aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Ciaran McCreesh <ciaran.mccreesh@googlemail.com> 2006-04-26 08:30:39 +0000
committerAvatar Ciaran McCreesh <ciaran.mccreesh@googlemail.com> 2006-04-26 08:30:39 +0000
commit50cdfecec3d8a02e956999e9b9b4e16454bb00cb (patch)
treeeae6fc3847ce72d23a382b4f54697121188c80b7
parentd0718574d31890ea5842b814772e74a2d12d353e (diff)
downloadpaludis-50cdfecec3d8a02e956999e9b9b4e16454bb00cb.tar.gz
paludis-50cdfecec3d8a02e956999e9b9b4e16454bb00cb.tar.xz
Don't tinker with Doxygen niceness. Update docs with information about avoiding sandbox and test issues with Python, avoiding test issues with various packages, apr's pickiness and various wording and formatting tweaks. Add sandbox support.
-rw-r--r--configure.ac17
-rw-r--r--doc/Makefile.am2
-rw-r--r--doc/doc_bootstrap_howto.doxygen258
-rw-r--r--ebuild/Makefile.am2
-rw-r--r--ebuild/builtin_fetch.bash3
-rw-r--r--ebuild/builtin_init.bash3
-rw-r--r--ebuild/builtin_merge.bash5
-rw-r--r--ebuild/builtin_strip.bash2
-rw-r--r--ebuild/builtin_unmerge.bash5
-rwxr-xr-xebuild/ebuild.bash14
-rw-r--r--ebuild/pkg_postinst.bash5
-rw-r--r--ebuild/pkg_postrm.bash5
-rw-r--r--ebuild/pkg_preinst.bash5
-rw-r--r--ebuild/pkg_prerm.bash5
-rw-r--r--ebuild/sandbox.bash (renamed from ebuild/sandbox_stubs.bash)8
-rw-r--r--ebuild/src_test.bash5
-rw-r--r--ebuild/utils/doconfd2
-rw-r--r--ebuild/utils/doenvd2
-rw-r--r--ebuild/utils/doinitd2
-rw-r--r--ebuild/utils/doins4
-rw-r--r--ebuild/utils/dolib.a2
-rw-r--r--ebuild/utils/dolib.so2
-rw-r--r--ebuild/utils/donewins2
-rw-r--r--ebuild/utils/newbin2
-rw-r--r--ebuild/utils/newconfd2
-rw-r--r--ebuild/utils/newdoc2
-rw-r--r--ebuild/utils/newenvd2
-rw-r--r--ebuild/utils/newexe2
-rw-r--r--ebuild/utils/newinitd2
-rw-r--r--ebuild/utils/newins2
-rw-r--r--ebuild/utils/newlib.a2
-rw-r--r--ebuild/utils/newlib.so2
-rw-r--r--ebuild/utils/newman2
-rw-r--r--ebuild/utils/newsbin2
-rw-r--r--paludis/ebuild.cc24
-rw-r--r--paludis/ebuild.hh5
-rw-r--r--paludis/util/Makefile.am.m44
-rw-r--r--paludis/util/system.cc11
-rw-r--r--paludis/util/system.hh7
39 files changed, 306 insertions, 127 deletions
diff --git a/configure.ac b/configure.ac
index 6d91d88..b38ec5f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -279,6 +279,23 @@ fi
AC_MSG_RESULT([${cxxflags_message}])
dnl }}}
+dnl {{{ sandbox
+AC_MSG_CHECKING([whether to enable sandbox])
+AC_ARG_ENABLE([sandbox],
+ [ --enable-sandbox Enable sandbox],
+ [HAVE_SANDBOX=$enableval
+ AC_MSG_RESULT([$enableval])],
+ [AC_MSG_RESULT([autodetect])
+ AC_CHECK_PROG(HAVE_SANDBOX, [sandbox], [yes], [no])])
+AC_SUBST([HAVE_SANDBOX])
+AM_CONDITIONAL([HAVE_SANDBOX], test "x$HAVE_SANDBOX" = "xyes")
+if test x"$HAVE_SANDBOX" = "xyes" ; then
+ AC_DEFINE([HAVE_SANDBOX], 1, [Do we have sandbox?])
