Three bugs caught while smoke-testing against an existing
build.ArchR-RK3326.aarch64/install_pkg tree:
1. BUILD_DIR auto-detection glob did not include the trailing arch
suffix, so build.ArchR-RK3326.aarch64 never matched. Now matches
build.*-RK3326*aarch64*.
2. Version sanitization used `echo | tr -c '[charset]' '.'` which
turns the trailing newline into a stray '.', producing versions
like "1.0.8." that pacman refuses. Swapped to printf.
3. Package layout was wrong for pacman 7 repo-add:
- .PKGINFO must be the FIRST entry in the tar (pacman streams it).
- No "./" prefix on file names (matches makepkg output).
- .PKGINFO needs `pkgbase` and `xdata = pkgtype=pkg` lines, not
just `pkgname`.
Rewrote the packing block to assemble an explicit file list with
.PKGINFO first, then tar -T.
Also: install_pkg name extraction is more robust now — sed strips
both 40-char git hashes and semver suffixes to recover the real
package name, and the package.mk lookup uses find rather than
literal globbing so packages nested at any depth are found.
Smoke test confirms repo-add accepts the resulting archive, signs
archr.db with the configured signer, and emits the expected
symlinks archr.db -> archr.db.tar.gz.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
scripts/repo
Tooling for the GitHub-Releases-as-pacman-mirror workflow described in
docs/release-policy.md. The end result is a tag like repo-stable
on archr-linux/archr-repo with the assembled .pkg.tar.zst files
and signed metadata.
gen-pacman-repo
Reads the finished build tree (build.*-RK3326/install_pkg/<pkg>/)
that make docker-RK3326 leaves behind, packs each <pkg> directory
into a <pkg>-<version>-1-aarch64.pkg.tar.zst, generates the
.PKGINFO sidecar that pacman needs, and runs repo-add to build
archr.db and archr.files.
Run after a successful build:
BUILD_DIR=build.ArchR-RK3326.aarch64-2026.06-devel \
OUT_DIR=/tmp/repo-out \
CHANNEL=dev \
SIGNER= \
scripts/repo/gen-pacman-repo
Then upload:
gh release create repo-dev \
--repo archr-linux/archr-repo \
--title "ArchR repo dev $(date +%Y%m%d)" \
/tmp/repo-out/*
GPG signing
For production releases, set SIGNER=<fingerprint> and have the
agent (or a YubiKey-backed agent) ready. repo-add --sign will sign
the .db as it walks the package list, and each .pkg.tar.zst gets a
.sig as well.
The master key whose public half is bundled into the archr-keyring
package must include <fingerprint> either directly or as a signed
subkey, otherwise pacman-key --populate archr on the client will
not extend trust to packages signed by it.
Channels and tag mapping
archr-update rewrites /etc/pacman.d/mirrorlist based on
system.cfg "updates.branch":
| Channel value | Mirror tag on archr-linux/archr-repo |
|---|---|
stable (default) |
repo-stable |
next |
repo-next |
dev |
repo-dev |
The promotion workflow (dev -> next -> stable) is documented in
docs/release-policy.md.