New and updated dist scripts, dist package, and build-environment

configuration - makepkg.conf for building dist-package in build chroot - runtime.sh to package a lightweight runtime image for pacwrap-agent - Link to flatpak-xdg-utils binaries to /usr/local/bin in pacwrap-base-dist package.
2023-11-16 01:03:53 -05:00 · 2023-11-16 01:03:53 -05:00 · 3cff477830
commit 3cff477830
parent 0da7635e4b
9 changed files with 367 additions and 30 deletions
--- a/dist/config/makepkg.conf
+++ b/dist/config/makepkg.conf
@ -0,0 +1,160 @@
+#!/hint/bash
+#
+# /etc/makepkg.conf
+#
+
+#########################################################################
+# SOURCE ACQUISITION
+#########################################################################
+#
+#-- The download utilities that makepkg should use to acquire sources
+#  Format: 'protocol::agent'
+DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
+          'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+          'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'rsync::/usr/bin/rsync --no-motd -z %u %o'
+          'scp::/usr/bin/scp -C %u %o')
+
+# Other common tools:
+# /usr/bin/snarf
+# /usr/bin/lftpget -c
+# /usr/bin/wget
+
+#-- The package required by makepkg to download VCS sources
+#  Format: 'protocol::package'
+VCSCLIENTS=('bzr::breezy'
+            'fossil::fossil'
+            'git::git'
+            'hg::mercurial'
+            'svn::subversion')
+
+#########################################################################
+# ARCHITECTURE, COMPILE FLAGS
+#########################################################################
+#
+CARCH="x86_64"
+CHOST="x86_64-pc-linux-gnu"
+
+#-- Compiler and Linker Flags
+#CPPFLAGS=""
+CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
+        -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
+        -fstack-clash-protection -fcf-protection"
+CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+LTOFLAGS="-flto=auto"
+#RUSTFLAGS="-C opt-level=2"
+#-- Make Flags: change this for DistCC/SMP systems
+#MAKEFLAGS="-j2"
+#-- Debugging flags
+DEBUG_CFLAGS="-g"
+DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
+#DEBUG_RUSTFLAGS="-C debuginfo=2"
+
+#########################################################################
+# BUILD ENVIRONMENT
+#########################################################################
+#
+# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
+#  A negated environment option will do the opposite of the comments below.
+#
+#-- distcc:   Use the Distributed C/C++/ObjC compiler
+#-- color:    Colorize output messages
+#-- ccache:   Use ccache to cache compilation
+#-- check:    Run the check() function if present in the PKGBUILD
+#-- sign:     Generate PGP signature file
+#
+BUILDENV=(!distcc color !ccache check !sign)
+#
+#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
+#-- specify a space-delimited list of hosts running in the DistCC cluster.
+#DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
+
+#########################################################################
+# GLOBAL PACKAGE OPTIONS
+#   These are default values for the options=() settings
+#########################################################################
+#
+# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto)
+#  A negated option will do the opposite of the comments below.
+#
+#-- strip:      Strip symbols from binaries/libraries
+#-- docs:       Save doc directories specified by DOC_DIRS
+#-- libtool:    Leave libtool (.la) files in packages
+#-- staticlibs: Leave static library (.a) files in packages
+#-- emptydirs:  Leave empty directories in packages
+#-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
+#-- purge:      Remove files specified by PURGE_TARGETS
+#-- debug:      Add debugging flags as specified in DEBUG_* variables
+#-- lto:        Add compile flags for building with link time optimization
+#
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto)
+
+#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
+INTEGRITY_CHECK=(sha256)
+#-- Options to be used when stripping binaries. See `man strip' for details.
+STRIP_BINARIES="--strip-all"
+#-- Options to be used when stripping shared libraries. See `man strip' for details.
+STRIP_SHARED="--strip-unneeded"
+#-- Options to be used when stripping static libraries. See `man strip' for details.
+STRIP_STATIC="--strip-debug"
+#-- Manual (man and info) directories to compress (if zipman is specified)
+MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
+#-- Doc directories to remove (if !docs is specified)
+DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
+#-- Files to be removed from all packages (if purge is specified)
+PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
+#-- Directory to store source code in for debug packages
+DBGSRCDIR="/usr/src/debug"
+
+#########################################################################
+# PACKAGE OUTPUT
+#########################################################################
+#
+# Default: put built package and cached source in build directory
+#
+#-- Destination: specify a fixed directory where all packages will be placed
+#PKGDEST=/home/packages
+#-- Source cache: specify a fixed directory where source files will be cached
+#SRCDEST=/home/sources
+#-- Source packages: specify a fixed directory where all src packages will be placed
+#SRCPKGDEST=/home/srcpackages
+#-- Log files: specify a fixed directory where all log files will be placed
+#LOGDEST=/home/makepkglogs
+#-- Packager: name/email of the person or organization building packages
+#PACKAGER="John Doe <john@doe.com>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
+
+#########################################################################
+# COMPRESSION DEFAULTS
+#########################################################################
+#
+COMPRESSGZ=(gzip -c -f -n)
+COMPRESSBZ2=(bzip2 -c -f)
+COMPRESSXZ=(xz -c -z -)
+COMPRESSZST=(zstd -c -z -q -)
+COMPRESSLRZ=(lrzip -q)
+COMPRESSLZO=(lzop -q)
+COMPRESSZ=(compress -c -f)
+COMPRESSLZ4=(lz4 -q)
+COMPRESSLZ=(lzip -c -f)
+
+#########################################################################
+# EXTENSION DEFAULTS
+#########################################################################
+#
+PKGEXT='.pkg.tar.zst'
+SRCEXT='.src.tar.gz'
+
+#########################################################################
+# OTHER
+#########################################################################
+#
+#-- Command used to run pacman as root, instead of trying sudo and su
+#PACMAN_AUTH=()
+PACKAGER='Xavier R.M. <sapphirus@azorium.net>'
--- a/dist/pacwrap-base-dist/PKGBUILD
+++ b/dist/pacwrap-base-dist/PKGBUILD
@ -1,20 +1,20 @@
 # Maintainer: Xavier R.M. (sapphirus at azorium dot net)