+else
+ AC_DEFINE([HAVE_SANDBOX], 0)
+fi
+dnl }}}
+
dnl {{{ doxygen, dot
AC_MSG_CHECKING([whether to enable doxygen])
AC_ARG_ENABLE([doxygen],
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 4386222..cf23946 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -20,7 +20,7 @@ if HAVE_DOXYGEN
doxygen : doxygen.conf $(top_srcdir)/paludis/*.cc $(top_srcdir)/paludis/*.hh \
$(docfiles)
- nice doxygen doxygen.conf
+ doxygen doxygen.conf
else
diff --git a/doc/doc_bootstrap_howto.doxygen b/doc/doc_bootstrap_howto.doxygen
index db3b51d..0534d7d 100644
--- a/doc/doc_bootstrap_howto.doxygen
+++ b/doc/doc_bootstrap_howto.doxygen
@@ -24,8 +24,8 @@ subscribe to the <code>paludis-sekrit</code> mailing list.
\section BootstrapHowtoRequirements Requirements
Install Paludis locally, being sure to configure <code>sysconfdir</code> as
-<code>/etc</code> to avoid confusion later on. There's an ebuild <a
-href="http://svn.berlios.de/viewcvs/%2acheckout%2a/paludis/overlay/sys-apps/paludis/paludis-0.ebuild">here</a>.
+<code>/etc</code> to avoid confusion later on. There's an ebuild
+<a href="http://svn.berlios.de/viewcvs/%2acheckout%2a/paludis/overlay/sys-apps/paludis/paludis-0.ebuild">here</a>.
You'll need libebt, eselect and Subversion. You'll also need either g++-3.4,
g++-4.1 or some other reasonably standard C++ compiler along with a complete
@@ -44,20 +44,20 @@ noexec / nodev filesystem should work. The reason for doing things this way will
become apparent later on.
\verbatim
- mkdir ~/.paludis-bootstrap
- cat <<END > ~/.paludis-bootstrap/specpath
- root = /mychroot
- config-suffix =
- END
+mkdir ~/.paludis-bootstrap
+cat <<END > ~/.paludis-bootstrap/specpath
+root = /mychroot
+config-suffix =
+END
\endverbatim
Make some skeleton directories and files:
\verbatim
- mkdir -p /mychroot/etc/{env.d,paludis/repositories}
- mkdir -p /mychroot/var/{db/pkg,paludis/repositories/gentoo/distfiles}
- mkdir -p /mychroot/tmp/
- touch /mychroot/etc/ld.so.conf
+mkdir -p /mychroot/etc/{env.d,paludis/repositories}
+mkdir -p /mychroot/var/{db/pkg,paludis/repositories/gentoo/distfiles}
+mkdir -p /mychroot/tmp/
+touch /mychroot/etc/ld.so.conf
\endverbatim
Set up your <code>keywords.conf</code>. At the very least, you'll need a <code>*
@@ -67,15 +67,15 @@ Like with Portage, accepting <code>~keyword</code> does <b>not</b> accept
should use <code>* arch ~arch</code>.
\verbatim
- cat <<END > /mychroot/etc/paludis/keywords.conf
- * x86
- dev-cpp/libebt x86 ~x86
- sys-apps/paludis x86 ~x86
- dev-util/subversion x86 ~x86
- app-admin/eselect x86 ~x86
- app-editors/vim x86 ~x86
- app-editors/vim-core x86 ~x86
- END
+cat <<END > /mychroot/etc/paludis/keywords.conf
+* x86
+dev-cpp/libebt x86 ~x86
+sys-apps/paludis x86 ~x86
+dev-util/subversion x86 ~x86
+app-admin/eselect x86 ~x86
+app-editors/vim x86 ~x86
+app-editors/vim-core x86 ~x86
+END
\endverbatim
Set up your <code>use.conf</code>. At the very least, you'll need a <code>*
@@ -86,60 +86,106 @@ handling <code>USE_EXPAND</code> variables that allows different settings for
different packages. This may change, but for now it looks like this:
\verbatim
- cat <<END > /mychroot/etc/paludis/use.conf
- * -doc nls -apache2 LINGUAS: en INPUT_DEVICES: keyboard mouse VIDEO_CARDS: ati
- app-editors/vim -nls
- END
+cat <<END > /mychroot/etc/paludis/use.conf
+* -doc nls -apache2 LINGUAS: en INPUT_DEVICES: keyboard mouse VIDEO_CARDS: ati
+app-editors/vim -nls
+END
\endverbatim
Set up your <code>licenses.conf</code>. If you don't care about licences, which
is probably wise until we get licence grouping, it should look like this:
\verbatim
- cat <<END > /mychroot/etc/paludis/licenses.conf
- * *
- END
+cat <<END > /mychroot/etc/paludis/licenses.conf
+* *
+END
\endverbatim
If you want some more fun, the following list might be enough to install a
-base system with any fairly close to default USE flags:
+base system if you don't turn on too many extra USE flags:
\verbatim
- cat <<END > /mychroot/etc/paludis/licenses.conf
- * LGPL-2.1 LGPL-2 GPL-2 BSD MIT BZIP2 Artistic DB PSF-2.1.1 PSF-2.2
- * as-is tcp_wrappers_license freedist ZLIB openssl CRACKLIB PAM FLEX
- END
+cat <<END > /mychroot/etc/paludis/licenses.conf
+# These are the basic system requirements. It's possible to knock off
+# a few of these by turning off some default USE flags.
