mirror of
https://git.openwrt.org/feed/packages.git
synced 2024-06-19 23:28:39 +02:00
schroot: new package to securely enter a chroot and run a command or login shell
Signed-off-by: Javier Marcet <javier@marcet.info>
This commit is contained in:
parent
5cfea02d62
commit
207fd60ad1
23
admin/schroot/Config.in
Normal file
23
admin/schroot/Config.in
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
menu "Configuration"
|
||||||
|
|
||||||
|
config SCHROOT_BTRFS
|
||||||
|
bool "Enable support for btrfs snapshots"
|
||||||
|
select PACKAGE_btrfs-progs
|
||||||
|
default n
|
||||||
|
|
||||||
|
config SCHROOT_LOOPBACK
|
||||||
|
bool "Enable support for loopback mounts"
|
||||||
|
select PACKAGE_losetup
|
||||||
|
default n
|
||||||
|
|
||||||
|
config SCHROOT_LVM
|
||||||
|
bool "Enable support for LVM snapshots"
|
||||||
|
select PACKAGE_lvm2
|
||||||
|
default n
|
||||||
|
|
||||||
|
config SCHROOT_UUID
|
||||||
|
bool "Enable support for UUIDs"
|
||||||
|
select PACKAGE_libuuid
|
||||||
|
default n
|
||||||
|
|
||||||
|
endmenu
|
82
admin/schroot/Makefile
Normal file
82
admin/schroot/Makefile
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
|
PKG_NAME:=schroot
|
||||||
|
PKG_VERSION:=1.6.10
|
||||||
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
|
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.xz
|
||||||
|
PKG_SOURCE_URL:=http://deb.debian.org/debian/pool/main/s/schroot
|
||||||
|
PKG_HASH:=3ce8dfd9cb97b099e4b6d4ccec421d6cc8c9ef84574681e928a12badb5643d0b
|
||||||
|
|
||||||
|
PKG_MAINTAINER:=Javier Marcet <javier@marcet.info>
|
||||||
|
PKG_LICENSE:=GPL-3.0-only
|
||||||
|
PKG_LICENSE_FILES:=COPYING
|
||||||
|
|
||||||
|
PKG_INSTALL:=1
|
||||||
|
PKG_BUILD_PARALLEL:=1
|
||||||
|
PKG_FIXUP:=autoreconf
|
||||||
|
|
||||||
|
include $(INCLUDE_DIR)/nls.mk
|
||||||
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
define Package/schroot
|
||||||
|
SECTION:=admin
|
||||||
|
CATEGORY:=Administration
|
||||||
|
TITLE:=Securely enter a chroot and run a command or login shell.
|
||||||
|
DEPENDS:=$(ICONV_DEPENDS) \
|
||||||
|
+boost +boost-filesystem +boost-iostreams +boost-program_options +boost-regex \
|
||||||
|
+SCHROOT_BTRFS:btrfs-progs \
|
||||||
|
+SCHROOT_LOOPBACK:losetup \
|
||||||
|
+SCHROOT_LVM:lvm2 \
|
||||||
|
+SCHROOT_UUID:libuuid
|
||||||
|
URL:=https://salsa.debian.org/debian/schroot
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/schroot/description
|
||||||
|
Securely enter a chroot and run a command or login shell.
