Commit 52401e22 authored by Rinnegatamante's avatar Rinnegatamante
Browse files

Repository cleanup.

parent 3df91d0d
......@@ -5,6 +5,9 @@
*.elf
*.sfo
*.vpk
*.pk3
*.cfg
*.zip
# Windows image file caches
Thumbs.db
......
# sudo is required for travis-ci to use ubuntu trusty
# ubuntu trusty is required for libsdl2-dev
sudo: required
dist: trusty
language: c
env:
global:
# coverity token
- secure: "a2pGsG/+LS12sD/vgCF912TKBDDiT8PwRTH50eE94trQoHmD+bubIc4mXR9rSuU/NKNPdn6KZlqrVkVuoIanjYaf+rg28VavGMcBrtVO2cI1yjTUxb5Eq/cT20m3KfZCSFw3iWXfiK1CpDkm9Pdrr2Yz99EGZse3Y6jRGJ6giWM="
matrix:
# standard builds
- CC=gcc
- CC=clang
# extra libs
- CC=gcc USE_FREETYPE=1
- CC=clang USE_FREETYPE=1
# cross-compile using mingw
# dlopen curl to workaround link error because mingw-w64 in trusty is missing strtok_r required by libcurl.a
- CC= PLATFORM="mingw32" ARCH="x86" USE_CURL_DLOPEN=1
- CC= PLATFORM="mingw32" ARCH="x86_64" USE_CURL_DLOPEN=1
script: ./travis-ci-build.sh
notifications:
email: false
addons:
apt:
packages:
- binutils-mingw-w64-i686
- gcc-mingw-w64-i686
- binutils-mingw-w64-x86-64
- gcc-mingw-w64-x86-64
- gcc-mingw-w64
- mingw-w64
- libgl1-mesa-dev
- libsdl2-dev
- libfreetype6-dev
coverity_scan:
project:
name: "ioquake/ioq3"
description: "Build submitted via Travis CI"
notification_email: quake3-commits@icculus.org
build_command_prepend: "make clean"
build_command: "make release"
branch_pattern: coverity_scan
This diff is collapsed.
This diff is collapsed.
## ioquake3 Security
We take security very seriously at ioquake3. We welcome any peer review of our 100% free software source code to ensure nobody's ioquake3 clients or servers are ever compromised or hacked.
### Where should I report security issues?
In order to give the community time to respond and upgrade we strongly urge you report all security issues privately.
Please contact zachary@ioquake.org directly to provide details and repro steps and we will respond ASAP.
http://wiki.ioquake3.org/Ioquake3_Road_Map
The updater program's code is public domain. The rest of ioquake3 is not.
The source code to the autoupdater is in the code/autoupdater directory.
There is a small piece of code in ioquake3 itself at startup, too; this is
in code/sys/sys_autoupdater.c ...
(This is all Unix terminology, but similar approaches on Windows apply.)
The updater is a separate program, written in C, with no dependencies on
the game. It (statically) links to libcurl and uses the C runtime, but
otherwise has no external dependencies. It has to be a single binary file
with no shared libraries.
The basic flow looks like this:
- The game launches as usual.
- Right after main() starts, the game creates a pipe, forks off a new process,
and execs the updater in that process. The game won't ever touch the pipe
again. It's just there to block the child app until the game terminates.
- The updater has no UI. It writes a log file.
- The updater downloads a manifest from a known URL over https://, using
libCurl. The base URL is platform-specific (it might be
https://example.com/mac/, or https://example.com/linux-x86/, whatever).
The url might have other features, like a updater version or a specific
product name, etc.
The manifest is at $BASEURL/manifest.txt
- The updater also downloads $BASEURL/manifest.txt.sig, which is a digital
signature for the manifest. It checks the manifest against this signature
and a known public RSA key; if the manifest doesn't match the signature,
the updater refuses to continue.
- The manifest looks like this: three lines per item...
Contents/MacOS/baseq3/uix86_64.dylib
332428
a49bbe77f8eb6c195265ea136f881f7830db58e4d8a883b27f59e1e23e396a20
- That's the file's path, its size in bytes, and an sha256 hash of the data.
- The file will be at this path under the base url on the webserver.
- The manifest only lists files that ever needed updating; it's not necessary
to list every file in the game's installation (unless you want to allow the
entire game to download).
- The updater will check each item in the manifest:
- Does the file not exist in the install? Needs downloading.
- Does the file have a different size? Needs downloading.
- Does the file have a different sha256sum? Needs downloading.
