While at here convert the script to not depend anymore on snapshots
but depend but use the new pkgbase.
The packages for the bases system are published on a weekly basis
(every sunday at weekly on sunday at 12:00 UTC)
Use mkimg(1) to directly create the qcow2
This wasn't working properly: we weren't waiting for gpg-agent to
finish (just sending the signal). As a result, umount was still
failing.
The new PID namespace stuff supersedes this.
If we fail to umount, then this spams the logfile with numerous
errors, making it difficult to understand the cause of the issue.
This isn't a useful thing to do in the first place since this
directory is mounted.
This is a lightweight package, so shouldn't matter. Ignoring it
can lead to errors:
error: missing dependency 'initramfs' for package 'linux'
linux: ignoring package upgrade (6.7.6.arch1-1 => 6.7.8.arch1-1)
mkinitcpio: ignoring package upgrade (37.3-1 => 38-4)
Resolving dependencies...
Checking package conflicts...
:: uninstalling package 'mkinitcpio-37.3-1' due to conflict with 'cryptsetup-2.7.0-3'
The _apply_patch function for applying patches from lists.sr.ht requires
curl and since curl is not installed with the current set of packages
anymore, install it explicitly.
GnuPG recently made "keyboxd", an alternative keyring storage, the
default for new installs [1]. For reasons I cannot explain yet, a gpg
command will hang indefinetly trying to talk to keyboxd, if all of the
following are true:
- keyboxd is already running for the user
- it is managed by the systemd-user session (!?)
- the gpg command is run inside fakeroot
This is easily reproducible on builds.sr.ht: when building and signing a
package with `makepkg`, it will just hang forever after outputting
"Entering fakeroot environment". One can see in the process tree that it
is executing a gpg command inside a fakeroot at that time, which never
finishes.
While I have not found the cause, this issue is not isolated to
builds.sr.ht. I have reproduced this on other Arch Linux systems.
I am trying to figure out what the exact issue is, and whom to talk to
about it, but until then I think just avoiding keyboxd makes sense.
Hence, this commit disables keyboxd system-wide by adding a
configuration put forth in [2]. I verified that this is indeed
sufficient to make GnuPG fall back to the old storage format, even for
new setups.
[1] https://github.com/gpg/gnupg/blob/master/README#L119
[2] https://marc.info/?l=gnupg-users&m=170193805722787&w=2
For improved visibility, emails triggered by failures when building
build images will henceforth go to the new mailing list created for this
purpose: https://lists.sr.ht/~sircmpwn/sr.ht-image-failures
Otherwise we get this:
+ chroot root sudo -u build -g build /bin/bash -c 'cd /home/build && cd yay && env GOCACHE=/tmp/cache makepkg -si --noconfirm --skippgpcheck'
==> Making package: yay 12.2.0-1 (Mon Dec 4 09:06:25 2023)
==> Checking runtime dependencies...
warning: database file for 'multilib' does not exist (use '-Sy' to download)
==> Checking buildtime dependencies...
warning: database file for 'multilib' does not exist (use '-Sy' to download)
==> Installing missing dependencies...
warning: database file for 'multilib' does not exist (use '-Sy' to download)
error: failed to prepare transaction (could not find database)
==> ERROR: 'pacman' failed to install missing dependencies.
==> Missing dependencies:
-> go>=1.19
==> ERROR: Could not resolve all dependencies.
Currently the Arch image is broken because the keyring has been
updated but the package is too old:
curl: signature from "Leonidas Spyropoulos <artafinde@archlinux.org>" is unknown trust
:: deleting corrupted file '/var/cache/pacman/pkg/curl-8.4.0-2-x86_64.pkg.tar.zst' (invalid or corrupted package (PGP signature))
syslinux: signature from "Leonidas Spyropoulos <artafinde@archlinux.org>" is unknown trust
:: deleting corrupted file '/var/cache/pacman/pkg/syslinux-6.04.pre2.r11.gbf6db5b4-4-x86_64.pkg.tar.zst' (invalid or corrupted package (PGP signature))
Build manifests that want to compile 32-bit binaries can now
enable `gcc -m32` and the like with
```
packages:
- multilib-devel
```
instead of a task that patches pacman.conf.
Fedora 40 is now Fedora Rawhide and Fedora 39 is the branched release.
fedora/latest will be moved to fedora/39 when Fedora 39 is officially
released around October.
Changes the error message for trying to run a non-existent architecture
to mention that it's specifically the architecture that's missing and
not the specific image (which is checked at the very start of the file).
The error message for a non-existent image is clarified a bit too, to
make it more clear what's wrong in the manifest, instead of how the
runner is detecting that.
The --refresh flag is not supported by dnf5 which is now the default in
Fedora Rawhide. The fedora/rawhide image is completely broken without
this change.
Simon Ser