From be00fcd47b9fa6ebdab7173372ab219514e0b88d Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 4 May 2014 15:43:50 -0400 Subject: makechrootpkg: use a simpler/safer expression with eval --- makechrootpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index 97c7780..5ed7390 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -113,7 +113,7 @@ for arg in "${@:OPTIND}"; do done if [[ -n $SUDO_USER ]]; then - USER_HOME=$(eval echo ~$SUDO_USER) + eval "USER_HOME=~$SUDO_USER" else USER_HOME=$HOME fi -- cgit v1.2.3-54-g00ecf From 12a1300694272928e70408f4ce2fe85bacd19eb4 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 10 May 2014 22:22:06 -0400 Subject: makechrootpkg: Use the btrfs mountpoint/subvolume check consistently. Commit 59e348fc3c5dd086331d884a6dd76fb43a92b7eb added a btrfs subvolume check, but only used it in create_chroot(); it missed clean_temporary(). --- makechrootpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index 5ed7390..8bc18a4 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -164,7 +164,7 @@ create_chroot() { clean_temporary() { stat_busy "Removing temporary copy [$copy]" - if [[ "$chroottype" == btrfs ]]; then + if [[ "$chroottype" == btrfs ]] && ! mountpoint -q "$copydir"; then btrfs subvolume delete "$copydir" >/dev/null || die "Unable to delete subvolume %s" "$copydir" else -- cgit v1.2.3-54-g00ecf From a78bdb841dbe7839c8afd7184d821ed42dd334cc Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 21 Sep 2014 15:03:28 -0400 Subject: makechrootpkg: build as same UID as invoker Changing UID to that of 'nobody' is arbitrary at best, and an information leak at worst. Let's just drop back to the same UID of the invoker. --- makechrootpkg.in | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index 8bc18a4..b82c2a2 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -234,7 +234,13 @@ prepare_chroot() { echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf" fi - chown -R nobody "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir} + builduser_uid=${SUDO_UID:-$UID} + + # We can't use useradd without chrooting, otherwise it invokes PAM modules + # which we might not be able to load (i.e. when building i686 packages on + # an x86_64 host). + printf 'builduser:x:%d:100:builduser:/:/usr/bin/nologin\n' "$builduser_uid" >>"$copydir/etc/passwd" + chown -R "$builduser_uid" "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir} if [[ -n $MAKEFLAGS ]]; then sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf" @@ -246,12 +252,12 @@ prepare_chroot() { echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf" fi - if [[ ! -f $copydir/etc/sudoers.d/nobody-pacman ]]; then - cat > "$copydir/etc/sudoers.d/nobody-pacman" < "$copydir/etc/sudoers.d/builduser-pacman" <&1 | tee "/logdest/${pkgfile##*/}-namcap.log" + sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log" done fi -- cgit v1.2.3-54-g00ecf From 285a4e94cdee62cae155abcec4daeeffd709e900 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Tue, 23 Sep 2014 07:57:43 -0400 Subject: makechrootpkg: make running namcap a "compile time" choice We don't need to pass _chrootbuild this information at runtime -- we can just generate the build script to do exactly what we want. --- makechrootpkg.in | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index b82c2a2..a340116 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -262,8 +262,19 @@ EOF # This is a little gross, but this way the script is recreated every time in the # working copy - printf $'#!/bin/bash\n%s\n_chrootbuild %q %q' "$(declare -f _chrootbuild)" \ - "$makepkg_args" "$run_namcap" >"$copydir/chrootbuild" + { + printf $'#!