[PATCH] Bind-mount /dev into chroot environments

[PATCH] Bind-mount /dev into chroot environments

[Jan Kiszka]

From: Jan Kiszka <jan.kiszka@siemens.com>

Specifically the missing /dev/null caused troubles:

x86 kernel builds will generate strange modules.order/builtin files.
That's because drivers/firmware/Makefile does
$(call as-instr,.arch armv7-a\n.arch_extension sec,-DREQUIRES_SEC=1)
That tries the above assembly on the x86 gcc which will not understand
it and complain. It's output is directed to /dev/null, but that does not
exist, so it will be printed to the above modules.* files. Argh.

Instead of adding /dev/null to the two random nodes installed so far,
simply bind-mount the whole host /dev into the chroots.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---

This obsoletes "Install /dev/null in rootfs".

 .../recipes-core/images/files/download_dev-random  | 24 ----------------------
 meta-isar/recipes-core/images/isar-image-base.bb   |  7 ++++---
 meta/recipes-devtools/buildchroot/buildchroot.bb   |  5 +++--
 .../buildchroot/files/download_dev-random          | 13 ------------
 4 files changed, 7 insertions(+), 42 deletions(-)
 delete mode 100644 meta-isar/recipes-core/images/files/download_dev-random
 delete mode 100644 meta/recipes-devtools/buildchroot/files/download_dev-random

diff --git a/meta-isar/recipes-core/images/files/download_dev-random b/meta-isar/recipes-core/images/files/download_dev-random
deleted file mode 100644
index f7f5fe5..0000000
--- a/meta-isar/recipes-core/images/files/download_dev-random
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-#
-# This software is a part of ISAR.
-# Copyright (C) 2017 ilbers GmbH
-
-set -e
-
-readonly ROOTFS="$1"
-
-if [ ! -c ${ROOTFS}/dev/random ]; then
-    rm -f ${ROOTFS}/dev/random
-    mknod "${ROOTFS}/dev/random" c 1 8
-    chmod 666 "${ROOTFS}/dev/random"
-    chown 0:0 "${ROOTFS}/dev/random"
-fi
-
-if [ ! -c ${ROOTFS}/dev/urandom ]; then
-    rm -f ${ROOTFS}/dev/urandom
-    mknod "${ROOTFS}/dev/urandom" c 1 9
-    chmod 666 "${ROOTFS}/dev/urandom"
-    chown 0:0 "${ROOTFS}/dev/urandom"
-fi
-
-exit 0
diff --git a/meta-isar/recipes-core/images/isar-image-base.bb b/meta-isar/recipes-core/images/isar-image-base.bb
index e359ac3..39f368f 100644
--- a/meta-isar/recipes-core/images/isar-image-base.bb
+++ b/meta-isar/recipes-core/images/isar-image-base.bb
@@ -11,8 +11,7 @@ LIC_FILES_CHKSUM = "file://${LAYERDIR_isar}/licenses/COPYING.GPLv2;md5=751419260
 FILESPATH =. "${LAYERDIR_isar}/recipes-core/images/files:"
 SRC_URI = "file://multistrap.conf.in \
 	   file://${DISTRO_CONFIG_SCRIPT} \
-	   file://setup.sh \
-	   file://download_dev-random"
+	   file://setup.sh"
 
 PV = "1.0"
 
@@ -33,7 +32,6 @@ do_rootfs() {
 
     chmod +x "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}"
     chmod +x "${WORKDIR}/setup.sh"
-    install -m 755 "${WORKDIR}/download_dev-random" "${WORKDIR}/hooks_multistrap/"
 
     # Multistrap accepts only relative path in configuration files, so get it:
     cd ${TOPDIR}
@@ -55,10 +53,13 @@ do_rootfs() {
         -e 's|##ISAR_DISTRO_SUITE##|${DEBDISTRONAME}|g' \
            "${WORKDIR}/multistrap.conf.in" > "${WORKDIR}/multistrap.conf"
 
+    [ ! -d ${IMAGE_ROOTFS}/dev ] && sudo install -d -o 0 -g 0 -m 555 ${IMAGE_ROOTFS}/dev
+    sudo mount -t devtmpfs none ${IMAGE_ROOTFS}/dev
     [ ! -d ${IMAGE_ROOTFS}/proc ] && sudo install -d -o 0 -g 0 -m 555 ${IMAGE_ROOTFS}/proc
     sudo mount -t proc none ${IMAGE_ROOTFS}/proc
     _do_rootfs_cleanup() {
         ret=$?
+        sudo umount ${IMAGE_ROOTFS}/dev 2>/dev/null || true
         sudo umount ${IMAGE_ROOTFS}/proc 2>/dev/null || true
         (exit $ret) || bb_exit_handler
     }
diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb b/meta/recipes-devtools/buildchroot/buildchroot.bb
index 51f9d5d..8b570b7 100644
--- a/meta/recipes-devtools/buildchroot/buildchroot.bb
+++ b/meta/recipes-devtools/buildchroot/buildchroot.bb
@@ -12,7 +12,6 @@ FILESPATH =. "${LAYERDIR_core}/recipes-devtools/buildchroot/files:"
 SRC_URI = "file://multistrap.conf.in \
            file://configscript.sh \
            file://setup.sh \
-           file://download_dev-random \
            file://build.sh"
 PV = "1.0"
 
@@ -39,7 +38,6 @@ do_build() {
 
     chmod +x "${WORKDIR}/setup.sh"
     chmod +x "${WORKDIR}/configscript.sh"
-    install -m 755 "${WORKDIR}/download_dev-random" "${WORKDIR}/hooks_multistrap/"
 
     # Multistrap accepts only relative path in configuration files, so get it:
     cd ${TOPDIR}
@@ -58,10 +56,13 @@ do_build() {
         -e 's|##DIR_HOOKS##|./'"$WORKDIR_REL"'/hooks_multistrap|g' \
            "${WORKDIR}/multistrap.conf.in" > "${WORKDIR}/multistrap.conf"
 
+    [ ! -d ${BUILDCHROOT_DIR}/dev ] && install -d -m 555 ${BUILDCHROOT_DIR}/dev
+    sudo mount -t devtmpfs none ${BUILDCHROOT_DIR}/dev
     [ ! -d ${BUILDCHROOT_DIR}/proc ] && install -d -m 555 ${BUILDCHROOT_DIR}/proc
     sudo mount -t proc none ${BUILDCHROOT_DIR}/proc
     _do_build_cleanup() {
         ret=$?
+        sudo umount ${BUILDCHROOT_DIR}/dev 2>/dev/null || true
         sudo umount ${BUILDCHROOT_DIR}/proc 2>/dev/null || true
         (exit $ret) || bb_exit_handler
     }
diff --git a/meta/recipes-devtools/buildchroot/files/download_dev-random b/meta/recipes-devtools/buildchroot/files/download_dev-random
deleted file mode 100644
index 5b5b96b..0000000
--- a/meta/recipes-devtools/buildchroot/files/download_dev-random
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-set -e
-
-readonly ROOTFS="$1"
-
-mknod "${ROOTFS}/dev/random" c 1 8
-chmod 640 "${ROOTFS}/dev/random"
-chown 0:0 "${ROOTFS}/dev/random"
-
-mknod "${ROOTFS}/dev/urandom" c 1 9
-chmod 640 "${ROOTFS}/dev/urandom"
-chown 0:0 "${ROOTFS}/dev/urandom"
-- 
2.13.6

Re: [PATCH] Bind-mount /dev into chroot environments

[Jan Kiszka]

On 2018-02-04 13:10, [ext] Jan Kiszka wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
> 
> Specifically the missing /dev/null caused troubles:
> 
> x86 kernel builds will generate strange modules.order/builtin files.
> That's because drivers/firmware/Makefile does
> $(call as-instr,.arch armv7-a\n.arch_extension sec,-DREQUIRES_SEC=1)
> That tries the above assembly on the x86 gcc which will not understand
> it and complain. It's output is directed to /dev/null, but that does not
> exist, so it will be printed to the above modules.* files. Argh.
> 
> Instead of adding /dev/null to the two random nodes installed so far,
> simply bind-mount the whole host /dev into the chroots.
> 
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
> 
> This obsoletes "Install /dev/null in rootfs".
> 
>  .../recipes-core/images/files/download_dev-random  | 24 ----------------------
>  meta-isar/recipes-core/images/isar-image-base.bb   |  7 ++++---
>  meta/recipes-devtools/buildchroot/buildchroot.bb   |  5 +++--
>  .../buildchroot/files/download_dev-random          | 13 ------------
>  4 files changed, 7 insertions(+), 42 deletions(-)
>  delete mode 100644 meta-isar/recipes-core/images/files/download_dev-random
>  delete mode 100644 meta/recipes-devtools/buildchroot/files/download_dev-random
> 
> diff --git a/meta-isar/recipes-core/images/files/download_dev-random b/meta-isar/recipes-core/images/files/download_dev-random
> deleted file mode 100644
> index f7f5fe5..0000000
> --- a/meta-isar/recipes-core/images/files/download_dev-random
> +++ /dev/null
> @@ -1,24 +0,0 @@
> -#!/bin/sh
> -#
> -# This software is a part of ISAR.
> -# Copyright (C) 2017 ilbers GmbH
> -
> -set -e
> -
> -readonly ROOTFS="$1"
> -
> -if [ ! -c ${ROOTFS}/dev/random ]; then
> -    rm -f ${ROOTFS}/dev/random
> -    mknod "${ROOTFS}/dev/random" c 1 8
> -    chmod 666 "${ROOTFS}/dev/random"
> -    chown 0:0 "${ROOTFS}/dev/random"
> -fi
> -
> -if [ ! -c ${ROOTFS}/dev/urandom ]; then
> -    rm -f ${ROOTFS}/dev/urandom
> -    mknod "${ROOTFS}/dev/urandom" c 1 9
> -    chmod 666 "${ROOTFS}/dev/urandom"
> -    chown 0:0 "${ROOTFS}/dev/urandom"
> -fi
> -
> -exit 0
> diff --git a/meta-isar/recipes-core/images/isar-image-base.bb b/meta-isar/recipes-core/images/isar-image-base.bb
> index e359ac3..39f368f 100644
> --- a/meta-isar/recipes-core/images/isar-image-base.bb
> +++ b/meta-isar/recipes-core/images/isar-image-base.bb
> @@ -11,8 +11,7 @@ LIC_FILES_CHKSUM = "file://${LAYERDIR_isar}/licenses/COPYING.GPLv2;md5=751419260
>  FILESPATH =. "${LAYERDIR_isar}/recipes-core/images/files:"
>  SRC_URI = "file://multistrap.conf.in \
>  	   file://${DISTRO_CONFIG_SCRIPT} \
> -	   file://setup.sh \
> -	   file://download_dev-random"
> +	   file://setup.sh"
>  
>  PV = "1.0"
>  
> @@ -33,7 +32,6 @@ do_rootfs() {
>  
>      chmod +x "${WORKDIR}/${DISTRO_CONFIG_SCRIPT}"
>      chmod +x "${WORKDIR}/setup.sh"
> -    install -m 755 "${WORKDIR}/download_dev-random" "${WORKDIR}/hooks_multistrap/"
>  
>      # Multistrap accepts only relative path in configuration files, so get it:
>      cd ${TOPDIR}
