summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2017-04-05 16:28:13 +0300
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2017-04-28 18:26:27 +0300
commit667ab533beafe63baaea11b2b6a6cc7df964de36 (patch)
treee5fac3e92f39d5153499f7d9bfa1de3423bca4c4
parent34fdd5629aa7529871e9eb4a1fa1b67ea526b753 (diff)
downloadabuild-667ab533beafe63baaea11b2b6a6cc7df964de36.tar.bz2
abuild-667ab533beafe63baaea11b2b6a6cc7df964de36.tar.xz
abuild: build in chrootbwrap
This patch is based on earlier work by Timo Teräs.
-rw-r--r--Makefile2
-rw-r--r--abuild-rmtemp.c49
-rw-r--r--abuild-sudo.c1
-rw-r--r--abuild.conf4
-rw-r--r--abuild.in108
5 files changed, 161 insertions, 3 deletions
diff --git a/Makefile b/Makefile
index a87d16f..ee11d19 100644
--- a/Makefile
+++ b/Makefile
@@ -10,7 +10,7 @@ datadir ?= $(prefix)/share/$(PACKAGE)
SCRIPTS := abuild abuild-keygen abuild-sign newapkbuild \
abump apkgrel buildlab apkbuild-cpan checkapk \
apkbuild-gem-resolver
-USR_BIN_FILES := $(SCRIPTS) abuild-tar abuild-gzsplit abuild-sudo abuild-fetch
+USR_BIN_FILES := $(SCRIPTS) abuild-tar abuild-gzsplit abuild-sudo abuild-fetch abuild-rmtemp
SAMPLES := sample.APKBUILD sample.initd sample.confd \
sample.pre-install sample.post-install
AUTOTOOLS_TOOLCHAIN_FILES := config.sub config.guess
diff --git a/abuild-rmtemp.c b/abuild-rmtemp.c
new file mode 100644
index 0000000..36a12ec
--- /dev/null
+++ b/abuild-rmtemp.c
@@ -0,0 +1,49 @@
+/*
+ * abuild-rmtemp
+ * Copyright (c) 2017 Kaarle Ritvanen
+ * Distributed under GPL-2
+ */
+
+#include <err.h>
+#include <errno.h>
+#include <ftw.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#define PREFIX "/var/tmp/abuild."
+
+static void fail() {
+ errx(1, "%s", strerror(errno));
+}
+
+static int handler(const char *fpath, const struct stat *sb, int typeflag, struct FTW *ftwbuf) {
+ return remove(fpath);
+}
+
+int main(int argc, char **argv) {
+ if (argc < 2) return 0;
+
+ if (getuid()) {
+ argv[0] = "-abuild-rmtemp";
+ execv("/usr/bin/abuild-sudo", argv);
+ }
+
+ if (strncmp(argv[1], PREFIX, strlen(PREFIX)) || \
+ strchr(argv[1] + strlen(PREFIX), '/'))
+ errx(1, "Invalid path: %s", argv[1]);
+
+ struct stat s;
+ if (lstat(argv[1], &s)) fail();
+ struct passwd *p = getpwnam(getenv("USER"));
+ if (!p) errx(1, "Incorrect user");
+ if (s.st_uid != p->pw_uid) errx(1, "Permission denied");
+
+ if (nftw(argv[1], handler, 512, FTW_DEPTH)) fail();
+
+ return 0;
+}
diff --git a/abuild-sudo.c b/abuild-sudo.c
index 5a084a6..1ed6ad9 100644
--- a/abuild-sudo.c
+++ b/abuild-sudo.c
@@ -27,6 +27,7 @@ static const char* valid_cmds[] = {
"/bin/addgroup",
"/usr/sbin/addgroup",
"/sbin/apk",
+ "/usr/bin/abuild-rmtemp",
NULL
};
diff --git a/abuild.conf b/abuild.conf
index a0d9f0b..3b6636e 100644
--- a/abuild.conf
+++ b/abuild.conf
@@ -22,7 +22,7 @@ REPODEST=$HOME/packages/
#MAINTAINER="$PACKAGER"
# what to clean up after a successful build
-CLEANUP="srcdir pkgdir deps"
+CLEANUP="srcdir bldroot pkgdir deps"
# what to cleanup after a failed build
-ERROR_CLEANUP="deps"
+ERROR_CLEANUP="bldroot deps"
diff --git a/abuild.in b/abuild.in
index ea7ee1e..ed444d0 100644
--- a/abuild.in
+++ b/abuild.in
@@ -83,6 +83,11 @@ cleanup() {
fi
for i; do
case $i in
+ bldroot)
+ if [ "$BUILD_ROOT" ]; then
+ msg "Cleaning up build chroot"
+ abuild-rmtemp "$BUILD_ROOT"
+ fi;;
pkgdir) msg "Cleaning up pkgdir"; rm -rf "$pkgbasedir";;
srcdir) msg "Cleaning up srcdir"; rm -rf "$srcdir";;
deps)
@@ -1987,6 +1992,106 @@ checksum() {
echo "sha512sums=\"$sha512sums\"" >>"$APKBUILD"
}
+subst() {
+ (
+ for key in $(git config --list --name-only); do
+ k=${key#abuild.}
+ [ $k != $key ] && \
+ eval "export $k=\"$(git config --get $key)\""
+ done
+
+ export mirror version
+ [ "$mirror" ] || mirror=http://dl-cdn.alpinelinux.org/alpine
+
+ if [ -z "$version" ]; then
+ version=$(git symbolic-ref --short HEAD)
+ [ "$version" ] && \
+ version=$(expr "$version" : '\([0-9]\+\(\.[0-9]\+\)*\)-') && \
+ version=v${version}
+ [ "$version" ] || version=edge
+ fi
+
+ envsubst
+ )
+}
+
+rootbld() {
+ if apk_up2date && [ -z "$force" ]; then
+ msg "Package is up to date"
+ return
+ fi
+
+ [ "$CBUILD" = "$CHOST" ] || die "rootbld: cross-building not supported currently"
+
+ local cmd
+ for cmd in bwrap git; do
+ [ -x "$(which $cmd)" ] || die "rootbld: $cmd not installed"
+ done
+
+ logcmd "chroot building building $repo/$pkgname-$pkgver-r$pkgrel"
+
+ # check early if we have abuild key
+ abuild-sign --installed
+
+ # networking business
+ sanitycheck
+ clean
+ fetch
+ verify
+
+ msg "Preparing build chroot..."
+
+ BUILD_ROOT=$(mktemp -d /var/tmp/abuild.XXXXXXXXXX)
+ local aportsgit=${APORTSDIR:-${startdir}}
+
+ mkdir -p "$BUILD_ROOT/proc" "$BUILD_ROOT/etc/apk/keys" \
+ "$BUILD_ROOT/$HOME/.abuild" "$BUILD_ROOT/$aportsgit" \
+ "$BUILD_ROOT/$SRCDEST" "$BUILD_ROOT/$REPODEST" \
+ "$BUILD_ROOT/tmp/pkg" "$BUILD_ROOT/tmp/src" \
+ "$BUILD_ROOT/usr/bin" "$pkgbasedir" "$REPODEST" \
+ "$srcdir"
+
+ cp /etc/abuild.conf "$BUILD_ROOT/etc"
+ cp /etc/apk/keys/* "$BUILD_ROOT/etc/apk/keys"
+
+ local repo_template=$aportsgit/$repo/.rootbld-repositories
+ local repofile=$BUILD_ROOT/etc/apk/repositories
+ if [ -s "$repo_template" ]; then
+ subst < "$repo_template"
+ else
+ local prefix='$mirror/$version'
+ subst <<-EOF
+ $prefix/main
+ $prefix/community
+ EOF
+ fi > "$repofile"
+ echo "$REPODEST/$repo" >> "$repofile"
+
+ calcdeps
+ $SUDO_APK add --initdb --root "$BUILD_ROOT" --update \
+ abuild alpine-base build-base git $hostdeps $builddeps
+
+ local bwrap_opts=""
+ options_has "net" || bwrap_opts="$bwrap_opts --unshare-net"
+ bwrap --unshare-ipc --unshare-uts $bwrap_opts \
+ --ro-bind "$BUILD_ROOT" / \
+ --proc /proc \
+ --dev-bind /dev /dev \
+ --ro-bind "$HOME/.abuild" "$HOME/.abuild" \
+ --ro-bind "$aportsgit" "$aportsgit" \
+ --bind "$SRCDEST" "$SRCDEST" \
+ --bind "$BUILD_ROOT/tmp/src" "$srcdir" \
+ --bind "$BUILD_ROOT/tmp/pkg" "$pkgbasedir" \
+ --bind "$BUILD_ROOT/tmp" /tmp \
+ --bind "$REPODEST" "$REPODEST" \
+ --hostname "build-edge-$CARCH" \
+ --chdir "$startdir" \
+ --setenv PATH /bin:/usr/bin:/sbin:/usr/sbin \
+ /usr/bin/abuild $force symlinksrc unpack prepare mkusers build rootpkg
+ update_abuildrepo_index
+ cleanup $CLEANUP
+}
+
stripbin() {
local bin
if options_has "!strip" || [ "${subpkgarch:-$pkgarch}" = "noarch" ]; then
@@ -2234,6 +2339,7 @@ usage() {
listpkg List target packages
package Create package in \$REPODEST
prepare Apply patches
+ rootbld Build package in clean chroot
rootpkg Run 'package', the split functions and create apks as fakeroot
sanitycheck Basic sanity check of APKBUILD
snapshot Create a \$giturl or \$svnurl snapshot and upload to \$disturl
@@ -2299,6 +2405,8 @@ repo=${repo##*/}
SRCDEST=${SRCDEST:-$startdir}
+BUILD_ROOT=
+
# set a default CC
: ${CC:=gcc}
export CC