diff --git a/build_docker_aci b/build_docker_aci index 22207690f4..b62648608a 100755 --- a/build_docker_aci +++ b/build_docker_aci @@ -11,7 +11,7 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0")) . "${SCRIPT_ROOT}/common.sh" || exit 1 # Script must run inside the chroot -restart_in_chroot_if_needed "$@" +assert_inside_chroot assert_not_root_user diff --git a/build_image b/build_image index 285d113e3e..640a92f2b5 100755 --- a/build_image +++ b/build_image @@ -13,7 +13,7 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0")) . "${SCRIPT_ROOT}/common.sh" || exit 1 # Script must run inside the chroot -restart_in_chroot_if_needed "$@" +assert_inside_chroot assert_not_root_user diff --git a/build_oem_aci b/build_oem_aci index dd6325d48f..d2fbe19a46 100755 --- a/build_oem_aci +++ b/build_oem_aci @@ -11,7 +11,7 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0")) . "${SCRIPT_ROOT}/common.sh" || exit 1 # Script must run inside the chroot -restart_in_chroot_if_needed "$@" +assert_inside_chroot assert_not_root_user diff --git a/build_packages b/build_packages index f869bd45ad..58949b9853 100755 --- a/build_packages +++ b/build_packages @@ -7,7 +7,7 @@ . "$(dirname "$0")/common.sh" || exit 1 # Script must run inside the chroot -restart_in_chroot_if_needed "$@" +assert_inside_chroot assert_not_root_user @@ -86,8 +86,6 @@ fi check_gsutil_opts -CHROMITE_BIN="${GCLIENT_ROOT}/chromite/bin" - # Before we can run any tools, we need to update chroot or setup_board. UPDATE_ARGS=( --regen_configs ) if [ "${FLAGS_usepkg}" -eq "${FLAGS_TRUE}" ]; then @@ -170,8 +168,7 @@ fi # Build cros_workon packages when they are changed. CROS_WORKON_PKGS=() if [ "${FLAGS_workon}" -eq "${FLAGS_TRUE}" ]; then - LIST_MODIFIED_PACKAGES="${CHROMITE_BIN}/cros_list_modified_packages" - CROS_WORKON_PKGS+=( $("${LIST_MODIFIED_PACKAGES}" --board=${FLAGS_board}) ) + CROS_WORKON_PKGS+=( $(cros_workon list --board=${FLAGS_board}) ) fi if [[ ${#CROS_WORKON_PKGS[@]} -gt 0 ]]; then diff --git a/build_torcx_store b/build_torcx_store index ede3c43067..73532ae40c 100755 --- a/build_torcx_store +++ b/build_torcx_store @@ -7,7 +7,7 @@ . "$(dirname "$0")/common.sh" || exit 1 # Script must run inside the chroot -restart_in_chroot_if_needed "$@" +assert_inside_chroot assert_not_root_user diff --git a/common.sh b/common.sh index aad6e75c25..58274d6007 100644 --- a/common.sh +++ b/common.sh @@ -417,16 +417,6 @@ warn_if_nfs() { fi } -# Enter a chroot and restart the current script if needed -restart_in_chroot_if_needed() { - # NB: Pass in ARGV: restart_in_chroot_if_needed "$@" - if [[ ${INSIDE_CHROOT} -ne 1 ]]; then - # Get inside_chroot path for script. - local chroot_path="$(reinterpret_path_for_chroot "$0")" - exec ${GCLIENT_ROOT}/chromite/bin/cros_sdk -- "${chroot_path}" "$@" - fi -} - # Fail unless we're inside the chroot. This guards against messing up your # workstation. assert_inside_chroot() { @@ -873,72 +863,6 @@ assert_interactive() { fi } -# Selection menu with a default option: this is similar to bash's select -# built-in, only that in case of an empty selection it'll return the default -# choice. Like select, it uses PS3 as the prompt. -# -# $1: name of variable to be assigned the selected value; it better not be of -# the form choose_foo to avoid conflict with local variables. -# $2: default value to return in case of an empty user entry. -# $3: value to return in case of an invalid choice. -# $...: options for selection. -# -# Usage example: -# -# PS3="Select one [1]: " -# choose reply "foo" "ERROR" "foo" "bar" "foobar" -# -# This will present the following menu and prompt: -# -# 1) foo -# 2) bar -# 3) foobar -# Select one [1]: -# -# The return value will be stored in a variable named 'reply'. If the input is -# 1, 2 or 3, the return value will be "foo", "bar" or "foobar", respectively. -# If it is empty (i.e. the user clicked Enter) it will be "foo". Anything else -# will return "ERROR". -choose() { - typeset -i choose_i=1 - - # Retrieve output variable name and default return value. - local choose_reply=$1 - local choose_default=$2 - local choose_invalid=$3 - shift 3 - - # Select a return value - unset REPLY - if [[ $# -gt 0 ]]; then - assert_interactive - - # Actual options provided, present a menu and prompt for a choice. - local choose_opt - for choose_opt in "$@"; do - echo "${choose_i}) ${choose_opt}" >&2 - : $(( ++choose_i )) - done - read -p "$PS3" - fi - # Filter out strings containing non-digits. - if [[ ${REPLY} != "${REPLY%%[!0-9]*}" ]]; then - REPLY=0 - fi - choose_i="${REPLY}" - - if [[ ${choose_i} -ge 1 && ${choose_i} -le $# ]]; then - # Valid choice, return the corresponding value. - eval ${choose_reply}=\""${!choose_i}"\" - elif [[ -z ${REPLY} ]]; then - # Empty choice, return default value. - eval ${choose_reply}=\""${choose_default}"\" - else - # Invalid choice, return corresponding value. - eval ${choose_reply}=\""${choose_invalid}\"" - fi -} - # Display --help if requested. This is used to hide options from help # that are not intended for developer use. # diff --git a/image_inject_bootchain b/image_inject_bootchain index ddd2de7c5e..a537242ba6 100755 --- a/image_inject_bootchain +++ b/image_inject_bootchain @@ -8,7 +8,7 @@ SCRIPT_ROOT=$(dirname "$(readlink -f "$0")") . "${SCRIPT_ROOT}/common.sh" || exit 1 # Script must run inside the chroot -restart_in_chroot_if_needed "$@" +assert_inside_chroot assert_not_root_user diff --git a/image_set_group b/image_set_group index 1db49e8341..d0e6701297 100755 --- a/image_set_group +++ b/image_set_group @@ -8,7 +8,7 @@ SCRIPT_ROOT=$(dirname "$(readlink -f "$0")") . "${SCRIPT_ROOT}/common.sh" || exit 1 # Script must run inside the chroot -restart_in_chroot_if_needed "$@" +assert_inside_chroot assert_not_root_user diff --git a/image_to_vm.sh b/image_to_vm.sh index b9ea8b5f87..d363897d7d 100755 --- a/image_to_vm.sh +++ b/image_to_vm.sh @@ -13,7 +13,7 @@ SCRIPT_ROOT=$(dirname "$(readlink -f "$0")") . "${SCRIPT_ROOT}/common.sh" || exit 1 # Script must run inside the chroot -restart_in_chroot_if_needed "$@" +assert_inside_chroot assert_not_root_user diff --git a/jenkins/images.sh b/jenkins/images.sh index 3a48624364..fbde85ffc2 100644 --- a/jenkins/images.sh +++ b/jenkins/images.sh @@ -10,7 +10,7 @@ enter() { sudo ln -f verify.asc chroot/etc/portage/gangue.asc && verify_key=--verify-key=/etc/portage/gangue.asc sudo ln -f "${GS_DEVEL_CREDS}" chroot/etc/portage/gangue.json - bin/cork enter --experimental -- env \ + bin/cork enter --bind-gpg-agent=false -- env \ COREOS_DEV_BUILDS="${DOWNLOAD_ROOT}" \ {FETCH,RESUME}COMMAND_GS="/usr/bin/gangue get \ --json-key=/etc/portage/gangue.json $verify_key \ diff --git a/jenkins/packages.sh b/jenkins/packages.sh index 70cf3fcd2b..cea5b5aee5 100644 --- a/jenkins/packages.sh +++ b/jenkins/packages.sh @@ -12,7 +12,7 @@ enter() { verify_key=--verify-key=/etc/portage/gangue.asc sudo ln -f "${GOOGLE_APPLICATION_CREDENTIALS}" \ chroot/etc/portage/gangue.json - bin/cork enter --experimental -- env \ + bin/cork enter --bind-gpg-agent=false -- env \ CCACHE_DIR=/mnt/host/source/.cache/ccache \ CCACHE_MAXSIZE=5G \ COREOS_DEV_BUILDS="${DOWNLOAD_ROOT}" \ diff --git a/jenkins/sdk.sh b/jenkins/sdk.sh index bdf5e60918..8437776a4e 100644 --- a/jenkins/sdk.sh +++ b/jenkins/sdk.sh @@ -1,7 +1,7 @@ #!/bin/bash -ex enter() { - bin/cork enter --experimental -- "$@" + bin/cork enter --bind-gpg-agent=false -- "$@" } source .repo/manifests/version.txt diff --git a/jenkins/toolchains.sh b/jenkins/toolchains.sh index a56ec9e867..e46ecf8c56 100644 --- a/jenkins/toolchains.sh +++ b/jenkins/toolchains.sh @@ -1,7 +1,7 @@ #!/bin/bash -ex enter() { - bin/cork enter --experimental -- "$@" + bin/cork enter --bind-gpg-agent=false -- "$@" } source .repo/manifests/version.txt diff --git a/jenkins/vm.sh b/jenkins/vm.sh index 2e56025783..2f9748dba1 100644 --- a/jenkins/vm.sh +++ b/jenkins/vm.sh @@ -10,7 +10,7 @@ enter() { sudo ln -f verify.asc chroot/etc/portage/gangue.asc && verify_key=--verify-key=/etc/portage/gangue.asc sudo ln -f "${GS_DEVEL_CREDS}" chroot/etc/portage/gangue.json - bin/cork enter --experimental -- env \ + bin/cork enter --bind-gpg-agent=false -- env \ COREOS_DEV_BUILDS="${GS_DEVEL_ROOT}" \ {FETCH,RESUME}COMMAND_GS="/usr/bin/gangue get \ --json-key=/etc/portage/gangue.json $verify_key \ diff --git a/kernel_menuconfig b/kernel_menuconfig index dfee89ef45..39da3e2127 100755 --- a/kernel_menuconfig +++ b/kernel_menuconfig @@ -8,7 +8,7 @@ SCRIPT_ROOT=$(dirname "$(readlink -f "$0")") . "${SCRIPT_ROOT}/common.sh" || exit 1 # Script must run inside the chroot -restart_in_chroot_if_needed "$@" +assert_inside_chroot assert_not_root_user diff --git a/rebuild_packages b/rebuild_packages index 39ea0349f5..e95040f6cc 100755 --- a/rebuild_packages +++ b/rebuild_packages @@ -8,7 +8,7 @@ SCRIPT_ROOT=$(dirname $(readlink -f "$0")) . "${SCRIPT_ROOT}/common.sh" || exit 1 # Script must run inside the chroot -restart_in_chroot_if_needed "$@" +assert_inside_chroot assert_not_root_user diff --git a/sdk_lib/enter_chroot.sh b/sdk_lib/enter_chroot.sh deleted file mode 100755 index 2cd4966ce0..0000000000 --- a/sdk_lib/enter_chroot.sh +++ /dev/null @@ -1,397 +0,0 @@ -#!/usr/bin/env bash - -# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -# Script to enter the chroot environment - -SCRIPT_ROOT=$(readlink -f $(dirname "$0")/..) -. "${SCRIPT_ROOT}/common.sh" || exit 1 - -# Script must be run outside the chroot and as root. -assert_outside_chroot -assert_root_user -assert_kernel_version - -# Define command line flags -# See http://code.google.com/p/shflags/wiki/Documentation10x -DEFINE_string chroot "$DEFAULT_CHROOT_DIR" \ - "The destination dir for the chroot environment." "d" -DEFINE_string trunk "$GCLIENT_ROOT" \ - "The source trunk to bind mount within the chroot." "s" -DEFINE_string build_number "" \ - "The build-bot build number (when called by buildbot only)." "b" -DEFINE_string chrome_root "" \ - "The root of your chrome browser source. Should contain a 'src' subdir." -DEFINE_string chrome_root_mount "/home/${SUDO_USER}/chrome_root" \ - "The mount point of the chrome broswer source in the chroot." -DEFINE_string cache_dir "" "unused" - -DEFINE_boolean official_build $FLAGS_FALSE \ - "Set COREOS_OFFICIAL=1 for release builds." -DEFINE_boolean ssh_agent $FLAGS_TRUE "Import ssh agent." -DEFINE_boolean early_make_chroot $FLAGS_FALSE \ - "Internal flag. If set, the command is run as root without sudo." -DEFINE_boolean verbose $FLAGS_FALSE "Print out actions taken" - -# More useful help -FLAGS_HELP="USAGE: $0 [flags] [VAR=value] [-- command [arg1] [arg2] ...] - -One or more VAR=value pairs can be specified to export variables into -the chroot environment. For example: - - $0 FOO=bar BAZ=bel - -If [-- command] is present, runs the command inside the chroot, -after changing directory to /${SUDO_USER}/trunk/src/scripts. Note that neither -the command nor args should include single quotes. For example: - - $0 -- ./build_platform_packages.sh - -Otherwise, provides an interactive shell. -" - -CROS_LOG_PREFIX=cros_sdk:enter_chroot -SUDO_HOME=$(eval echo ~${SUDO_USER}) - -# Version of info from common.sh that only echos if --verbose is set. -debug() { - if [ $FLAGS_verbose -eq $FLAGS_TRUE ]; then - info "$*" - fi -} - -# Parse command line flags -FLAGS "$@" || exit 1 -eval set -- "${FLAGS_ARGV}" - -if [ $FLAGS_official_build -eq $FLAGS_TRUE ]; then - COREOS_OFFICIAL=1 -fi - -# Only now can we die on error. shflags functions leak non-zero error codes, -# so will die prematurely if 'switch_to_strict_mode' is specified before now. -# TODO: replace shflags with something less error-prone, or contribute a fix. -switch_to_strict_mode - -# These config files are to be copied into chroot if they exist in home dir. -FILES_TO_COPY_TO_CHROOT=( - .gdata_cred.txt # User/password for Google Docs on chromium.org - .gdata_token # Auth token for Google Docs on chromium.org - .disable_build_stats_upload # Presence of file disables command stats upload - .netrc # May contain required source fetching credentials - .boto # Auth information for gsutil - .boto-key.p12 # Service account key for gsutil - .ssh/config # User may need this