[arch-projects] [devtools] [PATCH] makechrootpkg: Simplify chroot preparation
Copy both UID and primary GID of the invoker to the builduser. Mount
srcdest and startdir read-write.
---
makechrootpkg.in | 110 ++++++++++++++-----------------------------------------
1 file changed, 28 insertions(+), 82 deletions(-)
diff --git a/makechrootpkg.in b/makechrootpkg.in
index 9cb25fc..67a1be6 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -145,13 +145,33 @@ install_packages() {
[[ -f PKGBUILD ]] || exit $ret
}
+append_makepkg() {
+ local x
+ for x in "$@"; do
+ grep -q "^$x" "$copydir/etc/makepkg.conf" && continue
+ echo "$x" >>"$copydir/etc/makepkg.conf"
+ done
+}
+
prepare_chroot() {
$repack || rm -rf "$copydir/build"
- mkdir -p "$copydir/build"
- if ! grep -q 'BUILDDIR="/build"' "$copydir/etc/makepkg.conf"; then
- echo 'BUILDDIR="/build"' >> "$copydir/etc/makepkg.conf"
- fi
+ local builduser_uid="${SUDO_UID:-$UID}"
+ local builduser_gid="$(id -g "$builduser_uid")"
+
+ # We can't use useradd without chrooting, otherwise it invokes PAM modules
+ # which we might not be able to load (i.e. when building i686 packages on
+ # an x86_64 host).
+ sed -e '/^builduser:/d' -i "$copydir"/etc/{passwd,group}
+ printf 'builduser:x:%d:\n' "$builduser_gid" >>"$copydir/etc/group"
+ printf 'builduser:x:%d:%d:builduser:/build:/bin/bash\n' "$builduser_uid" "$builduser_gid" >>"$copydir/etc/passwd"
+
+ mkdir -p "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest}
+ chown "$builduser_uid:$builduser_gid" "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest}
+
+ sed -e '/^MAKEFLAGS=/d' -e '/^PACKAGER=/d' -i "$copydir/etc/makepkg.conf"
+ append_makepkg BUILDDIR=/build PKGDEST=/pkgdest SRCPKGDEST=/srcpkgdest SRCDEST=/srcdest LOGDEST=/logdest \
+ "MAKEFLAGS='$MAKEFLAGS'" "PACKAGER='$PACKAGER'"
# Read .makepkg.conf and gnupg pubring
if [[ -r $USER_HOME/.gnupg/pubring.kbx ]]; then
@@ -161,54 +181,11 @@ prepare_chroot() {
install -D "$USER_HOME/.gnupg/pubring.gpg" "$copydir/build/.gnupg/pubring.gpg"
fi
- mkdir -p "$copydir/pkgdest"
- if ! grep -q 'PKGDEST="/pkgdest"' "$copydir/etc/makepkg.conf"; then
- echo 'PKGDEST="/pkgdest"' >> "$copydir/etc/makepkg.conf"
- fi
-
- mkdir -p "$copydir/srcpkgdest"
- if ! grep -q 'SRCPKGDEST="/srcpkgdest"' "$copydir/etc/makepkg.conf"; then
- echo 'SRCPKGDEST="/srcpkgdest"' >> "$copydir/etc/makepkg.conf"
- fi
-
- mkdir -p "$copydir/logdest"
- if ! grep -q 'LOGDEST="/logdest"' "$copydir/etc/makepkg.conf"; then
- echo 'LOGDEST="/logdest"' >> "$copydir/etc/makepkg.conf"
- fi
-
- # These two get bind-mounted read-only
- # XXX: makepkg dislikes having these dirs read-only, so separate them
- mkdir -p "$copydir/startdir" "$copydir/startdir_host"
- mkdir -p "$copydir/srcdest" "$copydir/srcdest_host"
- if ! grep -q 'SRCDEST="/srcdest"' "$copydir/etc/makepkg.conf"; then
- echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf"
- fi
-
- builduser_uid=${SUDO_UID:-$UID}
-
- # We can't use useradd without chrooting, otherwise it invokes PAM modules
- # which we might not be able to load (i.e. when building i686 packages on
- # an x86_64 host).
- printf 'builduser:x:%d:100:builduser:/build:/bin/bash\n' "$builduser_uid" >>"$copydir/etc/passwd"
- chown -R "$builduser_uid" "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir}
-
- if [[ -n $MAKEFLAGS ]]; then
- sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf"
- echo "MAKEFLAGS='${MAKEFLAGS}'" >> "$copydir/etc/makepkg.conf"
- fi
-
- if [[ -n $PACKAGER ]]; then
- sed -i '/^PACKAGER=/d' "$copydir/etc/makepkg.conf"
- echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf"
- fi
-
- if [[ ! -f $copydir/etc/sudoers.d/builduser-pacman ]]; then
- cat > "$copydir/etc/sudoers.d/builduser-pacman" <
Copy both UID and primary GID of the invoker to the builduser. Mount
srcdest and startdir read-write.
v2: Fixed GnuPG keyring owner and moved running namcap from a heredoc
to a function.
