mirror of
https://github.com/moparisthebest/arch-ppa
synced 2024-11-24 01:22:18 -05:00
Initial
This commit is contained in:
commit
0bb0b0294e
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
chroot
|
||||||
|
*~
|
||||||
|
pkg
|
132
README.md
Normal file
132
README.md
Normal file
@ -0,0 +1,132 @@
|
|||||||
|
arch-ppa
|
||||||
|
========
|
||||||
|
|
||||||
|
arch-ppa is a tool that easily creates and maintains your own Arch
|
||||||
|
package repositories. Kind of like the Personal Package Archives (PPA)
|
||||||
|
that Ubuntu has, but way easier.
|
||||||
|
|
||||||
|
The Arch User Repository (AUR) is convenient, has tons of software, is
|
||||||
|
generally awesome, but is inherently insecure. Anyone can upload
|
||||||
|
anything they want to the AUR. This is why I don't like to use AUR
|
||||||
|
helpers like `yaourt` or `pacaur`. Using the AUR with a helper
|
||||||
|
requires you to be diligent in reviewing the PKGBUILDs it downloads,
|
||||||
|
in order to make sure it doesn't include things like viruses or
|
||||||
|
trojans, or downloading from a weird URL.
|
||||||
|
|
||||||
|
I wanted a way to maintain my own repository of PKGBUILDs, downloaded
|
||||||
|
from the AUR, that I have manually verified. Building and installing
|
||||||
|
packages built from those pre-verified PKGBUILDs resolves the
|
||||||
|
insecurity of the AUR in my mind. This gives me the full power of the
|
||||||
|
AUR, but allows me to automate my package installs in a way that I
|
||||||
|
never felt comfortable with before. Seriously, why does pacaur have a
|
||||||
|
`--noconfirm` option? That's scary.
|
||||||
|
|
||||||
|
The packages this tool builds can be hosted as a regular arch
|
||||||
|
repository, which you put into your `/etc/pacman.conf`. The added
|
||||||
|
convenience here is that although the packages came from the AUR, your
|
||||||
|
clients install it through regular-old pacman.
|
||||||
|
|
||||||
|
|
||||||
|
Usage
|
||||||
|
-----
|
||||||
|
|
||||||
|
Clone this repo somewhere. Everything will be self contained in this
|
||||||
|
directory wherever you put it.
|
||||||
|
|
||||||
|
arch-ppa should not be run as root, but the user that does run it does
|
||||||
|
need sudo privileges as the underlying devtools need it.
|
||||||
|
|
||||||
|
Run setup:
|
||||||
|
|
||||||
|
./arch-ppa setup
|
||||||
|
|
||||||
|
The setup installs a few dependencies like `devtools` and `git`. It
|
||||||
|
also creates a chroot directory which is a container that will be used
|
||||||
|
to build packages in a completely clean environment using
|
||||||
|
`systemd-nspawn`.
|
||||||
|
|
||||||
|
Add packages from the AUR:
|
||||||
|
|
||||||
|
./arch-ppa add cower curlbomb pasystray
|
||||||
|
|
||||||
|
This downloads PKGBUILDs from the AUR for the listed packages: cower,
|
||||||
|
curlbomb, pasystray, as well as all of their AUR dependencies, and
|
||||||
|
placed into the `src` directory. You can put PKGBUILDs from other
|
||||||
|
sources in the src directory too; they don't have to be from the
|
||||||
|
AUR. Note that any PKGBUILD that lists a dependency of another
|
||||||
|
package, that is not found in one of the arch repositories, needs to
|
||||||
|
have it's own PKGBUILD in the `src` directory too. (The `add` command
|
||||||
|
does this for you automatically, thanks to `cower -d -d`)
|
||||||
|
|
||||||
|
Build everything:
|
||||||
|
|
||||||
|
./arch-ppa clean ryan
|
||||||
|
./arch-ppa build ryan
|
||||||
|
|
||||||
|
The build process operates on a single repository, in this example
|
||||||
|
called `ryan`. You can maintain several repositories, each containing
|
||||||
|
different sets of packages. Just make sure to give each repository a
|
||||||
|
unique name.
|
||||||
|
|
||||||
|
The clean process removes the repository directory containing all the
|
||||||
|
built packages. It also deletes the chroot for the repository from the
|
||||||
|
`chroot` directory.
|
||||||
|
|
||||||
|
The build process creates a new package repository called `ryan` (or
|
||||||
|
whatever you called yours.) It finds PKGBUILD files in the `src`
|
||||||
|
directory and figures out the dependency chain and builds all the
|
||||||
|
packages in the correct order. Additionally, you can specify
|
||||||
|
individual package names after the repository name if you only wish to
|
||||||
|
build certain packages. If you do specify package names, make sure to
|
||||||
|
include all dependencies, as they will not be included otherwise.
|
||||||
|
|
||||||
|
The repository directory can be listed in your /etc/pacman.conf like this:
|
||||||
|
|
||||||
|
[ryan]
|
||||||
|
Server = file:///home/ryan/git/arch-ppa/ryan
|
||||||
|
SigLevel = Required TrustedOnly
|
||||||
|
|
||||||
|
This is the full path to the ryan repository just created. Run `pacman
|
||||||
|
-Sy` and you should see pacman synchronize with the new repository
|
||||||
|
name. Alternatively, upload the directory to a webserver and share it
|
||||||
|
with all your friends.
|
||||||
|
|
||||||
|
The SigLevel option specifies how pacman should trust our
|
||||||
|
repository. `Required TruestedOnly` is a strict rule that the key must
|
||||||
|
be in the local pacman keyring and be assigned a trust level. Pacman
|
||||||
|
will usually download the key without a problem, but you will still
|
||||||
|
need to locally sign the key to trust it.
|
||||||
|
|
||||||
|
Mini gpg tutorial
|
||||||
|
-----------------
|
||||||
|
View your key information:
|
||||||
|
|
||||||
|
gpg -K
|
||||||
|
|
||||||
|
This should output something like this:
|
||||||
|
|
||||||
|
/home/ryan/.gnupg/pubring.kbx
|
||||||
|
-----------------------------
|
||||||
|
sec rsa2048/4BAACCF8 2016-04-15 [SC]
|
||||||
|
uid [ultimate] test guy <ryantest@enigmacurry.com>
|
||||||
|
ssb rsa2048/C22BDAA5 2016-04-15 [E]
|
||||||
|
|
||||||
|
My public key ID is 4BAACCF8. Always omit the part before the
|
||||||
|
slash. If it didn't output any key information at all, this means you
|
||||||
|
don't have a key yet. Create one and follow the prompts:
|
||||||
|
|
||||||
|
gpg --gen-key
|
||||||
|
|
||||||
|
Send your public key to the keyserver (replace with your ID):
|
||||||
|
|
||||||
|
gpg --send-keys 4BAACCF8
|
||||||
|
|
||||||
|
On each machine you will use your package repository, run the
|
||||||
|
following to import the key and to locally sign (assign trust) the
|
||||||
|
key (again, replace with your key ID):
|
||||||
|
|
||||||
|
sudo pacman-key -r 4BAACCF8
|
||||||
|
sudo pacman-key --lsign-key 4BAACCF8
|
||||||
|
|
||||||
|
If you don't sign the key, pacman will complain that your packages are
|
||||||
|
not trusted.
|
211
arch-ppa
Executable file
211
arch-ppa
Executable file
@ -0,0 +1,211 @@
|
|||||||
|
BASEDIR=$(cd $(dirname $0); pwd)
|
||||||
|
CHROOT=$BASEDIR/chroot
|
||||||
|
|
||||||
|
if [ `whoami` == 'root' ]; then
|
||||||
|
echo "Must not be run as root."