 pkgname=('pacwrap-base-dist')
-pkgver=0.4.3
+pkgver=0.5.0
 pkgrel=1
-pkgdesc=""
+pkgdesc="Distribution package to configure Arch Linux for use with pacwrap."
 arch=('any')
 url="https://pacwrap.sapphirus.org/"
 license=('GPLv3-only')
 conflicts=('pacwrap-base-dist')
-depends=('fakeroot' 'fakechroot')
+depends=('fakeroot' 'fakechroot' 'flatpak-xdg-utils')

 source=("${pkgname}-${pkgver}-${pkgrel}.tar.zst::${pkgname}-${pkgver}-${pkgrel}.tar.zst")
-sha512sums=('53226312533e2935caf23d9102e277e441f0165f394752a022c27dd2ede6fffad9a2e1a0005468d7fd94e0da0a51c10675f43bc4292c4864ece9c88dbd539f69')
+sha512sums=('96e4cfde8f56eaff18d5b807564f3fa8b2a1b72d115210c7f3de44a8651dfecb3a6b862fcf3b622e0ecc4bd28fb7726fb9a0dee163e3871895a1975830e88dea')

 package() {
-  	cd "${srcdir}"
+  cd "${srcdir}"

 	local pacman_hooks=('20-systemd-sysusers'
 			    '30-systemd-tmpfiles' 
@ -22,14 +22,18 @@ package() {
 			    '30-systemd-sysctl'
 			    '30-systemd-catalog'
 			    '30-systemd-update'
-		    	    '30-systemd-udev-reload'
+		    	'30-systemd-udev-reload'
 			    '30-systemd-hwdb'
-		    	    'dbus-reload')
+		    	'dbus-reload')
 	
-	mkdir -p "$pkgdir/etc/pacman.d/hooks/"
+	mkdir -p "${pkgdir}/etc/pacman.d/hooks/" "${pkgdir}/usr/local/bin/"
 	for pacman_hook in ${pacman_hooks[@]}; do
-		ln -s /dev/null "$pkgdir/etc/pacman.d/hooks/$pacman_hook.hook"; done
-   	install -Dm 644 "dist_src/0-pacwrap-dist.hook" "${pkgdir}/usr/share/libalpm/hooks/0-pacwrap-dist.hook"
-   	install -Dm 644 "dist_src/42-trust-permission.hook" "${pkgdir}/usr/share/libalpm/hooks/42-trust-permission.hook"
-   	install -Dm 755 "dist_src/pacwrap-dist" "${pkgdir}/usr/bin/pacwrap-dist"
+		ln -s /dev/null "${pkgdir}/etc/pacman.d/hooks/${pacman_hook}.hook"; done
+	
+  ln -s ../../../usr/lib/flatpak-xdg-utils/xdg-open "${pkgdir}/usr/local/bin/"
+	ln -s ../../../usr/lib/flatpak-xdg-utils/xdg-email "${pkgdir}/usr/local/bin/"
+
+  install -Dm 644 "dist_src/0-pacwrap-dist.hook" "${pkgdir}/usr/share/libalpm/hooks/0-pacwrap-dist.hook" 
+  install -Dm 644 "dist_src/42-trust-permission.hook" "${pkgdir}/usr/share/libalpm/hooks/42-trust-permission.hook"
+  install -Dm 755 "dist_src/pacwrap-dist" "${pkgdir}/usr/share/libalpm/scripts/pacwrap-dist"
 }
--- a/dist/pacwrap-base-dist/dist_src/0-pacwrap-dist.hook
+++ b/dist/pacwrap-base-dist/dist_src/0-pacwrap-dist.hook
@ -7,4 +7,4 @@ Target = pacwrap-base-dist
 [Action] 
 Description = Configuring base container..
 When = PostTransaction 
-Exec = /usr/bin/pacwrap-dist
+Exec = /usr/share/libalpm/scripts/pacwrap-dist config
--- a/dist/pacwrap-base-dist/dist_src/42-trust-permission.hook
+++ b/dist/pacwrap-base-dist/dist_src/42-trust-permission.hook
@ -8,4 +8,4 @@ Target = usr/share/ca-certificates/trust-source/*
 [Action] 
 Description = Permissing certificate store... 
 When = PostTransaction 
-Exec = /usr/bin/chmod -R 755 /usr/share/ca-certificates /etc/ca-certificates
+Exec = /usr/share/libalpm/scripts/pacwrap-dist cert-store
--- a/dist/pacwrap-base-dist/dist_src/pacwrap-dist
+++ b/dist/pacwrap-base-dist/dist_src/pacwrap-dist
@ -1,6 +1,6 @@
 #!/bin/bash
 #
-#  Pacwrap - distribution script
+#  pacwrap - distribution script
 # 
 #  Copyright (C) 2023 Xavier R.M. 
 #  sapphirus(at)azorium(dot)net
@ -23,8 +23,12 @@ user() {
 		return
 	fi

