From: Henning Schild <henning.schild@siemens.com>
To: Alexander Smirnov <asmirnov@ilbers.de>
Cc: <isar-users@googlegroups.com>
Subject: Re: [PATCH] isar: Clean mount point on bitbake exit
Date: Fri, 9 Feb 2018 13:33:40 +0100 [thread overview]
Message-ID: <20180209133340.681c00b5@mmd1pvb1c.ad001.siemens.net> (raw)
In-Reply-To: <20180206195516.32153-1-asmirnov@ilbers.de>
Hi,
this patch is causing problems when building in a docker container,
because sysfs can only be mounted ro. (Subject: current next bash in
buildchroot problem)
Now we could discuss whether we should relax the security of our
containers even more, or whether Isar should care about that use-case.
But this patch actually does several things at a time, it changes the
way we mount and adds three new mounts. I would suggest to split it up
so we can discuss the issues with dev and sys while already merging the
rest.
Henning
Am Tue, 6 Feb 2018 22:55:16 +0300
schrieb Alexander Smirnov <asmirnov@ilbers.de>:
> 8<--
>
> That's it! Branch 'asmirnov/devel', please test and enjoy :-)
>
> 8<--
>
> Now each multiconfig has registered handler for BuildCompleted event
> (see class 'isar-event.bbclass'). Moreover, the '/proc/mounts' file
> contains all the active mounts. In addition, from event handler we
> could derive all the variables like ${TMPDIR}, ${DISTRO} etc. So it's
> possible to find all the active mounts for current multiconfig and
> clean them.
>
> NOTE: if build is interrupted by double ^C, some mount points could
> stay uncleaned. This is caused by remaining processes started by
> bitbake, for example:
> - 'chroot build.sh ...'
> - 'multistrap ...'
>
> So please be careful when interrupting build.
>
> Signed-off-by: Alexander Smirnov <asmirnov@ilbers.de>
> ---
> meta-isar/recipes-core/images/isar-image-base.bb | 11 ++++------
> meta/classes/dpkg-base.bbclass | 12 ++++-------
> meta/classes/isar-events.bbclass | 15
> +++++++++++--- meta/recipes-devtools/buildchroot/buildchroot.bb |
> 24
> +++++++++------------- .../buildchroot/files/configscript.sh
> | 4 ---- .../buildchroot/files/download_dev-random | 13
> ------------ 6 files changed, 30 insertions(+), 49 deletions(-)
> delete mode 100644
> meta/recipes-devtools/buildchroot/files/download_dev-random
>
> diff --git a/meta-isar/recipes-core/images/isar-image-base.bb
> b/meta-isar/recipes-core/images/isar-image-base.bb index
> e359ac3..8ddbabb 100644 ---
> a/meta-isar/recipes-core/images/isar-image-base.bb +++
> b/meta-isar/recipes-core/images/isar-image-base.bb @@ -55,14 +55,10
> @@ do_rootfs() { -e 's|##ISAR_DISTRO_SUITE##|${DEBDISTRONAME}|g' \
> "${WORKDIR}/multistrap.conf.in" >
> "${WORKDIR}/multistrap.conf"
> + # Do not use bitbake flag [dirs] here because this folder should
> have
> + # specific ownership.
> [ ! -d ${IMAGE_ROOTFS}/proc ] && sudo install -d -o 0 -g 0 -m
> 555 ${IMAGE_ROOTFS}/proc sudo mount -t proc none ${IMAGE_ROOTFS}/proc
> - _do_rootfs_cleanup() {
> - ret=$?
> - sudo umount ${IMAGE_ROOTFS}/proc 2>/dev/null || true
> - (exit $ret) || bb_exit_handler
> - }
> - trap '_do_rootfs_cleanup' EXIT
>
> # Create root filesystem. We must use sudo -E here to preserve
> the environment # because of proxy settings
> @@ -72,5 +68,6 @@ do_rootfs() {
> sudo chroot ${IMAGE_ROOTFS} /${DISTRO_CONFIG_SCRIPT}
> ${MACHINE_SERIAL} ${BAUDRATE_TTY} \ ${ROOTFS_DEV}
> sudo rm "${IMAGE_ROOTFS}/${DISTRO_CONFIG_SCRIPT}"
> - _do_rootfs_cleanup
> +
> + sudo umount ${IMAGE_ROOTFS}/proc 2>/dev/null || true
> }
> diff --git a/meta/classes/dpkg-base.bbclass
> b/meta/classes/dpkg-base.bbclass index 5d5a924..a34c21f 100644
> --- a/meta/classes/dpkg-base.bbclass
> +++ b/meta/classes/dpkg-base.bbclass
> @@ -20,15 +20,11 @@ dpkg_runbuild() {
> do_build() {
> mkdir -p ${BUILDROOT}
> sudo mount --bind ${WORKDIR} ${BUILDROOT}
> - _do_build_cleanup() {
> - ret=$?
