[PATCH] linux-custom: Build as "builder:builder" and not as root

public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed

* [PATCH] linux-custom: Build as "builder:builder" and not as root
@ 2018-11-22 16:17 Henning Schild
  2018-11-23 12:35 ` Maxim Yu. Osipov
  0 siblings, 1 reply; 2+ messages in thread
From: Henning Schild @ 2018-11-22 16:17 UTC (permalink / raw)
  To: isar-users; +Cc: Henning Schild

In line with previous patches, avoid "root" in buildchroot to avoid
permission problems between the host and the chroot.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
---
 meta/recipes-kernel/linux/files/build-kernel.sh | 10 ++++------
 meta/recipes-kernel/linux/linux-custom.inc      |  8 +++-----
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/meta/recipes-kernel/linux/files/build-kernel.sh b/meta/recipes-kernel/linux/files/build-kernel.sh
index 32d62bf..dbd6162 100644
--- a/meta/recipes-kernel/linux/files/build-kernel.sh
+++ b/meta/recipes-kernel/linux/files/build-kernel.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 # Custom kernel build
 #
@@ -7,10 +7,9 @@
 #
 # SPDX-License-Identifier: MIT
 
-set -e
+source /isar/common.sh
 
 host_arch=$(dpkg --print-architecture)
-target_arch=$2
 
 if [ "$host_arch" != "$target_arch" ]; then
     case $target_arch in
@@ -33,7 +32,6 @@ REPACK_DIR="$1/../repack"
 REPACK_LINUX_IMAGE_DIR="${REPACK_DIR}/linux-image"
 REPACK_LINUX_HEADERS_DIR="${REPACK_DIR}/linux-headers"
 
-cd $1
 if [ -e .config ]; then
 	make olddefconfig
 else
@@ -118,9 +116,9 @@ dpkg-gencontrol -crepack/debian/control \
 	-DDepends="${KERNEL_HEADERS_DEBIAN_DEPENDS}" \
 	-DArchitecture=$target_arch
 
-dpkg-deb -b ${REPACK_LINUX_IMAGE_DIR} \
+fakeroot dpkg-deb -b ${REPACK_LINUX_IMAGE_DIR} \
 	linux-image-${KERNEL_NAME}_${PV}-1_${KERNEL_NAME}.deb
 rm -f linux-image-${PV}_${PV}-1_*.deb
-dpkg-deb -b ${REPACK_LINUX_HEADERS_DIR} \
+fakeroot dpkg-deb -b ${REPACK_LINUX_HEADERS_DIR} \
 	linux-headers-${KERNEL_NAME}_${PV}-1_${KERNEL_NAME}.deb
 rm -f linux-headers-${PV}_${PV}-1_*.deb
diff --git a/meta/recipes-kernel/linux/linux-custom.inc b/meta/recipes-kernel/linux/linux-custom.inc
index d9b2935..f33bb9d 100644
--- a/meta/recipes-kernel/linux/linux-custom.inc
+++ b/meta/recipes-kernel/linux/linux-custom.inc
@@ -47,11 +47,9 @@ do_install_builddeps[lockfiles] += "${REPO_ISAR_DIR}/isar.lock"
 do_install_builddeps[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
 
 dpkg_runbuild() {
-	# Install package builder script
-	sudo install -m 755 ${WORKDIR}/build-kernel.sh ${BUILDCHROOT_DIR}
-
+	chmod +x ${WORKDIR}/build-kernel.sh
 	if [ -n "${KERNEL_DEFCONFIG}" ]; then
-		sudo cp ${WORKDIR}/${KERNEL_DEFCONFIG} ${S}/.config
+		cp ${WORKDIR}/${KERNEL_DEFCONFIG} ${S}/.config
 	fi
 
 	E="${@ bb.utils.export_proxies(d)}"
@@ -63,5 +61,5 @@ dpkg_runbuild() {
 	export KERNEL_DEBIAN_DEPENDS="${KERNEL_DEBIAN_DEPENDS}"
 	export KERNEL_HEADERS_DEBIAN_DEPENDS="${KERNEL_HEADERS_DEBIAN_DEPENDS}"
 
-	sudo -E chroot ${BUILDCHROOT_DIR} /build-kernel.sh ${PP}/${PPS} ${DISTRO_ARCH}
+	sudo -E chroot --userspec=$( id -u ):$( id -g ) ${BUILDCHROOT_DIR} ${PP}/build-kernel.sh ${PP}/${PPS} ${DISTRO_ARCH}
 }
-- 
2.19.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] linux-custom: Build as "builder:builder" and not as root
  2018-11-22 16:17 [PATCH] linux-custom: Build as "builder:builder" and not as root Henning Schild
@ 2018-11-23 12:35 ` Maxim Yu. Osipov
  0 siblings, 0 replies; 2+ messages in thread
From: Maxim Yu. Osipov @ 2018-11-23 12:35 UTC (permalink / raw)
  To: Henning Schild, isar-users

On 11/22/18 7:17 PM, Henning Schild wrote:
> In line with previous patches, avoid "root" in buildchroot to avoid
> permission problems between the host and the chroot.

