when creating a tarball in chrootless mode, use root ownership

This commit is contained in:
Johannes 'josch' Schauer 2019-09-04 13:50:25 +02:00
parent a921e32e6c
commit 4447769b50
Signed by: josch
GPG key ID: F2CBA5C78FBD83E1
2 changed files with 37 additions and 4 deletions

View file

@ -48,7 +48,7 @@ if [ ! -e shared/mmdebstrap ] || [ mmdebstrap -nt shared/mmdebstrap ]; then
fi fi
starttime= starttime=
total=92 total=93
i=1 i=1
print_header() { print_header() {
@ -1113,6 +1113,11 @@ export LC_ALL=C.UTF-8
prefix= prefix=
[ "\$(id -u)" -eq 0 ] && prefix="runuser -u user --" [ "\$(id -u)" -eq 0 ] && prefix="runuser -u user --"
\$prefix $CMD --mode=chrootless --variant=custom --include=doc-debian $DEFAULT_DIST /tmp/debian-chroot $mirror \$prefix $CMD --mode=chrootless --variant=custom --include=doc-debian $DEFAULT_DIST /tmp/debian-chroot $mirror
# preserve output with permissions and timestamps for later test
chmod 700 /tmp/debian-chroot
tar -C /tmp/debian-chroot --owner=0 --group=0 --numeric-owner --sort=name --clamp-mtime --mtime=$(date --utc --date=@$SOURCE_DATE_EPOCH --iso-8601=seconds) -cf /tmp/debian-chroot.tar .
tar tvf /tmp/debian-chroot.tar > doc-debian.tar.list
rm /tmp/debian-chroot.tar
# delete contents of doc-debian # delete contents of doc-debian
rm /tmp/debian-chroot/usr/share/doc-base/debian-* rm /tmp/debian-chroot/usr/share/doc-base/debian-*
rm -r /tmp/debian-chroot/usr/share/doc/debian rm -r /tmp/debian-chroot/usr/share/doc/debian
@ -1154,6 +1159,25 @@ else
./run_null.sh ./run_null.sh
fi fi
print_header "mode=chrootless,variant=custom: install doc-debian and output tarball"
cat << END > shared/test.sh
#!/bin/sh
set -eu
export LC_ALL=C.UTF-8
export SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH
[ "\$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1 && adduser --gecos user --disabled-password user
prefix=
[ "\$(id -u)" -eq 0 ] && prefix="runuser -u user --"
\$prefix $CMD --mode=chrootless --variant=custom --include=doc-debian $DEFAULT_DIST /tmp/debian-chroot.tar $mirror
tar tvf /tmp/debian-chroot.tar | grep -v ' ./dev' | diff -u doc-debian.tar.list -
rm /tmp/debian-chroot.tar
END
if [ "$HAVE_QEMU" = "yes" ]; then
./run_qemu.sh
else
./run_null.sh
fi
print_header "mode=chrootless,variant=custom: install libmagic-mgc on armhf" print_header "mode=chrootless,variant=custom: install libmagic-mgc on armhf"
cat << END > shared/test.sh cat << END > shared/test.sh
#!/bin/sh #!/bin/sh
@ -1335,4 +1359,4 @@ if [ -e shared/cover_db/runs ]; then
echo echo
fi fi
rm shared/tar1.txt shared/tar2.txt shared/pkglist.txt rm shared/tar1.txt shared/tar2.txt shared/pkglist.txt doc-debian.tar.list

View file

@ -2295,7 +2295,15 @@ sub main() {
} }
0 == system('proot', '--root-id', "--rootfs=$options->{root}", '--cwd=/', @qemuopt, 'tar', @taropts, '-C', '/', '.') or error "tar failed: $?"; 0 == system('proot', '--root-id', "--rootfs=$options->{root}", '--cwd=/', @qemuopt, 'tar', @taropts, '-C', '/', '.') or error "tar failed: $?";
} elsif (any { $_ eq $options->{mode} } ('root', 'chrootless')) { } elsif (any { $_ eq $options->{mode} } ('root', 'chrootless')) {
0 == system('tar', @taropts, '-C', $options->{root}, '.') or error "tar failed: $?"; # If the chroot directory is not owned by the root user,
# then we assume that no measure was taken to fake root
# permissions. Since the final tarball should contain
# entries with root ownership, we instruct tar to do so.
my @owneropts = ();
if ((stat $options->{root})[4] != 0) {
push @owneropts, '--owner=0', '--group=0', '--numeric-owner';
}
0 == system('tar', @taropts, @owneropts, '-C', $options->{root}, '.') or error "tar failed: $?";
} else { } else {
error "unknown mode: $options->{mode}"; error "unknown mode: $options->{mode}";
} }
@ -2758,7 +2766,8 @@ Uses the dpkg option C<--force-script-chrootless> to install packages into
B<TARGET> without dpkg and apt inside B<target> but using apt and dpkg from B<TARGET> without dpkg and apt inside B<target> but using apt and dpkg from
the machine running B<mmdebstrap>. Maintainer scripts are run without chrooting the machine running B<mmdebstrap>. Maintainer scripts are run without chrooting
into B<TARGET> and rely on their dependencies being installed on the machine into B<TARGET> and rely on their dependencies being installed on the machine
running B<mmdebstrap>. running B<mmdebstrap>. Unless B<mmdebstrap> was run inside fakeroot, the
directory created will be owned by the user running mmdebstrap.
=for TODO =for TODO
=item B<qemu> =item B<qemu>