- Otherwise, file is up to date, leave it alone.
- If an item needs downloading, do these same checks against the file in the
download directory (if it's already there and matches, don't download again.)
- Download necessary files with libcurl, put it in a download directory.
- The downloaded file is also checked for size and sha256 vs the manifest, to
make sure there was no corruption or confusion. If a downloaded file doesn't
match what was expected, the updater aborts and will try again next time.
This could fail checksum due to i/o errors and compromised security, but
it might just be that a new version was being published and bad luck
happened, and a retry later could correct everything.
- If the updater itself needs upgrading, we deal with that first. It's
downloaded, then the updater relaunches from the downloaded binary with
a special command line. That relaunched process copies itself to the proper
location, and then relaunches _again_ to restart the normal updating
process with the new updater in its correct position.
- Once the downloads are complete and the updater itself doesn't need
upgrading, we are ready to start the normal upgrade. Since we can't replace
executables on some platforms while they are running, and swapping out a
game's data files at runtime isn't wise in general, the updater will now
block until the game terminates. It does this by reading on the pipe that
the game created when forking the updater; since the game never writes
anything to this pipe, it causes the updater to block until the pipe closes.
Since the game never deliberately closes the pipe either, it remains open
until the OS forcibly closes it as the game process terminates. Being an
unnamed pipe, it just vaporizes at this point, leaving no state that might
accidentally hang us up later, like a global semaphore or whatnot. This
technique also lets us localize the game's code changes to one small block
of C code, with no need to manage these resources elsewhere.
- As a sanity check, the updater will also kill(game_process_id, 0) until it
fails, sleeping for 100 milliseconds between each attempt, in case the
process is still being cleaned up by the OS after closing the pipe.
- Once the updater is confident the game process is gone, it will start
upgrading the appropriate files. It does this in two steps: it moves
the old file to a "rollback" directory so it's out of the way but still
available, then it moves the newly-downloaded file into place. Since these
are all simple renames and not copies, this can move fast. Any missing
parent directories are created, in case the update is adding a new file
in a directory that didn't previously exist.
- If something goes wrong at this point (file i/o error, etc), the updater
will roll back the changes by deleting the updated files, and moving the
files in the "rollback" directory back to their original locations. Then
the updater aborts.
- If nothing went wrong, the rollback files are deleted. And we are officially
up to date! The updater terminates.
The updater is designed to fail at any point. If a download fails, it'll
pick up and try again next time, etc. Completed downloads will remain, so it
will just need to download any missing/incomplete files.
The server side just needs to be able to serve static files over HTTPS from
any standard Apache/nginx/whatever process.
Failure points:
- If the updater fails when still downloading data, it just picks up on next
restart.
- If the updater fails when replacing files, it rolls back any changes it has
made.
- If the updater fails when rolling back, then running the updater again after
fixing the specific problem (disk error, etc?) will redownload and replace
any files that were left in an uncertain state. The only true point of
risk is crashing during a rollback and then having the updater bricked for
some reason, but that's an extremely small surface area, knock on wood.
- If the updater crashes or totally bricks, ioquake3 should just keep being
ioquake3. It will still launch and play, even if the updater is quietly
segfaulting in the background on startup.
- If an update bricks ioquake3 to the point where it can't run the updater,
running the updater directly should let it recover (assuming a future update
fixes the problem).
- If the download server is compromised, they would need the private key
(not stored on the download server) to alter the manifest to serve
compromised files to players. If they try to change a file or the manifest,
the updater will know to abort without updating anything.
- If the private key is compromised, we generate a new one, ship new
installers with an updated public key, and re-sign the manifest with the
new private key. Existing installations will never update again until they
do a fresh install, or at least update their copy of the public key.
How manifest signing works:
Some admin will generate a public/private key with the rsa_make_keys program,
keeping the private key secret. Using the private key and the rsa_sign
program, the admin will sign the manifest, generating manifest.txt.sig.
The public key ships with the game (adding 270 bytes to the download), the
.sig is downloaded with the manifest by the autoupdater (256 bytes extra
download), then the autoupdater checks the manifest against the signature
with the public key. if the signature isn't valid (the manifest was tampered
with or corrupt), the autoupdater refuses to continue.
If the manifest is to be trusted, it lists sha256 checksums for every file to
download, so there's no need to sign every file; if they can't tamper with the
manifest, they can't tamper with any other file to be updated since the file's
listed sha256 won't match.
If the private key is compromised, we generate new keys and ship new
installers, so new installations will be able to update but existing ones
will need to do a new install to keep getting updates. Don't let the private
key get compromised. The private key doesn't go on a public server. Maybe it
doesn't even live on the admin's laptop hard drive.
If the download server is compromised and serving malware, the autoupdater
will reject it outright if they haven't compromised the private key, generated
a new manifest, and signed it with the private key.
Items to consider for future revisions:
- Maybe put a limit on the number manifest downloads, so we only check once
every hour? Every day?
- Channels? Stable (what everyone gets by default), Nightly (once a day),
Experimental (some other work-in-progress branch), Bloody (literally the
latest commit).
- Let mods update, separate from the main game?
Questions? Ask Ryan: icculus@icculus.org
--ryan.
Quake III Arena GPL source release
==================================
This file contains the following sections:
LICENSE
GENERAL NOTES
LICENSE
=======
See COPYING.txt for the GNU GENERAL PUBLIC LICENSE
Some source code in this release is not covered by the GPL:
IO on .zip files using portions of zlib
-----------------------------------------------------------------------------
lines file(s)
4299 code/qcommon/unzip.c
4546 libs/pak/unzip.cpp
Copyright (C) 1998 Gilles Vollant
zlib is Copyright (C) 1995-1998 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
standard C library replacement routines
-----------------------------------------------------------------------------
lines file(s)
1324 code/game/bg_lib.c
Copyright (c) 1992, 1993
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
ADPCM coder/decoder
-----------------------------------------------------------------------------
lines file(s)
330 code/client/snd_adpcm.c
Copyright 1992 by Stichting Mathematisch Centrum, Amsterdam, The
Netherlands.
All Rights Reserved
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the names of Stichting Mathematisch
Centrum or CWI not be used in advertising or publicity pertaining to
distribution of the software without specific, written prior permission.
STICHTING MATHEMATISCH CENTRUM DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS, IN NO EVENT SHALL STICHTING MATHEMATISCH CENTRUM BE LIABLE
FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
JPEG library
-----------------------------------------------------------------------------
code/jpeg-6
libs/jpeg6
Copyright (C) 1991-1995, Thomas G. Lane
Permission is hereby granted to use, copy, modify, and distribute this
software (or portions thereof) for any purpose, without fee, subject to these
conditions:
(1) If any part of the source code for this software is distributed, then this
README file must be included, with this copyright and no-warranty notice
unaltered; and any additions, deletions, or changes to the original files
must be clearly indicated in accompanying documentation.
(2) If only executable code is distributed, then the accompanying
documentation must state that "this software is based in part on the work of
the Independent JPEG Group".
(3) Permission for use of this software is granted only if the user accepts
full responsibility for any undesirable consequences; the authors accept
NO LIABILITY for damages of any kind.
These conditions apply to any software derived from or based on the IJG code,
not just to the unmodified library. If you use our work, you ought to
acknowledge us.
NOTE: unfortunately the README that came with our copy of the library has
been lost, so the one from release 6b is included instead. There are a few
'glue type' modifications to the library to make it easier to use from
the engine, but otherwise the dependency can be easily cleaned up to a
better release of the library.
GENERAL NOTES
=============
A short summary of the file layout:
code/ Quake III Arena source code ( renderer, game code, OS layer etc. )
code/bspc bot routes compiler source code
lcc/ the retargetable C compiler ( produces assembly to be turned into qvm bytecode by q3asm )
q3asm/ assembly to qvm bytecode compiler
q3map/ map compiler ( .map -> .bsp ) - this is the version that comes with Q3Radiant 200f
q3radiant/ Q3Radiant map editor build 200f ( common/ and libs/ are support dirs for radiant )
While we made sure we were still able to compile the game on Windows, GNU/Linux
and Mac, this build didn't get any kind of extensive testing so it may not work
completely right. Whenever an id game is released under GPL, several projects
start making the source code more friendly to nowaday's compilers and
environements. If you are picking up this release weeks/months/years after we
uploaded it, you probably want to look around on the net for cleaned up
versions of this codebase as well.
