starlingx/tools
Code Issues Proposed changes

stx-tool: pkgbuilder: Resolve unsafe path transition issue

Browse Source 
Isolated the chroot's persistence places to /localdisk/pkgbuilder
and keep the owner of this directory can resolve the below permission issue:
"Detected unsafe path transition /var/log ->
/var/log/journal during canonicalization of /var/log/journal."
The reason is that the owner of original directory was changed when switch
to 'USER' configured in stx.conf.
This commit also supports to update the URL of local repo after user switch

Story: 2008846
Task: 43635

Signed-off-by: hbai <haiqing.bai@windriver.com>
Change-Id: I7002670688a4a759f88fde9f4ef9f35c79ef7cf6
This commit is contained in:
hbai 2021-10-15 01:38:18 -04:00
parent b78277a54c
commit d0bd10ec9f
3 changed files with 63 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
stx/toCOPY/builder/finishSetup.sh
View File

@ -22,7 +22,13 @@ ret=`cat /etc/sudoers | grep "${MYUNAME}"`
if [ "x$ret" == "x" ]; then
echo "${MYUNAME} ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers
fi
chown -R ${MYUNAME}:cgts /localdisk
dirs_list=$(find /localdisk -maxdepth 1)
for path in $dirs_list; do
if [[ $path != "/localdisk" && $path != "/localdisk/pkgbuilder" ]]; then
chown -R ${MYUNAME}:cgts $path
fi
done
[ ! -d "/localdisk/pkgbuilder" ] && mkdir /localdisk/pkgbuilder
cp -f /root/buildrc /home/$MYUNAME/
cp -f /root/localrc /home/$MYUNAME/
cp -f /root/userenv /home/$MYUNAME/

3
stx/toCOPY/pkgbuilder/debbuilder.conf
View File

@ -6,7 +6,8 @@ $run_lintian = 0;
$run_piuparts = 0;
$purge_build_deps = 'never';
$purge_build_directory = 'successful';
$extra_repositories = [];
$extra_repositories = ['deb [trusted=yes] http://stx-stx-repomgr:80/deb-local-binary bullseye main',
'deb [trusted=yes] http://stx-stx-repomgr:80/deb-local-build bullseye main'];
$log_colour = 1;
1;

70
stx/toCOPY/pkgbuilder/debbuilder.py
View File

@ -17,8 +17,11 @@ import shutil
import subprocess
BUILD_ROOT = '/localdisk/loadbuild/'
STORE_ROOT = '/localdisk/pkgbuilder'
BUILD_ENGINE = 'sbuild'
DEBDIST = 'bullseye'
STX_LOCALRC = '/usr/local/bin/stx/stx-localrc'
SBUILD_CONF = '/etc/sbuild/sbuild.conf'
class Debbuilder:
@ -47,6 +50,7 @@ class Debbuilder:
self.chroot_processes = {}
self.sbuild_processes = {}
self.ctlog = None
self.set_extra_repos()
@property
def state(self):
@ -60,6 +64,34 @@ class Debbuilder:
def mode(self, mode):
self._mode = mode
def set_extra_repos(self):
repomgr_url = None
if not os.path.exists(STX_LOCALRC):
self.logger.warning('stx-localrc does not exist')
return
env_list = []
with open(STX_LOCALRC) as f:
env_list = list(f)
for item in env_list:
if item.startswith('export '):
envvar = item.replace('export ', '').split('=')
if envvar and envvar[0] == 'REPOMGR_DEPLOY_URL':
repomgr_url = envvar[1]
break
if repomgr_url:
try:
with open(SBUILD_CONF, '+r') as f:
sconf = f.read()
sconf = sconf.replace('http://stx-stx-repomgr:80/',
repomgr_url.strip())
f.seek(0, 0)
f.write(sconf)
f.truncate()
except IOError as e:
self.logger.error(str(e))
def has_chroot(self, chroot):
chroots = os.popen('schroot -l')
for line in chroots:
@ -83,7 +115,7 @@ class Debbuilder:
response['msg'] = 'chroot exists'
return response
user_dir = os.path.join(BUILD_ROOT, user, project)
user_dir = os.path.join(STORE_ROOT, user, project)
user_chroots_dir = os.path.join(user_dir, 'chroots')
if not os.path.exists(user_chroots_dir):
os.makedirs(user_chroots_dir)
@ -94,26 +126,32 @@ class Debbuilder:
self.logger.debug("Invalid chroot %s, clean it" % user_chroot)
shutil.rmtree(user_chroot)
self.ctlog = open(os.path.join(user_chroots_dir, 'chroot.log'), 'w')
chroot_suffix = '--chroot-suffix=-' + user
chroot_cmd = ' '.join(['sbuild-createchroot', chroot_suffix,
'--include=eatmydata', DEBDIST, user_chroot])
if mirror:
chroot_cmd = ' '.join([chroot_cmd, mirror])
self.logger.debug("Command to creat chroot:%s" % chroot_cmd)
try:
self.ctlog = open(os.path.join(user_dir, 'chroot.log'), 'w')
except IOError as e:
self.logger.error(str(e))
response['status'] = 'fail'
response['msg'] = 'fail to create log file'
else:
chroot_suffix = '--chroot-suffix=-' + user
chroot_cmd = ' '.join(['sbuild-createchroot', chroot_suffix,
'--include=eatmydata', DEBDIST, user_chroot])
if mirror:
chroot_cmd = ' '.join([chroot_cmd, mirror])
self.logger.debug("Command to creat chroot:%s" % chroot_cmd)
p = subprocess.Popen(chroot_cmd, shell=True, stdout=self.ctlog,
stderr=self.ctlog)
self.chroot_processes.setdefault(user, []).append(p)
p = subprocess.Popen(chroot_cmd, shell=True, stdout=self.ctlog,
stderr=self.ctlog)
self.chroot_processes.setdefault(user, []).append(p)
response['status'] = 'creating'
response['msg'] = ' '.join(['please check',
user_chroots_dir + '/chroot.log'])
response['status'] = 'creating'
response['msg'] = ' '.join(['please check',
user_dir + '/chroot.log'])
return response
def load_chroot(self, user, project):
response = {}
user_dir = os.path.join(BUILD_ROOT, user, project)
user_dir = os.path.join(STORE_ROOT, user, project)
user_chroots = os.path.join(user_dir, 'chroots/chroot.d')
if not os.path.exists(user_chroots):
self.logger.warn("Not find chroots %s" % user_chroots)
@ -133,7 +171,7 @@ class Debbuilder:
def save_chroot(self, user, project):
response = {}
user_dir = os.path.join(BUILD_ROOT, user, project)
user_dir = os.path.join(STORE_ROOT, user, project)
user_chroots = os.path.join(user_dir, 'chroots/chroot.d')
if os.path.exists(user_chroots):
shutil.rmtree(user_chroots)