From 690ca4df7c83e8d38fa58adee240f4e3fad2b8a1 Mon Sep 17 00:00:00 2001 From: Ricardo Pardini Date: Tue, 3 Jan 2023 17:44:11 +0100 Subject: [PATCH] armbian-next: add (trap) cleanup handler to reset `./tmp` and `./output` to original pre-sudo UID before exiting, even with failure/abort --- lib/functions/cli/entrypoint.sh | 5 +++-- lib/functions/host/host-utils.sh | 10 +++++++++- lib/functions/host/prepare-host.sh | 22 ++++++++++++---------- lib/functions/image/rootfs-to-image.sh | 1 - 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/lib/functions/cli/entrypoint.sh b/lib/functions/cli/entrypoint.sh index 068747373..167a003c6 100644 --- a/lib/functions/cli/entrypoint.sh +++ b/lib/functions/cli/entrypoint.sh @@ -106,8 +106,9 @@ function cli_entrypoint() { # Pre-runs might change it, but if not set, default to ARMBIAN_COMMAND. declare -g ARMBIAN_LOG_CLI_ID="${ARMBIAN_LOG_CLI_ID:-${ARMBIAN_COMMAND}}" - LOG_SECTION="entrypoint" start_logging_section # This creates LOGDIR. @TODO: also maybe causes a spurious group to be created in the log file - add_cleanup_handler trap_handler_cleanup_logging # cleanup handler for logs; it rolls it up from LOGDIR into DEST/logs @TODO: use the COMMAND in the filenames. + LOG_SECTION="entrypoint" start_logging_section # This creates LOGDIR. @TODO: also maybe causes a spurious group to be created in the log file + add_cleanup_handler trap_handler_cleanup_logging # cleanup handler for logs; it rolls it up from LOGDIR into DEST/logs + add_cleanup_handler trap_handler_reset_output_owner # make sure output folder is owned by pre-sudo user if that's the case # @TODO: So gigantic contention point here about logging the basic deps installation. if [[ "${ARMBIAN_COMMAND_REQUIRE_BASIC_DEPS}" == "yes" ]]; then diff --git a/lib/functions/host/host-utils.sh b/lib/functions/host/host-utils.sh index 0d9256416..838f11e40 100644 --- a/lib/functions/host/host-utils.sh +++ b/lib/functions/host/host-utils.sh @@ -201,7 +201,8 @@ function reset_uid_owner() { for arg in "$@"; do display_alert "reset_uid_owner: '${arg}' will be owner id '${SET_OWNER_TO_UID}'" "reset_uid_owner" "debug" if [[ -d "${arg}" ]]; then - chown -R "${SET_OWNER_TO_UID}" "${arg}" + chown "${SET_OWNER_TO_UID}" "${arg}" + find "${arg}" -uid 0 -print0 | xargs --no-run-if-empty -0 chown "${SET_OWNER_TO_UID}" elif [[ -f "${arg}" ]]; then chown "${SET_OWNER_TO_UID}" "${arg}" else @@ -230,3 +231,10 @@ function check_dir_for_mount_options() { return 0 } + +function trap_handler_reset_output_owner() { + display_alert "Resetting output directory owner" "${SRC}/output" "info" + reset_uid_owner "${SRC}/output" + display_alert "Resetting tmp directory owner" "${SRC}/.tmp" "info" + reset_uid_owner "${SRC}/.tmp" +} diff --git a/lib/functions/host/prepare-host.sh b/lib/functions/host/prepare-host.sh index 06fa7ea91..9506cb7e2 100644 --- a/lib/functions/host/prepare-host.sh +++ b/lib/functions/host/prepare-host.sh @@ -93,20 +93,20 @@ prepare_host() { if armbian_is_running_in_container; then display_alert "Running in container" "Adding provisions for container building" "info" declare -g CONTAINER_COMPAT=yes # this controls mknod usage for loop devices. - declare -g NO_APT_CACHER=yes # disable apt-cacher; we use local cache in Docker volumes. - + declare -g NO_APT_CACHER=yes # disable apt-cacher; we use local cache in Docker volumes. + # trying to use nested containers is not a good idea, so don't permit EXTERNAL_NEW=compile if [[ $EXTERNAL_NEW == compile ]]; then display_alert "EXTERNAL_NEW=compile is not available when running in container, setting to prebuilt" "" "wrn" EXTERNAL_NEW=prebuilt fi - + SYNC_CLOCK=no else display_alert "NOT running in container" "No special provisions for container building" "debug" fi - # Skip verification if you are working offline + # If offline, do not try to install dependencies, manage acng, or sync the clock. if ! $offline; then install_host_dependencies "dependencies during prepare_release" @@ -118,17 +118,19 @@ prepare_host() { display_alert "Syncing clock" "host" "info" run_host_command_logged ntpdate "${NTP_SERVER:-pool.ntp.org}" fi + fi - # create directory structure # @TODO: this should be close to DEST, otherwise super-confusing - mkdir -p "${SRC}"/{cache,output} "${USERPATCHES_PATH}" + # create directory structure # @TODO: this should be close to DEST, otherwise super-confusing + mkdir -p "${SRC}"/{cache,output} "${USERPATCHES_PATH}" - # @TODO: original: mkdir -p "${DEST}"/debs-beta/extra "${DEST}"/debs/extra "${DEST}"/{config,debug,patch} "${USERPATCHES_PATH}"/overlay "${SRC}"/cache/{sources,hash,hash-beta,toolchain,utility,rootfs} "${SRC}"/.tmp - mkdir -p "${USERPATCHES_PATH}"/overlay "${SRC}"/cache/{sources,hash,hash-beta,toolchain,utility,rootfs} "${SRC}"/.tmp + # @TODO: original: mkdir -p "${DEST}"/debs-beta/extra "${DEST}"/debs/extra "${DEST}"/{config,debug,patch} "${USERPATCHES_PATH}"/overlay "${SRC}"/cache/{sources,hash,hash-beta,toolchain,utility,rootfs} "${SRC}"/.tmp + mkdir -p "${USERPATCHES_PATH}"/overlay "${SRC}"/cache/{sources,hash,hash-beta,toolchain,utility,rootfs} "${SRC}"/.tmp + # If offline, do not try to download/install toolchains. + if ! $offline; then # Mostly deprecated. download_external_toolchains - - fi # check offline + fi # if we're building an image, not only packages... # ... and the host arch does not match the target arch ... diff --git a/lib/functions/image/rootfs-to-image.sh b/lib/functions/image/rootfs-to-image.sh index 387dd1de1..237648e05 100644 --- a/lib/functions/image/rootfs-to-image.sh +++ b/lib/functions/image/rootfs-to-image.sh @@ -121,7 +121,6 @@ create_image_from_sdcard_rootfs() { [[ -n $compression_type ]] && run_host_command_logged rm -v "${DESTIMG}/${version}.img" run_host_command_logged rsync -av --no-owner --no-group --remove-source-files "${DESTIMG}/${version}"* "${FINALDEST}" run_host_command_logged rm -rfv --one-file-system "${DESTIMG}" - reset_uid_owner "${FINALDEST}" # Fix owner of files in the final destination # write image to SD card write_image_to_device "${FINALDEST}/${version}.img" "${CARD_DEVICE}"