From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6563188158450630656 X-Received: by 2002:adf:f011:: with SMTP id j17-v6mr1471756wro.31.1528111323980; Mon, 04 Jun 2018 04:22:03 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a5d:4345:: with SMTP id u5-v6ls683842wrr.1.gmail; Mon, 04 Jun 2018 04:22:03 -0700 (PDT) X-Google-Smtp-Source: ADUXVKII2jmhgg/XyhMvMi7wXt3X68Gr5LE7Jbrx1Hg3qajbod0My24luCGxqvoPrFRvnoJhpusT X-Received: by 2002:adf:cc82:: with SMTP id p2-v6mr1527688wrj.2.1528111323583; Mon, 04 Jun 2018 04:22:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528111323; cv=none; d=google.com; s=arc-20160816; b=trk4+3PAQ3hNsLKQuix72pKymhtcDwg3JbcBQavh2O8MCx8WzFVmBr5nzEVgk7K5vD ZDcEK3mDYXXGnSAqOHBPYb3baXpLn8KL2TKAb4TJbeZUQrZr2WxDeS8Ga6qCKWepklFg j2+37aDl9ifgj4SaOjhqdBcXmzRdDJVOSMXdMK3LpDc1dxRwK4XBpEtySzdQY+mpX9GL N1MNTOb1ISep8cCJenwg8Yj/MhpnWOjCBjhUHOlg7rYb1ndbRpGcnoITe8gCDuc5Q0Q8 +XsDNEkUnlGG6I+AzxtUAV9ewzdJFYQ61/HIIY0MxN2ZWaJlTpawYuLekS1VtktxwZ8z hggw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=Iskvq7vQu3LMZVt4Iqe/LwN5OWgKs3uNI1ESlayK1WA=; b=cTw8B3r5vW17XJWQWiWBggubMlsAjYNhSa8PRHp6UQOcmmQDtqPOvjYaTj/A9Wb9O1 W1QeQGViuNGr9hvTqzxZk6xWoBDo00ys7R/+XdnmcTqxKznlKuqfajFGf9+aL9pINRgz PXdA57i/6VsR9PoNECe3tFgxxdOQgVDnERpO08+BflltcbKsEPlaJXC80WT02bMtsPO2 qgIOFlL54iGmoaZh6GgNOe6bADmjH42wGmVC3+henvV86aO1n+WBXDiFVLP32SJAHAtp 7jA2C9S5hdfsiurChImMQdEejmNQccrJUPbzkBRwQzwFPG0S9z5LXRvdrCeSK8iFU01d oRDA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id l14-v6si17115wmh.0.2018.06.04.04.22.03 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Jun 2018 04:22:03 -0700 (PDT) Received-SPF: pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id w54BM2Qq013291 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 4 Jun 2018 13:22:02 +0200 Received: from ring.ppmd.siemens.net (linux-ses-ext02.ppmd.siemens.net [139.25.69.69]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id w54BM264028851; Mon, 4 Jun 2018 13:22:02 +0200 From: claudius.heine.ext@siemens.com To: isar-users@googlegroups.com Cc: Claudius Heine Subject: [PATCH 1/1] meta/isar-bootstrap: deactivate daemon activation in chroot environment Date: Mon, 4 Jun 2018 13:21:59 +0200 Message-Id: <20180604112159.18605-2-claudius.heine.ext@siemens.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180604112159.18605-1-claudius.heine.ext@siemens.com> References: <20180604112159.18605-1-claudius.heine.ext@siemens.com> X-TUID: 0xl6T3Pbx7kM From: Claudius Heine Daemons are started in postinst steps of debian packages. Those daemons should not be started within the chroot environment, since they will be left running. This commit disables the execution of daemons the same way upstream debian does it in debootstrap and debian-installer, by replacing deamon executing binaries with fake ones. This is then reversed in the image cleanup step. Signed-off-by: Claudius Heine --- meta/classes/isar-bootstrap-helper.bbclass | 2 + .../isar-bootstrap/files/chroot-setup.sh | 133 ++++++++++++++++++ .../isar-bootstrap/isar-bootstrap.bb | 11 +- 3 files changed, 144 insertions(+), 2 deletions(-) create mode 100644 meta/recipes-core/isar-bootstrap/files/chroot-setup.sh diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass index 4195a88..6101e9a 100644 --- a/meta/classes/isar-bootstrap-helper.bbclass +++ b/meta/classes/isar-bootstrap-helper.bbclass @@ -74,5 +74,7 @@ setup_root_file_system() { /usr/bin/apt-get autoremove --purge --yes sudo -E chroot "$ROOTFSDIR" \ /usr/bin/apt-get clean + sudo "$ROOTFSDIR/chroot-setup.sh" "cleanup" "$ROOTFSDIR" + sudo rm -f "$ROOTFSDIR/chroot-setup.sh" fi } diff --git a/meta/recipes-core/isar-bootstrap/files/chroot-setup.sh b/meta/recipes-core/isar-bootstrap/files/chroot-setup.sh new file mode 100644 index 0000000..801e005 --- /dev/null +++ b/meta/recipes-core/isar-bootstrap/files/chroot-setup.sh @@ -0,0 +1,133 @@ +#!