---
makechrootpkg.in | 144 +++++++++++++++++--------------------------------------
1 file changed, 43 insertions(+), 101 deletions(-)
diff --git a/makechrootpkg.in b/makechrootpkg.in
index 9cb25fc..9534c54 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -148,67 +148,38 @@ install_packages() {
prepare_chroot() {
$repack || rm -rf "$copydir/build"
- mkdir -p "$copydir/build"
- if ! grep -q 'BUILDDIR="/build"' "$copydir/etc/makepkg.conf"; then
- echo 'BUILDDIR="/build"' >> "$copydir/etc/makepkg.conf"
- fi
-
- # Read .makepkg.conf and gnupg pubring
- if [[ -r $USER_HOME/.gnupg/pubring.kbx ]]; then
- install -D "$USER_HOME/.gnupg/pubring.kbx" "$copydir/build/.gnupg/pubring.kbx"
- fi
- if [[ -r $USER_HOME/.gnupg/pubring.gpg ]]; then
- install -D "$USER_HOME/.gnupg/pubring.gpg" "$copydir/build/.gnupg/pubring.gpg"
- fi
-
- mkdir -p "$copydir/pkgdest"
- if ! grep -q 'PKGDEST="/pkgdest"' "$copydir/etc/makepkg.conf"; then
- echo 'PKGDEST="/pkgdest"' >> "$copydir/etc/makepkg.conf"
- fi
-
- mkdir -p "$copydir/srcpkgdest"
- if ! grep -q 'SRCPKGDEST="/srcpkgdest"' "$copydir/etc/makepkg.conf"; then
- echo 'SRCPKGDEST="/srcpkgdest"' >> "$copydir/etc/makepkg.conf"
- fi
-
- mkdir -p "$copydir/logdest"
- if ! grep -q 'LOGDEST="/logdest"' "$copydir/etc/makepkg.conf"; then
- echo 'LOGDEST="/logdest"' >> "$copydir/etc/makepkg.conf"
- fi
-
- # These two get bind-mounted read-only
- # XXX: makepkg dislikes having these dirs read-only, so separate them
- mkdir -p "$copydir/startdir" "$copydir/startdir_host"
- mkdir -p "$copydir/srcdest" "$copydir/srcdest_host"
- if ! grep -q 'SRCDEST="/srcdest"' "$copydir/etc/makepkg.conf"; then
- echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf"
- fi
-
- builduser_uid=${SUDO_UID:-$UID}
+ local builduser_uid="${SUDO_UID:-$UID}"
+ local builduser_gid="$(id -g "$builduser_uid")"
+ local install="install -o $builduser_uid -g $builduser_gid"
+ local x
# We can't use useradd without chrooting, otherwise it invokes PAM modules
# which we might not be able to load (i.e. when building i686 packages on
# an x86_64 host).
- printf 'builduser:x:%d:100:builduser:/build:/bin/bash\n' "$builduser_uid" >>"$copydir/etc/passwd"
- chown -R "$builduser_uid" "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir}
+ sed -e '/^builduser:/d' -i "$copydir"/etc/{passwd,group}
+ printf >>"$copydir/etc/group" 'builduser:x:%d:\n' $builduser_gid
+ printf >>"$copydir/etc/passwd" 'builduser:x:%d:%d:builduser:/build:/bin/bash\n' $builduser_uid $builduser_gid
- if [[ -n $MAKEFLAGS ]]; then
- sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf"
- echo "MAKEFLAGS='${MAKEFLAGS}'" >> "$copydir/etc/makepkg.conf"
- fi
+ $install -d "$copydir"/{build,build/.gnupg,startdir,{pkg,srcpkg,src,log}dest}
- if [[ -n $PACKAGER ]]; then
- sed -i '/^PACKAGER=/d' "$copydir/etc/makepkg.conf"
- echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf"
- fi
+ for x in .gnupg/pubring.{kbx,gpg}; do
+ [[ -r $USER_HOME/$x ]] || continue
+ $install -m 644 "$USER_HOME/$x" "$copydir/build/$x"
+ done
- if [[ ! -f $copydir/etc/sudoers.d/builduser-pacman ]]; then
- cat > "$copydir/etc/sudoers.d/builduser-pacman" <
participants (1)
-
Jan Alexander Steffens (heftig)