- Added -B src:dest (like -b) but this makes bind mounts in
read-only mode.
- Get rid of setfsuid(), it's unnecessary.
- Make sure chrootdir is not '/', use realpath().
- Always set SECBIT_NOROOT, see capabilities(7).
- Do not mount recursively, right now this only mounts
/dev (ro), /dev/shm (rw), /sys (ro) and /proc (ro).
Previously any mount below any specific mount were recursively
mounted in chrootdir.
- Removed -a, this won't work due to dependency cycles between
host/target.
- Do the process in two steps: collect deps and then build.
- Cleaned up the whole code.
This commit implements multiple performance improvements
to the transaction code:
- Don't process xbps_pkg_name() N times each time we access
its package dictionary (via pkgdb or rpool), just do it once
at xbps_pkgdb_init() time. At pkgdb init time, it just creates
a property in pkgdb, "pkgname". At rpool time, each time a
package is accessed, the "pkgname" string property is added.
- The package transaction dictionary contains the "transaction"
object to know what's the pkg type. This has been changed to an
uint8, this simplifies the logic and it's faster than checking
a string object. See xbps_trans_type_t and xbps_transaction_pkg_type().
- Fixed the issue that was marked with XXX in transaction shlibs
checking code. This has been fixed and improved and resources are
now just freed as expected.
- Simplified random code all over the place, avoiding unnecessary
allocations or operations.
- Rename some transaction files to have a better description.
This is my first rototill to the code in 2020.
- Do not use nftw(3), this won't clean up the tree properly.
Rather use scandir(3) with alphasort, like xbps-create(1).
- Don't drop privs in the parent to make sure that the
temp overlayfs tree can be removed properly.
This fixes the issues while building go modules and others
with xbps-src.
The funcs xbps_pkg_name() and xbps_pkgpattern_name() were
using malloc(3) to return the result, until now.
They now have been changed to not allocate the result
via malloc, the caller is responsible to provide a buffer
at least of XBPS_NAME_SIZE (64).
If for whatever reason the pkgname can't be guessed,
returns false. This should avoid lots of small allocs
around libxbps.
New functions have the following prototype:
bool xbps_pkg_name(char *dst, size_t len, const char *pkg)
bool xbps_pkgpattern_name(char *dst, size_t len, const char *pkg)
as suggested by @duncaen.
The remount is done to use nosuid, but we can get
rid of the remount just because of this specific
option that does not have too much value for our
general usage (xbps-src).
Go modules seem to have too restrictive permissions on
its builddir, making xbps-uchroot(1) unable to remove
its directory tree due to insufficient permissions.
Run nftw() twice, the first run to set chmod 755, and
second run to remove the file.
Fixes `xbps-src -t` with any pkg that uses `build_style=go`.
This should avoid lots of temp dirs in the buildbot
builders while building go modules and others.
Added support to download all dependencies even
if the euid does not have write perms to rootdir.
In this mode we only care if cachedir is writable,
rootdir access is not necessary.
This is really useful to download all binary packages
required by any number of packages as any regular
user to later perform off-line installations, i.e:
```
$ xbps-install -c $PWD/cachedir -yD xbps
...
$ tree cachedir
cachedir/
├── acl-2.2.53_1.x86_64-musl.xbps
├── acl-2.2.53_1.x86_64-musl.xbps.sig
├── attr-2.4.48_1.x86_64-musl.xbps
├── attr-2.4.48_1.x86_64-musl.xbps.sig
├── bzip2-1.0.8_1.x86_64-musl.xbps
├── bzip2-1.0.8_1.x86_64-musl.xbps.sig
├── ca-certificates-20190110_1.noarch.xbps
├── ca-certificates-20190110_1.noarch.xbps.sig
├── libarchive-3.4.1_1.x86_64-musl.xbps
├── libarchive-3.4.1_1.x86_64-musl.xbps.sig
├── libcrypto45-3.0.2_2.x86_64-musl.xbps
├── libcrypto45-3.0.2_2.x86_64-musl.xbps.sig
├── liblz4-1.9.2_1.x86_64-musl.xbps
├── liblz4-1.9.2_1.x86_64-musl.xbps.sig
├── liblzma-5.2.4_2.x86_64-musl.xbps
├── liblzma-5.2.4_2.x86_64-musl.xbps.sig
├── libressl-3.0.2_2.x86_64-musl.xbps
├── libressl-3.0.2_2.x86_64-musl.xbps.sig
├── libssl47-3.0.2_2.x86_64-musl.xbps
├── libssl47-3.0.2_2.x86_64-musl.xbps.sig
├── libtls19-3.0.2_2.x86_64-musl.xbps
├── libtls19-3.0.2_2.x86_64-musl.xbps.sig
├── libxbps-0.57.1_8.x86_64-musl.xbps
├── libxbps-0.57.1_8.x86_64-musl.xbps.sig
├── libzstd-1.4.4_1.x86_64-musl.xbps
├── libzstd-1.4.4_1.x86_64-musl.xbps.sig
├── musl-1.1.24_1.x86_64-musl.xbps
├── musl-1.1.24_1.x86_64-musl.xbps.sig
├── run-parts-4.9.1_1.x86_64-musl.xbps
├── run-parts-4.9.1_1.x86_64-musl.xbps.sig
├── xbps-0.57.1_8.x86_64-musl.xbps
├── xbps-0.57.1_8.x86_64-musl.xbps.sig
├── xbps-triggers-0.113_3.noarch.xbps
├── xbps-triggers-0.113_3.noarch.xbps.sig
├── zlib-1.2.11_3.x86_64-musl.xbps
└── zlib-1.2.11_3.x86_64-musl.xbps.sig
0 directories, 36 files
$
```
Inpired by #213Closes#213
This was just setting the current date when the pkg
is being added to the repository index.
It does not make any sense, so get rid of it completely.
This "build-date" string obj needs to be added via
xbps-create(1) not xbps-rindex(1)!
Another step towards reproducability (#55)
When there's a new xbps update, xbps-install(1) will now return
EBUSY (16) and a message (if dry-run disabled) explaining
how to proceed.
If there's an update and transaction does not contain xbps, it will
error out unless the 'xbps' pkg is the only target pkg, i.e:
# xbps-install -Su
# echo $?
16
To update xbps, the only way to proceed is to explicitly declare
it as an update, i.e:
# xbps-install -u xbps
The dry-run mode will still show there's an xbps update.
Modified the existing test cases to satisfy the new behaviour.
Closes#166Closes#142
The '%n' pkgname fmt option still needs to be the sourcepkg
for xbps-src to work with no additional changes.
This restores previous behaviour, and uses binpkg's pkgname
while checking for pkgdb/repo.
Up until now `xbps-checkvers` would only check for the
real sourcepkg, this broke detection of binary packages
that are subpkgs.
Added a new test case.
Close#192