From 3bb8842f5270c22bd298bce2cd3fe571fb860114 Mon Sep 17 00:00:00 2001 From: jperkin Date: Sat, 20 Jul 2013 10:20:42 +0000 Subject: mksandbox-1.2: * Mount /proc read-write on Linux, it appears to be required for e.g. groupadd to function correctly. * Add new --rodirs and --rwdirs options, which allow arbitrary lists of directories to be mounted appropriately inside the chroot. * Add --without-pkgsrc which prevents the default pkgsrc directories from being mounted. This allows mksandbox to be easily used for chrooted pbulk setups, using a simple invocation such as: mksandbox --without-pkgsrc --rodirs=/usr/pbulk --rwdirs=/shared /chroot --- pkgtools/mksandbox/Makefile | 4 +- pkgtools/mksandbox/files/mksandbox | 116 +++++++++++++++++++++++------------ pkgtools/mksandbox/files/mksandbox.8 | 23 ++++--- 3 files changed, 95 insertions(+), 48 deletions(-) diff --git a/pkgtools/mksandbox/Makefile b/pkgtools/mksandbox/Makefile index 4d76adad4d2..2455991da78 100644 --- a/pkgtools/mksandbox/Makefile +++ b/pkgtools/mksandbox/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.5 2013/07/18 16:07:22 jperkin Exp $ +# $NetBSD: Makefile,v 1.6 2013/07/20 10:20:42 jperkin Exp $ -DISTNAME= mksandbox-1.1 +DISTNAME= mksandbox-1.2 CATEGORIES= pkgtools MASTER_SITES= # none DISTFILES= # none diff --git a/pkgtools/mksandbox/files/mksandbox b/pkgtools/mksandbox/files/mksandbox index 8c3eeaf6e4a..24ae0ebf4b2 100755 --- a/pkgtools/mksandbox/files/mksandbox +++ b/pkgtools/mksandbox/files/mksandbox @@ -1,6 +1,6 @@ #! /bin/sh -# $NetBSD: mksandbox,v 1.4 2013/07/18 16:07:22 jperkin Exp $ +# $NetBSD: mksandbox,v 1.5 2013/07/20 10:20:42 jperkin Exp $ # Copyright (c) 2002,2012 Alistair Crooks # All rights reserved. @@ -26,7 +26,9 @@ # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # -# Usage: mksandbox [--mounthost=host] [--pkgsrc=dir] [--src=srcdir] [--verbose] [--without-x] [--xsrc=xsrcdir] sandbox-dir +# Usage: mksandbox [--mounthost=host] [--rodirs=dir1,...] [--rwdirs=dir1,...] +# [--pkgsrc=dir] [--src=srcdir] [--xsrc=xsrcdir] +# [--without-pkgsrc] [--without-x] [--verbose] sandbox-dir # # A small shell script to set up a sandbox (usually for a pkgsrc bulk # build), using null mounts. @@ -34,6 +36,9 @@ pkgsrc=/usr/pkgsrc src=/usr/src xsrc=/usr/xsrc +rodirs= +rwdirs= +with_pkgsrc=yes with_x=yes kernel="" @@ -44,8 +49,10 @@ sandboxEmptyFiles="/var/run/utmp /var/run/utmpx /var/log/wtmp /var/log/wtmpx /va usage() { - echo "usage: mksandbox [--mounthost=host] [--pkgsrc=dir] [--src=srcdir] [--verbose] [--without-x] [--xsrc=xsrcdir] sandbox-dir" - exit 1 + echo "usage: mksandbox [--mounthost=host] [--rodirs=dir1,...] [--rwdirs=dir1,...]" + echo " [--pkgsrc=dir] [--src=srcdir] [--xsrc=xsrcdir]" + echo " [--without-pkgsrc] [--without-x] [--verbose] sandbox-dir" + exit 1 } err() @@ -112,7 +119,8 @@ Linux) fi paxprog="" sedprog=/bin/sed - sandboxMountDirs="$sandboxMountDirs /proc /lib64 /usr/lib64 /usr/kerberos" + sandboxMountDirs="$sandboxMountDirs /lib64 /usr/lib64 /usr/kerberos" + sandboxWriteDirs="$sandboxWriteDirs /proc" ;; NetBSD) bmakeprog=make @@ -163,14 +171,17 @@ esac while [ $# -gt 0 ]; do case "$1" in - --mounthost=*) mounthost=`echo $1 | $sedprog -e 's|^--mounthost=||'` ;; - --pkgsrc=*) pkgsrc=`echo $1 | $sedprog -e 's|^--pkgsrc=||'` ;; - --src=*) src=`echo $1 | $sedprog -e 's|^--src=||'` ;; - --xsrc=*) xsrc=`echo $1 | $sedprog -e 's|^--xsrc=||'` ;; - --without-x) with_x=no ;; - --verbose) set -x ;; - -*) usage ;; - *) break ;; + --mounthost=*) mounthost=`echo $1 | $sedprog -e 's|^--mounthost=||'` ;; + --pkgsrc=*) pkgsrc=`echo $1 | $sedprog -e 's|^--pkgsrc=||'` ;; + --src=*) src=`echo $1 | $sedprog -e 's|^--src=||'` ;; + --xsrc=*) xsrc=`echo $1 | $sedprog -e 's|^--xsrc=||'` ;; + --rodirs=*) rodirs=`echo $1 | $sedprog -e 's|^--rodirs=||'` ;; + --rwdirs=*) rwdirs=`echo $1 | $sedprog -e 's|^--rwdirs=||'` ;; + --without-pkgsrc) with_pkgsrc=no ;; + --without-x) with_x=no ;; + --verbose) set -x ;; + -*) usage ;; + *) break ;; esac shift done @@ -191,7 +202,7 @@ if [ -n "$mounthost" ]; then mounthost="$mounthost:" fi -if [ ! -d $pkgsrc ]; then +if [ ! -d $pkgsrc -a "$with_pkgsrc" = "yes" ]; then err "pkgsrc directory $pkgsrc does not exist." fi @@ -206,13 +217,15 @@ fi sandbox=$1 sandbox_script="$sandbox/sandbox" -packages=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=PACKAGES)` -distfiles=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=DISTDIR)` -localbase=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=LOCALBASE)` -pkg_dbdir=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=PKG_DBDIR)` -localpatches=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=LOCALPATCHES)` +if [ "$with_pkgsrc" = "yes" ]; then + packages=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=PACKAGES)` + distfiles=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=DISTDIR)` + localbase=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=LOCALBASE)` + pkg_dbdir=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=PKG_DBDIR)` + localpatches=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=LOCALPATCHES)` -test -d "$localpatches" || echo "WARNING: LOCALPATCHES directory does not exist - ignoring" + test -d "$localpatches" || echo "WARNING: LOCALPATCHES directory does not exist - ignoring" +fi $mkdirprog $sandbox cat > $sandbox_script <> $sandbox_script fi -echo "Mount $pkgsrc from $sandbox" -$mkdirprog $sandbox/usr/pkgsrc -$mountprog $mountflags $mounthost$pkgsrc $sandbox/usr/pkgsrc -echo "$mounthost$pkgsrc /usr/pkgsrc rw \\" >> $sandbox_script +if [ "$with_pkgsrc" = "yes" ]; then + echo "Mount $pkgsrc from $sandbox" + $mkdirprog $sandbox/usr/pkgsrc + $mountprog $mountflags $mounthost$pkgsrc $sandbox/usr/pkgsrc + echo "$mounthost$pkgsrc /usr/pkgsrc rw \\" >> $sandbox_script + + echo "Mounting $packages and $distfiles from $sandbox" + $mkdirprog $sandbox/$packages $sandbox/$distfiles + $mkdirprog $packages $distfiles + $mountprog $mountflags $mounthost$packages $sandbox/$packages + $mountprog $mountflags $mounthost$distfiles $sandbox/$distfiles + echo "$mounthost$packages $packages rw \\" >> $sandbox_script + echo "$mounthost$distfiles $distfiles rw \\" >> $sandbox_script + + if [ -n "$localpatches" ] && [ -d "$localpatches" ]; then + echo "Mounting $localpatches from $sandbox" + $mkdirprog $sandbox/$localpatches + $mountprog $mountflags $mounthost$localpatches $sandbox/$localpatches + echo "$mounthost$localpatches $localpatches rw \\" >> $sandbox_script + fi +fi if [ "$need_xsrc" = "yes" ]; then echo "Mount $xsrc from $sandbox" @@ -340,19 +372,25 @@ if [ "$need_xsrc" = "yes" ]; then echo "$mounthost$xsrc /usr/xsrc ro \\" >> $sandbox_script fi -echo "Mounting $packages and $distfiles from $sandbox" -$mkdirprog $sandbox/$packages $sandbox/$distfiles -$mkdirprog $packages $distfiles -$mountprog $mountflags $mounthost$packages $sandbox/$packages -$mountprog $mountflags $mounthost$distfiles $sandbox/$distfiles -echo "$mounthost$packages $packages rw \\" >> $sandbox_script -echo "$mounthost$distfiles $distfiles rw \\" >> $sandbox_script - -if [ -n "$localpatches" ] && [ -d "$localpatches" ]; then - echo "Mounting $localpatches from $sandbox" - $mkdirprog $sandbox/$localpatches - $mountprog $mountflags $mounthost$localpatches $sandbox/$localpatches - echo "$mounthost$localpatches $localpatches rw \\" >> $sandbox_script +if [ -n "$rodirs" ]; then + for dir in `echo $rodirs | $sedprog -e 's/,/ /g'`; do + echo "Mount $dir from $sandbox" + $mkdirprog $sandbox$dir + $mountprog $mountflags -r $mounthost$dir $sandbox$dir + case "$opsys" in + Linux) $mountprog $mountflags -o remount,bind,ro $mounthost$dir $sandbox$dir ;; + esac + echo "$mounthost$dir $dir ro \\" >> $sandbox_script + done +fi + +if [ -n "$rwdirs" ]; then + for dir in `echo $rwdirs | $sedprog -e 's/,/ /g'`; do + echo "Mount $dir from $sandbox" + $mkdirprog $sandbox$dir + $mountprog $mountflags $mounthost$dir $sandbox$dir + echo "$mounthost$dir $dir rw \\" >> $sandbox_script + done fi cat >> $sandbox_script < .\" All rights reserved. @@ -32,11 +32,14 @@ .Sh SYNOPSIS .Nm .Op Fl Fl mounthost Ns = Ns Ar host +.Op Fl Fl rodirs Ns = Ns Ar dir,... +.Op Fl Fl rwdirs Ns = Ns Ar dir,... .Op Fl Fl pkgsrc Ns = Ns Ar dir .Op Fl Fl src Ns = Ns Ar srcdir -.Op Fl Fl verbose -.Op Fl Fl without-x .Op Fl Fl xsrc Ns = Ns Ar xsrcdir +.Op Fl Fl without-x +.Op Fl Fl without-pkgsrc +.Op Fl Fl verbose .Ar sandbox-dir .Sh DESCRIPTION .Nm @@ -51,6 +54,10 @@ The following options are available: Use .Ar host as the mount host. +.It Fl Fl rodirs Ns = Ns Ar dir,... +Mount additional directories read-only. +.It Fl Fl rwdirs Ns = Ns Ar dir,... +Mount additional directories read-write. .It Fl Fl pkgsrc Ns = Ns Ar dir Look for the pkgsrc files in .Ar dir @@ -64,10 +71,6 @@ src files in instead of the default .Pa /usr/src (only needed for some packages that compile kernel modules). -.It Fl Fl verbose -More verbose output. -.It Fl Fl without-x -Do not include X files in the sandbox. .It Fl Fl xsrc Ns = Ns Ar xsrcdir Look for the .Nx @@ -76,6 +79,12 @@ xsrc files in instead of the default .Pa /usr/xsrc (only needed for some packages). +.It Fl Fl without-pkgsrc +Do not mount pkgsrc directories in the sandbox. +.It Fl Fl without-x +Do not include X files in the sandbox. +.It Fl Fl verbose +More verbose output. .El .Sh USAGE After -- cgit v1.2.3