases or
their owner wishes, allowing querying on latest database state without
fear. The only loophole-less contract that _really_ is from importance
is always using -Su instead of plain -S to install packages. Installing
packages is what actually brings one into a potential partial upgrade
state and by using -Su an outstanding upgrade is forced when installing
a new package. This properly solves all edge cases in a technical
manner instead of declaring people who abort the prompt of -Syu to be
the problem. In fact, using this simple contract allows whatever system
maintenance workflow a host owner wants to follow, which may still be to
always use -Syu and deal with system upgrades explicitly instead of the
time when installing new packages, but the -Su contract is the real safe
guard to guarantee no edge case can ever slip in. This magically also
opens up the freedom to people who wish to use -Sy to simply query on up
to date data as the currently indoctrinated "never do -Sy" stone plates
not only are not rock solid in technical terms but also make certain use
cases simply impossible and hence cripple the functionality without at
the very least being fully loophole free.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
For build servers or similar infrastructure its relatively common to not
sync/update the database regularly. This leads to problems properly
running checkpkg duo to nonexistent target files that we try to
download. As building on build servers is a very common use case, lets
ensure we sync the local database before trying to resolve the package
locations.
Avoid always trying to download and output the according message.
Add checks for packages either not being available in the repo or
all variants have up to date versions stored in the local cache.
This attempts to recreate a package that was probably created using
makechrootpkg, and see if it conforms to the
https://reproducible-builds.org/ specification.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
In commit 40a90e2cab we tried to protect
against system umasks resulting in unreadable chroots. However, we tried
to do this in a targeted manner due to not wanting to fiddle with
permissions for user-owned files. Unfortuantely, mkdir -p -m755 does not
actually work that way -- the parent directory is created with broken
permissions. We need umask.
Run umask and mkdir in a subshell to prevent leakage.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
In commit 75d23eec94 we moved to include
commitpkg arguments as the first line of the svn commit message, but we
simply dumped the result after the version number without separating the
two, increasing the cognitive burden of parsing the rationale. Since the
whole point of the change was to make it easier to see what happened
when using git log --oneline (reducing the cognitive burden of parsing
'pretty' output with author/date info), it makes sense to also delineate
the reason correctly.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Instead of comparing exact mirror urls to see if they are in
host_mirrors in order to "skip" the official mirrors
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Right now there is a bug in makepkg that leaves back an empty src
directory if SRCDEST is set. This is purely cosmetic, but lets just
politely try to rmdir it and fail silently if its empty or non-existent.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
It may be not enough to just listen on EXIT depending on the shell used
so lets make sure we clean up SRCPKGDEST by listening to more sigs.
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
- drop homebrew function in makechrootpkg
- use better mock to find invoking user's $HOME
- make offload-build respect makepkg.conf to determine where to sync
files, matching the behavior of makechrootpkg
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Levente Polyak
Christian Hesse
Eli Schwartz
bartoszek
Jelle van der Waa
Konstantin Gizdov
Robin Broda
Ivy Foster