From f1ed674dcc1fc2eff2d0f2aa3ba5d3f5ee1d7b5c Mon Sep 17 00:00:00 2001
From: mibbio <contact@mibbiodev.de>
Date: Tue, 13 Jan 2015 09:35:08 +0100
Subject: [PATCH 1/2] Convert remaining wget to curl. See
 BrainwreckedTech/aurpb#3

---
 makepkgs.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/makepkgs.sh b/makepkgs.sh
index 26eb5ec..889ca0f 100755
--- a/makepkgs.sh
+++ b/makepkgs.sh
@@ -108,7 +108,7 @@ fi
 
 ### MAKE SURE WE HAVE THE REQUISITE BINARIES ###
 
-for binary in sed tar xz host curl wget arch-nspawn makechrootpkg; do
+for binary in sed tar xz host curl arch-nspawn makechrootpkg; do
   type ${binary} > /dev/null 2>&1 || { echo "${binary} is not installed." >&2; exit 1; }
 done
 
@@ -173,7 +173,7 @@ function pkg_ver_aur () {
 }
 
 function pkg_get () {
-  wget -q https://aur.archlinux.org/packages/${1:0:2}/${1}/${1}.tar.gz
+  curl -s -o ${1}.tar.gz https://aur.archlinux.org/packages/${1:0:2}/${1}/${1}.tar.gz
   tar -zxvf ${1}.tar.gz > /dev/null
   rm ${1}.tar.gz
 }

From 7811ed5dea830b833abcb56be20b086f87d619ca Mon Sep 17 00:00:00 2001
From: mibbio <contact@mibbiodev.de>
Date: Wed, 14 Jan 2015 09:23:12 +0100
Subject: [PATCH 2/2] Prevent running script with root rights

---
 makepkgs.sh | 51 +++++++++++++++++++++++++--------------------------
 1 file changed, 25 insertions(+), 26 deletions(-)

diff --git a/makepkgs.sh b/makepkgs.sh
index 889ca0f..334e916 100755
--- a/makepkgs.sh
+++ b/makepkgs.sh
@@ -12,7 +12,7 @@ As soon as the program sees one of these options, all command line
 argument processing stops.
 
   -h  Show this help
-  -l  Only list package info. 
+  -l  Only list package info.
   -d  Only reconstruct repo database.
   -s  Only sign packages.
 
@@ -35,12 +35,12 @@ COMBINABLE FLAGS:
   -u  <USERNAME>   User to run package signing as.  Defaults to \$USER,
                    which retains orignal user name even with privilege
                    escalation with su.
-  
+
   -f  Update RSS   Update an RSS feed
 
 END_OF_SHOW_HELP
-} 
- 
+}
+
 ### CONSTANTS & SHORTCUTS ###
 
 COLOR='\e[1;35m'
@@ -54,6 +54,7 @@ TAB3='tput cub 80; tput cuf 80'
 
 NEWPKS=""
 BADPKS=""
+LOCKFILE="/tmp/makepkgs.lock"
 FLAG_MAKE=true  # Make packages?
 FLAG_LIST=false # Only list package info?
 FLAG_REPO=false # Only update the repos?
@@ -84,25 +85,24 @@ done
 
 shift $((OPTIND-1))
 
-### CHECK TO SEE IF RUN AS ROOT ###
+### MAKE SURE THE SCRIPT ISN'T RUNNING WITH ROOT RIGHTS ###
 
-[[ ${EUID} -eq 0 && ! ${FLAG_MAKE} ]] &&
-  echo "This script must be run as root when making packages." >&2 && exit 1
+[[ ${EUID} -eq 0 ]] && echo -e "It's not allowed to build packages as root." && exit 1
 
 ### CHECK TO SEE IF WE ARE ALREADY RUNNING ###
 
-if [ -f /var/run/lock/makepkgs.lock ]; then
-  echo "Lock file /var/run/lock/makepkgs.lock detected.  Is the script already running?" >&2 
+if [ -f ${LOCKFILE} ]; then
+  echo "Lock file ${LOCKFILE} detected.  Is the script already running?" >&2
   [ -t 1 ] && echo "This file may be left behind if the script crashes or is interrupted"
   [ -t 1 ] && echo "If you are sure that this script is not running please delete the lock file."
   exit 1
 else
-  touch /var/run/lock/makepkgs.lock
+  touch ${LOCKFILE}
 fi
 
 ### TELL USER ABOUT FALLING BACK TO DEFAULTS ###
 
-[ -z ${CHROOT} ] && CHROOT="/srv/build" && $FLAG_INFO && [ -t 1 ] && echo "No chroot directory specified, defaulting to /srv/build" 
+[ -z ${CHROOT} ] && CHROOT="/srv/build" && $FLAG_INFO && [ -t 1 ] && echo "No chroot directory specified, defaulting to /srv/build"
 [ -z ${REPDIR} ] && REPDIR="/srv/repo" && $FLAG_INFO && [ -t 1 ] && echo "No repo directory specified, defaulting to /srv/repo"
 [ -z ${USRNAM} ] && USRNAM="${USER}" && $FLAG_INFO && [ -t 1 ] && echo "No username specified.  Will sign packages as ${USER}"
 
@@ -116,7 +116,6 @@ done
 
 [ -z ${REPNAM} ] && echo "No repo name specified" >&2 && show_help >&2 rm /var/run/lock/makepkgs.lock && exit 1
 
