diff options
Diffstat (limited to 'makechrootpkg.in')
-rw-r--r-- | makechrootpkg.in | 67 |
1 files changed, 39 insertions, 28 deletions
diff --git a/makechrootpkg.in b/makechrootpkg.in index f646117..3f1e1e1 100644 --- a/makechrootpkg.in +++ b/makechrootpkg.in @@ -67,9 +67,10 @@ usage() { exit 1 } +orig_argv=("$@") + while getopts 'hcur:I:l:nTD:d:' arg; do case "$arg" in - h) usage ;; c) clean_first=true ;; D) bindmounts_ro+=(--bind-ro="$OPTARG") ;; d) bindmounts_rw+=(--bind="$OPTARG") ;; @@ -77,15 +78,16 @@ while getopts 'hcur:I:l:nTD:d:' arg; do r) passeddir="$OPTARG" ;; I) install_pkgs+=("$OPTARG") ;; l) copy="$OPTARG" ;; - n) run_namcap=true; makepkg_args+=('-i') ;; + n) run_namcap=true; makepkg_args+=(-i) ;; T) temp_chroot=true; copy+="-$$" ;; + h|*) usage ;; esac done -check_root "$0" "$@" - [[ ! -f PKGBUILD && -z "${install_pkgs[*]}" ]] && die 'This must be run in a directory containing a PKGBUILD.' +check_root "$0" "${orig_argv[@]}" + # Canonicalize chrootdir, getting rid of trailing / chrootdir=$(readlink -e "$passeddir") [[ ! -d $chrootdir ]] && die "No chroot dir defined, or invalid path '%s'" "$passeddir" @@ -101,7 +103,7 @@ else fi # Pass all arguments after -- right to makepkg -makepkg_args+=("${@:OPTIND}") +makepkg_args+=("${@:$OPTIND}") # See if -R was passed to makepkg for arg in "${@:OPTIND}"; do @@ -114,7 +116,7 @@ for arg in "${@:OPTIND}"; do done if [[ -n $SUDO_USER ]]; then - USER_HOME=$(eval echo ~$SUDO_USER) + eval "USER_HOME=~$SUDO_USER" else USER_HOME=$HOME fi @@ -235,7 +237,13 @@ prepare_chroot() { echo 'SRCDEST="/srcdest"' >> "$copydir/etc/makepkg.conf" fi - chown -R nobody "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir} + builduser_uid=${SUDO_UID:-$UID} + + # We can't use useradd without chrooting, otherwise it invokes PAM modules + # which we might not be able to load (i.e. when building i686 packages on + # an x86_64 host). + printf 'builduser:x:%d:100:builduser:/:/usr/bin/nologin\n' "$builduser_uid" >>"$copydir/etc/passwd" + chown -R "$builduser_uid" "$copydir"/{build,pkgdest,srcpkgdest,logdest,srcdest,startdir} if [[ -n $MAKEFLAGS ]]; then sed -i '/^MAKEFLAGS=/d' "$copydir/etc/makepkg.conf" @@ -247,18 +255,33 @@ prepare_chroot() { echo "PACKAGER='${PACKAGER}'" >> "$copydir/etc/makepkg.conf" fi - if [[ ! -f $copydir/etc/sudoers.d/nobody-pacman ]]; then - cat > "$copydir/etc/sudoers.d/nobody-pacman" <<EOF + if [[ ! -f $copydir/etc/sudoers.d/builduser-pacman ]]; then + cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF Defaults env_keep += "HOME" -nobody ALL = NOPASSWD: /usr/bin/pacman +builduser ALL = NOPASSWD: /usr/bin/pacman EOF - chmod 440 "$copydir/etc/sudoers.d/nobody-pacman" + chmod 440 "$copydir/etc/sudoers.d/builduser-pacman" fi # This is a little gross, but this way the script is recreated every time in the # working copy - printf $'#!/bin/bash\n%s\n_chrootbuild %q "$@"' "$(declare -f _chrootbuild)" \ - "$run_namcap" >"$copydir/chrootbuild" + { + printf '#!/bin/bash\n' + declare -f _chrootbuild + printf '_chrootbuild' + printf ' %q' "${makepkg_args[@]}" + printf ' || exit\n' + + if $run_namcap; then + cat <<'EOF' +pacman -S --needed --noconfirm namcap +for pkgfile in /startdir/PKGBUILD /pkgdest/*; do + echo "Checking ${pkgfile##*/}" + sudo -u builduser namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log" +done +EOF + fi + } >"$copydir/chrootbuild" chmod +x "$copydir/chrootbuild" } @@ -284,8 +307,6 @@ download_sources() { _chrootbuild() { # This function isn't run in makechrootpkg, # so no global variables - local run_namcap="$1"; shift - local makepkg_args=("$@") . /etc/profile export HOME=/build @@ -303,7 +324,7 @@ _chrootbuild() { for vcsdir in */.$vcs; do rm "${vcsdir%/.$vcs}" cp -a "${dir}_host/${vcsdir%/.$vcs}" . - chown -R nobody "${vcsdir%/.$vcs}" + chown -R builduser "${vcsdir%/.$vcs}" done done done @@ -313,7 +334,7 @@ _chrootbuild() { # XXX: Keep PKGBUILD writable for pkgver() rm PKGBUILD* cp /startdir_host/PKGBUILD* . - chown nobody PKGBUILD* + chown builduser PKGBUILD* # Safety check if [[ ! -w PKGBUILD ]]; then @@ -321,17 +342,7 @@ _chrootbuild() { exit 1 fi - sudo -u nobody makepkg "${makepkg_args[@]}" || exit 1 - - if $run_namcap; then - pacman -S --needed --noconfirm namcap - for pkgfile in /startdir/PKGBUILD /pkgdest/*; do - echo "Checking ${pkgfile##*/}" - sudo -u nobody namcap "$pkgfile" 2>&1 | tee "/logdest/${pkgfile##*/}-namcap.log" - done - fi - - exit 0 + sudo -u builduser makepkg "$@" } move_products() { |