# Maintainer: Eli Schwartz # All my PKGBUILDs are managed at https://github.com/eli-schwartz/pkgbuilds pkgname=pacman-static pkgver=6.1.0 _cares_ver=1.27.0 _nghttp2_ver=1.60.0 _curlver=8.6.0 _sslver=3.2.1 _zlibver=1.3.1 _xzver=5.6.1 _bzipver=1.0.8 _zstdver=1.5.5 _libarchive_ver=3.7.2 _gpgerrorver=1.48 _libassuanver=2.5.6 _gpgmever=1.23.2 pkgrel=6 pkgdesc="Statically-compiled pacman (to fix or install systems without libc)" arch=('i486' 'i686' 'pentium4' 'x86_64' 'arm' 'armv6h' 'armv7h' 'aarch64') url="https://www.archlinux.org/pacman/" license=('GPL') depends=('pacman') makedepends=('meson' 'musl' 'kernel-headers-musl' 'git' 'po4a' 'doxygen') options=('!emptydirs') # pacman source=("https://gitlab.archlinux.org/pacman/pacman/-/releases/v$pkgver/downloads/pacman-$pkgver.tar.xz"{,.sig} revertme-makepkg-remove-libdepends-and-libprovides.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/354a300cd26bb1c7e6551473596be5ecced921de.patch "$pkgname-fix-msg-unknown-key.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/6bb95c8856437513ee0ab19226bc090d6fd0fb06.patch" "$pkgname-man-gitlab.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/95f148c2222db608a0d72d5c5577d0c71e7fa199.patch" "$pkgname-make-aligned-titles.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/5e0496260b7d3f9c9fcf2b1c4899e4dbcc20ff03.patch" "$pkgname-repo-add-parseopts.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/0571ee82bff0edbd5ffac2228d4e6ac510b9008e.patch" "$pkgname-drop-result-warn.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/111eed0251238a9d3f90e76d62f2ac01aeccce48.patch" "$pkgname-fix-debugedit.patch::https://gitlab.archlinux.org/pacman/pacman/-/commit/bae9594ac1806ce30f2af1de27c49bb101a00d44.patch") validpgpkeys=('6645B0A8C7005E78DB1D7864F99FFE0FEAE999BD' # Allan McRae 'B8151B117037781095514CA7BBDFFC92306B1121') # Andrew Gregory (pacman) # nghttp2 source+=("https://github.com/nghttp2/nghttp2/releases/download/v$_nghttp2_ver/nghttp2-$_nghttp2_ver.tar.xz") # c-ares source+=("https://c-ares.haxx.se/download/c-ares-${_cares_ver}.tar.gz"{,.asc}) validpgpkeys+=('27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2') # Daniel Stenberg # curl source+=("https://curl.haxx.se/download/curl-${_curlver}.tar.gz"{,.asc}) validpgpkeys+=('27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2') # Daniel Stenberg # openssl source+=("https://www.openssl.org/source/openssl-${_sslver}.tar.gz"{,.asc} "ca-dir.patch" "openssl-3.0.7-no-atomic.patch") validpgpkeys+=('8657ABB260F056B1E5190839D9C4D26D0E604491' '7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C' 'A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C' 'EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5') validpgpkeys+=('8657ABB260F056B1E5190839D9C4D26D0E604491' # Matt Caswell '7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C' # Matt Caswell 'A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C' # Tomá? Mráz 'EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5') # OpenSSL security team key # zlib source+=("https://zlib.net/zlib-${_zlibver}.tar.gz"{,.asc}) validpgpkeys+=('5ED46A6721D365587791E2AA783FCD8E58BCAFBA') # Mark Adler # xz source+=("git+https://git.tukaani.org/xz.git#tag=v${_xzver}") validpgpkeys+=('3690C240CE51B4670D30AD1C38EE757D69184620') # Lasse Collin # bzip2 