for fetching git over ssh - .ssh/known_hosts # Reuse existing known hosts -) - -INNER_CHROME_ROOT=$FLAGS_chrome_root_mount # inside chroot -CHROME_ROOT_CONFIG="/var/cache/chrome_root" # inside chroot -FUSE_DEVICE="/dev/fuse" - -# We can't use /var/lock because that might be a symlink to /run/lock outside -# of the chroot. Or /run on the host system might not exist. -LOCKFILE="${FLAGS_chroot}/.enter_chroot.lock" -MOUNTED_PATH=$(readlink -f "$FLAGS_chroot") - - -setup_mount() { - # If necessary, mount $source in the host FS at $target inside the - # chroot directory with $mount_args. We don't write to /etc/mtab because - # these mounts are all contained within an unshare and are therefore - # inaccessible to other namespaces (e.g. the host desktop system). - local source="$1" - local mount_args="-n $2" - local target="$3" - - local mounted_path="${MOUNTED_PATH}$target" - - case " ${MOUNT_CACHE} " in - *" ${mounted_path} "*) - # Already mounted! - ;; - *) - mkdir -p "${mounted_path}" - # The args are left unquoted on purpose. - if [[ -n ${source} ]]; then - mount ${mount_args} "${source}" "${mounted_path}" - else - mount ${mount_args} "${mounted_path}" - fi - ;; - esac -} - -copy_into_chroot_if_exists() { - # $1 is file path outside of chroot to copy to path $2 inside chroot. - [ -e "$1" ] && cp -p "$1" "${FLAGS_chroot}/$2" -} - -# Usage: promote_api_keys -# This takes care of getting the developer API keys into the chroot where -# chrome can build with them. It needs to take it from the places a dev -# is likely to put them, and recognize that older chroots may or may not -# have been used since the concept of keys got added, as well as before -# and after the developer decding to grab his own keys. -promote_api_keys() { - local destination="${FLAGS_chroot}/home/${SUDO_USER}/.googleapikeys" - # Don't disturb existing keys. They could be set differently - if [[ -s "${destination}" ]]; then - return 0 - fi - if [[ -r "${SUDO_HOME}/.googleapikeys" ]]; then - cp -p "${SUDO_HOME}/.googleapikeys" "${destination}" - if [[ -s "${destination}" ]] ; then - info "Copied Google API keys into chroot." - fi - elif [[ -r "${SUDO_HOME}/.gyp/include.gypi" ]]; then - local NAME="('google_(api_key|default_client_(id|secret))')" - local WS="[[:space:]]*" - local CONTENTS="('[^\\\\']*')" - sed -nr -e "/^${WS}${NAME}${WS}[:=]${WS}${CONTENTS}.*/{s//\1: \4,/;p;}" \ - "${SUDO_HOME}/.gyp/include.gypi" | user_clobber "${destination}" - if [[ -s "${destination}" ]]; then - info "Put discovered Google API keys into chroot." - fi - fi -} - -setup_env() { - ( - flock 200 - - # Make the lockfile writable for backwards compatibility. - chown ${SUDO_UID}:${SUDO_GID} "${LOCKFILE}" - - # Refresh system config files in the chroot. - for copy_file in /etc/{hosts,localtime,resolv.conf}; do - if [ -f "${copy_file}" ] ; then - rm -f "${FLAGS_chroot}${copy_file}" - install -C -m644 "${copy_file}" "${FLAGS_chroot}${copy_file}" - fi - done - - fix_mtab "${FLAGS_chroot}" - - debug "Mounting chroot environment." - MOUNT_CACHE=$(echo $(awk '{print $2}' /proc/mounts)) - - # The cros_sdk script created a new filesystem namespace but the system - # default (namely on systemd hosts) may be for everything to be shared. - # Using 'slave' means we see global changes but cannot change global state. - mount --make-rslave / - - # Make sure the new root directory itself is a mount point. Tools like - # unshare assume that things like `mount --make-rprivate /` work. - setup_mount "${MOUNTED_PATH}" "--rbind" / - - setup_mount none "-t proc" /proc - setup_mount none "-t sysfs" /sys - setup_mount /dev "--bind" /dev - setup_mount /dev/pts "--bind" /dev/pts - setup_mount tmpfs "-t tmpfs -o nosuid,nodev,mode=755" /run - if [[ -d /run/shm && ! -L /run/shm ]]; then - setup_mount /run/shm "--bind" /run/shm - fi - mkdir -p "${MOUNTED_PATH}/run/user/${SUDO_UID}" - chown ${SUDO_UID}:${SUDO_GID} "${MOUNTED_PATH}/run/user/${SUDO_UID}" - - mkdir -p "${FLAGS_chroot}/${CHROOT_TRUNK_DIR}" - setup_mount "${FLAGS_trunk}" "--rbind" "${CHROOT_TRUNK_DIR}" - - debug "Setting up referenced repositories if required." - REFERENCE_DIR=$(git config --file \ - "${FLAGS_trunk}/.repo/manifests.git/config" \ - repo.reference) - if [ -n "${REFERENCE_DIR}" ]; then - - ALTERNATES="${FLAGS_trunk}/.repo/alternates" - - # Ensure this directory exists ourselves, and has the correct ownership. - user_mkdir "${ALTERNATES}" - - unset ALTERNATES - - IFS=$'\n'; - required=( $( sudo -u "${SUDO_USER}" -- \ - "${FLAGS_trunk}/chromite/lib/rewrite_git_alternates.py" \ - "${FLAGS_trunk}" "${REFERENCE_DIR}" "${CHROOT_TRUNK_DIR}" ) ) - unset IFS - - setup_mount "${FLAGS_trunk}/.repo/chroot/alternates" --bind \ - "${CHROOT_TRUNK_DIR}/.repo/alternates" - - # Note that as we're bringing up each referened repo, we also - # mount bind an empty directory over its alternates. This is - # required to suppress git from tracing through it- we already - # specify the required alternates for CHROOT_TRUNK_DIR, no point - # in having git try recursing through each on their own. - # - # Finally note that if you're unfamiliar w/ chroot/vfs semantics, - # the bind is visible only w/in the chroot. - user_mkdir ${FLAGS_trunk}/.repo/chroot/empty - position=1 - for x in "${required[@]}"; do - base="${CHROOT_TRUNK_DIR}/.repo/chroot/external${position}" - setup_mount "${x}" "--bind" "${base}" - if [ -e "${x}/.repo/alternates" ]; then - setup_mount "${FLAGS_trunk}/.repo/chroot/empty" "--bind" \ - "${base}/.repo/alternates" - fi - position=$(( ${position} + 1 )) - done - unset required position base - fi - unset REFERENCE_DIR - - user_mkdir "${FLAGS_chroot}/home/${SUDO_USER}/.ssh" - if [ $FLAGS_ssh_agent -eq $FLAGS_TRUE ]; then - # Clean up previous ssh agents. - rmdir "${FLAGS_chroot}"/tmp/ssh-* 2>/dev/null - - if [ -n "${SSH_AUTH_SOCK}" -a -d "${SUDO_HOME}/.ssh" ]; then - # Don't try to bind mount the ssh agent dir if it has gone stale. - ASOCK=${SSH_AUTH_SOCK%/*} - if [ -d "${ASOCK}" ]; then - setup_mount "${ASOCK}" "--bind" "${ASOCK}" - fi - fi - fi - - # Mount GnuPG's data directory for signing uploads - : ${GNUPGHOME:="$SUDO_HOME/.gnupg"} - if [[ -d "${GNUPGHOME}" ]]; then - debug "Mounting GnuPG" - setup_mount "${GNUPGHOME}" "--bind" "/home/${SUDO_USER}/.gnupg" - - # bind mount the gpg agent dir if available - GPG_AGENT_DIR="${GPG_AGENT_INFO%/*}" - if [[ -d "$GPG_AGENT_DIR" ]]; then - setup_mount "$GPG_AGENT_DIR" "--bind" "$GPG_AGENT_DIR" - fi - fi - unset GNUPGHOME - - # Mount additional directories as specified in .local_mounts file. - local local_mounts="${FLAGS_trunk}/src/scripts/.local_mounts" - if [[ -f ${local_mounts} ]]; then - info "Mounting local folders (read-only for safety concern)" - # format: mount_source - # or mount_source mount_point - # or # comments - local mount_source mount_point - while read mount_source mount_point; do - if [[ -z ${mount_source} ]]; then - continue - fi - # if only source is assigned, use source as mount point. - : ${mount_point:=${mount_source}} - debug " mounting ${mount_source} on ${mount_point}" - setup_mount "${mount_source}" "--bind" "${mount_point}" - # --bind can't initially be read-only so we have to do it via remount. - setup_mount "" "-o remount,ro" "${mount_point}" - done < <(sed -e 's:#.*::' "${local_mounts}") - fi - - CHROME_ROOT="$(readlink -f "$FLAGS_chrome_root" || :)" - if [ -z "$CHROME_ROOT" ]; then - CHROME_ROOT="$(cat "${FLAGS_chroot}${CHROME_ROOT_CONFIG}" \ - 2>/dev/null || :)" - CHROME_ROOT_AUTO=1 - fi - if [[ -n "$CHROME_ROOT" ]]; then - if [[ ! -d "${CHROME_ROOT}/src" ]]; then - error "Not mounting chrome source" - rm -f "${FLAGS_chroot}${CHROME_ROOT_CONFIG}" - if [[ ! "$CHROME_ROOT_AUTO" ]]; then - exit 1 - fi - else - debug "Mounting chrome source at: $INNER_CHROME_ROOT" - echo $CHROME_ROOT > "${FLAGS_chroot}${CHROME_ROOT_CONFIG}" - setup_mount "$CHROME_ROOT" --bind "$INNER_CHROME_ROOT" - fi - fi - - # Install fuse module. Skip modprobe when possible for slight - # speed increase when initializing the env. - if [ -c "${FUSE_DEVICE}" ] && ! grep -q fuse /proc/filesystems; then - modprobe fuse 2> /dev/null ||\ - warn "-- Note: modprobe fuse failed. gmergefs will not work" - fi - - # Certain files get copied into the chroot when entering. - for fn in "${FILES_TO_COPY_TO_CHROOT[@]}"; do - copy_into_chroot_if_exists "${SUDO_HOME}/${fn}" "/home/${SUDO_USER}/${fn}" - done - promote_api_keys - - # Fix permissions on shared memory to allow non-root users access to POSIX - # semaphores. - chmod -R 777 "${FLAGS_chroot}/dev/shm" - - # Have found a few chroots where ~/.gsutil is owned by root:root, probably - # as a result of old gsutil or tools. This causes permission errors when - # gsutil cp tries to create its cache files, so ensure the user can - # actually write to their directory. - gsutil_dir="${FLAGS_chroot}/home/${SUDO_USER}/.gsutil" - if [ -d "${gsutil_dir}" ]; then - chown -R ${SUDO_UID}:${SUDO_GID} "${gsutil_dir}" - fi - - # The SDK should track mantle's master branch by default. - workon_dir="${FLAGS_trunk}/.config/cros_workon" - if [ ! -e "${workon_dir}" ]; then - mkdir -p "${workon_dir}" - echo '=coreos-devel/mantle-9999' > "${workon_dir}/host" - echo ' "${workon_dir}/host.mask" - chown -R ${SUDO_UID}:${SUDO_GID} "${FLAGS_trunk}/.config" - fi - ) 200>>"$LOCKFILE" || die "setup_env failed" -} - -setup_env - -CHROOT_PASSTHRU=( - "BUILDBOT_BUILD=$FLAGS_build_number" - "CHROMEOS_RELEASE_APPID=${CHROMEOS_RELEASE_APPID:-{DEV-BUILD}}" - "EXTERNAL_TRUNK_PATH=${FLAGS_trunk}" -) - -# Add the whitelisted environment variables to CHROOT_PASSTHRU. -load_environment_whitelist -for var in "${ENVIRONMENT_WHITELIST[@]}" ; do - # skip empty/unset values - [[ "${!var+set}" == "set" ]] || continue - # skip values that aren't actually exported - [[ $(declare -p "${var}") == "declare -x ${var}="* ]] || continue - CHROOT_PASSTHRU+=( "${var}=${!var}" ) -done - -# Set up GIT_PROXY_COMMAND so git:// URLs automatically work behind a proxy. -if [[ -n "${all_proxy}" || -n "${https_proxy}" || -n "${http_proxy}" ]]; then - CHROOT_PASSTHRU+=( - "GIT_PROXY_COMMAND=${CHROOT_TRUNK_DIR}/src/scripts/bin/proxy-gw" - ) -fi - -# Run command or interactive shell. Also include the non-chrooted path to -# the source trunk for scripts that may need to print it (e.g. -# build_image.sh). - -cmd=( /usr/bin/env PATH="/usr/sbin:/usr/bin:/sbin:/bin" LC_ALL=C ) -if [ $FLAGS_early_make_chroot -eq $FLAGS_TRUE ]; then - cmd+=( /bin/bash -l -c 'env "$@"' -- ) -elif [ ! -x "${FLAGS_chroot}/usr/bin/sudo" ]; then - # Complain that sudo is missing. - error "Failing since the chroot lacks sudo." - error "Requested enter_chroot command was: $@" - exit 127 -else - cmd+=( sudo -i -u "${SUDO_USER}" ) -fi - -cmd+=( "${CHROOT_PASSTHRU[@]}" "$@" ) -exec chroot "${FLAGS_chroot}" "${cmd[@]}" diff --git a/sdk_lib/make_chroot.sh b/sdk_lib/make_chroot.sh deleted file mode 100755 index 90db639017..0000000000 --- a/sdk_lib/make_chroot.sh +++ /dev/null @@ -1,311 +0,0 @@ -#!/usr/bin/env bash - -# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -# This script sets up a Gentoo chroot environment. The script is passed the -# path to an empty folder, which will be populated with a Gentoo stage3 and -# setup for development. Once created, the password is set to PASSWORD (below). -# One can enter the chrooted environment for work by running enter_chroot.sh. - -SCRIPT_ROOT=$(readlink -f $(dirname "$0")/..) -. "${SCRIPT_ROOT}/common.sh" || exit 1 - -ENTER_CHROOT=$(readlink -f $(dirname "$0")/enter_chroot.sh) - -if [ -n "${USE}" ]; then - echo "$SCRIPT_NAME: Building with a non-empty USE: ${USE}" - echo "This modifies the expected behaviour and can fail." -fi - -# Check if the host machine architecture is supported. -ARCHITECTURE="$(uname -m)" -if [[ "$ARCHITECTURE" != "x86_64" ]]; then - echo "$SCRIPT_NAME: $ARCHITECTURE is not supported as a host machine architecture." - exit 1 -fi - -# Script must be run outside the chroot and as root. -assert_outside_chroot -assert_root_user -assert_kernel_version - -# Define command line flags. -# See http://code.google.com/p/shflags/wiki/Documentation10x - -DEFINE_string chroot "$DEFAULT_CHROOT_DIR" \ - "Destination dir