From 796be0a520efa832a44fab084041098c014bc027 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Tue, 27 May 2014 16:53:06 -0700
Subject: [PATCH 1/3] fix(sdk_lib): Test for host file existence before
 copying.

The main case here is /etc/hosts does not exist on CoreOS. In the
process combine related and duplicate code. Setting the timezone now
happens in entire_chroot like hosts and resolv.conf. Don't bother with
setting a default UTC time zone, that is already the default.
---
 sdk_lib/enter_chroot.sh | 10 +++++++---
 sdk_lib/make_chroot.sh  | 13 -------------
 2 files changed, 7 insertions(+), 16 deletions(-)

diff --git a/sdk_lib/enter_chroot.sh b/sdk_lib/enter_chroot.sh
index 3f5409f64d..d39b5f4f94 100755
--- a/sdk_lib/enter_chroot.sh
+++ b/sdk_lib/enter_chroot.sh
@@ -236,9 +236,13 @@ setup_env() {
     # Make the lockfile writable for backwards compatibility.
     chown ${SUDO_UID}:${SUDO_GID} "${LOCKFILE}"
 
-    # Refresh /etc/resolv.conf and /etc/hosts in the chroot.
-    install -C -m644 /etc/resolv.conf ${FLAGS_chroot}/etc/resolv.conf
-    install -C -m644 /etc/hosts ${FLAGS_chroot}/etc/hosts
+    # Refresh system config files in the chroot.
+    for copy_file in /etc/{hosts,localtime,resolv.conf}; do
+      if [ -f "${copy_file}" ] ; then
+        rm -f "${FLAGS_chroot}${copy_file}"
+        install -C -m644 "${copy_file}" "${FLAGS_chroot}${copy_file}"
+      fi
+    done
 
     debug "Mounting chroot environment."
     MOUNT_CACHE=$(echo $(awk '{print $2}' /proc/mounts))
diff --git a/sdk_lib/make_chroot.sh b/sdk_lib/make_chroot.sh
index 5c930d87b0..bc9fade881 100755
--- a/sdk_lib/make_chroot.sh
+++ b/sdk_lib/make_chroot.sh
@@ -182,19 +182,6 @@ EOF
    # Fix bad group for some.
    chown -R root:root "${FLAGS_chroot}/etc/"sudoers*
 
-   info "Setting timezone..."
-   rm -f "${FLAGS_chroot}/etc/localtime"
-   if [ -f /etc/localtime ] ; then
-     cp /etc/localtime "${FLAGS_chroot}/etc"
-   else
-     ln -sf /usr/share/zoneinfo/UTC "${FLAGS_chroot}/etc/localtime"
-   fi
-
-   info "Setting up hosts/resolv..."
-   # Copy config from outside chroot into chroot.
-   cp /etc/{hosts,resolv.conf} "$FLAGS_chroot/etc/"
-   chmod 0644 "$FLAGS_chroot"/etc/{hosts,resolv.conf}
-
    # Create directories referred to by our conf files.
    mkdir -p -m 775 "${FLAGS_chroot}/var/lib/portage/pkgs" \
      "${FLAGS_chroot}/var/cache/"chromeos-{cache,chrome} \

From f2f74b34235cae496982a2a05a1f895c4e99a85b Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Tue, 27 May 2014 17:32:58 -0700
Subject: [PATCH 2/3] fix(sdk_lib): Clean up ssh file copying

- Don't copy known_hosts if it doesn't exist.
- Don't bother with copying *.pub, not sure what that was for.
- Don't rewrite .ssh/config to remove internal Google ssh options.
---
 sdk_lib/enter_chroot.sh | 52 +++--------------------------------------
 1 file changed, 3 insertions(+), 49 deletions(-)

diff --git a/sdk_lib/enter_chroot.sh b/sdk_lib/enter_chroot.sh
index d39b5f4f94..8c3ab0cb1c 100755
--- a/sdk_lib/enter_chroot.sh
+++ b/sdk_lib/enter_chroot.sh
@@ -85,6 +85,8 @@ FILES_TO_COPY_TO_CHROOT=(
   .netrc                      # May contain required source fetching credentials
   .boto                       # Auth information for gsutil
   .boto-key.p12               # Service account key for gsutil
+  .ssh/config                 # User may need this for fetching git over ssh
+  .ssh/known_hosts            # Reuse existing known hosts
 )
 
 INNER_CHROME_ROOT=$FLAGS_chrome_root_mount  # inside chroot
@@ -128,41 +130,6 @@ setup_mount() {
   esac
 }
 