> @@ -55,10 +53,13 @@ do_rootfs() {
>          -e 's|##ISAR_DISTRO_SUITE##|${DEBDISTRONAME}|g' \
>             "${WORKDIR}/multistrap.conf.in" > "${WORKDIR}/multistrap.conf"
>  
> +    [ ! -d ${IMAGE_ROOTFS}/dev ] && sudo install -d -o 0 -g 0 -m 555 ${IMAGE_ROOTFS}/dev
> +    sudo mount -t devtmpfs none ${IMAGE_ROOTFS}/dev
>      [ ! -d ${IMAGE_ROOTFS}/proc ] && sudo install -d -o 0 -g 0 -m 555 ${IMAGE_ROOTFS}/proc
>      sudo mount -t proc none ${IMAGE_ROOTFS}/proc
>      _do_rootfs_cleanup() {
>          ret=$?
> +        sudo umount ${IMAGE_ROOTFS}/dev 2>/dev/null || true
>          sudo umount ${IMAGE_ROOTFS}/proc 2>/dev/null || true
>          (exit $ret) || bb_exit_handler
>      }
> diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb b/meta/recipes-devtools/buildchroot/buildchroot.bb
> index 51f9d5d..8b570b7 100644
> --- a/meta/recipes-devtools/buildchroot/buildchroot.bb
> +++ b/meta/recipes-devtools/buildchroot/buildchroot.bb
> @@ -12,7 +12,6 @@ FILESPATH =. "${LAYERDIR_core}/recipes-devtools/buildchroot/files:"
>  SRC_URI = "file://multistrap.conf.in \
>             file://configscript.sh \
>             file://setup.sh \
> -           file://download_dev-random \
>             file://build.sh"
>  PV = "1.0"
>  
> @@ -39,7 +38,6 @@ do_build() {
>  
>      chmod +x "${WORKDIR}/setup.sh"
>      chmod +x "${WORKDIR}/configscript.sh"
> -    install -m 755 "${WORKDIR}/download_dev-random" "${WORKDIR}/hooks_multistrap/"
>  
>      # Multistrap accepts only relative path in configuration files, so get it:
>      cd ${TOPDIR}
> @@ -58,10 +56,13 @@ do_build() {
>          -e 's|##DIR_HOOKS##|./'"$WORKDIR_REL"'/hooks_multistrap|g' \
>             "${WORKDIR}/multistrap.conf.in" > "${WORKDIR}/multistrap.conf"
>  
> +    [ ! -d ${BUILDCHROOT_DIR}/dev ] && install -d -m 555 ${BUILDCHROOT_DIR}/dev
> +    sudo mount -t devtmpfs none ${BUILDCHROOT_DIR}/dev
>      [ ! -d ${BUILDCHROOT_DIR}/proc ] && install -d -m 555 ${BUILDCHROOT_DIR}/proc
>      sudo mount -t proc none ${BUILDCHROOT_DIR}/proc
>      _do_build_cleanup() {
>          ret=$?
> +        sudo umount ${BUILDCHROOT_DIR}/dev 2>/dev/null || true
>          sudo umount ${BUILDCHROOT_DIR}/proc 2>/dev/null || true
>          (exit $ret) || bb_exit_handler
>      }
> diff --git a/meta/recipes-devtools/buildchroot/files/download_dev-random b/meta/recipes-devtools/buildchroot/files/download_dev-random
> deleted file mode 100644
> index 5b5b96b..0000000
> --- a/meta/recipes-devtools/buildchroot/files/download_dev-random
> +++ /dev/null
> @@ -1,13 +0,0 @@
> -#!/bin/sh
> -
> -set -e
> -
> -readonly ROOTFS="$1"
> -
> -mknod "${ROOTFS}/dev/random" c 1 8
> -chmod 640 "${ROOTFS}/dev/random"
> -chown 0:0 "${ROOTFS}/dev/random"
> -
> -mknod "${ROOTFS}/dev/urandom" c 1 9
> -chmod 640 "${ROOTFS}/dev/urandom"
> -chown 0:0 "${ROOTFS}/dev/urandom"
> 

Self-NACK: This patch is causing troubles, at least when creating the
buildchroot. I suspect multistrap does something special /dev while
setting up the rootfs, and therefore we rather need a hook than the bind
mount.

Jan
-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux