Pass more proxy vars into the chroot, rework sudoers.d maintenance.

In particular, put the sudoers.d setup into one script (making updates to it easier in the future if necessary), and centralize the proxied vars into a const in common.sh. Thanks to Kevin McCray/Josh Triplett/Alexander Kanevsky for pointing out the missing proxy variables, and fixes/cleanup. BUG=None TEST=https_proxy=blah cros_sdk -- bash -c 'echo $https_proxy' TEST=build_packages behind a proxy. TEST=cros_sdk --replace && \ RSYNC_PROXY=blah cros_sdk -- bash -c 'echo $RSYNC_PROXY' Change-Id: I3165882dfd9c8b52d25c2b26d7ff9242c84c91bd Reviewed-on: https://gerrit.chromium.org/gerrit/31185 Tested-by: Brian Harring <ferringb@chromium.org> Reviewed-by: Josh Triplett <josh@joshtriplett.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Commit-Ready: Josh Triplett <josh@joshtriplett.org>
2025-12-17 07:11:36 +01:00 · 2012-08-23 07:35:43 -07:00 · 2012-08-23 07:35:43 -07:00 · 06d3c2e20b
commit 06d3c2e20b
parent 305e1361f7
5 changed files with 78 additions and 40 deletions
--- a/chroot_version_hooks.d/45_rewrite_sudoers.d
+++ b/chroot_version_hooks.d/45_rewrite_sudoers.d
@ -0,0 +1,41 @@
 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 # Note that this script is invoked by make_chroot in addition
 # to normal upgrade pathways.
 if [ "$(id -u)" != 0 ]; then
  # Note that since we're screwing w/ sudo variables, this script
  # explicitly bounces up to root for everything it does- that way
  # if anyone introduces a temp depriving in the sudo setup, it can't break
  # mid upgrade.
  exec sudo bash -e "${VERSION_HOOKS_DIR}/45_rewrite_sudoers.d" \
    / "${USER}" "${ENVIRONMENT_WHITELIST[@]}"
  exit 1
 fi
 # Reaching here means we're root.
 if [ $# -lt 2 ]; then
  echo "Invoked with wrong number of args; expected root USER [variables]*"
  exit 1
 fi
 root=$1
 username=$2
 shift
 shift
 set -- "${@}" CROS_WORKON_SRCROOT PORTAGE_USERNAME
 cat > "${root}/etc/sudoers.d/90_cros" <<EOF
 Defaults env_keep += "${*}"
 %adm ALL=(ALL) ALL
 root ALL=(ALL) ALL
 ${username} ALL=NOPASSWD: ALL
 EOF
 chmod 0440 "${root}/etc/sudoers.d/90_cros"
 chown root:root "${root}/etc/sudoers.d/90_cros"
 exit 0
--- a/common.sh
+++ b/common.sh
@ -299,6 +299,20 @@ DEFAULT_FAST=${FLAGS_TRUE}
 # Directory to store built images.  Should be set by sourcing script when used.
 BUILD_DIR=
 # List of variables to proxy into the chroot from the host, and to
 # have sudo export if existent.
 # Anytime this list is modified, to make that change active a new
 # chroot_version_hooks.d upgrade script that symlinks to 45_rewrite_sudoers.d
 # is required.
 ENVIRONMENT_WHITELIST=(
  CHROMEOS_OFFICIAL
  {http{,s},ftp,all,no}_proxy
  RSYNC_PROXY
  GIT_{PROXY_COMMAND,SSH}
  SSH_AGENT_PID
  SSH_AUTH_SOCK
 )
 # Standard filenames
 CHROMEOS_BASE_IMAGE_NAME="chromiumos_base_image.bin"
 CHROMEOS_IMAGE_NAME="chromiumos_image.bin"
--- a/17
+++ b/17
@ -25,7 +25,7 @@ DEFINE_boolean skipfirst "${FLAGS_FALSE}" \
 FLAGS "$@" || exit 1
 VERSION_FILE=/etc/cros_chroot_version
-UPGRADE_D="$(dirname ${0})/chroot_version_hooks.d"
+VERSION_HOOKS_DIR="$(dirname "$(readlink -f "${0}")")/chroot_version_hooks.d"
 update_version() {
  sudo touch ${VERSION_FILE}
@ -55,9 +55,8 @@ fi
 # Versions must be -n sorted, that is, the first continuous sequence
 # of numbers is what counts. 12_ is before 111_, etc.
 LATEST_VERSION=$(
-  ls "${UPGRADE_D}" | grep "^[0-9]*_" | \
+  cd "${VERSION_HOOKS_DIR}"
-  sort -n | tail -n 1 | cut -f1 -d'_'
+  ls [0-9]*_* | cut -d_ -f1 | sort -rn | head -n1)
 )
 if [ "${FLAGS_force_latest}" == "${FLAGS_TRUE}" ]; then
  update_version "${LATEST_VERSION}"
@ -71,7 +70,7 @@ if ! [ -f "${VERSION_FILE}" ]; then
  update_version 0
 fi
-CHROOT_VERSION=$(cat "${VERSION_FILE}")
+CHROOT_VERSION=$(<"${VERSION_FILE}")
 # Check if version is a number.
 if ! [ "${CHROOT_VERSION}" -ge "0" ] &> /dev/null; then
  error "Your chroot version file ${VERSION_FILE} is bogus: ${CHROOT_VERSION}"
@ -108,7 +107,7 @@ fi
 if [ "${LATEST_VERSION}" -gt "${CHROOT_VERSION}" ]; then
  info "Old chroot version (${CHROOT_VERSION}) found, running upgrade hooks"
-  pushd "${UPGRADE_D}" 1> /dev/null
+  pushd "${VERSION_HOOKS_DIR}" 1> /dev/null
  for n in $(seq "$(expr ${CHROOT_VERSION} + 1)" "${LATEST_VERSION}"); do
    hook=(${n}_*)
@ -138,9 +137,9 @@ if [ "${LATEST_VERSION}" -gt "${CHROOT_VERSION}" ]; then
    # NOTE: We source the upgrade scripts because:
    # 1) We can impose set -something on them.
    # 2) They can reuse local variables and functions (fe. from common.sh)
-    # Side effect is that the scripts have to be internally enclosed in
+    # 3) They're allowed to use VERSION_HOOKS_DIR and VERSION_FILE.
-    # a code block, otherwise simply running "exit" in any of them would
+    # Note that the upgrade scripts have to be subshelled to protect ourselves,
-    # terminate the master script, so we call it in a subshell.
+    # else a script running exit would stop the upgrade process entirely.
    if ! ( source ${hook} ); then
      error "Fatal: failed to upgrade ${n}!"
      exit 1
--- a/sdk_lib/enter_chroot.sh
+++ b/sdk_lib/enter_chroot.sh
@ -570,30 +570,20 @@ setup_env
 CHROOT_PASSTHRU=(
  "BUILDBOT_BUILD=$FLAGS_build_number"
  "CHROMEOS_OFFICIAL=$CHROMEOS_OFFICIAL"
  "CHROMEOS_RELEASE_APPID=${CHROMEOS_RELEASE_APPID:-{DEV-BUILD}}"
  # Set CHROMEOS_VERSION_TRACK, CHROMEOS_VERSION_AUSERVER,
  # CHROMEOS_VERSION_DEVSERVER as environment variables to override the default
  # assumptions (local AU server). These are used in cros_set_lsb_release, and
  # are used by external Chromium OS builders.
  "CHROMEOS_VERSION_TRACK=${CHROMEOS_VERSION_TRACK}"
  "CHROMEOS_VERSION_AUSERVER=${CHROMEOS_VERSION_AUSERVER}"
  "CHROMEOS_VERSION_DEVSERVER=${CHROMEOS_VERSION_DEVSERVER}"
  "EXTERNAL_TRUNK_PATH=${FLAGS_trunk}"
  "SSH_AGENT_PID=${SSH_AGENT_PID}"
  "SSH_AUTH_SOCK=${SSH_AUTH_SOCK}"
 )
-# Some vars we want to keep.
+# Add the standard proxied variables, and a few we specifically
-KEEP_VARS="USE GCC_GITHASH"
+# export for script usage; USE/GCC_GITHASH are for ebuilds/portage,
-# Pass proxy variables into the environment.
+# CHROMEOS_VERSION_* is for cros_set_lsb_release and local AU server
-PROXY_VARS="http_proxy ftp_proxy all_proxy GIT_PROXY_COMMAND GIT_SSH"
+# (builders export this for marking reasons).
-for type in ${KEEP_VARS} ${PROXY_VARS}; do
+KEEP_VARS=(
-  if [ -n "${!type}" ]; then
+  CHROMEOS_VERSION_{TRACK,AUSERVER,DEVSERVER}
-    CHROOT_PASSTHRU+=( "${type}=${!type}" )
+  USE GCC_GITHASH
-  fi
+)
 for var in "${ENVIRONMENT_WHITELIST[@]}" "${KEEP_VARS[@]}"; do
  [ "${!var+set}" = "set" ] && CHROOT_PASSTHRU+=( "${var}=${!var}" )
 done
 # Run command or interactive shell.  Also include the non-chrooted path to
--- a/sdk_lib/make_chroot.sh
+++ b/sdk_lib/make_chroot.sh
@ -172,17 +172,11 @@ init_setup () {
   # the user's already typed in one sudo password...)
   # Make sure the sudoers.d subdir exists as older stage3 base images lack it.
   sudo mkdir -p "${FLAGS_chroot}/etc/sudoers.d"
-   sudo_clobber "${FLAGS_chroot}/etc/sudoers.d/90_cros" <<EOF
+
-Defaults env_keep += CROS_WORKON_SRCROOT
+   # Use the standardized upgrade script to setup proxied vars.
-Defaults env_keep += CHROMEOS_OFFICIAL
+   sudo bash -e "${SCRIPT_ROOT}/chroot_version_hooks.d/45_rewrite_sudoers.d" \
-Defaults env_keep += PORTAGE_USERNAME
+     "${FLAGS_chroot}" "${USER}" "${ENVIRONMENT_WHITELIST[@]}"
-Defaults env_keep += http_proxy
+
 Defaults env_keep += ftp_proxy
 Defaults env_keep += all_proxy
 %adm ALL=(ALL) ALL
 root ALL=(ALL) ALL
 $USER ALL=NOPASSWD: ALL
 EOF
   sudo find "${FLAGS_chroot}/etc/"sudoers* -type f -exec chmod 0440 {} +
   # Fix bad group for some.
   sudo chown -R root:root "${FLAGS_chroot}/etc/"sudoers*