[PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly

public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed

* [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly
@ 2018-11-22  9:38 Henning Schild
  2018-11-22  9:38 ` [PATCH 2/2] buildchroot: Assert that we are one of the two valid users Henning Schild
                   ` (3 more replies)
  0 siblings, 4 replies; 7+ messages in thread
From: Henning Schild @ 2018-11-22  9:38 UTC (permalink / raw)
  To: isar-users; +Cc: Henning Schild, Henning Schild

From: Henning Schild <henning@hennsch.de>

Instead of using "su" use "chroot --userspec". That should also be the
pattern for other chroot users that do not need root. i.e. kernel build
and upcoming "apt-get source" fetcher.
This way we can skip all the chowning we had/have to do otherwise.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
---
 meta/classes/dpkg.bbclass                        | 2 +-
 meta/recipes-devtools/buildchroot/files/build.sh | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/meta/classes/dpkg.bbclass b/meta/classes/dpkg.bbclass
index f74c9c9..24b9fe3 100644
--- a/meta/classes/dpkg.bbclass
+++ b/meta/classes/dpkg.bbclass
@@ -19,5 +19,5 @@ do_install_builddeps[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
 # Build package from sources using build script
 dpkg_runbuild() {
     E="${@ bb.utils.export_proxies(d)}"
-    sudo -E chroot ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS} ${DISTRO_ARCH}
+    sudo -E chroot --userspec=$( id -u ):$( id -g ) ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS} ${DISTRO_ARCH}
 }
diff --git a/meta/recipes-devtools/buildchroot/files/build.sh b/meta/recipes-devtools/buildchroot/files/build.sh
index f977b16..1ba394c 100644
--- a/meta/recipes-devtools/buildchroot/files/build.sh
+++ b/meta/recipes-devtools/buildchroot/files/build.sh
@@ -14,5 +14,4 @@ for i in configure aclocal.m4 Makefile.am Makefile.in; do
     fi
 done
 
-# Build the package as user "builder"
-su builder -c "cd $1; dpkg-buildpackage -a$target_arch -d --source-option=-I"
+dpkg-buildpackage -a$target_arch -d --source-option=-I
-- 
2.19.1


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH 2/2] buildchroot: Assert that we are one of the two valid users
  2018-11-22  9:38 [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly Henning Schild
@ 2018-11-22  9:38 ` Henning Schild
  2018-11-23 10:24   ` Maxim Yu. Osipov
  2018-11-22 10:13 ` [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly chombourger
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 7+ messages in thread
From: Henning Schild @ 2018-11-22  9:38 UTC (permalink / raw)
  To: isar-users; +Cc: Henning Schild

Everything we do inside the buildchroot should be done as "root:root" or
"builder:builder" and we depend on "builder:builder" being in sync with
the ids in the system we chroot from.

This assertion will find violations or the odd case where the ids got
out of sync.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
---
 meta/recipes-devtools/buildchroot/files/common.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/buildchroot/files/common.sh b/meta/recipes-devtools/buildchroot/files/common.sh
index ea82bf1..25b0bb6 100644
--- a/meta/recipes-devtools/buildchroot/files/common.sh
+++ b/meta/recipes-devtools/buildchroot/files/common.sh
@@ -7,6 +7,9 @@
 set -e
 printenv | grep -q BB_VERBOSE_LOGS && set -x
 
+# assert we are either "root:root" or "builder:builder"
+[ $( id -un ) = "builder" -a $( id -un ) = "builder" ] || [ $( id -un ) = "root" -a $( id -un ) = "root" ]
+
 # Create human-readable names
 target_arch=$2
 
-- 
2.19.1


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 2/2] buildchroot: Assert that we are one of the two valid users
  2018-11-22  9:38 ` [PATCH 2/2] buildchroot: Assert that we are one of the two valid users Henning Schild
@ 2018-11-23 10:24   ` Maxim Yu. Osipov
  0 siblings, 0 replies; 7+ messages in thread
From: Maxim Yu. Osipov @ 2018-11-23 10:24 UTC (permalink / raw)
  To: Henning Schild, isar-users

On 11/22/18 12:38 PM, Henning Schild wrote:
> Everything we do inside the buildchroot should be done as "root:root" or
> "builder:builder" and we depend on "builder:builder" being in sync with
> the ids in the system we chroot from.
> 
> This assertion will find violations or the odd case where the ids got
> out of sync.

Applied to the 'next',

Thanks,
Maxim.

> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
>   meta/recipes-devtools/buildchroot/files/common.sh | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/meta/recipes-devtools/buildchroot/files/common.sh b/meta/recipes-devtools/buildchroot/files/common.sh
> index ea82bf1..25b0bb6 100644
> --- a/meta/recipes-devtools/buildchroot/files/common.sh
> +++ b/meta/recipes-devtools/buildchroot/files/common.sh
> @@ -7,6 +7,9 @@
>   set -e
>   printenv | grep -q BB_VERBOSE_LOGS && set -x
>   
> +# assert we are either "root:root" or "builder:builder"
> +[ $( id -un ) = "builder" -a $( id -un ) = "builder" ] || [ $( id -un ) = "root" -a $( id -un ) = "root" ]
> +
>   # Create human-readable names
>   target_arch=$2
>   
> 


-- 
Maxim Osipov
ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn
Germany
+49 (151) 6517 6917
mosipov@ilbers.de
http://ilbers.de/
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly
  2018-11-22  9:38 [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly Henning Schild
  2018-11-22  9:38 ` [PATCH 2/2] buildchroot: Assert that we are one of the two valid users Henning Schild
@ 2018-11-22 10:13 ` chombourger
  2018-11-22 12:03   ` Henning Schild
  2018-11-22 13:58 ` Henning Schild
  2018-11-23 10:24 ` Maxim Yu. Osipov
  3 siblings, 1 reply; 7+ messages in thread
From: chombourger @ 2018-11-22 10:13 UTC (permalink / raw)
  To: isar-users


[-- Attachment #1.1: Type: text/plain, Size: 577 bytes --]

cool - I will indeed rework the upcoming dpkg-source class to use this. 
Thanks a bunch for the hint!

On Thursday, November 22, 2018 at 10:38:21 AM UTC+1, Henning Schild wrote:
>
> From: Henning Schild <hen...@hennsch.de <javascript:>> 
>
> Instead of using "su" use "chroot --userspec". That should also be the 
> pattern for other chroot users that do not need root. i.e. kernel build 
> and upcoming "apt-get source" fetcher. 
> This way we can skip all the chowning we had/have to do otherwise. 
>
> Signed-off-by: Henning Schild <henning...@siemens.com <javascript:>> 
>

[-- Attachment #1.2: Type: text/html, Size: 1169 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly
  2018-11-22 10:13 ` [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly chombourger
@ 2018-11-22 12:03   ` Henning Schild
  0 siblings, 0 replies; 7+ messages in thread
From: Henning Schild @ 2018-11-22 12:03 UTC (permalink / raw)
  To: chombourger; +Cc: isar-users

Am Thu, 22 Nov 2018 02:13:25 -0800
schrieb <chombourger@gmail.com>:

> cool - I will indeed rework the upcoming dpkg-source class to use
> this. Thanks a bunch for the hint!

Hehe, and i even forgot the CC, that i wanted to add. Make sure to
source /isar/common.sh as well. That guy should probably evolve to be
the one entry point into buildchroot, no matter what you do there.

Henning

> On Thursday, November 22, 2018 at 10:38:21 AM UTC+1, Henning Schild
> wrote:
> >
> > From: Henning Schild <hen...@hennsch.de <javascript:>> 
> >
> > Instead of using "su" use "chroot --userspec". That should also be
> > the pattern for other chroot users that do not need root. i.e.
> > kernel build and upcoming "apt-get source" fetcher. 
> > This way we can skip all the chowning we had/have to do otherwise. 
> >
> > Signed-off-by: Henning Schild <henning...@siemens.com
> > <javascript:>> 
> 


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly
  2018-11-22  9:38 [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly Henning Schild
  2018-11-22  9:38 ` [PATCH 2/2] buildchroot: Assert that we are one of the two valid users Henning Schild
  2018-11-22 10:13 ` [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly chombourger
@ 2018-11-22 13:58 ` Henning Schild
  2018-11-23 10:24 ` Maxim Yu. Osipov
  3 siblings, 0 replies; 7+ messages in thread
From: Henning Schild @ 2018-11-22 13:58 UTC (permalink / raw)
  To: isar-users

Am Thu, 22 Nov 2018 10:38:17 +0100
schrieb Henning Schild <henning.schild@siemens.com>:

> From: Henning Schild <henning@hennsch.de>

Wrong author ...