#!/bin/bash
UNAME=`uname`
MASTER_DIR=`dirname $0`
BUILD_DEFAULT="release"
cd ${MASTER_DIR}
if [ "${OPTIONS}" == "all_options" ];
then
export USE_FREETYPE=1
fi
if [ "$UNAME" == "Darwin" ]; then
CORES=`sysctl -n hw.ncpu`
elif [ "$UNAME" == "Linux" ]; then
CORES=`awk '/^processor/ { N++} END { print N }' /proc/cpuinfo`
fi
echo "platform : ${UNAME}"
echo "cores : ${CORES}"
if [ "${BUILD_TYPE}" == "" ]; then
BUILD_TYPE="${BUILD_DEFAULT}"
echo "build type : defaulting to ${BUILD_TYPE}"
else
echo "build type : ${BUILD_TYPE}"
fi
echo "environment :"
export
if [ -n "${CPPCHECK}" ]; then
if [ ! -f "${CPPCHECK}" ]; then
command -v cppcheck >/dev/null
if [ "$?" != "0" ]; then
echo "cppcheck not installed"
exit 1
fi
cppcheck --enable=all --max-configs=1 --xml --xml-version=2 code 2> ${CPPCHECK}
fi
ln -sf ${CPPCHECK} cppcheck.xml
fi
# Bit of a hack; only run scan-build with clang and all options enabled
if [ "${CC}" == "clang" ] && [ "${OPTIONS}" == "all_options" ]; then
MAKE_PREFIX="scan-build"
fi
${MAKE_PREFIX} make -j${CORES} distclean ${BUILD_TYPE}
exit $?
#!/bin/bash
# Let's make the user give us a target to work with.
# architecture is assumed universal if not specified, and is optional.
# if arch is defined, it we will store the .app bundle in the target arch build directory
if [ $# == 0 ] || [ $# -gt 2 ]; then
echo "Usage: $0 target <arch>"
echo "Example: $0 release x86"
echo "Valid targets are:"
echo " release"
echo " debug"
echo
echo "Optional architectures are:"
echo " x86"
echo " x86_64"
echo " ppc"
echo
exit 1
fi
# validate target name
if [ "$1" == "release" ]; then
TARGET_NAME="release"
elif [ "$1" == "debug" ]; then
TARGET_NAME="debug"
else
echo "Invalid target: $1"
echo "Valid targets are:"
echo " release"
echo " debug"
exit 1
fi
CURRENT_ARCH=""
# validate the architecture if it was specified
if [ "$2" != "" ]; then
if [ "$2" == "x86" ]; then
CURRENT_ARCH="x86"
elif [ "$2" == "x86_64" ]; then
CURRENT_ARCH="x86_64"
elif [ "$2" == "ppc" ]; then
CURRENT_ARCH="ppc"
else
echo "Invalid architecture: $2"
echo "Valid architectures are:"
echo " x86"
echo " x86_64"
echo " ppc"
echo
exit 1
fi
fi
# symlinkArch() creates a symlink with the architecture suffix.
# meant for universal binaries, but also handles the way this script generates
# application bundles for a single architecture as well.
function symlinkArch()
{
EXT="dylib"
SEP="${3}"
SRCFILE="${1}"
DSTFILE="${2}${SEP}"
DSTPATH="${4}"
if [ ! -e "${DSTPATH}/${SRCFILE}.${EXT}" ]; then
echo "**** ERROR: missing ${SRCFILE}.${EXT} from ${MACOS}"
exit 1
fi
if [ ! -d "${DSTPATH}" ]; then
echo "**** ERROR: path not found ${DSTPATH}"
exit 1
fi
pushd "${DSTPATH}" > /dev/null
IS32=`file "${SRCFILE}.${EXT}" | grep "i386"`
IS64=`file "${SRCFILE}.${EXT}" | grep "x86_64"`
ISPPC=`file "${SRCFILE}.${EXT}" | grep "ppc"`
if [ "${IS32}" != "" ]; then
if [ ! -L "${DSTFILE}x86.${EXT}" ]; then
ln -s "${SRCFILE}.${EXT}" "${DSTFILE}x86.${EXT}"
fi
