mirror of
https://gitlab.alpinelinux.org/alpine/abuild.git
synced 2024-12-22 07:00:28 +00:00
15b6128a45
As demonstrated in b7813c3 (abump: demonstrate abump environment
polution, 2022-10-15), sourcing APKBUILDs in abump polutes it's
environment.
Address that by sourcing the APKBUILD in a subshell as well as some of
the checks following it that need the information from the APKBUILD.
That information is not used any later, it's not an issue that it's
discarded outside of the subshell.
144 lines
3.1 KiB
Bash
144 lines
3.1 KiB
Bash
#!/bin/sh
|
|
|
|
# abump - bump pkgver in APKBUILDs
|
|
# Copyright (c) 2012 Natanael Copa <ncopa@alpinelinux.org>
|
|
#
|
|
# Distributed under GPL-2.0-only
|
|
#
|
|
|
|
program_version=@VERSION@
|
|
sharedir=${ABUILD_SHAREDIR:-@sharedir@}
|
|
|
|
if ! [ -f "$sharedir/functions.sh" ]; then
|
|
echo "$sharedir/functions.sh: not found" >&2
|
|
exit 1
|
|
fi
|
|
. "$sharedir/functions.sh"
|
|
|
|
: ${ABUILD:="abuild"}
|
|
|
|
|
|
# version bump packages
|
|
do_bump() {
|
|
local p rc=0 notbumped="" name ver section message
|
|
local upgrade="${cvelist:+security }upgrade"
|
|
local a
|
|
for p; do
|
|
if [ $rc -gt 0 ]; then
|
|
notbumped="$notbumped $p"
|
|
continue
|
|
fi
|
|
name=${p%-[0-9]*}
|
|
ver=${p#${name}-}
|
|
if [ "$name" = "$ver" ]; then
|
|
die "version missing for $p"
|
|
fi
|
|
|
|
(
|
|
set -e
|
|
|
|
# calculate APKBUILD's path #vim syntax highlight '
|
|
if [ "${name#*/}" != "$name" ] && ! [ -d "$APORTSDIR/${name%/*}" ]; then
|
|
die "'$p' should be of form 'foo-1.2.3' or 'main/foo-1.2.3'"
|
|
fi
|
|
a=$(aports_buildscript "$name" ) \
|
|
|| die "can't find APKBUILD for $name"
|
|
|
|
# sourcing APKBUILDs should not affect the environment of abump
|
|
# so do that in a subshell, along with any checks that need the
|
|
# information from the APKBUILD.
|
|
(
|
|
# verify APKBUILD
|
|
. "$a" || exit 1
|
|
name=${name#*/}
|
|
[ "$pkgname" = "$name" ] \
|
|
|| die "APKBUILD has different \$pkgname for $name"
|
|
type package | grep -q function \
|
|
|| die "missing package() for $name"
|
|
if [ "$pkgver" = "$ver" ] && git diff-index --quiet HEAD -- "$a"; then
|
|
die "version is already $ver"
|
|
fi
|
|
)
|
|
|
|
cd "${a%/*}"
|
|
section=${PWD%/*}
|
|
section=${section##*/}
|
|
|
|
message="$section/$name: $upgrade to ${ver}${cvelist}"
|
|
if [ -n "$fixes" ]; then
|
|
message="$message
|
|
|
|
fixes #${fixes#\#}
|
|
"
|
|
fi
|
|
msg "$message"
|
|
|
|
sed -i -e "s/^pkgver=.*/pkgver=$ver/" \
|
|
-e "s/^pkgrel=.*/pkgrel=0/" \
|
|
APKBUILD
|
|
|
|
$ABUILD $abuild_opts checksum all
|
|
|
|
git add APKBUILD
|
|
git commit -m"$message"
|
|
)
|
|
rc=$?
|
|
if [ $rc -gt 0 ]; then
|
|
error "Failed to build $p"
|
|
fi
|
|
done
|
|
if [ -n "$notbumped" ]; then
|
|
error "Not bumped: $notbumped"
|
|
fi
|
|
return $rc
|
|
}
|
|
|
|
usage() {
|
|
cat <<-__EOF__
|
|
$program $program_version - bump pkgver in APKBUILDs
|
|
Usage: $program [-s CVE-1,CVE-2,...] [-f ISSUE] [-R|--recursive] [-k|--keep] PKGNAME-1.2.3 ...
|
|
Options:
|
|
-s, --security CVE1,CVE-2,... Security update
|
|
-f, --fixes ISSUE Fixes ISSUE
|
|
-k, --keep Run abuild with -k to keep existing packages
|
|
-q, --quiet
|
|
-h, --help Show this help
|
|
|
|
__EOF__
|
|
}
|
|
|
|
keep=
|
|
cvelist=
|
|
fixes=
|
|
|
|
args=$(getopt -o f:s:kqh --long fixes:,security:,keep,quiet,help \
|
|
-n "$program" -- "$@")
|
|
if [ $? -ne 0 ]; then
|
|
usage >&2
|
|
exit 2
|
|
fi
|
|
eval set -- "$args"
|
|
while true; do
|
|
case $1 in
|
|
-s|--security) cvelist=" ($2)"; shift;;
|
|
-f|--fixes) fixes="$2"; shift;;
|
|
-k|--keep) keep="-k";;
|
|
-q|--quiet) quiet=1;; # suppresses msg
|
|
-h|--help) usage; exit 0;;
|
|
--) shift; break;;
|
|
*) exit 1;; # getopt error
|
|
esac
|
|
shift
|
|
done
|
|
if [ $# -eq 0 ]; then
|
|
usage >&2
|
|
exit 2
|
|
fi
|
|
|
|
[ -n "$APORTSDIR" ] || error "can't locate \$APORTSDIR"
|
|
git rev-parse 2>/dev/null || die "not in a git tree"
|
|
|
|
abuild_opts="${ABUILD_OPTS- -r} $keep"
|
|
|
|
do_bump "$@"
|