> - sudo umount ${BUILDROOT} 2>/dev/null || true
> - sudo rmdir ${BUILDROOT} 2>/dev/null || true
> - (exit $ret) || bb_exit_handler
> - }
> - trap '_do_build_cleanup' EXIT
> +
> dpkg_runbuild
> - _do_build_cleanup
> +
> + sudo umount ${BUILDROOT} 2>/dev/null || true
> + sudo rmdir ${BUILDROOT} 2>/dev/null || true
> }
>
> # Install package to Isar-apt
> diff --git a/meta/classes/isar-events.bbclass
> b/meta/classes/isar-events.bbclass index 55fc106..ae0f791 100644
> --- a/meta/classes/isar-events.bbclass
> +++ b/meta/classes/isar-events.bbclass
> @@ -11,10 +11,19 @@ python isar_handler () {
> devnull = open(os.devnull, 'w')
>
> if isinstance(e, bb.event.BuildCompleted):
> - bchroot = d.getVar('BUILDCHROOT_DIR', True)
> + tmpdir = d.getVar('TMPDIR', True)
> + distro = d.getVar('DISTRO', True)
> + arch = d.getVar('DISTRO_ARCH', True)
>
> - # Clean up buildchroot
> - subprocess.call('/usr/bin/sudo /bin/umount ' + bchroot +
> '/isar-apt || /bin/true', stdout=devnull, stderr=devnull, shell=True)
> + w = tmpdir + '/work/' + distro + '-' + arch
> +
> + # '/proc/mounts' contains all the active mounts, so knowing
> 'w' we
> + # could get the list of mounts for the specific multiconfig
> and
> + # clean them.
> + with open('/proc/mounts', 'rU') as f:
> + for line in f:
> + if w in line:
> + subprocess.call('sudo umount -f ' +
> line.split()[1], stdout=devnull, stderr=devnull, shell=True)
> devnull.close()
> }
> diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb
> b/meta/recipes-devtools/buildchroot/buildchroot.bb index
> 304c67e..df9df19 100644 ---
> a/meta/recipes-devtools/buildchroot/buildchroot.bb +++
> b/meta/recipes-devtools/buildchroot/buildchroot.bb @@ -12,7 +12,6 @@
> FILESPATH =. "${LAYERDIR_core}/recipes-devtools/buildchroot/files:"
> SRC_URI = "file://multistrap.conf.in \ file://configscript.sh \
> file://setup.sh \
> - file://download_dev-random \
> file://build.sh"
> PV = "1.0"
>
> @@ -32,8 +31,10 @@ BUILDCHROOT_PREINSTALL ?= "gcc \
> WORKDIR = "${TMPDIR}/work/${DISTRO}-${DISTRO_ARCH}/${PN}"
>
> do_build[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
> -do_build[dirs] = "${WORKDIR}/hooks_multistrap \
> - ${BUILDCHROOT_DIR}/isar-apt"
> +do_build[dirs] = "${BUILDCHROOT_DIR}/isar-apt \
> + ${BUILDCHROOT_DIR}/dev \
> + ${BUILDCHROOT_DIR}/proc \
> + ${BUILDCHROOT_DIR}/sys"
> do_build[depends] = "isar-apt:do_cache_config"
>
> do_build() {
> @@ -41,7 +42,6 @@ do_build() {
>
> chmod +x "${WORKDIR}/setup.sh"
> chmod +x "${WORKDIR}/configscript.sh"
> - install -m 755 "${WORKDIR}/download_dev-random"
> "${WORKDIR}/hooks_multistrap/"
> # Multistrap accepts only relative path in configuration files,
> so get it: cd ${TOPDIR}
> @@ -60,15 +60,6 @@ do_build() {
> -e 's|##DIR_HOOKS##|./'"$WORKDIR_REL"'/hooks_multistrap|g' \
> "${WORKDIR}/multistrap.conf.in" >
> "${WORKDIR}/multistrap.conf"
> - [ ! -d ${BUILDCHROOT_DIR}/proc ] && install -d -m 555
> ${BUILDCHROOT_DIR}/proc
> - sudo mount -t proc none ${BUILDCHROOT_DIR}/proc
> - _do_build_cleanup() {
> - ret=$?
> - sudo umount ${BUILDCHROOT_DIR}/proc 2>/dev/null || true
> - (exit $ret) || bb_exit_handler
> - }
> - trap '_do_build_cleanup' EXIT
> -
> do_setup_mounts
>
> # Create root filesystem
> @@ -79,7 +70,6 @@ do_build() {
>
> # Configure root filesystem
> sudo chroot ${BUILDCHROOT_DIR} /configscript.sh
> - _do_build_cleanup
>
> do_cleanup_mounts
> }
> @@ -96,10 +86,16 @@ do_setup_mounts[stamp-extra-info] =
> "${DISTRO}-${DISTRO_ARCH}"
> do_setup_mounts() {
> sudo mount --bind ${DEPLOY_DIR_APT}/${DISTRO}
> ${BUILDCHROOT_DIR}/isar-apt
> + sudo mount --bind /dev ${BUILDCHROOT_DIR}/dev
> + sudo mount -t proc none ${BUILDCHROOT_DIR}/proc
> + sudo mount -t sysfs none ${BUILDCHROOT_DIR}/sys
> }
>
> addtask setup_mounts after do_build
>
> do_cleanup_mounts() {
> sudo umount ${BUILDCHROOT_DIR}/isar-apt 2>/dev/null || true
> + sudo umount ${BUILDCHROOT_DIR}/dev 2>/dev/null || true
> + sudo umount ${BUILDCHROOT_DIR}/proc 2>/dev/null || true
> + sudo umount ${BUILDCHROOT_DIR}/sys 2>/dev/null || true
> }
> diff --git a/meta/recipes-devtools/buildchroot/files/configscript.sh
> b/meta/recipes-devtools/buildchroot/files/configscript.sh index
> 9813c9a..524e50c 100644 ---
> a/meta/recipes-devtools/buildchroot/files/configscript.sh +++
> b/meta/recipes-devtools/buildchroot/files/configscript.sh @@ -39,10
> +39,6 @@ export LC_ALL=C LANGUAGE=C LANG=C #run pre installation
> script /var/lib/dpkg/info/dash.preinst install
>
> -# apt-get http method, gpg require /dev/null
> -mount -t devtmpfs -o mode=0755,nosuid devtmpfs /dev
> -
> #configuring packages
> dpkg --configure -a
> apt-get update
> -umount /dev
> diff --git
> a/meta/recipes-devtools/buildchroot/files/download_dev-random
> b/meta/recipes-devtools/buildchroot/files/download_dev-random deleted
> file mode 100644 index 5b5b96b..0000000 ---
> a/meta/recipes-devtools/buildchroot/files/download_dev-random
> +++ /dev/null @@ -1,13 +0,0 @@
> -#!/bin/sh
> -
> -set -e
> -
> -readonly ROOTFS="$1"
> -
> -mknod "${ROOTFS}/dev/random" c 1 8
> -chmod 640 "${ROOTFS}/dev/random"
> -chown 0:0 "${ROOTFS}/dev/random"
> -
> -mknod "${ROOTFS}/dev/urandom" c 1 9
> -chmod 640 "${ROOTFS}/dev/urandom"
> -chown 0:0 "${ROOTFS}/dev/urandom"
next prev parent reply other threads:[~2018-02-09 12:33 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-06 19:55 Alexander Smirnov
2018-02-06 20:31 ` Jan Kiszka
2018-02-06 20:45 ` Alexander Smirnov
2018-02-06 20:56 ` Jan Kiszka
2018-02-06 21:10 ` Alexander Smirnov
2018-02-09 9:56 ` Alexander Smirnov
2018-02-09 12:33 ` Henning Schild [this message]
2018-02-09 12:35 ` Jan Kiszka
2018-02-09 12:40 ` Henning Schild
2018-02-09 12:41 ` Jan Kiszka
2018-02-09 13:08 ` Alexander Smirnov
2018-02-09 13:14 ` Jan Kiszka
2018-02-09 13:39 ` Alexander Smirnov
2018-02-09 13:19 ` Henning Schild
2018-02-09 15:04 ` Henning Schild
2018-02-09 15:29 ` Alexander Smirnov
2018-02-09 13:14 ` Henning Schild
2018-02-09 13:19 ` Jan Kiszka
2018-02-09 13:29 ` Henning Schild
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180209133340.681c00b5@mmd1pvb1c.ad001.siemens.net \
--to=henning.schild@siemens.com \
--cc=asmirnov@ilbers.de \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox