summaryrefslogtreecommitdiff
path: root/mkarchroot.in
AgeCommit message (Collapse)Author
2020-06-29makechrootpkg & mkarchroot: init and populate keyringsErich Eckner
We had trouble in the past with not properly initialized keyrings. This change aims at fixing this.
2020-06-29mkarchroot.in: copy host's /etc/hosts into the chrootErich Eckner
2019-11-30mkarchroot: support wrapping pacstrap -UEli Schwartz
Needed to support reproducible builds. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-08-09ensure that sane umask is used where neededEli Schwartz
If a user umask is restrictive, a chroot may be created as root without the ability for the user to read it, which then causes makepkg --verifysource to fail. Do not set this in lib/common.sh, where it would apply to all scripts, as we do not want to override the user's policy for things like $SRCDEST files, svn checkouts, etc. Fixes FS#47625 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09Revert "mkarchroot: Don't let the environment affect pacstrap (sans proxy ↵Eli Schwartz
settings)." This reverts commit 578a62f1e0713b0df9722470146fb85fb819202c. mkarchroot is run as root (via check_root if needed) so the environment should already be clean. If not, the user has broken their root environment, and we cannot support this. It's unclear what environment settings may or may not be messing with anything, ever, but the original bug report happened on Parabola who perform extensive patching to "libretools" such that the code no longer resembles devtools at all. It's therefore likely any such bug is parabola specific, but we will never know since the original commit message states that they don't know why they do it either. Parsing the user's entire exported environment via both sed and grep is overkill for a non-bug, especially when it doesn't work for variables declared -rx and doesn't work for things like: export fooled_you=$'wow such hax\ndeclare -x http_proxy=lol' Also if done properly this would rely on compgen -e to print all exported shell variables. Or even better, loop through /proc/$$/environ which is both null-delimited and easily parsed with the read builtin and [[ ]] Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09mkarchroot: don't create a broken chroot by defaultEli Schwartz
It's incorrect to make pacman completely useless inside the chroot by starting off with no pacman keyring. Assuming that the only consumers of a new chroot will be arch-nspawn (which copies over the hostconf) is bad design, and furthermore makes it impossible to fix other issues in arch-nspawn itself. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-08-09Migrate pacman.conf CacheDir parsing to pacman-confEli Schwartz
And while we're at it, make this more consistent. Currently we unnecessarily support only one -c /path/to/cachedir option. This requires slightly more thorough handling in mkarchroot to ensure all custom cachedirs are passed on to arch-nspawn. Rework to simply forward all arguments to arch-nspawn (minus final arguments used for pacman -Sy packagelist). Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
2019-04-20fix whitespace/indentation errorsErich Eckner
Some lines are indented by spaces, while adjacent lines are indentet by tabs. We should use tabs on both. Signed-off-by: Erich Eckner <git@eckner.net>
2017-07-05Quote strings that shellcheck warns about.Luke Shumaker
These changes are all strictly "slap some double-quotes in there". Anything more than that is not included in this commit.
2017-07-05Make purely stylistic changes to make shellcheck happier.Luke Shumaker
These are purely stylistic changes that make shellcheck complain less. This does NOT include things like quoting currently unquoted variables.
2017-04-05mkarchroot: Don't let the environment affect pacstrap (sans proxy settings).Luke Shumaker
A previous iteration of this change (libretools commit d7dcce53396d) simply inserted `env -i` to clear the environment. However, that lead to it ignoring proxy settings, which some users had problems with: https://labs.parabola.nu/issues/487: > To fix other bugs, the pacstrap environment is blank, which also > means that the proxy settings are blank. So (in libretools commit d17d1d82349f), I changed it to use `declare -x` to inspect the environment, and create a version of it only consisting of variables ending with "_proxy" (case-insensitive). I honestly don't remember what "other bugs" prompted me to clear the environment in the first place.
2017-04-05mkarchroot, arch-nspawn: Add an `-s` flag to inhibit `setarch`.Luke Shumaker
This allows us to run an ARM chroot on an x86 box; as the binfmt runner will set the architecture for us, and the x86 `/usr/bin/setarch` program won't know about the ARM architecture string.
2017-04-05mkarchroot, arch-nspawn: Add an `-f` flag to add files to copy.Luke Shumaker
This allows us to copy in files like `qemu-arm-static`, which is necessary for running an ARM chroot on an x86 box.
2017-04-05Avoid using string interpolation; use printf format strings instead.Luke Shumaker
This involves extending the signature of lib/common.sh's `stat_busy()`, `lock()`, and `slock()`. The `mesg=$1; shift` in stat_busy even suggests that this is what was originally intended from it.
2017-04-05Add a "License:" tag to all code files.Luke Shumaker
In cases where there is no license specified, the file is tagged as "License: Unspecified". Obviously, that is not ideal, but it highlights the fact, and I hope that it encourages whoever has the authority to specify the license to do so. On that note, to anyone who may have the authority to specify the license of files in devtools: the current licence of many files is GPLv2 with no option for later versions; I impore you to re-license them to have the "or any later version" option.
2017-03-07lib/archroot.sh: Add is_btrfs helperJan Alexander Steffens (heftig)
2017-03-07lib/archroot.sh: Simplify check_rootJan Alexander Steffens (heftig)
Move the function and save the orig_argv right along it.
2017-03-07lib/archroot.sh: Move CHROOT_VERSION to a common fileJan Alexander Steffens (heftig)
2017-02-17mkarchroot: Set LANG=en_US.UTF-8Jan Alexander Steffens (heftig)
In order to have an UTF-8 locale in the build root. This is something normally set on real machines but is not set from our chroots. Meson, for example, loudly complains when the locale charset is not UTF-8. I'd like to have C.UTF-8, as most other distributions do. Unfortunately, it's not part of vanilla glibc; en_US.UTF-8 will have to do. mkarchroot already creates roots with both en_US.UTF-8 and de_DE.UTF-8, the latter because builds of gcc (perhaps used to) require it. Bump the CHROOT_VERSION due to the setting change.
2016-05-27mkarchroot: Manually generate machine-id because nspawn expects itSven-Hendrik Haase
2014-10-19save and reuse original argv when auto-elevatingDave Reisner
Fixes FS#42277.
2014-09-22mkarchroot: Correct "Usage:" text.Luke Shumaker
The "app" hasn't been an option since arch-nspawn was created.
2014-05-10Switch to root when started as regular userSébastien Luttringer
In collaborative builder machine, these scripts are often allowed to become root via sudo. This patch avoid to prefix them by sudo each time or call su. Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2013-08-08avoid injecting code into the format stringDave Reisner
Now that die() properly forwards arguments to error(), we can expect that the first arg is a format string and not the entirety of the output. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2013-05-03lib/common.sh: Introduce locking helper functionsJan Alexander Steffens (heftig)
Reduces code duplication. With makechrootpkg not calling mkarchroot anymore, the lock handover protocol is unneeded. arch-nspawn does not do any locking, so add protection to archbuild.
2013-05-02mkarchroot: Refactor chroot running into a new scriptJan Alexander Steffens (heftig)
Separates the two features of mkarchroot. Provides users of the new arch-nspawn with the full feature set of systemd-nspawn. For example, this can be used to bind custom directories into the chroot.
2013-04-07mkarchroot: Fix creation of btrfs snapshot and remove force optionPierre Schmitz
2013-04-06Bump the chroot version as we changed the default package setPierre Schmitz
2013-04-06Only try to use btrfs snapshots if chroots are on a btrfs partitionPierre Schmitz
2013-04-06Simplify update call as pacman does no longer support SyncFirstPierre Schmitz
2013-04-06mkarchroot: code cleanupPierre Schmitz
2013-04-06mkarchroot: Create working directory if neededPierre Schmitz
2013-04-06use nspawn to bind mount needed directoriesDave Reisner
systemd-nspawn is capable of doing this as of systemd-198. Doing this means we can remove all of our home grown chroot mount/umount logic, as it's all performed by pacstrap or systemd-nspawn. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2013-01-20Drop initscripts supportPierre Schmitz
2012-11-15Make sure the usage functions are consistentEric Bélanger
The usage messages now begins with a "Usage:", i.e. capitalized and with a colon. Fixes FS#26956. Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2012-11-15mkarchroot: Remove unnecessary parameter for usage functionEric Bélanger
Fixes FS#28973 Signed-off-by: Eric Bélanger <snowmaniscool@gmail.com> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2012-10-27Fix return code handlingJan Alexander Steffens (heftig)
Stop trap_exit from forcing a 0 exit code. This fixes makechrootpkg, which used to always return success, even if the build failed. Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2012-10-13mkarchroot: do not try to bind /etc/timezone from hostPierre Schmitz
/etc/timezone is no longer used. We only need /etc/localtime. This fixes FS#31929
2012-10-04mkarchroot: use a helper function to simplify bind mountsPierre Schmitz
2012-10-03mkarchroot: Use systemd's nspawn if availablePierre Schmitz
* If we are running systemd use nspawn instead of our own chroot setup * Use pacstrap to setup our chroot environment * Make sure the common trap is still called * Bind resolve.conf, timezone and lcoaltime from the host if nspawn is not used * Run ldconfig within the chroot
2012-06-16mkarchroot: reset trap so it wont be called twicePierre Schmitz
2012-06-15Fix /run permissions in chrootAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2012-06-12Support multiple package cache directoriesPierre Schmitz
* We use the host package cache configuration * As only the first cache will be written to, we mount the others readonly
2012-06-11Remove no longer used optionPierre Schmitz
2012-06-11Add a version number to each chroot so we can tell the user when a rebuild ↵Pierre Schmitz
is needed
2012-06-11Enable signature checking within build environmentPierre Schmitz
* bind /sys and /dev/pts from host * drop support for devtmpfs as it is no longer needed * add /run and /dev/rtc0 * clone own ipc, uts and mount namespaces for chroot * set localtime, timezone and locale within chroot environment * copy /etc/pacman.d/gnupg from host
2012-06-10mkarchroot: use bind mount instead of symlink for /dev/ptmxGerardo Exequiel Pozzi
We need /dev/ptmx -> /dev/pts/ptmx (for devpts -o newinstance) Other way to do this thing is via bind mount (as said kernel doc[devpts.txt]). This should be done in this way at least for /dev as devtmpfs in the chroot. Since we can not touch /dev (devtmpfs), because devtmpfs is "singleton", just use bind method and avoid interference. Do it the same for both modes of /dev (tmpfs) and (devtmpfs) to keep it simple. Currently devpts in chroot is not working without this when using /dev as devtmpfs, this fixes this issue (opening /dev/ptmx, creates devices nodes on outside /dev/pts) Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2012-03-05Add -d param to optionally support devtmpfsGerardo Exequiel Pozzi
The main intention of this patch is to take advantage of /dev/loop-control and loop devices. Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2011-12-20mkarchroot: do not create /etc/mtabTom Gundersen
As of filesystem-2011.12 this is not needed anylonger, and indeed blocks the chroot from being upgraded. As a workaround, recreating the chroot fixes the problem. Fixes FS#27640. Reported-by: Andrea Scarpino <andrea@archlinux.org> Signed-off-by: Tom Gundersen <teg@jklm.no> Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2011-12-04Use double brackets everywhereLukas Fleischer
We already fixed a couple of these in previous patches - this one should replace all remaining uses of single brackets ("[") by double brackets. Also, use arithmetic evaluation instead of conditional expressions where appropriate and make use of "-z" and "-n" instead of comparing variables to empty strings. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>