From 06d3c2e20b41132414ad61fb8e292a29ab14623e Mon Sep 17 00:00:00 2001 From: Brian Harring Date: Thu, 23 Aug 2012 07:35:43 -0700 Subject: [PATCH] Pass more proxy vars into the chroot, rework sudoers.d maintenance. In particular, put the sudoers.d setup into one script (making updates to it easier in the future if necessary), and centralize the proxied vars into a const in common.sh. Thanks to Kevin McCray/Josh Triplett/Alexander Kanevsky for pointing out the missing proxy variables, and fixes/cleanup. BUG=None TEST=https_proxy=blah cros_sdk -- bash -c 'echo $https_proxy' TEST=build_packages behind a proxy. TEST=cros_sdk --replace && \ RSYNC_PROXY=blah cros_sdk -- bash -c 'echo $RSYNC_PROXY' Change-Id: I3165882dfd9c8b52d25c2b26d7ff9242c84c91bd Reviewed-on: https://gerrit.chromium.org/gerrit/31185 Tested-by: Brian Harring Reviewed-by: Josh Triplett Reviewed-by: Mike Frysinger Commit-Ready: Josh Triplett --- chroot_version_hooks.d/45_rewrite_sudoers.d | 41 +++++++++++++++++++++ common.sh | 14 +++++++ run_chroot_version_hooks | 17 ++++----- sdk_lib/enter_chroot.sh | 30 +++++---------- sdk_lib/make_chroot.sh | 16 +++----- 5 files changed, 78 insertions(+), 40 deletions(-) create mode 100644 chroot_version_hooks.d/45_rewrite_sudoers.d diff --git a/chroot_version_hooks.d/45_rewrite_sudoers.d b/chroot_version_hooks.d/45_rewrite_sudoers.d new file mode 100644 index 0000000000..316d434f3f --- /dev/null +++ b/chroot_version_hooks.d/45_rewrite_sudoers.d @@ -0,0 +1,41 @@ +# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +# Note that this script is invoked by make_chroot in addition +# to normal upgrade pathways. + +if [ "$(id -u)" != 0 ]; then + # Note that since we're screwing w/ sudo variables, this script + # explicitly bounces up to root for everything it does- that way + # if anyone introduces a temp depriving in the sudo setup, it can't break + # mid upgrade. + exec sudo bash -e "${VERSION_HOOKS_DIR}/45_rewrite_sudoers.d" \ + / "${USER}" "${ENVIRONMENT_WHITELIST[@]}" + exit 1 +fi + +# Reaching here means we're root. + +if [ $# -lt 2 ]; then + echo "Invoked with wrong number of args; expected root USER [variables]*" + exit 1 +fi + +root=$1 +username=$2 +shift +shift +set -- "${@}" CROS_WORKON_SRCROOT PORTAGE_USERNAME + +cat > "${root}/etc/sudoers.d/90_cros" < /dev/null; then error "Your chroot version file ${VERSION_FILE} is bogus: ${CHROOT_VERSION}" @@ -108,7 +107,7 @@ fi if [ "${LATEST_VERSION}" -gt "${CHROOT_VERSION}" ]; then info "Old chroot version (${CHROOT_VERSION}) found, running upgrade hooks" - pushd "${UPGRADE_D}" 1> /dev/null + pushd "${VERSION_HOOKS_DIR}" 1> /dev/null for n in $(seq "$(expr ${CHROOT_VERSION} + 1)" "${LATEST_VERSION}"); do hook=(${n}_*) @@ -138,9 +137,9 @@ if [ "${LATEST_VERSION}" -gt "${CHROOT_VERSION}" ]; then # NOTE: We source the upgrade scripts because: # 1) We can impose set -something on them. # 2) They can reuse local variables and functions (fe. from common.sh) - # Side effect is that the scripts have to be internally enclosed in - # a code block, otherwise simply running "exit" in any of them would - # terminate the master script, so we call it in a subshell. + # 3) They're allowed to use VERSION_HOOKS_DIR and VERSION_FILE. + # Note that the upgrade scripts have to be subshelled to protect ourselves, + # else a script running exit would stop the upgrade process entirely. if ! ( source ${hook} ); then error "Fatal: failed to upgrade ${n}!" exit 1 diff --git a/sdk_lib/enter_chroot.sh b/sdk_lib/enter_chroot.sh index 0b25cdb64c..77a25d4f4e 100755 --- a/sdk_lib/enter_chroot.sh +++ b/sdk_lib/enter_chroot.sh @@ -570,30 +570,20 @@ setup_env CHROOT_PASSTHRU=( "BUILDBOT_BUILD=$FLAGS_build_number" - "CHROMEOS_OFFICIAL=$CHROMEOS_OFFICIAL" "CHROMEOS_RELEASE_APPID=${CHROMEOS_RELEASE_APPID:-{DEV-BUILD}}" - - # Set CHROMEOS_VERSION_TRACK, CHROMEOS_VERSION_AUSERVER, - # CHROMEOS_VERSION_DEVSERVER as environment variables to override the default - # assumptions (local AU server). These are used in cros_set_lsb_release, and - # are used by external Chromium OS builders. - - "CHROMEOS_VERSION_TRACK=${CHROMEOS_VERSION_TRACK}" - "CHROMEOS_VERSION_AUSERVER=${CHROMEOS_VERSION_AUSERVER}" - "CHROMEOS_VERSION_DEVSERVER=${CHROMEOS_VERSION_DEVSERVER}" "EXTERNAL_TRUNK_PATH=${FLAGS_trunk}" - "SSH_AGENT_PID=${SSH_AGENT_PID}" - "SSH_AUTH_SOCK=${SSH_AUTH_SOCK}" ) -# Some vars we want to keep. -KEEP_VARS="USE GCC_GITHASH" -# Pass proxy variables into the environment. -PROXY_VARS="http_proxy ftp_proxy all_proxy GIT_PROXY_COMMAND GIT_SSH" -for type in ${KEEP_VARS} ${PROXY_VARS}; do - if [ -n "${!type}" ]; then - CHROOT_PASSTHRU+=( "${type}=${!type}" ) - fi +# Add the standard proxied variables, and a few we specifically +# export for script usage; USE/GCC_GITHASH are for ebuilds/portage, +# CHROMEOS_VERSION_* is for cros_set_lsb_release and local AU server +# (builders export this for marking reasons). +KEEP_VARS=( + CHROMEOS_VERSION_{TRACK,AUSERVER,DEVSERVER} + USE GCC_GITHASH +) +for var in "${ENVIRONMENT_WHITELIST[@]}" "${KEEP_VARS[@]}"; do + [ "${!var+set}" = "set" ] && CHROOT_PASSTHRU+=( "${var}=${!var}" ) done # Run command or interactive shell. Also include the non-chrooted path to diff --git a/sdk_lib/make_chroot.sh b/sdk_lib/make_chroot.sh index 4d459d211a..f857f0f4a3 100755 --- a/sdk_lib/make_chroot.sh +++ b/sdk_lib/make_chroot.sh @@ -172,17 +172,11 @@ init_setup () { # the user's already typed in one sudo password...) # Make sure the sudoers.d subdir exists as older stage3 base images lack it. sudo mkdir -p "${FLAGS_chroot}/etc/sudoers.d" - sudo_clobber "${FLAGS_chroot}/etc/sudoers.d/90_cros" <