/bin/bash\n%s\n_chrootbuild %q %q\n' "$(declare -f _chrootbuild)" \ + "$makepkg_args" "$run_namcap" + if $run_namcap; then + cat <<'EOF' +pacman -S --needed --noconfirm namcap +for pkgfile in /startdir/PKGBUILD /pkgdest/*; do + echo "Checking ${pkgfile##*/}" + sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log" +done +EOF + fi + } >"$copydir/chrootbuild" chmod +x "$copydir/chrootbuild" } @@ -290,7 +301,6 @@ _chrootbuild() { # This function isn't run in makechrootpkg, # so no global variables local makepkg_args="$1" - local run_namcap="$2" . /etc/profile export HOME=/build @@ -326,17 +336,7 @@ _chrootbuild() { exit 1 fi - sudo -u builduser makepkg $makepkg_args || exit 1 - - if $run_namcap; then - pacman -S --needed --noconfirm namcap - for pkgfile in /startdir/PKGBUILD /pkgdest/*; do - echo "Checking ${pkgfile##*/}" - sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log" - done - fi - - exit 0 + sudo -u builduser makepkg $makepkg_args } move_products() { -- cgit v1.2.3-54-g00ecf From bf7dc83bab4f002a29866fd30b1574b6fbca36aa Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 19 Oct 2014 16:06:31 -0400 Subject: save and reuse original argv when auto-elevating Fixes FS#42277. --- arch-nspawn.in | 4 +++- archbuild.in | 6 ++++-- makechrootpkg.in | 6 ++++-- mkarchroot.in | 4 +++- 4 files changed, 14 insertions(+), 6 deletions(-) (limited to 'makechrootpkg.in') diff --git a/arch-nspawn.in b/arch-nspawn.in index b85d360..19f1410 100644 --- a/arch-nspawn.in +++ b/arch-nspawn.in @@ -26,6 +26,8 @@ usage() { exit 1 } +orig_argv=("$@") + while getopts 'hC:M:c:' arg; do case "$arg" in C) pac_conf="$OPTARG" ;; @@ -38,7 +40,7 @@ done shift $(($OPTIND - 1)) (( $# < 1 )) && die 'You must specify a directory.' -check_root "$0" "$@" +check_root "$0" "${orig_argv[@]}" working_dir=$(readlink -f "$1") shift 1 diff --git a/archbuild.in b/archbuild.in index dc45c7f..9c5d706 100644 --- a/archbuild.in +++ b/archbuild.in @@ -29,6 +29,8 @@ usage() { exit 1 } +orig_argv=("$@") + while getopts 'hcr:' arg; do case "${arg}" in c) clean_first=true ;; @@ -37,11 +39,11 @@ while getopts 'hcr:' arg; do esac done +check_root "$0" "${orig_argv[@]}" + # Pass all arguments after -- right to makepkg makechrootpkg_args+=("${@:$OPTIND}") -check_root "$0" "$@" - if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then msg "Creating chroot for [${repo}] (${arch})..." diff --git a/makechrootpkg.in b/makechrootpkg.in index a340116..8957974 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -66,6 +66,8 @@ usage() { exit 1 } +orig_argv=("$@") + while getopts 'hcur:I:l:nTD:d:' arg; do case "$arg" in h) usage ;; @@ -81,10 +83,10 @@ while getopts 'hcur:I:l:nTD:d:' arg; do esac done -check_root "$0" "$@" - [[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.' +check_root "$0" "${orig_argv[@]}" + # Canonicalize chrootdir, getting rid of trailing / chrootdir=$(readlink -e "$passeddir") [[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir" diff --git a/mkarchroot.in b/mkarchroot.in index 5f3d6fe..78384da 100644 --- a/mkarchroot.in +++ b/mkarchroot.in @@ -24,6 +24,8 @@ usage() { exit 1 } +orig_argv=("$@") + while getopts 'hC:M:c:' arg; do case "$arg" in C) pac_conf="$OPTARG" ;; @@ -37,7 +39,7 @@ shift $(($OPTIND - 1)) (( $# < 2 )) && die 'You must specify a directory and one or more packages.' -check_root "$0" "$@" +check_root "$0" "${orig_argv[@]}" working_dir="$(readlink -f $1)" shift 1 -- cgit v1.2.3-54-g00ecf From 28140068ce22cc15fc155570f33e0bdaae22de9c Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 19 