Merge pull request #1146 from aurutils/repo-ignore

[aurutils.git] / man1 / aur-build.1

.TH AUR\-BUILD 1 2022-07-12 AURUTILS
.SH NAME
aur\-build \- build packages to a local repository
.
.SH SYNOPSIS
.SY "aur build"
.OP \-d database
.OP \-cfSU
.OP \-a queue
.OP \-\-no\-sync
.OP \-\-pkgver
.OP \-\-root DIRECTORY
.OP \-\-margs
.RI [ makepkg_args... ]
.YS
.
.SH DESCRIPTION
Build packages adding the results to a local repository.
.
A local repository is a
.BR pacman (8)
repository configured with a
.I file://
prefix in
.BR pacman.conf (5).
.
.SH OPTIONS
.TP
.BI \-a " FILE" "\fR,\fP \-\-arg\-file=" FILE
A text file describing directories containing a PKGBUILD relative to
the current directory. If unspecified, the current directory is
assumed.
.
.TP
.BR \-c ", " \-\-chroot
Build packages inside a
.BR systemd\-nspawn (1)
container with
.BR aur\-chroot .
Specifying
.BR aur\-chroot (1)
options such as
.B \-\-bind
or
\-\-temp
will append these options to
.BR aur\-chroot .
.
.TP
.BI \-d " NAME" "\fR,\fP \-\-database=" NAME
The name of the
.BR pacman (8)
database.
.
.TP
.BI \-\-root= DIR
The root directory for the repository. The
.I root
is the location for the pacman database
.RI ( foo.db ),
built packages, and secondary files such as the files database
.RI ( foo.files ).
This defaults to the value of the
.B Server
directive for the configured repository.
.IP
.B Note:
The
.I Server
directive configured in
.BR pacman.conf (5)
is used for
.BR pacman (8)
sync operations regardless of this setting. See also
.BR \-\-no\-sync .
.
.TP
.BR \-f ", " \-\-force
Continue the build process if a package with the same name is
found. Without this option,
.B aur\-build
will add existing packages to the local repository and (if
.B \-\-sign
is specified)
.BR gpg (1)
sign them.
.IP
.B Note:
Packages are checked for existence
.I prior
to calling
.B makepkg
or
.B aur\-chroot
with
.BR "makepkg \-\-packagelist" .
If a package script has a
.B pkgver()
function, package names may be outdated.  The check can then be bypassed
with
.BR \-\-force ,
or the
.B pkgver()
function run priorly with
.BR \-\-pkgver .
.
.TP
.BR \-S ", " \-\-sign ", " \-\-gpg\-sign
Sign built packages and the database
.RB ( "repo\-add \-s" )
with
.BR gpg (1).
To use another key than the default, the
.B GPGKEY
environment variable can be set to the appropriate key identifier.
.IP
Should the signing process fail for any reason, corresponding packages are
.I not
moved to the local repository.
.B aur\-build
will instead exit with a diagnostic containing the package paths.
.
.TP
.BR \-\-pkgver
Run
.B "makepkg \-od"
before checking existing packages, effectively running the
.B pkgver()
function if present. The
.BR \-\-noextract
option is added to the default
.BR makepkg (8)
options.
.IP
The
.BR \-\-rmdeps ,
.BR \-\-syncdeps ,
and
.BR \-\-noconfirm
options are forwarded to the above command. Other
.BR makepkg (8)
options are ignored.
.
.TP
.BI \-\-makepkg\-conf= FILE
The
.BR makepkg.conf (5)
file used for
.BR makepkg (8)
operations. For chroot builds, the file is also used inside the container.
.RB ( makepkg " " \-\-config ", " aur\-chroot " " \-\-makepkg\-conf ).
.
.TP
.BI \-\-pacman\-conf= FILE
The file used for retrieving local repositories
.RB ( aur\-repo " " \-\-config ).
For chroot builds, the file is also used for
.BR pacman (8)
operations inside the container
.RB ( aur\-chroot " " \-\-pacman\-conf ).
.IP
.BR pacman (5)
calls made by
.BR makepkg (8)
and local repository upgrades (see the
.B Repository updates
section)
are unaffected by this option.
.
.TP
.BR \-\-no\-sync
Do not sync the local repository after building.
.
.TP
.BI \-\-results= FILE
Write colon-delimited output in the following form to
.IR FILE :
.IP
.I <action>:file://<path>
.IP
where
.I <action>
is either
.BR build
or
.BR exist ,
for built packages and packages already available in the local
repository, respectively.
.
.SS makepkg options
Additional options may be passed to
.B makepkg
by placing them after
.B \-\-margs
(comma-separated).
.BR \-\-margs ,
.BR \-\-ignorearch ,
and
.B \-\-nocheck
are forwarded to
.BR aur\-chroot
when the
.B \-\-chroot
option is specified.
.
.TP
.BR \-\-nocheck
Do not run the check() function in the PKGBUILD.
.RB ( makepkg " " \-\-nocheck )
.
