Add handling for a vendor target that will handle specific vendor
requirements from a package's options.conf.
The initial change adds handling for 'cargo vendor', creating a new
repo in the configured git repositiory and setting up the ARCHIVES
variable in the package's Makefile.
If the repo already exists, the tooling will check if a repo change
was detected after re-vendoring the sources. If a change is detected
the new content will be pushed and the ARCHIVES variable will be
updated.
Signed-off-by: William Douglas <william.douglas@intel.com>
The conditional setting of WITH_SUDO has been a no-op for several years,
so just set the default value to `sudo`.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
This change will make the commits for bumped packages (from bump.list)
more useful in identifying the original reason for the bumps.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
To add a custom commit summary for a `make bump`, set the BUMP_MSG
variable to the desired summary.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Add an update target to common whose purpose is to be able to check if
a new version exists, update to the new version and push the updated
version to koji.
This target will cause bump.list content to be rebuilt as well.
Signed-off-by: William Douglas <william.douglas@intel.com>
Add the ability for make koji to look a bump.list file in the package
directory and make and koji all the packages listed in that file.
This is useful for package's that depend on the updated package and
should be rebuilt after the original package is.
If for some reason this functionality isn't desired make koji-nowait
will not look at the bump.list.
Signed-off-by: William Douglas <william.douglas@intel.com>
To make the handling of the variable more uniform, set autospec's
cleanup flag using make conditional constructs rather than shell
expansion.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Now, whenever the `CLEANUP` variable is set in the environment, `make
build` and `make build-nocheck` will automatically clean up the build
chroot after a build completes. The same feature has been supported by
`make autospec` for many years.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
This target can be used to query direct build and runtime dependencies
of any package in Clear Linux OS. The `make help` documentation
describes the current output format and limitations.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Because clr-debug-info doesn't yet use the lookaside location
(/usr/share/debug), we still need to modify the debuginfo symlinks to
point to the location under /usr/lib/debug.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
It's not likely for a package name to have the substring "-debuginfo",
but just in case, implement more robust detection of the actual
debuginfo rpm for a package by constructing the name more carefully.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
The debuginfo subpackages are automatically generated, with content
installed according to a predefined directory layout, so there is little
value in checking for banned files they may ship.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
The `rpmspec` commands usually specify the same flags aside from the
queryformat and the spec file(s) to query.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Indicating end of options with `--` fixes the command invocation if the
filename begins with a hyphen.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
For most people simply running "make autospec" or "make build", this
will have no effect. The RPM macro %{_smp_mflags} is predefined to be
the number of CPUs in your system anyway (output of getconf
_NPROCESSORS_ONLN).
But if you do have MAKEFLAGS set in your environment to your CPU
number (and you should), that will get passed to rpmbuild, which then
uses it during the build. And if you, like me, have it set to a
slightly higher number, RPM will use that too.
But if you run "make -jN autospec", then that N will be passed to the
build. This is especially important if you have something doing "make
-j1": RPM will be -j1 too! So instead of "make -j1", run "MAKEFLAGS= make"
For commands that modify contents of $(TOPLVL)/repo, wrap them with
`flock`, using a lock file `repo.lock` within the repo directory. This
ensures that the repo directory tree is not otherwise modified while
each command is running.
To keep the implementation simple, I opted to not wrap entire makefile
targets with a lock (e.g. lock the entire operation of `make repoadd`).
If users need that level of control, they can implement locking in a
separate wrapper script.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
This change allows specifying short/long mock options via MOCK_OPTS
without a leading backslash escape.
For example, `MOCK_OPTS="\--old-chroot --no-clean"` can now be specified
as `MOCK_OPTS="--old-chroot --no-clean"`.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
In the submmitter's local pacakge directory can have mulptiple spec file present,
or swap file thus to avoid adding multiple specfile in git add better only add package
specific specfile.
Signed-off-by: santoshkumar <santoshkumar.laxminarayan.rai@intel.com>
This tool no longer works and the repo looks abandoned (last commit
04/27/2017). The NVD cve database has changed format since.
Signed-off-by: Alex Jaramillo <alex.v.jaramillo@intel.com>
For the `make autospec` variants, use a simpler calling convention so
that the callers do not need to know the boolean option names.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
When building large numbers of packages that are interdependent,
recreating the rpm repository for each package can create a large
overhead during processing. 'repostage' is intended to provide an
intermediate target for adding a package to a repository that can
later be built using localrepocreate.
Any attempt at rebasing is unnecessary when the current branch is
up-to-date with the remote, so skip the rebase in this case.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
This tooling is designed to automate 2 main tasks that are part of
the package maintenance workflow of Clear Linux LTS. These tasks are:
- Back-porting of a patch (e.g. security fix) to older branches.
- (Not implemented yet) Building RPMs with the intent of sharing binaries of
older LTS branches to newer branches whenever possible.
2 new targets are defined in Makefile.common.lts:
- lts-show: Show a summary of active LTS branches
- lts-backport: Attempt to fast-forward the previous active branch to the current branch
"Active" branches correspond to LTS releases that currently have support.
They are listed in a flat file "active-branches" in "lts" directory, from
oldest to newest. New entries are added by Clear Linux LTS developers as
new releases become available, and entries removed as releases become
obsolete.
Note: For CVE patching, the tool is not aware of CVE severity levels or
the minimum supported severity level of each LTS branch. For now it is
the user's responsibility to know when a CVE does not apply to older
branches and stop calling "make lts-backport".
Signed-off-by: Tan, Yew Wayne <yew.wayne.tan@intel.com>
Consider the following scenario:
* System being set-up on day 0 (by running user-setup.sh script)
* The github.com/clearlinux/common repo is cloned under projects/common
* Fast-forward in the future
* Clone a package for which there is no reachable upstream URL
(e.g. clr-power-tweaks or clr-systemd-config
* Run 'make sources'
That operation will fail because it will search for the src.rpm files starting
with the Clear Linux build determined by looking up the latest tag in the
project/common repo (and the latest is the one from day 0). So it will only find
older versions of those src.rpm, and will eventually fail.
This patch adds a line that fetches all the latest tags from the upstream
projects/common repo so the 'latest_builds' variable is *really* set to the
latest of the day.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
The for-review.txt files were being generated with `git show` and thus
not compatible with `git send-email`. Use `git format-patch` instead to
fix this issue.
Also add a more prominent notice about the existence of for-review.txt
and its intended purpose.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
We always want the koji CLI to wait for `make scratch-wait`, regardless
of the environment koji detects it is being run under.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Debuginfo packages now install binary debuginfo to /usr/share/debug and
source debuginfo to /usr/share/debug/src.
The purpose for the migration is for these new locations to serve as
"lookaside" directories used by future versions of clr-debug-info,
enabling select debuginfo packages to be installed in bundles and safely
coexist with the FUSE mounts.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Some packages in the distro do not generate debuginfo subpackages, so
make sure to skip the debuginfo install in this situation.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
The caches are not package-specific, and --scrub=all will clean all
caches even with the --uniqueext option. For that, we have 'make
mockclean' instead.
Using both --clean and --scrub=chroot is also unnecessary, as --clean
already removes the chroot.
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
For testing purposes only, if developers want to install RPMs they just
built onto their development system, potentially overwriting content
that is tracked by swupd, they can now run 'make install-local' to
install all of the RPMs, or 'make install-debuginfo-local' to just
install the debuginfo package.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
For some commands, it is useful to be able to add custom prerequisites.
We already support this for `make koji` and `make build`, and there was
just a request to add it for `make autospec` and `make autospecnew`.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Make the SPDX puller code more robust by reading from JSON sources
rather than parsing HTML. Also, keep all deprecated license identifiers
for now, since they are still present in the spdx list.
Four identifiers were removed since the last refresh, but we are keeping
them for backwards compatibility. The removed license IDs now reside in
the licenses-extra file. At
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Previously, we always emitted an error and failed when the specfile or
upstream target was requested, breaking the -B switch. Now, we only fail
if the file doesn't actually exist, not just that it was requested via
make.
