Closed sorin-mihai closed 7 years ago
Thanks for the report. I reproduced your output when running makepkg
when there was a built package already present in selinux-refpolicy-git/
, but the script contains a command to remove the packages before building:
https://github.com/archlinuxhardened/selinux/blob/4c7b8f2824f9db6914cb5a84846274205d7630b1/build_and_install_all.sh#L38-L39
So I have not yet found what is going wrong. Could you please add a -v
to command rm
("rm -v -f "./$1/"*.pkg.tar.xz "./$1/"*.pkg.tar.xz.sig
") in order to see which files it removes?
By the way running clean.sh
before build_and_install_all.sh
(to remove built packages from directories) might help. Does it solve your issue?
I'm not sure if the package in AUR is the same with the one in GitHub at all times, sometimes I saw differences and used the one in GitHub, but can't exactly recall when and how were they different.
The AUR git trees are actually git subtrees in this repository. So the content really should be the same but in two cases:
master
when testing -rc versions (like https://github.com/archlinuxhardened/selinux/commits/selinux-2.7-rc)Also, if the script fails, does that happen only for the last package, like it happened in this case, and then could continue or is this a hard fail and we can't be sure it actually builds the other packages?
When makepkg fails, the script exits immediately. This is implemented with the || exit $?
statement at the end of https://github.com/archlinuxhardened/selinux/blob/4c7b8f2824f9db6914cb5a84846274205d7630b1/build_and_install_all.sh#L39
- if we used the script and installed all packages, rebooted in selinux mode and all that, do we really need to keep using the script, or is it safe to use AUR helpers like pacaur?
It is safe to build all SELinux-related packages directly from the AUR. I actually use pacaur. There is some complexity in the dependencies between the versions of SELinux packages (for example libselinux 2.7 needs libsepol>=2.7) and I write such things in the depends
and makedepends
arrays in PKGBUILD
. This way, pacaur is unhappy when libselinux 2.7 is built when libsepol 2.6 is installed, but at least the error message it gives is very clear and the user can understand that she needs to upgrade libsepol first.
- if perhaps not safe, because of the need to build in certain order, could/should the script have a hook for pacman.conf to add the selinux related packages to IgnoreGroup and remove them from there at the moment of installation through the script, to avoid building at least 2 times in this kind of situations?
build_and_install_all.sh
is mostly intended to build packages when installing SELinux for the first time. It handles tricky situations likes replacing package sudo
with sudo-selinux
while keeping /etc/sudoers
and building systemd-selinux
and util-linux-selinux
with a circular dependency chain (this is actually not really mandatory but it seems cleaner that building util-linux-selinux
with libsystemd
and then using it with libsystemd-selinux
).
As AUR helpers can be used to install and update SELinux packages, I prefer not to edit pacman.conf
in the script.
Initially I thought that the PKGBUILD for selinux-refpolicy-git must have still mentioned the older version, but because it's a git package it pulled the changes before starting, so that's why it obviously failed, because the newer package was already built with pacaur and installed. Afterwards there is a diff in the PKGBUILD:
[git master 4c7b8f2 ] $ git pull
### run script, eventualy fail if build folder not clean ###
[git master 4c7b8f2 +] $ git diff
diff --git a/selinux-refpolicy-git/PKGBUILD b/selinux-refpolicy-git/PKGBUILD
index 6177991..3fbd831 100644
--- a/selinux-refpolicy-git/PKGBUILD
+++ b/selinux-refpolicy-git/PKGBUILD
@@ -2,7 +2,7 @@
pkgname=selinux-refpolicy-git
_policyname=refpolicy-git
-pkgver=RELEASE_2_20170805.r8.g0ba1970b7cd4
+pkgver=RELEASE_2_20170805.r13.g9f7cbe14
pkgrel=1
pkgdesc="Modular SELinux reference policy including headers and docs"
arch=('any')
Sometimes I clean the folders that are also defined in ~/.config/pacman/makepkg.conf and clone clean the git repo, then used the script and the package was built clean. Now I am sure that in such cases I never saw the error. So, indeed the failure appears when the build folder isn't clean.
Added -v and here would be the output. Since I just cleaned and built, only selinux-refpolicy-git is being rebuilt, because of the version difference, and obviously failed to package again.
removed './selinux-refpolicy-git/selinux-refpolicy-git-RELEASE_2_20170805.r13.g9f7cbe14-1-any.pkg.tar.xz'
removed './selinux-refpolicy-git/selinux-refpolicy-git-RELEASE_2_20170805.r13.g9f7cbe14-1-any.pkg.tar.xz.sig'
==> Making package: selinux-refpolicy-git RELEASE_2_20170805.r13.g9f7cbe14-1 (Tue Aug 15 14:46:44 EEST 2017)
### removed ; irrelevant ###
==> Starting pkgver()...
==> ERROR: A package has already been built. (use -f to overwrite)
Also, clean.sh does not fix the problem, even though it does remove a lot of files.
If I understand correctly, you defined PKGDEST
in your makepkg.conf
so the conflict that makepkg sees is about a package which is already built in $PKGDEST
. I see several options in order to fix this:
build_and_install_all.sh
really do nothing if the pkgver has not been bumped in the -git package.PKGDEST
to force putting packages in the current directory. I do not like this option because it breaks a feature provided by makepkg.build_and_install_all.sh
and stay with selinux-refpolicy-arch only. This might cause issues if selinux-refpolicy-git is installed and needs to be updated for whatever reason.I am thinking of implementing option 1 and of adding a command-line option to the script which would force building the git package. Would such a change fix your issue?
I too believe that the 1st option is the right way to go.
I saw this error before a few times too, but I'm not sure when it appeared. Here's some output, even though some strings are localized in Romanian. Most of the time I update AUR packages with pacaur, but although in the past I used yaourt, I can't recall if I saw this error back then. Sometimes some selinux related packages get updated too with pacaur. If after that I try to use the _build_and_installall.sh this kind of thing happens:
Adding -f to makepkg in the _build_and_installall.sh and running it again would make things work, but I'm really not sure it's the way to go. I'm not sure if the package in AUR is the same with the one in GitHub at all times, sometimes I saw differences and used the one in GitHub, but can't exactly recall when and how were they different. Also, if the script fails, does that happen only for the last package, like it happened in this case, and then could continue or is this a hard fail and we can't be sure it actually builds the other packages?
The big questions are: