Add environment variable that autospec uses to decide when to log
fatal errors to a special file used for the update process.
Also does the cleanup of the autospec created file for new autospec
runs.
Signed-off-by: William Douglas <william.douglas@intel.com>
Add additional capability for update target to read a package's
update.first file that will run make update on each of the packages
included in that file.
The intended usage model is for packages that need to be updated in
order to specify that order via the update.first (the packages are
updated in the order specified unless a package in the list also has
an update.first file).
As part of this change, force the update target to always build in
koji synchronously to avoid issues where the update being depended on
isn't finished in koji.
Loops are not supported and will cause problems.
Signed-off-by: William Douglas <william.douglas@intel.com>
Changes vendor from a target (it could still have a stand-alone target
but it wouldn't be used by the autospec target).
This change is needed because the Makefile is rewritten in the
autospec target but the ARCHIVES make variable is going to use the
value when make is executed. The common change causes the ARCHIVES
value to be eval'd during the autospec target execution in order for
the update from the vendor script to be seen by make.
The vendor script changes fix bugs in updating the options.conf and
Makefile. It also now handles returning the original ARCHIVES value as
well as prevent subshell scripts from outputting and adding badness
into the eval'd ARCHIVES variable.
Signed-off-by: William Douglas <william.douglas@intel.com>
Add koji-tag and koji-untag targets that can be used to tag and untag
dist-clear on the current nvr build of the package in koji.
Signed-off-by: William Douglas <william.douglas@intel.com>
Add handling for a vendor target that will handle specific vendor
requirements from a package's options.conf.
The initial change adds handling for 'cargo vendor', creating a new
repo in the configured git repositiory and setting up the ARCHIVES
variable in the package's Makefile.
If the repo already exists, the tooling will check if a repo change
was detected after re-vendoring the sources. If a change is detected
the new content will be pushed and the ARCHIVES variable will be
updated.
Signed-off-by: William Douglas <william.douglas@intel.com>
The conditional setting of WITH_SUDO has been a no-op for several years,
so just set the default value to `sudo`.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
This change will make the commits for bumped packages (from bump.list)
more useful in identifying the original reason for the bumps.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
To add a custom commit summary for a `make bump`, set the BUMP_MSG
variable to the desired summary.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Add an update target to common whose purpose is to be able to check if
a new version exists, update to the new version and push the updated
version to koji.
This target will cause bump.list content to be rebuilt as well.
Signed-off-by: William Douglas <william.douglas@intel.com>
Add the ability for make koji to look a bump.list file in the package
directory and make and koji all the packages listed in that file.
This is useful for package's that depend on the updated package and
should be rebuilt after the original package is.
If for some reason this functionality isn't desired make koji-nowait
will not look at the bump.list.
Signed-off-by: William Douglas <william.douglas@intel.com>
To make the handling of the variable more uniform, set autospec's
cleanup flag using make conditional constructs rather than shell
expansion.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Now, whenever the `CLEANUP` variable is set in the environment, `make
build` and `make build-nocheck` will automatically clean up the build
chroot after a build completes. The same feature has been supported by
`make autospec` for many years.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
This target can be used to query direct build and runtime dependencies
of any package in Clear Linux OS. The `make help` documentation
describes the current output format and limitations.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Because clr-debug-info doesn't yet use the lookaside location
(/usr/share/debug), we still need to modify the debuginfo symlinks to
point to the location under /usr/lib/debug.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
It's not likely for a package name to have the substring "-debuginfo",
but just in case, implement more robust detection of the actual
debuginfo rpm for a package by constructing the name more carefully.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
The debuginfo subpackages are automatically generated, with content
installed according to a predefined directory layout, so there is little
value in checking for banned files they may ship.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
The `rpmspec` commands usually specify the same flags aside from the
queryformat and the spec file(s) to query.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Indicating end of options with `--` fixes the command invocation if the
filename begins with a hyphen.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
For most people simply running "make autospec" or "make build", this
will have no effect. The RPM macro %{_smp_mflags} is predefined to be
the number of CPUs in your system anyway (output of getconf
_NPROCESSORS_ONLN).
But if you do have MAKEFLAGS set in your environment to your CPU
number (and you should), that will get passed to rpmbuild, which then
uses it during the build. And if you, like me, have it set to a
slightly higher number, RPM will use that too.