for the chroot environment." -DEFINE_boolean usepkg $FLAGS_TRUE "Use binary packages to bootstrap." -DEFINE_boolean getbinpkg $FLAGS_TRUE \ - "Download binary packages from remote repository." -DEFINE_boolean delete $FLAGS_FALSE "Delete an existing chroot." -DEFINE_boolean replace $FLAGS_FALSE "Overwrite existing chroot, if any." -DEFINE_integer jobs "${NUM_JOBS}" \ - "How many packages to build in parallel at maximum." -DEFINE_string stage3_path "" \ - "Use the stage3 located on this path." -DEFINE_string cache_dir "" "unused" - -# Parse command line flags. -FLAGS_HELP="usage: $SCRIPT_NAME [flags]" -FLAGS "$@" || exit 1 -eval set -- "${FLAGS_ARGV}" -check_flags_only_and_allow_null_arg "$@" && set -- - -CROS_LOG_PREFIX=cros_sdk:make_chroot -SUDO_HOME=$(eval echo ~${SUDO_USER}) - -# Set the right umask for chroot creation. -umask 022 - -# Only now can we die on error. shflags functions leak non-zero error codes, -# so will die prematurely if 'switch_to_strict_mode' is specified before now. -# TODO: replace shflags with something less error-prone, or contribute a fix. -switch_to_strict_mode - -ENTER_CHROOT_ARGS=( - CROS_WORKON_SRCROOT="$CHROOT_TRUNK" - PORTAGE_USERNAME="${SUDO_USER}" -) - -# Invoke enter_chroot. This can only be used after sudo has been installed. -enter_chroot() { - "$ENTER_CHROOT" --chroot "$FLAGS_chroot" -- "${ENTER_CHROOT_ARGS[@]}" "$@" -} - -# Invoke enter_chroot running the command as root, and w/out sudo. -# This should be used prior to sudo being merged. -early_enter_chroot() { - "$ENTER_CHROOT" --chroot "$FLAGS_chroot" --early_make_chroot \ - -- "${ENTER_CHROOT_ARGS[@]}" "$@" -} - -# Run a command within the chroot. The main usage of this is to avoid -# the overhead of enter_chroot, and do not need access to the source tree, -# don't need the actual chroot profile env, and can run the command as root. -bare_chroot() { - chroot "${FLAGS_chroot}" /usr/bin/env \ - PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \ - "$@" -} - -cleanup() { - # Clean up mounts - safe_umount_tree "${FLAGS_chroot}" -} - -delete_existing() { - # Delete old chroot dir. - if [[ ! -e "$FLAGS_chroot" ]]; then - return - fi - info "Cleaning up old mount points..." - cleanup - info "Deleting $FLAGS_chroot..." - rm -rf "$FLAGS_chroot" - info "Done." -} - -init_users () { - # make sure user/group database files exist - touch "${FLAGS_chroot}/etc/"{group,gshadow,passwd,shadow} - chmod 640 "${FLAGS_chroot}/etc/"{gshadow,shadow} - - # do nothing with the CoreOS system user - if [[ "${SUDO_USER}" == core ]]; then - return - fi - - local baselayout="${FLAGS_chroot}/usr/share/baselayout" - local full_name=$(getent passwd "${SUDO_USER}" | cut -d: -f5) - local group_name=$(getent group "${SUDO_GID}" | cut -d: -f1) - [[ -n "${group_name}" ]] || die "Looking up gid $SUDO_GID failed." - - if ! grep -q "^${group_name}:" "${baselayout}/group"; then - info "Adding group ${group_name}..." - bare_chroot groupadd -o -g "${SUDO_GID}" "${group_name}" - fi - - info "Adding user ${SUDO_USER}..." - bare_chroot useradd -o -g "${SUDO_GID}" -u "${SUDO_UID}" \ - -s /bin/bash -m -c "${full_name}" "${SUDO_USER}" - - # copy and update other system groups the developer should be in - local group - for group in kvm portage; do - grep "^${group}:" "${baselayout}/group" >> "${FLAGS_chroot}/etc/group" - bare_chroot gpasswd -a "${SUDO_USER}" "${group}" - done -} - -init_setup () { - info "Running init_setup()..." - # clean up old catalyst configs to avoid error from env-update - # TODO(marineam): remove repos.conf bit in a week or so - rm -f "${FLAGS_chroot}/etc/portage/make.conf" \ - "${FLAGS_chroot}/etc/portage/repos.conf/coreos.conf" - - # Set up sudoers. Inside the chroot, the user can sudo without a password. - # (Safe enough, since the only way into the chroot is to 'sudo chroot', so - # the user's already typed in one sudo password...) - # Setup proxied vars. - load_environment_whitelist - local extended_whitelist=( - "${ENVIRONMENT_WHITELIST[@]}" - CROS_WORKON_SRCROOT - PORTAGE_USERNAME - ) - - cat > "${FLAGS_chroot}/etc/sudoers.d/90_cros" < "${target}" -PATH=${CHROOT_TRUNK_DIR}/chromite/bin -ROOTPATH=${CHROOT_TRUNK_DIR}/chromite/bin -CROS_WORKON_SRCROOT="${CHROOT_TRUNK_DIR}" -PORTAGE_USERNAME=${SUDO_USER} -EOF - early_enter_chroot env-update - - # Add chromite into python path. - for python_path in "${FLAGS_chroot}/usr/lib/"python2.