summaryrefslogtreecommitdiff
path: root/arch-nspawn.in
AgeCommit message (Collapse)Author
2019-08-09ensure that sane umask is used where neededEli Schwartz
If a user umask is restrictive, a chroot may be created as root without the ability for the user to read it, which then causes makepkg --verifysource to fail. Do not set this in lib/common.sh, where it would apply to all scripts, as we do not want to override the user's policy for things like $SRCDEST files, svn checkouts, etc. Fixes FS#47625 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09Escape paths with ":" that are passed to systemd-nspawn --bindEli Schwartz
When parsing paths to automatically make available to the container, the ":" is used internally by systemd-nspawn to signify destinations in the container. Replace automatically with "\:" for the mounts that we set up, in order to safely handle a working directory etc. that contains this character. For bind options exposed to the user, it is assumed the user takes care of passing systemd-nspawn compatible paths themselves. Fixes FS#60845 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09arch-nspawn: support bind-mounting custom file:/// repositoriesEli Schwartz
Fixes FS#45882 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09arch-nspawn should not take pacman cache from hostBrian Bidulock
Previously, arch-nspawn was using the hosts' pacman cache in the chroot even when the chroot was set up with a different cache by mkarchroot, unless specified with the -c flag. Problem is that makechrootpkg passes no -C, -M nor -c flags to arch-nspawn, so all values must be obtained from the working directory. This change take the cache directories from the pacman.conf specified with the -C option unless the -c option was given (as is the case when the chroot is set up with mkarchroot), and, when neither -C nor -c is given (as is the case when invoked by makechrootpkg), the cache directory is taken from the pacman.conf in the working directory. This wasn't such an issue when i686 was mainline, however, which building packages in a chroot against archlinux32 on an x86_64 platform, the cache of the host should _never_ be used. Rebased by eschwartz on top of cachedir reworking. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09arch-nspawn: don't delete the guest gpg configurationEli Schwartz
It's important to ensure the guest has up to date data because updating a chroot after quite some time can potentially rely on updated archlinux-keyring, something which the host machine either kept up to date on or manually fixed, but it kills automation to mess around with chroot configs like that. Alternatively, signed packages added with -I need to work, and we assume the host is configured to accept these. That is *not* a good reason to completely nuke whatever is in the guest, though. A guest might have been manually configured to accept keys which aren't accepted by the host; one example of this happening in practice, is archlinux32 when building 32-bit packages from an archlinux host. The right solution is to append to, rather thna overwrite, the chrooted guest's pacman keyring. To do this, we will use gpg's native facility to dump the keyring from one GNUPGHOME and import it into another. We'd use pacman-key's --import option directly, but this doesn't support passing custom options like --import-options import-local-sigs Finally use pacman-key's native facility to import the trust status from the host. While we are at it, fix a bug where we didn't respect the host's pacman.conf settings for the GpgDir. While it isn't wildly likely a user will choose to customize this, it is a valid and supported use case and we must think about this ourselves. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09fixup commit "arch-nspawn: get all mirrors from host"Eli Schwartz
In commit d9b73504484da7e185dc590ef13d5f31942f6051, a line was deleted that had a shellcheck ignore marker, but the marker itself was left in (and had nothing to do). So, remove it. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09Migrate pacman.conf CacheDir parsing to pacman-confEli Schwartz
And while we're at it, make this more consistent. Currently we unnecessarily support only one -c /path/to/cachedir option. This requires slightly more thorough handling in mkarchroot to ensure all custom cachedirs are passed on to arch-nspawn. Rework to simply forward all arguments to arch-nspawn (minus final arguments used for pacman -Sy packagelist). Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-03-25arch-nspawn: get all mirrors from hostChristian Hesse
Now that pacconf gives us all mirrors we can use them, instead of just the first one. Signed-off-by: Christian Hesse <mail@eworm.de>
2018-05-13Proper fix for pacman-git returning file urls from the cacheEli Schwartz
It is much nicer to use a proper configuration parser to retrieve the primary mirror, rather than clever hacks using undocumented APIs, especially when their behavior as used then breaks in later releases. Fortunately, pacutils exists now and pacconf handles this quite elegantly. It has since been moved to pacman-git proper. Check if pacman-conf from a new enough version of pacman exists and fallback on pacconf from pacutils.
2018-05-13Revert "arch-nspawn: Work around pacman master returning file-URLs from the ↵Eli Schwartz
cache" This reverts commit eb6b0e3f11279b6512b1469ff042d2982eaaeef4. This never worked, as pacman-git returns file urls from the cache anyway and pacman stable doesn't have any problem at all. Having useless code which makes people think the issue is solved when it really isn't, is bloat, so remove it.
2018-01-21arch-nspawn: Remove pointless $(echo ...) subshellLuke Shumaker
2018-01-21arch-nspawn: make sure that makepkg.conf is always parsed as textLuke Shumaker
https://lists.parabola.nu/pipermail/dev/2017-June/005576.html
2017-09-13Revert "arch-nspawn: Hack to give the inner process a controlling terminal"Jan Alexander Steffens (heftig)
Whoops, this will of course mess with nspawn arguments passed to arch-nspawn.
2017-09-13arch-nspawn: Hack to give the inner process a controlling terminalJan Alexander Steffens (heftig)
This was lost at some point.
2017-09-12arch-nspawn: Pass --as-pid2Jan Alexander Steffens (heftig)
As not all commands we run are capable of reaping processes correctly. For example, pacman is not.
