From 4447769b50d78e19c6f2547c038815823e63478e Mon Sep 17 00:00:00 2001 From: Johannes 'josch' Schauer Date: Wed, 4 Sep 2019 13:50:25 +0200 Subject: [PATCH] when creating a tarball in chrootless mode, use root ownership --- coverage.sh | 28 ++++++++++++++++++++++++++-- mmdebstrap | 13 +++++++++++-- 2 files changed, 37 insertions(+), 4 deletions(-) diff --git a/coverage.sh b/coverage.sh index aba2033..255ad17 100755 --- a/coverage.sh +++ b/coverage.sh @@ -48,7 +48,7 @@ if [ ! -e shared/mmdebstrap ] || [ mmdebstrap -nt shared/mmdebstrap ]; then fi starttime= -total=92 +total=93 i=1 print_header() { @@ -1113,6 +1113,11 @@ export LC_ALL=C.UTF-8 prefix= [ "\$(id -u)" -eq 0 ] && prefix="runuser -u user --" \$prefix $CMD --mode=chrootless --variant=custom --include=doc-debian $DEFAULT_DIST /tmp/debian-chroot $mirror +# preserve output with permissions and timestamps for later test +chmod 700 /tmp/debian-chroot +tar -C /tmp/debian-chroot --owner=0 --group=0 --numeric-owner --sort=name --clamp-mtime --mtime=$(date --utc --date=@$SOURCE_DATE_EPOCH --iso-8601=seconds) -cf /tmp/debian-chroot.tar . +tar tvf /tmp/debian-chroot.tar > doc-debian.tar.list +rm /tmp/debian-chroot.tar # delete contents of doc-debian rm /tmp/debian-chroot/usr/share/doc-base/debian-* rm -r /tmp/debian-chroot/usr/share/doc/debian @@ -1154,6 +1159,25 @@ else ./run_null.sh fi +print_header "mode=chrootless,variant=custom: install doc-debian and output tarball" +cat << END > shared/test.sh +#!/bin/sh +set -eu +export LC_ALL=C.UTF-8 +export SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH +[ "\$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1 && adduser --gecos user --disabled-password user +prefix= +[ "\$(id -u)" -eq 0 ] && prefix="runuser -u user --" +\$prefix $CMD --mode=chrootless --variant=custom --include=doc-debian $DEFAULT_DIST /tmp/debian-chroot.tar $mirror +tar tvf /tmp/debian-chroot.tar | grep -v ' ./dev' | diff -u doc-debian.tar.list - +rm /tmp/debian-chroot.tar +END +if [ "$HAVE_QEMU" = "yes" ]; then + ./run_qemu.sh +else + ./run_null.sh +fi + print_header "mode=chrootless,variant=custom: install libmagic-mgc on armhf" cat << END > shared/test.sh #!/bin/sh @@ -1335,4 +1359,4 @@ if [ -e shared/cover_db/runs ]; then echo fi -rm shared/tar1.txt shared/tar2.txt shared/pkglist.txt +rm shared/tar1.txt shared/tar2.txt shared/pkglist.txt doc-debian.tar.list diff --git a/mmdebstrap b/mmdebstrap index 70f593a..27b6a0a 100755 --- a/mmdebstrap +++ b/mmdebstrap @@ -2295,7 +2295,15 @@ sub main() { } 0 == system('proot', '--root-id', "--rootfs=$options->{root}", '--cwd=/', @qemuopt, 'tar', @taropts, '-C', '/', '.') or error "tar failed: $?"; } elsif (any { $_ eq $options->{mode} } ('root', 'chrootless')) { - 0 == system('tar', @taropts, '-C', $options->{root}, '.') or error "tar failed: $?"; + # If the chroot directory is not owned by the root user, + # then we assume that no measure was taken to fake root + # permissions. Since the final tarball should contain + # entries with root ownership, we instruct tar to do so. + my @owneropts = (); + if ((stat $options->{root})[4] != 0) { + push @owneropts, '--owner=0', '--group=0', '--numeric-owner'; + } + 0 == system('tar', @taropts, @owneropts, '-C', $options->{root}, '.') or error "tar failed: $?"; } else { error "unknown mode: $options->{mode}"; } @@ -2758,7 +2766,8 @@ Uses the dpkg option C<--force-script-chrootless> to install packages into B without dpkg and apt inside B but using apt and dpkg from the machine running B. Maintainer scripts are run without chrooting into B and rely on their dependencies being installed on the machine -running B. +running B. Unless B was run inside fakeroot, the +directory created will be owned by the user running mmdebstrap. =for TODO =item B