Use subdir named gitea-version in make release-sources generated arti…

[eleksir]

Use tar --transform to place gitea sources within a sub-directory called gitea-${VERSION} to prevent tar bombing.

Fix #19066

⚠️ BREAKING ⚠️

Prior to this PR the gitea src tar.gz would extract to the current directory. Users requiring the previous behaviour should use tar options as appropriate.

[zeripath]

OK we need to double check that bsdtar has this option too.

Annoyingly bsdtar appears to call this option -s instead.

[wxiaoguang]

OK we need to double check that bsdtar has this option too.

https://www.freebsd.org/cgi/man.cgi?query=tar&sektion=1&manpath=freebsd-release-ports
(alternative: gtar)

BSD tar doesn't support --transform, but do we really need to tar in BSD? Our pipelines are all running in Linux.

[zeripath]

The line above this makes reference to making changes for bsdtar.

See #15256

[wxiaoguang]

The line above this makes reference to making changes for bsdtar.

See #15256

Hmm, I see. I was thinking that make release-sources is only used by Gitea's official pipelines (I can not imagine a case that why somebody wants to run make release-sources locally). If down-streams want to pack the source code, they should have their own package toolchains .....

[wxiaoguang]

Now I have another question (a little off-topic): why should release-sources support so many OS? If these OS must be supported .... since Gitea pipeline uses docker a lot to do build, maybe we could just use a latest Linux image in Makefile to provide the tar command.

[eleksir]

bsd tar have option -s

     -s	pattern
	     Modify file or archive member names according to pattern.	The
	     pattern has the format /old/new/[ghHprRsS]	where old is a basic
	     regular expression, new is	the replacement	string of the matched
	     part, and the optional trailing letters modify how	the replace-
	     ment is handled.  If old is not matched, the pattern is skipped.
	     Within new, ~ is substituted with the match, \1 to	\9 with	the
	     content of	the corresponding captured group.  The optional	trail-
	     ing g specifies that matching should continue after the matched
	     part and stop on the first	unmatched pattern.  The	optional
	     trailing s	specifies that the pattern applies to the value	of
	     symbolic links.  The optional trailing p specifies	that after a
	     successful	substitution the original path name and	the new	path
	     name should be printed to standard	error.	Optional trailing H,
	     R,	or S characters	suppress substitutions for hardlink targets,
	     regular filenames,	or symlink targets, respectively.  Optional
	     trailing h, r, or s characters enable substitutions for hardlink
	     targets, regular filenames, or symlink targets, respectively.
	     The default is hrs	which applies substitutions to all names.  In
	     particular, it is never necessary to specify h, r,	or s.

But i've no bsd/mac system on my hands to test it

[silverwind]

why should release-sources support so many OS

I guess it's still valuable to support macOS to be able to debug these make targets locally. We could just require those developers to install GNU versions, e.g. abort the target if non-GNU is detected. GNU versions on macOS either have a "g" prefix, or not, e.g. gtar or tar (in case user has installed it in-place).

[wxiaoguang]

why should release-sources support so many OS

I guess it's still valuable to support macOS to be able to debug these make targets locally. We could just require those developers to install GNU versions, e.g. abort the target if non-GNU is detected. GNU versions on macOS either have a "g" prefix, or not, e.g. gtar or tar (in case user has installed it in-place).

That could be a reason .... however although I am a macOS user, I do not use non-Linux tools to debug systems for Linux, it doesn't make sense to me because finally these targets should be run in Linux. Personally I always use VM or docker for the work which should be in a Linux environment.

Maybe require those developers to install GNU versions is a better choice to simplify the Makefile.

[silverwind]

Maybe require those developers to install GNU versions is a better choice to simplify the Makefile.

Still need to check for existance of gtar vs tar for example, so there's still some complexity involved. If we can support bsdtar here without much effort, I'd say we go for that now.

[wxiaoguang]

Replaced by

• add a directory prefix gitea-src-VERSION to release-tar-file #19396
  which provides bsdtar support.