+* LGPL-2.1 LGPL-2 GPL-2 BSD MIT BZIP2 Artistic DB PSF-2.1.1 PSF-2.2
+* as-is tcp_wrappers_license freedist ZLIB openssl CRACKLIB PAM FLEX
+
+# These are needed to get Subversion.
+* Apache-1.1 Apache-2.0
+
+# These are needed to get an editor that doesn't suck.
+* vim
+
+# These are needed if you want modular X. This is utterly ridiculous,
+# and the people responsible for using different licence IDs for
+# identical licences should be shot.
+* xorg-server libXfont xtrans util-macros libfontenc xproto fontsproto
+* FTL fontcacheproto libXau libXext libX11 libXdmcp kbproto inputproto
+* xf86bigfontproto bigreqsproto xextproto xcmiscproto libxkbfile libXmu
+* libXt libSM libICE libXrender renderproto libXi libXxf86vm
+* xf86vidmodeproto libdrm MOTIF libXaw libXpm libXp printproto xbitmaps
+* makedepend xf86driproto glproto font-adobe-75dpi bdftopcf font-util
+* encodings mkfontscale mkfontdir font-misc-misc font-cursor-misc
+* xkbcomp iceauth rgb xauth xinit twm xclock libXft fontconfig xrdb X11
+* libXxf86misc xf86miscproto libdmx dmxproto libXtst recordproto libXres
+* resourceproto libxkbui liblbxutil randrproto fixesproto damageproto
+* xf86dgaproto xf86rushproto compositeproto videoproto scrnsaverproto
+* evieext trapproto xineramaproto glut setxkbmap xhost xmodmap xrandr
+* libXrandr libXcomposite libXfixes libXcursor libXdamage libXv
+* libXxf86dga libXinerama libXScrnSaver BitstreamVera font-bh-type1
+* font-adobe-utopia-type1 font-adobe-100dpi xorg-docs
+* xf86-input-keyboard xf86-input-mouse xf86-video-ati font-alias
+END
\endverbatim
Set up your <code>package_unmask.conf</code> and <code>package_mask.conf</code>,
if necessary::
\verbatim
- cat <<END > /mychroot/etc/paludis/package_unmask.conf
- app-editors/vim
- app-editors/vim-core
- END
+cat <<END > /mychroot/etc/paludis/package_unmask.conf
+app-editors/vim
+app-editors/vim-core
+END
\endverbatim
Set up your <code>bashrc</code>. This must <b>NOT</b> be used to change any
values that affect dependency resolution (e.g. <code>USE</code>,
- <code>LINGUAS</code>). It can be used to set <code>CFLAGS</code>,
- <code>CHOST</code> and the like (on some archs you'll have to do this to
- avoid getting junk from your profile). Remember to
- <code>export</code> your variables.
+<code>LINGUAS</code>). It can be used to set <code>CFLAGS</code>,
+<code>CHOST</code> and the like (on some archs you'll have to do this to
+avoid getting junk from your profile). Remember to <code>export</code> your
+variables.
+
+Unfortunately, some packages in system have broken test suites, and some
+packages abuse non-${ROOT} locations in pkg_postinst. Thus, you will also
+need to add a bit of magic to work around these packages.
\note The backslash before the dollar is for cat. If you're not using cat,
don't include the backslash before the dollar signs.
