From 6ed625ed90afd15b054df32dfc99f605244859dc Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 14 Apr 2024 15:47:24 +0200 Subject: Merging upstream version 0.85.7. Signed-off-by: Daniel Baumann --- bin/sbuild-qemu-boot | 4 +++- bin/sbuild-qemu-update | 4 +++- lib/Sbuild/Build.pm | 20 ++++++++++++-------- lib/Sbuild/ChrootSchroot.pm | 2 +- lib/Sbuild/ChrootUnshare.pm | 17 ++++++++++++++--- lib/Sbuild/Conf.pm | 8 ++++++++ lib/Sbuild/Options.pm | 15 +++++++++++++++ man/sbuild.1.in | 25 +++++++++++++++++++------ 8 files changed, 75 insertions(+), 20 deletions(-) diff --git a/bin/sbuild-qemu-boot b/bin/sbuild-qemu-boot index ae2ef1d..1fd93ae 100755 --- a/bin/sbuild-qemu-boot +++ b/bin/sbuild-qemu-boot @@ -148,7 +148,9 @@ def get_qemu_base_args(image, guest_arch=None, boot="auto"): case "efi": match guest_arch: case 'amd64': - eficode = "/usr/share/OVMF/OVMF_CODE.fd" + eficode = "/usr/share/OVMF/OVMF_CODE_4M.fd" + if not os.path.exists(eficode): + eficode = "/usr/share/OVMF/OVMF_CODE.fd" case 'i386': eficode = "/usr/share/OVMF/OVMF32_CODE_4M.secboot.fd" case 'arm64': diff --git a/bin/sbuild-qemu-update b/bin/sbuild-qemu-update index af5c31c..6e08274 100755 --- a/bin/sbuild-qemu-update +++ b/bin/sbuild-qemu-update @@ -146,7 +146,9 @@ def get_qemu_base_args(image, guest_arch=None, boot="auto"): case "efi": match guest_arch: case 'amd64': - eficode = "/usr/share/OVMF/OVMF_CODE.fd" + eficode = "/usr/share/OVMF/OVMF_CODE_4M.fd" + if not os.path.exists(eficode): + eficode = "/usr/share/OVMF/OVMF_CODE.fd" case 'i386': eficode = "/usr/share/OVMF/OVMF32_CODE_4M.secboot.fd" case 'arm64': diff --git a/lib/Sbuild/Build.pm b/lib/Sbuild/Build.pm index cca1c89..7a23a85 100644 --- a/lib/Sbuild/Build.pm +++ b/lib/Sbuild/Build.pm @@ -640,13 +640,6 @@ END debug("Error run_chroot_session(): $@") if $@; - if ($self->get('Pkg Status') ne "successful") { - if(!$self->run_external_commands("post-build-failed-commands")) { - Sbuild::Exception::Build->throw(error => "Failed to execute post-build-commands", - failstage => "run-post-build-failed-commands"); - } - } - # End chroot session my $session = $self->get('Session'); if (defined $session) { @@ -833,6 +826,9 @@ sub run_fetch_install_packages { $self->set('Install Start Time', time); $self->set('Install End Time', $self->get('Install Start Time')); my @coredeps = @{$self->get_conf('CORE_DEPENDS')}; + if ($self->get_conf('CHROOT_MODE') eq 'unshare') { + push(@coredeps, 'dumb-init'); + } if ($self->get('Host Arch') ne $self->get('Build Arch')) { my $crosscoredeps = $self->get_conf('CROSSBUILD_CORE_DEPENDS'); if (defined($crosscoredeps->{$self->get('Host Arch')})) { @@ -1010,6 +1006,13 @@ sub run_fetch_install_packages { } } + if ($self->get('Pkg Status') ne "successful") { + if(!$self->run_external_commands("post-build-failed-commands")) { + Sbuild::Exception::Build->throw(error => "Failed to execute post-build-commands", + failstage => "run-post-build-failed-commands"); + } + } + $self->log_subsection("Cleanup"); my $session = $self->get('Session'); my $resolver = $self->get('Dependency Resolver'); @@ -2593,7 +2596,8 @@ sub build { PRIORITY => 0, DIR => $dscdir, STREAMERR => \*STDOUT, - DISABLE_NETWORK => 1, + ENABLE_NETWORK => $self->get_conf('ENABLE_NETWORK'), + BUILD_INSIDE_INIT => 1, }; my $pipe = $session->pipe_command($command); diff --git a/lib/Sbuild/ChrootSchroot.pm b/lib/Sbuild/ChrootSchroot.pm index 8c88284..0dc8a95 100644 --- a/lib/Sbuild/ChrootSchroot.pm +++ b/lib/Sbuild/ChrootSchroot.pm @@ -132,7 +132,7 @@ sub get_command_internal { return if $self->get('Session ID') eq ""; - if (defined($options->{'DISABLE_NETWORK'}) && $options->{'DISABLE_NETWORK'}) { + if (defined($options->{'ENABLE_NETWORK'}) && $options->{'ENABLE_NETWORK'} == 0) { print STDERR "Disabling the network for this command was requested but the schroot backend doesn't support this feature yet: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802849\n" if $self->get_conf('DEBUG'); } diff --git a/lib/Sbuild/ChrootUnshare.pm b/lib/Sbuild/ChrootUnshare.pm index 91a7fa4..c4a3064 100644 --- a/lib/Sbuild/ChrootUnshare.pm +++ b/lib/Sbuild/ChrootUnshare.pm @@ -271,17 +271,23 @@ sub _get_exec_argv { my $dir = shift; my $user = shift; my $disable_network = shift // 0; + my $build_inside_init = shift // 0; # On systems with libnss-resolve installed there is no need for a # /etc/resolv.conf. This works around this by adding 127.0.0.53 (default # for systemd-resolved) in that case. my $network_setup = '[ -f /etc/resolv.conf ] && cat /etc/resolv.conf > "$rootdir/etc/resolv.conf" || echo "nameserver 127.0.0.53" > "$rootdir/etc/resolv.conf";'; my $unshare = CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWUTS | CLONE_NEWIPC; + my $init = ""; if ($disable_network) { $unshare |= CLONE_NEWNET; $network_setup = 'ip link set lo up;> "$rootdir/etc/resolv.conf";'; } + if ($build_inside_init) { + $init = "/usr/bin/dumb-init"; + } + my @bind_mounts = (); for my $entry (@{$self->get_conf('UNSHARE_BIND_MOUNTS')}) { push @bind_mounts, $entry->{directory}, $entry->{mountpoint}; @@ -321,7 +327,7 @@ sub _get_exec_argv { mount -o rbind /sys \"\$rootdir/sys\"; mkdir -p \"\$rootdir/proc\"; mount -t proc proc \"\$rootdir/proc\"; - exec /usr/sbin/chroot \"\$rootdir\" /sbin/runuser -u \"\$user\" -- sh -c \"cd \\\"\\\$1\\\" && shift && \\\"\\\$@\\\"\" -- \"\$dir\" \"\$@\"; + exec /usr/sbin/chroot \"\$rootdir\" $init /sbin/runuser -u \"\$user\" -- sh -c \"cd \\\"\\\$1\\\" && shift && \\\"\\\$@\\\"\" -- \"\$dir\" \"\$@\"; ", '--', $self->get('Session ID'), $user, $dir, @bind_mounts, '--' ); } @@ -358,11 +364,16 @@ sub get_command_internal { } my $disable_network = 0; - if (defined($options->{'DISABLE_NETWORK'}) && $options->{'DISABLE_NETWORK'}) { + if (defined($options->{'ENABLE_NETWORK'}) && $options->{'ENABLE_NETWORK'} == 0) { $disable_network = 1; } - my @cmdline = $self->_get_exec_argv($dir, $user, $disable_network); + my $build_inside_init = 0; + if (defined($options->{'BUILD_INSIDE_INIT'}) && $options->{'BUILD_INSIDE_INIT'}) { + $build_inside_init = 1; + } + + my @cmdline = $self->_get_exec_argv($dir, $user, $disable_network, $build_inside_init); if (ref $command) { push @cmdline, @$command; } else { diff --git a/lib/Sbuild/Conf.pm b/lib/Sbuild/Conf.pm index 77e3db3..d0e3f6f 100644 --- a/lib/Sbuild/Conf.pm +++ b/lib/Sbuild/Conf.pm @@ -295,6 +295,14 @@ sub setup ($) { HELP => 'Bind mount directories from the outside to a mountpoint inside the chroot in unshare mode.', EXAMPLE => '$unshare_bind_mounts = [ { directory => "/home/path/outside", mountpoint => "/path/inside" } ];' }, + 'ENABLE_NETWORK' => { + TYPE => 'STRING', + VARNAME => 'enable_network', + GROUP => 'Build options', + DEFAULT => 0, + HELP => 'By default network access is blocked during build (only implemented for the unshare mode). This lifts the restriction.', + CLI_OPTIONS => ['--enable-network'] + }, 'AUTOPKGTEST_VIRT_SERVER' => { TYPE => 'STRING', VARNAME => 'autopkgtest_virt_server', diff --git a/lib/Sbuild/Options.pm b/lib/Sbuild/Options.pm index 8cc70dc..f871cf4 100644 --- a/lib/Sbuild/Options.pm +++ b/lib/Sbuild/Options.pm @@ -51,6 +51,7 @@ sub set_options { my ($opt_run_lintian, $opt_no_run_lintian); my ($opt_run_piuparts, $opt_no_run_piuparts); my ($opt_run_autopkgtest, $opt_no_run_autopkgtest); + my ($opt_enable_network, $opt_no_enable_network); my ($opt_make_binnmu, $opt_binnmu, $opt_binnmu_timestamp, $opt_binnmu_changelog, $opt_append_to_version); $self->add_options("arch=s" => sub { @@ -505,6 +506,20 @@ sub set_options { $self->set_conf('RUN_AUTOPKGTEST', 0); $opt_no_run_autopkgtest = 1; }, + "enable-network" => sub { + if ($opt_no_enable_network) { + die "--enable-network cannot be used together with --no-enable-network"; + } + $self->set_conf('ENABLE_NETWORK', 1); + $opt_enable_network = 1; + }, + "no-enable-network" => sub { + if ($opt_enable_network) { + die "--no-enable-network cannot be used together with --enable-network"; + } + $self->set_conf('ENABLE_NETWORK', 0); + $opt_no_enable_network = 1; + }, "autopkgtest-opts=s" => sub { push(@{$self->get_conf('AUTOPKGTEST_OPTIONS')}, split(/\s+/, $_[1])); diff --git a/man/sbuild.1.in b/man/sbuild.1.in index 71a11cd..ec71399 100644 --- a/man/sbuild.1.in +++ b/man/sbuild.1.in @@ -54,6 +54,8 @@ sbuild \- build debian packages from source .RB [ \-\-source\-only\-changes ] .RB [ \-\-no\-source\-only\-changes ] .RB [ \-j \[or] \-\-jobs=\fIn\fP ] +.RB [ \-\-enable\-network ] +.RB [ \-\-no\-enable\-network ] .RB [ \-\-debbuildopt=\fIoption\fP ] .RB [ \-\-debbuildopts=\fIoptions\fP ] .RB [ \-\-dpkg\-source\-opt=\fIoptions\fP ] @@ -99,7 +101,7 @@ sbuild \- build debian packages from source .RB [ \-\-setup\-hook=\fIhook-script\fP ] .RB [ \-\-build\-dep\-resolver=\fIresolver\fP ] .RB [ \-\-resolve\-alternatives \[or] \-\-no\-resolve\-alternatives ] -.RB [ \-\-extra\-package=\fIpackage.deb\fP ] +.RB [ \-\-extra\-package=\fIpackage.deb|directory\fP ] .RB [ \-\-extra\-repository=\fIspec\fP ] .RB [ \-\-extra\-repository\-key=\fIfile.asc\fP ] .RB [ \-\-build\-path=\fIstring\fP ] @@ -387,6 +389,18 @@ This command line option appends the appropriate \fB\-j\fP option to the \fBDPKG .BR sbuild.conf (5) for more information. .TP +.BR \-\-enable\-network +Enable network access during build. This command line option sets the +\fBENABLE_NETWORK\fP configuration variable. See +.BR sbuild.conf (5) +for more information. +.TP +.BR \-\-no\-enable\-network +Don't enable network access during build (only implemented for the unshare mode) (default). This +command line option sets the \fBENABLE_NETWORK\fP configuration variable. See +.BR sbuild.conf (5) +for more information. +.TP .BR \-\-debbuildopt=\fIoption\fP Pass the specified option directly to dpkg\-buildpackage in addition to the options already passed by sbuild. This option can be passed multiple times @@ -1239,11 +1253,10 @@ has the alias) \fI$distribution\-$arch\-sbuild\fP, \fI$distribution\-sbuild\fP, The used chroot name can be overridden using the \-c or \-\-chroot options. .TP .BR sudo -This chroot mode is deprecated and only provided for backwards compatibility -and testing purposes. It operates by plainly entering the chosen chroot -directory using "sudo chroot". Thus, this backend also does not provide -ephemeral chroots. The sudo chroot mode searches for a symlink or directory -located at \fI/etc/sbuild/chroot/\fP or in the current directory, prefixed with +It operates by plainly entering the chosen chroot directory using "sudo +chroot". Thus, this backend also does not provide ephemeral chroots. The sudo +chroot mode searches for a symlink or directory located at +\fI/etc/sbuild/chroot/\fP or in the current directory, prefixed with \fIchroot\-\fP. The expected names are resolved in the same order as for the schroot chroot mode and can be overridden using the \-c or \-\-chroot options. .TP -- cgit v1.2.3