+	local uid=$(id -u)
+	local gid=$(id -g)
+
 	echo "Creating dummy user.."
-	echo 'user:x:1000:1000::/:/usr/bin/nologin' >> /etc/passwd
+	echo "user:x:$uid:$gid::/:/usr/bin/nologin" >> /etc/passwd
+	echo "user:x:$gid:" >> /etc/group
 }

 locale() {
@ -34,7 +38,7 @@ locale() {

 	echo "Initializing locales.."	
 	
-	if [[ $LANG == "en_US.UTF-8" ]] || [[ -z $LANG ]]; then
+	if [[ $LANG == "en_US.UTF-8" ]] || [[ -z "$LANG" ]]; then
 		echo -e "\nen_US.UTF-8" >> "$INSTANCE_ROOT/etc/locale.gen"	
 	else
 		echo -e "\nen_US.UTF-8 UTF-8\n$LANG ${LANG#*.}" >> "$INSTANCE_ROOT/etc/locale.gen"	
@ -44,15 +48,24 @@ locale() {
 	locale-gen
 }

-cleanup() {
-	rm /usr/share/libalpm/hooks/0-pacwrap-dist.hook /usr/bin/pacwrap-dist
-}
-
 dist() {
 	locale
 	user
-	cleanup
 	echo "Distribution configuration completed."
 }

