Update for xbps>=0.35 which contains xbps-uchroot.

That means that the Makefile and xbps-src generated files are not required
anymore, and the xbps-src script can be used as is.

Bump xbps requirement to 0.35 and enable XBPS_INSTALL_ARGS by default.
This commit is contained in:
Juan RP 2014-04-01 11:29:21 +02:00
parent 5daf2a124b
commit 576b865cf4
7 changed files with 20 additions and 360 deletions

View file

@ -1,34 +0,0 @@
# xbps-packages top-level Makefile.
#
# MUTABLE VARIABLES
PRIVILEGED_GROUP ?= xbuilder
# INMUTABLE VARIABLES
VERSION = 112
GITVER := $(shell git rev-parse --short HEAD)
SHAREDIR = common/xbps-src/shutils
LIBEXECDIR = common/xbps-src/libexec
CHROOT_C = uchroot.c
CHROOT_BIN = xbps-src-chroot-helper
CFLAGS += -O2 -Wall -Werror
.PHONY: all setup clean
all:
sed -e "s|@@XBPS_SRC_VERSION@@|$(VERSION) ($(GITVER))|g" \
${CURDIR}/common/xbps-src/xbps-src.sh > ${CURDIR}/xbps-src
$(CC) $(CFLAGS) ${LIBEXECDIR}/$(CHROOT_C) -o ${LIBEXECDIR}/$(CHROOT_BIN)
chmod 755 xbps-src
@echo "Ignoring changes to etc/conf for local overrides."
@git update-index --assume-unchanged etc/conf
@echo
@echo "The chroot helper must be a setgid binary (4750) for the group '$(PRIVILEGED_GROUP)'."
@echo "Please run 'sudo make setup' to set appropiate permissions."
setup:
chown root:$(PRIVILEGED_GROUP) $(LIBEXECDIR)/$(CHROOT_BIN)
chmod 4750 $(LIBEXECDIR)/$(CHROOT_BIN)
clean:
rm -f xbps-src $(LIBEXECDIR)/$(CHROOT_BIN)

View file

@ -1,27 +1,18 @@
## The XBPS packages collection
This repository contains the XBPS package collection to build binary packages
This repository contains the XBPS source packages collection to build binary packages
for the Void Linux distribution.
To start using it first you'll need some external dependencies:
- GNU make
- GNU bash
- C compiler
- bash
- fakeroot
- xbps >= 0.33
- xbps >= 0.35
The `xbps-src` utility and its helpers must be built first:
Make sure your user is added to the `xbuilder` group to be able to use `xbps-uchroot`,
otherwise `xbps-src` won't work correctly.
$ make
The `xbps-src` chroot helper required to chroot and setup the bind mounts must
be a setgid binary that can only be executed by a special group, by default `xbuilder`.
To set the appropiate permissions run the `setup` target:
$ sudo make setup
After that you can run:
The `xbps-src` utility will allow you to generate XBPS binary packages, type
$ ./xbps-src -h
@ -29,7 +20,7 @@ to see all available targets/options and start building any available package
in the `srcpkgs` directory.
The `etc/defaults.conf` file contains the possible settings that can be overrided
through `etc/conf` configuration file for the `xbps-src` utility.
through the `etc/conf` configuration file for the `xbps-src` utility.
See [Manual](https://github.com/voidlinux/xbps-packages/blob/master/Manual.md)
for documentation to create and learn about the source packages.

View file

@ -5,6 +5,7 @@
# =========================================================
# DO NOT MODIFY THIS FILE WITHOUT PRIOR WRITTEN PERMISSION!
# =========================================================
# OBSOLETE WITH XBPS>=0.35, KEEP THIS FOR COMPAT.
set -a

