[arch-projects] [PATCH] [devtools] Have signature checking work in chroots
Adjust the mount options for /dev/pts to allow signature checking
with gpgme to work.
Adjust the various pacman.confs to use "SigLevel = Optional TrustAll"
which is the best that can be done automatically with Arch repos at
the moment.
Signed-off-by: Allan McRae
On 15/10/11 20:56, Allan McRae wrote:
Adjust the mount options for /dev/pts to allow signature checking with gpgme to work.
Adjust the various pacman.confs to use "SigLevel = Optional TrustAll" which is the best that can be done automatically with Arch repos at the moment.
Signed-off-by: Allan McRae
--- I'm not sure exactly what other consequences there are from removing "newinstance" from the /dev/pts mount options but this appears to work...
mkarchroot.in | 2 +- pacman-extra.conf | 2 -- pacman-multilib-testing.conf | 4 +--- pacman-multilib.conf | 4 +--- pacman-staging.conf | 4 +--- pacman-testing.conf | 4 +--- 6 files changed, 5 insertions(+), 15 deletions(-)
diff --git a/mkarchroot.in b/mkarchroot.in index 0debb13..4db3032 100644 --- a/mkarchroot.in +++ b/mkarchroot.in @@ -110,7 +110,7 @@ chroot_mount() { mount -t tmpfs shm "${working_dir}/dev/shm" -o nodev,nosuid,size=128M
[ -e "${working_dir}/dev/pts" ] || mkdir "${working_dir}/dev/pts" - mount -t devpts devpts "${working_dir}/dev/pts" -o newinstance,ptmxmode=666 + mount -t devpts devpts "${working_dir}/dev/pts" -o ptmxmode=666 ln -s pts/ptmx "${working_dir}/dev/ptmx"
[ -e "${cache_dir}" ] || mkdir -p "${cache_dir}"
So this broke the gcc testsuite (and probably the binutils one too...). Instead, mounting /dev/pts with: mount --bind /dev/pts "${working_dir}/dev/pts" allows both the signature checking with pacman to work and the gcc testsuite to run. Allan
Am 27.10.2011 13:57, schrieb Allan McRae:
On 15/10/11 20:56, Allan McRae wrote:
Adjust the mount options for /dev/pts to allow signature checking with gpgme to work.
Adjust the various pacman.confs to use "SigLevel = Optional TrustAll" which is the best that can be done automatically with Arch repos at the moment. So this broke the gcc testsuite (and probably the binutils one too...). Instead, mounting /dev/pts with:
mount --bind /dev/pts "${working_dir}/dev/pts"
allows both the signature checking with pacman to work and the gcc testsuite to run.
I don' like this at first sight. In general I would avoid binding anything from the host into the chroot. Especially since we want to support having several build process run in parallel. On the other side I am no export on the pts device; so my concerns might be just invalid. -- Pierre Schmitz, https://users.archlinux.de/~pierre
participants (2)
-
Allan McRae
-
Pierre Schmitz