make fakechroot mode bit-by-bit identical to the others
This commit is contained in:
parent
7d472ca116
commit
6a8fbae9d8
2 changed files with 62 additions and 34 deletions
38
coverage.sh
38
coverage.sh
|
@ -753,7 +753,15 @@ else
|
||||||
fi
|
fi
|
||||||
runuser -u user -- $CMD --mode=unshare --variant=$variant $DEFAULT_DIST /tmp/debian-chroot-unshare.$format $mirror
|
runuser -u user -- $CMD --mode=unshare --variant=$variant $DEFAULT_DIST /tmp/debian-chroot-unshare.$format $mirror
|
||||||
cmp /tmp/debian-chroot-root.$format /tmp/debian-chroot-unshare.$format
|
cmp /tmp/debian-chroot-root.$format /tmp/debian-chroot-unshare.$format
|
||||||
rm /tmp/debian-chroot-root.$format /tmp/debian-chroot-unshare.$format
|
rm /tmp/debian-chroot-unshare.$format
|
||||||
|
case $variant in essential|apt|minbase)
|
||||||
|
# /etc/ld.so.cache differs with some variants
|
||||||
|
runuser -u user -- $CMD --mode=fakechroot --variant=$variant $DEFAULT_DIST /tmp/debian-chroot-fakechroot.$format $mirror
|
||||||
|
cmp /tmp/debian-chroot-root.$format /tmp/debian-chroot-fakechroot.$format
|
||||||
|
rm /tmp/debian-chroot-fakechroot.$format
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
rm /tmp/debian-chroot-root.$format
|
||||||
END
|
END
|
||||||
if [ "$HAVE_QEMU" = "yes" ]; then
|
if [ "$HAVE_QEMU" = "yes" ]; then
|
||||||
./run_qemu.sh
|
./run_qemu.sh
|
||||||
|
@ -1208,12 +1216,7 @@ prefix=
|
||||||
mkdir /tmp/mnt
|
mkdir /tmp/mnt
|
||||||
mount /tmp/debian-chroot.ext2 /tmp/mnt
|
mount /tmp/debian-chroot.ext2 /tmp/mnt
|
||||||
rmdir /tmp/mnt/lost+found
|
rmdir /tmp/mnt/lost+found
|
||||||
# in fakechroot mode, we use a fake ldconfig, so we have to
|
tar -C /tmp/mnt -c . | tar -t | sort | diff -u tar1.txt -
|
||||||
# artificially add some files
|
|
||||||
{ tar -C /tmp/mnt -c . | tar -t;
|
|
||||||
[ "$mode" = "fakechroot" ] && printf "./etc/ld.so.cache\n./var/cache/ldconfig/\n";
|
|
||||||
[ "$mode" = "fakechroot" ] && printf "./etc/.pwd.lock\n";
|
|
||||||
} | sort | diff -u tar1.txt -
|
|
||||||
umount /tmp/mnt
|
umount /tmp/mnt
|
||||||
rmdir /tmp/mnt
|
rmdir /tmp/mnt
|
||||||
rm /tmp/debian-chroot.ext2
|
rm /tmp/debian-chroot.ext2
|
||||||
|
@ -1239,9 +1242,7 @@ fi
|
||||||
adduser --gecos user --disabled-password user
|
adduser --gecos user --disabled-password user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=0
|
sysctl -w kernel.unprivileged_userns_clone=0
|
||||||
runuser -u user -- $CMD --mode=auto --variant=apt $DEFAULT_DIST /tmp/debian-chroot.tar.gz $mirror
|
runuser -u user -- $CMD --mode=auto --variant=apt $DEFAULT_DIST /tmp/debian-chroot.tar.gz $mirror
|
||||||
{ tar -tf /tmp/debian-chroot.tar.gz;
|
tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt -
|
||||||
printf "./etc/ld.so.cache\n./var/cache/ldconfig/\n./etc/.pwd.lock\n";
|
|
||||||
} | sort | diff -u tar1.txt -
|
|
||||||
rm /tmp/debian-chroot.tar.gz
|
rm /tmp/debian-chroot.tar.gz
|
||||||
END
|
END
|
||||||
if [ "$HAVE_QEMU" = "yes" ]; then
|
if [ "$HAVE_QEMU" = "yes" ]; then
|
||||||
|
@ -2651,12 +2652,7 @@ echo upload-customize | cmp /tmp/download-customize -
|
||||||
echo sync-in-setup | cmp /tmp/sync-out-setup/file -
|
echo sync-in-setup | cmp /tmp/sync-out-setup/file -
|
||||||
echo sync-in-essential | cmp /tmp/sync-out-essential/file -
|
echo sync-in-essential | cmp /tmp/sync-out-essential/file -
|
||||||
echo sync-in-customize | cmp /tmp/sync-out-customize/file -
|
echo sync-in-customize | cmp /tmp/sync-out-customize/file -
|
||||||
# in fakechroot mode, we use a fake ldconfig, so we have to
|
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
|
||||||
# artificially add some files
|
|
||||||
{ tar -tf /tmp/debian-chroot.tar;
|
|
||||||
[ "$mode" = "fakechroot" ] && printf "./etc/ld.so.cache\n./var/cache/ldconfig/\n";
|
|
||||||
[ "$mode" = "fakechroot" ] && [ "$variant" != "essential" ] && printf "./etc/.pwd.lock\n";
|
|
||||||
} | sort | diff -u tar1.txt -
|
|
||||||
rm /tmp/debian-chroot.tar \
|
rm /tmp/debian-chroot.tar \
|
||||||
/tmp/copy-in-setup /tmp/copy-in-essential /tmp/copy-in-customize \
|
/tmp/copy-in-setup /tmp/copy-in-essential /tmp/copy-in-customize \
|
||||||
/tmp/copy-out-setup /tmp/copy-out-essential /tmp/copy-out-customize \
|
/tmp/copy-out-setup /tmp/copy-out-essential /tmp/copy-out-customize \
|
||||||
|
@ -3192,12 +3188,7 @@ fi
|
||||||
prefix=
|
prefix=
|
||||||
[ "\$(id -u)" -eq 0 ] && prefix="runuser -u user --"
|
[ "\$(id -u)" -eq 0 ] && prefix="runuser -u user --"
|
||||||
\$prefix $CMD --mode=$mode --variant=$variant $DEFAULT_DIST /tmp/debian-chroot.tar $mirror
|
\$prefix $CMD --mode=$mode --variant=$variant $DEFAULT_DIST /tmp/debian-chroot.tar $mirror
|
||||||
# in fakechroot mode, we use a fake ldconfig, so we have to
|
tar -tf /tmp/debian-chroot.tar | sort | diff -u "./$variant.txt" -
|
||||||
# artificially add some files
|
|
||||||
{ tar -tf /tmp/debian-chroot.tar;
|
|
||||||
[ "$mode" = "fakechroot" ] && printf "./etc/ld.so.cache\n./var/cache/ldconfig/\n";
|
|
||||||
[ "$mode" = "fakechroot" ] && [ "$variant" != "essential" ] && printf "./etc/.pwd.lock\n";
|
|
||||||
} | sort | diff -u "./$variant.txt" -
|
|
||||||
rm /tmp/debian-chroot.tar
|
rm /tmp/debian-chroot.tar
|
||||||
END
|
END
|
||||||
if [ "$HAVE_QEMU" = "yes" ]; then
|
if [ "$HAVE_QEMU" = "yes" ]; then
|
||||||
|
@ -3714,8 +3705,6 @@ prefix=
|
||||||
\$prefix $CMD --mode=$mode --variant=apt --architectures=arm64 $DEFAULT_DIST /tmp/debian-chroot.tar $mirror
|
\$prefix $CMD --mode=$mode --variant=apt --architectures=arm64 $DEFAULT_DIST /tmp/debian-chroot.tar $mirror
|
||||||
# we ignore differences between architectures by ignoring some files
|
# we ignore differences between architectures by ignoring some files
|
||||||
# and renaming others
|
# and renaming others
|
||||||
# in fakechroot mode, we use a fake ldconfig, so we have to
|
|
||||||
# artificially add some files
|
|
||||||
# in proot mode, some extra files are put there by proot
|
# in proot mode, some extra files are put there by proot
|
||||||
