mmdebstrap/mmdebstrap

7553 lines
303 KiB
Text
Raw Normal View History

2018-09-18 09:20:24 +00:00
#!/usr/bin/perl
#
2023-01-04 06:24:14 +00:00
# © 2018 - 2023 Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
2018-09-18 09:20:24 +00:00
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# The software is provided "as is", without warranty of any kind, express or
# implied, including but not limited to the warranties of merchantability,
# fitness for a particular purpose and noninfringement. In no event shall the
# authors or copyright holders be liable for any claim, damages or other
# liability, whether in an action of contract, tort or otherwise, arising
# from, out of or in connection with the software or the use or other dealings
# in the software.
2018-09-18 09:20:24 +00:00
use strict;
use warnings;
2023-01-20 06:11:03 +00:00
our $VERSION = '1.3.1';
2019-02-23 07:55:31 +00:00
2018-09-18 09:20:24 +00:00
use English;
use Getopt::Long;
use Pod::Usage;
use File::Copy;
use File::Path qw(make_path);
2018-09-18 09:20:24 +00:00
use File::Temp qw(tempfile tempdir);
use File::Basename;
use File::Find;
use Cwd qw(abs_path getcwd);
require "syscall.ph"; ## no critic (Modules::RequireBarewordIncludes)
require "sys/ioctl.ph"; ## no critic (Modules::RequireBarewordIncludes)
2022-11-14 13:34:15 +00:00
use Fcntl qw(S_IFCHR S_IFBLK FD_CLOEXEC F_GETFD F_SETFD);
2018-09-23 17:36:07 +00:00
use List::Util qw(any none);
2022-07-28 14:58:47 +00:00
use POSIX
qw(SIGINT SIGHUP SIGPIPE SIGTERM SIG_BLOCK SIG_UNBLOCK strftime isatty);
use Carp;
use Term::ANSIColor;
use Socket;
use Time::HiRes;
use Math::BigInt;
use Text::ParseWords;
use version;
2018-09-18 09:20:24 +00:00
2020-01-09 07:39:40 +00:00
## no critic (InputOutput::RequireBriefOpen)
2018-09-18 09:20:24 +00:00
# from sched.h
2020-01-09 07:39:40 +00:00
# use typeglob constants because "use constant" has several drawback as
# explained in the documentation for the Readonly CPAN module
*CLONE_NEWNS = \0x20000; # mount namespace
*CLONE_NEWUTS = \0x4000000; # utsname
*CLONE_NEWIPC = \0x8000000; # ipc
*CLONE_NEWUSER = \0x10000000; # user
*CLONE_NEWPID = \0x20000000; # pid
*CLONE_NEWNET = \0x40000000; # net
*_LINUX_CAPABILITY_VERSION_3 = \0x20080522;
*CAP_SYS_ADMIN = \21;
*PR_CAPBSET_READ = \23;
# from sys/mount.h
*MS_BIND = \0x1000;
*MS_REC = \0x4000;
*MNT_DETACH = \2;
our (
$CLONE_NEWNS, $CLONE_NEWUTS,
$CLONE_NEWIPC, $CLONE_NEWUSER,
$CLONE_NEWPID, $CLONE_NEWNET,
$_LINUX_CAPABILITY_VERSION_3, $CAP_SYS_ADMIN,
$PR_CAPBSET_READ, $MS_BIND,
$MS_REC, $MNT_DETACH
);
2018-09-18 09:20:24 +00:00
#<<<
2018-09-18 09:20:24 +00:00
# type codes:
# 0 -> normal file
# 1 -> hardlink
# 2 -> symlink
# 3 -> character special
# 4 -> block special
# 5 -> directory
my @devfiles = (
# filename mode type link target major minor
["", oct(755), 5, '', undef, undef],
["console", oct(666), 3, '', 5, 1],
["fd", oct(777), 2, '/proc/self/fd', undef, undef],
["full", oct(666), 3, '', 1, 7],
["null", oct(666), 3, '', 1, 3],
