diff --git a/Makefile b/Makefile deleted file mode 100644 index 5e2278af8ec..00000000000 --- a/Makefile +++ /dev/null @@ -1,34 +0,0 @@ -# xbps-packages top-level Makefile. -# -# MUTABLE VARIABLES -PRIVILEGED_GROUP ?= xbuilder - -# INMUTABLE VARIABLES -VERSION = 112 -GITVER := $(shell git rev-parse --short HEAD) -SHAREDIR = common/xbps-src/shutils -LIBEXECDIR = common/xbps-src/libexec - -CHROOT_C = uchroot.c -CHROOT_BIN = xbps-src-chroot-helper -CFLAGS += -O2 -Wall -Werror - -.PHONY: all setup clean - -all: - sed -e "s|@@XBPS_SRC_VERSION@@|$(VERSION) ($(GITVER))|g" \ - ${CURDIR}/common/xbps-src/xbps-src.sh > ${CURDIR}/xbps-src - $(CC) $(CFLAGS) ${LIBEXECDIR}/$(CHROOT_C) -o ${LIBEXECDIR}/$(CHROOT_BIN) - chmod 755 xbps-src - @echo "Ignoring changes to etc/conf for local overrides." - @git update-index --assume-unchanged etc/conf - @echo - @echo "The chroot helper must be a setgid binary (4750) for the group '$(PRIVILEGED_GROUP)'." - @echo "Please run 'sudo make setup' to set appropiate permissions." - -setup: - chown root:$(PRIVILEGED_GROUP) $(LIBEXECDIR)/$(CHROOT_BIN) - chmod 4750 $(LIBEXECDIR)/$(CHROOT_BIN) - -clean: - rm -f xbps-src $(LIBEXECDIR)/$(CHROOT_BIN) diff --git a/README.md b/README.md index eced82c9ce9..3304d0ac15e 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,18 @@ ## The XBPS packages collection -This repository contains the XBPS package collection to build binary packages +This repository contains the XBPS source packages collection to build binary packages for the Void Linux distribution. To start using it first you'll need some external dependencies: -- GNU make -- GNU bash -- C compiler +- bash - fakeroot -- xbps >= 0.33 +- xbps >= 0.35 -The `xbps-src` utility and its helpers must be built first: +Make sure your user is added to the `xbuilder` group to be able to use `xbps-uchroot`, +otherwise `xbps-src` won't work correctly. - $ make - -The `xbps-src` chroot helper required to chroot and setup the bind mounts must -be a setgid binary that can only be executed by a special group, by default `xbuilder`. -To set the appropiate permissions run the `setup` target: - - $ sudo make setup - -After that you can run: +The `xbps-src` utility will allow you to generate XBPS binary packages, type $ ./xbps-src -h @@ -29,7 +20,7 @@ to see all available targets/options and start building any available package in the `srcpkgs` directory. The `etc/defaults.conf` file contains the possible settings that can be overrided -through `etc/conf` configuration file for the `xbps-src` utility. +through the `etc/conf` configuration file for the `xbps-src` utility. See [Manual](https://github.com/voidlinux/xbps-packages/blob/master/Manual.md) for documentation to create and learn about the source packages. diff --git a/common/environment/setup/0000-REQUIREMENTS.sh b/common/environment/setup/0000-REQUIREMENTS.sh index c10e8da0952..78fc5a1a2f5 100644 --- a/common/environment/setup/0000-REQUIREMENTS.sh +++ b/common/environment/setup/0000-REQUIREMENTS.sh @@ -5,6 +5,7 @@ # ========================================================= # DO NOT MODIFY THIS FILE WITHOUT PRIOR WRITTEN PERMISSION! # ========================================================= +# OBSOLETE WITH XBPS>=0.35, KEEP THIS FOR COMPAT. set -a diff --git a/common/xbps-src/libexec/uchroot.c b/common/xbps-src/libexec/uchroot.c deleted file mode 100644 index 74945e69a1b..00000000000 --- a/common/xbps-src/libexec/uchroot.c +++ /dev/null @@ -1,273 +0,0 @@ -/*- - * Copyright (c) 2014 Juan Romero Pardines. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This is based on linux-user-chroot by Colin Walters, but has been adapted - * specifically for xbps-src use: - * - * - This bind mounts exactly what we need, no support for additional mounts. - * - This uses IPC/PID/mount namespaces, nothing more. - * - Disables namespace features if running in OpenVZ containers. - */ -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include /* PATH_MAX */ - -#ifndef SECBIT_NOROOT -#define SECBIT_NOROOT (1 << 0) -#endif - -#ifndef SECBIT_NOROOT_LOCKED -#define SECBIT_NOROOT_LOCKED (1 << 1) -#endif - -#ifndef PR_SET_NO_NEW_PRIVS -#define PR_SET_NO_NEW_PRIVS 38 -#endif - -static void -die(const char *fmt, ...) -{ - va_list ap; - int save_errno = errno; - - va_start(ap, fmt); - fprintf(stderr, "ERROR "); - vfprintf(stderr, fmt, ap); - fprintf(stderr, " (%s)\n", strerror(save_errno)); - va_end(ap); - exit(EXIT_FAILURE); -} - -static void -usage(const char *p) -{ - printf("Usage: %s [-D dir] [-H dir] [-S dir] \n\n" - "-D Directory to be bind mounted at /xbps-packages\n" - "-H Directory to be bind mounted at /host\n" - "-S Directory to be bind mounted at /\n", p); - exit(EXIT_FAILURE); -} - -static int -fsuid_chdir(uid_t uid, const char *path) -{ - int saveerrno, rv; - - (void)setfsuid(uid); - rv = chdir(path); - saveerrno = errno; - (void)setfsuid(0); - errno = saveerrno; - - return rv; -} - -static int -openvz_container(void) -{ - if ((!access("/proc/vz/vzaquota", R_OK)) && - (!access("/proc/user_beancounters", R_OK))) - return 1; - - return 0; -} - -static void -bindmount(uid_t ruid, const char *chrootdir, const char *dir, const char *dest) -{ - char mountdir[PATH_MAX-1]; - - snprintf(mountdir, sizeof(mountdir), "%s/%s", chrootdir, dest ? dest : dir); - - if (fsuid_chdir(ruid, dir) == -1) - die("Couldn't chdir to %s", dir); - if (mount(".", mountdir, NULL, MS_BIND|MS_PRIVATE, NULL) == -1) - die("Failed to bind mount %s at %s", dir, mountdir); -} - -int -main(int argc, char **argv) -{ - uid_t ruid, euid, suid; - gid_t rgid, egid, sgid; - const char *chrootdir, *distdir, *hostdir, *shmdir, *cmd, *argv0; - char **cmdargs, mountdir[PATH_MAX-1]; - int aidx = 0, clone_flags, child_status = 0; - pid_t child; - - chrootdir = distdir = hostdir = shmdir = cmd = NULL; - argv0 = argv[0]; - argc--; - argv++; - - if (argc < 2) - usage(argv0); - - while (aidx < argc) { - if (strcmp(argv[aidx], "-D") == 0) { - /* distdir */ - distdir = argv[aidx+1]; - aidx += 2; - } else if (strcmp(argv[aidx], "-H") == 0) { - /* hostdir */ - hostdir = argv[aidx+1]; - aidx += 2; - } else if (strcmp(argv[aidx], "-S") == 0) { - /* shmdir */ - shmdir = argv[aidx+1]; - aidx += 2; - } else { - break; - } - } - if ((argc - aidx) < 2) - usage(argv0); - - chrootdir = argv[aidx]; - cmd = argv[aidx+1]; - cmdargs = argv + aidx + 1; - - /* Never allow chrootdir == / */ - if (strcmp(chrootdir, "/") == 0) - die("/ is not allowed to be used as chrootdir"); - - if (getresgid(&rgid, &egid, &sgid) == -1) - die("getresgid"); - - if (getresuid(&ruid, &euid, &suid) == -1) - die("getresuid"); - - if (rgid == 0) - rgid = ruid; - - clone_flags = (SIGCHLD|CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUTS|CLONE_NEWPID); - if (openvz_container()) { - /* - * If running in a OpenVZ container simply disable all namespace - * features. - */ - clone_flags &= ~(CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUTS|CLONE_NEWPID); - } - - /* Issue the clone(2) syscall with our settings */ - if ((child = syscall(__NR_clone, clone_flags, NULL)) == -1) - die("clone"); - - if (child == 0) { - /* - * Restrict privileges on the child. - */ - if (prctl(PR_SET_NO_NEW_PRIVS, 1) == -1 && errno != EINVAL) { - die("prctl PR_SET_NO_NEW_PRIVS"); - } else if (prctl (PR_SET_SECUREBITS, - SECBIT_NOROOT|SECBIT_NOROOT_LOCKED) == -1) { - die("prctl SECBIT_NOROOT"); - } - if (!openvz_container()) { - /* Make / a private mount */ - if (mount(NULL, "/", "none", MS_PRIVATE|MS_REC, NULL) == -1) - die("mount(/, MS_PRIVATE|MS_REC)"); - /* Remount / with nosuid just in case */ - if (mount (NULL, "/", "none", MS_PRIVATE|MS_REMOUNT|MS_NOSUID, NULL) == -1) - die("mount(/, MS_PRIVATE|MS_REMOUNT|MS_NOSUID"); - } - - /* mount /proc */ - snprintf(mountdir, sizeof(mountdir), "%s/proc", chrootdir); - if (mount("proc", mountdir, "proc", MS_MGC_VAL|MS_PRIVATE, NULL) == -1) - die("Failed to mount %s", mountdir); - - /* bind mount /sys */ - bindmount(ruid, chrootdir, "/sys", NULL); - - /* bind mount /dev */ - bindmount(ruid, chrootdir, "/dev", NULL); - - /* bind mount hostdir if set */ - if (hostdir) - bindmount(ruid, chrootdir, hostdir, "/host"); - - /* bind mount distdir (if set) */ - if (distdir) - bindmount(ruid, chrootdir, distdir, "/xbps-packages"); - - /* bind mount shmdir (if set) */ - if (shmdir) - bindmount(ruid, chrootdir, shmdir, NULL); - - /* move chrootdir to / and chroot to it */ - if (fsuid_chdir(ruid, chrootdir) == -1) - die("Failed to chdir to %s", chrootdir); - - if (mount(".", ".", NULL, MS_BIND|MS_PRIVATE, NULL) == -1) - die("Failed to bind mount %s", chrootdir); - - if (mount(chrootdir, "/", NULL, MS_MOVE, NULL) == -1) - die("Failed to move %s as rootfs", chrootdir); - - if (chroot(".") == -1) - die("Failed to chroot to %s", chrootdir); - - /* Switch back to the gid/uid of invoking process */ - if (setgid(rgid) == -1) - die("setgid child"); - if (setuid(ruid) == -1) - die("setuid child"); - - if (execvp(cmd, cmdargs) == -1) - die("Failed to execute command %s", cmd); - } - /* Switch back to the gid/uid of invoking process also in the parent */ - if (setgid(rgid) == -1) - die("setgid child"); - if (setuid(ruid) == -1) - die("setuid child"); - - /* Wait until the child terminates */ - while (waitpid(child, &child_status, 0) < 0) { - if (errno != EINTR) - die("waitpid"); - } - - if (!WIFEXITED(child_status)) - return -1; - - return WEXITSTATUS(child_status); -} diff --git a/etc/conf b/etc/conf deleted file mode 100644 index 0be50ca3454..00000000000 --- a/etc/conf +++ /dev/null @@ -1,11 +0,0 @@ -# Configuration file for xbps-src. -# -# Load the defaults in from defaults.conf (if it's readable). -# These can be overridden below. -# -if [ -r ${XBPS_DISTDIR}/etc/defaults.conf ]; then - . ${XBPS_DISTDIR}/etc/defaults.conf -fi - -# Add your local overrides below -# diff --git a/etc/defaults.conf b/etc/defaults.conf index eacf65786cb..bdc154c20c8 100644 --- a/etc/defaults.conf +++ b/etc/defaults.conf @@ -44,7 +44,7 @@ # Enable optional arguments to xbps-install. This is useful when you use # static binaries and when you need to specify arguments. # NOTE: This is only used with the binary-bootstrap target! -#XBPS_INSTALL_ARGS="--repository=http://repo.voidlinux.eu/current" +XBPS_INSTALL_ARGS="--repository=http://repo.voidlinux.eu/current" # [OPTIONAL] # Compilation flags for C and C++. diff --git a/common/xbps-src/xbps-src.sh b/xbps-src old mode 100644 new mode 100755 similarity index 93% rename from common/xbps-src/xbps-src.sh rename to xbps-src index b8c77529f2b..ababc74dd3c --- a/common/xbps-src/xbps-src.sh +++ b/xbps-src @@ -173,34 +173,14 @@ check_build_requirements() { for f in $XBPS_SHUTILSDIR/*.sh; do [ -r $f ] && . $f done - for f in $XBPS_COMMONDIR/environment/setup/*.sh; do - [ -r $f ] && . $f - done - - if [ -z "$XBPS_SRC_REQ" -o -z "$XBPS_UTILS_REQ" -o -z "$XBPS_UTILS_API_REQ" ]; then - echo "ERROR: cannot satisfy xbps requirements!" - exit 1 - fi case "$XBPS_TARGET" in *bootstrap*) found=1;; *) ;; esac if [ -z "$found" ]; then - xbps-uhelper cmpver $(echo "$XBPS_SRC_VERSION"|awk '{print $1}') "$XBPS_SRC_REQ" + xbps-uhelper cmpver "$XBPS_VERSION" "$XBPS_VERSION_REQ" if [ $? -eq 255 ]; then - echo "ERROR: this xbps-src version is outdated! (>=$XBPS_SRC_REQ is required)" - echo "Bootstrap packages must be updated with 'xbps-src bootstrap-update'" - exit 1 - fi - xbps-uhelper cmpver "$XBPS_VERSION" "$XBPS_UTILS_REQ" - if [ $? -eq 255 ]; then - echo "ERROR: requires xbps-$XBPS_UTILS_REQ API: $XBPS_UTILS_API_REQ" - echo "Bootstrap packages must be updated with 'xbps-src bootstrap-update'" - exit 1 - fi - xbps-uhelper cmpver "$XBPS_APIVER" "$XBPS_UTILS_API_REQ" - if [ $? -eq 255 ]; then - echo "ERROR: requires xbps-$XBPS_UTILS_REQ API: $XBPS_UTILS_API_REQ" + echo "ERROR: requires xbps>=${XBPS_VERSION_REQ}" echo "Bootstrap packages must be updated with 'xbps-src bootstrap-update'" exit 1 fi @@ -288,9 +268,11 @@ read_pkg() { setup_pkg $XBPS_TARGET_PKG $XBPS_CROSS_BUILD } +# Requires xbps>=0.35 +readonly XBPS_VERSION_REQ="0.35" + readonly XBPS_VERSION=$(xbps-uhelper -V|awk '{print $2}') -readonly XBPS_APIVER=$(xbps-uhelper -V|awk '{print $4}') -readonly XBPS_SRC_VERSION="@@XBPS_SRC_VERSION@@" +readonly XBPS_SRC_VERSION="113" readonly FAKEROOT_CMD="fakeroot --" readonly XBPS_MACHINE=$(uname -m) @@ -345,6 +327,10 @@ else else readonly XBPS_DISTDIR="${_distdir}" fi + # Read defaults and then the local configuration file + if [ -f $XBPS_DISTDIR/etc/defaults.conf ]; then + . $XBPS_DISTDIR/etc/defaults.conf + fi readonly XBPS_CONFIG_FILE=$XBPS_DISTDIR/etc/conf fi @@ -384,7 +370,7 @@ readonly XBPS_TRIGGERSDIR=$XBPS_SRCPKGDIR/xbps-triggers/files readonly XBPS_CROSSPFDIR=$XBPS_COMMONDIR/cross-profiles readonly XBPS_BUILDSTYLEDIR=$XBPS_COMMONDIR/build_style readonly XBPS_LIBEXECDIR=$XBPS_COMMONDIR/xbps-src/libexec -readonly CHROOT_CMD=$XBPS_LIBEXECDIR/xbps-src-chroot-helper +readonly CHROOT_CMD=xbps-uchroot # XBPS_FETCH_CMD can be overriden export XBPS_FETCH_CMD="xbps-uhelper fetch"