Merge remote-tracking branch 'origin/pull/125'

* origin/pull/125:
  Match how github generates tarballs when signing
  Clone from gitlab instead of using asp
  Update archlinux-keyring before upgrading
  Update gpg trusted key
  Create `$BUILDDIRECTORY/_gnupg` with mode 700
  Rename binary name from repro to archlinux-repro
  Stop early on first archive extension that exists

Author: Foxboron

Makefile

@@ -22,7 +22,8 @@ repro: repro.in
 
 .PHONY: install
 install: repro man
-	install -Dm755 repro -t $(DESTDIR)$(BINDIR)
+	install -Dm755 repro $(DESTDIR)$(BINDIR)/$(PROGNM)
+	ln -s $(PROGNM) $(DESTDIR)$(BINDIR)/repro
 	install -Dm755 buildinfo -t $(DESTDIR)$(BINDIR)
 	install -Dm644 examples/*   -t $(DESTDIR)$(DOCDIR)/$(PROGNM)
 	for manfile in $(MANS); do \
@@ -52,6 +53,6 @@ tag:
 .PHONY: release
 release:
 	mkdir -p releases
-	git archive --prefix=${PROGNM}-${TAG}/ -o releases/${PROGNM}-${TAG}.tar.gz ${TAG};
+	git -c tar.tar.gz.command='gzip -cn' archive --prefix=${PROGNM}-${TAG}/ -o releases/${PROGNM}-${TAG}.tar.gz ${TAG}
 	gpg --detach-sign -o releases/${PROGNM}-${TAG}.tar.gz.sig releases/${PROGNM}-${TAG}.tar.gz
 	hub release create -m "Release: ${TAG}" -a releases/${PROGNM}-${TAG}.tar.gz.sig -a releases/${PROGNM}-${TAG}.tar.gz ${TAG}

buildinfo

@@ -118,6 +118,7 @@ function download_archive_package () {
 					echo "check ${workdir}" >&2
 					exit 1
 				fi
+				break
 			fi
 		done
 		cd "${pwd}" || exit 1

repro.in

@@ -71,12 +71,13 @@ function gpg() {
 }
 
 function init_gnupg() {
-    mkdir -p "$BUILDDIRECTORY/_gnupg"
+    mkdir -p "$BUILDDIRECTORY/"
+    mkdir -p --mode 700 "$BUILDDIRECTORY/_gnupg"
 
     # ensure signing key is available
     # We try WKD first, then fallback to keyservers.
     # This works on debian./
-    gpg --keyserver=p80.pool.sks-keyservers.net --auto-key-locate wkd,keyserver --locate-keys pierre@archlinux.de
+    gpg --keyserver=p80.pool.sks-keyservers.net --auto-key-locate wkd,keyserver --locate-keys pierre@archlinux.org
 }
 
 # Desc: Sets the appropriate colors for output
@@ -312,7 +313,8 @@ function init_chroot(){
     if nlock 9 "$BUILDDIRECTORY"/root.lock; then
       msg "Updating container"
       printf 'Server = %s\n' "$HOSTMIRROR" > "$BUILDDIRECTORY"/root/etc/pacman.d/mirrorlist
-      exec_nspawn root pacman -Syu --noconfirm
+      exec_nspawn root pacman -Sy --noconfirm archlinux-keyring
+      exec_nspawn root pacman -Su --noconfirm
       lock_close 9
     else
       msg "Couldn't acquire container lock, didn't update."
@@ -332,9 +334,7 @@ function cmd_check(){
     done <<< "$(buildinfo -ff "${pkg}")"
     packager="${buildinfo[packager]}"
     builddir="${buildinfo[builddir]}"
-    _pkgver="${buildinfo[pkgver]}"
-    pkgrel=${_pkgver##*-}
-    pkgver=${_pkgver%-*}
+    pkgver="${buildinfo[pkgver]}"
     pkgbase=${buildinfo[pkgbase]}
     options=${buildinfo[options]}
     buildenv=${buildinfo[buildenv]}
@@ -375,31 +375,28 @@ function cmd_check(){
 
     # Father I have sinned
     if ((!pkgbuild_file)); then
-    msg2 "Fetching PKGBUILD from ASP..."
+    msg2 "Fetching PKGBUILD from git..."
 
     # Lock the cachedir as we might have a race condition with pacman -S and the cachedir
     lock 9 "${cachedir}.lock"
 
     EPHEMERAL=1 exec_nspawn root --bind="${build_root_dir}/startdir:/startdir" --bind="$(readlink -e ${cachedir}):/var/cache/pacman/pkg" \
     bash <<-__END__
 shopt -s globstar
-pacman -S asp --noconfirm --needed
-if ! asp checkout $pkgbase; then
+
+pacman -S devtools --noconfirm --needed
+
+if ! pkgctl repo clone --protocol https --switch "$pkgver" "$pkgbase"; then
     echo "ERROR: Failed checkout $pkgbase" >&2
     exit 1
 fi
-pushd $pkgbase
-for rev in \$(git rev-list --all -- repos/); do
-    pkgbuild_checksum=\$(git show \$rev:trunk/PKGBUILD | sha256sum -b)
-    pkgbuild_checksum=\${pkgbuild_checksum%% *}
-    if [ \$pkgbuild_checksum = $pkgbuild_sha256sum ]; then
-        git checkout \$rev
-        mv ./trunk/* /startdir
-        exit 0
-    fi
-done
-echo "ERROR: Failed to find commit this was built with (PKGBUILD checksum didn't match any commit)" >&2
-exit 1
+
+if ! echo "$pkgbuild_sha256sum  $pkgbase/PKGBUILD" | sha256sum -c; then
+    echo "ERROR: Failed to find commit this was built with (PKGBUILD checksum didn't match)" >&2
+    exit 1
+fi
+
+mv ./$pkgbase/* /startdir
 __END__
     lock_close 9 "${cachedir}.lock"
   elif [[ -r "PKGBUILD" ]]; then
@@ -488,6 +485,7 @@ rm --recursive /etc/pacman.d/gnupg/
 cp --target-directory=/etc/pacman.d/ --recursive /gnupg
 echo "faked-system-time ${SOURCE_DATE_EPOCH}" >> /etc/pacman.d/gnupg/gpg.conf
 pacstrap -G -U /mnt --needed "\$@"
+
 echo "Installing devtools from $DEVTOOLS_PKG"
 # Ignore all dependencies since we only want the file
 # Saves us a few seconds and doesn't download a bunch of things
@@ -497,7 +495,12 @@ if [[ "$DEVTOOLS_PKG" == https* ]]; then
 else
   pacman --noconfirm --needed -Sddu "$DEVTOOLS_PKG"
 fi
-cp -v /usr/share/devtools/makepkg-x86_64.conf /mnt/etc/makepkg.conf
+
+for makepkg_path in /usr/share/devtools/{makepkg-x86_64.conf,makepkg.d/x86_64.conf}; do
+  if [ -f "\$makepkg_path" ]; then
+    cp -v "\$makepkg_path" /mnt/etc/makepkg.conf
+  fi
+done
 __END__
     lock_close 9 "$KEYRINGCACHE/$keyring_package.lock"