elif [ -L "${DSTFILE}x86.${EXT}" ]; then
rm "${DSTFILE}x86.${EXT}"
fi
if [ "${IS64}" != "" ]; then
if [ ! -L "${DSTFILE}x86_64.${EXT}" ]; then
ln -s "${SRCFILE}.${EXT}" "${DSTFILE}x86_64.${EXT}"
fi
elif [ -L "${DSTFILE}x86_64.${EXT}" ]; then
rm "${DSTFILE}x86_64.${EXT}"
fi
if [ "${ISPPC}" != "" ]; then
if [ ! -L "${DSTFILE}ppc.${EXT}" ]; then
ln -s "${SRCFILE}.${EXT}" "${DSTFILE}ppc.${EXT}"
fi
elif [ -L "${DSTFILE}ppc.${EXT}" ]; then
rm "${DSTFILE}ppc.${EXT}"
fi
popd > /dev/null
}
SEARCH_ARCHS=" \
x86 \
x86_64 \
ppc \
"
HAS_LIPO=`command -v lipo`
HAS_CP=`command -v cp`
# if lipo is not available, we cannot make a universal binary, print a warning
if [ ! -x "${HAS_LIPO}" ] && [ "${CURRENT_ARCH}" == "" ]; then
CURRENT_ARCH=`uname -m`
if [ "${CURRENT_ARCH}" == "i386" ]; then CURRENT_ARCH="x86"; fi
echo "$0 cannot make a universal binary, falling back to architecture ${CURRENT_ARCH}"
fi
# if the optional arch parameter is used, replace SEARCH_ARCHS to only work with one
if [ "${CURRENT_ARCH}" != "" ]; then
SEARCH_ARCHS="${CURRENT_ARCH}"
fi
AVAILABLE_ARCHS=""
IOQ3_VERSION=`grep '^VERSION=' Makefile | sed -e 's/.*=\(.*\)/\1/'`
IOQ3_CLIENT_ARCHS=""
IOQ3_SERVER_ARCHS=""
IOQ3_RENDERER_GL1_ARCHS=""
IOQ3_RENDERER_GL2_ARCHS=""
IOQ3_CGAME_ARCHS=""
IOQ3_GAME_ARCHS=""
IOQ3_UI_ARCHS=""
IOQ3_MP_CGAME_ARCHS=""
IOQ3_MP_GAME_ARCHS=""
IOQ3_MP_UI_ARCHS=""
BASEDIR="baseq3"
MISSIONPACKDIR="missionpack"
CGAME="cgame"
GAME="qagame"
UI="ui"
RENDERER_OPENGL="renderer_opengl"
DEDICATED_NAME="ioq3ded"
CGAME_NAME="${CGAME}.dylib"
GAME_NAME="${GAME}.dylib"
UI_NAME="${UI}.dylib"
RENDERER_OPENGL1_NAME="${RENDERER_OPENGL}1.dylib"
RENDERER_OPENGL2_NAME="${RENDERER_OPENGL}2.dylib"
ICNSDIR="misc"
ICNS="quake3_flat.icns"
PKGINFO="APPLIOQ3"
OBJROOT="build"
#BUILT_PRODUCTS_DIR="${OBJROOT}/${TARGET_NAME}-darwin-${CURRENT_ARCH}"
PRODUCT_NAME="ioquake3"
WRAPPER_EXTENSION="app"
WRAPPER_NAME="${PRODUCT_NAME}.${WRAPPER_EXTENSION}"
CONTENTS_FOLDER_PATH="${WRAPPER_NAME}/Contents"
UNLOCALIZED_RESOURCES_FOLDER_PATH="${CONTENTS_FOLDER_PATH}/Resources"
EXECUTABLE_FOLDER_PATH="${CONTENTS_FOLDER_PATH}/MacOS"
EXECUTABLE_NAME="${PRODUCT_NAME}"
# loop through the architectures to build string lists for each universal binary
for ARCH in $SEARCH_ARCHS; do
CURRENT_ARCH=${ARCH}
BUILT_PRODUCTS_DIR="${OBJROOT}/${TARGET_NAME}-darwin-${CURRENT_ARCH}"
IOQ3_CLIENT="${EXECUTABLE_NAME}.${CURRENT_ARCH}"
IOQ3_SERVER="${DEDICATED_NAME}.${CURRENT_ARCH}"
IOQ3_RENDERER_GL1="${RENDERER_OPENGL}1_${CURRENT_ARCH}.dylib"
IOQ3_RENDERER_GL2="${RENDERER_OPENGL}2_${CURRENT_ARCH}.dylib"
IOQ3_CGAME="${CGAME}${CURRENT_ARCH}.dylib"
IOQ3_GAME="${GAME}${CURRENT_ARCH}.dylib"
IOQ3_UI="${UI}${CURRENT_ARCH}.dylib"
if [ ! -d ${BUILT_PRODUCTS_DIR} ]; then
CURRENT_ARCH=""
BUILT_PRODUCTS_DIR=""
continue
fi
# executables
if [ -e ${BUILT_PRODUCTS_DIR}/${IOQ3_CLIENT} ]; then
IOQ3_CLIENT_ARCHS="${BUILT_PRODUCTS_DIR}/${IOQ3_CLIENT} ${IOQ3_CLIENT_ARCHS}"
VALID_ARCHS="${ARCH} ${VALID_ARCHS}"