diff options
| -rwxr-xr-x | bin/sbuild | 2 | ||||
| -rwxr-xr-x | bin/sbuild-qemu | 12 | ||||
| -rw-r--r-- | debian/changelog | 32 | ||||
| -rw-r--r-- | debian/gbp.conf | 2 | ||||
| -rw-r--r-- | lib/Sbuild/ChrootUnshare.pm | 7 | ||||
| -rw-r--r-- | lib/Sbuild/Conf.pm | 18 | ||||
| -rw-r--r-- | lib/Sbuild/Utility.pm | 4 |
7 files changed, 60 insertions, 17 deletions
@@ -54,7 +54,7 @@ my $conf = Sbuild::Conf::new(); exit 1 if !defined($conf); my $options = Sbuild::Options->new($conf, "sbuild", "1"); exit 1 if !defined($options); -check_group_membership() if $conf->get('CHROOT_MODE') eq 'schroot'; +check_group_membership() if $conf->get('CHROOT_MODE') eq 'schroot' && $conf->get('SCHROOT') eq 'schroot'; if (!$conf->get('MAINTAINER_NAME') && ($conf->get('BIN_NMU') || $conf->get('APPEND_TO_VERSION'))) { diff --git a/bin/sbuild-qemu b/bin/sbuild-qemu index 52ab6ff..c7373b8 100755 --- a/bin/sbuild-qemu +++ b/bin/sbuild-qemu @@ -40,6 +40,7 @@ IMAGEDIR = os.environ.get( os.path.join(os.path.expanduser('~'), '.cache', 'sbuild'), ) +DEFAULT_DIST = 'unstable' DEFAULT_ARCH = subprocess.check_output( ['dpkg', '--print-architecture'], text=True, @@ -118,7 +119,6 @@ def main(): peeker.add_argument( '--dist', action='store', - default='unstable', ) peeker.add_argument( '--arch', @@ -146,14 +146,11 @@ def main(): else: image = os.path.join(IMAGEDIR, parsed_args.image) else: - guessed_name = f'{peeked_args.dist}-autopkgtest-{build_arch}.img' + guessed_name = f'{peeked_args.dist or DEFAULT_DIST}-autopkgtest-{build_arch}.img' if os.path.exists(os.path.abspath(guessed_name)): - images = os.path.abspath(guessed_name) + image = os.path.abspath(guessed_name) else: - image = os.path.join( - IMAGEDIR, - f'{peeked_args.dist}-autopkgtest-{build_arch}.img', - ) + image = os.path.join(IMAGEDIR, guessed_name) if not os.path.exists(image): print(f"File {image} does not exist.", file=sys.stderr) @@ -161,7 +158,6 @@ def main(): args = [ 'sbuild', - '--dist', peeked_args.dist, '--purge-build=never', '--purge-deps=never', '--chroot-mode=autopkgtest', diff --git a/debian/changelog b/debian/changelog index 171ed47..41761f2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,35 @@ +sbuild (0.85.9) unstable; urgency=medium + + [ Aurelien Jarno ] + * Unshare: add IPv6 loopback address to /etc/hosts + * Unshare: preserve HOME environment variable + * Unshare: define the LOGNAME environment variable + + [ Christian Kastner ] + * sbuild-qemu: Fix typo breaking one guess for image path + * sbuild-qemu: Don't add --dist (Closes: #1071000) + + [ Helmut Grohne ] + * lib/Sbuild/ChrootUnshare.pm: Do not expose /sys/kernel in the unshare backend. + (Closes: #1071234) + + [ Timo Röhling ] + * Relax permissions on pipes connected to STDOUT (Closes: #1070007) + + [ Johannes Schauer Marin Rodrigues ] + * lib/Sbuild/Conf.pm: make the schroot binary configurable via ~/.sbuildrc + * bin/sbuild: only check group membership if 'schroot' is configured as the schroot binary + + -- Jochen Sprickerhof <jspricke@debian.org> Wed, 29 May 2024 10:46:22 +0200 + +sbuild (0.85.8) unstable; urgency=medium + + [ Aurelien Jarno ] + * man/sbuild-createchroot.8.in: fix unshare mode example + * Unshare: use linux32 personality for 32-bit on 64-bit architectures + + -- Jochen Sprickerhof <jspricke@debian.org> Thu, 25 Apr 2024 14:49:56 +0200 + sbuild (0.85.7) unstable; urgency=medium [ Santiago Ruano Rincón ] diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..9048820 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +debian-branch = main diff --git a/lib/Sbuild/ChrootUnshare.pm b/lib/Sbuild/ChrootUnshare.pm index 8fb2350..81e90ca 100644 --- a/lib/Sbuild/ChrootUnshare.pm +++ b/lib/Sbuild/ChrootUnshare.pm @@ -306,7 +306,7 @@ sub _get_exec_argv { } return ( - 'env', 'PATH=' . $self->get_conf('PATH'), + 'env', 'PATH=' . $self->get_conf('PATH'), "USER=$user", "LOGNAME=$user", get_unshare_cmd({UNSHARE_FLAGS => $unshare, FORK => 1, IDMAP => $self->get('Uid Gid Map'), LINUX32 => $linux32}), 'sh', '-c', " rootdir=\"\$1\"; shift; user=\"\$1\"; shift; @@ -318,7 +318,7 @@ sub _get_exec_argv { shift; shift; done; hostname sbuild; - echo \"127.0.0.1 localhost\\n127.0.1.1 sbuild\" > \"\$rootdir/etc/hosts\"; + echo \"127.0.0.1 localhost\\n127.0.1.1 sbuild\\n::1 localhost ip6-localhost ip6-loopback\" > \"\$rootdir/etc/hosts\"; $network_setup mkdir -p \"\$rootdir/dev\"; for f in null zero full random urandom tty console; do @@ -337,9 +337,10 @@ sub _get_exec_argv { mount -t tmpfs tmpfs \"\$rootdir/dev/shm\"; mkdir -p \"\$rootdir/sys\"; mount -o rbind /sys \"\$rootdir/sys\"; + mount -t tmpfs tmpfs \"\$rootdir/sys/kernel\" -o mode=0000,size=4k,ro; mkdir -p \"\$rootdir/proc\"; mount -t proc proc \"\$rootdir/proc\"; - exec /usr/sbin/chroot \"\$rootdir\" $init /sbin/runuser -u \"\$user\" -- sh -c \"cd \\\"\\\$1\\\" && shift && \\\"\\\$@\\\"\" -- \"\$dir\" \"\$@\"; + exec /usr/sbin/chroot \"\$rootdir\" $init /sbin/runuser -p -u \"\$user\" -- sh -c \"cd \\\"\\\$1\\\" && shift && \\\"\\\$@\\\"\" -- \"\$dir\" \"\$@\"; ", '--', $self->get('Session ID'), $user, $dir, @bind_mounts, '--' ); } diff --git a/lib/Sbuild/Conf.pm b/lib/Sbuild/Conf.pm index d0e3f6f..ffe56d1 100644 --- a/lib/Sbuild/Conf.pm +++ b/lib/Sbuild/Conf.pm @@ -249,16 +249,18 @@ sub setup ($) { }, 'SCHROOT' => { TYPE => 'STRING', - GROUP => '__INTERNAL', + VARNAME => 'schroot', + GROUP => 'Programs', CHECK => sub { my $conf = shift; my $entry = shift; my $key = $entry->{'NAME'}; # Only validate if needed. - if ($conf->get('CHROOT_MODE') eq 'schroot') { - $validate_program->($conf, $entry); - } + if (defined $conf->_get('CHROOT_MODE') + && $conf->_get('CHROOT_MODE') eq 'schroot') { + $validate_program->($conf, $entry); + } }, DEFAULT => 'schroot', HELP => 'Path to schroot binary' @@ -734,7 +736,13 @@ sub setup ($) { if !isin($conf->get('CHROOT_MODE'), qw(schroot sudo autopkgtest unshare)); }, - DEFAULT => 'schroot', + DEFAULT => undef, + GET => sub { + my $conf = shift; + my $entry = shift; + + return ($conf->_get($entry->{'NAME'}) // 'schroot'); + }, HELP => 'Mechanism to use for chroot virtualisation. Possible value are "schroot" (default), "sudo", "autopkgtest" and "unshare".', CLI_OPTIONS => ['--chroot-mode'] }, diff --git a/lib/Sbuild/Utility.pm b/lib/Sbuild/Utility.pm index 9cdfff1..6828692 100644 --- a/lib/Sbuild/Utility.pm +++ b/lib/Sbuild/Utility.pm @@ -420,6 +420,10 @@ sub get_unshare_cmd($) { my $command = <<"EOF"; require 'syscall.ph'; +# Workaround for #1070007 (Permission denied if STDOUT points to a pipe) +use Fcntl qw(:mode); +chmod(0666, *STDOUT) if ((stat(*STDOUT))[2] & S_IFMT) == S_IFIFO; + # Create a pipe for the parent process to signal the child process that it is # done with calling unshare() so that the child can go ahead setting up # uid_map and gid_map. |