\verbatim
- cat <<END > /mychroot/etc/paludis/bashrc
- export CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer"
- export CXXFLAGS="\${CFLAGS}"
- export CHOST="i686-pc-linux-gnu"
- export MAKEOPTS="-j2"
- export EBEEP_IGNORE="yes"
- export EPAUSE_IGNORE="yes"
- END
+cat <<END > /mychroot/etc/paludis/bashrc
+export CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer"
+export CXXFLAGS="\${CFLAGS}"
+export CHOST="i686-pc-linux-gnu"
+export MAKEOPTS="-j2"
+export EBEEP_IGNORE="yes"
+export EPAUSE_IGNORE="yes"
+
+case "${PN}" in
+
+ python)
+ export SKIP_FUNCTIONS=test
+ export SANDBOX_PREDICT=/
+ ;;
+
+ automake|glibc|e2fsprogs|neon)
+ export SKIP_FUNCTIONS=test
+ ;;
+
+esac
+
+END
\endverbatim
Set up your repository files. Do not tinker with the VDB location, it
@@ -151,28 +197,28 @@ chroot (this is one of the reasons we have the weird-looking specpath
thing):
\verbatim
- cat <<END > /mychroot/etc/paludis/repositories/gentoo.conf
- location = \${ROOT}/var/paludis/repositories/gentoo/
- sync = rsync://rsync.europe.gentoo.org/gentoo-portage/
- profile = \${ROOT}/var/paludis/repositories/gentoo/profiles/default-linux/x86/2006.0
- format = portage
- END
-
- cat <<END > /mychroot/etc/paludis/repositories/installed.conf
- location = \${ROOT}/var/db/pkg/
- format = vdb
- END
-
- cat <<END > /mychroot/etc/paludis/repositories/paludis-overlay.conf
- location = \${ROOT}/var/paludis/repositories/paludis-overlay/
- sync = svn://svn.berlios.de/paludis/overlay
- profile = \${ROOT}/var/paludis/repositories/gentoo/profiles/default-linux/x86/2006.0
- eclassdir = \${ROOT}/var/paludis/repositories/gentoo/eclass
- distdir = \${ROOT}/var/paludis/repositories/gentoo/distfiles
- cache = /var/empty
- format = portage
- importance = 10
- END
+cat <<END > /mychroot/etc/paludis/repositories/gentoo.conf
+location = \${ROOT}/var/paludis/repositories/gentoo/
+sync = rsync://rsync.europe.gentoo.org/gentoo-portage/
+profile = \${ROOT}/var/paludis/repositories/gentoo/profiles/default-linux/x86/2006.0
+format = portage
+END
+
+cat <<END > /mychroot/etc/paludis/repositories/installed.conf
+location = \${ROOT}/var/db/pkg/
+format = vdb
+END
+
+cat <<END > /mychroot/etc/paludis/repositories/paludis-overlay.conf
+location = \${ROOT}/var/paludis/repositories/paludis-overlay/
+sync = svn://svn.berlios.de/paludis/overlay
+profile = \${ROOT}/var/paludis/repositories/gentoo/profiles/default-linux/x86/2006.0
+eclassdir = \${ROOT}/var/paludis/repositories/gentoo/eclass
+distdir = \${ROOT}/var/paludis/repositories/gentoo/distfiles
+cache = /var/empty
+format = portage
+importance = 10
+END
\endverbatim
\section BootstrapHowtoSync Initial Sync
@@ -180,8 +226,8 @@ thing):
Now check that the config looks ok, and sync:
\verbatim
- paludis --config-suffix bootstrap --list-repositories
- sudo paludis --config-suffix bootstrap --sync
+paludis --config-suffix bootstrap --list-repositories
+sudo paludis --config-suffix bootstrap --sync
\endverbatim
If you have problems, try adding <code>--log-level debug</code>. This may or may
@@ -198,33 +244,27 @@ use the metadata cache, if available, but does not use the dep cache.
Now install baselayout and then system. We install baselayout manually first
because it's easier than creating a bunch of directories by hand.
-Note that Paludis will use src_test regardless of FEATURES (FEATURES is a
-Portage thing, and Paludis doesn't use it any more than it has to).
-
-\note Unfortunately, various system packages have broken test suites, so the
- system install will probably bomb out midway unless you export
- SKIP_FUNCTIONS=test beforehand. You can do this in your environment or (better)
- in <code>/mychroot/etc/paludis/bashrc</code>. If you're especially sneaky,
- you can do it conditional upon <code>$PN</code>.
-
-Also note that there're a whole load of circular dependencies in system
+Note that there're a whole load of circular dependencies in system
(ncurses <-> gpm, patch <-> patch, gcc <-> glibc for example), so you'll
almost certainly need --dl-drop-circular at this stage.
\verbatim
- paludis --config-suffix bootstrap --install --pretend --dl-drop-all sys-apps/baselayout
- sudo paludis --config-suffix bootstrap --install --dl-drop-all sys-apps/baselayout
+paludis --config-suffix bootstrap --install --pretend --dl-drop-all sys-apps/baselayout
+sudo paludis --config-suffix bootstrap --install --dl-drop-all sys-apps/baselayout
- paludis --config-suffix bootstrap --install --pretend --dl-drop-circular system
- sudo paludis --config-suffix bootstrap --install --dl-drop-circular system
+paludis --config-suffix bootstrap --install --pretend --dl-drop-circular system
+sudo paludis --config-suffix bootstrap --install --dl-drop-circular system
\endverbatim
Note that system will pull in Portage. That's a profiles thing that's
-unavoidable for now. It won't pull in Paludis, so we do that manually:
+unavoidable for now. It won't pull in Paludis, so we do that manually.
+
+\note It seems apr and apr-util are rather picky about compiling into ROOT
+unless an identical version is installed onto / .
\verbatim
- paludis --config-suffix bootstrap --install --pretend sys-apps/paludis
- sudo paludis --config-suffix bootstrap --install sys-apps/paludis
+paludis --config-suffix bootstrap --install --pretend sys-apps/paludis
+sudo paludis --config-suffix bootstrap --install sys-apps/paludis
\endverbatim
\section BootstrapHowtoChroot Chrooting
@@ -232,26 +272,26 @@ unavoidable for now. It won't pull in Paludis, so we do that manually:
And that should (but probably won't) give you a usable chroot:
\verbatim
- sudo cp /etc/resolv.conf /mychroot/etc/
- sudo chroot /mychroot
- reset
- export HOME=/root
- cd
- cp /etc/skel/.bashrc .
- . .bashrc
- ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime
- mount -tproc none /proc
- mount -tsysfs none /sys
- udevstart
- mount -tdevpts none /dev/pts
- eselect env update
- source /etc/profile
- ( . /etc/paludis/bashrc ; export REAL_CHOST=$CHOST ; gcc-config 1 )
- eselect env update
- source /etc/profile
- paludis --uninstall sys-apps/portage
- paludis --install app-editors/vim
- paludis --uninstall app-editors/nano
+sudo cp /etc/resolv.conf /mychroot/etc/
+sudo chroot /mychroot
+reset
+export HOME=/root
+cd
+cp /etc/skel/.bashrc .
+. .bashrc
+ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime
+mount -tproc none /proc
+mount -tsysfs none /sys
+udevstart
+mount -tdevpts none /dev/pts
+eselect env update
+source /etc/profile
+( . /etc/paludis/bashrc ; export REAL_CHOST=$CHOST ; gcc-config 1 )
+eselect env update
+source /etc/profile
+paludis --uninstall sys-apps/portage
+paludis --install app-editors/vim
+paludis --uninstall app-editors/nano
\endverbatim
If you're especially crazy you can tar up your chroot and use it like a stage 3
diff --git a/ebuild/Makefile.am b/ebuild/Makefile.am
index 14d7bc1..95b0e46 100644
--- a/ebuild/Makefile.am
+++ b/ebuild/Makefile.am
@@ -27,7 +27,7 @@ libexecprog_SCRIPTS = \
pkg_prerm.bash \
pkg_setup.bash \
portage_stubs.bash \
- sandbox_stubs.bash \
+ sandbox.bash \
src_compile.bash \
src_install.bash \
src_test.bash \
diff --git a/ebuild/builtin_fetch.bash b/ebuild/builtin_fetch.bash
index 572c84b..cbf6239 100644
--- a/ebuild/builtin_fetch.bash
+++ b/ebuild/builtin_fetch.bash
@@ -111,6 +111,8 @@ builtin_fetch()
ebuild_f_fetch()
{
+ local old_sandbox_write="${SANDBOX_WRITE}"
+ SANDBOX_WRITE="${SANDBOX_WRITE+${SANDBOX_WRITE}:}${DISTDIR}"
if hasq "fetch" ${RESTRICT} ; then
ebuild_section "Skipping builtin_fetch (RESTRICT)"
elif hasq "fetch" ${SKIP_FUNCTIONS} ; then
@@ -120,6 +122,7 @@ ebuild_f_fetch()
builtin_fetch
ebuild_section "Done builtin_fetch"
fi
+ SANDBOX_WRITE="${old_sandbox_write}"
}
diff --git a/ebuild/builtin_init.bash b/ebuild/builtin_init.bash
index baa9f3f..e8aac74 100644
--- a/ebuild/builtin_init.bash
+++ b/ebuild/builtin_init.bash
@@ -52,6 +52,9 @@ builtin_init()
mkdir -p "${D}" || die "Couldn't create \$D (\"${D}\")"
declare -r D="${D}"
+ export IMAGE="${D}"
+ declare -r IMAGE="${IMAGE}"
+
export S="${WORKDIR}/${P}"
export PATH="${PALUDIS_EBUILD_DIR}/utils:${PATH}"
diff --git a/ebuild/builtin_merge.bash b/ebuild/builtin_merge.bash
index 03cf8fd..24dde16 100644
--- a/ebuild/builtin_merge.bash
+++ b/ebuild/builtin_merge.bash
@@ -80,6 +80,9 @@ builtin_merge()
ebuild_f_merge()
{
+ local old_sandbox_write="${SANDBOX_WRITE}"
+ SANDBOX_WRITE="${SANDBOX_WRITE+${SANDBOX_WRITE}:}${ROOT%/}/"
+
if hasq "merge" ${RESTRICT} ; then
ebuild_section "Skipping builtin_merge (RESTRICT)"
elif hasq "merge" ${SKIP_FUNCTIONS} ; then
@@ -89,5 +92,7 @@ ebuild_f_merge()
builtin_merge
ebuild_section "Done builtin_merge"
fi
+
+ SANDBOX_WRITE="${old_sandbox_write}"
}
diff --git a/ebuild/builtin_strip.bash b/ebuild/builtin_strip.bash
index e55f5f8..9e4bb72 100644
--- a/ebuild/builtin_strip.bash
+++ b/ebuild/builtin_strip.bash
@@ -55,5 +55,3 @@ ebuild_f_strip()
fi
}
-
-
diff --git a/ebuild/builtin_unmerge.bash b/ebuild/builtin_unmerge.bash
index 7911ab9..c202f7d 100644
--- a/ebuild/builtin_unmerge.bash
+++ b/ebuild/builtin_unmerge.bash
@@ -58,6 +58,9 @@ builtin_unmerge()
ebuild_f_unmerge()
{
+ local old_sandbox_write="${SANDBOX_WRITE}"
+ SANDBOX_WRITE="${SANDBOX_WRITE+${SANDBOX_WRITE}:}${ROOT%/}/"
+
if hasq "unmerge" ${RESTRICT} ; then
ebuild_section "Skipping builtin_unmerge (RESTRICT)"
elif hasq "unmerge" ${SKIP_FUNCTIONS} ; then
@@ -67,6 +70,8 @@ ebuild_f_unmerge()
builtin_unmerge
ebuild_section "Done builtin_unmerge"
fi
+
+ SANDBOX_WRITE="${old_sandbox_write}"
}
diff --git a/ebuild/ebuild.bash b/ebuild/ebuild.bash
index 1cb57d1..e9cedf7 100755
--- a/ebuild/ebuild.bash
+++ b/ebuild/ebuild.bash
@@ -25,6 +25,13 @@ unalias -a
unset GZIP BZIP BZIP2 CDPATH GREP_OPTIONS GREP_COLOR GLOBIGNORE
eval unset LANG ${!LC_*}
+export SANDBOX_PREDICT="${SANDBOX_PREDICT+${SANDBOX_PREDICT}:}"
