We used to test the first argument in parseScript() and then again
for all arguments in parseRCPOT(), with different error messages in
each case as if they were separate issues. Only, the one in parseRCPOT()
didn't get a chance to execute because it was caught by checkDep() before
it (probably added after the file trigger check was initially added) and
so for invalid file trigger conditions (such as an unexpanded macro), you'd
get a very misleading error about dependency tokens where an absolute path
is expected, and worse, it was reporting an incorrect line and a line
number while at it.
Measure twice, cut once doesn't apply here. Check once and be consistent
about reporting it. Due to the way triggers are handled, we can't
report the line number correctly so don't even try, the wrong line
number is far worse than not having it at all. Add some tests to go.
Fixes: #2584
Mostly everything around us is UTF-8 these days, we need to get on with
the times. Especially now that glibc >= 2.35 finally supports it too.
Default to C.UTF-8 but allow disabling it via cmake option to fallback
to the traditional C locale instead.
Fixes: #2587
You're about to fall into a deep dark hole, proceed at your own risk.
When building for a target architecture with no defined %optflags
(such as noarch), one would think that %optflags would be empty. Not so in
rpm, instead we get %optflags for the detected architecture, and there
are packages which rely on this behavior. And in this particular dark
corner, buildarchtranslate is not applied so one can get drastically
different %optflags than you'd get without an explicit --target, on the
same system. Which can break builds.
This behavior is just WRONG, %optflags should always reflect the target
architecture. But as long as there's no %_host_optflags, lets at least try
to be consistent about it. When we fall back to detected architecture
%optflags, at least use the ones after buildarchtranslate to return
consistent data within a host.
This supposedly fixes the case where our newly added x86_64
subarchitecture definitions haven't been overridden in vendor config and
somebody's noarch package uses cmake to install data, and falls over due
to nonsensical optflags from rpm.
Initial report: https://bugzilla.redhat.com/show_bug.cgi?id=2231727
Commit c7fd9fed99 introduced %_sysusersdir
into the group of global configure-related macros but that's not what
it's related to at all, it's only related to our sysusers integration
feature. Move it where it really belongs.
Commit cececfb685 introduced %_root_prefix
macro but this clashes with pre-existing use in scl-utils:
https://bugzilla.redhat.com/show_bug.cgi?id=223345:
Just query the value from pkg-config if available and otherwise use
hardcoded value pointing to /usr instead. We don't need an intermediate
global macro for this.
Newer versions of Bubblewrap emit a warning for some select options
(--chdir included) about only the last occurrence having effect, which
is what happens in "make check" due to the --chdir override.
Instead, just cd to the /srv directory in a shell and then run rpmtests
from there, sigh. It's not the prettiest but it's better than always
printing the spurious warning.
With OverlayFS and unshare(1) being used in the test-suite, some of the
directories in the test tree, sandbox and rpmtests.dir/ end up missing
read/write or execute (for directories) permissions which means removing
them requires excessive force in the form of "unshare -r rm -rf".
CMake is clever enough to adjust the permissions behind the scenes on
"make clean" but manual removal should just work too, so fix that with
chmod(1) in the clean_up() trap.
Networking is currently enabled in test containers (we don't use
--unshare-net) but for domain names to be resolvable, we need an
/etc/resolv.conf, too, so add it from the host, similar to how e.g.
Podman does it.
We don't need network access in the test-suite but it can be handy for
interactive testing in "make shell", e.g. to allow gdb to fetch
debuginfo data through debuginfod automatically.
When managing the test tree with DNF, it's actually desirable to use the
same options that were used during the tree construction (especially the
cachedir), so just do that.
This just mirrors what mktree.fedora does already, and is only relevant
in "make shell" when using the mktree.podman backend, no other
functional change here.