*; do - sudo mkdir -p "${python_path}" - sudo ln -s "${CHROOT_TRUNK_DIR}"/chromite "${python_path}" - done - - # Create ~/trunk symlink, it must point to CHROOT_TRUNK_DIR - ln -sfT "${CHROOT_TRUNK_DIR}" "$FLAGS_chroot/home/${SUDO_USER}/trunk" - - # Automatically change to scripts directory. - echo 'cd ${CHROOT_CWD:-~/trunk/src/scripts}' \ - | user_append "$FLAGS_chroot/home/${SUDO_USER}/.bash_profile" - - # Enable bash completion for build scripts. - echo ". ~/trunk/src/scripts/bash_completion" \ - | user_append "$FLAGS_chroot/home/${SUDO_USER}/.bashrc" - - if [[ -f ${SUDO_HOME}/.gitconfig ]]; then - # Copy .gitconfig into chroot so repo and git can be used from inside. - # This is required for repo to work since it validates the email address. - echo "Copying ~/.gitconfig into chroot" - user_cp "${SUDO_HOME}/.gitconfig" "$FLAGS_chroot/home/${SUDO_USER}/" - fi - - # If the user didn't set up their username in their gitconfig, look - # at the default git settings for the user. - if ! git config -f "${SUDO_HOME}/.gitconfig" user.email >& /dev/null; then - ident=$(cd /; sudo -u ${SUDO_USER} -- git var GIT_COMMITTER_IDENT || :) - ident_name=${ident%% <*} - ident_email=${ident%%>*}; ident_email=${ident_email##*<} - gitconfig=${FLAGS_chroot}/home/${SUDO_USER}/.gitconfig - git config -f ${gitconfig} --replace-all user.name "${ident_name}" || : - git config -f ${gitconfig} --replace-all user.email "${ident_email}" || : - chown ${SUDO_UID}:${SUDO_GID} ${FLAGS_chroot}/home/${SUDO_USER}/.gitconfig - fi - - if [[ -f ${SUDO_HOME}/.cros_chroot_init ]]; then - sudo -u ${SUDO_USER} -- /bin/bash "${SUDO_HOME}/.cros_chroot_init" \ - "${FLAGS_chroot}" - fi -} - -# Handle deleting an existing environment. -if [[ $FLAGS_delete -eq $FLAGS_TRUE || \ - $FLAGS_replace -eq $FLAGS_TRUE ]]; then - delete_existing - [[ $FLAGS_delete -eq $FLAGS_TRUE ]] && exit 0 -fi - -CHROOT_TRUNK="${CHROOT_TRUNK_DIR}" -PORTAGE_STABLE_OVERLAY="/usr/local/portage/stable" -CROSSDEV_OVERLAY="/usr/local/portage/crossdev" -CHROOT_OVERLAY="/usr/local/portage/coreos" -CHROOT_STATE="${FLAGS_chroot}/etc/debian_chroot" - -# Pass proxy variables into the environment. -for type in http ftp all; do - value=$(env | grep ${type}_proxy || true) - if [ -n "${value}" ]; then - CHROOT_PASSTHRU+=("$value") - fi -done - -if [ ! -f "${FLAGS_stage3_path}" ]; then - error "Invalid stage3!" - exit 1; -fi -STAGE3="${FLAGS_stage3_path}" - -# Create the destination directory. -mkdir -p "$FLAGS_chroot" - -echo -if [ -f $CHROOT_STATE ] -then - info "STAGE3 already set up. Skipping..." -else - info "Unpacking STAGE3..." - case ${STAGE3} in - *.tbz2|*.tar.bz2) DECOMPRESS=$(type -p lbzip2 || echo bzip2) ;; - *.tar.xz) DECOMPRESS="xz" ;; - *) die "Unknown tarball compression: ${STAGE3}";; - esac - ${DECOMPRESS} -dc "${STAGE3}" | \ - tar -xp -C "${FLAGS_chroot}" - rm -f "$FLAGS_chroot/etc/"make.{globals,conf.user} - - # Set up users, if needed, before mkdir/mounts below. - init_users - - # Run all the init stuff to setup the env. - init_setup -fi - -# Add file to indicate that it is a chroot. -echo STAGE3=$STAGE3 > $CHROOT_STATE - -# Update chroot. -UPDATE_ARGS=() -if [[ ${FLAGS_usepkg} -eq ${FLAGS_TRUE} ]]; then - UPDATE_ARGS+=( --usepkg ) - if [[ ${FLAGS_getbinpkg} -eq ${FLAGS_TRUE} ]]; then - UPDATE_ARGS+=( --getbinpkg ) - else - UPDATE_ARGS+=( --nogetbinpkg ) - fi -else - UPDATE_ARGS+=( --nousepkg ) -fi -if [[ "${FLAGS_jobs}" -ne -1 ]]; then - UPDATE_ARGS+=( --jobs=${FLAGS_jobs} ) -fi -enter_chroot "${CHROOT_TRUNK_DIR}/src/scripts/update_chroot" "${UPDATE_ARGS[@]}" - -CHROOT_EXAMPLE_OPT="" -if [[ "$FLAGS_chroot" != "$DEFAULT_CHROOT_DIR" ]]; then - CHROOT_EXAMPLE_OPT="--chroot=$FLAGS_chroot" -fi - -command_completed - -cat <