Package already built (use -f to override)

I saw this error before a few times too, but I'm not sure when it appeared. Here's some output, even though some strings are localized in Romanian. Most of the time I update AUR packages with pacaur, but although in the past I used yaourt, I can't recall if I saw this error back then. Sometimes some selinux related packages get updated too with pacaur. If after that I try to use the _build_and_installall.sh this kind of thing happens:

[git master fa918bd ] $  git pull
[git master fa918bd ] $ ./build_and_install_all.sh
### selinux-alpm-hook and linux-selinux* packages output removed; irrelevant ###
==> Se face pachetul: selinux-refpolicy-git RELEASE_2_20170805.r8.g0ba1970b7cd4-1 (marți 15 august 2017, 07:50:50 +0300)
==> Se verifică dependențele necesare pentru rulare...
==> Se verifică dependențele necesare pentru compilare...
==> Se preiau sursele...
  -> Se actulizează depozitul refpolicy git ...
Fetching origin
  -> Se actulizează depozitul refpolicy-contrib git ...
Fetching origin
  -> Am găsit config
==> Se validează source fișiere cu sha256sums...
    refpolicy ... Omis
    refpolicy-contrib ... Omis
    config ... Trecut
==> Se elimină directorul $srcdir/ existent...
==> Se extrag sursele...
  -> Se creează o copie de lucru a depozitului refpolicy git ...
Cloning into 'refpolicy'...
done.
  -> Se creează o copie de lucru a depozitului refpolicy-contrib git ...
Cloning into 'refpolicy-contrib'...
done.
==> Se pornește prepare()...
Submodule 'policy/modules/contrib' (https://github.com/TresysTechnology/refpolicy-contrib.git) registered for path 'policy/modules/contrib'
Cloning into '/home/sorin-mihai/Proiecte/aur/selinux/selinux-refpolicy-git/src/refpolicy/policy/modules/contrib'...
done.
Submodule path 'policy/modules/contrib': checked out '21399a3094c822d95d6f5c3ed8b1ad747754cb1e'
### irrelevant output; all good ###  
==> Se pornește pkgver()...
==> Versiune actualizată: selinux-refpolicy-git RELEASE_2_20170805.r13.g9f7cbe14-1
==> EROARE: Un pachet a fost deja construit. (folosește -f pentru a suprascrie)

Adding -f to makepkg in the _build_and_installall.sh and running it again would make things work, but I'm really not sure it's the way to go. I'm not sure if the package in AUR is the same with the one in GitHub at all times, sometimes I saw differences and used the one in GitHub, but can't exactly recall when and how were they different. Also, if the script fails, does that happen only for the last package, like it happened in this case, and then could continue or is this a hard fail and we can't be sure it actually builds the other packages?

The big questions are:

if we used the script and installed all packages, rebooted in selinux mode and all that, do we really need to keep using the script, or is it safe to use AUR helpers like pacaur?
if perhaps not safe, because of the need to build in certain order, could/should the script have a hook for pacman.conf to add the selinux related packages to IgnoreGroup and remove them from there at the moment of installation through the script, to avoid building at least 2 times in this kind of situations?

Thanks for the report. I reproduced your output when running makepkg when there was a built package already present in selinux-refpolicy-git/, but the script contains a command to remove the packages before building: https://github.com/archlinuxhardened/selinux/blob/4c7b8f2824f9db6914cb5a84846274205d7630b1/build_and_install_all.sh#L38-L39

So I have not yet found what is going wrong. Could you please add a -v to command rm ("rm -v -f "./$1/"*.pkg.tar.xz "./$1/"*.pkg.tar.xz.sig") in order to see which files it removes? By the way running clean.sh before build_and_install_all.sh (to remove built packages from directories) might help. Does it solve your issue?

I'm not sure if the package in AUR is the same with the one in GitHub at all times, sometimes I saw differences and used the one in GitHub, but can't exactly recall when and how were they different.

The AUR git trees are actually git subtrees in this repository. So the content really should be the same but in two cases:

when I am updating packages and I have not used merge_aur.sh yet to integrate the AUR update back to the repo,
in other branches than master when testing -rc versions (like https://github.com/archlinuxhardened/selinux/commits/selinux-2.7-rc)

Also, if the script fails, does that happen only for the last package, like it happened in this case, and then could continue or is this a hard fail and we can't be sure it actually builds the other packages?

When makepkg fails, the script exits immediately. This is implemented with the || exit $? statement at the end of https://github.com/archlinuxhardened/selinux/blob/4c7b8f2824f9db6914cb5a84846274205d7630b1/build_and_install_all.sh#L39

if we used the script and installed all packages, rebooted in selinux mode and all that, do we really need to keep using the script, or is it safe to use AUR helpers like pacaur?

It is safe to build all SELinux-related packages directly from the AUR. I actually use pacaur. There is some complexity in the dependencies between the versions of SELinux packages (for example libselinux 2.7 needs libsepol>=2.7) and I write such things in the depends and makedepends arrays in PKGBUILD. This way, pacaur is unhappy when libselinux 2.7 is built when libsepol 2.6 is installed, but at least the error message it gives is very clear and the user can understand that she needs to upgrade libsepol first.

if perhaps not safe, because of the need to build in certain order, could/should the script have a hook for pacman.conf to add the selinux related packages to IgnoreGroup and remove them from there at the moment of installation through the script, to avoid building at least 2 times in this kind of situations?

build_and_install_all.sh is mostly intended to build packages when installing SELinux for the first time. It handles tricky situations likes replacing package sudo with sudo-selinux while keeping /etc/sudoers and building systemd-selinux and util-linux-selinux with a circular dependency chain (this is actually not really mandatory but it seems cleaner that building util-linux-selinux with libsystemd and then using it with libsystemd-selinux). As AUR helpers can be used to install and update SELinux packages, I prefer not to edit pacman.conf in the script.

Initially I thought that the PKGBUILD for selinux-refpolicy-git must have still mentioned the older version, but because it's a git package it pulled the changes before starting, so that's why it obviously failed, because the newer package was already built with pacaur and installed. Afterwards there is a diff in the PKGBUILD:

[git master 4c7b8f2 ] $ git pull
### run script, eventualy fail if build folder not clean ###
[git master 4c7b8f2 +] $  git diff
diff --git a/selinux-refpolicy-git/PKGBUILD b/selinux-refpolicy-git/PKGBUILD
index 6177991..3fbd831 100644
--- a/selinux-refpolicy-git/PKGBUILD
+++ b/selinux-refpolicy-git/PKGBUILD
@@ -2,7 +2,7 @@

 pkgname=selinux-refpolicy-git
 _policyname=refpolicy-git
-pkgver=RELEASE_2_20170805.r8.g0ba1970b7cd4
+pkgver=RELEASE_2_20170805.r13.g9f7cbe14
 pkgrel=1
 pkgdesc="Modular SELinux reference policy including headers and docs"
 arch=('any')

Sometimes I clean the folders that are also defined in ~/.config/pacman/makepkg.conf and clone clean the git repo, then used the script and the package was built clean. Now I am sure that in such cases I never saw the error. So, indeed the failure appears when the build folder isn't clean.

Added -v and here would be the output. Since I just cleaned and built, only selinux-refpolicy-git is being rebuilt, because of the version difference, and obviously failed to package again.

removed './selinux-refpolicy-git/selinux-refpolicy-git-RELEASE_2_20170805.r13.g9f7cbe14-1-any.pkg.tar.xz'
removed './selinux-refpolicy-git/selinux-refpolicy-git-RELEASE_2_20170805.r13.g9f7cbe14-1-any.pkg.tar.xz.sig'
==> Making package: selinux-refpolicy-git RELEASE_2_20170805.r13.g9f7cbe14-1 (Tue Aug 15 14:46:44 EEST 2017)
### removed ; irrelevant ###
==> Starting pkgver()...
==> ERROR: A package has already been built. (use -f to overwrite)

Also, clean.sh does not fix the problem, even though it does remove a lot of files.

If I understand correctly, you defined PKGDEST in your makepkg.conf so the conflict that makepkg sees is about a package which is already built in $PKGDEST. I see several options in order to fix this:

Not building selinux-refpolicy-git when the installed version is newer that the one in the git repository. This makes build_and_install_all.sh really do nothing if the pkgver has not been bumped in the -git package.
Overriding PKGDEST to force putting packages in the current directory. I do not like this option because it breaks a feature provided by makepkg.
Not building selinux-refpolicy-git at all in build_and_install_all.sh and stay with selinux-refpolicy-arch only. This might cause issues if selinux-refpolicy-git is installed and needs to be updated for whatever reason.

I am thinking of implementing option 1 and of adding a command-line option to the script which would force building the git package. Would such a change fix your issue?

I too believe that the 1st option is the right way to go.

archlinuxhardened / selinux

Package already built (use -f to override) #12