["ptmx", oct(666), 3, '', 5, 2],
["pts/", oct(755), 5, '', undef, undef],
["random", oct(666), 3, '', 1, 8],
["shm/", oct(755), 5, '', undef, undef],
["stderr", oct(777), 2, '/proc/self/fd/2', undef, undef],
["stdin", oct(777), 2, '/proc/self/fd/0', undef, undef],
["stdout", oct(777), 2, '/proc/self/fd/1', undef, undef],
["tty", oct(666), 3, '', 5, 0],
["urandom", oct(666), 3, '', 1, 9],
["zero", oct(666), 3, '', 1, 5],
2018-09-18 09:20:24 +00:00
);
#>>>
2018-09-18 09:20:24 +00:00
# verbosity levels:
# 0 -> print nothing
# 1 -> normal output and progress bars
# 2 -> verbose output
# 3 -> debug output
my $verbosity_level = 1;
my $is_covering = 0;
{
# make $@ local, so we don't print "Undefined subroutine called"
# in other parts where we evaluate $@
local $@ = '';
$is_covering = !!(eval { Devel::Cover::get_coverage() });
}
# the reason why Perl::Critic warns about this is, that it suspects that the
# programmer wants to implement a test whether the terminal is interactive or
# not, in which case, complex interactions with the magic *ARGV indeed make it
# advisable to use IO::Interactive. In our case, we do not want to create an
# interactivity check but just want to check whether STDERR is opened to a tty,
# so our use of -t is fine and not "fragile and complicated" as is written in
# the description of InputOutput::ProhibitInteractiveTest. Also see
# https://github.com/Perl-Critic/Perl-Critic/issues/918
sub stderr_is_tty() {
## no critic (InputOutput::ProhibitInteractiveTest)
if (-t STDERR) {
return 1;
} else {
return 0;
}
}
sub debug {
if ($verbosity_level < 3) {
2020-01-08 14:41:49 +00:00
return;
}
my $msg = shift;
my ($package, $filename, $line) = caller;
$msg = "D: $PID $line $msg";
if (stderr_is_tty()) {
2020-01-08 16:44:07 +00:00
$msg = colored($msg, 'clear');
}
print STDERR "$msg\n";
2020-01-09 07:39:40 +00:00
return;
}
sub info {
if ($verbosity_level == 0) {
2020-01-08 14:41:49 +00:00
return;
}
my $msg = shift;
if ($verbosity_level >= 3) {
2020-01-08 14:41:49 +00:00
my ($package, $filename, $line) = caller;
2020-01-08 16:44:07 +00:00
$msg = "$PID $line $msg";
}
$msg = "I: $msg";
if (stderr_is_tty()) {
2020-01-08 16:44:07 +00:00
$msg = colored($msg, 'green');
}
print STDERR "$msg\n";
2020-01-09 07:39:40 +00:00
return;
}
sub warning {
if ($verbosity_level == 0) {
2020-01-08 14:41:49 +00:00
return;
}
my $msg = shift;
$msg = "W: $msg";
if (stderr_is_tty()) {
2020-01-08 16:44:07 +00:00
$msg = colored($msg, 'bold yellow');
}
print STDERR "$msg\n";
2020-01-09 07:39:40 +00:00
return;
}
sub error {
# if error() is called with the string from a previous error() that was
# caught inside an eval(), then the string will have a newline which we
# are stripping here
2020-01-08 16:44:07 +00:00
chomp(my $msg = shift);
$msg = "E: $msg";
if (stderr_is_tty()) {
2020-01-08 16:44:07 +00:00
$msg = colored($msg, 'bold red');
}
if ($verbosity_level == 3) {
croak $msg; # produces a backtrace
} else {
2020-01-08 14:41:49 +00:00
die "$msg\n";