-
 ### MAKE SURE THE BUILD CHROOTS EXISTS ###
 
 for arch in x86_64 i686; do
@@ -222,7 +221,7 @@ function sign_pkgs() {
 function pkg_build () {
 
   message "Preparing to build ${1} for ${4}..."
-  rm -rf ${REPDIR}/${REPNAM}/build/aur/${1}
+  sudo rm -rf ${REPDIR}/${REPNAM}/build/aur/${1}
 
   mpec=1
   pkg_get ${1}
@@ -233,20 +232,20 @@ function pkg_build () {
 
   if [ -n "${tany}" -a "${4}" == "i686" ]; then
     message 'ANY package detected, will copy x86_64 version.'
-    cp ${REPDIR}/${REPNAM}/x86_64/${1}* ${REPDIR}/${REPNAM}/i686/
+    cp -a ${REPDIR}/${REPNAM}/x86_64/${1}* ${REPDIR}/${REPNAM}/i686/
     [[ "${2}" != "missing" ]] && pkg_remove ${1} ${2} ${4}
   else
     if [ -n "${tnat}" -o -n "${tany}" ]; then
-      chown -R nobody ${REPDIR}/${REPNAM}/build/aur/${1}
+      chown -R ${USRNAM}:$(id -ng ${USRNAM}) ${REPDIR}/${REPNAM}/build/aur/${1}
       cd ${REPDIR}/${REPNAM}/build/aur/${1}
       [[ -f ../${1}.sh ]] && message 'Executing PKGBUILD customization...' && sh ../${1}.sh
       makechrootpkg -cur ${CHROOT}/${4} -l aurpbs
       if [ $? == 0 ]; then
         message 'Package creation succeeded!'
-        if [ -f "`ls ${REPDIR}/${REPNAM}/build/aur/${1}/${1}-*.pkg.tar 2> /dev/null`" ]; then 
+        if [ -f "`ls ${REPDIR}/${REPNAM}/build/aur/${1}/${1}-*.pkg.tar 2> /dev/null`" ]; then
           message 'Package left as tarball.  Manually compressing...'
           xz ${REPDIR}/${REPNAM}/build/aur/${1}/${1}-*.pkg.tar
-        fi 
+        fi
         [[ "${2}" != "missing" ]] && pkg_remove ${1} ${2} ${4}
         pkg_add ${1} ${4}; sign_pkgs ${4}; repo_build ${4}; system_update ${4};
         NEWPKS="${NEWPKS}${1} for ${4}"$'\n'
@@ -285,9 +284,9 @@ if [ -f "${REPDIR}/${REPNAM}/build/aur/packages.list" ]; then
   ### CREATE DIRECTORIES IF THEY DON'T EXIST ###
 
   mkdir -p ${REPDIR}/${REPNAM}/build/aur
-  mkdir -p ${REPDIR}/${REPNAM}/{x86_64,i686}
+  mkdir -p ${REPDIR}/${REPNAM}/{x86_64,i686} && chown ${USRNAM}:$(id -ng ${USRNAM}) ${REPDIR}/${REPNAM}/{x86_64,i686}
 
-  if [ -t 1 ]; then 
+  if [ -t 1 ]; then
     echo -e "${BEGIN}*** STARTING WITH REPO ${REPNAM} ***${RESET}\n"
     echo -ne "PACKAGE NAME"; eval ${TAB1}
     echo -ne "LCL X86_64 VER"; eval ${TAB2}
@@ -309,7 +308,7 @@ if [ -f "${REPDIR}/${REPNAM}/build/aur/packages.list" ]; then
         system_update x86_64; system_update i686
         lvx=$(pkg_ver_loc ${pkg} x86_64); lvi=$(pkg_ver_loc ${pkg} i686)
       fi
-      if [ -t 1 ]; then 
+      if [ -t 1 ]; then
         echo -ne "${COLOR}${pkg}${RESET}"; eval $TAB1
         echo -ne "${COLOR}${lvx}${RESET}"; eval $TAB2
         echo -ne "${COLOR}${lvi}${RESET}"; eval $TAB3
@@ -329,7 +328,7 @@ if [ -f "${REPDIR}/${REPNAM}/build/aur/packages.list" ]; then
             else
               $FLAG_INFO && [ -t 1 ] && echo "List mode on...not building missing ${arch} package."
             fi
-          else 
+          else
             if pkg_ver_comp ${lvl} ${av}; then
               if [ ${FLAG_LIST} == false ]; then
                 pkg_build ${pkg} ${lvl} ${av} ${arch} && [[ $? == 0 ]] && depupd=1
@@ -351,20 +350,20 @@ fi
 
 if [ ! ${FLAG_URSS} ]; then
 
-  # This section relies on BrainwreckedRSS 
+  # This section relies on BrainwreckedRSS
   # Visit rss.bw-tech.net for more information
 
   cd ${REPDIR}/bwrss
 
-  [[ "$NEWPKS" != "" ]] && 
+  [[ "$NEWPKS" != "" ]] &&
     NEWPKS=$(echo "$NEWPKS" | sed ':a;N;$!ba;s/\n/\&lt;br\/\&gt; /g') &&
     php update.php aurpb "New Packages Built" "AURPB Build Script" "${NEWPKS} &lt;br /&gt;Packages are waiting production."
 
-  [[ "$BADPKS" != "" ]] && 
+  [[ "$BADPKS" != "" ]] &&
     BADPKS=$(echo "$BADPKS" | sed ':a;N;$!ba;s/\n/\&lt;br\/\&gt; /g') &&
-    EXCUSE="Common reasons: Dependencies broken, source dl link broken, AUR maintainer broken." 
+    EXCUSE="Common reasons: Dependencies broken, source dl link broken, AUR maintainer broken."
     php update.php aurpb "Failed Packages" "AURPB Build Script" "${BADPKS} &lt;br /&gt;${EXCUSE}"
 fi
 
-rm /var/run/lock/makepkgs.lock
+rm ${LOCKFILE}
 exit 0