aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMattia Rizzolo <mattia@mapreri.org>2015-08-08 16:31:43 +0000
committerMattia Rizzolo <mattia@mapreri.org>2015-08-08 16:31:43 +0000
commit78883ba5a362e09b6ec1f824881dc3cf3eb73f53 (patch)
tree3fa8f35186cbb3d81a622a189efcdfc5f5b9907c
parentf3b72f3dbb0205a30f5ef6dc0ccba4bf610b1903 (diff)
downloadpbuilder-78883ba5a362e09b6ec1f824881dc3cf3eb73f53.tar
pbuilder-78883ba5a362e09b6ec1f824881dc3cf3eb73f53.tar.gz
parametrize the build directory using the conf option BUILDDIR
-rwxr-xr-xpbuilder4
-rwxr-xr-xpbuilder-buildpackage20
-rw-r--r--pbuilder-buildpackage-funcs2
-rwxr-xr-xpbuilder-createbuildenv2
-rw-r--r--pbuilder-modules4
-rw-r--r--pbuilderrc2
-rw-r--r--pbuilderrc.510
7 files changed, 29 insertions, 15 deletions
diff --git a/pbuilder b/pbuilder
index d816183..424dc4e 100755
--- a/pbuilder
+++ b/pbuilder
@@ -56,7 +56,7 @@ case "$1" in
. /usr/lib/pbuilder/pbuilder-runhooks
extractbuildplace
trap umountproc_cleanbuildplace_trap exit sighup
- copyinputfile "${BUILDPLACE}/tmp/buildd"
+ copyinputfile "${BUILDPLACE}$BUILDDIR"
loadhooks
recover_aptcache
trap saveaptcache_umountproc_cleanbuildplace_trap exit sighup
@@ -111,7 +111,7 @@ File extracted to: $BUILDPLACE
extractbuildplace
trap umountproc_cleanbuildplace_trap exit sighup
- copyinputfile "${BUILDPLACE}/tmp/buildd"
+ copyinputfile "${BUILDPLACE}$BUILDDIR"
loadhooks
recover_aptcache
trap saveaptcache_umountproc_cleanbuildplace_trap exit sighup
diff --git a/pbuilder-buildpackage b/pbuilder-buildpackage
index 606e2ff..75bfd40 100755
--- a/pbuilder-buildpackage
+++ b/pbuilder-buildpackage
@@ -76,7 +76,7 @@ esac
BUILDRESULTUID="${BUILDRESULTUID:-${SUDO_UID:-0}}"
BUILDRESULTGID="${BUILDRESULTGID:-${SUDO_GID:-0}}"
-export HOME="/tmp/buildd"
+export HOME="$BUILDDIR"
echobacktime
extractbuildplace
@@ -125,17 +125,17 @@ save_aptcache
trap umountproc_cleanbuildplace_trap exit sighup sigpipe
log "I: Copying source file"
-copydsc "$PACKAGENAME" "$BUILDPLACE/tmp/buildd"
-copyinputfile "$BUILDPLACE/tmp/buildd"
+copydsc "$PACKAGENAME" "${BUILDPLACE}$BUILDDIR"
+copyinputfile "${BUILDPLACE}$BUILDDIR"
log "I: Extracting source"
-if echo "chown $BUILDUSERNAME:$BUILDUSERNAME /tmp/buildd /tmp/buildd/*" | $CHROOTEXEC /bin/bash; then
+if echo "chown $BUILDUSERNAME:$BUILDUSERNAME $BUILDDIR $BUILDDIR/*" | $CHROOTEXEC /bin/bash; then
: # success
else
log "E: pbuilder: Failed chowning to $BUILDUSERNAME:$BUILDUSERNAME"
exit 1;
fi
-if echo "( cd tmp/buildd; env PATH=\"$PATH\" /usr/bin/dpkg-source -x $(basename $PACKAGENAME) )" | $UNSHARE $CHROOTEXEC env $SUTOUSER ; then
+if echo "( cd $BUILDDIR; env PATH=\"$PATH\" /usr/bin/dpkg-source -x $(basename $PACKAGENAME) )" | $UNSHARE $CHROOTEXEC env $SUTOUSER ; then
: # success
else
log "E: pbuilder: Failed extracting the source"
@@ -153,7 +153,7 @@ DPKG_COMMANDLINE="env PATH=\"$PATH\" dpkg-buildpackage -us -uc $DEBBUILDOPTS"
if [ -n "$TWICE" ]; then
DPKG_COMMANDLINE="$DPKG_COMMANDLINE && $DPKG_COMMANDLINE"
fi
- DPKG_COMMANDLINE="cd tmp/buildd/*/ && $DPKG_COMMANDLINE"
+ DPKG_COMMANDLINE="cd ${BUILDDIR}/*/ && $DPKG_COMMANDLINE"
log "I: Running $DPKG_COMMANDLINE"
echo "$DPKG_COMMANDLINE" | $UNSHARE $CHROOTEXEC env $SUTOUSER
) &
@@ -188,16 +188,16 @@ trap cleanbuildplace_trap exit sighup sigpipe
umountproc
if [ -d "${BUILDRESULT}" ]; then
- chown "${BUILDRESULTUID}:${BUILDRESULTGID}" "${BUILDPLACE}"/tmp/buildd/*
- chgrp "${BUILDRESULTGID}" "${BUILDPLACE}"/tmp/buildd/*
- for FILE in "${BUILDPLACE}"/tmp/buildd/*; do
+ chown "${BUILDRESULTUID}:${BUILDRESULTGID}" "${BUILDPLACE}$BUILDDIR/"*
+ chgrp "${BUILDRESULTGID}" "${BUILDPLACE}$BUILDDIR/"*
+ for FILE in "${BUILDPLACE}$BUILDDIR"/*; do
if [ -f "${FILE}" ]; then
cp -p ${FILE} "${BUILDRESULT}" || true
fi
done
for FILE in "${ADDITIONAL_BUILDRESULTS[@]}"; do
log "I: Trying to save additional result ${FILE}"
- cp -a "${BUILDPLACE}/tmp/buildd/"*"/${FILE}" "${BUILDRESULT}" || true
+ cp -a "${BUILDPLACE}$BUILDDIR/"*"/${FILE}" "${BUILDRESULT}" || true
done
else
log "E: BUILDRESULT=[$BUILDRESULT] is not a directory."
diff --git a/pbuilder-buildpackage-funcs b/pbuilder-buildpackage-funcs
index dff362b..19852eb 100644
--- a/pbuilder-buildpackage-funcs
+++ b/pbuilder-buildpackage-funcs
@@ -92,7 +92,7 @@ function createbuilduser () {
if [ -e $BUILDPLACE/etc/gshadow ]; then g='x'; else g='*'; fi
if ! grep -q ^$BUILDUSERNAME: $BUILDPLACE/etc/passwd; then
cowprotect $BUILDPLACE/etc/passwd
- echo "$BUILDUSERNAME:$p:$BUILDUSERID:$BUILDUSERID:,,,:/tmp/buildd:/bin/sh" >> $BUILDPLACE/etc/passwd
+ echo "$BUILDUSERNAME:$p:$BUILDUSERID:$BUILDUSERID:,,,:$BUILDDIR:/bin/sh" >> $BUILDPLACE/etc/passwd
fi
if ! grep -q ^$BUILDUSERNAME: $BUILDPLACE/etc/group; then
cowprotect $BUILDPLACE/etc/group
diff --git a/pbuilder-createbuildenv b/pbuilder-createbuildenv
index 8979bd5..808ef1b 100755
--- a/pbuilder-createbuildenv
+++ b/pbuilder-createbuildenv
@@ -84,7 +84,7 @@ log "I: debootstrap finished"
loadhooks
-mkdir -p "$BUILDPLACE/tmp/buildd"
+mkdir -p "${BUILDPLACE}$BUILDDIR"
copy_local_configuration
installaptlines
diff --git a/pbuilder-modules b/pbuilder-modules
index 9424ec8..7808a96 100644
--- a/pbuilder-modules
+++ b/pbuilder-modules
@@ -494,7 +494,9 @@ function extractbuildplace () {
fi
mountproc
- mkdir -p "$BUILDPLACE/tmp/buildd"
+ # FIXME maybe add more checks here? - actually it's not even really needed,
+ # since it's created at chroot creation time too.
+ mkdir -p "${BUILDPLACE}${BUILDDIR}"
}
function echobacktime () {
diff --git a/pbuilderrc b/pbuilderrc
index cffc34f..2509aaa 100644
--- a/pbuilderrc
+++ b/pbuilderrc
@@ -5,6 +5,8 @@ BASETGZ=/var/cache/pbuilder/base.tgz
#EXTRAPACKAGES=""
#export DEBIAN_BUILDARCH=athlon
BUILDPLACE=/var/cache/pbuilder/build
+# directory inside the chroot where the build happens. See #789404
+BUILDDIR=/tmp/buildd
MIRRORSITE=http://cdn.debian.net/debian
#OTHERMIRROR="deb http://www.home.com/updates/ ./"
#export http_proxy=http://your-proxy:8080/
diff --git a/pbuilderrc.5 b/pbuilderrc.5
index 42065ab..aec45a8 100644
--- a/pbuilderrc.5
+++ b/pbuilderrc.5
@@ -65,6 +65,16 @@ An Example:
BINDMOUNTS="/home /mnt/test"
.EE
.TP
+.BI "BUILDDIR=" "/tmp/buildd"
+The directory inside the chroot where the build happens. This will also be the
+.B HOME
+of the build user.
+
+Attention! Some directories \(em such as
+.B /tmp
+\(em are not safe to use since they can be world-writable, and external user can
+temper with the build process.
+.TP
.BI "BUILDPLACE=" "/var/cache/pbuilder/build/"
The default place which the chroot is constructed.
.B pbuilder