Applied to the 'next',

Thanks,
Maxim.

> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
>   meta/recipes-kernel/linux/files/build-kernel.sh | 10 ++++------
>   meta/recipes-kernel/linux/linux-custom.inc      |  8 +++-----
>   2 files changed, 7 insertions(+), 11 deletions(-)
> 
> diff --git a/meta/recipes-kernel/linux/files/build-kernel.sh b/meta/recipes-kernel/linux/files/build-kernel.sh
> index 32d62bf..dbd6162 100644
> --- a/meta/recipes-kernel/linux/files/build-kernel.sh
> +++ b/meta/recipes-kernel/linux/files/build-kernel.sh
> @@ -1,4 +1,4 @@
> -#!/bin/sh
> +#!/bin/bash
>   #
>   # Custom kernel build
>   #
> @@ -7,10 +7,9 @@
>   #
>   # SPDX-License-Identifier: MIT
>   
> -set -e
> +source /isar/common.sh
>   
>   host_arch=$(dpkg --print-architecture)
> -target_arch=$2
>   
>   if [ "$host_arch" != "$target_arch" ]; then
>       case $target_arch in
> @@ -33,7 +32,6 @@ REPACK_DIR="$1/../repack"
>   REPACK_LINUX_IMAGE_DIR="${REPACK_DIR}/linux-image"
>   REPACK_LINUX_HEADERS_DIR="${REPACK_DIR}/linux-headers"
>   
> -cd $1
>   if [ -e .config ]; then
>   	make olddefconfig
>   else
> @@ -118,9 +116,9 @@ dpkg-gencontrol -crepack/debian/control \
>   	-DDepends="${KERNEL_HEADERS_DEBIAN_DEPENDS}" \
>   	-DArchitecture=$target_arch
>   
> -dpkg-deb -b ${REPACK_LINUX_IMAGE_DIR} \
> +fakeroot dpkg-deb -b ${REPACK_LINUX_IMAGE_DIR} \
>   	linux-image-${KERNEL_NAME}_${PV}-1_${KERNEL_NAME}.deb
>   rm -f linux-image-${PV}_${PV}-1_*.deb
> -dpkg-deb -b ${REPACK_LINUX_HEADERS_DIR} \
> +fakeroot dpkg-deb -b ${REPACK_LINUX_HEADERS_DIR} \
>   	linux-headers-${KERNEL_NAME}_${PV}-1_${KERNEL_NAME}.deb
>   rm -f linux-headers-${PV}_${PV}-1_*.deb
> diff --git a/meta/recipes-kernel/linux/linux-custom.inc b/meta/recipes-kernel/linux/linux-custom.inc
> index d9b2935..f33bb9d 100644
> --- a/meta/recipes-kernel/linux/linux-custom.inc
> +++ b/meta/recipes-kernel/linux/linux-custom.inc
> @@ -47,11 +47,9 @@ do_install_builddeps[lockfiles] += "${REPO_ISAR_DIR}/isar.lock"
>   do_install_builddeps[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
>   
>   dpkg_runbuild() {
> -	# Install package builder script
> -	sudo install -m 755 ${WORKDIR}/build-kernel.sh ${BUILDCHROOT_DIR}
> -
> +	chmod +x ${WORKDIR}/build-kernel.sh
>   	if [ -n "${KERNEL_DEFCONFIG}" ]; then
> -		sudo cp ${WORKDIR}/${KERNEL_DEFCONFIG} ${S}/.config
> +		cp ${WORKDIR}/${KERNEL_DEFCONFIG} ${S}/.config
>   	fi
>   
>   	E="${@ bb.utils.export_proxies(d)}"
> @@ -63,5 +61,5 @@ dpkg_runbuild() {
>   	export KERNEL_DEBIAN_DEPENDS="${KERNEL_DEBIAN_DEPENDS}"
>   	export KERNEL_HEADERS_DEBIAN_DEPENDS="${KERNEL_HEADERS_DEBIAN_DEPENDS}"
>   
> -	sudo -E chroot ${BUILDCHROOT_DIR} /build-kernel.sh ${PP}/${PPS} ${DISTRO_ARCH}
> +	sudo -E chroot --userspec=$( id -u ):$( id -g ) ${BUILDCHROOT_DIR} ${PP}/build-kernel.sh ${PP}/${PPS} ${DISTRO_ARCH}
>   }
> 


-- 
Maxim Osipov
ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn
Germany
+49 (151) 6517 6917
mosipov@ilbers.de
http://ilbers.de/
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2018-11-23 12:35 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-22 16:17 [PATCH] linux-custom: Build as "builder:builder" and not as root Henning Schild
2018-11-23 12:35 ` Maxim Yu. Osipov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox