summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xbin/sbuild-qemu-boot4
-rwxr-xr-xbin/sbuild-qemu-update4
-rw-r--r--lib/Sbuild/Build.pm20
-rw-r--r--lib/Sbuild/ChrootSchroot.pm2
-rw-r--r--lib/Sbuild/ChrootUnshare.pm17
-rw-r--r--lib/Sbuild/Conf.pm8
-rw-r--r--lib/Sbuild/Options.pm15
-rw-r--r--man/sbuild.1.in25
8 files changed, 75 insertions, 20 deletions
diff --git a/bin/sbuild-qemu-boot b/bin/sbuild-qemu-boot
index ae2ef1d..1fd93ae 100755
--- a/bin/sbuild-qemu-boot
+++ b/bin/sbuild-qemu-boot
@@ -148,7 +148,9 @@ def get_qemu_base_args(image, guest_arch=None, boot="auto"):
case "efi":
match guest_arch:
case 'amd64':
- eficode = "/usr/share/OVMF/OVMF_CODE.fd"
+ eficode = "/usr/share/OVMF/OVMF_CODE_4M.fd"
+ if not os.path.exists(eficode):
+ eficode = "/usr/share/OVMF/OVMF_CODE.fd"
case 'i386':
eficode = "/usr/share/OVMF/OVMF32_CODE_4M.secboot.fd"
case 'arm64':
diff --git a/bin/sbuild-qemu-update b/bin/sbuild-qemu-update
index af5c31c..6e08274 100755
--- a/bin/sbuild-qemu-update
+++ b/bin/sbuild-qemu-update
@@ -146,7 +146,9 @@ def get_qemu_base_args(image, guest_arch=None, boot="auto"):
case "efi":
match guest_arch:
case 'amd64':
- eficode = "/usr/share/OVMF/OVMF_CODE.fd"
+ eficode = "/usr/share/OVMF/OVMF_CODE_4M.fd"
+ if not os.path.exists(eficode):
+ eficode = "/usr/share/OVMF/OVMF_CODE.fd"
case 'i386':
eficode = "/usr/share/OVMF/OVMF32_CODE_4M.secboot.fd"
case 'arm64':
diff --git a/lib/Sbuild/Build.pm b/lib/Sbuild/Build.pm
index cca1c89..7a23a85 100644
--- a/lib/Sbuild/Build.pm
+++ b/lib/Sbuild/Build.pm
@@ -640,13 +640,6 @@ END
debug("Error run_chroot_session(): $@") if $@;
- if ($self->get('Pkg Status') ne "successful") {
- if(!$self->run_external_commands("post-build-failed-commands")) {
- Sbuild::Exception::Build->throw(error => "Failed to execute post-build-commands",
- failstage => "run-post-build-failed-commands");
- }
- }
-
# End chroot session
my $session = $self->get('Session');
if (defined $session) {
@@ -833,6 +826,9 @@ sub run_fetch_install_packages {
$self->set('Install Start Time', time);
$self->set('Install End Time', $self->get('Install Start Time'));
my @coredeps = @{$self->get_conf('CORE_DEPENDS')};
+ if ($self->get_conf('CHROOT_MODE') eq 'unshare') {
+ push(@coredeps, 'dumb-init');
+ }
if ($self->get('Host Arch') ne $self->get('Build Arch')) {
my $crosscoredeps = $self->get_conf('CROSSBUILD_CORE_DEPENDS');
if (defined($crosscoredeps->{$self->get('Host Arch')})) {
@@ -1010,6 +1006,13 @@ sub run_fetch_install_packages {
}
}
+ if ($self->get('Pkg Status') ne "successful") {
+ if(!$self->run_external_commands("post-build-failed-commands")) {
+ Sbuild::Exception::Build->throw(error => "Failed to execute post-build-commands",
+ failstage => "run-post-build-failed-commands");
+ }
+ }
+
$self->log_subsection("Cleanup");
my $session = $self->get('Session');
my $resolver = $self->get('Dependency Resolver');
@@ -2593,7 +2596,8 @@ sub build {
PRIORITY => 0,
DIR => $dscdir,
STREAMERR => \*STDOUT,
- DISABLE_NETWORK => 1,
+ ENABLE_NETWORK => $self->get_conf('ENABLE_NETWORK'),
+ BUILD_INSIDE_INIT => 1,
};
my $pipe = $session->pipe_command($command);
diff --git a/lib/Sbuild/ChrootSchroot.pm b/lib/Sbuild/ChrootSchroot.pm
index 8c88284..0dc8a95 100644
--- a/lib/Sbuild/ChrootSchroot.pm
+++ b/lib/Sbuild/ChrootSchroot.pm
@@ -132,7 +132,7 @@ sub get_command_internal {
return if $self->get('Session ID') eq "";
- if (defined($options->{'DISABLE_NETWORK'}) && $options->{'DISABLE_NETWORK'}) {
+ if (defined($options->{'ENABLE_NETWORK'}) && $options->{'ENABLE_NETWORK'} == 0) {
print STDERR "Disabling the network for this command was requested but the schroot backend doesn't support this feature yet: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802849\n" if $self->get_conf('DEBUG');
}
diff --git a/lib/Sbuild/ChrootUnshare.pm b/lib/Sbuild/ChrootUnshare.pm
index 91a7fa4..c4a3064 100644
--- a/lib/Sbuild/ChrootUnshare.pm
+++ b/lib/Sbuild/ChrootUnshare.pm
@@ -271,17 +271,23 @@ sub _get_exec_argv {
my $dir = shift;
my $user = shift;
my $disable_network = shift // 0;
+ my $build_inside_init = shift // 0;
# On systems with libnss-resolve installed there is no need for a
# /etc/resolv.conf. This works around this by adding 127.0.0.53 (default
# for systemd-resolved) in that case.
my $network_setup = '[ -f /etc/resolv.conf ] && cat /etc/resolv.conf > "$rootdir/etc/resolv.conf" || echo "nameserver 127.0.0.53" > "$rootdir/etc/resolv.conf";';
my $unshare = CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWUTS | CLONE_NEWIPC;
+ my $init = "";
if ($disable_network) {
$unshare |= CLONE_NEWNET;
$network_setup = 'ip link set lo up;> "$rootdir/etc/resolv.conf";';
}
+ if ($build_inside_init) {
+ $init = "/usr/bin/dumb-init";
+ }
+
my @bind_mounts = ();
for my $entry (@{$self->get_conf('UNSHARE_BIND_MOUNTS')}) {
push @bind_mounts, $entry->{directory}, $entry->{mountpoint};
@@ -321,7 +327,7 @@ sub _get_exec_argv {
mount -o rbind /sys \"\$rootdir/sys\";
mkdir -p \"\$rootdir/proc\";
mount -t proc proc \"\$rootdir/proc\";
- exec /usr/sbin/chroot \"\$rootdir\" /sbin/runuser -u \"\$user\" -- sh -c \"cd \\\"\\\$1\\\" && shift && \\\"\\\$@\\\"\" -- \"\$dir\" \"\$@\";
+ exec /usr/sbin/chroot \"\$rootdir\" $init /sbin/runuser -u \"\$user\" -- sh -c \"cd \\\"\\\$1\\\" && shift && \\\"\\\$@\\\"\" -- \"\$dir\" \"\$@\";
", '--', $self->get('Session ID'), $user, $dir, @bind_mounts, '--'
);
}
@@ -358,11 +364,16 @@ sub get_command_internal {
}
my $disable_network = 0;
- if (defined($options->{'DISABLE_NETWORK'}) && $options->{'DISABLE_NETWORK'}) {
+ if (defined($options->{'ENABLE_NETWORK'}) && $options->{'ENABLE_NETWORK'} == 0) {
$disable_network = 1;
}
- my @cmdline = $self->_get_exec_argv($dir, $user, $disable_network);
+ my $build_inside_init = 0;
+ if (defined($options->{'BUILD_INSIDE_INIT'}) && $options->{'BUILD_INSIDE_INIT'}) {
+ $build_inside_init = 1;
+ }
+
+ my @cmdline = $self->_get_exec_argv($dir, $user, $disable_network, $build_inside_init);
if (ref $command) {
push @cmdline, @$command;
} else {
diff --git a/lib/Sbuild/Conf.pm b/lib/Sbuild/Conf.pm
index 77e3db3..d0e3f6f 100644
--- a/lib/Sbuild/Conf.pm
+++ b/lib/Sbuild/Conf.pm
@@ -295,6 +295,14 @@ sub setup ($) {
HELP => 'Bind mount directories from the outside to a mountpoint inside the chroot in unshare mode.',
EXAMPLE => '$unshare_bind_mounts = [ { directory => "/home/path/outside", mountpoint => "/path/inside" } ];'
},
+ 'ENABLE_NETWORK' => {
+ TYPE => 'STRING',
+ VARNAME => 'enable_network',
+ GROUP => 'Build options',
+ DEFAULT => 0,
+ HELP => 'By default network access is blocked during build (only implemented for the unshare mode). This lifts the restriction.',
+ CLI_OPTIONS => ['--enable-network']
+ },
'AUTOPKGTEST_VIRT_SERVER' => {
TYPE => 'STRING',
VARNAME => 'autopkgtest_virt_server',
diff --git a/lib/Sbuild/Options.pm b/lib/Sbuild/Options.pm
index 8cc70dc..f871cf4 100644
--- a/lib/Sbuild/Options.pm
+++ b/lib/Sbuild/Options.pm
@@ -51,6 +51,7 @@ sub set_options {
my ($opt_run_lintian, $opt_no_run_lintian);
my ($opt_run_piuparts, $opt_no_run_piuparts);
my ($opt_run_autopkgtest, $opt_no_run_autopkgtest);
+ my ($opt_enable_network, $opt_no_enable_network);
my ($opt_make_binnmu, $opt_binnmu, $opt_binnmu_timestamp, $opt_binnmu_changelog, $opt_append_to_version);
$self->add_options("arch=s" => sub {
@@ -505,6 +506,20 @@ sub set_options {
$self->set_conf('RUN_AUTOPKGTEST', 0);
$opt_no_run_autopkgtest = 1;
},
+ "enable-network" => sub {
+ if ($opt_no_enable_network) {
+ die "--enable-network cannot be used together with --no-enable-network";
+ }
+ $self->set_conf('ENABLE_NETWORK', 1);
+ $opt_enable_network = 1;
+ },
+ "no-enable-network" => sub {
+ if ($opt_enable_network) {
+ die "--no-enable-network cannot be used together with --enable-network";
+ }
+ $self->set_conf('ENABLE_NETWORK', 0);
+ $opt_no_enable_network = 1;
+ },
"autopkgtest-opts=s" => sub {
push(@{$self->get_conf('AUTOPKGTEST_OPTIONS')},
split(/\s+/, $_[1]));
diff --git a/man/sbuild.1.in b/man/sbuild.1.in
index 71a11cd..ec71399 100644
--- a/man/sbuild.1.in
+++ b/man/sbuild.1.in
@@ -54,6 +54,8 @@ sbuild \- build debian packages from source
.RB [ \-\-source\-only\-changes ]
.RB [ \-\-no\-source\-only\-changes ]
.RB [ \-j \[or] \-\-jobs=\fIn\fP ]
+.RB [ \-\-enable\-network ]
+.RB [ \-\-no\-enable\-network ]
.RB [ \-\-debbuildopt=\fIoption\fP ]
.RB [ \-\-debbuildopts=\fIoptions\fP ]
.RB [ \-\-dpkg\-source\-opt=\fIoptions\fP ]
@@ -99,7 +101,7 @@ sbuild \- build debian packages from source
.RB [ \-\-setup\-hook=\fIhook-script\fP ]
.RB [ \-\-build\-dep\-resolver=\fIresolver\fP ]
.RB [ \-\-resolve\-alternatives \[or] \-\-no\-resolve\-alternatives ]
-.RB [ \-\-extra\-package=\fIpackage.deb\fP ]
+.RB [ \-\-extra\-package=\fIpackage.deb|directory\fP ]
.RB [ \-\-extra\-repository=\fIspec\fP ]
.RB [ \-\-extra\-repository\-key=\fIfile.asc\fP ]
.RB [ \-\-build\-path=\fIstring\fP ]
@@ -387,6 +389,18 @@ This command line option appends the appropriate \fB\-j\fP option to the \fBDPKG
.BR sbuild.conf (5)
for more information.
.TP
+.BR \-\-enable\-network
+Enable network access during build. This command line option sets the
+\fBENABLE_NETWORK\fP configuration variable. See
+.BR sbuild.conf (5)
+for more information.
+.TP
+.BR \-\-no\-enable\-network
+Don't enable network access during build (only implemented for the unshare mode) (default). This
+command line option sets the \fBENABLE_NETWORK\fP configuration variable. See
+.BR sbuild.conf (5)
+for more information.
+.TP
.BR \-\-debbuildopt=\fIoption\fP
Pass the specified option directly to dpkg\-buildpackage in addition to the
options already passed by sbuild. This option can be passed multiple times
@@ -1239,11 +1253,10 @@ has the alias) \fI$distribution\-$arch\-sbuild\fP, \fI$distribution\-sbuild\fP,
The used chroot name can be overridden using the \-c or \-\-chroot options.
.TP
.BR sudo
-This chroot mode is deprecated and only provided for backwards compatibility
-and testing purposes. It operates by plainly entering the chosen chroot
-directory using "sudo chroot". Thus, this backend also does not provide
-ephemeral chroots. The sudo chroot mode searches for a symlink or directory
-located at \fI/etc/sbuild/chroot/\fP or in the current directory, prefixed with
+It operates by plainly entering the chosen chroot directory using "sudo
+chroot". Thus, this backend also does not provide ephemeral chroots. The sudo
+chroot mode searches for a symlink or directory located at
+\fI/etc/sbuild/chroot/\fP or in the current directory, prefixed with
\fIchroot\-\fP. The expected names are resolved in the same order as for the
schroot chroot mode and can be overridden using the \-c or \-\-chroot options.
.TP