Changes: https://github.com/freebsd/poudriere/wiki/release_notes_323
- bulk: Fix MOVED origin not causing a package rebuild. This
could result in a reverse dependency continuing to rebuild
due to a "new dependency" now with FLAVORS support.
- jail -c -m null: Fix this to work rather than error about
having an existing directory already.
- jail -c -m src: Respect existing _/usr/src/.cpignore_
- jail -c -m null -S: Respect the `-S path` rather than assume the jail has
a _/usr/src_.
- jail -c -m null: Assert that the jail is populated already.
- HTML: Throw explicit error if unknown ports type is encountered. [1]
PR: 224065 [1]
The MANIFEST files were obtained by
(a) verifying the signature on the 10.3-RELEASE announcement against
the GPG key in the FreeBSD documentation repository;
(b) downloading all of the bootonly.iso.xz ISOs;
(c) verifying those files against the hashes listed in the signed release
announcement; and
(d) extracting the MANIFEST files.
/usr/local/share/poudriere/MANIFESTS, where poudriere (as of version
3.1.11) checks for pre-distributed MANIFEST files before fetching them
from the ftp/http/https server.
This allows poudriere to ensure that the bits it is downloading and
installing really match the bits provided by the release engineering
team, and have not been subtly trojanned in transit. (Note that this
does not apply if poudriere is creating a jail from -STABLE or -CURRENT
since we cannot pre-distribute those MANIFESTs.)
The MANIFEST files were obtained by
(a) finding the GPG-signed announcements for 9.0 and later releases;
(b) verifying those signatures against the GPG keys in the FreeBSD
documentation repository;
(c) downloading all of the relevant bootonly ISOs;
(d) verifying the ISOs against the hashes listed in the signed release
announcements; and
(e) extracting the MANIFEST files from those ISOs.
Reviewed by: bdrewery
Security: If someone could trick you into building packages in a
world which they tampered with, they could do all sorts
of nasty things to those packages...
Changes: https://github.com/freebsd/poudriere/wiki/release_notes_317
- Restore /usr/sbin and /sbin to PATH lost in 3.1.5
- HTML: Fix broken log link from 3.1.5
- Avoid copying /var/db/freebsd-update into build jails
- QEMU: Fix handling of elftoolchain install for older src checkouts.
When using GH_TAGNAME the DISTNAME would have GH_PROJECT and GH_ACCOUNT in
it. When not using GH_TAGNAME it would not have this. Now both cases
will add in the GH_PROJECT and GH_ACCOUNT.
Add special care to ensure that the DISTVERSION is not added in twice. If
a port does GH_TAGNAME=v${PORTVERSION} it will be added in twice though. For
that case DISTVERSIONPREFIX=v should be set and no GH_TAGNAME should be used.
empty() is used rather than (!defined || !${}) to support fmake.
The purpose of setting DISTNAME at all in these cases is to make it more clear
that the distfile is from *GITHUB* and to avoid collisions if a project were
to be renamed or moved. Without adding in GH_PROJECT and GH_ACCOUNT then there
are real risks that collisions on filenames would happen on renamed or moved
projects, which is fairly common. A GITHUB-generated file may not match
a custom-rolled or git-archive-rolled distfile.
PR: 199069
With hat: portmgr
Testing done: All USE_GITHUB ports without GH_COMMIT were checksum/fetch/extract/WRKSRC tested.
conflict with the old scheme and cause a "reroll" or "invalid checksums". This
also avoids clobbering the FreeBSD distcache.
Use a revision in the DISTNAME for USE_GITHUB in case we need to bump this
again for anything. It's more a hint of how to handle it in the future.
Reported by: mat
Discused with: mat, antoine, swills
With hat: portmgr
