diff --git a/makechrootpkg.in b/makechrootpkg.in
index 862e6bcd762ffb1b90082777b6c717910e486402..c7baf4d4a049033a5461c02147fa3e0e6b403af0 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -237,34 +237,8 @@ EOF
 
 	# This is a little gross, but this way the script is recreated every time in the
 	# working copy
-	cat >"$copydir/chrootbuild" <<EOF
-#!/bin/bash
-. /etc/profile
-export HOME=/build
-shopt -s nullglob
-
-# Workaround makepkg disliking read-only dirs
-ln -sft /srcdest /srcdest_host/*
-ln -sft /startdir /startdir_host/*
-
-# Keep PKGBUILD writable for pkgver()
-rm /startdir/PKGBUILD*
-cp /startdir_host/PKGBUILD* /startdir
-chown nobody /startdir/PKGBUILD*
-
-cd /startdir
-sudo -u nobody makepkg $makepkg_args || exit 1
-
-if $run_namcap; then
-	pacman -S --needed --noconfirm namcap
-	for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
-		echo "Checking \${pkgfile##*/}"
-		sudo -u nobody namcap "\$pkgfile" 2>&1 | tee "/logdest/\${pkgfile##*/}-namcap.log"
-	done
-fi
-
-exit 0
-EOF
+	printf $'#!/bin/bash\n%s\n_chrootbuild %q %q' "$(declare -f _chrootbuild)" \
+		"$makepkg_args" "$run_namcap" >"$copydir/chrootbuild"
 	chmod +x "$copydir/chrootbuild"
 }
 
@@ -287,6 +261,46 @@ download_sources() {
 	rm -rf $builddir
 }
 
+_chrootbuild() {
+	# This function isn't run in makechrootpkg,
+	# so no global variables
+	local makepkg_args="$1"
+	local run_namcap="$2"
+
+	. /etc/profile
+	export HOME=/build
+	shopt -s nullglob
+
+	# Workaround makepkg disliking read-only dirs
+	ln -sft /srcdest /srcdest_host/*
+	ln -sft /startdir /startdir_host/*
+
+	cd /startdir
+
+	# Keep PKGBUILD writable for pkgver()
+	rm PKGBUILD*
+	cp /startdir_host/PKGBUILD* .
+	chown nobody PKGBUILD*
+
+	# Safety check
+	if [[ ! -w PKGBUILD ]]; then
+		echo "Can't write to PKGBUILD!"
+		exit 1
+	fi
+
+	sudo -u nobody makepkg $makepkg_args || exit 1
+
+	if $run_namcap; then
+		pacman -S --needed --noconfirm namcap
+		for pkgfile in /startdir/PKGBUILD /pkgdest/*; do
+			echo "Checking ${pkgfile##*/}"
+			sudo -u nobody namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log"
+		done
+	fi
+
+	exit 0
+}
+
 move_products() {
 	for pkgfile in "$copydir"/pkgdest/*; do
 		chown "$src_owner" "$pkgfile"