Commit Graph

1539 Commits

Author SHA1 Message Date
Natanael Copa a0eca745c6 ==== release 3.11.0_rc1 ==== 2023-04-14 11:09:15 +02:00
ptrcnull 306e615683 abuild: add a local repository for every remote one in rootbld
Fixes #10071
2023-04-14 09:01:12 +00:00
Sören Tempel 1582617eb8 abuild-rootbld: clear environment for bwrap container
Otherwise, user-set environment variables can leak into the container
and cause spurious build/test failures. A common example is the value of
the SHELL environment variable which is used by a lot of software.
Outside of the bwrap container I use ksh and my SHELL environment
variable points to /bin/ksh, however, inside the container /bin/ksh is
not available and hence software relying on $SHELL doesn't work
properly. This can cause annoying to debug test failures, e.g. !43430.
2023-04-14 09:00:33 +00:00
psykose 489fc06e40 abuild: prune python cache dirs by default
these will be generated post-install in a hook.

ref https://gitlab.alpinelinux.org/alpine/aports/-/issues/11906
2023-04-14 08:56:48 +00:00
Sören Tempel ddc6f42ddc abuild: allow building x86 binaries with qemu-i386 using rootbld 2023-04-14 08:54:26 +00:00
Natanael Copa 396e6e2737 abuild: add support for -devhelp subpackges
fixes https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/87
2023-04-14 08:44:48 +00:00
Timothy Legge 7dc9c33c88 apkbuild-cpan.in: remove perl-dev as a makedepends default 2023-04-14 06:41:14 +00:00
psykose ca8375f0e9 abuild.conf: define format-security and int-conversion errors
format-security warns of usage such as `printf(x)`, which is usually a
security hole.

int-conversion is very useful to find cases such as

```
error: assignment to 'const char *' from 'int' makes pointer from integer without a cast [-Werror=int-conversion]
 msg = strerror_r(errnum, buf, buflen);
```

where the usage of things like the wrong strerror_r are legitimate
errors in the application that cause it to crash. it makes more sense
for the compiler to reject it instead, and this does that.
2023-04-14 06:37:15 +00:00
Jingyun Hua 4258b204fe Update config.guess, config.sub, to 2021-06-03
Signed-off-by: Jingyun Hua <huajingyun@loongson.cn>
2023-04-14 08:35:48 +02:00
Alex Xu (Hello71) 00eacb1468 abuild.conf: set CTEST_PARALLEL_LEVEL=$JOBS
same as CARGO_BUILD_JOBS etc, else it defaults to 1. theoretically this
could break some very poorly written test suite, but gentoo has set it
since 2016 with no apparent issues.

https://cgit.gentoo.org/repo/gentoo.git/commit/?id=adfccec02c2474a509fc10d580a25d72f33cab55
2023-04-14 06:22:44 +00:00
Marian Buschsieweke 10b4e8e8bd abuild: Fix building with spaces in path 2023-04-14 06:03:17 +00:00
psykose b7c4da8f53 abuild: pass --no-warnings to apk index
apk 2.14 now warns on missing deps in the same repo even with --quiet:

WARNING: No provider for the dependencies:
  /bin/sh aardvark-dns abseil-cpp-dev acl acl-dev alsa-lib-dev android-tools aom-dev apache2 at-spi2-core at-spi2-core-dev atomicparsley attr attr-dev
  audacious autoconf avahi avahi-dev aws-c-cal-dev aws-c-compression-dev aws-checksums-dev baloo-dev bash bc binutils binutils-dev black blas-dev bluez
2023-04-14 05:55:29 +00:00
Jakub Jirutka 49ee073171 abuild: ensure that pkgdesc is a single line
If pkgdesc containes a newline, abuild generates an invalid .PKGINFO.
See https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/44042
2023-04-14 05:53:40 +00:00
Jakub Jirutka d7f5c73806 abuild.conf: add CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
This speeds up fetching of the crates index.

