From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6563188158450630656 X-Received: by 2002:adf:c707:: with SMTP id k7-v6mr1818784wrg.18.1528198612787; Tue, 05 Jun 2018 04:36:52 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:7202:: with SMTP id n2-v6ls576283wmc.10.canary-gmail; Tue, 05 Jun 2018 04:36:52 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIXN+E3p2LmwfEnUxor/zk63OFVHZdYqNP/f54rk5ywvRI7Kixjv1h4lafzBBupU3fLWsjA X-Received: by 2002:a1c:5b0b:: with SMTP id p11-v6mr2100758wmb.11.1528198612356; Tue, 05 Jun 2018 04:36:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528198612; cv=none; d=google.com; s=arc-20160816; b=pDrgLMDfmKU41qUC0XQvgJiXlaEXutnO2UpEJhyh/kF6b5mPQhDHMCNq8ktF6igodB 8gYaA3r3REihPWZt+9IxYBWik0kl6p6qdIWHTSzTUaxbiMh2JYSuRzfr0tor6Jsk7Mrk QeTmWrUCB4vxS0m9bqvrz30NR2JfYd3vXJzmv4xAAEP6a18qBfAS7T5KhlZDhrVYWlxx vuzY7I3KZ1W2fbmZKblfCE5vQtnvf31IbdD7eFqFRNsekRozfx5ha/3rzOVwexeQzYeR abIf9IIbw6ztiY8wEZJqUOmsfDaEVokmJBVqbCByA8s6A4wtlGHfgDh4wiqgU60FYZae qrOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=a0jeAAwVTPCAEirrslgNr4uYUEXWu73ZGs9R9iDhBWA=; b=i4BzD73Pl/rwd2ppWhERgHLYf1r8KaHz8ALcYRAvJ3sDxapzi+j3CNJA4d2cRqGs+6 a/OGlBcbGOjAxJ7z/nIkDBysREY5en7QOeiwKBYP06+VY3MubrIC3RfDVM0jFeQ3iuVk 10164Lwfu/8nTwWtPZrtk5qEcnHRVtO/zBUygnfgOQe0nfXtXotVxZ+6mb5gwQ1JbagK 3BUQvHT/jScPzfV4vOq4zT8G7MO10LMtQBaxDhsXiY+SzHgxRygtJeMj694JfcbauDN8 WlcweLm8mlY8YgfiTO4G5cWODo9aRn0O/YyqH0cZiiQf0b1R5AnlWnmhPepl5EqP5jD/ KY3A== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com Return-Path: Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39]) by gmr-mx.google.com with ESMTPS id v3-v6si40194wmh.0.2018.06.05.04.36.52 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Jun 2018 04:36:52 -0700 (PDT) Received-SPF: pass (google.com: domain of claudius.heine.ext@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of claudius.heine.ext@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=claudius.heine.ext@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id w55Bap6b009668 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 5 Jun 2018 13:36:51 +0200 Received: from ring.ppmd.siemens.net (linux-ses-ext02.ppmd.siemens.net [139.25.69.69]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id w55Bappl023204; Tue, 5 Jun 2018 13:36:51 +0200 From: claudius.heine.ext@siemens.com To: isar-users@googlegroups.com Cc: Claudius Heine Subject: [PATCH v2 1/1] meta/isar-bootstrap: deactivate daemon activation in chroot environment Date: Tue, 5 Jun 2018 13:36:45 +0200 Message-Id: <20180605113645.27936-2-claudius.heine.ext@siemens.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180605113645.27936-1-claudius.heine.ext@siemens.com> References: <20180605113645.27936-1-claudius.heine.ext@siemens.com> X-TUID: cnpk8OAq0ziN From: Claudius Heine Daemons are started in postinst steps of debian packages. Those daemons should not be started within the chroot environment, since they will be left running. This commit disables the execution of daemons the same way upstream debian does it in debootstrap and debian-installer, by replacing deamon executing binaries with fake ones. This is then reversed in the image cleanup step. Signed-off-by: Claudius Heine --- meta/classes/isar-bootstrap-helper.bbclass | 2 + .../isar-bootstrap/files/chroot-setup.sh | 146 ++++++++++++++++++ .../isar-bootstrap/isar-bootstrap.bb | 11 +- 3 files changed, 157 insertions(+), 2 deletions(-) create mode 100644 meta/recipes-core/isar-bootstrap/files/chroot-setup.sh diff --git a/meta/classes/isar-bootstrap-helper.bbclass b/meta/classes/isar-bootstrap-helper.bbclass index 2d95ed6..a3f1686 100644 --- a/meta/classes/isar-bootstrap-helper.bbclass +++ b/meta/classes/isar-bootstrap-helper.bbclass @@ -67,5 +67,7 @@ setup_root_file_system() { /usr/bin/apt-get autoremove --purge --yes sudo -E chroot "$ROOTFSDIR" \ /usr/bin/apt-get clean + sudo "$ROOTFSDIR/chroot-setup.sh" "cleanup" "$ROOTFSDIR" + sudo rm -f "$ROOTFSDIR/chroot-setup.sh" fi } diff --git a/meta/recipes-core/isar-bootstrap/files/chroot-setup.sh b/meta/recipes-core/isar-bootstrap/files/chroot-setup.sh new file mode 100644 index 0000000..47d295b --- /dev/null +++ b/meta/recipes-core/isar-bootstrap/files/chroot-setup.sh @@ -0,0 +1,146 @@ +#!