abuild merge requestshttps://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests2023-04-16T14:43:54Zhttps://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/197abuild-rootbld: copy REPODEST value from host to chroot2023-04-16T14:43:54ZSören Tempelabuild-rootbld: copy REPODEST value from host to chrootOtherwise, if a different REPODEST is being used (e.g. due to
`buildrepo -d <repo-dest>`) then the abuild invocation in the
created chroot will not write packages to the correct REPODEST.
Therefore, `buildrepo -R -d` does presently not w...Otherwise, if a different REPODEST is being used (e.g. due to
`buildrepo -d <repo-dest>`) then the abuild invocation in the
created chroot will not write packages to the correct REPODEST.
Therefore, `buildrepo -R -d` does presently not work correctly.
This commit fixes this by also copying the REPODEST value from
the environment.
This fixes a regression introduced in 1582617eb8ba3df4752f8050f0412c0353c33fdf.https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/196abuild: fixup devhelp2023-04-14T10:27:51ZGhost Userabuild: fixup devhelp- -$pkgrel is wrong- this is an invalid version spec, the -r is missing
- depends="" should be unset inherited from the origin package- -$pkgrel is wrong- this is an invalid version spec, the -r is missing
- depends="" should be unset inherited from the origin packagehttps://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/195abuild: add support for -devhelp subpackges2023-04-14T08:48:54ZNatanael Copaabuild: add support for -devhelp subpackgesfixes https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/87fixes https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/87https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/194abuild: prune python cache dirs by default2023-04-14T09:13:55ZGhost Userabuild: prune python cache dirs by defaultthese will be generated post-install in a hook.
ref https://gitlab.alpinelinux.org/alpine/aports/-/issues/11906
ref https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/45936these will be generated post-install in a hook.
ref https://gitlab.alpinelinux.org/alpine/aports/-/issues/11906
ref https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/45936https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/193abuild: pass --no-warnings to apk index2023-04-14T05:56:22ZGhost Userabuild: pass --no-warnings to apk indexapk 2.14 now warns on missing deps in the same repo even with --quiet:
WARNING: No provider for the dependencies:
/bin/sh aardvark-dns abseil-cpp-dev acl acl-dev alsa-lib-dev android-tools aom-dev apache2 at-spi2-core at-spi2-core-dev...apk 2.14 now warns on missing deps in the same repo even with --quiet:
WARNING: No provider for the dependencies:
/bin/sh aardvark-dns abseil-cpp-dev acl acl-dev alsa-lib-dev android-tools aom-dev apache2 at-spi2-core at-spi2-core-dev atomicparsley attr attr-dev
audacious autoconf avahi avahi-dev aws-c-cal-dev aws-c-compression-dev aws-checksums-dev baloo-dev bash bc binutils binutils-dev black blas-dev bluezhttps://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/192abuild: Fix building with spaces in path2023-04-15T14:05:25ZMarian Buschsiewekeabuild: Fix building with spaces in path- Add a bunch of missing quotes to fix building in paths that contain
spaces
- Add a unit test case to detect regressions- Add a bunch of missing quotes to fix building in paths that contain
spaces
- Add a unit test case to detect regressionshttps://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/191newapkbuild: add gpep517 buildtype2023-05-24T00:09:08Zlauren n. liberdanewapkbuild: add gpep517 buildtypehttps://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/190Replace the rust install preset with an empty section2023-04-03T10:14:40Zbjorn3Replace the rust install preset with an empty sectionUsing install -Dm755 ... is preferable over cargo installUsing install -Dm755 ... is preferable over cargo installhttps://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/189abuild: scan for python3 version requirements2023-04-18T10:16:51ZMarian Buschsiewekeabuild: scan for python3 version requirementsPackages installing python3 site packages for python3 in version 3.x.y
depend on python3~3.x. This automatically adds the required
dependencies.
Note: ~~This currently depends on and includes https://gitlab.alpinelinux.org/alpine/abuild...Packages installing python3 site packages for python3 in version 3.x.y
depend on python3~3.x. This automatically adds the required
dependencies.
Note: ~~This currently depends on and includes https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/192~~ (https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/192 has been merged now)https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/188abuild: warn when p in pkgver should be _p2023-04-07T11:28:02ZNatanael Copaabuild: warn when p in pkgver should be _pwe have for example had sudo 1.9.5p2 which should have been
1.9.5_p2. Show a warning to avoid this in the future.we have for example had sudo 1.9.5p2 which should have been
1.9.5_p2. Show a warning to avoid this in the future.https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/187abuild: bwrap: use --new-session to mitigate TIOCSTI escape (CVE-2017-5226)2023-03-16T09:16:32ZAriadne Conillariadne@ariadne.spaceabuild: bwrap: use --new-session to mitigate TIOCSTI escape (CVE-2017-5226)Bubblewrap has an under-documented option which helps to protect against abuse
of TIOCSTI ioctls against the session PTY to escape the build sandbox, the
--new-session option.
Related: https://github.com/containers/bubblewrap/issues/555...Bubblewrap has an under-documented option which helps to protect against abuse
of TIOCSTI ioctls against the session PTY to escape the build sandbox, the
--new-session option.
Related: https://github.com/containers/bubblewrap/issues/555
Related: https://github.com/containers/bubblewrap/issues/142
Related: https://news.ycombinator.com/item?id=30825088
Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/186abuild.conf: add CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse2023-04-14T05:52:17ZJakub Jirutkaabuild.conf: add CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparseThis speeds up fetching of the crates index.
https://blog.rust-lang.org/inside-rust/2023/01/30/cargo-sparse-protocol.htmlThis speeds up fetching of the crates index.
https://blog.rust-lang.org/inside-rust/2023/01/30/cargo-sparse-protocol.htmlhttps://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/185abuild: use dummy checksum for local sources2023-04-09T12:04:21ZOliver Smithabuild: use dummy checksum for local sources```
Replace the checksum of local sources with dots, as we don't need to
verify the checksum for these files stored next to the APKBUILD inside
aports.git.
With this patch we no longer need to run "abuild checksum" after
modifying a loc...```
Replace the checksum of local sources with dots, as we don't need to
verify the checksum for these files stored next to the APKBUILD inside
aports.git.
With this patch we no longer need to run "abuild checksum" after
modifying a local source. I've seen a lot of times that this is not
intuitive for first time contributors, and even as long-time
contributor one may forget it. We can avoid the whole cycle of the
build breaking in CI because of this, developer getting notified,
fixing it and pushing again.
Furthermore this avoids conflicts inside sha512sums= when rebasing
patches with git, and makes no longer necessary to update the checksums
on each individual patch where local files are modified during rebase.
I've also considered omitting local sources from sha512sums, but
decided against it since it is useful to have an easy to parse list of
sources at the end of the APKBUILD. Both for humans so they can see what
sources= expands to after going through possibly various loops inside
the APKBUILD, and for scripts that can quickly get a list of sources
without running the APKBUILD in a shell (we have the latter use case in
pmaports CI to parse the files with Python).
Example:
sha512sums="
a37e042523bc46494d99d5637c3f3d8f9956d9477b748b3b1f6d7dfbb8d968ed52c932e88a4e946c6f77b8f48f1e1b360ca54c3d298f17193f3b4963472f6925 binutils-2.40.tar.xz
................................................................................................................................ binutils-ld-fix-static-linking.patch
................................................................................................................................ 0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch
"
```
EDIT: if reviewers agree that the checksum for local files is not useful, but would rather have it removed completely than using this dummy line: then I could adjust the patch accordingly
EDIT: https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/45391 adjusts the githookhttps://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/184abuild: validate entire pkg-config configuration, not just the version2023-03-16T16:50:57ZNewbyteabuild: validate entire pkg-config configuration, not just the versionReview very welcome. I'm not sure if my changes to the pkg-config provides system are acceptable.
Closes https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10076Review very welcome. I'm not sure if my changes to the pkg-config provides system are acceptable.
Closes https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10076https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/183abuild: ensure that pkgdesc is a single line2023-04-14T05:54:04ZJakub Jirutkaabuild: ensure that pkgdesc is a single lineIf pkgdesc containes a newline, abuild generates an invalid .PKGINFO.
See https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/44042If pkgdesc containes a newline, abuild generates an invalid .PKGINFO.
See https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/44042https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/182abuild: add default_pyc helper2023-04-18T13:27:34ZDominique Martinetabuild: add default_pyc helper```
Python by default pre-compiles cache files in __pycache__ directories,
which we currently happily install along in python packages.