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/sudo/conffiles
|
||||||
|
/etc/schroot/
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/schroot/config
|
||||||
|
source "$(SOURCE)/Config.in"
|
||||||
|
endef
|
||||||
|
|
||||||
|
PKG_CONFIG_DEPENDS := \
|
||||||
|
CONFIG_SCHROOT_BTRFS \
|
||||||
|
CONFIG_SCHROOT_LOOPBACK \
|
||||||
|
CONFIG_SCHROOT_LVM \
|
||||||
|
CONFIG_SCHROOT_UUID
|
||||||
|
|
||||||
|
CONFIGURE_ARGS += \
|
||||||
|
$(if $(CONFIG_SCHROOT_BTRFS),--enable,--disable)-btrfs-snapshot \
|
||||||
|
$(if $(CONFIG_SCHROOT_LOOPBACK),--enable,--disable)-loopback \
|
||||||
|
$(if $(CONFIG_SCHROOT_LVM),--enable,--disable)-lvm-snapshot \
|
||||||
|
$(if $(CONFIG_SCHROOT_UUID),--enable,--disable)-uuid \
|
||||||
|
--enable-block-device \
|
||||||
|
--enable-union \
|
||||||
|
--disable-dchroot \
|
||||||
|
--disable-dchroot-dsa \
|
||||||
|
--disable-csbuild \
|
||||||
|
--disable-debug \
|
||||||
|
--disable-pam \
|
||||||
|
--disable-doxygen \
|
||||||
|
--disable-rpath
|
||||||
|
|
||||||
|
define Package/schroot/install
|
||||||
|
$(INSTALL_DIR) $(1)/usr/bin
|
||||||
|
$(INSTALL_SUID) $(PKG_INSTALL_DIR)/usr/bin/schroot $(1)/usr/bin/
|
||||||
|
$(INSTALL_DIR) $(1)/etc/schroot
|
||||||
|
$(CP) -R $(PKG_INSTALL_DIR)/etc/schroot/* $(1)/etc/schroot
|
||||||
|
$(INSTALL_DIR) $(1)/usr/lib/schroot
|
||||||
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libsbuild.* $(1)/usr/lib/
|
||||||
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/schroot/* $(1)/usr/lib/schroot/
|
||||||
|
$(INSTALL_DIR) $(1)/usr/share/schroot
|
||||||
|
$(CP) -R $(PKG_INSTALL_DIR)/usr/share/schroot/* $(1)/usr/share/schroot/
|
||||||
|
$(INSTALL_DIR) $(1)/etc/init.d
|
||||||
|
$(INSTALL_BIN) ./files/schroot.init $(1)/etc/init.d/schroot
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call BuildPackage,schroot))
|
10
admin/schroot/files/schroot.init
Executable file
10
admin/schroot/files/schroot.init
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/sh /etc/rc.common
|
||||||
|
|
||||||
|
START=94
|
||||||
|
|
||||||
|
start() {
|
||||||
|
[ -d /var/lib/schroot ] || {
|
||||||
|
mkdir -p /var/lib/schroot/mount /var/lib/schroot/session /var/lib/schroot/unpack /var/lib/schroot/union/overlay /var/lib/schroot/union/underlay
|
||||||
|
chmod 0700 /var/lib/schroot
|
||||||
|
}
|
||||||
|
}
|
219
admin/schroot/patches/01-openwrt.patch
Normal file
219
admin/schroot/patches/01-openwrt.patch
Normal file
|
@ -0,0 +1,219 @@
|
||||||
|
--- ./configure.ac-orig 2019-12-09 12:56:45.217308628 +0100
|
||||||
|
+++ ./configure.ac 2019-12-09 12:57:18.667492923 +0100
|
||||||
|
@@ -284,22 +284,8 @@ if test -z "$DOXYGEN"; then
|
||||||
|
HAVE_DOXYGEN="no"
|
||||||
|
fi
|
||||||