Use /root instead of / (in runroot) or $PWD (in atlocal). We already do
this in "make shell" so that the root user's dotfiles (e.g. ~/.bashrc)
are loaded from the base image, this commit extends that to "make env"
and fixes the following:
- Calling "runroot rpm -qa" interactively now works as expected since
the rpmdb from the base image built by mktree.fedora (which
overrides %_dbpath in /root/.rpmmacros) is used
- The user's native prompt is now used, instead of the shell's default
This commit has no effect on the tests themselves since we initialize an
empty rpmdb before use anyway.
There was no technical reason for HOME being set to /, really, other
than it being a historical artifact from the fakechroot era.
Using which(1) in a shell function that's supposed to shadow the
original command is silly, it just results in a recursive call. What
was I thinking?
Instead, use "command" which is a better fit, see "help command".
The inner structure of mktree.output/ should be treated as an
implementation detail of the mktree backend in use. All we care for
here is that it's purged on a "make clean".
No functional change since only mktree.fedora uses this directory
currently and it already recreates the other contents (inst/) on each
rebuild anyway.
Using multiple out-of-source build directories (e.g. for topic branches
or experiments) currently means redownloading and recreating the base OS
image in each of them. This is slow, ineffective and just not needed
since the image isn't specific to the build and can just be reused.
To fix it, if a mktree.output/ directory exists in the source directory,
use that, otherwise just use the build directory like we always did so
that all build artifacts remain in the build directory unless told
otherwise (which some may prefer).
This means the feature can be enabled by simply creating an empty
mktree.output/ directory in the source directory. This is inspired by
mkosi(1), much like many other things in mktree.
We shall document this later, too.
If the source directory happens to be a git-worktree(1), go look into
the common worktree for mktree.output/. This ensures that worktrees, if
one uses them, are not treated as separate source directories and will
reuse the same image, too.
If using a common mktree.output/, also use a common mktree.cache/ (DNF
metadata and package cache) as separating those two makes little sense
in such a case.
Since the initial commit 185596818f, we've
primarily looked for a command named "7zip" but defaulted to 7za when
not found. Looking closer it seems that there never was any command
called 7zip at all, at least in the OSS landscape. So don't default to
something that doesn't even exist, which also means we'll land on an
actually working value if/when 7z[a] doesn't happen to be present at
build-time (there's no other reason for it to be there).
Related to #2608
Fixes a regression from the cmake transition where we'd just assume 7zip
as the name of the executable when previously we looked through 7zip,
7za and 7a. Resume the former behavior.
Fixes: #2608
We need more flexibility than a simple array can provide, and with
all the name munging, it's not particularly obvious as to what
values are set and how. Supposedly no functional changes here.
This is the only dependency on awk in the runtime commandline part of
rpm, which is bloating minimal container images a bit. We can rewrite
that into a single sed statement. We love you anyway, awk.
Pass this option, if specified, to $PODMAN. This is needed for
unattended use of mktree.podman where no tty is allocated, such as
GitHub Actions.
Use it as follows:
./mktree.podman check --interactive=false ...
Default to true (by keeping -i in the command line) still, it allows
CTRL-C to work when running the script interactively.
Based on a patch by @Conan-Kudo.
We actually do need this library in the test tree, in case the build is
configured with -DWITH_IMAEVM=ON which links librpmsign to it, it's not
a plugin. We already include libfsverity for the same reason.
This is a fixup for commit 4c41faf7a5.
We no longer have the ci/ directory as the Dockerfile has been moved to
tests/ and the "make ci" target is now added automatically if Podman or
Docker is available, so no need for ENABLE_CI anymore.
When using the mktree.podman backend (either through "make check"
directly or "make ci"), detect and choose Docker if Podman is not
available.
This fixes a regression from the original "make ci" where we also
supported Docker, and should've been part of commit
3b2e5eba18.
We don't need audit and ima-evm-utils, those are for the plugins which
we disable in the tests. We do, however, need popt and shadow-utils
(pulled in by the above) so list those explicitly.
