do it in portbuild from outside the jail thesedays
* Ignore /var/db/fontconfig which does not get restored to pristine state
* Save copies of master.passwd and groups and check them after the build
for changes, to look for user/group additions that may not be correctly
registered in UIDs/GIDs. Future work will hopefully automatically
check against those files and make unregistered IDs a fatal condition
* Correct logic mistake that was keeping distfiles for collection when
the checksum mismatched
* Don't try and mount/umount procfs, it won't work when we build inside a
jail.
* Report the uname -mr of the build environment, to ease confusion of
people reading the error logs by mail.
cause is because it was specified in the list twice)
* Don't panic when the list of packages to delete becomes empty
* When unexpected filesystem changes are detected, bail immediately
instead of proceeding and hiding the error in the middle of
the log
with all the errors from broken pkg_delete scripts
* As threatened in previous commit, move the pristine mtree spec
generation to phase 1, and avoid having to delete and re-add the
FETCH_DEPENDS. We still have to keep them installed until after
'make extract' though
* Only keep distfiles if the port passes 'make fetch', so we don't
accidentally keep files with invalid checksums
* Use cleanup() instead of directly exiting in some error conditions
* When cleanup() is called indicating an unexpected error (possibly
leaving the filesystem in an inconsistent state), mark the chroot
as dirty so it will not be reused by another build
* Remove packages in dependency order instead of with pkg_delete -f in
possibly incorrect order. This paves the way for focusing on errors
generated by pkg_delete (e.g. @dirrm that should be @dirrmtry) in the
future. [1]
* Detect when packages were left behind because they were still in use
by other packages, indicating an incorrect or incomplete port
dependency list
* Partial support for ccache builds (not yet complete)
* Support non-standard LOCALBASE/X11BASE settings
* Delete FETCH_DEPENDS after the 'make fetch' stage. We have to add
them again before 'make extract' since, due to a lack of a 'fetch
cookie', 'make extract' actually *always* runs 'make fetch' again,
even when distfiles have already been fetched. We need to delete
them in order to:
* Record an mtree spec of the 'pristine' filesystem state, for later
comparison.
# XXX Perhaps this can be done in stage 1 before the
# 'make fetch', removing the need to delete-and-readd.
* Also record an mtree spec of the filesystem state prior to the
build phase. Compare this to the state of the filesystem
immediately before running the install phase, to detect files
that were inappropriately installed during the build phase.
Doing so is a fatal error.
* Prior to installing, try to run a 'regression-test' port makefile
target, if it exists. This allows ports to hook their internal
regression suites into the package build. This needs further
infrastructure support, e.g. a default NOP target in bsd.port.mk.
For now this is run with 'make -k', so regression failures will
not yet actually cause package build failures.
* Separate the 'make install' from 'make package' phases rather than
let the latter implicitly do the install.
* After the newly packaged port has been deleted, compare the state
of the filesystem to the state before 'make install'.
* After removing BUILD and RUN dependencies, compare the filesystem
state to the pristine state before the start of the build. This
also detects package dependencies that did not clean themselves up
properly when deinstalling. It also detects dependencies that were
'missing' from the port INDEX: these were not pkg_added into place,
so the package build had to compile them from scratch (a big waste
of time and effort), so this is now also a fatal error.
PR: ports/85746 (inspired by) [1]
Submitted by: Boris B. Samorodov <bsam@ipt.ru> [1]
around silly failures in some ports when it is present
* Add a footer to completed builds that is recognised by pdispatch to
retry truncated builds
* If ALWAYS_KEEP_DISTFILES is not present in the environment or port
makefile, then clean up DISTDIR after the build finishes, to prevent
collection of distfiles for this port.
* Finish flipping the switch on -noplistcheck - this is activated by
passing in the NOPLISTCHECK environment variable instead of
using PLISTCHECK in the opposite case
(i.e. if the package lists a dependency on the relevant package in the
PACKAGE_BUILDING case). This allows packages that require an
available DISPLAY to again build (with some forthcoming fixes to
existing ports).
Improve the reporting of detected filesystem anomalies (extra files
left behind after deinstallation, changes to and removal of
pre-existing files)
the port deinstall; mtree does not recurse into subdirectories it does
not know about
* Break out the 'files incorrectly removed' and 'files incorrectly changed'
into their own sections
if requested (".keep" file in the port directory), no matter where
we fail.
* Add package dependencies before the corresponding build stage
(e.g. FETCH_DEPENDS before 'make fetch'), and remove them again
afterwards. This allows us to catch ports that list their
dependencies too early/late.
* No need to check for set[ug]id files here, the security-check target
in bsd.port.mk does it for us.
* Exclude some more directories and files from showing up in the mtree
before/after comparison, to trim down the false-positive in the
pkg-plist check.
* Other minor changes
are now collected by polling a small server on the client (using netcat)
instead of having the client scp the load files to the master every 10
seconds (!!!)
we want enabled by default (it causes too many build failures). This
was too easy to forget when building packages 'by hand' using the parallel
makefile.
Otherwise it is often too hard to find out which port left the directory
behind since packages propagates extra directories. Also, many
of the extra directories contain files, so it makes no sense to ignore them.
directories are still included in the list of "extra stuff", but
are not considered fatal (for now).
(2) Use ls's -a flag to print out list of all files in ${PREFIX}, for
obvious reasons.
can be fetched even if the packaging fails. This is to ensure distfiles
with correct checksums can be fetched and put on ftp.FreeBSD.org
before they disappear from the original master sites.
(2) Delete port and all dependencies after packaging, and print out
list of
(a) Security-related files (set[ug]id flag set or world-writable)
(b) Extra files and directories
Requested by: kris (2a only)
Tools/portbuild for details.
Note that this is still a major work in progress. I probably forgot
something but I need to go to sleep. At least it works here (most of
the time :).