Henning

> Instead of using "su" use "chroot --userspec". That should also be the
> pattern for other chroot users that do not need root. i.e. kernel
> build and upcoming "apt-get source" fetcher.
> This way we can skip all the chowning we had/have to do otherwise.
> 
> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
>  meta/classes/dpkg.bbclass                        | 2 +-
>  meta/recipes-devtools/buildchroot/files/build.sh | 3 +--
>  2 files changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/meta/classes/dpkg.bbclass b/meta/classes/dpkg.bbclass
> index f74c9c9..24b9fe3 100644
> --- a/meta/classes/dpkg.bbclass
> +++ b/meta/classes/dpkg.bbclass
> @@ -19,5 +19,5 @@ do_install_builddeps[stamp-extra-info] =
> "${DISTRO}-${DISTRO_ARCH}" # Build package from sources using build
> script dpkg_runbuild() {
>      E="${@ bb.utils.export_proxies(d)}"
> -    sudo -E chroot ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS}
> ${DISTRO_ARCH}
> +    sudo -E chroot --userspec=$( id -u ):$( id -g )
> ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS} ${DISTRO_ARCH} }
> diff --git a/meta/recipes-devtools/buildchroot/files/build.sh
> b/meta/recipes-devtools/buildchroot/files/build.sh index
> f977b16..1ba394c 100644 ---
> a/meta/recipes-devtools/buildchroot/files/build.sh +++
> b/meta/recipes-devtools/buildchroot/files/build.sh @@ -14,5 +14,4 @@
> for i in configure aclocal.m4 Makefile.am Makefile.in; do fi
>  done
>  
> -# Build the package as user "builder"
> -su builder -c "cd $1; dpkg-buildpackage -a$target_arch -d
> --source-option=-I" +dpkg-buildpackage -a$target_arch -d
> --source-option=-I


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly
  2018-11-22  9:38 [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly Henning Schild
                   ` (2 preceding siblings ...)
  2018-11-22 13:58 ` Henning Schild
@ 2018-11-23 10:24 ` Maxim Yu. Osipov
  3 siblings, 0 replies; 7+ messages in thread
From: Maxim Yu. Osipov @ 2018-11-23 10:24 UTC (permalink / raw)
  To: Henning Schild, isar-users; +Cc: Henning Schild

On 11/22/18 12:38 PM, Henning Schild wrote:
> From: Henning Schild <henning@hennsch.de>
> 
> Instead of using "su" use "chroot --userspec". That should also be the
> pattern for other chroot users that do not need root. i.e. kernel build
> and upcoming "apt-get source" fetcher.
> This way we can skip all the chowning we had/have to do otherwise.

Applied to the 'next' (with corrected authorship).

Thanks,
Maxim.

> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
>   meta/classes/dpkg.bbclass                        | 2 +-
>   meta/recipes-devtools/buildchroot/files/build.sh | 3 +--
>   2 files changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/meta/classes/dpkg.bbclass b/meta/classes/dpkg.bbclass
> index f74c9c9..24b9fe3 100644
> --- a/meta/classes/dpkg.bbclass
> +++ b/meta/classes/dpkg.bbclass
> @@ -19,5 +19,5 @@ do_install_builddeps[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
>   # Build package from sources using build script
>   dpkg_runbuild() {
>       E="${@ bb.utils.export_proxies(d)}"
> -    sudo -E chroot ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS} ${DISTRO_ARCH}
> +    sudo -E chroot --userspec=$( id -u ):$( id -g ) ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS} ${DISTRO_ARCH}
>   }
> diff --git a/meta/recipes-devtools/buildchroot/files/build.sh b/meta/recipes-devtools/buildchroot/files/build.sh
> index f977b16..1ba394c 100644
> --- a/meta/recipes-devtools/buildchroot/files/build.sh
> +++ b/meta/recipes-devtools/buildchroot/files/build.sh
> @@ -14,5 +14,4 @@ for i in configure aclocal.m4 Makefile.am Makefile.in; do
>       fi
>   done
>   
> -# Build the package as user "builder"
> -su builder -c "cd $1; dpkg-buildpackage -a$target_arch -d --source-option=-I"
> +dpkg-buildpackage -a$target_arch -d --source-option=-I
> 


-- 
Maxim Osipov
ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn
Germany
+49 (151) 6517 6917
mosipov@ilbers.de
http://ilbers.de/
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2018-11-23 10:24 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-22  9:38 [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly Henning Schild
2018-11-22  9:38 ` [PATCH 2/2] buildchroot: Assert that we are one of the two valid users Henning Schild
2018-11-23 10:24   ` Maxim Yu. Osipov
2018-11-22 10:13 ` [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly chombourger
2018-11-22 12:03   ` Henning Schild
2018-11-22 13:58 ` Henning Schild
2018-11-23 10:24 ` Maxim Yu. Osipov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox