diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Sbuild/Build.pm | 20 | ||||
-rw-r--r-- | lib/Sbuild/ChrootSchroot.pm | 2 | ||||
-rw-r--r-- | lib/Sbuild/ChrootUnshare.pm | 17 | ||||
-rw-r--r-- | lib/Sbuild/Conf.pm | 8 | ||||
-rw-r--r-- | lib/Sbuild/Options.pm | 15 |
5 files changed, 50 insertions, 12 deletions
diff --git a/lib/Sbuild/Build.pm b/lib/Sbuild/Build.pm index cca1c89..7a23a85 100644 --- a/lib/Sbuild/Build.pm +++ b/lib/Sbuild/Build.pm @@ -640,13 +640,6 @@ END debug("Error run_chroot_session(): $@") if $@; - if ($self->get('Pkg Status') ne "successful") { - if(!$self->run_external_commands("post-build-failed-commands")) { - Sbuild::Exception::Build->throw(error => "Failed to execute post-build-commands", - failstage => "run-post-build-failed-commands"); - } - } - # End chroot session my $session = $self->get('Session'); if (defined $session) { @@ -833,6 +826,9 @@ sub run_fetch_install_packages { $self->set('Install Start Time', time); $self->set('Install End Time', $self->get('Install Start Time')); my @coredeps = @{$self->get_conf('CORE_DEPENDS')}; + if ($self->get_conf('CHROOT_MODE') eq 'unshare') { + push(@coredeps, 'dumb-init'); + } if ($self->get('Host Arch') ne $self->get('Build Arch')) { my $crosscoredeps = $self->get_conf('CROSSBUILD_CORE_DEPENDS'); if (defined($crosscoredeps->{$self->get('Host Arch')})) { @@ -1010,6 +1006,13 @@ sub run_fetch_install_packages { } } + if ($self->get('Pkg Status') ne "successful") { + if(!$self->run_external_commands("post-build-failed-commands")) { + Sbuild::Exception::Build->throw(error => "Failed to execute post-build-commands", + failstage => "run-post-build-failed-commands"); + } + } + $self->log_subsection("Cleanup"); my $session = $self->get('Session'); my $resolver = $self->get('Dependency Resolver'); @@ -2593,7 +2596,8 @@ sub build { PRIORITY => 0, DIR => $dscdir, STREAMERR => \*STDOUT, - DISABLE_NETWORK => 1, + ENABLE_NETWORK => $self->get_conf('ENABLE_NETWORK'), + BUILD_INSIDE_INIT => 1, }; my $pipe = $session->pipe_command($command); diff --git a/lib/Sbuild/ChrootSchroot.pm b/lib/Sbuild/ChrootSchroot.pm index 8c88284..0dc8a95 100644 --- a/lib/Sbuild/ChrootSchroot.pm +++ b/lib/Sbuild/ChrootSchroot.pm @@ -132,7 +132,7 @@ sub get_command_internal { return if $self->get('Session ID') eq ""; - if (defined($options->{'DISABLE_NETWORK'}) && $options->{'DISABLE_NETWORK'}) { + if (defined($options->{'ENABLE_NETWORK'}) && $options->{'ENABLE_NETWORK'} == 0) { print STDERR "Disabling the network for this command was requested but the schroot backend doesn't support this feature yet: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802849\n" if $self->get_conf('DEBUG'); } diff --git a/lib/Sbuild/ChrootUnshare.pm b/lib/Sbuild/ChrootUnshare.pm index 91a7fa4..c4a3064 100644 --- a/lib/Sbuild/ChrootUnshare.pm +++ b/lib/Sbuild/ChrootUnshare.pm @@ -271,17 +271,23 @@ sub _get_exec_argv { my $dir = shift; my $user = shift; my $disable_network = shift // 0; + my $build_inside_init = shift // 0; # On systems with libnss-resolve installed there is no need for a # /etc/resolv.conf. This works around this by adding 127.0.0.53 (default # for systemd-resolved) in that case. my $network_setup = '[ -f /etc/resolv.conf ] && cat /etc/resolv.conf > "$rootdir/etc/resolv.conf" || echo "nameserver 127.0.0.53" > "$rootdir/etc/resolv.conf";'; my $unshare = CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWUTS | CLONE_NEWIPC; + my $init = ""; if ($disable_network) { $unshare |= CLONE_NEWNET; $network_setup = 'ip link set lo up;> "$rootdir/etc/resolv.conf";'; } + if ($build_inside_init) { + $init = "/usr/bin/dumb-init"; + } + my @bind_mounts = (); for my $entry (@{$self->get_conf('UNSHARE_BIND_MOUNTS')}) { push @bind_mounts, $entry->{directory}, $entry->{mountpoint}; @@ -321,7 +327,7 @@ sub _get_exec_argv { mount -o rbind /sys \"\$rootdir/sys\"; mkdir -p \"\$rootdir/proc\"; mount -t proc proc \"\$rootdir/proc\"; - exec /usr/sbin/chroot \"\$rootdir\" /sbin/runuser -u \"\$user\" -- sh -c \"cd \\\"\\\$1\\\" && shift && \\\"\\\$@\\\"\" -- \"\$dir\" \"\$@\"; + exec /usr/sbin/chroot \"\$rootdir\" $init /sbin/runuser -u \"\$user\" -- sh -c \"cd \\\"\\\$1\\\" && shift && \\\"\\\$@\\\"\" -- \"\$dir\" \"\$@\"; ", '--', $self->get('Session ID'), $user, $dir, @bind_mounts, '--' ); } @@ -358,11 +364,16 @@ sub get_command_internal { } my $disable_network = 0; - if (defined($options->{'DISABLE_NETWORK'}) && $options->{'DISABLE_NETWORK'}) { + if (defined($options->{'ENABLE_NETWORK'}) && $options->{'ENABLE_NETWORK'} == 0) { $disable_network = 1; } - my @cmdline = $self->_get_exec_argv($dir, $user, $disable_network); + my $build_inside_init = 0; + if (defined($options->{'BUILD_INSIDE_INIT'}) && $options->{'BUILD_INSIDE_INIT'}) { + $build_inside_init = 1; + } + + my @cmdline = $self->_get_exec_argv($dir, $user, $disable_network, $build_inside_init); if (ref $command) { push @cmdline, @$command; } else { diff --git a/lib/Sbuild/Conf.pm b/lib/Sbuild/Conf.pm index 77e3db3..d0e3f6f 100644 --- a/lib/Sbuild/Conf.pm +++ b/lib/Sbuild/Conf.pm @@ -295,6 +295,14 @@ sub setup ($) { HELP => 'Bind mount directories from the outside to a mountpoint inside the chroot in unshare mode.', EXAMPLE => '$unshare_bind_mounts = [ { directory => "/home/path/outside", mountpoint => "/path/inside" } ];' }, + 'ENABLE_NETWORK' => { + TYPE => 'STRING', + VARNAME => 'enable_network', + GROUP => 'Build options', + DEFAULT => 0, + HELP => 'By default network access is blocked during build (only implemented for the unshare mode). This lifts the restriction.', + CLI_OPTIONS => ['--enable-network'] + }, 'AUTOPKGTEST_VIRT_SERVER' => { TYPE => 'STRING', VARNAME => 'autopkgtest_virt_server', diff --git a/lib/Sbuild/Options.pm b/lib/Sbuild/Options.pm index 8cc70dc..f871cf4 100644 --- a/lib/Sbuild/Options.pm +++ b/lib/Sbuild/Options.pm @@ -51,6 +51,7 @@ sub set_options { my ($opt_run_lintian, $opt_no_run_lintian); my ($opt_run_piuparts, $opt_no_run_piuparts); my ($opt_run_autopkgtest, $opt_no_run_autopkgtest); + my ($opt_enable_network, $opt_no_enable_network); my ($opt_make_binnmu, $opt_binnmu, $opt_binnmu_timestamp, $opt_binnmu_changelog, $opt_append_to_version); $self->add_options("arch=s" => sub { @@ -505,6 +506,20 @@ sub set_options { $self->set_conf('RUN_AUTOPKGTEST', 0); $opt_no_run_autopkgtest = 1; }, + "enable-network" => sub { + if ($opt_no_enable_network) { + die "--enable-network cannot be used together with --no-enable-network"; + } + $self->set_conf('ENABLE_NETWORK', 1); + $opt_enable_network = 1; + }, + "no-enable-network" => sub { + if ($opt_enable_network) { + die "--no-enable-network cannot be used together with --enable-network"; + } + $self->set_conf('ENABLE_NETWORK', 0); + $opt_no_enable_network = 1; + }, "autopkgtest-opts=s" => sub { push(@{$self->get_conf('AUTOPKGTEST_OPTIONS')}, split(/\s+/, $_[1])); |