}
}
# The encoding of dev_t is MMMM Mmmm mmmM MMmm, where M is a hex digit of
# the major number and m is a hex digit of the minor number.
sub major {
my $rdev = shift;
my $right
= Math::BigInt->from_hex("0x00000000000fff00")->band($rdev)->brsft(8);
my $left
= Math::BigInt->from_hex("0xfffff00000000000")->band($rdev)->brsft(32);
return $right->bior($left);
}
sub minor {
my $rdev = shift;
my $right = Math::BigInt->from_hex("0x00000000000000ff")->band($rdev);
my $left
= Math::BigInt->from_hex("0x00000ffffff00000")->band($rdev)->brsft(12);
return $right->bior($left);
}
sub can_execute {
my $tool = shift;
my $pid = open my $fh, '-|' // return 0;
if ($pid == 0) {
open(STDERR, '>&', STDOUT) or die;
exec {$tool} $tool, '--version' or die;
}
chomp(
my $content = do { local $/; <$fh> }
);
close $fh;
if ($? != 0) {
return 0;
}
if (length $content == 0) {
return 0;
}
return 1;
}
# check whether a directory is mounted by comparing the device number of the
# directory itself with its parent
2020-01-09 07:39:40 +00:00
sub is_mountpoint {
my $dir = shift;
2020-01-08 16:44:07 +00:00
if (!-e $dir) {
2020-01-08 14:41:49 +00:00
return 0;
}
my @a = stat "$dir/.";
my @b = stat "$dir/..";
# if the device number is different, then the directory must be mounted
if ($a[0] != $b[0]) {
2020-01-08 14:41:49 +00:00
return 1;
}
# if the inode number is the same, then the directory must be mounted
if ($a[1] == $b[1]) {
2020-01-08 14:41:49 +00:00
return 1;
}
return 0;
}
2018-09-18 09:20:24 +00:00
# tar cannot figure out the decompression program when receiving data on
# standard input, thus we do it ourselves. This is copied from tar's
# src/suffix.c
2020-01-09 07:39:40 +00:00
sub get_tar_compressor {
2018-09-18 09:20:24 +00:00
my $filename = shift;
if ($filename eq '-') {
2020-01-09 07:39:40 +00:00
return;
} elsif ($filename =~ /\.tar$/) {
2020-01-09 07:39:40 +00:00
return;
} elsif ($filename =~ /\.(gz|tgz|taz)$/) {
2020-01-08 14:41:49 +00:00
return ['gzip'];
2018-09-18 09:20:24 +00:00
} elsif ($filename =~ /\.(Z|taZ)$/) {
2020-01-08 14:41:49 +00:00
return ['compress'];
2018-09-18 09:20:24 +00:00
} elsif ($filename =~ /\.(bz2|tbz|tbz2|tz2)$/) {
2020-01-08 14:41:49 +00:00
return ['bzip2'];
2018-09-18 09:20:24 +00:00
} elsif ($filename =~ /\.lz$/) {
2020-01-08 14:41:49 +00:00
return ['lzip'];
2018-09-18 09:20:24 +00:00
} elsif ($filename =~ /\.(lzma|tlz)$/) {
2020-01-08 14:41:49 +00:00
return ['lzma'];
2018-09-18 09:20:24 +00:00
} elsif ($filename =~ /\.lzo$/) {
2020-01-08 14:41:49 +00:00
return ['lzop'];
2018-09-18 09:20:24 +00:00
} elsif ($filename =~ /\.lz4$/) {
2020-01-08 14:41:49 +00:00
return ['lz4'];
2018-09-18 09:20:24 +00:00
} elsif ($filename =~ /\.(xz|txz)$/) {
return ['xz'];
} elsif ($filename =~ /\.zst$/) {
return ['zstd'];
2018-09-18 09:20:24 +00:00
}
2020-01-09 07:39:40 +00:00
return;
2018-09-18 09:20:24 +00:00
}
# avoid dependency on String::ShellQuote by implementing the mechanism
# from python's shlex.quote function
sub shellescape {
my $string = shift;
if (length $string == 0) {
return "''";
}
# search for occurrences of characters that are not safe
# the 'a' regex modifier makes sure that \w only matches ASCII
if ($string !~ m/[^\w@\%+=:,.\/-]/a) {
return $string;
}