Oct 2014 16:43:13 -0400 Subject: makechroot: die if we encounter an unexpected option --- makechrootpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index 8957974..1fbd3b4 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -70,7 +70,6 @@ orig_argv=("$@") while getopts 'hcur:I:l:nTD:d:' arg; do case "$arg" in - h) usage ;; c) clean_first=true ;; D) bindmounts_ro+=(--bind-ro="$OPTARG") ;; d) bindmounts_rw+=(--bind="$OPTARG") ;; @@ -80,6 +79,7 @@ while getopts 'hcur:I:l:nTD:d:' arg; do l) copy="$OPTARG" ;; n) run_namcap=true; makepkg_args="$makepkg_args -i" ;; T) temp_chroot=true; copy+="-$$" ;; + h|*) usage ;; esac done -- cgit v1.2.3-54-g00ecf From e5fe74102dee0dc1b7343666f3b9d41446e7cf86 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Mon, 20 Oct 2014 19:13:57 -0400 Subject: makechrootpkg: don't run namcap if makepkg fails Fixes a regression introduced by 285a4e94cd, which made namcap a "compile time" option. --- makechrootpkg.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index 1fbd3b4..c8cb169 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -265,7 +265,7 @@ EOF # This is a little gross, but this way the script is recreated every time in the # working copy { - printf $'#!/bin/bash\n%s\n_chrootbuild %q %q\n' "$(declare -f _chrootbuild)" \ + printf $'#!/bin/bash\n%s\n_chrootbuild %q %q || exit\n' "$(declare -f _chrootbuild)" \ "$makepkg_args" "$run_namcap" if $run_namcap; then cat <<'EOF' -- cgit v1.2.3-54-g00ecf From 273d5a7a4325b830fc0038abdc7fc8a1bb55bfd9 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sun, 19 Oct 2014 19:49:02 -0400 Subject: makechrootpkg: treat makepkg_args as array --- makechrootpkg.in | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'makechrootpkg.in') diff --git a/makechrootpkg.in b/makechrootpkg.in index c8cb169..26deaca 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -12,7 +12,7 @@ m4_include(lib/common.sh) shopt -s nullglob -makepkg_args='-s --noconfirm -L --holdver' +makepkg_args=(-s --noconfirm -L --holdver) repack=false update_first=false clean_first=false @@ -46,7 +46,7 @@ usage() { echo 'command:' echo ' mkarchroot /root base-devel' echo '' - echo "Default makepkg args: $makepkg_args" + echo "Default makepkg args: ${makepkg_args[*]}" echo '' echo 'Flags:' echo '-h This help' @@ -77,7 +77,7 @@ while getopts 'hcur:I:l:nTD:d:' arg; do r) passeddir="$OPTARG" ;; I) install_pkgs+=("$OPTARG") ;; l) copy="$OPTARG" ;; - n) run_namcap=true; makepkg_args="$makepkg_args -i" ;; + n) run_namcap=true; makepkg_args+=(-i) ;; T) temp_chroot=true; copy+="-$$" ;; h|*) usage ;; esac @@ -102,7 +102,7 @@ else fi # Pass all arguments after -- right to makepkg -makepkg_args="$makepkg_args ${*:$OPTIND}" +makepkg_args+=("${@:$OPTIND}") # See if -R was passed to makepkg for arg in "${@:OPTIND}"; do @@ -265,8 +265,12 @@ EOF # This is a little gross, but this way the script is recreated every time in the # working copy { - printf $'#!/bin/bash\n%s\n_chrootbuild %q %q || exit\n' "$(declare -f _chrootbuild)" \ - "$makepkg_args" "$run_namcap" + printf '#!/bin/bash\n' + declare -f _chrootbuild + printf '_chrootbuild' + printf ' %q' "${makepkg_args[@]}" + printf ' || exit\n' + if $run_namcap; then cat <<'EOF' pacman -S --needed --noconfirm namcap @@ -302,7 +306,6 @@ download_sources() { _chrootbuild() { # This function isn't run in makechrootpkg, # so no global variables - local makepkg_args="$1" . /etc/profile export HOME=/build @@ -338,7 +341,7 @@ _chrootbuild() { exit 1 fi - sudo -u builduser makepkg $makepkg_args + sudo -u builduser makepkg "$@" } move_products() { -- cgit v1.2.3-54-g00ecf