This also conveniently removes systemd (pulled in by audit) which we no
longer need since commit 2bdd7d7cbd. To
future-proof, though, exclude systemd-udev which is not needed in
containers.
Lastly, remove gdb-headless which is redundant since we already install
gdb-minimal.
As a nice side effect, this fixes the spurious warning during the DNF
transaction that comes from systemctl(1) through the %systemd_post macro
used by audit (about requiring a /proc mount in the installroot).
This plugin doesn't work with --installroot and only prints a spurious
warning, disable it.
Refactor the contents of .rpmmacros now that we have more than one line
in it.
Don't make any assumptions about how other Linux distros would need to
implement the mktree interface. We simply don't know how much logic
could be shared between such native backends before some are actually
written.
Right now, we only have one such backend, for Fedora, that's a sample
size too small to draw any conclusions. Let's worry about refactoring
when it actually makes sense and stick with the most basic layout till
then.
As an example, while unshare(1) works for running DNF as an unprivileged
user, it does not seem to work with other package managers and tools
that I've tried such as zypper or debootstrap. Those may need another
way of doing this or even require sudo(8). Also, --map-auto only exists
in the newer unshare(1) versions, older versions would need manual
mapping.
This also simplifies the "env" command quite a bit, which is nice.
No functional changes otherwise.
* Allow setting platform macro settings externally
By default, rpm installs a series of default platforms based on
the CPU architecture names in subdirectories called
/usr/lib/platform/<arch>-<os>
This is enough for regular Linux distributions. However, some
distributions may use more specific platform names that refer to
particular computer systems, like SBCs or specific CPU tuning when
compiling.
If the platform subdirectory does not exist in /usr/lib/platform
then rpmbuild does not work.
Allow creating such custom platform subdirectory with feeding
the necessary data using external variables: RPM_CUSTOM_ARCH,
RPM_CUSTOM_ISANAME, RPM_CUSTOM_ISABITS, RPM_CUSTOM_CANONARCH
and RPM_CUSTOM_CANONCOLOR
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
---------
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Co-authored-by: Florian Festi <ffesti@redhat.com>
as this is the default location. Moving the the /bin and /sbin content
into the /usr directories is a distribution dependent thing inherited
from the Fedora script.
rpm -qf checks if the argument actually exists if it can't be found in
the rpmdb and gives different messages based on that.
This was done without taking the root dir into account leading to wrong
messages if the file only exists in the root dir but not outside.
Resolves: #2576
for user and group creation. It creates system users and groups based
on files in the format described in sysusers.d(5) using useradd and groupadd.
Only supports the --root, --replace and -help parameters.
This ensures no single test can (accidentally or intentionally) alter
the shared tree and influence the subsequent tests.
It also makes us comply with the following OverlayFS requirement:
Changes to the underlying filesystems while part of a mounted
overlay filesystem are not allowed. If the underlying filesystem is
changed, the behavior of the overlay is undefined, though it will
not result in a crash or deadlock.
This could have previously been violated when running parallel tests.
Contrary to what I thought in commit
cf8716f204,
to make this work, all we need is to mount a new tmpfs at /tmp in the
snapshot, as that's where some of the processes (patch(1) in particular)
need to write.
Update the comment in mktree.rootfs accordingly, too.
This backend uses Podman with the bundled Dockerfile to build the test
image. RPM is built in a container as that's part of the Dockerfile.
This makes the test-suite more portable since only Podman needs to be
installed when using this backend. That's especially useful in a CI
environment where we may not have a native backend for whatever OS the
VM is running, e.g. Ubuntu LTS in Semaphore CI.
Since it must be able to run without a build system in place, make it
also usable as a standalone script. For more portability, allow for
Docker to be selected in place of Podman by invoking it via a symlink
(multi-call).
We used to have a "make ci" target previously, add it back now and point
it to the script.
Make it also serve as a fallback backend now.
Panu Matilainen