View file

@ -1,273 +0,0 @@
/*-
* Copyright (c) 2014 Juan Romero Pardines.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This is based on linux-user-chroot by Colin Walters, but has been adapted
* specifically for xbps-src use:
*
* - This bind mounts exactly what we need, no support for additional mounts.
* - This uses IPC/PID/mount namespaces, nothing more.
* - Disables namespace features if running in OpenVZ containers.
*/
#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/prctl.h>
#include <sys/fsuid.h>
#include <sys/mount.h>
#include <sys/syscall.h>
#include <sys/wait.h>
#include <unistd.h>
#include <stdio.h>
#include <fcntl.h>
#include <errno.h>
#include <stdarg.h>
#include <string.h>
#include <assert.h>
#include <stdlib.h>
#include <sched.h>
#include <limits.h> /* PATH_MAX */
#ifndef SECBIT_NOROOT
#define SECBIT_NOROOT (1 << 0)
#endif
#ifndef SECBIT_NOROOT_LOCKED
#define SECBIT_NOROOT_LOCKED (1 << 1)
#endif
#ifndef PR_SET_NO_NEW_PRIVS
#define PR_SET_NO_NEW_PRIVS 38
#endif
static void
die(const char *fmt, ...)
{
va_list ap;
int save_errno = errno;
va_start(ap, fmt);
fprintf(stderr, "ERROR ");
vfprintf(stderr, fmt, ap);
fprintf(stderr, " (%s)\n", strerror(save_errno));
va_end(ap);
exit(EXIT_FAILURE);
}
static void
usage(const char *p)
{
printf("Usage: %s [-D dir] [-H dir] [-S dir] <chrootdir> <command>\n\n"
"-D <distdir> Directory to be bind mounted at <chrootdir>/xbps-packages\n"
"-H <hostdir> Directory to be bind mounted at <chrootdir>/host\n"
"-S <shmdir> Directory to be bind mounted at <chrootdir>/<shmdir>\n", p);
exit(EXIT_FAILURE);
}
static int
fsuid_chdir(uid_t uid, const char *path)
{
int saveerrno, rv;
(void)setfsuid(uid);
rv = chdir(path);
saveerrno = errno;
(void)setfsuid(0);
errno = saveerrno;
return rv;
}
static int
openvz_container(void)
{
if ((!access("/proc/vz/vzaquota", R_OK)) &&
(!access("/proc/user_beancounters", R_OK)))
return 1;
return 0;
}
static void
bindmount(uid_t ruid, const char *chrootdir, const char *dir, const char *dest)
{
char mountdir[PATH_MAX-1];
snprintf(mountdir, sizeof(mountdir), "%s/%s", chrootdir, dest ? dest : dir);
if (fsuid_chdir(ruid, dir) == -1)
die("Couldn't chdir to %s", dir);
if (mount(".", mountdir, NULL, MS_BIND|MS_PRIVATE, NULL) == -1)
die("Failed to bind mount %s at %s", dir, mountdir);
}
int
main(int argc, char **argv)
{
uid_t ruid, euid, suid;
gid_t rgid, egid, sgid;
const char *chrootdir, *distdir, *hostdir, *shmdir, *cmd, *argv0;
char **cmdargs, mountdir[PATH_MAX-1];
int aidx = 0, clone_flags, child_status = 0;
pid_t child;
chrootdir = distdir = hostdir = shmdir = cmd = NULL;
argv0 = argv[0];
argc--;
argv++;
if (argc < 2)
usage(argv0);
while (aidx < argc) {
if (strcmp(argv[aidx], "-D") == 0) {
/* distdir */
distdir = argv[aidx+1];
aidx += 2;
} else if (strcmp(argv[aidx], "-H") == 0) {
/* hostdir */
hostdir = argv[aidx+1];
aidx += 2;
} else if (strcmp(argv[aidx], "-S") == 0) {
/* shmdir */
shmdir = argv[aidx+1];
aidx += 2;
} else {
break;
}
}
if ((argc - aidx) < 2)
usage(argv0);
chrootdir = argv[aidx];
cmd = argv[aidx+1];
cmdargs = argv + aidx + 1;
/* Never allow chrootdir == / */
if (strcmp(chrootdir, "/") == 0)
die("/ is not allowed to be used as chrootdir");
if (getresgid(&rgid, &egid, &sgid) == -1)
die("getresgid");
if (getresuid(&ruid, &euid, &suid) == -1)
die("getresuid");
if (rgid == 0)
rgid = ruid;
clone_flags = (SIGCHLD|CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUTS|CLONE_NEWPID);
if (openvz_container()) {
/*
* If running in a OpenVZ container simply disable all namespace
* features.
*/
clone_flags &= ~(CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUTS|CLONE_NEWPID);
}
/* Issue the clone(2) syscall with our settings */
if ((child = syscall(__NR_clone, clone_flags, NULL)) == -1)
die("clone");
if (child == 0) {
/*
* Restrict privileges on the child.
*/
if (prctl(PR_SET_NO_NEW_PRIVS, 1) == -1 && errno != EINVAL) {
die("prctl PR_SET_NO_NEW_PRIVS");
} else if (prctl (PR_SET_SECUREBITS,
SECBIT_NOROOT|SECBIT_NOROOT_LOCKED) == -1) {
die("prctl SECBIT_NOROOT");
}
if (!openvz_container()) {
/* Make / a private mount */
if (mount(NULL, "/", "none", MS_PRIVATE|MS_REC, NULL) == -1)
die("mount(/, MS_PRIVATE|MS_REC)");
/* Remount / with nosuid just in case */
if (mount (NULL, "/", "none", MS_PRIVATE|MS_REMOUNT|MS_NOSUID, NULL) == -1)
die("mount(/, MS_PRIVATE|MS_REMOUNT|MS_NOSUID");
}
/* mount /proc */
snprintf(mountdir, sizeof(mountdir), "%s/proc", chrootdir);
if (mount("proc", mountdir, "proc", MS_MGC_VAL|MS_PRIVATE, NULL) == -1)
die("Failed to mount %s", mountdir);
/* bind mount /sys */
bindmount(ruid, chrootdir, "/sys", NULL);
/* bind mount /dev */
bindmount(ruid, chrootdir, "/dev", NULL);
/* bind mount hostdir if set */
if (hostdir)
bindmount(ruid, chrootdir, hostdir, "/host");
/* bind mount distdir (if set) */
if (distdir)
bindmount(ruid, chrootdir, distdir, "/xbps-packages");
/* bind mount shmdir (if set) */
if (shmdir)
bindmount(ruid, chrootdir, shmdir, NULL);
/* move chrootdir to / and chroot to it */
if (fsuid_chdir(ruid, chrootdir) == -1)
die("Failed to chdir to %s", chrootdir);
if (mount(".", ".", NULL, MS_BIND|MS_PRIVATE, NULL) == -1)
die("Failed to bind mount %s", chrootdir);
if (mount(chrootdir, "/", NULL, MS_MOVE, NULL) == -1)
die("Failed to move %s as rootfs", chrootdir);
if (chroot(".") == -1)
die("Failed to chroot to %s", chrootdir);
/* Switch back to the gid/uid of invoking process */
if (setgid(rgid) == -1)
die("setgid child");
if (setuid(ruid) == -1)
die("setuid child");
if (execvp(cmd, cmdargs) == -1)
die("Failed to execute command %s", cmd);
}
/* Switch back to the gid/uid of invoking process also in the parent */
if (setgid(rgid) == -1)
die("setgid child");
if (setuid(ruid) == -1)
die("setuid child");
/* Wait until the child terminates */
while (waitpid(child, &child_status, 0) < 0) {
if (errno != EINTR)
die("waitpid");
}
if (!WIFEXITED(child_status))
return -1;
return WEXITSTATUS(child_status);
}

View file

@ -1,11 +0,0 @@
# Configuration file for xbps-src.
#
# Load the defaults in from defaults.conf (if it's readable).
# These can be overridden below.
#
if [ -r ${XBPS_DISTDIR}/etc/defaults.conf ]; then
. ${XBPS_DISTDIR}/etc/defaults.conf
fi
# Add your local overrides below
#

View file

@ -44,7 +44,7 @@
# Enable optional arguments to xbps-install. This is useful when you use
# static binaries and when you need to specify arguments.
# NOTE: This is only used with the binary-bootstrap target!
#XBPS_INSTALL_ARGS="--repository=http://repo.voidlinux.eu/current"
XBPS_INSTALL_ARGS="--repository=http://repo.voidlinux.eu/current"
# [OPTIONAL]
# Compilation flags for C and C++.

36
common/xbps-src/xbps-src.sh → xbps-src Normal file → Executable file
View file

@ -173,34 +173,14 @@ check_build_requirements() {
for f in $XBPS_SHUTILSDIR/*.sh; do
[ -r $f ] && . $f
done
for f in $XBPS_COMMONDIR/environment/setup/*.sh; do
[ -r $f ] && . $f
done
if [ -z "$XBPS_SRC_REQ" -o -z "$XBPS_UTILS_REQ" -o -z "$XBPS_UTILS_API_REQ" ]; then
echo "ERROR: cannot satisfy xbps requirements!"
exit 1
fi
case "$XBPS_TARGET" in
*bootstrap*) found=1;;
*) ;;
esac
if [ -z "$found" ]; then
xbps-uhelper cmpver $(echo "$XBPS_SRC_VERSION"|awk '{print $1}') "$XBPS_SRC_REQ"
xbps-uhelper cmpver "$XBPS_VERSION" "$XBPS_VERSION_REQ"
if [ $? -eq 255 ]; then
echo "ERROR: this xbps-src version is outdated! (>=$XBPS_SRC_REQ is required)"
echo "Bootstrap packages must be updated with 'xbps-src bootstrap-update'"
exit 1
fi
xbps-uhelper cmpver "$XBPS_VERSION" "$XBPS_UTILS_REQ"
if [ $? -eq 255 ]; then
echo "ERROR: requires xbps-$XBPS_UTILS_REQ API: $XBPS_UTILS_API_REQ"
echo "Bootstrap packages must be updated with 'xbps-src bootstrap-update'"
exit 1
fi
xbps-uhelper cmpver "$XBPS_APIVER" "$XBPS_UTILS_API_REQ"
if [ $? -eq 255 ]; then
echo "ERROR: requires xbps-$XBPS_UTILS_REQ API: $XBPS_UTILS_API_REQ"
echo "ERROR: requires xbps>=${XBPS_VERSION_REQ}"
echo "Bootstrap packages must be updated with 'xbps-src bootstrap-update'"
exit 1
fi
@ -288,9 +268,11 @@ read_pkg() {
setup_pkg $XBPS_TARGET_PKG $XBPS_CROSS_BUILD
}
# Requires xbps>=0.35
readonly XBPS_VERSION_REQ="0.35"
readonly XBPS_VERSION=$(xbps-uhelper -V|awk '{print $2}')
readonly XBPS_APIVER=$(xbps-uhelper -V|awk '{print $4}')
readonly XBPS_SRC_VERSION="@@XBPS_SRC_VERSION@@"
readonly XBPS_SRC_VERSION="113"
readonly FAKEROOT_CMD="fakeroot --"
readonly XBPS_MACHINE=$(uname -m)
@ -345,6 +327,10 @@ else
else
readonly XBPS_DISTDIR="${_distdir}"
fi
# Read defaults and then the local configuration file
if [ -f $XBPS_DISTDIR/etc/defaults.conf ]; then
. $XBPS_DISTDIR/etc/defaults.conf
fi
readonly XBPS_CONFIG_FILE=$XBPS_DISTDIR/etc/conf
fi
@ -384,7 +370,7 @@ readonly XBPS_TRIGGERSDIR=$XBPS_SRCPKGDIR/xbps-triggers/files
readonly XBPS_CROSSPFDIR=$XBPS_COMMONDIR/cross-profiles
readonly XBPS_BUILDSTYLEDIR=$XBPS_COMMONDIR/build_style
readonly XBPS_LIBEXECDIR=$XBPS_COMMONDIR/xbps-src/libexec
readonly CHROOT_CMD=$XBPS_LIBEXECDIR/xbps-src-chroot-helper
readonly CHROOT_CMD=xbps-uchroot
# XBPS_FETCH_CMD can be overriden
export XBPS_FETCH_CMD="xbps-uhelper fetch"