diff options
| -rw-r--r-- | build-pkg-deb | 29 | ||||
| -rw-r--r-- | build-recipe-debootstrap | 8 | ||||
| -rw-r--r-- | build-recipe-dsc | 20 | ||||
| -rw-r--r-- | debian/changelog | 11 | ||||
| -rw-r--r-- | debian/patches/0017-Consistently-use-deb_chroot-instead-of-chroot-where-.patch | 153 | ||||
| -rw-r--r-- | debian/patches/0018-Escape-arguments-properly-to-avoid-leaking-spaces.patch | 28 | ||||
| -rw-r--r-- | debian/patches/0019-Wrap-chroot-su-in-a-function-to-consistently-set-up-.patch | 110 | ||||
| -rw-r--r-- | debian/patches/series | 3 |
8 files changed, 343 insertions, 19 deletions
diff --git a/build-pkg-deb b/build-pkg-deb index 9467f46..b4deceb 100644 --- a/build-pkg-deb +++ b/build-pkg-deb @@ -34,12 +34,31 @@ deb_chroot () # when doing a 'chroot /' call lets subshell and change dir manually # ( - cd $1 && + cd "$1" && DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical \ DEBCONF_NONINTERACTIVE_SEEN=true \ LC_ALL=C.UTF-8 LANGUAGE=C.UTF-8 LANG=C.UTF-8 \ TZ=UTC \ - chroot $* + chroot "$@" + ) +} + +# +# A wrapper around chroot + su to set the environment correctly for +# the build process +# +su_deb_chroot() +{ + dir="$1" + command="$2" + shift 2 + ( + cd "$dir" && + LC_ALL=C.UTF-8 LANGUAGE=C.UTF-8 LANG=C.UTF-8 \ + TZ=UTC \ + chroot "$dir" su - "$BUILD_USER" \ + -w "LC_ALL,LANGUAGE,LANG,TZ" \ + -c "$command" "$@" < /dev/null ) } @@ -71,14 +90,14 @@ pkg_initdb_deb() { cp $BUILD_ROOT/.init_b_cache/rpms/dpkg.deb $BUILD_ROOT/.init_b_cache/dpkg.deb || cleanup_and_exit 1 fi DEB_UNSAFE_IO= - chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 && DEB_UNSAFE_IO="--force-unsafe-io" + deb_chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 && DEB_UNSAFE_IO="--force-unsafe-io" deb_chroot $BUILD_ROOT dpkg --install $DEB_UNSAFE_IO --force-depends .init_b_cache/dpkg.deb >/dev/null 2>&1 } pkg_prepare_deb() { # test if dpkg knows --force-unsafe-io DEB_UNSAFE_IO= - chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 && DEB_UNSAFE_IO="--force-unsafe-io" + deb_chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 && DEB_UNSAFE_IO="--force-unsafe-io" } pkg_install_deb() { @@ -104,7 +123,7 @@ pkg_erase_deb() { while read line; do case "$line" in subprocess\ installed\ *script\ returned\ error\ exit\ status*) - chroot $BUILD_ROOT rm -f /var/lib/dpkg/info/$PKG.{pre,post}rm + deb_chroot $BUILD_ROOT rm -f /var/lib/dpkg/info/$PKG.{pre,post}rm retry=1 ;; *) echo "$line" ;; diff --git a/build-recipe-debootstrap b/build-recipe-debootstrap index 064be36..a5585d6 100644 --- a/build-recipe-debootstrap +++ b/build-recipe-debootstrap @@ -53,14 +53,14 @@ recipe_build_debootstrap() { done FULL_PKG_LIST="${FULL_PKG_LIST#,}" rm -rf "$BUILD_ROOT/$myroot" - if chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 ; then + if deb_chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 ; then mkdir -p "$BUILD_ROOT/$myroot/etc/dpkg/dpkg.cfg.d" echo force-unsafe-io > "$BUILD_ROOT/$myroot/etc/dpkg/dpkg.cfg.d/force-unsafe-io" fi - set -- chroot $BUILD_ROOT debootstrap --keep-debootstrap-dir --no-check-gpg --variant=buildd --arch="${arch}" --include="$FULL_PKG_LIST" "$dist" "$myroot" file:///.build.binaries + set -- deb_chroot $BUILD_ROOT debootstrap --keep-debootstrap-dir --no-check-gpg --variant=buildd --arch="${arch}" --include="$FULL_PKG_LIST" "$dist" "$myroot" file:///.build.binaries echo "running debootstrap:$(printf ' %q' "$@")..." - if ! "$@" || ! chroot $BUILD_ROOT dpkg --configure -a; then + if ! "$@" || ! deb_chroot $BUILD_ROOT dpkg --configure -a; then cat $BUILD_ROOT/$myroot/debootstrap/debootstrap.log cleanup_and_exit 1 "Failed to setup debootstrap chroot" fi @@ -91,7 +91,7 @@ recipe_build_debootstrap() { mkdir -p $BUILD_ROOT/$myroot/dev/shm mount -n -ttmpfs none $BUILD_ROOT/$myroot/dev/shm - chroot $BUILD_ROOT/$myroot apt-cache gencaches + deb_chroot $BUILD_ROOT/$myroot apt-cache gencaches if ! test -e $BUILD_ROOT/$myroot/etc/hosts ; then cp $BUILD_ROOT/etc/hosts $BUILD_ROOT/$myroot/etc/hosts diff --git a/build-recipe-dsc b/build-recipe-dsc index b6f998b..c14dbd4 100644 --- a/build-recipe-dsc +++ b/build-recipe-dsc @@ -67,7 +67,7 @@ recipe_prepare_dsc() { for DEB_DSCFILE in $BUILD_ROOT/$DEB_SOURCEDIR/*.dsc ; do : ; done DEB_DSCFILE="${DEB_DSCFILE##*/}" fi - chroot $BUILD_ROOT su -c "dpkg-source -x $DEB_SOURCEDIR/$DEB_DSCFILE $TOPDIR/BUILD" - $BUILD_USER + deb_chroot $BUILD_ROOT su -c "dpkg-source -x $DEB_SOURCEDIR/$DEB_DSCFILE $TOPDIR/BUILD" - $BUILD_USER # Alternative to debtransform: apply OBS release number if tag OBS-DCH-RELEASE is set. if test -z "$DEB_TRANSFORM" -a -n "$DEB_RELEASE"; then @@ -76,7 +76,7 @@ recipe_prepare_dsc() { else OBS_DCH_RELEASE="$DEB_RELEASE" fi - chroot $BUILD_ROOT su -c /bin/sh <<EOF + deb_chroot $BUILD_ROOT su -c /bin/sh <<EOF cd $TOPDIR/BUILD [ ! -f debian/changelog ] && exit 0 # avoid devscripts dependency and mimic dch @@ -111,22 +111,22 @@ dsc_build() { echo "==== Filesystems in build chroot ====" echo - chroot "$buildroot" su -c "cat /proc/self/mountinfo" - "$BUILD_USER" < /dev/null || true + su_deb_chroot "$buildroot" "cat /proc/self/mountinfo" || true echo echo "==== User identity in build chroot ====" echo - chroot "$buildroot" su -c "id" - "$BUILD_USER" < /dev/null || true + su_deb_chroot "$buildroot" "id" || true echo echo "==== Environment variables in build chroot ====" echo - chroot "$buildroot" su -c "env | LC_ALL=C sort -u" - "$BUILD_USER" < /dev/null || true + su_deb_chroot "$buildroot" "env | LC_ALL=C sort -u" || true echo echo "==== Packages installed in build chroot ====" echo - chroot "$buildroot" su -c "dpkg-query -W" - "$BUILD_USER" < /dev/null || true + su_deb_chroot "$buildroot" "dpkg-query -W" || true echo DSC_BUILD_OPTIONS= @@ -144,7 +144,7 @@ dsc_build() { chmod +x $buildroot/$TOPDIR/SOURCES/build.script fi - chroot $buildroot su -c "export DEB_BUILD_OPTIONS=${DSC_BUILD_OPTIONS} ; cd $TOPDIR/BUILD && $DSC_BUILD_CMD" - $BUILD_USER < /dev/null && BUILD_SUCCEEDED=true + su_deb_chroot $buildroot "export DEB_BUILD_OPTIONS=${DSC_BUILD_OPTIONS} ; cd $TOPDIR/BUILD && $DSC_BUILD_CMD" && BUILD_SUCCEEDED=true for changes in "$buildroot/$TOPDIR"/*.changes ; do echo @@ -168,9 +168,9 @@ dsc_build() { (*.deb|*.ddeb|*.udeb) echo "==== $f ====" echo - chroot "$buildroot" su -c "dpkg-deb --info $(printf '%q' "$TOPDIR/$f")" - "$BUILD_USER" < /dev/null || true + su_deb_chroot "$buildroot" "dpkg-deb --info $(printf '%q' "$TOPDIR/$f")" || true echo - chroot "$buildroot" su -c "dpkg-deb --contents $(printf '%q' "$TOPDIR/$f")" - "$BUILD_USER" < /dev/null || true + su_deb_chroot "$buildroot" "dpkg-deb --contents $(printf '%q' "$TOPDIR/$f")" || true echo esac done < <(sed -ne '/Files:/,$s/^ ................................ [0-9][0-9]* [^ ]* [^ ]* //p' "$changes") @@ -178,7 +178,7 @@ dsc_build() { if test "$BUILD_SUCCEEDED" = true -a "$DO_CHECKS" != "false" && ( chroot $buildroot su -c "which lintian > /dev/null" - $BUILD_USER < /dev/null ); then DEB_CHANGESFILE=${DEB_DSCFILE%.dsc}$OBS_DCH_RELEASE"_"$(chroot $buildroot su -c 'dpkg-architecture -qDEB_BUILD_ARCH')".changes" - chroot $buildroot su -c "cd $TOPDIR && echo Running lintian && (set -x && lintian -i $TOPDIR/$DEB_CHANGESFILE)" - $BUILD_USER < /dev/null || BUILD_SUCCEEDED=false + su_deb_chroot $buildroot "cd $TOPDIR && echo Running lintian && (set -x && lintian -i $TOPDIR/$DEB_CHANGESFILE)" || BUILD_SUCCEEDED=false fi } diff --git a/debian/changelog b/debian/changelog index 99688a8..90d294c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +obs-build (20210120-4) unstable; urgency=medium + + * Ensure the build environment is set up correctly: + - Wrap chroot + su in a function to consistently set up environment + for builds. + Since "su -" cleans the environment, we need to tell it to keep + variables we want to preserve. To make this easier, create a new wrapper + su_deb_chroot that runs chroot and su and sets up the environment. + + -- Andrej Shadura <andrewsh@debian.org> Fri, 11 Nov 2022 11:45:36 +0100 + obs-build (20210120-3) unstable; urgency=medium * Refresh 0007-deb-Show-version-of-each-package-that-we-preinstall.patch. diff --git a/debian/patches/0017-Consistently-use-deb_chroot-instead-of-chroot-where-.patch b/debian/patches/0017-Consistently-use-deb_chroot-instead-of-chroot-where-.patch new file mode 100644 index 0000000..3e481bf --- /dev/null +++ b/debian/patches/0017-Consistently-use-deb_chroot-instead-of-chroot-where-.patch @@ -0,0 +1,153 @@ +From: Andrej Shadura <andrew.shadura@collabora.co.uk> +Date: Thu, 10 Nov 2022 15:36:13 +0100 +Subject: Consistently use deb_chroot instead of chroot where it makes a difference + +Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk> +--- + build-pkg-deb | 6 +++--- + build-recipe-debootstrap | 8 ++++---- + build-recipe-dsc | 24 ++++++++++++------------ + 3 files changed, 19 insertions(+), 19 deletions(-) + +diff --git a/build-pkg-deb b/build-pkg-deb +index 9467f46..e18b5be 100644 +--- a/build-pkg-deb ++++ b/build-pkg-deb +@@ -71,14 +71,14 @@ pkg_initdb_deb() { + cp $BUILD_ROOT/.init_b_cache/rpms/dpkg.deb $BUILD_ROOT/.init_b_cache/dpkg.deb || cleanup_and_exit 1 + fi + DEB_UNSAFE_IO= +- chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 && DEB_UNSAFE_IO="--force-unsafe-io" ++ deb_chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 && DEB_UNSAFE_IO="--force-unsafe-io" + deb_chroot $BUILD_ROOT dpkg --install $DEB_UNSAFE_IO --force-depends .init_b_cache/dpkg.deb >/dev/null 2>&1 + } + + pkg_prepare_deb() { + # test if dpkg knows --force-unsafe-io + DEB_UNSAFE_IO= +- chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 && DEB_UNSAFE_IO="--force-unsafe-io" ++ deb_chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 && DEB_UNSAFE_IO="--force-unsafe-io" + } + + pkg_install_deb() { +@@ -104,7 +104,7 @@ pkg_erase_deb() { + while read line; do + case "$line" in + subprocess\ installed\ *script\ returned\ error\ exit\ status*) +- chroot $BUILD_ROOT rm -f /var/lib/dpkg/info/$PKG.{pre,post}rm ++ deb_chroot $BUILD_ROOT rm -f /var/lib/dpkg/info/$PKG.{pre,post}rm + retry=1 + ;; + *) echo "$line" ;; +diff --git a/build-recipe-debootstrap b/build-recipe-debootstrap +index 064be36..a5585d6 100644 +--- a/build-recipe-debootstrap ++++ b/build-recipe-debootstrap +@@ -53,14 +53,14 @@ recipe_build_debootstrap() { + done + FULL_PKG_LIST="${FULL_PKG_LIST#,}" + rm -rf "$BUILD_ROOT/$myroot" +- if chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 ; then ++ if deb_chroot $BUILD_ROOT dpkg --force-unsafe-io --version >/dev/null 2>&1 ; then + mkdir -p "$BUILD_ROOT/$myroot/etc/dpkg/dpkg.cfg.d" + echo force-unsafe-io > "$BUILD_ROOT/$myroot/etc/dpkg/dpkg.cfg.d/force-unsafe-io" + fi + +- set -- chroot $BUILD_ROOT debootstrap --keep-debootstrap-dir --no-check-gpg --variant=buildd --arch="${arch}" --include="$FULL_PKG_LIST" "$dist" "$myroot" file:///.build.binaries ++ set -- deb_chroot $BUILD_ROOT debootstrap --keep-debootstrap-dir --no-check-gpg --variant=buildd --arch="${arch}" --include="$FULL_PKG_LIST" "$dist" "$myroot" file:///.build.binaries + echo "running debootstrap:$(printf ' %q' "$@")..." +- if ! "$@" || ! chroot $BUILD_ROOT dpkg --configure -a; then ++ if ! "$@" || ! deb_chroot $BUILD_ROOT dpkg --configure -a; then + cat $BUILD_ROOT/$myroot/debootstrap/debootstrap.log + cleanup_and_exit 1 "Failed to setup debootstrap chroot" + fi +@@ -91,7 +91,7 @@ recipe_build_debootstrap() { + mkdir -p $BUILD_ROOT/$myroot/dev/shm + mount -n -ttmpfs none $BUILD_ROOT/$myroot/dev/shm + +- chroot $BUILD_ROOT/$myroot apt-cache gencaches ++ deb_chroot $BUILD_ROOT/$myroot apt-cache gencaches + + if ! test -e $BUILD_ROOT/$myroot/etc/hosts ; then + cp $BUILD_ROOT/etc/hosts $BUILD_ROOT/$myroot/etc/hosts +diff --git a/build-recipe-dsc b/build-recipe-dsc +index b6f998b..a37a3fb 100644 +--- a/build-recipe-dsc ++++ b/build-recipe-dsc +@@ -67,7 +67,7 @@ recipe_prepare_dsc() { + for DEB_DSCFILE in $BUILD_ROOT/$DEB_SOURCEDIR/*.dsc ; do : ; done + DEB_DSCFILE="${DEB_DSCFILE##*/}" + fi +- chroot $BUILD_ROOT su -c "dpkg-source -x $DEB_SOURCEDIR/$DEB_DSCFILE $TOPDIR/BUILD" - $BUILD_USER ++ deb_chroot $BUILD_ROOT su -c "dpkg-source -x $DEB_SOURCEDIR/$DEB_DSCFILE $TOPDIR/BUILD" - $BUILD_USER + + # Alternative to debtransform: apply OBS release number if tag OBS-DCH-RELEASE is set. + if test -z "$DEB_TRANSFORM" -a -n "$DEB_RELEASE"; then +@@ -76,7 +76,7 @@ recipe_prepare_dsc() { + else + OBS_DCH_RELEASE="$DEB_RELEASE" + fi +- chroot $BUILD_ROOT su -c /bin/sh <<EOF ++ deb_chroot $BUILD_ROOT su -c /bin/sh <<EOF + cd $TOPDIR/BUILD + [ ! -f debian/changelog ] && exit 0 + # avoid