But if you run "make -jN autospec", then that N will be passed to the
build. This is especially important if you have something doing "make
-j1": RPM will be -j1 too! So instead of "make -j1", run "MAKEFLAGS= make"
For commands that modify contents of $(TOPLVL)/repo, wrap them with
`flock`, using a lock file `repo.lock` within the repo directory. This
ensures that the repo directory tree is not otherwise modified while
each command is running.
To keep the implementation simple, I opted to not wrap entire makefile
targets with a lock (e.g. lock the entire operation of `make repoadd`).
If users need that level of control, they can implement locking in a
separate wrapper script.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
This change allows specifying short/long mock options via MOCK_OPTS
without a leading backslash escape.
For example, `MOCK_OPTS="\--old-chroot --no-clean"` can now be specified
as `MOCK_OPTS="--old-chroot --no-clean"`.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
In the submmitter's local pacakge directory can have mulptiple spec file present,
or swap file thus to avoid adding multiple specfile in git add better only add package
specific specfile.
Signed-off-by: santoshkumar <santoshkumar.laxminarayan.rai@intel.com>
This tool no longer works and the repo looks abandoned (last commit
04/27/2017). The NVD cve database has changed format since.
Signed-off-by: Alex Jaramillo <alex.v.jaramillo@intel.com>
For the `make autospec` variants, use a simpler calling convention so
that the callers do not need to know the boolean option names.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
When building large numbers of packages that are interdependent,
recreating the rpm repository for each package can create a large
overhead during processing. 'repostage' is intended to provide an
intermediate target for adding a package to a repository that can
later be built using localrepocreate.
Any attempt at rebasing is unnecessary when the current branch is
up-to-date with the remote, so skip the rebase in this case.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
This tooling is designed to automate 2 main tasks that are part of
the package maintenance workflow of Clear Linux LTS. These tasks are:
- Back-porting of a patch (e.g. security fix) to older branches.
- (Not implemented yet) Building RPMs with the intent of sharing binaries of
older LTS branches to newer branches whenever possible.
2 new targets are defined in Makefile.common.lts:
- lts-show: Show a summary of active LTS branches
- lts-backport: Attempt to fast-forward the previous active branch to the current branch
"Active" branches correspond to LTS releases that currently have support.
They are listed in a flat file "active-branches" in "lts" directory, from
oldest to newest. New entries are added by Clear Linux LTS developers as
new releases become available, and entries removed as releases become
obsolete.
Note: For CVE patching, the tool is not aware of CVE severity levels or
the minimum supported severity level of each LTS branch. For now it is
the user's responsibility to know when a CVE does not apply to older
branches and stop calling "make lts-backport".
Signed-off-by: Tan, Yew Wayne <yew.wayne.tan@intel.com>
Consider the following scenario:
* System being set-up on day 0 (by running user-setup.sh script)
* The github.com/clearlinux/common repo is cloned under projects/common
* Fast-forward in the future
* Clone a package for which there is no reachable upstream URL
(e.g. clr-power-tweaks or clr-systemd-config
* Run 'make sources'
That operation will fail because it will search for the src.rpm files starting
with the Clear Linux build determined by looking up the latest tag in the
project/common repo (and the latest is the one from day 0). So it will only find
older versions of those src.rpm, and will eventually fail.
This patch adds a line that fetches all the latest tags from the upstream
projects/common repo so the 'latest_builds' variable is *really* set to the
latest of the day.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
The for-review.txt files were being generated with `git show` and thus
not compatible with `git send-email`. Use `git format-patch` instead to
fix this issue.
Also add a more prominent notice about the existence of for-review.txt
and its intended purpose.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
We always want the koji CLI to wait for `make scratch-wait`, regardless
of the environment koji detects it is being run under.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Debuginfo packages now install binary debuginfo to /usr/share/debug and
source debuginfo to /usr/share/debug/src.
The purpose for the migration is for these new locations to serve as
"lookaside" directories used by future versions of clr-debug-info,
enabling select debuginfo packages to be installed in bundles and safely
coexist with the FUSE mounts.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
Some packages in the distro do not generate debuginfo subpackages, so
make sure to skip the debuginfo install in this situation.
Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