# wrap the string in single quotes and handle existing single quotes by
# putting them outside of the single-quoted string
$string =~ s/'/'"'"'/g;
return "'$string'";
}
sub test_unshare_userns {
my $verbose = shift;
if ($EFFECTIVE_USER_ID == 0) {
my $msg = "cannot unshare user namespace when executing as root";
2020-01-08 14:41:49 +00:00
if ($verbose) {
warning $msg;
} else {
debug $msg;
}
return 0;
}
2018-09-18 09:20:24 +00:00
# arguments to syscalls have to be stored in their own variable or
# otherwise we will get "Modification of a read-only value attempted"
2020-01-09 07:39:40 +00:00
my $unshare_flags = $CLONE_NEWUSER;
2018-09-18 09:20:24 +00:00
# we spawn a new per process because if unshare succeeds, we would
2018-10-01 15:14:59 +00:00
# otherwise have unshared the mmdebstrap process itself which we don't want
my $pid = fork() // error "fork() failed: $!";
2018-09-18 09:20:24 +00:00
if ($pid == 0) {
2020-01-09 07:39:40 +00:00
my $ret = syscall(&SYS_unshare, $unshare_flags);
2020-01-08 14:41:49 +00:00
if ($ret == 0) {
exit 0;
} else {
my $msg = "unshare syscall failed: $!";
if ($verbose) {
warning $msg;
} else {
debug $msg;
}
exit 1;
}
2018-09-18 09:20:24 +00:00
}
waitpid($pid, 0);
if (($? >> 8) != 0) {
2020-01-08 14:41:49 +00:00
return 0;
2018-09-18 09:20:24 +00:00
}
# if newuidmap and newgidmap exist, the exit status will be 1 when
# executed without parameters
system "newuidmap 2>/dev/null";
if (($? >> 8) != 1) {
2020-01-08 14:41:49 +00:00
if (($? >> 8) == 127) {
my $msg = "cannot find newuidmap";
if ($verbose) {
warning $msg;
} else {
debug $msg;
}
} else {
my $msg = "newuidmap returned unknown exit status: $?";
if ($verbose) {
warning $msg;
} else {
debug $msg;
}
}
return 0;
}
system "newgidmap 2>/dev/null";
if (($? >> 8) != 1) {
2020-01-08 14:41:49 +00:00
if (($? >> 8) == 127) {
my $msg = "cannot find newgidmap";
if ($verbose) {
warning $msg;
} else {
debug $msg;
}
} else {
my $msg = "newgidmap returned unknown exit status: $?";
if ($verbose) {
warning $msg;
} else {
debug $msg;
}
}
return 0;
}
2018-09-18 09:20:24 +00:00
return 1;
}
sub read_subuid_subgid() {
my $username = getpwuid $REAL_USER_ID;
2018-09-18 09:20:24 +00:00
my ($subid, $num_subid, $fh, $n);
my @result = ();
2020-01-08 16:44:07 +00:00
if (!-e "/etc/subuid") {
2020-01-08 14:41:49 +00:00
warning "/etc/subuid doesn't exist";
return;
2018-09-18 09:20:24 +00:00
}
2020-01-08 16:44:07 +00:00
if (!-r "/etc/subuid") {
2020-01-08 14:41:49 +00:00
warning "/etc/subuid is not readable";
return;
2018-09-18 09:20:24 +00:00
}
2020-01-08 16:44:07 +00:00
open $fh, "<", "/etc/subuid"
or error "cannot open /etc/subuid for reading: $!";
2018-09-18 09:20:24 +00:00
while (my $line = <$fh>) {
2020-01-08 14:41:49 +00:00
($n, $subid, $num_subid) = split(/:/, $line, 3);
last if ($n eq $username);
2018-09-18 09:20:24 +00:00
}
close $fh;
if (!length $subid) {
warning "/etc/subuid is empty";
return;
}
if ($n ne $username) {
warning "no entry in /etc/subuid for $username";
return;
}
2018-09-18 09:20:24 +00:00
push @result, ["u", 0, $subid, $num_subid];
if (scalar(@result) < 1) {
2020-01-08 14:41:49 +00:00
warning "/etc/subuid does not contain an entry for $username";
return;
2018-09-18 09:20:24 +00:00
}
if (scalar(@result) > 1) {
2020-01-08 14:41:49 +00:00
warning "/etc/subuid contains multiple entries for $username";