-dist
+cert_store() {
+	chmod -R 755 /usr/share/ca-certificates /etc/ca-certificates
+	
+	if [[ $? == 0 ]]; then 
+		echo "Applied permissions to certificate stores successfully."
+	else
+		echo "Error occurred whilst applying permissions to certificate stores."
+	fi
+}
+
+case $1 in
+	cert-store) cert_store;;
+	config) dist;;
+	*) echo "error: Hook parameter '$1' not found.";;
+esac
--- a/dist/tools/clean.sh
+++ b/dist/tools/clean.sh
@ -1,2 +1,51 @@
-rm ./dist/dist-repo/*
-rm ./dist/pacwrap-base-dist/*.tar.zst
+#!/bin/bash
+#
+#  pacwrap - clean.sh
+# 
+#  Copyright (C) 2023 Xavier R.M. 
+#  sapphirus(at)azorium(dot)net
+#
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, with only version 3 of the License.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+BOLD=$(tput bold)
+GREEN=$(tput setaf 2)
+RED=$(tput setaf 1)
+RESET=$(tput sgr0)
+DIST_RUNTIME="./dist/runtime"
+DIST_BASE="./dist/pacwrap-base-dist"
+DIST_REPO="./dist/dist-repo"
+
+runtime() {
+	if [[ -d "$DIST_RUNTIME" ]]; then
+		rm -r "$DIST_RUNTIME"
+		echo "$BOLD$GREEN     Cleaned$RESET container runtime"
+	fi
+}
+
+repo() {
+	if [[ -d "$DIST_REPO" ]] && [[ -d "$DIST_BASE" ]]; then
+		rm $DIST_REPO/*  $DIST_BASE/*.tar.zst
+		echo "$BOLD$GREEN     Cleaned$RESET repositories"
+	fi
+}
+
+invalid() {
+	echo $BOLD$RED"error:$RESET Invalid parameter '$1'"
+}
+
+for var in "$@"; do case $var in 
+	repo) repo;;
+	runtime) runtime;;
+	*) invalid $var;;
+esac; done
--- a/dist/tools/package.sh
+++ b/dist/tools/package.sh
@ -1,8 +1,28 @@
 #!/bin/bash
+#
+#  pacwrap - package.sh
+# 
+#  Copyright (C) 2023 Xavier R.M. 
+#  sapphirus(at)azorium(dot)net
+#
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, with only version 3 of the License.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
 cd ./dist/$1/
 tar acvf $1-$2-$3.tar.zst dist_src
 SUM=($(sha512sum $1-$2-$3.tar.zst))
 cp PKGBUILD PKGBUILD.tmp
 sed -e "s/sha512sums=(.*)/sha512sums=('${SUM[0]}')/g;s/pkgver=.*/pkgver=$2/g;s/pkgrel=.*/pkgrel=$3/g" < "PKGBUILD.tmp" > "PKGBUILD"
-makepkg -sf
-rm -r src pkg PKGBUILD.tmp
+makepkg -scf --config ../config/makepkg.conf 
+cp $1-$2-$3-any.pkg.tar.zst ../dist-repo/
+rm PKGBUILD.tmp
--- a/dist/tools/repo.sh
+++ b/dist/tools/repo.sh
@ -1,7 +1,26 @@
+#!/bin/bash
+#
+#  pacwrap - repo.sh
+# 
+#  Copyright (C) 2023 Xavier R.M. 
+#  sapphirus(at)azorium(dot)net
+#
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, with only version 3 of the License.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
 echo "Preparing repo.."
-./dist/tools/clean.sh
+./dist/tools/clean.sh repo
 echo "Packaging.."
 ./dist/tools/package.sh pacwrap-base-dist $1 $2
 echo "Building repo.."
-cp ./dist/*/*.pkg.tar.zst ./dist/dist-repo/
-repose pacwrap -zfr ./dist/dist-repo/
+repose pacwrap -vzfr ./dist/dist-repo/
--- a/dist/tools/runtime.sh
+++ b/dist/tools/runtime.sh
@ -0,0 +1,72 @@
+#!/bin/bash
+#
+#  pacwrap - runtime.sh
+#
+#  This script packages the most minimal userspace environment possible 
+#  allowing pacwrap's agent binary to execute in an otherwise empty container.
+# 
+#  Copyright (C) 2023 Xavier R.M. 
+#  sapphirus(at)azorium(dot)net
+#
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, with only version 3 of the License.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+BOLD=$(tput bold)
+RED=$(tput setaf 1)
+GREEN=$(tput setaf 2)
+RESET=$(tput sgr0)
+LIB_DIR="/lib"
+BIN_DIR="/bin"
+DEST_DIR="./dist/runtime"
+
+# Validate parameters
+
+if [[ -z $1 ]]; then
+	echo $BOLD$RED"error:$RESET target not specified.";
+	exit 1
+fi
+
+case $1 in
+	release);; 
+	debug);;	
+	*)	echo $BOLD$RED"error:$RESET target $1 is invalid.";
+		exit 1;;
+esac
+
+# Cleanup and prepare container runtime
+
+./dist/tools/clean.sh runtime 0> /dev/null
+mkdir -p $DEST_DIR$LIB_DIR $DEST_DIR$BIN_DIR
+
+# Validate preparation environment
+
+if [[ ! -d "$DEST_DIR$LIB_DIR" ]] || [[ ! -d $DEST_DIR$BIN_DIR ]]; then
+	echo $BOLD$RED"error:$RESET '$DEST_DIR': directory not found.";	
+	exit 1
+fi
+
+# Populate libraries for container runtime
+
+ldd ./target/$1/pacwrap-agent | sed -e "s/.*=> //g;s/ (.*)//g;s/\t.*//g" | xargs cp -Lt $DEST_DIR$LIB_DIR
+ldd /usr/bin/gpg | sed -e "s/.*=> //g;s/ (.*)//g;s/\t.*//g" | xargs cp -Lt $DEST_DIR$LIB_DIR
+ldd /usr/bin/bash | sed -e "s/.*=> //g;s/ (.*)//g;s/\t.*//g" | xargs cp -Lt $DEST_DIR$LIB_DIR
+cp -L /usr/lib/libfakeroot/libfakeroot.so $DEST_DIR$LIB_DIR
+cp -L /usr/lib/libfakeroot/fakechroot/libfakechroot.so $DEST_DIR$LIB_DIR
+
+# Populate binaries for container runtime
+
+ln -s ../lib64/ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld.so
+cp ./target/$1/pacwrap-agent $DEST_DIR$BIN_DIR/agent
+cp /usr/bin/gpg $DEST_DIR$BIN_DIR/gpg
+
+echo "$GREEN$BOLD    Packaged$RESET container runtime [$1]"