/bin/sh +# This file is based on: +# https://salsa.debian.org/installer-team/debian-installer-utils/blob/master/chroot-setup.sh + +usage() { + cat <<-EOF 1>&2 + Script to setup and cleanup chroot environments. + This script setups chroot environments so that + startup of daemons from debian package scripts + is prevented. + + Usage: + $(basename $0) [command] [parameters] + commands: + setup [target path] Setup chroot environment + cleanup [target path] Cleanup chroot environment + EOF +} + +check_target() { + TARGET="${1:-""}" + + if [ -z "${TARGET}" ]; then + echo "Please set a target." 1>&2 + echo 1>&2 + usage + return 1 + fi + + # Bail out if directories we need are not there + if [ ! -d "/${TARGET}/sbin" ] || [ ! -d "/${TARGET}/usr/sbin" ] || \ + [ ! -d "/${TARGET}/proc" ]; then + echo "Target '${TARGET}' does not exist or does contain"\ + "required directories" 1>&2 + echo 1>&2 + usage + return 1 + fi + + return 0 +} + +divert () { + TARGET="${1:-""}" + + check_target "${TARGET}" || return 1 + + chroot "/${TARGET}" dpkg-divert --quiet --add --divert "$2.REAL" --rename "$2" +} + +undivert () { + TARGET="${1:-""}" + + check_target "${TARGET}" || return 1 + + rm -f "/${TARGET}$2" + chroot "/${TARGET}" dpkg-divert --quiet --remove --rename "$2" +} + +chroot_setup() { + TARGET="${1:-""}" + + check_target "${TARGET}" || return 1 + + # Create a policy-rc.d to stop maintainer scripts using invoke-rc.d + # from running init scripts. In case of maintainer scripts that do not + # use invoke-rc.d, add a dummy start-stop-daemon. + cat > "/${TARGET}/usr/sbin/policy-rc.d" <<-EOF + #!/bin/sh + exit 101 + EOF + chmod a+rx "/${TARGET}/usr/sbin/policy-rc.d" + + if [ -e "/${TARGET}/sbin/start-stop-daemon" ]; then + divert "${TARGET}" /sbin/start-stop-daemon + fi + cat > "/${TARGET}/sbin/start-stop-daemon" <<-EOF + #!/bin/sh + echo 1>&2 + echo 'Warning: Fake start-stop-daemon called, doing nothing.' 1>&2 + exit 0 + EOF + chmod a+rx "/${TARGET}/sbin/start-stop-daemon" + + # If Upstart is in use, add a dummy initctl to stop it starting jobs. + if [ -x "/${TARGET}/sbin/initctl" ]; then + divert "${TARGET}" /sbin/initctl + cat > "/${TARGET}/sbin/initctl" <<-EOF + #!/bin/sh + if [ "\$1" = version ]; then exec /sbin/initctl.REAL "\$@"; fi + echo 1>&2 + echo 'Warning: Fake initctl called, doing nothing.' 1>&2 + exit 0 + EOF + chmod a+rx "/${TARGET}/sbin/initctl" + fi +} + +chroot_cleanup() { + TARGET="${1:-""}" + + check_target "${TARGET}" || return 1 + + rm -f "/${TARGET}/usr/sbin/policy-rc.d" + undivert "${TARGET}" /sbin/start-stop-daemon + if [ -x "/${TARGET}/sbin/initctl.REAL" ]; then + undivert "${TARGET}" /sbin/initctl + fi +} + +main() { + CMD="${1:-""}" + + if [ -z "${CMD}" ]; then + usage + return 1 + fi + shift + + case "${CMD}" in + "setup") + chroot_setup $@;; + "cleanup") + chroot_cleanup $@;; + *) + echo "Unknown command '${CMD}'." 1>&2 + echo 1>&2 + usage + return 1;; + esac +} + +main $@ diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb b/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb index 02c09aa..5b44f8a 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb @@ -13,7 +13,8 @@ FILESPATH_prepend := "${THISDIR}/files:" SRC_URI = " \ file://isar-apt.conf \ file://isar-apt-fallback.conf \ - file://locale" + file://locale \ + file://chroot-setup.sh" PV = "1.0" WORKDIR = "${TMPDIR}/work/${DISTRO}-${DISTRO_ARCH}/${PN}" @@ -201,6 +202,12 @@ do_set_locale() { } addtask set_locale after do_bootstrap +do_setup_chroot() { + sudo install -v -m755 "${WORKDIR}/chroot-setup.sh" "${ROOTFSDIR}/chroot-setup.sh" + sudo "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" +} +addtask setup_chroot before do_build after do_bootstrap + def get_host_release(): import platform rel = platform.release() @@ -237,7 +244,7 @@ do_apt_update() { sudo -E chroot "${ROOTFSDIR}" /usr/bin/apt-get dist-upgrade -y \ -o Debug::pkgProblemResolver=yes } -addtask apt_update before do_build after do_apt_config_install do_set_locale +addtask apt_update before do_build after do_apt_config_install do_set_locale do_setup_chroot python() { if d.getVar("ISAR_BOOTSTRAP_TARBALL", True): -- 2.17.1