[arch-projects] [devtools] [PATCH] makechrootpkg: Simplify chroot preparation

Jan Alexander Steffens (heftig) jan.steffens at gmail.com
Sat Apr 23 07:26:53 UTC 2016 

Copy both UID and primary GID of the invoker to the builduser. Mount
srcdest and startdir read-write.
---
 makechrootpkg.in | 110 ++++++++++++++-----------------------------------------
 1 file changed, 28 insertions(+), 82 deletions(-)

diff --git a/makechrootpkg.in b/makechrootpkg.in
index 9cb25fc..67a1be6 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -145,13 +145,33 @@ install_packages() {
 	[[ -f PKGBUILD ]] || exit $ret
 }
 
+append_makepkg() {
+	local x
+	for x in "$@"; do
+		grep -q "^$x" "$copydir/etc/makepkg.conf" && continue
+		echo "$x" >>"$copydir/etc/makepkg.conf"
+	done
+}
+
 prepare_chroot() {
 	$repack || rm -rf "$copydir/build"
 
-	mkdir -p "$copydir/build"
-	if ! grep -q 'BUILDDIR="/build"' "$copydir/etc/makepkg.conf"; then
-		echo 'BUILDDIR="/build"' >> "$copydir/etc/makepkg.conf"
-	fi
+	local builduser_uid="${SUDO_UID:-$UID}"
+	local builduser_gid="$(id -g "$builduser_uid")"
+
+	# We can't use useradd without chrooting, otherwise it invokes PAM modules
+	# which we might not be able to load (i.e. when building i686 packages on
+	# an x86_64 host).
+	sed -e '/^builduser:/d' -i "$copydir"/etc/{passwd,group}
+	printf 'builduser:x:%d:\n' "$builduser_gid" >>"$copydir/etc/group"
+	printf 'builduser:x:%d:%d:builduser:/build:/bin/bash\n' "$builduser_uid" "$builduser_gid" >>"$copydir/etc/passwd"
+
+	mkdir -p "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest}
+	chown  "$builduser_uid:$builduser_gid" "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest}
+
+	sed -e '/^MAKEFLAGS=/d' -e '/^PACKAGER=/d' -i "$copydir/etc/makepkg.conf"
+	append_makepkg BUILDDIR=/build PKGDEST=/pkgdest SRCPKGDEST=/srcpkgdest SRCDEST=/srcdest LOGDEST=/logdest \
+		"MAKEFLAGS='$MAKEFLAGS'" "PACKAGER='$PACKAGER'"
 
 	# Read .makepkg.conf and gnupg pubring
 	if [[ -r $USER_HOME/.gnupg/pubring.kbx ]]; then
@@ -161,54 +181,11 @@ prepare_chroot() {
 		install -D "$USER_HOME/.gnupg/pubring.gpg" "$copydir/build/.gnupg/pubring.gpg"
 	fi
 
-	mkdir -p "$copydir/pkgdest"
-	if ! grep -q 'PKGDEST="/pkgdest"' "$copydir/etc/makepkg.conf"; then
-		echo 'PKGDEST="/pkgdest"' >> "$copydir/etc/makepkg.conf"
-	fi
-
-	mkdir -p "$copydir/srcpkgdest"
-	if ! grep -q 'SRCPKGDEST="/srcpkgdest"' "$copydir/etc/makepkg.conf"; then
-		echo 'SRCPKGDEST="/srcpkgdest"' >> "$copydir/etc/makepkg.conf"
-	fi
-
-	mkdir -p "$copydir/logdest"
-	if ! grep -q 'LOGDEST="/logdest"' "$copydir/etc/makepkg.conf"; then
-		echo 'LOGDEST="/logdest"' >> "$copydir/etc/makepkg.conf"
-	fi
-
-	# These two get bind-mounted read-only
-	# XXX: makepkg dislikes having these dirs read-only, so separate them
-	mkdir -p "$copydir/startdir" "$copydir/startdir_host"
-	mkdir -p "$copydir/srcdest" "$copydir/srcdest_host"
-	if ! grep -q 'SRCDEST="/srcdest"' "$copydir/etc/makepkg.conf"; then
-		echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf"
-	fi
-
-	builduser_uid=${SUDO_UID:-$UID}
-
-	# We can't use useradd without chrooting, otherwise it invokes PAM modules
-	# which we might not be able to load (i.e. when building i686 packages on
-	# an x86_64 host).
-	printf 'builduser:x:%d:100:builduser:/build:/bin/bash\n' "$builduser_uid" >>"$copydir/etc/passwd"
-	chown -R "$builduser_uid" "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir}
-
-	if [[ -n $MAKEFLAGS ]]; then
-		sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf"
-		echo "MAKEFLAGS='${MAKEFLAGS}'" >> "$copydir/etc/makepkg.conf"
-	fi
-
-	if [[ -n $PACKAGER ]]; then
-		sed -i '/^PACKAGER=/d' "$copydir/etc/makepkg.conf"
-		echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf"
-	fi
-
-	if [[ ! -f $copydir/etc/sudoers.d/builduser-pacman ]]; then
-		cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF
+	cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF
 Defaults env_keep += "HOME"
 builduser ALL = NOPASSWD: /usr/bin/pacman
 EOF
-		chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"
-	fi
+	chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"
 
 	# This is a little gross, but this way the script is recreated every time in the
 	# working copy
@@ -257,38 +234,7 @@ _chrootbuild() {
 
 	. /etc/profile
 	export HOME=/build
-	shopt -s nullglob
-
-	# XXX: Workaround makepkg disliking read-only dirs
-	ln -sft /srcdest /srcdest_host/*
-	ln -sft /startdir /startdir_host/*
-
-	# XXX: Keep bzr and svn sources writable
-	# Since makepkg 4.1.1 they get checked out via cp -a, copying the symlink
-	for dir in /srcdest /startdir; do
-		for vcs in bzr svn; do
-			cd "$dir"
-			for vcsdir in */.$vcs; do
-				rm "${vcsdir%/.$vcs}"
-				cp -a "${dir}_host/${vcsdir%/.$vcs}" .
-				chown -R builduser "${vcsdir%/.$vcs}"
-			done
-		done
-	done
-
 	cd /startdir
-
-	# XXX: Keep PKGBUILD writable for pkgver()
-	rm PKGBUILD*
-	cp /startdir_host/PKGBUILD* .
-	chown builduser PKGBUILD*
-
-	# Safety check
-	if [[ ! -w PKGBUILD ]]; then
-		echo "Can't write to PKGBUILD!"
-		exit 1
-	fi
-
 	sudo -u builduser makepkg "$@"
 }
 
@@ -389,8 +335,8 @@ download_sources
 prepare_chroot
 
 if arch-nspawn "$copydir" \
-	--bind-ro="$PWD:/startdir_host" \
-	--bind-ro="$SRCDEST:/srcdest_host" \
+	--bind="$PWD:/startdir" \
+	--bind="$SRCDEST:/srcdest" \
 	"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
 	/chrootbuild
 then
-- 
2.8.0

More information about the arch-projects mailing list