https://blog.rust-lang.org/inside-rust/2023/01/30/cargo-sparse-protocol.html
2023-04-14 05:51:25 +00:00
psykose 97509ac620 abuild: unpack .tar.zst 2023-04-13 18:52:12 +00:00
Natanael Copa 16febc41a2 abuild: warn when p in pkgver should be _p
we have for example had sudo 1.9.5p2 which should have been
1.9.5_p2. Show a warning to avoid this in the future.
2023-04-07 11:27:09 +00:00
bjorn3 28bba53928 Replace the rust install preset with an empty section
Using install -Dm755 ... is preferable over cargo install
2023-03-28 11:44:45 +02:00
Ariadne Conill d54d8f5d06 abuild: bwrap: use --new-session to mitigate TIOCSTI escape (CVE-2017-5226)
Bubblewrap has an under-documented option which helps to protect against abuse
of TIOCSTI ioctls against the session PTY to escape the build sandbox, the
--new-session option.

Related: https://github.com/containers/bubblewrap/issues/555
Related: https://github.com/containers/bubblewrap/issues/142
Related: https://news.ycombinator.com/item?id=30825088
Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
2023-03-14 11:06:25 +00:00
Natanael Copa 3695cd2008 apkgrel: fix usage and invalid options and add test 2023-01-10 17:47:22 +01:00
Natanael Copa 115e41fd1f abuild: remove use of svnurl
Not used by anything in aports
2023-01-10 17:40:09 +01:00
Natanael Copa 42820c6d44 abuild: remove support for "volatile" packages
It never really worked and we don't have any of those. Remove the code
to simplify.
2023-01-10 16:38:15 +00:00
ptrcnull e261a84f2d newapkbuild: allow for underscore version separator 2022-12-29 14:57:20 +00:00
swiftlebottomE b224407821 abuild: Use $ABUILD_USERDIR instead of hardcoding path 2022-12-14 22:00:19 +00:00
Natanael Copa e8c1ce6127 abuild: fix cleanoldpkg
we should only delete packages of the specified architecture

fixes https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10078
2022-12-06 16:59:03 +01:00
Natanael Copa ee13f777d5 abuild: fix check of maintainer address
Also disallow leading and trailing spaces/quotes.

fixes https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10080
2022-12-02 16:44:53 +01:00
Rohit Lodha 37e150738e APKBUILD should be $APKBUILD 2022-12-02 07:29:21 +00:00
Natanael Copa 21880d296a abuild: add test for -dev subpackage 2022-12-01 15:53:43 +01:00
Natanael Copa b253118cca abuild: add test for -doc subpackages 2022-12-01 15:46:03 +01:00
Samanta Navarro f8208aded0 abuild-tar: do not read past corrupt tar header
The abuild-tar binary can read past the end of an invalid tar header if
the contained link name does not end with a terminating NUL character.
In this case it reads past the end of hdr.linkname and maybe even past
the end of the header if no further NUL bytes are contained.

The strnlen function is used in apk-tools for such cases as well, so I
recommend to use it here too.

How to reproduce (compile abuild-tar with -fsanitize=address):

cat > poc.tar.b64 << EOF
b3dvAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwMDAwMDAAMDAwMDAw
MAAwMDAwMDAwADAwMDAwMDAwMDAwADAwMDAwMDAwMDAwADAwMDAwMAAAMm93b29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb28=
EOF
base64 -d < poc.tar.b64 | abuild-tar --hash
2022-11-30 13:16:19 +00:00
Natanael Copa f97bf6ae8b abuild-tar: add test for --hash 2022-11-30 13:02:18 +01:00
Natanael Copa 9aeb6484b6 abuild-tar: add test for --cut 2022-11-30 12:19:34 +01:00
Natanael Copa 8a16229d3e abuild-tar: fix --help and add test for usage 2022-11-30 12:00:09 +01:00
Natanael Copa 94122d7bec tests: pre-generate abuild keys
use a fake openssl for abuild-keykey and pre-generate the abuild keys.
This makes tests run significantly faster as we dont need to generate
new keys for each abuild-keygen test.
2022-11-29 09:08:14 +00:00
Natanael Copa 7d540bed4d ==== release 3.10.0 ==== 2022-11-29 10:37:08 +01:00
psykose 4e855560a7 newapkbuild: make meson test use --print-errorlogs
-v outputs everything from the tests, which has a lot of very
uninteresting and spammy data. all we really care about is failures, so
print only the errorlogs on failure by default. this is analogous to the
cmake output on failure
2022-10-25 09:25:56 +00:00
Kevin Daudt 15b6128a45 abump: source APKBUILD in subshell
As demonstrated in b7813c3 (abump: demonstrate abump environment
polution, 2022-10-15), sourcing APKBUILDs in abump polutes it's
environment.