return;
2018-09-18 09:20:24 +00:00
}
if (!-e "/etc/subgid") {
warning "/etc/subgid doesn't exist";
return;
}
if (!-r "/etc/subgid") {
warning "/etc/subgid is not readable";
return;
}
2020-01-08 16:44:07 +00:00
open $fh, "<", "/etc/subgid"
or error "cannot open /etc/subgid for reading: $!";
2018-09-18 09:20:24 +00:00
while (my $line = <$fh>) {
2020-01-08 14:41:49 +00:00
($n, $subid, $num_subid) = split(/:/, $line, 3);
last if ($n eq $username);
2018-09-18 09:20:24 +00:00
}
close $fh;
if (!length $subid) {
warning "/etc/subgid is empty";
return;
}
if ($n ne $username) {
warning "no entry in /etc/subgid for $username";
return;
}
2018-09-18 09:20:24 +00:00
push @result, ["g", 0, $subid, $num_subid];
if (scalar(@result) < 2) {
warning "/etc/subgid does not contain an entry for $username";
2020-01-08 14:41:49 +00:00
return;
2018-09-18 09:20:24 +00:00
}
if (scalar(@result) > 2) {
warning "/etc/subgid contains multiple entries for $username";
2020-01-08 14:41:49 +00:00
return;
2018-09-18 09:20:24 +00:00
}
return @result;
}
# This function spawns two child processes forming the following process tree
#
# A
# |
# fork()
# | \
# B C
# | |
# | fork()
# | | \
# | D E
# | | |
# |unshare()
# | close()
# | | |
# | | read()
# | | newuidmap(D)
# | | newgidmap(D)
# | | /
# | waitpid()
# | |
# | fork()
# | | \
# | F G
# | | |
# | | exec()
# | | /
# | waitpid()
# | /
# waitpid()
#
# To better refer to each individual part, we give each process a new
# identifier after calling fork(). Process A is the main process. After
# executing fork() we call the parent and child B and C, respectively. This
# first fork() is done because we do not want to modify A. B then remains
# waiting for its child C to finish. C calls fork() again, splitting into
# the parent D and its child E. In the parent D we call unshare() and close a
# pipe shared by D and E to signal to E that D is done with calling unshare().
# E notices this by using read() and follows up with executing the tools
# new[ug]idmap on D. E finishes and D continues with doing another fork().
# This is because when unsharing the PID namespace, we need a PID 1 to be kept
# alive or otherwise any child processes cannot fork() anymore themselves. So
# we keep F as PID 1 and finally call exec() in G.
2020-01-09 07:39:40 +00:00
sub get_unshare_cmd {
2020-01-08 16:44:07 +00:00
my $cmd = shift;
2018-09-18 09:20:24 +00:00
my $idmap = shift;
# unsharing the mount namespace (NEWNS) requires CAP_SYS_ADMIN
2020-01-08 16:44:07 +00:00
my $unshare_flags
= $CLONE_NEWNS | $CLONE_NEWPID | $CLONE_NEWUTS | $CLONE_NEWIPC;
# we only need to add CLONE_NEWUSER if we are not yet root
if ($EFFECTIVE_USER_ID != 0) {
$unshare_flags |= $CLONE_NEWUSER;
}
2018-09-18 09:20:24 +00:00
if (0) {
2020-01-09 07:39:40 +00:00
$unshare_flags |= $CLONE_NEWNET;
2018-09-18 09:20:24 +00:00
}
# fork a new process and let the child get unshare()ed
# we don't want to unshare the parent process
my $gcpid = fork() // error "fork() failed: $!";
2018-09-18 09:20:24 +00:00
if ($gcpid == 0) {
# Create a pipe for the parent process to signal the child process that
# it is done with calling unshare() so that the child can go ahead
# setting up uid_map and gid_map.
2020-01-08 14:41:49 +00:00
pipe my $rfh, my $wfh;
# We have to do this dance with forking a process and then modifying
# the parent from the child because:
# - new[ug]idmap can only be called on a process id after that process
# has unshared the user namespace
# - a process looses its capabilities if it performs an execve() with
# nonzero user ids see the capabilities(7) man page for details.
# - a process that unshared the user namespace by default does not
# have the privileges to call new[ug]idmap on itself
2020-01-08 14:41:49 +00:00
#
# this also works the other way around (the child setting up a user
# namespace and being modified from the parent) but that way, the
# parent would have to stay around until the child exited (so a pid
# would be wasted). Additionally, that variant would require an
# additional pipe to let the parent signal the child that it is done
# with calling new[ug]idmap. The way it is done here, this signaling
# can instead be done by wait()-ing for the exit of the child.
2020-01-08 14:41:49 +00:00
my $ppid = $$;
my $cpid = fork() // error "fork() failed: $!";
if ($cpid == 0) {
# child
# Close the writing descriptor at our end of the pipe so that we
# see EOF when parent closes its descriptor.
close $wfh;
# Wait for the parent process to finish its unshare() call by
# waiting for an EOF.
0 == sysread $rfh, my $c, 1 or error "read() did not receive EOF";
# the process is already root, so no need for newuidmap/newgidmap
if ($EFFECTIVE_USER_ID == 0) {
exit 0;
}
2020-01-08 14:41:49 +00:00
# The program's new[ug]idmap have to be used because they are
# setuid root. These privileges are needed to map the ids from
# /etc/sub[ug]id to the user namespace set up by the parent.
# Without these privileges, only the id of the user itself can be
# mapped into the new namespace.
#
# Since new[ug]idmap is setuid root we also don't need to write
# "deny" to /proc/$$/setgroups beforehand (this is otherwise
# required for unprivileged processes trying to write to
# /proc/$$/gid_map since kernel version 3.19 for security reasons)
# and therefore the parent process keeps its ability to change its
# own group here.
#
# Since /proc/$ppid/[ug]id_map can only be written to once,
# respectively, instead of making multiple calls to new[ug]idmap,
# we assemble a command line that makes one call each.
my $uidmapcmd = "";
my $gidmapcmd = "";
foreach (@{$idmap}) {
my ($t, $hostid, $nsid, $range) = @{$_};
if ($t ne "u" and $t ne "g" and $t ne "b") {
error "invalid idmap type: $t";
}
if ($t eq "u" or $t eq "b") {
$uidmapcmd .= " $hostid $nsid $range";
}
if ($t eq "g" or $t eq "b") {
$gidmapcmd .= " $hostid $nsid $range";
}
}
my $idmapcmd = '';
if ($uidmapcmd ne "") {
2020-01-08 16:44:07 +00:00
0 == system "newuidmap $ppid $uidmapcmd"
or error "newuidmap $ppid $uidmapcmd failed: $!";
2020-01-08 14:41:49 +00:00
}
if ($gidmapcmd ne "") {
2020-01-08 16:44:07 +00:00
0 == system "newgidmap $ppid $gidmapcmd"
or error "newgidmap $ppid $gidmapcmd failed: $!";
2020-01-08 14:41:49 +00:00
}
exit 0;
}
# parent
# After fork()-ing, the parent immediately calls unshare...
2020-01-08 16:44:07 +00:00
0 == syscall &SYS_unshare, $unshare_flags
or error "unshare() failed: $!";
2020-01-08 14:41:49 +00:00
# .. and then signals the child process that we are done with the
# unshare() call by sending an EOF.
close $wfh;
# Wait for the child process to finish its setup by waiting for its
# exit.
$cpid == waitpid $cpid, 0 or error "waitpid() failed: $!";
my $exit = $? >> 8;
if ($exit != 0) {
error "child had a non-zero exit status: $exit";
}
# Currently we are nobody (uid and gid are 65534). So we become root
# user and group instead.
#
# We are using direct syscalls instead of setting $(, $), $< and $>
# because then perl would do additional stuff which we don't need or
# want here, like checking /proc/sys/kernel/ngroups_max (which might
# not exist). It would also also call setgroups() in a way that makes
# the root user be part of the group unknown.
if ($EFFECTIVE_USER_ID != 0) {
2021-12-14 15:10:25 +00:00
0 == syscall &SYS_setgid, 0 or error "setgid failed: $!";
0 == syscall &SYS_setuid, 0 or error "setuid failed: $!";
0 == syscall &SYS_setgroups, 0, 0 or error "setgroups failed: $!";