2017-09-11arch-nspawn: Force PATH to be the Arch defaultSébastien Luttringer
systemd-nspawn use a default environ PATH value of: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Since filesystem 2017.08, this is no more overrided by /etc/profile to the Arch default: PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
2017-08-24arch-nspawn: Add --keep-unit to prevent scope conflictsJan Alexander Steffens (heftig)
2017-07-05Add `# shellcheck` directives to quiet shellcheck, add PKGBUILD.protoLuke Shumaker
The added PKGBUILD.proto file is so that shellcheck can know know what to expect that a PKGBUILD sets.
2017-07-05Quote strings that shellcheck warns about.Luke Shumaker
These changes are all strictly "slap some double-quotes in there". Anything more than that is not included in this commit.
2017-07-05Make purely stylistic changes to make shellcheck happier.Luke Shumaker
These are purely stylistic changes that make shellcheck complain less. This does NOT include things like quoting currently unquoted variables.
2017-04-05mkarchroot, arch-nspawn: Add an `-s` flag to inhibit `setarch`.Luke Shumaker
This allows us to run an ARM chroot on an x86 box; as the binfmt runner will set the architecture for us, and the x86 `/usr/bin/setarch` program won't know about the ARM architecture string.
2017-04-05mkarchroot, arch-nspawn: Add an `-f` flag to add files to copy.Luke Shumaker
This allows us to copy in files like `qemu-arm-static`, which is necessary for running an ARM chroot on an x86 box.
2017-04-05Avoid using string interpolation; use printf format strings instead.Luke Shumaker
This involves extending the signature of lib/common.sh's `stat_busy()`, `lock()`, and `slock()`. The `mesg=$1; shift` in stat_busy even suggests that this is what was originally intended from it.
2017-04-05Add a "License:" tag to all code files.Luke Shumaker
In cases where there is no license specified, the file is tagged as "License: Unspecified". Obviously, that is not ideal, but it highlights the fact, and I hope that it encourages whoever has the authority to specify the license to do so. On that note, to anyone who may have the authority to specify the license of files in devtools: the current licence of many files is GPLv2 with no option for later versions; I impore you to re-license them to have the "or any later version" option.
2017-03-07lib/archroot.sh: Simplify check_rootJan Alexander Steffens (heftig)
Move the function and save the orig_argv right along it.
2017-03-07lib/archroot.sh: Move CHROOT_VERSION to a common fileJan Alexander Steffens (heftig)
2017-02-17mkarchroot: Set LANG=en_US.UTF-8Jan Alexander Steffens (heftig)
In order to have an UTF-8 locale in the build root. This is something normally set on real machines but is not set from our chroots. Meson, for example, loudly complains when the locale charset is not UTF-8. I'd like to have C.UTF-8, as most other distributions do. Unfortunately, it's not part of vanilla glibc; en_US.UTF-8 will have to do. mkarchroot already creates roots with both en_US.UTF-8 and de_DE.UTF-8, the latter because builds of gcc (perhaps used to) require it. Bump the CHROOT_VERSION due to the setting change.
2016-05-28arch-nspawn: Work around pacman master returning file-URLs from the cacheJan Alexander Steffens (heftig)
2015-11-29arch-nspawn: preserve systemd-nspawn's stderrEvangelos Foutras
It is passed down to the container when stdin/stdout is not a tty; this is the case when archbuild's output is redirected to a pipe or file.
2014-10-19save and reuse original argv when auto-elevatingDave Reisner
Fixes FS#42277.
2014-09-22arch-nspawn: Fix a grammar mistake (a/an) in an error message.Luke Shumaker
2014-09-22nspawn: skip machine registrationDave Reisner
No need to do this since we don't run an init system in the build root.
2014-05-10Switch to root when started as regular userSébastien Luttringer
In collaborative builder machine, these scripts are often allowed to become root via sudo. This patch avoid to prefix them by sudo each time or call su. Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2013-08-18arch-nspawn: allow oddly named directoriesDave Reisner
This fixes various errors one might encounter when trying to use a build root or cachedir with whitespace in it. Note that the cachedir fix is not a complete one, as pacman's output is unreliable (and not meant for parsing here). Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2013-08-18arch-nspawn: avoid escaping mount_argsDave Reisner
eval is no longer involved in the execution of systemd-nspawn, so we no longer need a layer of escaping on the arguments. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2013-08-08avoid injecting code into the format stringDave Reisner
Now that die() properly forwards arguments to error(), we can expect that the first arg is a format string and not the entirety of the output. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2013-08-08arch-nspawn: remove leading - from the machine name/hostnameFlorian Pritz
Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2013-05-11arch-nspawn: Quiet systemd-nspawn againJan Alexander Steffens (heftig)
systemd-nspawn always outputs some debug messages over stderr. Both stdout and stderr from inside the chroot are sent through a pty to stdout.
2013-05-06arch-nspawn: setarch to CARCHJan Alexander Steffens (heftig)
Allows calling makechrootpkg without worrying about the architecture
2013-05-03arch-nspawn: Set machine nameJan Alexander Steffens (heftig)
Recent changes to systemd-nspawn have it take the machine name from the chroot dir name, which isn't unique enough for our setup.
2013-05-02mkarchroot: Refactor chroot running into a new scriptJan Alexander Steffens (heftig)
Separates the two features of mkarchroot. Provides users of the new arch-nspawn with the full feature set of systemd-nspawn. For example, this can be used to bind custom directories into the chroot.