{ tar -tf /tmp/debian-chroot.tar \
|
{ tar -tf /tmp/debian-chroot.tar \
|
||||||
| grep -v '^\./lib/ld-linux-aarch64\.so\.1$' \
|
| grep -v '^\./lib/ld-linux-aarch64\.so\.1$' \
|
||||||
|
@ -3723,7 +3712,6 @@ prefix=
|
||||||
| grep -v '^\./usr/share/doc/[^/]\+/changelog\(\.Debian\)\?\.arm64\.gz$' \
|
| grep -v '^\./usr/share/doc/[^/]\+/changelog\(\.Debian\)\?\.arm64\.gz$' \
|
||||||
| sed 's/aarch64-linux-gnu/x86_64-linux-gnu/' \
|
| sed 's/aarch64-linux-gnu/x86_64-linux-gnu/' \
|
||||||
| sed 's/arm64/amd64/';
|
| sed 's/arm64/amd64/';
|
||||||
[ "$mode" = "fakechroot" ] && printf "./etc/ld.so.cache\n./var/cache/ldconfig/\n./etc/.pwd.lock\n";
|
|
||||||
} | sort > tar2.txt
|
} | sort > tar2.txt
|
||||||
{ cat tar1.txt \
|
{ cat tar1.txt \
|
||||||
| grep -v '^\./usr/bin/i386$' \
|
| grep -v '^\./usr/bin/i386$' \
|
||||||
|
|
58
mmdebstrap
58
mmdebstrap
|
@ -251,6 +251,24 @@ sub get_tar_compressor {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# avoid dependency on String::ShellQuote by implementing the mechanism
|
||||||
|
# from python's shlex.quote function
|
||||||
|
sub shellescape {
|
||||||
|
my $string = shift;
|
||||||
|
if (length $string == 0) {
|
||||||
|
return "''";
|
||||||
|
}
|
||||||
|
# search for occurrences of characters that are not safe
|
||||||
|
# the 'a' regex modifier makes sure that \w only matches ASCII
|
||||||
|
if ($string !~ m/[^\w@\%+=:,.\/-]/a) {
|
||||||
|
return $string;
|
||||||
|
}
|
||||||
|
# wrap the string in single quotes and handle existing single quotes by
|
||||||
|
# putting them outside of the single-quoted string
|
||||||
|
$string =~ s/'/'"'"'/g;
|
||||||
|
return "'$string'";
|
||||||
|
}
|
||||||
|
|
||||||
sub test_unshare_userns {
|
sub test_unshare_userns {
|
||||||
my $verbose = shift;
|
my $verbose = shift;
|
||||||
if ($EFFECTIVE_USER_ID == 0) {
|
if ($EFFECTIVE_USER_ID == 0) {
|
||||||
|
@ -1977,16 +1995,15 @@ sub run_setup() {
|
||||||
copy($tmpfile, \*STDERR);
|
copy($tmpfile, \*STDERR);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (any { $_ eq $options->{mode} } ('fakechroot', 'proot')) {
|
if (none { $_ eq $options->{mode} } ('fakechroot', 'proot')) {
|
||||||
# Apt dropping privileges to another user than root is not useful in
|
# Apt dropping privileges to another user than root is not useful in
|
||||||
# fakechroot and proot mode because all users are faked and thus there
|
# fakechroot and proot mode because all users are faked and thus there
|
||||||
# is no real privilege difference anyways. Thus, we also print no
|
# is no real privilege difference anyways. We could set
|
||||||
# warning message in this case.
|
# APT::Sandbox::User "root" in fakechroot and proot mode but we don't
|
||||||
open my $fh, '>>', $tmpfile
|
# because if we would, then /var/cache/apt/archives/partial/ and
|
||||||
or error "cannot open $tmpfile for appending: $!";
|
# /var/lib/apt/lists/partial/ would not be owned by the _apt user
|
||||||
print $fh "APT::Sandbox::User \"root\";\n";
|
# if mmdebstrap was run in fakechroot or proot mode.
|
||||||
close $fh;
|
#
|
||||||
} else {
|
|
||||||
# when apt-get update is run by the root user, then apt will attempt to
|
# when apt-get update is run by the root user, then apt will attempt to
|
||||||
# drop privileges to the _apt user. This will fail if the _apt user
|
# drop privileges to the _apt user. This will fail if the _apt user
|
||||||
# does not have permissions to read the root directory. In that case,
|
# does not have permissions to read the root directory. In that case,
|
||||||
|
@ -2643,11 +2660,28 @@ sub run_prepare {
|
||||||
# /etc/fakechroot/debootstrap.env and
|
# /etc/fakechroot/debootstrap.env and
|
||||||
# /etc/fakechroot/chroot.env
|
# /etc/fakechroot/chroot.env
|
||||||
{
|
{
|
||||||
|
# we add "$@" before "-r" such that any other "-r" options will be
|
||||||
|
# overwritten by the one we set
|
||||||
|
my $escapedroot = shellescape $options->{root};
|
||||||
|
my ($fh, $filename) = tempfile(
|
||||||
|
"mmdebstrap.ldconfig.XXXXXXXXXXXX",
|
||||||
|
UNLINK => 1,
|
||||||
|
TMPDIR => 1
|
||||||
|
);
|
||||||
|
print $fh <<EOF;
|
||||||
|
#!/bin/sh
|
||||||
|
set -e
|
||||||
|
if [ ! -e $escapedroot/sbin/ldconfig ]; then exit 0; fi
|
||||||
|
mkdir --mode=700 --parents $escapedroot/var/cache/ldconfig
|
||||||
|
$escapedroot/sbin/ldconfig "\$@" -r $escapedroot
|
||||||
|
EOF
|
||||||
|
close $fh;
|
||||||
|
chmod 0755, $filename or error "cannot chmod $filename";
|
||||||
my @fakechrootsubst = ();
|
my @fakechrootsubst = ();
|
||||||
foreach my $d ('/usr/sbin', '/usr/bin', '/sbin', '/bin') {
|
foreach my $d ('/usr/sbin', '/usr/bin', '/sbin', '/bin') {
|
||||||
push @fakechrootsubst, "$d/chroot=/usr/sbin/chroot.fakechroot";
|
push @fakechrootsubst, "$d/chroot=/usr/sbin/chroot.fakechroot";
|
||||||
push @fakechrootsubst, "$d/mkfifo=/bin/true";
|
push @fakechrootsubst, "$d/mkfifo=/bin/true";
|
||||||
push @fakechrootsubst, "$d/ldconfig=/bin/true";
|
push @fakechrootsubst, "$d/ldconfig=$filename";
|
||||||
push @fakechrootsubst, "$d/ldd=/usr/bin/ldd.fakechroot";
|
push @fakechrootsubst, "$d/ldd=/usr/bin/ldd.fakechroot";
|
||||||
push @fakechrootsubst, "$d/ischroot=/bin/true";
|
push @fakechrootsubst, "$d/ischroot=/bin/true";
|
||||||
}
|
}
|
||||||
|
@ -5684,6 +5718,12 @@ sub main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($options->{mode} eq 'fakechroot') {
|
if ($options->{mode} eq 'fakechroot') {
|
||||||
|
# By default, FAKECHROOT_EXCLUDE_PATH includes /proc and
|
||||||
|
# /sys which means that the resulting tarball will contain
|
||||||
|
# the permission and ownership information of /proc and
|
||||||
|
# /sys from the outside, which we want to avoid.
|
||||||
|
## no critic (Variables::RequireLocalizedPunctuationVars)
|
||||||
|
$ENV{FAKECHROOT_EXCLUDE_PATH} = "/dev";
|
||||||
# Fakechroot requires tar to run inside the chroot or
|
# Fakechroot requires tar to run inside the chroot or
|
||||||
# otherwise absolute symlinks will include the path to the
|
# otherwise absolute symlinks will include the path to the
|
||||||
# root directory
|
# root directory
|
||||||
|
|
Loading…
Reference in a new issue