|
HAVE_LVM="yes"
|
||||||
|
-AC_PATH_PROG([LVCREATE], [lvcreate], [], [$PATH:/sbin:/usr/sbin])
|
||||||
|
-AC_PATH_PROG([LVREMOVE], [lvremove], [], [$PATH:/sbin:/usr/sbin])
|
||||||
|
-if test -z "$LVCREATE" || test -z "$LVREMOVE"; then
|
||||||
|
- HAVE_LVM="no"
|
||||||
|
-fi
|
||||||
|
HAVE_BTRFS="yes"
|
||||||
|
-AC_PATH_PROG([BTRFS], [btrfs], [], [$PATH:/sbin:/usr/sbin])
|
||||||
|
-AC_PATH_PROG([BTRFSCTL], [btrfsctl], [], [$PATH:/sbin:/usr/sbin])
|
||||||
|
-if test -z "$BTRFS" || test -z "$BTRFSCTL"; then
|
||||||
|
- HAVE_BTRFS="no"
|
||||||
|
-fi
|
||||||
|
HAVE_LOOPBACK="yes"
|
||||||
|
-AC_PATH_PROG([LOSETUP], [losetup], [], [$PATH:/sbin:/usr/sbin])
|
||||||
|
-if test -z "$LOSETUP"; then
|
||||||
|
- HAVE_LOOPBACK="no"
|
||||||
|
-fi
|
||||||
|
|
||||||
|
|
||||||
|
# Check for host platform
|
||||||
|
@@ -336,7 +322,6 @@ PKG_CHECK_MODULES([UUID], [uuid],
|
||||||
|
[HAVE_UUID=yes],
|
||||||
|
[HAVE_UUID=no])
|
||||||
|
|
||||||
|
-AM_PATH_CPPUNIT([1.10.0], [HAVE_CPPUNIT=yes])
|
||||||
|
AM_CONDITIONAL([USE_UNIT_TESTS], [test -n "$HAVE_CPPUNIT"])
|
||||||
|
|
||||||
|
SCHROOT_CFLAGS="$UUID_CFLAGS"
|
||||||
|
@@ -688,42 +673,25 @@ if test "$BOOST_PROGRAM_OPTIONS_VALIDATI
|
||||||
|
fi
|
||||||
|
|
||||||
|
dnl Note the use of quadrigraphs to quote [ and ] in regexes.
|
||||||
|
-AH_TEMPLATE(HAVE_REGEX_REGEX, [Set if the <regex> header file includes std::regex])
|
||||||
|
AH_TEMPLATE(HAVE_BOOST_REGEX, [Set if the <boost/regex.hpp> header file includes boost::regex])
|
||||||
|
-AC_MSG_CHECKING([for std::regex])
|
||||||
|
-define([testprog], [AC_LANG_PROGRAM([#include <regex>],
|
||||||
|
- [std::regex foo("^foo@<:@bar@:>@$");
|
||||||
|
- std::regex bar("^foo@<:@bar@:>@$", std::regex::extended);
|
||||||
|
- std::regex check("^@<:@^:/,.@:>@@<:@^:/,@:>@*$", std::regex::extended);])])
|
||||||
|
-AC_RUN_IFELSE(testprog,
|
||||||
|
- [AC_MSG_RESULT([yes])
|
||||||
|
- AC_DEFINE(HAVE_REGEX_REGEX, 1)],
|
||||||
|
- [dnl Check if std::regex is present but broken.
|
||||||
|
-define([testprog], [AC_LANG_PROGRAM([#include <regex>],
|
||||||
|
- [std::regex foo("^foo@<:@bar@:>@$");
|
||||||
|
- std::regex bar("^foo@<:@bar@:>@$", std::regex::extended);])])
|
||||||
|
+AC_MSG_CHECKING([for boost::regex in -lboost_regex])
|
||||||
|
+saved_LIBS="${LIBS}"
|
||||||
|
+LIBS="${saved_LIBS} -lboost_regex"
|
||||||
|
+define([testprog], [AC_LANG_PROGRAM([#include <boost/regex.hpp>],
|
||||||
|
+ [boost::regex("^foo@<:@bar@:>@$");
|
||||||
|
+ boost::regex bar("^foo@<:@bar@:>@$", boost::regex::extended);])])
|
||||||
|
AC_LINK_IFELSE(testprog,
|
||||||
|
- [AC_MSG_RESULT([broken])],
|
||||||
|
- [AC_MSG_RESULT([no])])
|
||||||
|
- AC_MSG_CHECKING([for boost::regex in -lboost_regex])
|
||||||
|
- saved_LIBS="${LIBS}"
|
||||||
|
- LIBS="${saved_LIBS} -lboost_regex"
|
||||||
|
- define([testprog], [AC_LANG_PROGRAM([#include <boost/regex.hpp>],
|
||||||
|
- [boost::regex("^foo@<:@bar@:>@$");
|
||||||
|
- boost::regex bar("^foo@<:@bar@:>@$", boost::regex::extended);])])
|
||||||
|
- AC_LINK_IFELSE(testprog,
|
||||||
|
- [AC_MSG_RESULT([yes])
|
||||||
|
- AC_DEFINE(HAVE_BOOST_REGEX, 1)
|
||||||
|
- BOOST_LIBS="${BOOST_LIBS} -lboost_regex"],
|
||||||
|
- [LIBS="${saved_LIBS} -lboost_regex-mt"
|
||||||
|
- AC_LINK_IFELSE(testprog,
|
||||||
|
- [AC_MSG_RESULT([yes])
|
||||||
|
- AC_DEFINE(HAVE_BOOST_REGEX, 1)
|
||||||
|
- BOOST_LIBS="${BOOST_LIBS} -lboost_regex-mt"],
|
||||||
|
- [AC_MSG_RESULT([no])
|
||||||
|
- AC_MSG_FAILURE([libboost_regex (Boost C++ Libraries) is not installed, but is required by schroot])])])
|
||||||
|
- LIBS="${saved_LIBS}"
|
||||||
|
-])
|
||||||
|
+ [AC_MSG_RESULT([yes])
|
||||||
|
+ AC_DEFINE(HAVE_BOOST_REGEX, 1)
|
||||||
|
+ BOOST_LIBS="${BOOST_LIBS} -lboost_regex"],
|
||||||
|
+ [LIBS="${saved_LIBS} -lboost_regex-mt"
|
||||||
|
+ AC_LINK_IFELSE(testprog,
|
||||||
|
+ [AC_MSG_RESULT([yes])
|
||||||
|
+ AC_DEFINE(HAVE_BOOST_REGEX, 1)
|
||||||
|
+ BOOST_LIBS="${BOOST_LIBS} -lboost_regex-mt"],
|
||||||
|
+ [AC_MSG_RESULT([no])
|
||||||
|
+ AC_MSG_FAILURE([libboost_regex (Boost C++ Libraries) is not installed, but is required by schroot])])])
|
||||||
|
+LIBS="${saved_LIBS}"
|
||||||
|
|
||||||
|
AC_MSG_CHECKING([for boost::iostreams in -lboost_iostreams])
|
||||||
|
saved_LIBS="${LIBS}"
|
||||||
|
--- ./bin/schroot-base/schroot-base-run.h-orig 2019-12-09 04:23:51.881428446 +0100
|
||||||
|
+++ ./bin/schroot-base/schroot-base-run.h 2019-12-09 04:24:14.934887089 +0100
|
||||||
|
@@ -61,8 +61,8 @@ namespace schroot_base
|
||||||
|
std::cout.imbue(std::locale());
|
||||||
|
std::cerr.imbue(std::locale());
|
||||||
|
|
||||||
|
- bindtextdomain (SBUILD_MESSAGE_CATALOGUE, SCHROOT_LOCALE_DIR);
|
||||||
|
- textdomain (SBUILD_MESSAGE_CATALOGUE);
|
||||||
|
+ //bindtextdomain (SBUILD_MESSAGE_CATALOGUE, SCHROOT_LOCALE_DIR);
|
||||||
|
+ //textdomain (SBUILD_MESSAGE_CATALOGUE);
|
||||||
|
|
||||||
|
typename options_type::ptr opts(new options_type);
|
||||||
|
main_type kit(opts);
|
||||||
|
--- ./sbuild/sbuild-feature.h-orig 2019-12-09 04:23:51.881428446 +0100
|
||||||
|
+++ ./sbuild/sbuild-feature.h 2019-12-09 04:24:14.934887089 +0100
|
||||||
|
@@ -24,6 +24,7 @@
|
||||||
|
#include <string>
|
||||||
|
|
||||||
|
#include <boost/format.hpp>
|
||||||
|
+#include <libintl.h>
|
||||||
|
|
||||||
|
namespace sbuild
|
||||||
|
{
|
||||||
|
--- ./etc/setup.d/20copyfiles-orig 2018-11-03 14:26:12.000000000 +0100
|
||||||
|
+++ ./etc/setup.d/20copyfiles 2019-12-09 13:56:45.277145648 +0100
|
||||||
|
@@ -39,9 +39,9 @@ copy_file()
|
||||||
|
if [ -e "$2" ]; then
|
||||||
|
|
||||||
|
# Device and inode
|
||||||
|
- da=$(/usr/bin/stat --format="%d %i" "$1")
|
||||||
|
+ da=$(/bin/stat --format="%d %i" "$1")
|
||||||
|
# This one can fail since it might not exist yet
|
||||||
|
- db=$(/usr/bin/stat --format="%d %i" "$2" 2>/dev/null || :)
|
||||||
|
+ db=$(/bin/stat --format="%d %i" "$2" 2>/dev/null || :)
|
||||||
|
|
||||||
|
if [ "$da" = "$db" ]; then
|
||||||
|
COPY="false"
|
||||||
|
--- ./etc/setup.d/20nssdatabases-orig 2018-11-03 14:26:12.000000000 +0100
|
||||||
|
+++ ./etc/setup.d/20nssdatabases 2019-12-09 13:57:34.397419039 +0100
|
||||||
|
@@ -29,7 +29,7 @@ set -e
|
||||||
|
dup_nss()
|
||||||
|
{
|
||||||
|
info "Copying $1 database to $2"
|
||||||
|
- getent "$1" > "$2"
|
||||||
|
+ cat "/etc/$1" > "$2"
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ $STAGE = "setup-start" ] || [ $STAGE = "setup-recover" ]; then
|
||||||
|
@@ -42,9 +42,9 @@ if [ $STAGE = "setup-start" ] || [ $STAG
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Device and inode
|
||||||
|
- dr=$(/usr/bin/stat --format="%d %i" "/etc/$db")
|
||||||
|
+ dr=$(/bin/stat --format="%d %i" "/etc/$db")
|
||||||
|
# This one can fail since it might not exist yet
|
||||||
|
- dc=$(/usr/bin/stat --format="%d %i" "${CHROOT_PATH}/etc/$db" 2>/dev/null || :)
|
||||||
|
+ dc=$(/bin/stat --format="%d %i" "${CHROOT_PATH}/etc/$db" 2>/dev/null || :)
|
||||||
|
|
||||||
|
# If the database inside and outside the chroot is the
|
||||||
|
# same, it's very likely that dup_nss would blank the
|
||||||
|
diff -X /home/jmarcet/.rsync-filter -pru ./etc/profile-templates/all/all/nssdatabases ./etc/profile-templates/all/all/nssdatabases
|
||||||
|
--- ./etc/profile-templates/all/all/nssdatabases 2018-11-03 14:26:12.000000000 +0100
|
||||||
|
+++ ./etc/profile-templates/all/all/nssdatabases 2019-12-09 14:03:12.799297723 +0100
|
||||||
|
@@ -4,4 +4,4 @@
|
||||||
|
passwd
|
||||||
|
shadow
|
||||||
|
-group
|
||||||
|
-gshadow
|
||||||
|
+#group
|
||||||
|
+#gshadow
|
||||||
|
diff -X /home/jmarcet/.rsync-filter -pru ./etc/profile-templates/buildd/all/nssdatabases ./etc/profile-templates/buildd/all/nssdatabases
|
||||||
|
--- ./etc/profile-templates/buildd/all/nssdatabases 2018-11-03 14:26:12.000000000 +0100
|
||||||
|
+++ ./etc/profile-templates/buildd/all/nssdatabases 2019-12-09 14:03:12.802631074 +0100
|
||||||
|
@@ -4,4 +4,4 @@
|
||||||
|
passwd
|
||||||
|
shadow
|
||||||
|
-group
|
||||||
|
-gshadow
|
||||||
|
+#group
|
||||||
|
+#gshadow
|
||||||
|
diff -X /home/jmarcet/.rsync-filter -pru ./etc/profile-templates/default/all/nssdatabases ./etc/profile-templates/default/all/nssdatabases
|
||||||
|
--- ./etc/profile-templates/default/all/nssdatabases 2018-11-03 14:26:12.000000000 +0100
|
||||||
|
+++ ./etc/profile-templates/default/all/nssdatabases 2019-12-09 14:03:12.809297778 +0100
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
services
|
||||||
|
protocols
|
||||||
|
-networks
|
||||||
|
+#networks
|
||||||
|
hosts
|
||||||
|
diff -X /home/jmarcet/.rsync-filter -pru ./etc/profile-templates/desktop/all/nssdatabases ./etc/profile-templates/desktop/all/nssdatabases
|
||||||
|
--- ./etc/profile-templates/desktop/all/nssdatabases 2018-11-03 14:26:12.000000000 +0100
|
||||||
|
+++ ./etc/profile-templates/desktop/all/nssdatabases 2019-12-09 14:03:12.812631129 +0100
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
services
|
||||||
|
protocols
|
||||||
|
-networks
|
||||||
|
+#networks
|
||||||
|
hosts
|
||||||
|
diff -X /home/jmarcet/.rsync-filter -pru ./etc/profile-templates/default/linux/fstab ./etc/profile-templates/default/linux/fstab
|
||||||
|
--- ./etc/profile-templates/default/linux/fstab 2018-11-03 14:26:12.000000000 +0100
|
||||||
|
+++ ./etc/profile-templates/default/linux/fstab 2019-12-09 14:18:46.970887080 +0100
|
||||||
|
@@ -7,7 +7,7 @@
|
||||||
|
# to run additional services in the chroot. However, note that this
|
||||||
|
# may potentially cause undesirable behaviour on upgrades, such as
|
||||||
|
# killing services on the host.
|
||||||
|
-#/run /run none rw,bind 0 0
|
||||||
|
+/run /run none rw,bind 0 0
|
||||||
|
#/run/lock /run/lock none rw,bind 0 0
|
||||||
|
-#/dev/shm /dev/shm none rw,bind 0 0
|
||||||
|
-#/run/shm /run/shm none rw,bind 0 0
|
||||||
|
+/tmp/shm /dev/shm none rw,bind 0 0
|
||||||
|
+/tmp/shm /run/shm none rw,bind 0 0
|
||||||
|
diff -X /home/jmarcet/.rsync-filter -pru ./etc/profile-templates/desktop/linux/fstab ./etc/profile-templates/desktop/linux/fstab
|
||||||
|
--- ./etc/profile-templates/desktop/linux/fstab 2018-11-03 14:26:12.000000000 +0100
|
||||||
|
+++ ./etc/profile-templates/desktop/linux/fstab 2019-12-09 14:22:14.148555674 +0100
|
||||||
|
@@ -12,7 +12,7 @@
|
||||||
|
# to run additional services in the chroot. However, note that this
|
||||||
|
# may potentially cause undesirable behaviour on upgrades, such as
|
||||||
|
# killing services on the host.
|
||||||
|
-#/run /run none rw,bind 0 0
|
||||||
|
+/run /run none rw,bind 0 0
|
||||||
|
#/run/lock /run/lock none rw,bind 0 0
|
||||||
|
-#/dev/shm /dev/shm none rw,bind 0 0
|
||||||
|
-#/run/shm /run/shm none rw,bind 0 0
|
||||||
|
+/tmp/shm /dev/shm none rw,bind 0 0
|
||||||
|
+/tmp/shm /run/shm none rw,bind 0 0
|
Loading…
Reference in New Issue
Block a user