cookutils rev 285
cook: add aufs_chroot jail
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Mon Feb 13 15:51:04 2012 +0100 (2012-02-13) |
| parents | b049254bc104 |
| children | 031bdfdd0969 |
| files | cook |
line diff
1.1 --- a/cook Sun Feb 12 22:18:30 2012 +0100 1.2 +++ b/cook Mon Feb 13 15:51:04 2012 +0100 1.3 @@ -755,6 +755,66 @@ 1.4 done 1.5 } 1.6 1.7 +tac() 1.8 +{ 1.9 + sed '1!G;h;$!d' $1 1.10 +} 1.11 + 1.12 +# Launch the cook command into a chroot jail protected by aufs. 1.13 +# The current filesystems are used read-only and updates are 1.14 +# stored in a separate branch. 1.15 +try_aufs_chroot() { 1.16 + 1.17 + # Can we setup the chroot ? Is it already done ? 1.18 + [ -n "$AUFS_MOUNTS" -a ! -f /aufs-umount.sh ] || return 1.19 + lsmod | grep -q aufs || modprobe aufs 2> /dev/null || return 1.20 + 1.21 + echo "Setup aufs chroot..." 1.22 + base=/dev/shm/aufsmnt$$ 1.23 + mkdir ${base}root ${base}rw 1.24 + 1.25 + # Sanity check 1.26 + for i in / /proc /sys /dev/shm ; do 1.27 + case " $AUFS_MOUNTS " in 1.28 + *\ $i\ *) ;; 1.29 + *) AUFS_MOUNTS="$AUFS_MOUNTS $i" ;; 1.30 + esac 1.31 + done 1.32 + for mnt in $(echo $AUFS_MOUNTS | sort | uniq); do 1.33 + mount --bind $mnt ${base}root$mnt 1.34 + if [ $mnt == / ] && ! mount -t aufs -o br=${base}rw:/ none ${base}root; then 1.35 + echo "Aufs mountage failure" 1.36 + umount ${base}root 1.37 + rmdir ${base}* 1.38 + return 1.39 + fi 1.40 + echo "umount ${base}root$mnt" >> ${base}rw/aufs-umount.sh 1.41 + done 1.42 + mount --bind /home ${base}root/home 1.43 + 1.44 + chroot ${base}root $(cd $(dirname $0); pwd)/$(basename $0) "$@" 1.45 + status=$? 1.46 + 1.47 + echo "Leave aufs chroot..." 1.48 + umount ${base}root/home 1.49 + tac ${base}rw/aufs-umount.sh | sh 1.50 + rm -rf ${base}rw 1.51 + umount ${base}root 1.52 + rmdir $base* 1.53 + 1.54 + # Install package if requested 1.55 + if [ "$inst" ]; then 1.56 + if [ -f "$PKGS/$PACKAGE-${VERSION}${EXTRAVERSION}.tazpkg" ]; then 1.57 + cd $PKGS && tazpkg install \ 1.58 + $PACKAGE-${VERSION}${EXTRAVERSION}.tazpkg --forced 1.59 + else 1.60 + gettext -e "Unable to install package, build has failed.\n\n" 1.61 + exit 1 1.62 + fi 1.63 + fi 1.64 + exit $status 1.65 +} 1.66 + 1.67 # 1.68 # Commands 1.69 # 1.70 @@ -1035,10 +1095,6 @@ 1.71 receipt="$WOK/$pkg/receipt" 1.72 check_pkg_in_wok && echo "" 1.73 1.74 - # Display and log info if cook process stopped. 1.75 - trap 'gettext -e "\n\nCook stopped: control-C\n\n" | \ 1.76 - tee -a $LOGS/$pkg.log' INT 1.77 - 1.78 # Skip blocked, 3 lines also for the Cooker. 1.79 if grep -q "^$pkg$" $blocked && [ "$2" != "--unblock" ]; then 1.80 gettext -e "Blocked package:"; echo -e " $pkg\n" && exit 0 1.81 @@ -1047,6 +1103,13 @@ 1.82 # Log and source receipt. 1.83 echo "Cook started for: <a href='cooker.cgi?pkg=$pkg'>$pkg</a>" | log 1.84 echo "cook:$pkg" > $command 1.85 + 1.86 + try_aufs_chroot "$@" 1.87 + 1.88 + # Display and log info if cook process stopped. 1.89 + trap 'gettext -e "\n\nCook stopped: control-C\n\n" | \ 1.90 + tee -a $LOGS/$pkg.log' INT 1.91 + 1.92 unset inst 1.93 unset_receipt 1.94 . $receipt