}
2020-01-08 14:41:49 +00:00
if (1) {
# When the pid namespace is also unshared, then processes expect a
# master pid to always be alive within the namespace. To achieve
# this, we fork() here instead of exec() to always have one dummy
# process running as pid 1 inside the namespace. This is also what
# the unshare tool does when used with the --fork option.
#
# Otherwise, without a pid 1, new processes cannot be forked
# anymore after pid 1 finished.
my $cpid = fork() // error "fork() failed: $!";
if ($cpid != 0) {
# The parent process will stay alive as pid 1 in this
# namespace until the child finishes executing. This is
# important because pid 1 must never die or otherwise nothing
# new can be forked.
$cpid == waitpid $cpid, 0 or error "waitpid() failed: $!";
2020-01-08 16:44:07 +00:00
exit($? >> 8);
2020-01-08 14:41:49 +00:00
}
}
&{$cmd}();
exit 0;
2018-09-18 09:20:24 +00:00
}
# parent
return $gcpid;
}
2020-01-09 07:39:40 +00:00
sub havemknod {
2020-01-08 16:44:07 +00:00
my $root = shift;
2018-09-18 09:20:24 +00:00
my $havemknod = 0;
if (-e "$root/test-dev-null") {
2020-01-08 14:41:49 +00:00
error "/test-dev-null already exists";
2018-09-18 09:20:24 +00:00
}
2020-01-08 16:44:07 +00:00
TEST: {
2020-01-08 14:41:49 +00:00
# we fork so that we can read STDERR
my $pid = open my $fh, '-|' // error "failed to fork(): $!";
if ($pid == 0) {
open(STDERR, '>&', STDOUT) or error "cannot open STDERR: $!";
# we use mknod(1) instead of the system call because creating the
# right dev_t argument requires makedev(3)
exec 'mknod', "$root/test-dev-null", 'c', '1', '3';
}
2020-01-08 16:44:07 +00:00
chomp(
my $content = do { local $/; <$fh> }
);
2020-01-08 14:41:49 +00:00
close $fh;
{
last TEST unless $? == 0 and $content eq '';
last TEST unless -c "$root/test-dev-null";
last TEST unless open my $fh, '>', "$root/test-dev-null";
last TEST unless print $fh 'test';
}
$havemknod = 1;
2018-09-18 09:20:24 +00:00
}
if (-e "$root/test-dev-null") {
2020-01-08 16:44:07 +00:00
unlink "$root/test-dev-null"
or error "cannot unlink /test-dev-null: $!";
2018-09-18 09:20:24 +00:00
}
return $havemknod;
}
# inspired by /usr/share/perl/5.34/pod/perlfaq8.pod
sub terminal_width {
if (!stderr_is_tty()) {
return -1;
}
if (!defined &TIOCGWINSZ) {
return -1;
}
if (!-e "/dev/tty") {
return -1;
}
my $tty_fh;
if (!open($tty_fh, "+<", "/dev/tty")) {
return -1;
}
my $winsize = '';
if (!ioctl($tty_fh, &TIOCGWINSZ, $winsize)) {
return -1;
}
my (undef, $col, undef, undef) = unpack('S4', $winsize);
return $col;
}
# Prints the current status, the percentage and a progress bar on STDERR if
# it is an interactive tty and if verbosity is set to 1.
#
# * first 12 chars: status
# * following 7 chars: percentage
# * progress bar until 79 chars are filled
sub print_progress {
if ($verbosity_level != 1) {
2020-01-08 14:41:49 +00:00
return;
}
if (!stderr_is_tty()) {
2020-01-08 14:41:49 +00:00
return;
}
my $perc = shift;
my $status = shift;
my $len_status = 12;
my $len_perc = 7;
my $len_prog_min = 10;
my $len_prog_max = 60;
my $twidth = terminal_width();
if ($twidth <= $len_status) {
return;
}
# \e[2K clears everything on the current line (i.e. the progress bar)
print STDERR "\e[2K";
if ($perc eq "done") {
print STDERR "done\n";
return;
}
if (defined $status) {
printf STDERR "%*s", -$len_status, "$status:";
} else {
print STDERR (" " x $len_status);
}
if ($twidth <= $len_status + $len_perc) {
print STDERR "\r";
2020-01-08 14:41:49 +00:00
return;
}
if ($perc >= 100) {