devscripts dependency and mimic dch +@@ -111,22 +111,22 @@ dsc_build() { + + echo "==== Filesystems in build chroot ====" + echo +- chroot "$buildroot" su -c "cat /proc/self/mountinfo" - "$BUILD_USER" < /dev/null || true ++ deb_chroot "$buildroot" su -c "cat /proc/self/mountinfo" - "$BUILD_USER" < /dev/null || true + echo + + echo "==== User identity in build chroot ====" + echo +- chroot "$buildroot" su -c "id" - "$BUILD_USER" < /dev/null || true ++ deb_chroot "$buildroot" su -c "id" - "$BUILD_USER" < /dev/null || true + echo + + echo "==== Environment variables in build chroot ====" + echo +- chroot "$buildroot" su -c "env | LC_ALL=C sort -u" - "$BUILD_USER" < /dev/null || true ++ deb_chroot "$buildroot" su -c "env | LC_ALL=C sort -u" - "$BUILD_USER" < /dev/null || true + echo + + echo "==== Packages installed in build chroot ====" + echo +- chroot "$buildroot" su -c "dpkg-query -W" - "$BUILD_USER" < /dev/null || true ++ deb_chroot "$buildroot" su -c "dpkg-query -W" - "$BUILD_USER" < /dev/null || true + echo + + DSC_BUILD_OPTIONS= +@@ -144,7 +144,7 @@ dsc_build() { + chmod +x $buildroot/$TOPDIR/SOURCES/build.script + fi + +- chroot $buildroot su -c "export DEB_BUILD_OPTIONS=${DSC_BUILD_OPTIONS} ; cd $TOPDIR/BUILD && $DSC_BUILD_CMD" - $BUILD_USER < /dev/null && BUILD_SUCCEEDED=true ++ deb_chroot $buildroot su -c "export DEB_BUILD_OPTIONS=${DSC_BUILD_OPTIONS} ; cd $TOPDIR/BUILD && $DSC_BUILD_CMD" - $BUILD_USER < /dev/null && BUILD_SUCCEEDED=true + + for changes in "$buildroot/$TOPDIR"/*.changes ; do + echo +@@ -168,17 +168,17 @@ dsc_build() { + (*.deb|*.ddeb|*.udeb) + echo "==== $f ====" + echo +- chroot "$buildroot" su -c "dpkg-deb --info $(printf '%q' "$TOPDIR/$f")" - "$BUILD_USER" < /dev/null || true ++ deb_chroot "$buildroot" su -c "dpkg-deb --info $(printf '%q' "$TOPDIR/$f")" - "$BUILD_USER" < /dev/null || true + echo +- chroot "$buildroot" su -c "dpkg-deb --contents $(printf '%q' "$TOPDIR/$f")" - "$BUILD_USER" < /dev/null || true ++ deb_chroot "$buildroot" su -c "dpkg-deb --contents $(printf '%q' "$TOPDIR/$f")" - "$BUILD_USER" < /dev/null || true + echo + esac + done < <(sed -ne '/Files:/,$s/^ ................................ [0-9][0-9]* [^ ]* [^ ]* //p' "$changes") + done + +- if test "$BUILD_SUCCEEDED" = true -a "$DO_CHECKS" != "false" && ( chroot $buildroot su -c "which lintian > /dev/null" - $BUILD_USER < /dev/null ); then +- DEB_CHANGESFILE=${DEB_DSCFILE%.dsc}$OBS_DCH_RELEASE"_"$(chroot $buildroot su -c 'dpkg-architecture -qDEB_BUILD_ARCH')".changes" +- chroot $buildroot su -c "cd $TOPDIR && echo Running lintian && (set -x && lintian -i $TOPDIR/$DEB_CHANGESFILE)" - $BUILD_USER < /dev/null || BUILD_SUCCEEDED=false ++ if test "$BUILD_SUCCEEDED" = true -a "$DO_CHECKS" != "false" && ( deb_chroot $buildroot su -c "which lintian > /dev/null" - $BUILD_USER < /dev/null ); then ++ DEB_CHANGESFILE=${DEB_DSCFILE%.dsc}$OBS_DCH_RELEASE"_"$(deb_chroot $buildroot su -c 'dpkg-architecture -qDEB_BUILD_ARCH')".changes" ++ deb_chroot $buildroot su -c "cd $TOPDIR && echo Running lintian && (set -x && lintian -i $TOPDIR/$DEB_CHANGESFILE)" - $BUILD_USER < /dev/null || BUILD_SUCCEEDED=false + fi + } + diff --git a/debian/patches/0018-Escape-arguments-properly-to-avoid-leaking-spaces.patch b/debian/patches/0018-Escape-arguments-properly-to-avoid-leaking-spaces.patch new file mode 100644 index 0000000..f169398 --- /dev/null +++ b/debian/patches/0018-Escape-arguments-properly-to-avoid-leaking-spaces.patch @@ -0,0 +1,28 @@ +From: Andrej Shadura <andrew.shadura@collabora.co.uk> +Date: Thu, 10 Nov 2022 15:42:31 +0100 +Subject: Escape arguments properly to avoid leaking spaces + +Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk> +--- + build-pkg-deb | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/build-pkg-deb b/build-pkg-deb +index e18b5be..8bca1a6 100644 +--- a/build-pkg-deb ++++ b/build-pkg-deb +@@ -34,12 +34,12 @@ deb_chroot () + # when doing a 'chroot /' call lets subshell and change dir manually + # + ( +- cd $1 && ++ cd "$1" && + DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical \ + DEBCONF_NONINTERACTIVE_SEEN=true \ + LC_ALL=C.UTF-8 LANGUAGE=C.UTF-8 LANG=C.UTF-8 \ + TZ=UTC \ +- chroot $* ++ chroot "$@" + ) + } + diff --git a/debian/patches/0019-Wrap-chroot-su-in-a-function-to-consistently-set-up-.patch b/debian/patches/0019-Wrap-chroot-su-in-a-function-to-consistently-set-up-.patch new file mode 100644 index 0000000..f9f241e --- /dev/null +++ b/debian/patches/0019-Wrap-chroot-su-in-a-function-to-consistently-set-up-.patch @@ -0,0 +1,110 @@ +From: Andrej Shadura <andrew.shadura@collabora.co.uk> +Date: Thu, 10 Nov 2022 16:23:50 +0100 +Subject: Wrap chroot + su in a function to consistently set up environment for builds + +Since "su -" cleans the environment, we need to tell it to keep +variables we want to preserve. To make this easier, create a new wrapper +su_deb_chroot that runs chroot and su and sets up the environment. + +Since DEBIAN_* variables are only needed when preparing the build +chroot, don’t set them in su_deb_chroot. + +Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk> +--- + build-pkg-deb | 19 +++++++++++++++++++ + build-recipe-dsc | 20 ++++++++++---------- + 2 files changed, 29 insertions(+), 10 deletions(-) + +diff --git a/build-pkg-deb b/build-pkg-deb +index 8bca1a6..b4deceb 100644 +--- a/build-pkg-deb ++++ b/build-pkg-deb +@@ -43,6 +43,25 @@ deb_chroot () + ) + } + ++# ++# A wrapper around chroot + su to set the environment correctly for ++# the build process ++# ++su_deb_chroot() ++{ ++ dir="$1" ++ command="$2" ++ shift 2 ++ ( ++ cd "$dir" && ++ LC_ALL=C.UTF-8 LANGUAGE=C.UTF-8 LANG=C.UTF-8 \ ++ TZ=UTC \ ++ chroot "$dir" su - "$BUILD_USER" \ ++ -w "LC_ALL,LANGUAGE,LANG,TZ" \ ++ -c "$command" "$@" < /dev/null ++ ) ++} ++ + deb_setup() { + mkdir -p $BUILD_ROOT/var/lib/dpkg + mkdir -p $BUILD_ROOT/var/log +diff --git a/build-recipe-dsc b/build-recipe-dsc +index a37a3fb..c14dbd4 100644 +--- a/build-recipe-dsc ++++ b/build-recipe-dsc +@@ -111,22 +111,22 @@ dsc_build() { + + echo "==== Filesystems in build chroot ====" + echo +- deb_chroot "$buildroot" su -c "cat /proc/self/mountinfo" - "$BUILD_USER" < /dev/null || true ++ su_deb_chroot "$buildroot" "cat /proc/self/mountinfo" || true + echo + + echo "==== User identity in build chroot ====" + echo +- deb_chroot "$buildroot" su -c "id" - "$BUILD_USER" < /dev/null || true ++ su_deb_chroot "$buildroot" "id" || true + echo + + echo "==== Environment variables in build chroot ====" + echo +- deb_chroot "$buildroot" su -c "env | LC_ALL=C sort -u" - "$BUILD_USER" < /dev/null || true ++ su_deb_chroot "$buildroot" "env | LC_ALL=C sort -u" || true + echo + + echo "==== Packages installed in build chroot ====" + echo +- deb_chroot "$buildroot" su -c "dpkg-query -W" - "$BUILD_USER" < /dev/null || true ++ su_deb_chroot "$buildroot" "dpkg-query -W" || true + echo + + DSC_BUILD_OPTIONS= +@@ -144,7 +144,7 @@ dsc_build() { + chmod +x $buildroot/$TOPDIR/SOURCES/build.script + fi + +- deb_chroot $buildroot su -c "export DEB_BUILD_OPTIONS=${DSC_BUILD_OPTIONS} ; cd $TOPDIR/BUILD && $DSC_BUILD_CMD" - $BUILD_USER < /dev/null && BUILD_SUCCEEDED=true ++ su_deb_chroot $buildroot "export DEB_BUILD_OPTIONS=${DSC_BUILD_OPTIONS} ; cd $TOPDIR/BUILD && $DSC_BUILD_CMD" && BUILD_SUCCEEDED=true + + for changes in "$buildroot/$TOPDIR"/*.changes ; do + echo +@@ -168,17 +168,17 @@ dsc_build() { + (*.deb|*.ddeb|*.udeb) + echo "==== $f ====" + echo +- deb_chroot "$buildroot" su -c "dpkg-deb --info $(printf '%q' "$TOPDIR/$f")" - "$BUILD_USER" < /dev/null || true ++ su_deb_chroot "$buildroot" "dpkg-deb --info $(printf '%q' "$TOPDIR/$f")" || true + echo +- deb_chroot "$buildroot" su -c "dpkg-deb --contents $(printf '%q' "$TOPDIR/$f")" - "$BUILD_USER" < /dev/null || true ++ su_deb_chroot "$buildroot" "dpkg-deb --contents $(printf '%q' "$TOPDIR/$f")" || true + echo + esac + done < <(sed -ne '/Files:/,$s/^ ................................ [0-9][0-9]* [^ ]* [^ ]* //p' "$changes") + done + +- if test "$BUILD_SUCCEEDED" = true -a "$DO_CHECKS" != "false" && ( deb_chroot $buildroot su -c "which lintian > /dev/null" - $BUILD_USER < /dev/null ); then +- DEB_CHANGESFILE=${DEB_DSCFILE%.dsc}$OBS_DCH_RELEASE"_"$(deb_chroot $buildroot su -c 'dpkg-architecture -qDEB_BUILD_ARCH')".changes" +- deb_chroot $buildroot su -c "cd $TOPDIR && echo Running lintian && (set -x && lintian -i $TOPDIR/$DEB_CHANGESFILE)" - $BUILD_USER < /dev/null || BUILD_SUCCEEDED=false ++ if test "$BUILD_SUCCEEDED" = true -a "$DO_CHECKS" != "false" && ( chroot $buildroot su -c "which lintian > /dev/null" - $BUILD_USER < /dev/null ); then ++ DEB_CHANGESFILE=${DEB_DSCFILE%.dsc}$OBS_DCH_RELEASE"_"$(chroot $buildroot su -c 'dpkg-architecture -qDEB_BUILD_ARCH')".changes" ++ su_deb_chroot $buildroot "cd $TOPDIR && echo Running lintian && (set -x && lintian -i $TOPDIR/$DEB_CHANGESFILE)" || BUILD_SUCCEEDED=false + fi + } + diff --git a/debian/patches/series b/debian/patches/series index 1d465c0..589695f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -14,3 +14,6 @@ 0014-Force-the-local-timezone-to-be-UTC.patch 0015-Unset-TERM-to-prevent-unexpectedly-colorized-output-.patch 0016-init_buildsystem-Move-hostname-ip-entry-to-the-end-o.patch +0017-Consistently-use-deb_chroot-instead-of-chroot-where-.patch +0018-Escape-arguments-properly-to-avoid-leaking-spaces.patch +0019-Wrap-chroot-su-in-a-function-to-consistently-set-up-.patch |