Address that by sourcing the APKBUILD in a subshell as well as some of
the checks following it that need the information from the APKBUILD.
That information is not used any later, it's not an issue that it's
discarded outside of the subshell.
2022-10-15 11:06:53 +00:00
Kevin Daudt b7813c377c abump: demonstrate abump environment polution
abump sources the APKBUILD to be able to check some variables. When the
APKBUILD exports variables in the global scope, that affects the abump
environment as well.

When abump then executes abuild, it will inherrit the environment from
abump. This is an issue under the following circumstances:

* The APKBUILD only updates the value of an exported variable if it's
  not set
* The default value includes a variable set by abuild, like `$srcdir`.

Because the variable is set by abuild, but not abump, the resulting
exported variable is different. Because it's then set incorrectly in the
abump environment, it's no longer updated with the correct variable when
abuild is invoked.
2022-10-15 10:52:11 +00:00
Natanael Copa 5c542377a8 abuild: fix amove corner cases
fix `amove dir` (without leading or trailing /)

add various testcases for amove
2022-09-23 12:31:56 +02:00
Natanael Copa 53501883fc make: let the test timeout be configurable at run time 2022-09-13 07:42:09 +02:00
Natanael Copa 58a9262c48 make: increase test timeout 2022-09-12 17:50:35 +02:00
Natanael Copa d2ef7f4edb ==== release 3.10.0_rc1 ==== 2022-09-12 17:27:47 +02:00
Natanael Copa eeaa4b0f32 buildlab: use grep -E instead of egrep 2022-09-12 17:20:47 +02:00
Natanael Copa 04c2c9edde abuild: use grep -E instead of egrep
fixes the warning:

  egrep: warning: egrep is obsolescent; using grep -E
2022-09-12 17:06:21 +02:00
Noel Kuntze 6cef1a2150 functions.sh.in: Export original CC, CXX, CPPFLAGS, CXXFLAGS, CFLAGS, LDFLAGS in BUILDCC, BUILDCXX, BUILDLD, BUILDCPPFLAGS, BUILDCXXFLAGS, BUILDCFLAGS, BUILDLDFLAGS Default CC to gcc, CXX to g++, LD to ld 2022-08-30 10:38:38 +02:00
Natanael Copa 8357608d5f tests: functions: add test for empty but set vars
ref https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/112
2022-08-30 10:38:38 +02:00
ptrcnull 7878630e26 abuild: add $conflicts to spellchecking 2022-08-29 08:10:37 +00:00
Drew DeVault 1571e2887e Downgrade suid w/o PIE from error to warning
Some languages (such as Hare) do not support position-independent
executables. Such cases require extra care and scrutiny, but should not
be entirely disallowed.
2022-08-28 18:18:49 +02:00
xdavidwu 3ee93ea8bc abuild: print failed patches to stderr 2022-08-05 14:32:26 +00:00
psykose 927f14f6b3
abuild: fix package size for script-only packages 2022-08-05 16:00:36 +02:00
Natanael Copa 3a235e4d3c tests: adjust to openssl 3
openssl3 have different output to stderr when generating keys. Adjust
accordingly.
2022-08-05 13:22:02 +00:00