|
||||||
|
exit 1;
|
||||||
|
fi
|
||||||
|
|
||||||
|
exe() { echo "\$ $@" ; "$@" ; }
|
||||||
|
|
||||||
|
create_chroot() {
|
||||||
|
(
|
||||||
|
set -e
|
||||||
|
if [ ! -d $CHROOT ]; then
|
||||||
|
echo "## Creating arch chroot ..."
|
||||||
|
exe mkdir $CHROOT
|
||||||
|
exe mkarchroot $CHROOT/root base-devel
|
||||||
|
# install cower:
|
||||||
|
TMP_BUILD=`mktemp -d`
|
||||||
|
exe cd $TMP_BUILD
|
||||||
|
curl https://aur.archlinux.org/cgit/aur.git/snapshot/cower.tar.gz | tar xz
|
||||||
|
exe cd cower
|
||||||
|
exe makechrootpkg -r $CHROOT -l root -- -i
|
||||||
|
exe rm -rf $TMP_BUILD
|
||||||
|
echo "## Root chroot build complete."
|
||||||
|
fi
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
install_system_deps() {
|
||||||
|
(
|
||||||
|
set -e
|
||||||
|
pkg_dep() {
|
||||||
|
if !(pacman -Q $1 > /dev/null 2>&1); then
|
||||||
|
echo "Installing $1..."
|
||||||
|
exe sudo pacman -S --noconfirm $1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
pkg_dep devtools
|
||||||
|
pkg_dep git
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
package_build() {
|
||||||
|
# Build a package in a container. $1=container $2=package
|
||||||
|
# PKGBUILD must already exist in src/
|
||||||
|
# If package has dependencies we also maintain in src/, recursively build those first.
|
||||||
|
(
|
||||||
|
set -e
|
||||||
|
if [ "$#" -ne 2 ]; then
|
||||||
|
echo "package_build takes two args: repo_name and package_name"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
repo_name=$1
|
||||||
|
package_name=$2
|
||||||
|
setup
|
||||||
|
pkgdir=$BASEDIR/src/$package_name
|
||||||
|
if [ ! -d $pkgdir ]; then
|
||||||
|
echo "Package $package_name not found in $pkgdir"
|
||||||
|
echo "Try running: package_add $package_name"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if [ ! -f $pkgdir/PKGBUILD ]; then
|
||||||
|
echo "Cannot find PKGBUILD in $pkgdir"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if (arch-nspawn $CHROOT/$repo_name pacman -Q $package_name > /dev/null 2>&1); then
|
||||||
|
echo "Package $package_name already built"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
# Find and build dependencies:
|
||||||
|
find_deps $package_name | while read dep; do
|
||||||
|
# Build the dep if we haven't already yet:
|
||||||
|
if !(arch-nspawn $CHROOT/$repo_name pacman -Q $dep > /dev/null 2>&1); then
|
||||||
|
package_build $repo_name $dep
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
# Build package:
|
||||||
|
cd $pkgdir
|
||||||
|
rm -f *.pkg.tar.xz
|
||||||
|
mkdir -p $BASEDIR/$repo_name
|
||||||
|
exe makechrootpkg -r $CHROOT -l $repo_name -- -i
|
||||||
|
exe mv *.pkg.tar.xz $BASEDIR/$repo_name
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
sign_packages() {
|
||||||
|
if [ "$#" -lt 1 ]; then
|
||||||
|
echo "sign_packages requires specifying the list of packages to sign"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
(
|
||||||
|
set -e
|
||||||
|
cd $(dirname $1)
|
||||||
|
for pkg in "$@"; do
|
||||||
|
gpg --detach-sign --use-agent $pkg
|
||||||
|
done
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
find_deps() {
|
||||||
|
# Inspect package srcinfo and pull out the dependencies that we maintain in src
|