source+=("https://sourceware.org/pub/bzip2/bzip2-${_bzipver}.tar.gz"{,.sig}) validpgpkeys+=('EC3CFE88F6CA0788774F5C1D1AA44BE649DE760A') # Mark Wielaard # zstd source+=("https://github.com/facebook/zstd/releases/download/v${_zstdver}/zstd-${_zstdver}.tar.zst"{,.sig}) validpgpkeys+=('4EF4AC63455FC9F4545D9B7DEF8FE99528B52FFD') # Zstandard Release Signing Key # libgpg-error source+=("https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-${_gpgerrorver}.tar.bz2"{,.sig}) validpgpkeys+=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' # Werner Koch '031EC2536E580D8EA286A9F22071B08A33BD3F06' # NIIBE Yutaka (GnuPG Release Key) '6DAA6E64A76D2840571B4902528897B826403ADA') # "Werner Koch (dist signing 2020)" # libassuan source+=("https://gnupg.org/ftp/gcrypt/libassuan/libassuan-${_libassuanver}.tar.bz2"{,.sig}) # gpgme source+=("https://www.gnupg.org/ftp/gcrypt/gpgme/gpgme-${_gpgmever}.tar.bz2"{,.sig}) validpgpkeys+=('AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD') # Niibe Yutaka (GnuPG Release Key) # libarchive source+=("https://github.com/libarchive/libarchive/releases/download/v${_libarchive_ver}/libarchive-${_libarchive_ver}.tar.xz"{,.asc}) validpgpkeys+=('A5A45B12AD92D964B89EEE2DEC560C81CEC2276E' # Martin Matuska 'DB2C7CF1B4C265FAEF56E3FC5848A18B8F14184B') # Martin Matuska sha512sums=('da5e78506e0505aac47def4b658a8cd6012be90c7ad7f7343da2edca2df5bd019091eec0a297f79c6f2fc264c139f139175778015d928cace26cb81c87d0477b' 'SKIP' '1a108c4384b6104e627652488659de0b1ac3330640fc3250f0a283af7c5884daab187c1efc024b2545262da1911d2b0b7b0d5e4e5b68bb98db25a760c9f1fb1a' 'b50a8c7734c884f2a645eba18a42081d8d6becf77cef04467ac1b755dcf58f8e79fc9a65cb9b2fda11ca87f1150a685adcf2d11b4a20441472b2f68e830c9394' 'fb79497bd2ea6d12a2234aa6b0acae0341cbdf1bd6358c4eb5e20548f4edf6b7159abcae0635574b1b0e1e05e34e73f11afa463f32f43bcb156bef3d5e2a3663' '22ee8654ee131292eb124170544bf15aeb70922049c5447f33c5e211a6b489bde9feb6fc1ef3022ad09b7b5d781edad1c233110cea1b6638e4f7a3bf9b716d09' '35e1b7f37dc440317c2f1530f0d8ce2c8cd1ef4ddc0d68a22e89f792e53ce9f48719abd9661378b31496b780ad493dbc13a73770385a7af35595941007971aa5' '8adb3696579e3b771a7a61dd6ff013afb1444bbb087a0a71f3971da4d51e6b304ad631cbafe8187c837bd763b1a3298e2bd19605438d515743a73ff24192e33f' '2ff45ed5e27b1d90524ec0de45acf55891b6f5bf7242dbfeec5c370b7c5d6e35eb49254b19f2a2d194dbab38fa27bca34afaf6175888a911a105237f2bab8d19' '5e6365d9118596d41848930de70f4a918d72463920184df60a7e1678c3a6c9cf1416236888e7e34395c87f41bba00a114994ba5a6e73f6a389769abf1b5cc842' 'd0bffeeabdc5f1d4cececd46bd495b8224a64eaaf6d2a91c5475517440effe0e096146a1ebf19ece07367198be576c61b11961d5e4c3f601c5c5529ce4fcb46a' 'SKIP' '43fdb6b81b394f3382d353d5f57673b2b3d26cfe34b25d08a526bc0597f508d5298e5a7088d0736d1f139cad19cd922affa51533c3a5a4bb5f2de68891c2958d' 'SKIP' 'bab2b2419319f1feffaba4692f03edbf13b44d1090c6e075a2d69dad67a2d51e64e6edbf83456a26c83900a726d20d2c4ee4ead9c94b322fd0b536f3b5a863c4' 'SKIP' 'b1873dbb7a49460b007255689102062756972de5cc2d38b12cc9f389b6be412da6797579b1acd3717a8cd2ee118fd9801b94e55f063d4328f050f0876a5eb53c' 'b5887ea77417fae49b6cb1e9fa782d3021f268d5219701d87a092235964f73fa72a31428b630445517f56f2bb69dcbbb24119ef9dbf8b4e40a753369a9f9a16f' '580677aad97093829090d4b605ac81c50327e74a6c2de0b85dd2e8525553f3ddde17556ea46f8f007f89e435493c9a20bc997d1ef1c1c2c23274528e3c46b94f' 'SKIP' 'SKIP' '083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3' 'SKIP' 'c2d88b2c2050262f85be32877142c94e36a8ee451890f579cd2426c7de565fb22d21c369bad11f306093f0b356e935cef5a8ff5a2b0c007ade0f7e7eb944d2a5' 'SKIP' '3e9ea99cfb7d706791eb3349a9356b6bc44a53ef8bfa9a4e89afb5203dad5af3f466a039a1764361c0c7f697a6fa668a21d05ceaeb8e44ec5a11d6468998adf2' 'SKIP' 'dcca942d222a2c226a7e34ba7988ee0c3c55bd6032166eb472caf2053db89aeeea7a40e93d8c2887c7ee73c5f838e8b0725e8cfb595accc1606646559362f7ee' 'SKIP' '6cfcd07e81a93de240582de5a46545420cee93d1f27fe20ea2c983780fdd3036b69fdba073cf549d68a20791e189bf4b3cdde14a43f912d2ab9ef3414c83ac75' 'SKIP' 'a21bebb27b808cb7d2ed13a70739904a1b7b55661d8dea83c9897a0129cf71e20c962f13666c571782ff0f4f753ca885619c2097d9e7691c2dee4e6e4b9a2971' 'SKIP') export LDFLAGS="$LDFLAGS -static" export CC=musl-gcc export CXX=musl-gcc # https://www.openwall.com/lists/musl/2014/11/05/3 # fstack-protector and musl do not get along but only on i686 if [[ $CARCH = i686 || $CARCH = pentium4 || $CARCH = i486 ]]; then # silly build systems have configure checks or buildtime programs that don't CFLAGS but do do CC export CC="musl-gcc -fno-stack-protector" export CXX="musl-gcc -fno-stack-protector" export CFLAGS="${CFLAGS/-fstack-protector-strong/}" export CXXFLAGS="${CXXFLAGS/-fstack-protector-strong/}" fi # to enable func64 interface in musl for 64-bit file system functions export CFLAGS+=' -D_LARGEFILE64_SOURCE' export CXXFLAGS+=' -D_LARGEFILE64_SOURCE' # keep using xz-compressed packages, because one use of the package is to # recover on systems with broken zstd support in libarchive [[ $PKGEXT = .pkg.tar.zst ]] && PKGEXT=.pkg.tar.xz prepare() { # pacman cd "${srcdir}"/pacman-${pkgver} local src for src in "${source[@]}"; do src="${src%%::*}" src="${src##*/}" [[ $src = pacman-*.patch ]] || continue msg2 "Applying pacman patch $src..." patch -Np1 < "../$src" done # openssl cd "${srcdir}"/openssl-${_sslver} patch -Np1 -i "${srcdir}/ca-dir.patch" case ${CARCH} in arm|armv6h|armv7h) # special patch to omit -latomic when installing pkgconfig files msg2 "Applying openssl patch openssl-3.0.7-no-atomic.patch..." patch -Np1 -i "${srcdir}/openssl-3.0.7-no-atomic.patch" esac } build() { export PKG_CONFIG_PATH="${srcdir}"/temp/usr/lib/pkgconfig export PATH="${srcdir}/temp/usr/bin:${PATH}" # openssl cd "${srcdir}"/openssl-${_sslver} case ${CARCH} in x86_64) openssltarget='linux-x86_64' optflags='enable-ec_nistp_64_gcc_128' ;; pentium4) openssltarget='linux-elf' optflags='' ;; i686) openssltarget='linux-elf' optflags='no-sse2' ;; i486) openssltarget='linux-elf' optflags='386 no-threads' ;; arm|armv6h|armv7h) openssltarget='linux-armv4' optflags='' ;; aarch64) openssltarget='linux-aarch64' optflags='no-afalgeng' ;; esac # mark stack as non-executable: http://bugs.archlinux.org/task/12434 ./Configure --prefix="${srcdir}"/temp/usr \ --openssldir=/etc/ssl \ --libdir=lib \ -static \ no-ssl3-method \ ${optflags} \ "${openssltarget}" \ "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" make build_libs make install_dev # xz cd "${srcdir}"/xz ./autogen.sh ./configure --prefix="${srcdir}"/temp/usr \ --disable-shared cd src/liblzma make make install # bzip2 cd "${srcdir}"/bzip2-${_bzipver} sed -i "s|-O2|${CFLAGS}|g;s|CC=gcc|CC=${CC}|g" Makefile make libbz2.a install -Dvm644 bzlib.h "${srcdir}"/temp/usr/include/ install -Dvm644 libbz2.a "${srcdir}"/temp/usr/lib/ cd "${srcdir}"/zstd-${_zstdver}/lib make libzstd.a make PREFIX="${srcdir}"/temp/usr install-pc install-static install-includes # zlib cd "${srcdir}/"zlib-${_zlibver} ./configure --prefix="${srcdir}"/temp/usr \ --static make libz.a make install # libarchive cd "${srcdir}"/libarchive-${_libarchive_ver} CPPFLAGS="-I${srcdir}/temp/usr/include" CFLAGS="-L${srcdir}/temp/usr/lib" \ ./configure --prefix="${srcdir}"/temp/usr \ --without-xml2 \ --without-nettle \ --disable-{bsdtar,bsdcat,bsdcpio,bsdunzip} \ --without-expat \ --disable-shared make make install-{includeHEADERS,libLTLIBRARIES,pkgconfigDATA,includeHEADERS} # nghttp2 cd "${srcdir}"/nghttp2-${_nghttp2_ver} ./configure --prefix="${srcdir}"/temp/usr \ --disable-shared \ --disable-examples \ --disable-python-bindings make -C lib make -C lib install # c-ares # needed for curl, which does not use it in the repos # but seems to be needed for static builds cd "${srcdir}"/c-ares-${_cares_ver} ./configure --prefix="${srcdir}"/temp/usr \ --disable-shared make -C src/lib make install-pkgconfigDATA make -C src/lib install make -C include install # curl cd "${srcdir}"/curl-${_curlver} # c-ares is not detected via pkg-config :( ./configure --prefix="${srcdir}"/temp/usr \ --disable-shared \ --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \ --disable-{dict,gopher,imap,ldap,ldaps,manual,pop3,rtsp,smb,smtp,telnet,tftp} \ --without-{brotli,libidn2,librtmp,libssh2,libpsl} \ --disable-libcurl-option \ --with-openssl \ --enable-ares="${srcdir}"/temp/usr make -C lib make install-pkgconfigDATA make -C lib install make -C include install # libgpg-error cd "${srcdir}"/libgpg-error-${_gpgerrorver} ./configure --prefix="${srcdir}"/temp/usr \ --disable-shared make -C src make -C src install-{binSCRIPTS,libLTLIBRARIES,nodist_includeHEADERS,pkgconfigDATA} # libassuan cd "${srcdir}"/libassuan-${_libassuanver} ./configure --prefix="${srcdir}"/temp/usr \ --disable-shared make -C src make -C src install-{binSCRIPTS,libLTLIBRARIES,nodist_includeHEADERS,pkgconfigDATA} # gpgme cd "${srcdir}"/gpgme-${_gpgmever} ./configure --prefix="${srcdir}"/temp/usr \ --disable-fd-passing \ --disable-shared \ --disable-languages make -C src make -C src install-{binSCRIPTS,libLTLIBRARIES,nodist_includeHEADERS,pkgconfigDATA} # ew libtool rm "${srcdir}"/temp/usr/lib/lib*.la # Finally, it's a pacman! mkdir -p "${srcdir}"/pacman-${pkgver}/builddir cd "${srcdir}"/pacman-${pkgver}/builddir meson setup \ --prefix=/usr \ --includedir=lib/pacman/include \ --libdir=lib/pacman/lib \ --buildtype=plain \ -Dbuildstatic=true \ -Ddefault_library=static \ -Ddoc=disabled \ -Ddoxygen=disabled \ -Dldconfig=/usr/bin/ldconfig \ -Dscriptlet-shell=/usr/bin/bash \ .. ninja } package() { cd "${srcdir}"/pacman-${pkgver}/builddir DESTDIR="${pkgdir}" ninja install rm -rf "${pkgdir}"/usr/share "${pkgdir}"/etc for exe in "${pkgdir}"/usr/bin/*; do if [[ -f ${exe} && $(head -c4 "${exe}") = $'\x7fELF' ]]; then mv "${exe}" "${exe}"-static else rm "${exe}" fi done cp -a "${srcdir}"/temp/usr/{bin,include,lib} "${pkgdir}"/usr/lib/pacman/ sed -i "s@${srcdir}/temp/usr@/usr/lib/pacman@g" \ "${pkgdir}"/usr/lib/pacman/lib/pkgconfig/*.pc \ "${pkgdir}"/usr/lib/pacman/bin/* }