Your message dated Mon, 21 Jan 2008 02:02:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#427047: fixed in schroot 1.1.6-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: schroot
Version: 1.1.4-1
Severity: wishlist
Tags: patch
Hi,
I have a similar situation to what Kees Cook described in bug #395062.
However in my case I needed to modify some of the default mounts, specifically
removing /dev/pts and making /dev an --rbind to the system /dev so I can enjoy
the functionality of udev from within the chroot. With the numerous package
updates last week, I got tired of fixing /etc/schroot/setup.d/10mount to my
liking, so this idea was born.
The proposal is very simple - I am adding support for an fstab-like file
/etc/scroot/schroot.fstab. The code is totally non-intrusive, and activates
only when the file is present. I think I have covered all the corner cases,
with corresponding non-cryptic error messages. Feel free to include this in
the distribution if you like the idea.
Cheers
Peter
P.S. I am not that good with shell scripting, a bashism might have slipped in
here or there
diff -ru /etc/schroot/setup.d.original/00check /etc/schroot/setup.d/00check
--- /etc/schroot/setup.d.original/00check 2007-05-29 01:14:02.000000000
+0200
+++ /etc/schroot/setup.d/00check 2007-06-01 14:41:24.000000000 +0200
@@ -16,6 +16,8 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston,
# MA 02111-1307 USA
+FSTAB="/etc/schroot/schroot.fstab"
+
if [ $1 = "setup-start" ] || [ $1 = "setup-recover" ]; then
if [ "$AUTH_VERBOSITY" = "verbose" ]; then
@@ -80,4 +82,17 @@
exit 1
fi
+ # Check ownership and permissions of schroot.fstab
+ if [ -f "$FSTAB" ]; then
+
+ if [ `stat --printf '%u%g' "$FSTAB"` != "00" ] ; then
+ echo "$FSTAB must be owned by root"
+ exit 1
+ fi
+
+ if stat --printf '%A' "$FSTAB" | grep -v '^-.......--$' ; then
+ echo "$FSTAB can not have write/execute permissions for others"
+ exit 1
+ fi
+ fi
fi
diff -ru /etc/schroot/setup.d.original/10mount /etc/schroot/setup.d/10mount
--- /etc/schroot/setup.d.original/10mount 2007-05-29 01:14:02.000000000
+0200
+++ /etc/schroot/setup.d/10mount 2007-06-01 14:57:06.000000000 +0200
@@ -18,6 +18,8 @@
set -e
+FSTAB="/etc/schroot/schroot.fstab"
+
# Mount a filesystem
# $1: mount options
# $2: mount device
@@ -39,6 +41,41 @@
mount $VERBOSE $1 "$2" "$3"
}
+# Mount filesystems described in the local fstab file $FSTAB
+# The full file format specification is supported as described in fstab(5),
+# including UUID and LABEL device/partition specifications.
+#
+# The cat/echo/piping acrobatics is necessary to accomodate files without
+# trailing newlines
+do_mount_fstab()
+{
+ (cat $FSTAB; echo) |
+ (
+ LN=0
+ while read m_dev m_loc m_type m_opts m_trailing; do
+ LN=$(($LN+1))
+ if [ -z $m_dev ] || echo $m_dev | grep -q '^#'; then continue; fi
+
+ if [ -z $m_loc ] || [ -z $m_type ] ; then
+ echo "Malformed mount specification in $FSTAB line $LN"
+ exit 1
+ fi
+
+ if [ "$m_type" = "ignore" ] ; then continue; fi
+
+ m_args="-t $m_type"
+ if [ "x$m_opts" != "x" ]; then
+ m_args="$m_args -o $m_opts"
+ fi
+
+ m_dev=$(echo "$m_dev" | sed -e 's/^LABEL=/-L /')
+ m_dev=$(echo "$m_dev" | sed -e 's/^UUID=/-U /')
+
+ do_mount "$m_args" "$m_dev" "${CHROOT_PATH}/$m_loc"
+ done
+ )
+}
+
# Unmount all filesystem under specified location
# $1: mount base location
do_umount_all()
@@ -95,11 +132,22 @@
fi
if [ "$CHROOT_TYPE" != "plain" ]; then
- do_mount "-t proc" "proc" "${CHROOT_PATH}/proc"
- do_mount "-o rw,bind" "/dev/pts" "${CHROOT_PATH}/dev/pts"
- do_mount "-t tmpfs" "tmpfs" "${CHROOT_PATH}/dev/shm"
- do_mount "-o rw,bind" "/home" "${CHROOT_PATH}/home"
- do_mount "-o rw,bind" "/tmp" "${CHROOT_PATH}/tmp"
+ if [ -f "$FSTAB" ] ; then
+ if [ "$AUTH_VERBOSITY" = "verbose" ]; then
+ echo "Mounting locations found in $FSTAB:"
+ fi
+ do_mount_fstab
+
+ else
+ if [ "$AUTH_VERBOSITY" = "verbose" ]; then
+ echo "No local $FSTAB found, mounting defaults:"
+ fi
+ do_mount "-t proc" "proc" "${CHROOT_PATH}/proc"
+ do_mount "-o rw,bind" "/dev/pts" "${CHROOT_PATH}/dev/pts"
+ do_mount "-t tmpfs" "tmpfs" "${CHROOT_PATH}/dev/shm"
+ do_mount "-o rw,bind" "/home" "${CHROOT_PATH}/home"
+ do_mount "-o rw,bind" "/tmp" "${CHROOT_PATH}/tmp"
+ fi
fi
elif [ $1 = "setup-stop" ]; then
# This is the schroot mount definition file. Its syntax closely follows the
# one of your system fstab, as described in fstab(5), with these EXCEPTIONS:
#
# * Only the first four fields (fs_spec, fs_file, fs_vfstype and fs_mntopts)
# are significant. Any additional fields like fs_freq and fs_passno are
# ignored. A side effect of this is that trailing comments are allowed.
#
# * All mount points specified in the second field (fs_file) will be prefixed
# with the chroot directory. Thus all mount point paths must be specified as
# seen from within the chroot.
#
# The following are the default mounts every system is expected to have.
# Be extra careful when modifying them - it might prevent you from logging
# into your new shiny chroot.
proc /proc proc
/dev/pts /dev/pts none rw,bind
tmpfs /dev/shm tmpfs
/home /home none rw,bind
/tmp /tmp none rw,bind
--- End Message ---
--- Begin Message ---
Source: schroot
Source-Version: 1.1.6-1
We believe that the bug you reported is fixed in the latest version of
schroot, which is due to be installed in the Debian FTP archive:
dchroot-dsa_1.1.6-1_powerpc.deb
to pool/main/s/schroot/dchroot-dsa_1.1.6-1_powerpc.deb
dchroot_1.1.6-1_powerpc.deb
to pool/main/s/schroot/dchroot_1.1.6-1_powerpc.deb
libsbuild-dev_1.1.6-1_powerpc.deb
to pool/main/s/schroot/libsbuild-dev_1.1.6-1_powerpc.deb
libsbuild-doc_1.1.6-1_all.deb
to pool/main/s/schroot/libsbuild-doc_1.1.6-1_all.deb
schroot-common_1.1.6-1_all.deb
to pool/main/s/schroot/schroot-common_1.1.6-1_all.deb
schroot_1.1.6-1.diff.gz
to pool/main/s/schroot/schroot_1.1.6-1.diff.gz
schroot_1.1.6-1.dsc
to pool/main/s/schroot/schroot_1.1.6-1.dsc
schroot_1.1.6-1_powerpc.deb
to pool/main/s/schroot/schroot_1.1.6-1_powerpc.deb
schroot_1.1.6.orig.tar.gz
to pool/main/s/schroot/schroot_1.1.6.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roger Leigh <[EMAIL PROTECTED]> (supplier of updated schroot package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 20 Jan 2008 22:51:04 +0000
Source: schroot
Binary: schroot-common libsbuild-dev dchroot-dsa dchroot libsbuild-doc schroot
Architecture: source all powerpc
Version: 1.1.6-1
Distribution: unstable
Urgency: low
Maintainer: Debian buildd-tools Developers <[EMAIL PROTECTED]>
Changed-By: Roger Leigh <[EMAIL PROTECTED]>
Description:
dchroot - Execute commands in a chroot environment
dchroot-dsa - Execute commands in a chroot environment
libsbuild-dev - development files for the Debian source builder
libsbuild-doc - development documentation for the Debian source builder
schroot - Execute commands in a chroot environment
schroot-common - common files for schroot
Closes: 395062 427047 428808 439215 452263 459658 461531
Changes:
schroot (1.1.6-1) unstable; urgency=low
.
* New upstream development release.
* Acknowledge NMU. Thanks to Lucas Nussbaum for fixing the Boost
library names following another incompatible change in Boost
(Closes: #439215).
* debian/control: Suggest lvm2 instead of lvm-common (Closes: #452263).
* debian/copyright:
- Update with new GIT source code repository location.
- Update licence to GPLv3.
* debian/schroot.init: Update licence to GPLv3.
* bin/schroot/setup/20network, bin/schroot/setup/30passwd: For files to
copy, compare file device, inode and contents to avoid copying
identical files (Closes: #428808).
* If unknown keys are present in the configuration file, print a warning
message to alert the user (Closes: #459658).
* The filesystems to mount in the chroot may be customised by the system
administrator through the use of an fstab file on a per-chroot basis,
and a new helper utility, schroot-mount (Closes: #395062, #427047).
Thanks for your patience while we took the time to implement this the
right way.
* Update Vietnamese translation (Closes: #461531). Thanks to Clytie
Siddall.
* debian/schroot.preinst: Add rm_conffile function to remove
/etc/schroot/setup.d/20network and /etc/schroot/setup.d/30passwd for
versions prior to this. These are replaced by
/etc/schroot/setup.d/20copyfiles.
* debian/schroot.NEWS: Document conffile changes.
Files:
1e3c5e97bd9c8f711619b4805a4d6db3 1060 admin optional schroot_1.1.6-1.dsc
8cccdc70578551e4834a085fedd3f668 6751813 admin optional
schroot_1.1.6.orig.tar.gz
69ffffebd33a8c8e9178dc40cefad48b 20 admin optional schroot_1.1.6-1.diff.gz
5a539adcdc35042f8b06e070286b06d3 97504 admin optional
schroot-common_1.1.6-1_all.deb
38226c3b10d518390cb81c94009dab7f 3076468 doc optional
libsbuild-doc_1.1.6-1_all.deb
aefdb98e3b9c5a2e0a64e6fcffe34ed3 1233614 devel optional
libsbuild-dev_1.1.6-1_powerpc.deb
e4ee84549e00899e9b8ecaa1d3c24b36 685048 admin optional
schroot_1.1.6-1_powerpc.deb
495394c0991c216408893f076279b92d 312046 admin optional
dchroot_1.1.6-1_powerpc.deb
f2caeefb210cbd6c5d0c21a86454f853 311402 admin optional
dchroot-dsa_1.1.6-1_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHk/pZVcFcaSW/uEgRAmn7AJ4gUQnhhAnh3jLRs6A1HDiIQEFnrgCfS2CV
yptvKC+tgtumI1htQ3AYo58=
=VlpL
-----END PGP SIGNATURE-----
--- End Message ---