||||||
|
(
|
||||||
|
set -e
|
||||||
|
setup
|
||||||
|
cat $BASEDIR/src/$1/.SRCINFO | sed -nr 's/^\W*depends = ([-a-zA-Z0-9]+).*$/\1/p' | while read dep; do
|
||||||
|
if [ -d $BASEDIR/src/$dep ]; then
|
||||||
|
echo $dep
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
add() {
|
||||||
|
# Add packages and their AUR dependencies to src
|
||||||
|
(
|
||||||
|
set -e
|
||||||
|
if [ "$#" -lt 1 ]; then
|
||||||
|
echo "Must specify package(s) to add"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
setup
|
||||||
|
if [ ! -d $BASEDIR/src ]; then
|
||||||
|
mkdir $BASEDIR/src
|
||||||
|
fi
|
||||||
|
for pkg in "$@"; do
|
||||||
|
arch-nspawn $CHROOT/root --bind=$BASEDIR/src:/src cower -q -t /src -d -d $pkg
|
||||||
|
done
|
||||||
|
sudo chown $USER -R $BASEDIR/src
|
||||||
|
echo "## All requested packages added"
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
list() {
|
||||||
|
if [ "$#" -ne 1 ]; then
|
||||||
|
echo "Must specify repository name to list"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
setup
|
||||||
|
arch-nspawn $CHROOT/$1 pacman -Qm
|
||||||
|
}
|
||||||
|
|
||||||
|
setup() {
|
||||||
|
mkdir -p $BASEDIR/src
|
||||||
|
install_system_deps
|
||||||
|
create_chroot
|
||||||
|
}
|
||||||
|
|
||||||
|
clean() {
|
||||||
|
(
|
||||||
|
set -e
|
||||||
|
if [ "$#" -lt 1 ]; then
|
||||||
|
echo "Must specify repository names to clean"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
for repo in "$@"; do
|
||||||
|
# Clean repository and chroot
|
||||||
|
if [ -d $BASEDIR/chroot/$repo ]; then
|
||||||
|
exe sudo rm -rf $BASEDIR/chroot/$repo $BASEDIR/chroot/$repo.lock
|
||||||
|
fi
|
||||||
|
if [ -d $BASEDIR/$repo ]; then
|
||||||
|
exe rm -rf $BASEDIR/$repo
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
build() {
|
||||||
|
(
|
||||||
|
set -e
|
||||||
|
if [ "$#" -lt 1 ]; then
|
||||||
|
echo "Must specify repository name to build (and optional package list to include)"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
setup
|
||||||
|
repo_name=$1
|
||||||
|
mkdir -p $BASEDIR/$repo_name
|
||||||
|
shift
|
||||||
|
if [ "$#" -gt 0 ]; then
|
||||||
|
# Build only requested packages
|
||||||
|
for pkg in "$@"; do
|
||||||
|
package_build $repo_name $pkg
|
||||||
|
done
|
||||||
|
echo "## All requested packages built"
|
||||||
|
else
|
||||||
|
# Build all packages:
|
||||||
|
cd $BASEDIR/src
|
||||||
|
find -type d | sed 's/\.\///' | tail -n +2 | while read pkg; do
|
||||||
|
package_build $repo_name $pkg
|
||||||
|
done
|
||||||
|
echo "## All packages built"
|
||||||
|
fi
|
||||||
|
echo "## Updating repository database"
|
||||||
|
cd $BASEDIR/$repo_name
|
||||||
|
if [ `ls *.pkg.tar.xz 2> /dev/null | wc -l` -lt 1 ]; then
|
||||||
|
echo "No packages found in $BASEDIR/$repo_name"
|
||||||
|
return 1;
|
||||||
|
fi
|
||||||
|
sign_packages *.pkg.tar.xz
|
||||||
|
repo-add $repo_name.db.tar.gz *.pkg.tar.xz
|
||||||
|
sign_packages $repo_name.db
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$#" -gt 0 ]; then
|
||||||
|
$*
|
||||||
|
else
|
||||||
|
echo "Must specify a command, eg: add, build, list, clean"
|
||||||
|
exit 1
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user