2020-01-08 14:41:49 +00:00
$perc = 100;
}
printf STDERR "%*.2f", $len_perc, $perc;
if ($twidth <= $len_status + $len_perc + $len_prog_min) {
print STDERR "\r";
return;
}
my $len_prog = $twidth - $len_perc - $len_status;
if ($len_prog > $len_prog_max) {
$len_prog = $len_prog_max;
}
my $num_x = int($perc * ($len_prog - 3) / 100);
2020-01-08 16:44:07 +00:00
my $bar = '=' x $num_x;
if ($num_x != ($len_prog - 3)) {
2020-01-08 14:41:49 +00:00
$bar .= '>';
$bar .= ' ' x ($len_prog - $num_x - 4);
}
print STDERR " [$bar]\r";
2020-01-09 07:39:40 +00:00
return;
}
sub run_progress {
my ($get_exec, $line_handler, $line_has_error, $chdir) = @_;
pipe my $rfh, my $wfh;
my $got_signal = 0;
2020-01-08 16:44:07 +00:00
my $ignore = sub {
2020-01-08 14:41:49 +00:00
info "run_progress() received signal $_[0]: waiting for child...";
};
debug("run_progress: exec " . (join ' ', ($get_exec->('${FD}'))));
# delay signals so that we can fork and change behaviour of the signal
# handler in parent and child without getting interrupted
my $sigset = POSIX::SigSet->new(SIGINT, SIGHUP, SIGPIPE, SIGTERM);
POSIX::sigprocmask(SIG_BLOCK, $sigset) or error "Can't block signals: $!";
my $pid1 = open(my $pipe, '-|') // error "failed to fork(): $!";
if ($pid1 == 0) {
2020-01-08 14:41:49 +00:00
# child: default signal handlers
2020-01-09 07:39:40 +00:00
local $SIG{'INT'} = 'DEFAULT';
local $SIG{'HUP'} = 'DEFAULT';
local $SIG{'PIPE'} = 'DEFAULT';
local $SIG{'TERM'} = 'DEFAULT';
2020-01-08 14:41:49 +00:00
# unblock all delayed signals (and possibly handle them)
2020-01-08 16:44:07 +00:00
POSIX::sigprocmask(SIG_UNBLOCK, $sigset)
or error "Can't unblock signals: $!";
2020-01-08 14:41:49 +00:00
close $rfh;
# Unset the close-on-exec flag, so that the file descriptor does not
# get closed when we exec
2020-01-08 16:44:07 +00:00
my $flags = fcntl($wfh, F_GETFD, 0) or error "fcntl F_GETFD: $!";
fcntl($wfh, F_SETFD, $flags & ~FD_CLOEXEC)
or error "fcntl F_SETFD: $!";
2020-01-08 14:41:49 +00:00
my $fd = fileno $wfh;
# redirect stderr to stdout so that we can capture it
open(STDERR, '>&', STDOUT) or error "cannot open STDOUT: $!";
my @execargs = $get_exec->($fd);
# before apt 1.5, "apt-get update" attempted to chdir() into the
# working directory. This will fail if the current working directory
# is not accessible by the user (for example in unshare mode). See
# Debian bug #860738
if (defined $chdir) {
chdir $chdir or error "failed chdir() to $chdir: $!";
}
2020-01-09 07:39:40 +00:00
eval { Devel::Cover::set_coverage("none") } if $is_covering;
2020-01-08 16:44:07 +00:00
exec { $execargs[0] } @execargs
or error 'cannot exec() ' . (join ' ', @execargs);
}
close $wfh;
# spawn two processes:
# parent will parse stdout to look for errors
# child will parse $rfh for the progress meter
my $pid2 = fork() // error "failed to fork(): $!";
if ($pid2 == 0) {
2020-01-08 14:41:49 +00:00
# child: default signal handlers
2020-01-09 07:39:40 +00:00
local $SIG{'INT'} = 'IGNORE';
local $SIG{'HUP'} = 'IGNORE';
local $SIG{'PIPE'} = 'IGNORE';
local $SIG{'TERM'} = 'IGNORE';
2020-01-08 14:41:49 +00:00
# unblock all delayed signals (and possibly handle them)
2020-01-08 16:44:07 +00:00
POSIX::sigprocmask(SIG_UNBLOCK, $sigset)
or error "Can't unblock signals: $!";
if ($verbosity_level != 1 || !stderr_is_tty()) {
# no need to print any progress
# we still need to consume everything from $rfh or otherwise apt
# will block forever if there is too much output
local $/;
<$rfh>;
close $rfh;
exit 0;
}