.TP
.BR \-n ", " \-\-noconfirm ", " \-\-no\-confirm
Do not wait for user input.
.RB ( makepkg " " \-\-noconfirm )
.
.TP
.BR \-r ", " \-\-rmdeps
Remove dependencies installed by makepkg.
.RB ( makepkg " " \-\-rmdeps )
.
.TP
.BR \-s ", " \-\-syncdeps
Install missing dependencies using
.BR pacman .
.RB ( makepkg " " \-\-syncdeps )
.
.TP
.BR \-A ", " \-\-ignorearch
Ignore a missing or incomplete
.I arch
field in the build script.
.RB ( makepkg " " \-\-ignorearch )
.
.TP
.BR \-L ", " \-\-log
Enable logging to a text file in the build directory.
.RB ( makepkg " " \-\-log )
.
.TP
.BR -C ", " \-\-clean
Clean up leftover work files and directories after a successful build.
.RB ( makepkg " " \-\-clean )
.
.TP
.BR \-\-cleanbuild
Remove the source directory before building the package.
.RB ( "makepkg \-\-cleanbuild" )
.
.TP
.BI \-\-buildscript= NAME
Read the package script
.I NAME
instead of the
.I PKGBUILD
default.
.RB ( makepkg " " \-p )
.
.SS repo\-add options
.TP
.BR \-v ", " \-\-verify
Verify the PGP signature of the database before
updating.
.RB ( repo\-add " " \-v )
.
.TP
.BR \-R ", " \-\-remove
Remove old package files from disk when updating their entry in the
database.
.RB ( repo\-add " " \-R )
.
.TP
.BR \-\-new
Only add packages that are not already in the database.
.RB ( repo\-add " " \-n )
.
.TP
.BR \-\-prevent\-downgrade
Do not add packages to the database if a newer version is already
present.
.RB ( repo\-add " " \-p )
.
.SH ENVIRONMENT
.TP
.B AUR_REPO
The repository used for building packages. If unspecified, the name is
selected with
.BR aur\-repo (1).
.
.TP
.B AUR_DBROOT
The root directory of the repository. If unspecified, the path is
retrieved with
.BR aur\-repo (1).
.
.TP
.B AUR_DBEXT
The extension name of the repository. Defaults to
.IR .db .
.
.TP
.B AUR_MAKEPKG
The command used to build packages. Any
.BR makepkg (8)
options (see the
.B makepkg options
section) forwarded must be supported by this command, as well as the
.IR \-o ,
.IR \-d ,
and
.I \-\-noextract
options if
.B aur\-build \-\-pkgver
is used.
.
.B AUR_BUILD_PKGLIST
The command used to check for built packages in the local
repository. Defaults to
.BR "aur build\-\-pkglist" .
Compared to
.BR "makepkg \-\-packagelist" ,
the default command runs faster by not linting the
.IR PKGBUILD .
.
.TP
.B AUR_GPG
The command used to sign packages. The arguments
.BR \-\-batch ,
.BR \-\-detach\-sign ,
and
.BR \-\-no\-armor
must be supported by this command.

.TP
.B AUR_REPO_ADD
The command used to update the local repository. Any
.BR repo\-add (8)
options (see the
.B repo\-add options
section) forwarded must be supported by this command.
.
.B AUR_PACMAN_AUTH
A command prefix for running
.BR pacman (8)
as root. If unset,
.BR sudo (8)
is used. See also
.B PACMAN_AUTH
in
.BR makepkg.conf (5).
.
.TP
.B GNUPGHOME
Directory where the gpg keyring for signing built packages and the
database file is stored.
.
.TP
.B GPGKEY
The GPG key used for signing packages. This environment variable is
respected by
.B aur\-build
and
.BR repo\-add .
When the variable is set in
.BR makepkg.conf (5),
is it only respected by
.BR makepkg .
.
.TP
.B TMPDIR
The directory for temporary files. (This includes intermediary storage
of built packages, defaulting to
.IR /var/tmp .)
.
.SH NOTES
.SS Repository updates
When building on the host (outside of a container), installed packages in the
local repository are upgraded to the latest available version by running
.BI "pacsync " <repository>
followed by
.BI "pacman \-S \-\-noconfirm " <repository>/<upgrades...> \fR.
This is comparable to
.BR "makepkg \-i" ,
except that only priorly installed packages are upgraded to a new version.
.
.SS Using a dedicated build user
While using a dedicated user for the build process does not increase
security (beyond protecting against packaging errors that write to
.IR $HOME ),
it may be useful when the local repository will be accessible to
multiple users, or as a way to avoid password prompts. Note that such
a user must be unprivileged; as of pacman 4.2,
.BR makepkg (8)
may not run directly as root.
.PP
New users may be created with
.BR useradd (8)
as follows:
.PP
.EX
    # useradd build \-\-system \-\-home\-dir /var/cache/aurbuild \-\-create\-home
.EE
.PP
Because dependency resolution is not replicated and left to
.BR makepkg (8)
(see
.B handle_deps()
in
.BR /usr/bin/makepkg )
the
.I aurbuild
user should be allowed to run
.BR pacman (8)
with elevated privileges.
.PP
For example, create the
.I /etc/sudoers.d/10_build
file with the following contents:
.PP
.EX
    aurbuild ALL = (root) NOPASSWD: /usr/bin/pacman, /usr/bin/pacsync
.EE
.PP
.BR aur\-build (1)
and related programs such as
.BR aur\-sync (1)
can now run as the new
.I aurbuild
user.
For example:
.PP
.EX
    # cd /var/cache/aurbuild
    # sudo \-u aurbuild git clone https://aur.archlinux.org/mypackage.git
    # cd mypackage
    # sudo \-u aurbuild aur build \-d custom
.EE
.PP
Any created files in the local repository (such as packages,
signatures and database files) will be owned by the
.I aurbuild
user and group.
.PP
See also
.B Avoiding password prompts
in
.BR aur\-chroot (1).
.TP
.B Note:
The following
.B aur\-build
options require root access:
.BR \-\-syncdeps ,
.BR \-\-rmdeps ,
.BR \-\-chroot .
Root access are also required for
.BR pacsync (1)
and
.BR "pacman \-S" ,
unless the
.B \-\-nosync
or
.B \-\-chroot
options are specified.
.
.SS PKGBUILD signatures
GPG signatures defined in the
.B validpgpkeys
array may be automatically retrieved by setting the
.I auto\-key\-retrieve
option in
.BR gpg.conf .
Note that this option only works with signatures that include an
issuer fingerprint. See
.B \-\-auto\-key\-retrieve
in
.BR gpg (1)
for details.
.
.SS Signing packages unattended
By default,
.BR gpg (1)
will cache passphrases for a duration set by the
.B default-cache-ttl
option. If extending this duration is not desired, the passphrase can be
cached manually with
.B gpg\-preset\-passphrase
before running
.BR aur\-build (1).
.PP
The duration of the cached passphrase is set by the
.B max\-cache\-ttl
option, which defaults to 2 hours. See
.BR gpg\-preset\-passphrase (1)
for details.

.SS Rebuilding packages against updated dependencies
It is sometimes required to rebuild packages when their dependencies
are updated, for example in the case of dynamic library linking.  To
detect which packages require a rebuild, the
.UR https://\:github.com/\:maximbaz/\:rebuild-detector
rebuild-detector
.UE
package can be used.
.PP
To propagate rebuilt packages to clients,
.B pkgver
should be increased beforehand, e.g. with
.BR setconf (1).
.
.SS Installing dependencies with makepkg
If
.B \-\-syncdeps
is specified, package dependencies are installed with
.BR "makepkg \-s" .
.B makepkg
uses the
.B pacman \-S \-\-asdeps
command for this purpose.  Other pacman options can be specified with a
wrapper script and the
.B PACMAN
environment variable. See
.B ENVIRONMENT VARIABLES
in
.BR makepkg (8)
for details.
.
.SS Thread safety
.B aur\-build
builds and signs packages inside a private directory located in
.IR /var/tmp .
On success, packages and their signatures are moved with
.BR mv (1),
which is atomic if the local repository is on the same file system as
.BR /var/tmp .
.BR makepkg (8)
may still write to the
.B PKGBUILD
in a shared directory, for example when a
.I pkgver()
function is available. Because of this, it is advised to split the
argument file
.RB ( "\-a FILE" )
into independent arguments, or increase the number of jobs with
.B MAKEFLAGS
per
.BR makepkg.conf (5).
.
.SH BUGS
Databases are built with
.B LANG=C
to avoid libalpm from skipping entries if the locale is not set
(FS#49342).
.PP
Packages are signed manually with
.B "gpg \-\-batch \-\-detach\-sign \-\-no\-armor"
since chroot builds have no access to
.I pinenentry
variables, and to allow signing existing packages without signature.
.PP
.BR pacman (8)
has a size-limit of 25\~MiB for databases. The use of larger databases
may result in an
.B expected download size exceeded
error. To avoid this issue, compress the database with
.BR gzip (1).
See
.UR https://\:git.archlinux.org/\:pacman.git/\:commit/\:?id=\:6dc71926f9b16ebcf11b924941092d6eab204224
.UE
for details.
.PP
While
.BR pacman (8)
options can be passed to
.B makepkg \-s
.RB ( "aur\-build \-\-syncdeps" )
by setting the
.B PACMAN
environment variable, the value of
.B pacman \-\-dbpath
is fixed.
.
.SH SEE ALSO
.ad l
.nh
.BR aur (1),
.BR aur\-chroot (1),
.BR aur\-repo (1),
.BR makepkg.conf (5),
.BR pacman.conf (5),
.BR sudoers (5),
.BR makepkg (8),
.BR pacman (8),
.BR repo\-add (8),
.BR sudo (8)
.
.SH AUTHORS
.MT https://github.com/AladW
Alad Wenter
.ME
.
.\" vim: set textwidth=72: