From 78883ba5a362e09b6ec1f824881dc3cf3eb73f53 Mon Sep 17 00:00:00 2001
From: Mattia Rizzolo <mattia@mapreri.org>
Date: Sat, 8 Aug 2015 16:31:43 +0000
Subject: parametrize the build directory using the conf option BUILDDIR

---
 pbuilder                    |  4 ++--
 pbuilder-buildpackage       | 20 ++++++++++----------
 pbuilder-buildpackage-funcs |  2 +-
 pbuilder-createbuildenv     |  2 +-
 pbuilder-modules            |  4 +++-
 pbuilderrc                  |  2 ++
 pbuilderrc.5                | 10 ++++++++++
 7 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/pbuilder b/pbuilder
index d816183..424dc4e 100755
--- a/pbuilder
+++ b/pbuilder
@@ -56,7 +56,7 @@ case "$1" in
 	. /usr/lib/pbuilder/pbuilder-runhooks
 	extractbuildplace
 	trap umountproc_cleanbuildplace_trap exit sighup
-	copyinputfile "${BUILDPLACE}/tmp/buildd"
+	copyinputfile "${BUILDPLACE}$BUILDDIR"
 	loadhooks
 	recover_aptcache
 	trap saveaptcache_umountproc_cleanbuildplace_trap exit sighup
@@ -111,7 +111,7 @@ File extracted to: $BUILDPLACE
 	extractbuildplace
 
 	trap umountproc_cleanbuildplace_trap exit sighup
-	copyinputfile "${BUILDPLACE}/tmp/buildd"
+	copyinputfile "${BUILDPLACE}$BUILDDIR"
 	loadhooks
 	recover_aptcache
 	trap saveaptcache_umountproc_cleanbuildplace_trap exit sighup
diff --git a/pbuilder-buildpackage b/pbuilder-buildpackage
index 606e2ff..75bfd40 100755
--- a/pbuilder-buildpackage
+++ b/pbuilder-buildpackage
@@ -76,7 +76,7 @@ esac
 BUILDRESULTUID="${BUILDRESULTUID:-${SUDO_UID:-0}}"
 BUILDRESULTGID="${BUILDRESULTGID:-${SUDO_GID:-0}}"
 
-export HOME="/tmp/buildd"
+export HOME="$BUILDDIR"
 
 echobacktime
 extractbuildplace 
@@ -125,17 +125,17 @@ save_aptcache
 trap umountproc_cleanbuildplace_trap exit sighup sigpipe
 
 log "I: Copying source file"
-copydsc "$PACKAGENAME" "$BUILDPLACE/tmp/buildd"
-copyinputfile "$BUILDPLACE/tmp/buildd"
+copydsc "$PACKAGENAME" "${BUILDPLACE}$BUILDDIR"
+copyinputfile "${BUILDPLACE}$BUILDDIR"
 
 log "I: Extracting source"
-if echo "chown $BUILDUSERNAME:$BUILDUSERNAME /tmp/buildd /tmp/buildd/*" | $CHROOTEXEC /bin/bash; then
+if echo "chown $BUILDUSERNAME:$BUILDUSERNAME $BUILDDIR $BUILDDIR/*" | $CHROOTEXEC /bin/bash; then
     : # success
 else
     log "E: pbuilder: Failed chowning to $BUILDUSERNAME:$BUILDUSERNAME"
     exit 1;
 fi
-if echo "( cd tmp/buildd; env PATH=\"$PATH\" /usr/bin/dpkg-source -x $(basename $PACKAGENAME) )" | $UNSHARE $CHROOTEXEC env $SUTOUSER ; then
+if echo "( cd $BUILDDIR; env PATH=\"$PATH\" /usr/bin/dpkg-source -x $(basename $PACKAGENAME) )" | $UNSHARE $CHROOTEXEC env $SUTOUSER ; then
     : # success
 else
     log "E: pbuilder: Failed extracting the source"
@@ -153,7 +153,7 @@ DPKG_COMMANDLINE="env PATH=\"$PATH\" dpkg-buildpackage -us -uc $DEBBUILDOPTS"
     if [ -n "$TWICE" ]; then
         DPKG_COMMANDLINE="$DPKG_COMMANDLINE && $DPKG_COMMANDLINE"
     fi
-    DPKG_COMMANDLINE="cd tmp/buildd/*/ && $DPKG_COMMANDLINE"
+    DPKG_COMMANDLINE="cd ${BUILDDIR}/*/ && $DPKG_COMMANDLINE"
     log "I: Running $DPKG_COMMANDLINE"
     echo "$DPKG_COMMANDLINE" | $UNSHARE $CHROOTEXEC env $SUTOUSER
 ) &
@@ -188,16 +188,16 @@ trap cleanbuildplace_trap exit sighup sigpipe
 umountproc
 
 if [ -d "${BUILDRESULT}" ]; then
-    chown "${BUILDRESULTUID}:${BUILDRESULTGID}" "${BUILDPLACE}"/tmp/buildd/*
-    chgrp "${BUILDRESULTGID}" "${BUILDPLACE}"/tmp/buildd/*
-    for FILE in "${BUILDPLACE}"/tmp/buildd/*; do
+    chown "${BUILDRESULTUID}:${BUILDRESULTGID}" "${BUILDPLACE}$BUILDDIR/"*
+    chgrp "${BUILDRESULTGID}" "${BUILDPLACE}$BUILDDIR/"*
+    for FILE in "${BUILDPLACE}$BUILDDIR"/*; do
 	if [ -f "${FILE}" ]; then
 	    cp -p ${FILE} "${BUILDRESULT}" || true
 	fi
     done
     for FILE in "${ADDITIONAL_BUILDRESULTS[@]}"; do
 	log "I: Trying to save additional result ${FILE}"
-	cp -a "${BUILDPLACE}/tmp/buildd/"*"/${FILE}" "${BUILDRESULT}" || true
+	cp -a "${BUILDPLACE}$BUILDDIR/"*"/${FILE}" "${BUILDRESULT}" || true
     done
 else
     log "E: BUILDRESULT=[$BUILDRESULT] is not a directory."
diff --git a/pbuilder-buildpackage-funcs b/pbuilder-buildpackage-funcs
index dff362b..19852eb 100644
--- a/pbuilder-buildpackage-funcs
+++ b/pbuilder-buildpackage-funcs
@@ -92,7 +92,7 @@ function createbuilduser () {
 	if [ -e $BUILDPLACE/etc/gshadow ]; then g='x'; else g='*'; fi
 	if ! grep -q ^$BUILDUSERNAME: $BUILDPLACE/etc/passwd; then
 	    cowprotect $BUILDPLACE/etc/passwd
-	    echo "$BUILDUSERNAME:$p:$BUILDUSERID:$BUILDUSERID:,,,:/tmp/buildd:/bin/sh" >> $BUILDPLACE/etc/passwd
+	    echo "$BUILDUSERNAME:$p:$BUILDUSERID:$BUILDUSERID:,,,:$BUILDDIR:/bin/sh" >> $BUILDPLACE/etc/passwd
 	fi
 	if ! grep -q ^$BUILDUSERNAME: $BUILDPLACE/etc/group; then
 	    cowprotect $BUILDPLACE/etc/group
diff --git a/pbuilder-createbuildenv b/pbuilder-createbuildenv
index 8979bd5..808ef1b 100755
--- a/pbuilder-createbuildenv
+++ b/pbuilder-createbuildenv
@@ -84,7 +84,7 @@ log "I: debootstrap finished"
 loadhooks
 
 
-mkdir -p "$BUILDPLACE/tmp/buildd"
+mkdir -p "${BUILDPLACE}$BUILDDIR"
 
 copy_local_configuration
 installaptlines
diff --git a/pbuilder-modules b/pbuilder-modules
index 9424ec8..7808a96 100644
--- a/pbuilder-modules
+++ b/pbuilder-modules
@@ -494,7 +494,9 @@ function extractbuildplace () {
     fi
 
     mountproc
-    mkdir -p "$BUILDPLACE/tmp/buildd"
+    # FIXME maybe add more checks here? - actually it's not even really needed,
+    # since it's created at chroot creation time too.
+    mkdir -p "${BUILDPLACE}${BUILDDIR}"
 }
 
 function echobacktime () {
diff --git a/pbuilderrc b/pbuilderrc
index cffc34f..2509aaa 100644
--- a/pbuilderrc
+++ b/pbuilderrc
@@ -5,6 +5,8 @@ BASETGZ=/var/cache/pbuilder/base.tgz
 #EXTRAPACKAGES=""
 #export DEBIAN_BUILDARCH=athlon
 BUILDPLACE=/var/cache/pbuilder/build
+# directory inside the chroot where the build happens. See #789404
+BUILDDIR=/tmp/buildd
 MIRRORSITE=http://cdn.debian.net/debian
 #OTHERMIRROR="deb http://www.home.com/updates/ ./"
 #export http_proxy=http://your-proxy:8080/
diff --git a/pbuilderrc.5 b/pbuilderrc.5
index 42065ab..aec45a8 100644
--- a/pbuilderrc.5
+++ b/pbuilderrc.5
@@ -65,6 +65,16 @@ An Example:
 BINDMOUNTS="/home /mnt/test"
 .EE
 .TP
+.BI "BUILDDIR=" "/tmp/buildd"
+The directory inside the chroot where the build happens. This will also be the
+.B HOME
+of the build user.
+
+Attention! Some directories \(em such as
+.B /tmp
+\(em are not safe to use since they can be world-writable, and external user can
+temper with the build process.
+.TP
 .BI "BUILDPLACE=" "/var/cache/pbuilder/build/"
 The default place which the chroot is constructed.
 .B pbuilder
-- 
cgit v1.2.3