From: claudius.heine.ext@siemens.com
To: isar-users@googlegroups.com
Cc: Claudius Heine <ch@denx.de>
Subject: [PATCH 1/1] meta/isar-bootstrap: deactivate daemon activation in chroot environment
Date: Mon, 4 Jun 2018 13:21:59 +0200 [thread overview]
Message-ID: <20180604112159.18605-2-claudius.heine.ext@siemens.com> (raw)
In-Reply-To: <20180604112159.18605-1-claudius.heine.ext@siemens.com>
From: Claudius Heine <ch@denx.de>
Daemons are started in postinst steps of debian packages. Those daemons
should not be started within the chroot environment, since they will be
left running.
This commit disables the execution of daemons the same way upstream
debian does it in debootstrap and debian-installer, by replacing deamon
executing binaries with fake ones.
This is then reversed in the image cleanup step.
Signed-off-by: Claudius Heine <ch@denx.de>
---
meta/classes/isar-bootstrap-helper.bbclass | 2 +
.../isar-bootstrap/files/chroot-setup.sh | 133 ++++++++++++++++++
.../isar-bootstrap/isar-bootstrap.bb | 11 +-
3 files changed, 144 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-core/isar-bootstrap/files/chroot-setup.sh
diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass
index 4195a88..6101e9a 100644
--- a/meta/classes/isar-bootstrap-helper.bbclass
+++ b/meta/classes/isar-bootstrap-helper.bbclass
@@ -74,5 +74,7 @@ setup_root_file_system() {
/usr/bin/apt-get autoremove --purge --yes
sudo -E chroot "$ROOTFSDIR" \
/usr/bin/apt-get clean
+ sudo "$ROOTFSDIR/chroot-setup.sh" "cleanup" "$ROOTFSDIR"
+ sudo rm -f "$ROOTFSDIR/chroot-setup.sh"
fi
}
diff --git a/meta/recipes-core/isar-bootstrap/files/chroot-setup.sh b/meta/recipes-core/isar-bootstrap/files/chroot-setup.sh
new file mode 100644
index 0000000..801e005
--- /dev/null
+++ b/meta/recipes-core/isar-bootstrap/files/chroot-setup.sh
@@ -0,0 +1,133 @@
+#!/bin/sh
+# This file is based on:
+# https://salsa.debian.org/installer-team/debian-installer-utils/blob/master/chroot-setup.sh
+
+usage() {
+ cat <<-EOF 1>&2
+ Script to setup and cleanup chroot environments.
+ This script setups chroot environments so that
+ startup of daemons from debian package scripts
+ is prevented.
+
+ Usage:
+ $(basename $0) [command] [parameters]
+ commands:
+ setup [target path] Setup chroot environment
+ cleanup [target path] Cleanup chroot environment
+ EOF
+}
+
+check_target() {
+ TARGET="${1:-""}"
+
+ if [ -z "${TARGET}" ]; then
+ echo "Please set a target." 1>&2
+ echo 1>&2
+ usage
+ return 1
+ fi
+
+ # Bail out if directories we need are not there
+ if [ ! -d "/${TARGET}/sbin" ] || [ ! -d "/${TARGET}/usr/sbin" ] || \
+ [ ! -d "/${TARGET}/proc" ]; then
+ echo "Target '${TARGET}' does not exist or does contain"\
+ "required directories" 1>&2
+ echo 1>&2
+ usage
+ return 1
+ fi
+
+ return 0
+}
+
+divert () {
+ TARGET="${1:-""}"
+
+ check_target "${TARGET}" || return 1
+
+ chroot "/${TARGET}" dpkg-divert --quiet --add --divert "$2.REAL" --rename "$2"
+}
+
+undivert () {
+ TARGET="${1:-""}"
+
+ check_target "${TARGET}" || return 1
+
+ rm -f "/${TARGET}$2"
+ chroot "/${TARGET}" dpkg-divert --quiet --remove --rename "$2"
+}
+
+chroot_setup() {
+ TARGET="${1:-""}"
+
+ check_target "${TARGET}" || return 1
+
+ # Create a policy-rc.d to stop maintainer scripts using invoke-rc.d
+ # from running init scripts. In case of maintainer scripts that do not
+ # use invoke-rc.d, add a dummy start-stop-daemon.
+ cat > "/${TARGET}/usr/sbin/policy-rc.d" <<-EOF
+ #!/bin/sh
+ exit 101
+ EOF
+ chmod a+rx "/${TARGET}/usr/sbin/policy-rc.d"
+
+ if [ -e "/${TARGET}/sbin/start-stop-daemon" ]; then
+ divert "${TARGET}" /sbin/start-stop-daemon
+ fi
+ cat > "/${TARGET}/sbin/start-stop-daemon" <<-EOF
+ #!/bin/sh
+ echo 1>&2
+ echo 'Warning: Fake start-stop-daemon called, doing nothing.' 1>&2
+ exit 0
+ EOF
+ chmod a+rx "/${TARGET}/sbin/start-stop-daemon"
+
+ # If Upstart is in use, add a dummy initctl to stop it starting jobs.
+ if [ -x "/${TARGET}/sbin/initctl" ]; then
+ divert "${TARGET}" /sbin/initctl
+ cat > "/${TARGET}/sbin/initctl" <<-EOF
+ #!/bin/sh
+ if [ "\$1" = version ]; then exec /sbin/initctl.REAL "\$@"; fi
+ echo 1>&2
+ echo 'Warning: Fake initctl called, doing nothing.' 1>&2
+ exit 0
+ EOF
+ chmod a+rx "/${TARGET}/sbin/initctl"
+ fi
+}
+
+chroot_cleanup() {
+ TARGET="${1:-""}"
+
+ check_target "${TARGET}" || return 1
+
+ rm -f "/${TARGET}/usr/sbin/policy-rc.d"
+ undivert "${TARGET}" /sbin/start-stop-daemon
+ if [ -x "/${TARGET}/sbin/initctl.REAL" ]; then
+ undivert "${TARGET}" /sbin/initctl
+ fi
+}
+
+main() {
+ CMD="${1:-""}"
+
+ if [ -z "${CMD}" ]; then
+ usage
+ return 1
+ fi
+ shift
+
+ case "${CMD}" in
+ "setup")
+ chroot_setup $@;;
+ "cleanup")
+ chroot_cleanup $@;;
+ *)
+ echo "Unknown command '${CMD}'." 1>&2
+ echo 1>&2
+ usage
+ return 1;;
+ esac
+}
+
+main $@
diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb b/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb
index 02c09aa..5b44f8a 100644
--- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb
+++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb
@@ -13,7 +13,8 @@ FILESPATH_prepend := "${THISDIR}/files:"
SRC_URI = " \
file://isar-apt.conf \
file://isar-apt-fallback.conf \
- file://locale"
+ file://locale \
+ file://chroot-setup.sh"
PV = "1.0"
WORKDIR = "${TMPDIR}/work/${DISTRO}-${DISTRO_ARCH}/${PN}"
@@ -201,6 +202,12 @@ do_set_locale() {
}
addtask set_locale after do_bootstrap
+do_setup_chroot() {
+ sudo install -v -m755 "${WORKDIR}/chroot-setup.sh" "${ROOTFSDIR}/chroot-setup.sh"
+ sudo "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}"
+}
+addtask setup_chroot before do_build after do_bootstrap
+
def get_host_release():
import platform
rel = platform.release()
@@ -237,7 +244,7 @@ do_apt_update() {
sudo -E chroot "${ROOTFSDIR}" /usr/bin/apt-get dist-upgrade -y \
-o Debug::pkgProblemResolver=yes
}
-addtask apt_update before do_build after do_apt_config_install do_set_locale
+addtask apt_update before do_build after do_apt_config_install do_set_locale do_setup_chroot
python() {
if d.getVar("ISAR_BOOTSTRAP_TARBALL", True):
--
2.17.1
next prev parent reply other threads:[~2018-06-04 11:22 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-04 11:21 [PATCH 0/1] Disable daemon activation claudius.heine.ext
2018-06-04 11:21 ` claudius.heine.ext [this message]
2018-06-05 11:05 ` [PATCH 1/1] meta/isar-bootstrap: deactivate daemon activation in chroot environment Jan Kiszka
2018-06-04 17:36 ` [PATCH 0/1] Disable daemon activation Henning Schild
2018-06-04 17:48 ` Claudius Heine
2018-06-04 18:02 ` Henning Schild
2018-06-05 8:42 ` Maxim Yu. Osipov
2018-06-05 11:52 ` Claudius Heine
2018-06-05 12:38 ` Maxim Yu. Osipov
2018-06-05 12:45 ` Claudius Heine
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180604112159.18605-2-claudius.heine.ext@siemens.com \
--to=claudius.heine.ext@siemens.com \
--cc=ch@denx.de \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox