Files
Arch-R/scripts/repo
Douglas Teles 41d376a029 gen-pacman-repo: fix package layout for pacman 7 repo-add
Three bugs caught while smoke-testing against an existing
build.ArchR-RK3326.aarch64/install_pkg tree:

1. BUILD_DIR auto-detection glob did not include the trailing arch
   suffix, so build.ArchR-RK3326.aarch64 never matched. Now matches
   build.*-RK3326*aarch64*.

2. Version sanitization used `echo | tr -c '[charset]' '.'` which
   turns the trailing newline into a stray '.', producing versions
   like "1.0.8." that pacman refuses. Swapped to printf.

3. Package layout was wrong for pacman 7 repo-add:
   - .PKGINFO must be the FIRST entry in the tar (pacman streams it).
   - No "./" prefix on file names (matches makepkg output).
   - .PKGINFO needs `pkgbase` and `xdata = pkgtype=pkg` lines, not
     just `pkgname`.
   Rewrote the packing block to assemble an explicit file list with
   .PKGINFO first, then tar -T.

Also: install_pkg name extraction is more robust now — sed strips
both 40-char git hashes and semver suffixes to recover the real
package name, and the package.mk lookup uses find rather than
literal globbing so packages nested at any depth are found.

Smoke test confirms repo-add accepts the resulting archive, signs
archr.db with the configured signer, and emits the expected
symlinks archr.db -> archr.db.tar.gz.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-23 17:43:08 -03:00
..

scripts/repo

Tooling for the GitHub-Releases-as-pacman-mirror workflow described in docs/release-policy.md. The end result is a tag like repo-stable on archr-linux/archr-repo with the assembled .pkg.tar.zst files and signed metadata.

gen-pacman-repo

Reads the finished build tree (build.*-RK3326/install_pkg/<pkg>/) that make docker-RK3326 leaves behind, packs each <pkg> directory into a <pkg>-<version>-1-aarch64.pkg.tar.zst, generates the .PKGINFO sidecar that pacman needs, and runs repo-add to build archr.db and archr.files.

Run after a successful build:

BUILD_DIR=build.ArchR-RK3326.aarch64-2026.06-devel \
OUT_DIR=/tmp/repo-out \
CHANNEL=dev \
SIGNER=                                          \
    scripts/repo/gen-pacman-repo

Then upload:

gh release create repo-dev                                \
    --repo archr-linux/archr-repo                         \
    --title "ArchR repo dev $(date +%Y%m%d)"              \
    /tmp/repo-out/*

GPG signing

For production releases, set SIGNER=<fingerprint> and have the agent (or a YubiKey-backed agent) ready. repo-add --sign will sign the .db as it walks the package list, and each .pkg.tar.zst gets a .sig as well.

The master key whose public half is bundled into the archr-keyring package must include <fingerprint> either directly or as a signed subkey, otherwise pacman-key --populate archr on the client will not extend trust to packages signed by it.

Channels and tag mapping

archr-update rewrites /etc/pacman.d/mirrorlist based on system.cfg "updates.branch":

Channel value Mirror tag on archr-linux/archr-repo
stable (default) repo-stable
next repo-next
dev repo-dev

The promotion workflow (dev -> next -> stable) is documented in docs/release-policy.md.