* [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly
@ 2018-11-22 9:38 Henning Schild
2018-11-22 9:38 ` [PATCH 2/2] buildchroot: Assert that we are one of the two valid users Henning Schild
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Henning Schild @ 2018-11-22 9:38 UTC (permalink / raw)
To: isar-users; +Cc: Henning Schild, Henning Schild
From: Henning Schild <henning@hennsch.de>
Instead of using "su" use "chroot --userspec". That should also be the
pattern for other chroot users that do not need root. i.e. kernel build
and upcoming "apt-get source" fetcher.
This way we can skip all the chowning we had/have to do otherwise.
Signed-off-by: Henning Schild <henning.schild@siemens.com>
---
meta/classes/dpkg.bbclass | 2 +-
meta/recipes-devtools/buildchroot/files/build.sh | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/meta/classes/dpkg.bbclass b/meta/classes/dpkg.bbclass
index f74c9c9..24b9fe3 100644
--- a/meta/classes/dpkg.bbclass
+++ b/meta/classes/dpkg.bbclass
@@ -19,5 +19,5 @@ do_install_builddeps[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
# Build package from sources using build script
dpkg_runbuild() {
E="${@ bb.utils.export_proxies(d)}"
- sudo -E chroot ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS} ${DISTRO_ARCH}
+ sudo -E chroot --userspec=$( id -u ):$( id -g ) ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS} ${DISTRO_ARCH}
}
diff --git a/meta/recipes-devtools/buildchroot/files/build.sh b/meta/recipes-devtools/buildchroot/files/build.sh
index f977b16..1ba394c 100644
--- a/meta/recipes-devtools/buildchroot/files/build.sh
+++ b/meta/recipes-devtools/buildchroot/files/build.sh
@@ -14,5 +14,4 @@ for i in configure aclocal.m4 Makefile.am Makefile.in; do
fi
done
-# Build the package as user "builder"
-su builder -c "cd $1; dpkg-buildpackage -a$target_arch -d --source-option=-I"
+dpkg-buildpackage -a$target_arch -d --source-option=-I
--
2.19.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 2/2] buildchroot: Assert that we are one of the two valid users
2018-11-22 9:38 [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly Henning Schild
@ 2018-11-22 9:38 ` Henning Schild
2018-11-23 10:24 ` Maxim Yu. Osipov
2018-11-22 10:13 ` [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly chombourger
` (2 subsequent siblings)
3 siblings, 1 reply; 7+ messages in thread
From: Henning Schild @ 2018-11-22 9:38 UTC (permalink / raw)
To: isar-users; +Cc: Henning Schild
Everything we do inside the buildchroot should be done as "root:root" or
"builder:builder" and we depend on "builder:builder" being in sync with
the ids in the system we chroot from.
This assertion will find violations or the odd case where the ids got
out of sync.
Signed-off-by: Henning Schild <henning.schild@siemens.com>
---
meta/recipes-devtools/buildchroot/files/common.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/buildchroot/files/common.sh b/meta/recipes-devtools/buildchroot/files/common.sh
index ea82bf1..25b0bb6 100644
--- a/meta/recipes-devtools/buildchroot/files/common.sh
+++ b/meta/recipes-devtools/buildchroot/files/common.sh
@@ -7,6 +7,9 @@
set -e
printenv | grep -q BB_VERBOSE_LOGS && set -x
+# assert we are either "root:root" or "builder:builder"
+[ $( id -un ) = "builder" -a $( id -un ) = "builder" ] || [ $( id -un ) = "root" -a $( id -un ) = "root" ]
+
# Create human-readable names
target_arch=$2
--
2.19.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly
2018-11-22 9:38 [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly Henning Schild
2018-11-22 9:38 ` [PATCH 2/2] buildchroot: Assert that we are one of the two valid users Henning Schild
@ 2018-11-22 10:13 ` chombourger
2018-11-22 12:03 ` Henning Schild
2018-11-22 13:58 ` Henning Schild
2018-11-23 10:24 ` Maxim Yu. Osipov
3 siblings, 1 reply; 7+ messages in thread
From: chombourger @ 2018-11-22 10:13 UTC (permalink / raw)
To: isar-users
[-- Attachment #1.1: Type: text/plain, Size: 577 bytes --]
cool - I will indeed rework the upcoming dpkg-source class to use this.
Thanks a bunch for the hint!
On Thursday, November 22, 2018 at 10:38:21 AM UTC+1, Henning Schild wrote:
>
> From: Henning Schild <hen...@hennsch.de <javascript:>>
>
> Instead of using "su" use "chroot --userspec". That should also be the
> pattern for other chroot users that do not need root. i.e. kernel build
> and upcoming "apt-get source" fetcher.
> This way we can skip all the chowning we had/have to do otherwise.
>
> Signed-off-by: Henning Schild <henning...@siemens.com <javascript:>>
>
[-- Attachment #1.2: Type: text/html, Size: 1169 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly
2018-11-22 10:13 ` [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly chombourger
@ 2018-11-22 12:03 ` Henning Schild
0 siblings, 0 replies; 7+ messages in thread
From: Henning Schild @ 2018-11-22 12:03 UTC (permalink / raw)
To: chombourger; +Cc: isar-users
Am Thu, 22 Nov 2018 02:13:25 -0800
schrieb <chombourger@gmail.com>:
> cool - I will indeed rework the upcoming dpkg-source class to use
> this. Thanks a bunch for the hint!
Hehe, and i even forgot the CC, that i wanted to add. Make sure to
source /isar/common.sh as well. That guy should probably evolve to be
the one entry point into buildchroot, no matter what you do there.
Henning
> On Thursday, November 22, 2018 at 10:38:21 AM UTC+1, Henning Schild
> wrote:
> >
> > From: Henning Schild <hen...@hennsch.de <javascript:>>
> >
> > Instead of using "su" use "chroot --userspec". That should also be
> > the pattern for other chroot users that do not need root. i.e.
> > kernel build and upcoming "apt-get source" fetcher.
> > This way we can skip all the chowning we had/have to do otherwise.
> >
> > Signed-off-by: Henning Schild <henning...@siemens.com
> > <javascript:>>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly
2018-11-22 9:38 [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly Henning Schild
2018-11-22 9:38 ` [PATCH 2/2] buildchroot: Assert that we are one of the two valid users Henning Schild
2018-11-22 10:13 ` [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly chombourger
@ 2018-11-22 13:58 ` Henning Schild
2018-11-23 10:24 ` Maxim Yu. Osipov
3 siblings, 0 replies; 7+ messages in thread
From: Henning Schild @ 2018-11-22 13:58 UTC (permalink / raw)
To: isar-users
Am Thu, 22 Nov 2018 10:38:17 +0100
schrieb Henning Schild <henning.schild@siemens.com>:
> From: Henning Schild <henning@hennsch.de>
Wrong author ...
Henning
> Instead of using "su" use "chroot --userspec". That should also be the
> pattern for other chroot users that do not need root. i.e. kernel
> build and upcoming "apt-get source" fetcher.
> This way we can skip all the chowning we had/have to do otherwise.
>
> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
> meta/classes/dpkg.bbclass | 2 +-
> meta/recipes-devtools/buildchroot/files/build.sh | 3 +--
> 2 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/meta/classes/dpkg.bbclass b/meta/classes/dpkg.bbclass
> index f74c9c9..24b9fe3 100644
> --- a/meta/classes/dpkg.bbclass
> +++ b/meta/classes/dpkg.bbclass
> @@ -19,5 +19,5 @@ do_install_builddeps[stamp-extra-info] =
> "${DISTRO}-${DISTRO_ARCH}" # Build package from sources using build
> script dpkg_runbuild() {
> E="${@ bb.utils.export_proxies(d)}"
> - sudo -E chroot ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS}
> ${DISTRO_ARCH}
> + sudo -E chroot --userspec=$( id -u ):$( id -g )
> ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS} ${DISTRO_ARCH} }
> diff --git a/meta/recipes-devtools/buildchroot/files/build.sh
> b/meta/recipes-devtools/buildchroot/files/build.sh index
> f977b16..1ba394c 100644 ---
> a/meta/recipes-devtools/buildchroot/files/build.sh +++
> b/meta/recipes-devtools/buildchroot/files/build.sh @@ -14,5 +14,4 @@
> for i in configure aclocal.m4 Makefile.am Makefile.in; do fi
> done
>
> -# Build the package as user "builder"
> -su builder -c "cd $1; dpkg-buildpackage -a$target_arch -d
> --source-option=-I" +dpkg-buildpackage -a$target_arch -d
> --source-option=-I
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly
2018-11-22 9:38 [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly Henning Schild
` (2 preceding siblings ...)
2018-11-22 13:58 ` Henning Schild
@ 2018-11-23 10:24 ` Maxim Yu. Osipov
3 siblings, 0 replies; 7+ messages in thread
From: Maxim Yu. Osipov @ 2018-11-23 10:24 UTC (permalink / raw)
To: Henning Schild, isar-users; +Cc: Henning Schild
On 11/22/18 12:38 PM, Henning Schild wrote:
> From: Henning Schild <henning@hennsch.de>
>
> Instead of using "su" use "chroot --userspec". That should also be the
> pattern for other chroot users that do not need root. i.e. kernel build
> and upcoming "apt-get source" fetcher.
> This way we can skip all the chowning we had/have to do otherwise.
Applied to the 'next' (with corrected authorship).
Thanks,
Maxim.
> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
> meta/classes/dpkg.bbclass | 2 +-
> meta/recipes-devtools/buildchroot/files/build.sh | 3 +--
> 2 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/meta/classes/dpkg.bbclass b/meta/classes/dpkg.bbclass
> index f74c9c9..24b9fe3 100644
> --- a/meta/classes/dpkg.bbclass
> +++ b/meta/classes/dpkg.bbclass
> @@ -19,5 +19,5 @@ do_install_builddeps[stamp-extra-info] = "${DISTRO}-${DISTRO_ARCH}"
> # Build package from sources using build script
> dpkg_runbuild() {
> E="${@ bb.utils.export_proxies(d)}"
> - sudo -E chroot ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS} ${DISTRO_ARCH}
> + sudo -E chroot --userspec=$( id -u ):$( id -g ) ${BUILDCHROOT_DIR} /isar/build.sh ${PP}/${PPS} ${DISTRO_ARCH}
> }
> diff --git a/meta/recipes-devtools/buildchroot/files/build.sh b/meta/recipes-devtools/buildchroot/files/build.sh
> index f977b16..1ba394c 100644
> --- a/meta/recipes-devtools/buildchroot/files/build.sh
> +++ b/meta/recipes-devtools/buildchroot/files/build.sh
> @@ -14,5 +14,4 @@ for i in configure aclocal.m4 Makefile.am Makefile.in; do
> fi
> done
>
> -# Build the package as user "builder"
> -su builder -c "cd $1; dpkg-buildpackage -a$target_arch -d --source-option=-I"
> +dpkg-buildpackage -a$target_arch -d --source-option=-I
>
--
Maxim Osipov
ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn
Germany
+49 (151) 6517 6917
mosipov@ilbers.de
http://ilbers.de/
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] buildchroot: Assert that we are one of the two valid users
2018-11-22 9:38 ` [PATCH 2/2] buildchroot: Assert that we are one of the two valid users Henning Schild
@ 2018-11-23 10:24 ` Maxim Yu. Osipov
0 siblings, 0 replies; 7+ messages in thread
From: Maxim Yu. Osipov @ 2018-11-23 10:24 UTC (permalink / raw)
To: Henning Schild, isar-users
On 11/22/18 12:38 PM, Henning Schild wrote:
> Everything we do inside the buildchroot should be done as "root:root" or
> "builder:builder" and we depend on "builder:builder" being in sync with
> the ids in the system we chroot from.
>
> This assertion will find violations or the odd case where the ids got
> out of sync.
Applied to the 'next',
Thanks,
Maxim.
> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> ---
> meta/recipes-devtools/buildchroot/files/common.sh | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/meta/recipes-devtools/buildchroot/files/common.sh b/meta/recipes-devtools/buildchroot/files/common.sh
> index ea82bf1..25b0bb6 100644
> --- a/meta/recipes-devtools/buildchroot/files/common.sh
> +++ b/meta/recipes-devtools/buildchroot/files/common.sh
> @@ -7,6 +7,9 @@
> set -e
> printenv | grep -q BB_VERBOSE_LOGS && set -x
>
> +# assert we are either "root:root" or "builder:builder"
> +[ $( id -un ) = "builder" -a $( id -un ) = "builder" ] || [ $( id -un ) = "root" -a $( id -un ) = "root" ]
> +
> # Create human-readable names
> target_arch=$2
>
>
--
Maxim Osipov
ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn
Germany
+49 (151) 6517 6917
mosipov@ilbers.de
http://ilbers.de/
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-11-23 10:24 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-22 9:38 [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly Henning Schild
2018-11-22 9:38 ` [PATCH 2/2] buildchroot: Assert that we are one of the two valid users Henning Schild
2018-11-23 10:24 ` Maxim Yu. Osipov
2018-11-22 10:13 ` [PATCH 1/2] buildchroot: Enter buildchroot with right user:group directly chombourger
2018-11-22 12:03 ` Henning Schild
2018-11-22 13:58 ` Henning Schild
2018-11-23 10:24 ` Maxim Yu. Osipov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox