Add builduser to same groups as on host

This prevents permission errors when relying on a user's group for accessing certain files (made available within the container via bind mounts).
Log systemd-nspawn invocation parameters
2021-07-20 18:33:39 +02:00 · 2021-07-20 18:26:04 +02:00 · 2021-02-20 18:37:38 +01:00 · 2021-02-20 18:37:38 +01:00 · 2021-02-20 18:37:38 +01:00 · 2021-02-20 18:37:38 +01:00
3 changed files with 28 additions and 12 deletions
--- a/arch-nspawn.in
+++ b/arch-nspawn.in
@ -97,7 +97,7 @@ copy_hostconf () {
 	unshare --fork --pid gpg --homedir "$working_dir"/etc/pacman.d/gnupg/ --no-permission-warning --quiet --batch --import --import-options import-local-sigs "$(pacman-conf GpgDir)"/pubring.gpg >/dev/null 2>&1
 	pacman-key --gpgdir "$working_dir"/etc/pacman.d/gnupg/ --import-trustdb "$(pacman-conf GpgDir)" >/dev/null 2>&1

-	printf 'Server = %s\n' "${host_mirrors[@]}" >"$working_dir/etc/pacman.d/mirrorlist"
+	#printf 'Server = %s\n' "${host_mirrors[@]}" >"$working_dir/etc/pacman.d/mirrorlist"

 	[[ -n $pac_conf ]] && cp "$pac_conf" "$working_dir/etc/pacman.conf"
 	[[ -n $makepkg_conf ]] && cp "$makepkg_conf" "$working_dir/etc/makepkg.conf"
@ -127,9 +127,15 @@ eval "$(grep -a '^CARCH=' "$working_dir/etc/makepkg.conf")"

 [[ -z $nosetarch ]] || unset CARCH

-exec ${CARCH:+setarch "$CARCH"} systemd-nspawn -q \
+for p in  echo exec; do
+[[ $p == echo ]] && msg "Entering chroot \"$working_dir\" via:"
+"$p" systemd-nspawn -q \
 	-D "$working_dir" \
 	-E "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin" \
-	--register=no --keep-unit --as-pid2 \
+	--register=no \
+	--as-pid2 \
+	--rlimit=NOFILE=10000 \
+	--resolv-conf=copy-host \
 	"${mount_args[@]}" \
 	"$@"
+done
--- a/archbuild.in
+++ b/archbuild.in
@ -69,7 +69,7 @@ if ${clean_first} || [[ ! -d "${chroots}/${repo}-${arch}" ]]; then

 	rm -rf --one-file-system "${chroots}/${repo}-${arch}"
 	(umask 0022; mkdir -p "${chroots}/${repo}-${arch}")
-	setarch "${arch}" mkarchroot \
+	mkarchroot \
 		-C "${pacman_config}" \
 		-M "${makepkg_config}" \
 		"${chroots}/${repo}-${arch}/root" \
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@ -17,7 +17,7 @@ source /usr/share/makepkg/util/config.sh

 shopt -s nullglob

-default_makepkg_args=(--syncdeps --noconfirm --log --holdver --skipinteg)
+default_makepkg_args=(--syncdeps --noconfirm --holdver --skipinteg)
 makepkg_args=("${default_makepkg_args[@]}")
 verifysource_args=()
 chrootdir=
@ -64,6 +64,7 @@ usage() {
 	echo 'Flags:'
 	echo '-h         This help'
 	echo '-c         Clean the chroot before building'
+	echo '-C <dir>   Set pacman cache to pass to arch-nspawn'
 	echo '-d <dir>   Bind directory into build chroot as read-write'
 	echo '-D <dir>   Bind directory into build chroot as read-only'
 	echo '-u         Update the working copy of the chroot before building'
@ -158,6 +159,7 @@ prepare_chroot() {
 	local builduser_uid builduser_gid
 	builduser_uid="$(id -u "$makepkg_user")"
 	builduser_gid="$(id -g "$makepkg_user")"
+	builduser_gids="$(id -G "$makepkg_user")"
 	local install="install -o $builduser_uid -g $builduser_gid"
 	local x

@ -166,14 +168,18 @@ prepare_chroot() {
 	# an x86_64 host).
 	sed -e '/^builduser:/d' -i "$copydir"/etc/{passwd,shadow,group}
 	printf >>"$copydir/etc/group"  'builduser:x:%d:\n' "$builduser_gid"
+	for gid in $builduser_gids; do
+		if [[ $gid != $builduser_gid ]]; then
+			group_name=$(getent group "$gid" | cut -d: -f1)
+			printf >>"$copydir/etc/group"  "$group_name:x:%d:builduser\n" "$gid"
+		fi
+	done
 	printf >>"$copydir/etc/passwd" 'builduser:x:%d:%d:builduser:/build:/bin/bash\n' "$builduser_uid" "$builduser_gid"
 	printf >>"$copydir/etc/shadow" 'builduser:!!:%d::::::\n' "$(( $(date -u +%s) / 86400 ))"

 	$install -d "$copydir"/{build,startdir,{pkg,srcpkg,src,log}dest}

-	sed -e '/^MAKEFLAGS=/d' -e '/^PACKAGER=/d' -i "$copydir/etc/makepkg.conf"
-	for x in BUILDDIR=/build PKGDEST=/pkgdest SRCPKGDEST=/srcpkgdest SRCDEST=/srcdest LOGDEST=/logdest \
-		"MAKEFLAGS='${MAKEFLAGS:-}'" "PACKAGER='${PACKAGER:-}'"
+	for x in BUILDDIR=/build PKGDEST=/pkgdest SRCPKGDEST=/srcpkgdest SRCDEST=/srcdest LOGDEST=/logdest
 	do
 		grep -q "^$x" "$copydir/etc/makepkg.conf" && continue
 		echo "$x" >>"$copydir/etc/makepkg.conf"
@ -213,7 +219,9 @@ _chrootbuild() {
 	# use "$" in arguments to commands with "sudo -i".  ${foo} or
 	# ${1} is OK, but $foo or $1 isn't.
 	# https://bugzilla.sudo.ws/show_bug.cgi?id=765
-	sudo --preserve-env=SOURCE_DATE_EPOCH -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@"
+	mkdir /build/.distcc
+	chown builduser /build/.distcc
+	sudo --preserve-env=SOURCE_DATE_EPOCH -iu builduser DISTCC_IO_TIMEOUT=1200 DISTCC_DIR='/build/.distcc' bash -c 'cd /startdir; makepkg "$@"' -bash "$@"
 	ret=$?
 	case $ret in
 		0|14)
@ -238,7 +246,7 @@ download_sources() {
 	# Ensure sources are downloaded
 	sudo -u "$makepkg_user" --preserve-env=GNUPGHOME \
 		env SRCDEST="$SRCDEST" BUILDDIR="$WORKDIR" \
-		makepkg --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" ||
+		makepkg -A --config="$copydir/etc/makepkg.conf" --verifysource -o "${verifysource_args[@]}" ||
 		die "Could not download sources."
 }

@ -277,12 +285,13 @@ move_products() {
 }
 # }}}

-while getopts 'hcur:I:l:nCTD:d:U:' arg; do
+while getopts 'hcuC:r:I:l:nCTD:d:U:' arg; do
 	case "$arg" in
 		c) clean_first=1 ;;
 		D) bindmounts_ro+=("--bind-ro=$OPTARG") ;;
 		d) bindmounts_rw+=("--bind=$OPTARG") ;;
 		u) update_first=1 ;;
+		C) cache_dir="-c $OPTARG" ;;
 		r) passeddir="$OPTARG" ;;
 		I) install_pkgs+=("$OPTARG") ;;
 		l) copy="$OPTARG" ;;
@ -364,7 +373,8 @@ download_sources

 prepare_chroot

-if arch-nspawn "$copydir" \
+if arch-nspawn $cache_dir "$copydir" \
+	--setenv=TERM=xterm \
 	--bind="${PWD//:/\\:}:/startdir" \
 	--bind="${SRCDEST//:/\\:}:/srcdest" \
 	"${bindmounts_ro[@]}" "${bindmounts_rw[@]}" \
Author	SHA1	Message	Date
Martchus	b981c6afe8	Add builduser to same groups as on host This prevents permission errors when relying on a user's group for accessing certain files (made available within the container via bind mounts).	2021-07-20 18:33:39 +02:00
Martchus	401609212e	Log systemd-nspawn invocation parameters When debugging it is useful to know what parameters where used.	2021-07-20 18:26:04 +02:00
Martchus	83958da9c3	Set TERM within the systemd-nspawn container in makechrootpkg This is required by WINE to prevent ``` unknown: I need something more specific ```	2021-02-20 18:37:38 +01:00
Martchus	78de2a3759	Adjust systemd-nspawn flags * Remove --keep-unit since it causes sometimes errors and does not seem to be required * Increase maximum number of open files (the default of 1000 is too less for some packages) * Use /etc/resolv.conf from host (otherwise systemd-nspawn uses a config which does not work on my host setup)	2021-02-20 18:37:38 +01:00
Kevin Mihelich	d5407ee173	makechrootpkg: don't delete MAKEFLAGS and PACKAGER	2021-02-20 18:37:38 +01:00
Kevin Mihelich	b50cb4f946	archbuild: no setarch	2021-02-20 18:37:38 +01:00
Kevin Mihelich	b538ea0d49	makechrootpkg: no default logging	2021-02-20 18:37:38 +01:00
Kevin Mihelich	d508ffe8a4	arch-nspawn: arm fix	2021-02-20 18:37:38 +01:00
Kevin Mihelich	5fc2939bb1	makechrootpkg: distcc	2021-02-20 18:37:38 +01:00
Kevin Mihelich	f8f0140220	arch-nspawn: keep mirrorlist	2021-02-20 18:37:38 +01:00
Kevin Mihelich	319343770a	makechrootpkg: cache dir	2021-02-20 18:37:38 +01:00