-copy_ssh_config() {
-  # Copy user .ssh/config into the chroot filtering out strings not supported
-  # by the chroot ssh. The chroot .ssh directory is passed in as the first
-  # parameter.
-
-  # ssh options to filter out. The entire strings containing these substrings
-  # will be deleted before copying.
-  local bad_options=(
-    'UseProxyIf'
-    'GSSAPIAuthentication'
-    'GSSAPIKeyExchange'
-    'ProxyUseFdpass'
-  )
-  local sshc="${SUDO_HOME}/.ssh/config"
-  local chroot_ssh_dir="${1}"
-  local filter
-  local option
-
-  if ! user_cp "${sshc}" "${chroot_ssh_dir}/config.orig" 2>/dev/null; then
-    return # Nothing to copy.
-  fi
-
-  for option in "${bad_options[@]}"
-  do
-    if [ -z "${filter}" ]; then
-      filter="${option}"
-    else
-      filter+="\\|${option}"
-    fi
-  done
-
-  sed "/^.*\(${filter}\).*$/d" "${chroot_ssh_dir}/config.orig" | \
-    user_clobber "${chroot_ssh_dir}/config"
-}
-
 copy_into_chroot_if_exists() {
   # $1 is file path outside of chroot to copy to path $2 inside chroot.
   [ -e "$1" ] && cp -p "$1" "${FLAGS_chroot}/$2"
@@ -334,25 +301,12 @@ setup_env() {
       chmod 0644 "${p}"
     fi
 
+    user_mkdir "${FLAGS_chroot}/home/${SUDO_USER}/.ssh"
     if [ $FLAGS_ssh_agent -eq $FLAGS_TRUE ]; then
       # Clean up previous ssh agents.
       rmdir "${FLAGS_chroot}"/tmp/ssh-* 2>/dev/null
 
       if [ -n "${SSH_AUTH_SOCK}" -a -d "${SUDO_HOME}/.ssh" ]; then
-        TARGET_DIR="${FLAGS_chroot}/home/${SUDO_USER}/.ssh"
-        user_mkdir "${TARGET_DIR}"
-        (
-          # Only copy ~/.ssh/{known_hosts,*.pub} if they exist. Since we set
-          # nullglob, this needs to happen within a subshell.
-          shopt -s nullglob
-          files=("${SUDO_HOME}"/.ssh/{known_hosts,*.pub})
-          if [[ ${#files[@]} -gt 0 ]]; then
-            user_cp "${files[@]}" "${TARGET_DIR}/"
-          fi
-        )
-        copy_ssh_config "${TARGET_DIR}"
-        chown -R ${SUDO_UID}:${SUDO_GID} "${TARGET_DIR}"
-
         # Don't try to bind mount the ssh agent dir if it has gone stale.
         ASOCK=${SSH_AUTH_SOCK%/*}
         if [ -d "${ASOCK}" ]; then

From 18d796ff3eb18a0c1e74ff145041d416697b18a0 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Tue, 27 May 2014 19:26:34 -0700
Subject: [PATCH 3/3] fix(sdk-lib): Mount a fresh /run directory.

There is no need to arbitrarily bind mount all of the host system's /run
into the chroot. In fact this causes issues when the host system's /run
isn't set up in a way this script anticipates. Namely the user runtime
directory in /run/usr/$UID is another tmpfs mount on my system, leaving
the underlying directory node that is bind-mounted in with the wrong
ownership. Behave a little more like a responsible container and use a
fresh /run but continue binding /run/shm for whatever versions of Ubuntu
that depended on that behavior. Not strictly needed but go ahead and
create the user runtime directory with the correct permissions.
---
 sdk_lib/enter_chroot.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/sdk_lib/enter_chroot.sh b/sdk_lib/enter_chroot.sh
index 8c3ab0cb1c..3353b40939 100755
--- a/sdk_lib/enter_chroot.sh
+++ b/sdk_lib/enter_chroot.sh
@@ -223,12 +223,12 @@ setup_env() {
     setup_mount none "-t sysfs" /sys
     setup_mount /dev "--bind" /dev
     setup_mount /dev/pts "--bind" /dev/pts
-    if [[ -d /run ]]; then
-      setup_mount /run "--bind" /run
-      if [[ -d /run/shm && ! -L /run/shm ]]; then
-        setup_mount /run/shm "--bind" /run/shm
-      fi
+    setup_mount tmpfs "-t tmpfs -o nosuid,nodev,mode=755" /run
+    if [[ -d /run/shm && ! -L /run/shm ]]; then
+      setup_mount /run/shm "--bind" /run/shm
     fi
+    mkdir -p /run/user/${SUDO_UID}
+    chown ${SUDO_UID}:${SUDO_GID} /run/user/${SUDO_UID}
 
     # Do this early as it's slow and only needs basic mounts (above).
     generate_locales &