/bin/sh +# +# Copyright (c) David Whedon , 2001 +# Copyright (c) Tollef Fog Heen , 2002 +# Copyright (c) Thorsten Sauter , 2003 +# Copyright (c) Rob Landley , 2003 +# Copyright (c) Joey Hess , 2003 +# Copyright (c) Colin Watson , 2005 +# Copyright (c) Siemens AG, 2018 (changes authored by Claudius Heine ) +# +# This file is based on: +# https://salsa.debian.org/installer-team/debian-installer-utils/blob/master/chroot-setup.sh +# Link to the original copyright notice: +# https://salsa.debian.org/installer-team/debian-installer-utils/blob/master/debian/copyright +# +# SPDX-License-Identifier: GPL-2.0 + +usage() { + cat <<-EOF 1>&2 + Script to setup and cleanup chroot environments. + This script setups chroot environments so that + startup of daemons from debian package scripts + is prevented. + + Usage: + $(basename $0) [command] [parameters] + commands: + setup [target path] Setup chroot environment + cleanup [target path] Cleanup chroot environment + EOF +} + +check_target() { + TARGET="${1:-""}" + + if [ -z "${TARGET}" ]; then + echo "Please set a target." 1>&2 + echo 1>&2 + usage + return 1 + fi + + # Bail out if directories we need are not there + if [ ! -d "/${TARGET}/sbin" ] || [ ! -d "/${TARGET}/usr/sbin" ] || \ + [ ! -d "/${TARGET}/proc" ]; then + echo "Target '${TARGET}' does not exist or does contain"\ + "required directories" 1>&2 + echo 1>&2 + usage + return 1 + fi + + return 0 +} + +divert () { + TARGET="${1:-""}" + + check_target "${TARGET}" || return 1 + + chroot "/${TARGET}" dpkg-divert --quiet --add --divert "$2.REAL" --rename "$2" +} + +undivert () { + TARGET="${1:-""}" + + check_target "${TARGET}" || return 1 + + rm -f "/${TARGET}$2" + chroot "/${TARGET}" dpkg-divert --quiet --remove --rename "$2" +} + +chroot_setup() { + TARGET="${1:-""}" + + check_target "${TARGET}" || return 1 + + # Create a policy-rc.d to stop maintainer scripts using invoke-rc.d + # from running init scripts. In case of maintainer scripts that do not + # use invoke-rc.d, add a dummy start-stop-daemon. + cat > "/${TARGET}/usr/sbin/policy-rc.d" <<-EOF + #!/bin/sh + exit 101 + EOF + chmod a+rx "/${TARGET}/usr/sbin/policy-rc.d" + + if [ -e "/${TARGET}/sbin/start-stop-daemon" ]; then + divert "${TARGET}" /sbin/start-stop-daemon + fi + cat > "/${TARGET}/sbin/start-stop-daemon" <<-EOF + #!/bin/sh + echo 1>&2 + echo 'Warning: Fake start-stop-daemon called, doing nothing.' 1>&2 + exit 0 + EOF + chmod a+rx "/${TARGET}/sbin/start-stop-daemon" + + # If Upstart is in use, add a dummy initctl to stop it starting jobs. + if [ -x "/${TARGET}/sbin/initctl" ]; then + divert "${TARGET}" /sbin/initctl + cat > "/${TARGET}/sbin/initctl" <<-EOF + #!/bin/sh + if [ "\$1" = version ]; then exec /sbin/initctl.REAL "\$@"; fi + echo 1>&2 + echo 'Warning: Fake initctl called, doing nothing.' 1>&2 + exit 0 + EOF + chmod a+rx "/${TARGET}/sbin/initctl" + fi +} + +chroot_cleanup() { + TARGET="${1:-""}" + + check_target "${TARGET}" || return 1 + + rm -f "/${TARGET}/usr/sbin/policy-rc.d" + undivert "${TARGET}" /sbin/start-stop-daemon + if [ -x "/${TARGET}/sbin/initctl.REAL" ]; then + undivert "${TARGET}" /sbin/initctl + fi +} + +main() { + CMD="${1:-""}" + + if [ -z "${CMD}" ]; then + usage + return 1 + fi + shift + + case "${CMD}" in + "setup") + chroot_setup $@;; + "cleanup") + chroot_cleanup $@;; + *) + echo "Unknown command '${CMD}'." 1>&2 + echo 1>&2 + usage + return 1;; + esac +} + +main $@ diff --git a/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb b/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb index bb3992b..497a4f4 100644 --- a/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb +++ b/meta/recipes-core/isar-bootstrap/isar-bootstrap.bb @@ -13,7 +13,8 @@ FILESPATH_prepend := "${THISDIR}/files:" SRC_URI = " \ file://isar-apt.conf \ file://isar-apt-fallback.conf \ - file://locale" + file://locale \ + file://chroot-setup.sh" PV = "1.0" WORKDIR = "${TMPDIR}/work/${DISTRO}-${DISTRO_ARCH}/${PN}" @@ -201,6 +202,12 @@ do_set_locale() { } addtask set_locale after do_bootstrap +do_setup_chroot() { + sudo install -v -m755 "${WORKDIR}/chroot-setup.sh" "${ROOTFSDIR}/chroot-setup.sh" + sudo "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}" +} +addtask setup_chroot before do_build after do_bootstrap + def get_host_release(): import platform rel = platform.release() @@ -237,7 +244,7 @@ do_apt_update() { sudo -E chroot "${ROOTFSDIR}" /usr/bin/apt-get dist-upgrade -y \ -o Debug::pkgProblemResolver=yes } -addtask apt_update before do_build after do_apt_config_install do_set_locale +addtask apt_update before do_build after do_apt_config_install do_set_locale do_setup_chroot do_deploy[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}" do_deploy[dirs] = "${DEPLOY_DIR_IMAGE}" -- 2.17.1