Since we are root in the namespace, ssh will attempt to use the root
users config, additionally the ssh_config.d directory will have invalid
permissions (since it's owned by root on the host which is not mapped
into the userns).
Hack around all of these with some fancy mounts in the sandbox.
The "proper" way to do this would be to stop using the host rootfs
alltogether and unshare ourselves into an Alpine chroot, with the
users .ssh directory mounted in. But that will require refactoring
pmbootstrap's init code to be able to parse args and do actions before
entering the namespace.
Signed-off-by: Casey Connolly <kcxt@postmarketos.org>
Some data like kernel mount overlays and the apk progress fifo don't
need to stick around, let's put them in a special new tmpfs which is
destroyed when pmbootstrap exits.
Signed-off-by: Casey Connolly <kcxt@postmarketos.org>
By making the block device writable by our user, we solve the problem of
needing sudo which isn't available in the user namespace.
Solve this by doing some hacky early argument parsing and prompting the
user to chown the block device.
Signed-off-by: Casey Connolly <kcxt@postmarketos.org>
Running pmbootstrap as root doesn't work anymore, and there should never
be a need for this. Let's just stop supporting this usecase.
Error:
Traceback (most recent call last):
File "/home/cas/bin/pmbootstrap", line 61, in <module>
sandbox.setup_mounts(fsops)
File "/home/cas/pmos/pmbootstrap/pmb/init/sandbox.py", line 975, in setup_mounts
mount(".", "/", "", MS_MOVE, "")
File "/home/cas/pmos/pmbootstrap/pmb/init/sandbox.py", line 170, in mount
oserror("mount", dst)
File "/home/cas/pmos/pmbootstrap/pmb/init/sandbox.py", line 145, in oserror
raise OSError(ctypes.get_errno(), os.strerror(ctypes.get_errno()), filename or None)
OSError: [Errno 22] Invalid argument: '/'
Signed-off-by: Casey Connolly <kcxt@postmarketos.org>
Put ourselves in a new PID namespace so that daemons we might start in
the chroot like adbd will be killed on exit.
This simplifies "shutdown" since we no longer need to kill these
processes.
Signed-off-by: Casey Connolly <kcxt@postmarketos.org>
Rework how we handle binfmt_misc so it will work inside a user
namespace.
* Use a custom mountpoint (only accessible inside the mount namespace),
this is the crux of the change, allowing us to mount it as non-root
and avoid messing with any host configs too!
* No longer explicitly modprobe binfmt_misc, any modern system should
probe it automatically when we try to mount it... I think so anyways
heh
Signed-off-by: Casey Connolly <kcxt@postmarketos.org>
Use sandbox functions to unshare the entire pmbootstrap process with
user namespaces.
This lets us do whatever we want without polluting the global mount
namepsace, and eliminates the need for "pmbootstrap shutdown".
Currently install is broken since it uses loop devices, this should be
addressed by using something like systemd.repartd (or doing all the
offset calculation and gpt stuff ourselves).
Signed-off-by: Casey Connolly <kcxt@postmarketos.org>
While at it, also remove unnecessary "#!/usr/bin/env python3" in files
that only get imported, and adjust other empty/comment lines in the
beginnings of the files for consistency.
This makes files easier to read, and makes the pmbootstrap codebase more
consistent with the build.postmarketos.org codebase.
Thanks craftyguy!
Probably meant to call 'globals()' and not 'locals()'. As @MartijnBraam
pointed out in IRC, probably best to have these functions in a separate
module so they can be parsed with getattr
Thanks, @cclauss!
* Dictionary lookup of event loop actions
This was kind of an experiment that adds lots of blank lines to this script -- feel free to reject it.
The observation that triggered this was that in main() all actions can execute using just one parameter, args. This means that it is possible to use args.action to do a dict lookup to get the corresponding function. This approach adds tons of blank lines to the script in exchange for a rapid seek to the action implementation and a substantial reduction of the McCabe complexity of main().
$ __flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics__
```
./pmbootstrap.py:43:1: C901 'main' is too complex (23)
./pmb/aportgen/core.py:38:1: C901 'rewrite' is too complex (17)
[ ... ]
```
* Remove action_dict and use locals() instead
TLDR: Always rebuild/install packages when something changed when executing "pmbootstrap install/initfs/flash", more speed in dependency resolution.
---
pmbootstrap has already gotten some support for "timestamp based rebuilds", which modifies the logic for when packages should be rebuilt. It doesn't only consider packages outdated with old pkgver/pkgrel combinations, but also packages, where a source file has a newer timestamp, than the built package has.
I've found out, that this can lead to more rebuilds than expected. For example, when you check out the pmbootstrap git repository again into another folder, although you have already built packages. Then all files have the timestamp of the checkout, and the packages will appear to be outdated. While this is not largely a concern now, this will become a problem once we have a binary package repository, because then the packages from the binary repo will always seem to be outdated, if you just freshly checked out the repository.
To combat this, git gets asked if the files from the aport we're looking at are in sync with upstream, or not. Only when the files are not in sync with upstream and the timestamps of the sources are newer, a rebuild gets triggered from now on.
In case this logic should fail, I've added an option during "pmbootstrap init" where you can enable or disable the "timestamp based rebuilds" option.
In addition to that, this commit also works on fixing #120: packages do not get updated in "pmbootstrap install" after they have been rebuilt. For this to work, we specify all packages explicitly for abuild, instead of letting abuild do the resolving. This feature will also work with the "timestamp based rebuilds".
This commit also fixes the working_dir argument in pmb.helpers.run.user, which was simply ignored before.
Finally, the performance of the dependency resolution is faster again (when compared to the current version in master), because the parsed apkbuilds and finding the aport by pkgname gets cached during one pmbootstrap call (in args.cache, which also makes it easy to put fake data there in testcases).
The new dependency resolution code can output lots of verbose messages for debugging by specifying the `-v` parameter. The meaning of that changed, it used to output the file names where log messages come from, but no one seemed to use that anyway.
* Fix: Do not swallow traces when crashing before log init (e.g.
during argument parsing)
* Show a link to the troubleshooting page, when an error happens
* (Formatting done by autopep8 in pmb/config/init.py)
* Minimum version: 2.7.2 (which fixes two CVEs)
* Check the minimum apk version before doing something with apk and
before entering the chroot manually (previously, it has just checked
the apk-tools-static version, which gets used to set up the chroot)
* Reword the message for an outdated APK version. Most likely it is
just the outdated http cache, instead of a man-in-the-middle attack.
See also:
b849b481a0
We have "lazy reproducible builds" now. What I mean by that is, that
the resulting "apk" archive is not fully reproducible, but all binaries
inside it are. This is necessary to kick-off the binary repo, which is
in turn required to get the testsuite going on Travis. Read #64 for more
information.
Usage:
```
pmbootstrap build hello-world --buildinfo
pmbootstrap challenge /tmp/path/to/hello-world-1-r2.apk
```
The "--buildinfo" parameter generates a "buildinfo.json", which contains
the versions of all dependencies. It is not very optimizied, so this
is a performance bottleneck and takes 10 seconds (which is quite much
considering that the hello-world package builds in less than a second).
This can be improved in the future, and then the buildinfo parameter
may become the default.
* allows to build/extract/list initramfs, add/del hook
* rebuild the initfs whenever running install or trying to flash/boot it
* flasher flash/boot: automatically set up a minimal rootfs with kernel and initfs,
if it does not exist yet
pmb.chroot.apk.installed() used to return only the explicitly installed
packages. This is not good enough for the initfs check functions (and
especially for the "lazy reproducible builds", from which branch this
commit was cherry picked).
This commit introduces more noise for the logfile - if this becomes
a problem, raise your voice in the issues tracker and we'll do something
about it.
(This commit also changes minor code styling in other files, I did
not run autopep8 last time, because flake8 didn't complain...)
...also increase the default line count to 30, so it's easier to
spot an error if you didn't have the log open when it happened.
This parameter also works for 'pmbootstrap log_distccd', for consistency.
