diff options
Diffstat (limited to 'src/chroot-tools/libremakepkg')
| -rwxr-xr-x | src/chroot-tools/libremakepkg | 101 |
1 files changed, 70 insertions, 31 deletions
diff --git a/src/chroot-tools/libremakepkg b/src/chroot-tools/libremakepkg index fc6418c..aad4217 100755 --- a/src/chroot-tools/libremakepkg +++ b/src/chroot-tools/libremakepkg @@ -2,15 +2,18 @@ set -euE # libremakepkg -# Copyright 2010-2011 Nicolás Reynolds -# Copyright 2011 Joshua Ismael Haase Hernández -# Copyright 2012-2013 Luke Shumaker +# Copyright (C) 2010-2012 Nicolás Reynolds <fauno@parabola.nu> +# Copyright (C) 2010-2012 Joshua Ismael Haase Hernández (xihh) <hahj87@gmail.com> +# Copyright (C) 2012 Michał Masłowski <mtjm@mtjm.eu> +# Copyright (C) 2012-2014 Luke Shumaker <lukeshu@sbcglobal.net> +# +# License: GNU GPLv2+ # # This file is part of Parabola. # # Parabola is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or +# the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # Parabola is distributed in the hope that it will be useful, @@ -33,7 +36,7 @@ umask 0022 readonly _indent="$(librelib chroot/indent)" readonly INCHROOT=$([[ -f /.arch-chroot ]] && echo true || echo false) NONET=true # can be changed with the -N flag -# {SRC,LOG,PKG}DEST set at runtime by makepkg.conf +# {PKG,SRC,SRCPKG,LOG}DEST set at runtime by makepkg.conf # MAKEFLAGS, PACKAGER set at runtime by makepkg.conf # LIBREUSER, LIBREHOME are set by conf.sh librechroot_flags=() @@ -54,6 +57,21 @@ indent() { "$_indent" ' | ' } +# Usage: _check_perms_dir $directory +# Make sure that $directory is readable and executable (searchable) by 'nobody' +check_directory_permissions() ( + local dir=$1 + # `cd` to the directory, then test `.`; that way if parent + # directories aren't readable, we aren't testing for that. We + # only need the last element in `$dir`. + cd "$dir" + if ! sudo -u nobody test -r . -a -x .; then + error "Directory '%s' must be readable by user 'nobody'" "$dir" + return 1 + fi + return 0 +) + # Usage: exit_copy $copydir $src_owner # End immediately, but copy log files out exit_copy() { @@ -106,21 +124,22 @@ build() ( local copydir=$1; shift local repack=$1; shift - local netflag='' - local run=() + local run_ynet=() + local run_nnet=() if $INCHROOT; then - ! $NONET || netflag='-N' - run=(unshare) + run_ynet=(unshare) + run_nnet=(unshare -n) else - ! $NONET || netflag='-n' - run=(librechroot "${librechroot_flags[@]}" run) + run_ynet=(librechroot "${librechroot_flags[@]}" run) + run_nnet=(librechroot "${librechroot_flags[@]}" -N run) fi + $NONET || run_nnet=("${run_ynet[@]}") prepare_chroot "$copydir" "$LIBREHOME" "$repack" false - "${run[@]}" /chrootprepare "$@" |& indent + "${run_ynet[@]}" /chrootprepare false "$@" |& indent run_hook pre_build "$copydir" trap "run_hook post_build '$copydir'" EXIT - "${run[@]}" /chrootbuild "$@" |& indent + "${run_nnet[@]}" /chrootbuild false "$@" |& indent ) # The main program ############################################################# @@ -132,7 +151,7 @@ usage() { prose 'If run from outside of a chroot, command will make the following configuration changes in the chroot:' bullet 'whatever changes `librechroot` makes.' - bullet 'set `PKGDEST` and `SRCDEST` in `/etc/makepkg.conf`' + bullet 'set `{PKG,SRC,SRCPKG,LOG}DEST` in `/etc/makepkg.conf`' bullet 'set `PACKAGER` in `/etc/makepkg.conf` to reflect the value outside of the chroot.' bullet '(maybe) delete `/build/.makepkg.conf`' @@ -148,8 +167,12 @@ usage() { the documentation there.' echo print 'Options:' + print ' %s options:' librechroot flag "-n <$(_ CHROOT)>" 'Name of the chroot to use' flag "-l <$(_ COPY)>" 'Name of, or absolute path to, the chroot copy to use' + flag "-w <$(_ 'PATH[:PATH]')>" 'Bind mount a file or directory, read/write' + flag "-r <$(_ 'PATH[:PATH]')>" 'Bind mount a file or directory, read-only' + print ' %s options:' libremakepkg flag '-N' "Don't disable networking during build() and package(). PLEASE don't use this unless you have a special reason, its use is a violation @@ -173,10 +196,14 @@ main() { local chroot='' # Parse command line options ########################################### - while getopts 'n:l:NRh' flag ; do + while getopts 'n:l:w:r:NRh' flag ; do case "${flag}" in - n) if $INCHROOT; then err_chflag "$flag"; else chroot=$OPTARG; fi;; - l) if $INCHROOT; then err_chflag "$flag"; else copy=$OPTARG; fi;; + n) if $INCHROOT; then err_chflag "$flag"; else + chroot=$OPTARG; fi;; + l) if $INCHROOT; then err_chflag "$flag"; else + copy=$OPTARG; fi;; + w|r) if $INCHROOT; then err_chflag "$flag"; else + librechroot_flags+=(-$flag "$OPTARG"); fi;; N) NONET=false;; R) repack=true; makepkg_args+=(-R);; h) usage; return 0;; @@ -204,6 +231,15 @@ main() { fi unset chroot + # Load makepkg configuration ########################################### + # Note that all of these are globals + PKGDEST="$(get_var makepkg PKGDEST "$PWD")" + SRCDEST="$(get_var makepkg SRCDEST "$PWD")" + SRCPKGDEST="$(get_var makepkg SRCPKGDEST "$PWD")" + LOGDEST="$(get_var makepkg LOGDEST "$PWD")" + MAKEFLAGS="$(get_var makepkg MAKEFLAGS '')" + PACKAGER="$(get_var makepkg PACKAGER '')" + # Quick sanity check ################################################### if (( EUID )); then @@ -217,20 +253,16 @@ main() { exit 1 fi - # Load makepkg configuration ########################################### - # Note that all of these are globals - SRCDEST="$(get_var makepkg SRCDEST "$PWD")" - PKGDEST="$(get_var makepkg PKGDEST "$PWD")" - LOGDEST="$(get_var makepkg LOGDEST "$PWD")" - mkdir -p "$SRCDEST" "$PKGDEST" "$LOGDEST" - MAKEFLAGS="$(get_var makepkg MAKEFLAGS '')" - PACKAGER="$(get_var makepkg PACKAGER '')" - - librechroot_flags=( - -r "$PWD:/startdir_host" - -r "$SRCDEST:/srcdest_host" - -n "$CHROOT" - -l "$copy" + # Make sure that the various *DEST directories exist + mkdir -p -- "$PKGDEST" "$SRCDEST" "$SRCPKGDEST" "$LOGDEST" + # Check the permissions for $startdir and $SRCDEST + ( + declare -i ret=0 + check_directory_permissions "$PWD" || ret=1 + if ! [[ "$PWD" -ef "$SRCDEST" ]]; then + check_directory_permissions "$SRCDEST" || ret=1 + fi + exit $ret ) # OK, we are starting now ############################################## @@ -239,6 +271,13 @@ main() { lock 9 "/build/.lock" \ "Waiting for existing lock on build directory to be released" else + librechroot_flags+=( + -r "$PWD:/startdir_host" + -r "$SRCDEST:/srcdest_host" + -n "$CHROOT" + -l "$copy" + ) + # Obtain a lock on the chroot lock 9 "$copydir.lock" \ "Waiting for existing lock on chroot copy to be released: [%s]" "$copy" |