Theses .pyc files are rather big and the time/space tradeoff could be
left to users if we just split...```
Python by default pre-compiles cache files in __pycache__ directories,
which we currently happily install along in python packages.
Theses .pyc files are rather big and the time/space tradeoff could be
left to users if we just split these out to a -pyc subpackage.
With this default_pyc helper, one can add $pkgname-pyc to their
package's subpackages and it will automatically split off the pyc files
in a package that will be automatically installed if the virtual 'pyc'
package is installed.
Note that this does not work so easily if there already were python
subpackages, the function could be adjusted to strip off the last dash
if required but that seems rather rare.
Random data, sizes:
- python3: currently 47MiB, split into 23M (main package) / 24M (pyc)
- py3-markdown: currently 700KiB, 368K (main) / 288K (pyc)
Random benchmark, with python3-pyc:
"python3 -c 'import time; print(time.strftime(\"%T\"))'"
Time (mean ± σ): 24.5 ms ± 2.5 ms [User: 18.4 ms, System: 6.0 ms]
Range (min … max): 19.4 ms … 28.9 ms 148 runs
without python3-pyc (same as user without root permissions, root would
generate files on first root, for reference this command generates 184KB
of pyc files):
-p 'rm -rf /usr/lib/python3.10/__pycache__ /usr/lib/python3.10/encodings/__pycache__' \
"python3 -c 'import time; print(time.strftime(\"%T\"))'"
Time (mean ± σ): 53.7 ms ± 4.3 ms [User: 39.3 ms, System: 14.3 ms]
Range (min … max): 47.0 ms … 65.6 ms 100 runs
Link: https://gitlab.alpinelinux.org/alpine/aports/-/issues/11906
Suggested-by: Alex Xu (Hello71) <alex_y_xu@yahoo.ca>
```
-----
If this gets merged I'll be happy to add a pyc virtual package in aports and add the subpackage to at least python3 itself, but need to start somewhere.https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/181abuild-rootbld: allow installing extra packages via config option2023-01-25T17:24:23ZSören Tempelabuild-rootbld: allow installing extra packages via config optionThis all started with me wondering why pigz was not used for compressing
generated tarballs with `abuild rootbld` even though I have it
installed. As it turns out, pigz is (by default) not installed within
the rootbld environment. In ord...This all started with me wondering why pigz was not used for compressing
generated tarballs with `abuild rootbld` even though I have it
installed. As it turns out, pigz is (by default) not installed within
the rootbld environment. In order to fix this, I propose a more general
feature where people can specify extra packages that should be
installed, within the environment created by `abuild rootbld`, via a
configuration option.
Apart from pigz, I also deem this useful for install debugging tools
e.g. strace or stuff like `cmd:sha512sum` for faster checksum
generation.https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/180abuild.conf: define format-security and int-conversion errors2023-04-14T06:38:24ZGhost Userabuild.conf: define format-security and int-conversion errorsformat-security warns of usage such as `printf(x)`, which is usually a
security hole.
int-conversion is very useful to find cases such as
```
error: assignment to 'const char *' from 'int' makes pointer from integer without a cast [-We...format-security warns of usage such as `printf(x)`, which is usually a
security hole.
int-conversion is very useful to find cases such as
```
error: assignment to 'const char *' from 'int' makes pointer from integer without a cast [-Werror=int-conversion]
msg = strerror_r(errnum, buf, buflen);
```
where the usage of things like the wrong strerror_r are legitimate
errors in the application that cause it to crash. it makes more sense
for the compiler to reject it instead, and this does that.https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/179abuild-rootbld: clear environment for bwrap container2023-04-16T14:50:48ZSören Tempelabuild-rootbld: clear environment for bwrap containerOtherwise, user-set environment variables can leak into the container
and cause spurious build/test failures. A common example is the value of
the SHELL environment variable which is used by a lot of software.
Outside of the bwrap contai...Otherwise, user-set environment variables can leak into the container
and cause spurious build/test failures. A common example is the value of
the SHELL environment variable which is used by a lot of software.
Outside of the bwrap container I use ksh and my SHELL environment
variable points to /bin/ksh, however, inside the container /bin/ksh is
not available and hence software relying on $SHELL doesn't work
properly. This can cause annoying to debug test failures, e.g. https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/43430.https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/178abuild: remove use of svnurl2023-01-10T16:49:08ZNatanael Copaabuild: remove use of svnurlNot used by anything in aportsNot used by anything in aports