With a recent change in apk [1], virtual packages of the same name will
upgrade each other. Adjust abuild to this by not using the same virtual
package name for two types of dependencies.
This fixes the way crosscompilers are built in postmarketOS [2], which
is essentially the same as running this on Alpine's gcc aport:
$ cd aports/main/gcc
$ C_TARGET_ARCH=armhf CTARGET=armv6-alpine-linux-musleabihf \
BOOTSTRAP=nobuildbase CBUILDROOT=/ abuild -r
...
>>> gcc-armhf: Installing for host:
(1/24) Upgrading .makedepends-gcc-armhf (20190714.104731 -> 20190714.104741)
(2/24) Purging binutils-armhf (2.31.1-r2)
...
[1] apk-tools.git 37fbafcd928c466c82c892a7868d686d710e5d07
("add: make virtual packages upgradeable (ref #9957)")
[2] https://gitlab.com/postmarketOS/pmaports/blob/master/cross/gcc-armhf/APKBUILD
Fixes: https://gitlab.alpinelinux.org/alpine/apk-tools/issues/10649
Before this change an invalid licence= in an APKBUILD will pass `abuild
sanitycheck`. '/usr/share/spdx/license.lst' contains one licence per line.
`grep -x` will match partial lines whereas `grep -w` will only match whole
lines.
An simple demonstration is with 'GPL-3.0' which is not a valid SPDX licence
identifier. 'GPL-3.0-only' and 'GPL-3.0-or-later' are valid licences.
```
$ grep --help
BusyBox v1.30.1 (2019-04-26 06:26:16 UTC) multi-call binary.
Usage: grep [-HhnlLoqvsriwFE] [-m N] [-A/B/C N] PATTERN/-e PATTERN.../-f FILE [FILE]...
Search for PATTERN in FILEs (or stdin)
✂
-w Match whole words only
-x Match whole lines only
✂
$ grep -w -F GPL-3.0 /usr/share/spdx/license.lst
GPL-3.0-only
GPL-3.0-or-later
$ grep -x -F GPL-3.0 /usr/share/spdx/license.lst
$
```
Not allowing --allow-untrusted is obviously a good idea, but it can be
trivially bypassed if --keys-dir is allowed:
$ abuild-apk add foo-1-r0.apk
ERROR: foo-1-r0.apk: UNTRUSTED signature
$ abuild-apk --allow-untrusted add foo-1-r0.apk
abuild-apk: --allow-untrusted: not allowed option
$ cp -rp /etc/apk/keys /tmp/keys
$ cp untrusted.pub /tmp/keys
$ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
(1/1) Installing foo (1-r0)
OK: 4319 MiB in 806 packages
If both --allow-untrusted and --keys-dir are not allowed, then it should
no longer be possible for an unprivileged member of the abuild group to
add an untrusted package.
$ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
abuild-apk: --keys-dir: not allowed option
Replace text in usage description of fetch that claims to verify sources
with a suggestion to use 'abuild fetch verify', which will actually
verify them.
'abuild fetch' alone will not verify sources, as it only executes the
fetch() function.
Since the obsolete 'cd "$builddir"' statements have been removed in [1],
build(), check() and package() can generate empty functions if no build
system is specified or if there is no default for the given build
system. newapkbuild will then fail, as it tries to parse the script it
generated:
$ cd /home/pmos && newapkbuild test
/usr/bin/abuild: /home/pmos/test/APKBUILD: line 18: syntax error: unexpected "}"
$ cat test/APKBUILD
...
build() {
}
...
Fix this by placing ":" in functions that would be empty.
[1]: f83d19ce79
Run the loop in a subshell via a pipe so we dont need a subshell for
each iteration.
Use `if ...; then` to make code slightly more readable.
Fix a whitespace before tab while at it.
- do not overwrite variables
srcdir is very important for abuild operation
- quoted various paths
- use a sub-shell to contain directory changing
Resolvesalpinelinux/abuild#58
Some projects might leave files which are not writable for the current
user. The cleanup process then fails and leaves files / directories
behind.
This can easily be fixed by making everything writable before removing
the files.
Add the option 'chmod-clean' which does just that.
Apparently there are many packages that does soemthing like:
subpackages="$pkgname-foo:_foo"
_foo() {
depends="$depends something-else"
}
and thus depend on the previous behavior. We need to revert and plan
this better.
This reverts commit 8fbbffd201.
Other subpackage such as -dev, -doc and even -openrc allow adjusting
depends of the subpackage through such a variable. This is, for
instance, useful to remove a dependency of the origin package from the
-libs subpackage.
While at it document it in APKBUILD(5).
