From d0bd10ec9f8dd1b436401b72fab9b194131b4647 Mon Sep 17 00:00:00 2001 From: hbai Date: Fri, 15 Oct 2021 01:38:18 -0400 Subject: [PATCH] stx-tool: pkgbuilder: Resolve unsafe path transition issue Isolated the chroot's persistence places to /localdisk/pkgbuilder and keep the owner of this directory can resolve the below permission issue: "Detected unsafe path transition /var/log -> /var/log/journal during canonicalization of /var/log/journal." The reason is that the owner of original directory was changed when switch to 'USER' configured in stx.conf. This commit also supports to update the URL of local repo after user switch Story: 2008846 Task: 43635 Signed-off-by: hbai Change-Id: I7002670688a4a759f88fde9f4ef9f35c79ef7cf6 --- stx/toCOPY/builder/finishSetup.sh | 8 ++- stx/toCOPY/pkgbuilder/debbuilder.conf | 3 +- stx/toCOPY/pkgbuilder/debbuilder.py | 70 +++++++++++++++++++++------ 3 files changed, 63 insertions(+), 18 deletions(-) diff --git a/stx/toCOPY/builder/finishSetup.sh b/stx/toCOPY/builder/finishSetup.sh index 20adcfabe..d50cd037c 100755 --- a/stx/toCOPY/builder/finishSetup.sh +++ b/stx/toCOPY/builder/finishSetup.sh @@ -22,7 +22,13 @@ ret=`cat /etc/sudoers | grep "${MYUNAME}"` if [ "x$ret" == "x" ]; then echo "${MYUNAME} ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers fi -chown -R ${MYUNAME}:cgts /localdisk +dirs_list=$(find /localdisk -maxdepth 1) +for path in $dirs_list; do + if [[ $path != "/localdisk" && $path != "/localdisk/pkgbuilder" ]]; then + chown -R ${MYUNAME}:cgts $path + fi +done +[ ! -d "/localdisk/pkgbuilder" ] && mkdir /localdisk/pkgbuilder cp -f /root/buildrc /home/$MYUNAME/ cp -f /root/localrc /home/$MYUNAME/ cp -f /root/userenv /home/$MYUNAME/ diff --git a/stx/toCOPY/pkgbuilder/debbuilder.conf b/stx/toCOPY/pkgbuilder/debbuilder.conf index 019d1f2b1..3b90800e8 100644 --- a/stx/toCOPY/pkgbuilder/debbuilder.conf +++ b/stx/toCOPY/pkgbuilder/debbuilder.conf @@ -6,7 +6,8 @@ $run_lintian = 0; $run_piuparts = 0; $purge_build_deps = 'never'; $purge_build_directory = 'successful'; -$extra_repositories = []; +$extra_repositories = ['deb [trusted=yes] http://stx-stx-repomgr:80/deb-local-binary bullseye main', + 'deb [trusted=yes] http://stx-stx-repomgr:80/deb-local-build bullseye main']; $log_colour = 1; 1; diff --git a/stx/toCOPY/pkgbuilder/debbuilder.py b/stx/toCOPY/pkgbuilder/debbuilder.py index a03ad85d0..9f67995a3 100644 --- a/stx/toCOPY/pkgbuilder/debbuilder.py +++ b/stx/toCOPY/pkgbuilder/debbuilder.py @@ -17,8 +17,11 @@ import shutil import subprocess BUILD_ROOT = '/localdisk/loadbuild/' +STORE_ROOT = '/localdisk/pkgbuilder' BUILD_ENGINE = 'sbuild' DEBDIST = 'bullseye' +STX_LOCALRC = '/usr/local/bin/stx/stx-localrc' +SBUILD_CONF = '/etc/sbuild/sbuild.conf' class Debbuilder: @@ -47,6 +50,7 @@ class Debbuilder: self.chroot_processes = {} self.sbuild_processes = {} self.ctlog = None + self.set_extra_repos() @property def state(self): @@ -60,6 +64,34 @@ class Debbuilder: def mode(self, mode): self._mode = mode + def set_extra_repos(self): + repomgr_url = None + if not os.path.exists(STX_LOCALRC): + self.logger.warning('stx-localrc does not exist') + return + + env_list = [] + with open(STX_LOCALRC) as f: + env_list = list(f) + for item in env_list: + if item.startswith('export '): + envvar = item.replace('export ', '').split('=') + if envvar and envvar[0] == 'REPOMGR_DEPLOY_URL': + repomgr_url = envvar[1] + break + + if repomgr_url: + try: + with open(SBUILD_CONF, '+r') as f: + sconf = f.read() + sconf = sconf.replace('http://stx-stx-repomgr:80/', + repomgr_url.strip()) + f.seek(0, 0) + f.write(sconf) + f.truncate() + except IOError as e: + self.logger.error(str(e)) + def has_chroot(self, chroot): chroots = os.popen('schroot -l') for line in chroots: @@ -83,7 +115,7 @@ class Debbuilder: response['msg'] = 'chroot exists' return response - user_dir = os.path.join(BUILD_ROOT, user, project) + user_dir = os.path.join(STORE_ROOT, user, project) user_chroots_dir = os.path.join(user_dir, 'chroots') if not os.path.exists(user_chroots_dir): os.makedirs(user_chroots_dir) @@ -94,26 +126,32 @@ class Debbuilder: self.logger.debug("Invalid chroot %s, clean it" % user_chroot) shutil.rmtree(user_chroot) - self.ctlog = open(os.path.join(user_chroots_dir, 'chroot.log'), 'w') - chroot_suffix = '--chroot-suffix=-' + user - chroot_cmd = ' '.join(['sbuild-createchroot', chroot_suffix, - '--include=eatmydata', DEBDIST, user_chroot]) - if mirror: - chroot_cmd = ' '.join([chroot_cmd, mirror]) - self.logger.debug("Command to creat chroot:%s" % chroot_cmd) + try: + self.ctlog = open(os.path.join(user_dir, 'chroot.log'), 'w') + except IOError as e: + self.logger.error(str(e)) + response['status'] = 'fail' + response['msg'] = 'fail to create log file' + else: + chroot_suffix = '--chroot-suffix=-' + user + chroot_cmd = ' '.join(['sbuild-createchroot', chroot_suffix, + '--include=eatmydata', DEBDIST, user_chroot]) + if mirror: + chroot_cmd = ' '.join([chroot_cmd, mirror]) + self.logger.debug("Command to creat chroot:%s" % chroot_cmd) - p = subprocess.Popen(chroot_cmd, shell=True, stdout=self.ctlog, - stderr=self.ctlog) - self.chroot_processes.setdefault(user, []).append(p) + p = subprocess.Popen(chroot_cmd, shell=True, stdout=self.ctlog, + stderr=self.ctlog) + self.chroot_processes.setdefault(user, []).append(p) - response['status'] = 'creating' - response['msg'] = ' '.join(['please check', - user_chroots_dir + '/chroot.log']) + response['status'] = 'creating' + response['msg'] = ' '.join(['please check', + user_dir + '/chroot.log']) return response def load_chroot(self, user, project): response = {} - user_dir = os.path.join(BUILD_ROOT, user, project) + user_dir = os.path.join(STORE_ROOT, user, project) user_chroots = os.path.join(user_dir, 'chroots/chroot.d') if not os.path.exists(user_chroots): self.logger.warn("Not find chroots %s" % user_chroots) @@ -133,7 +171,7 @@ class Debbuilder: def save_chroot(self, user, project): response = {} - user_dir = os.path.join(BUILD_ROOT, user, project) + user_dir = os.path.join(STORE_ROOT, user, project) user_chroots = os.path.join(user_dir, 'chroots/chroot.d') if os.path.exists(user_chroots): shutil.rmtree(user_chroots)