+export SANDBOX_PREDICT="${SANDBOX_PREDICT}/proc/self/maps:/dev/console:/dev/random"
+export SANDBOX_WRITE="${SANDBOX_WRITE+${SANDBOX_WRITE}:}"
+export SANDBOX_WRITE="${SANDBOX_WRITE}/dev/shm:/dev/stdout:/dev/stderr:/dev/null:/dev/tty"
+export SANDBOX_WRITE="${SANDBOX_WRITE}:${PALUDIS_TMPDIR}"
+export SANDBOX_ON="1"
+
shopt -s expand_aliases
EBUILD_KILL_PID=$$
@@ -59,7 +66,7 @@ ebuild_load_module()
source /sbin/functions.sh || die "Couldn't source functions.sh"
ebuild_load_module echo_functions
-ebuild_load_module sandbox_stubs
+ebuild_load_module sandbox
ebuild_load_module portage_stubs
ebuild_load_module list_functions
ebuild_load_module multilib_functions
@@ -143,6 +150,9 @@ perform_hook()
export HOOK=${1}
ebuild_notice "debug" "Starting hook '${HOOK}'"
+ local old_sandbox_on="${SANDBOX_ON}"
+ export SANDBOX_ON="0"
+
local hook_dir
for hook_dir in ${PALUDIS_HOOK_DIRS} ; do
[[ -d "${hook_dir}/${HOOK}" ]] || continue
@@ -157,6 +167,8 @@ perform_hook()
fi
done
done
+
+ export SANDBOX_ON="${old_sandbox_on}"
}
ebuild_main()
diff --git a/ebuild/pkg_postinst.bash b/ebuild/pkg_postinst.bash
index 89cf1ab..ac28a4b 100644
--- a/ebuild/pkg_postinst.bash
+++ b/ebuild/pkg_postinst.bash
@@ -28,6 +28,9 @@ pkg_postinst()
ebuild_f_postinst()
{
+ local old_sandbox_write="${SANDBOX_WRITE}"
+ SANDBOX_WRITE="${SANDBOX_WRITE+${SANDBOX_WRITE}:}${ROOT%/}/"
+
if hasq "postinst" ${RESTRICT} ; then
ebuild_section "Skipping pkg_postinst (RESTRICT)"
elif hasq "postinst" ${SKIP_FUNCTIONS} ; then
@@ -37,5 +40,7 @@ ebuild_f_postinst()
pkg_postinst
ebuild_section "Done pkg_postinst"
fi
+
+ SANDBOX_WRITE="${old_sandbox_write}"
}
diff --git a/ebuild/pkg_postrm.bash b/ebuild/pkg_postrm.bash
index 4d89802..ac8d76a 100644
--- a/ebuild/pkg_postrm.bash
+++ b/ebuild/pkg_postrm.bash
@@ -28,6 +28,9 @@ pkg_postrm()
ebuild_f_postrm()
{
+ local old_sandbox_write="${SANDBOX_WRITE}"
+ SANDBOX_WRITE="${SANDBOX_WRITE+${SANDBOX_WRITE}:}${ROOT%/}/"
+
if hasq "postrm" ${RESTRICT} ; then
ebuild_section "Skipping pkg_postrm (RESTRICT)"
elif hasq "postrm" ${SKIP_FUNCTIONS} ; then
@@ -37,6 +40,8 @@ ebuild_f_postrm()
pkg_postrm
ebuild_section "Done pkg_postrm"
fi
+
+ SANDBOX_WRITE="${old_sandbox_write}"
}
diff --git a/ebuild/pkg_preinst.bash b/ebuild/pkg_preinst.bash
index 58311b0..943e7bd 100644
--- a/ebuild/pkg_preinst.bash
+++ b/ebuild/pkg_preinst.bash
@@ -28,6 +28,9 @@ pkg_preinst()
ebuild_f_preinst()
{
+ local old_sandbox_write="${SANDBOX_WRITE}"
+ SANDBOX_WRITE="${SANDBOX_WRITE+${SANDBOX_WRITE}:}${ROOT%/}/"
+
if hasq "preinst" ${RESTRICT} ; then
ebuild_section "Skipping pkg_preinst (RESTRICT)"
elif hasq "preinst" ${SKIP_FUNCTIONS} ; then
@@ -37,5 +40,7 @@ ebuild_f_preinst()
pkg_preinst
ebuild_section "Done pkg_preinst"
fi
+
+ SANDBOX_WRITE="${old_sandbox_write}"
}
diff --git a/ebuild/pkg_prerm.bash b/ebuild/pkg_prerm.bash
index 67d349a..cc353f1 100644
--- a/ebuild/pkg_prerm.bash
+++ b/ebuild/pkg_prerm.bash
@@ -28,6 +28,9 @@ pkg_prerm()
ebuild_f_prerm()
{
+ local old_sandbox_write="${SANDBOX_WRITE}"
+ SANDBOX_WRITE="${SANDBOX_WRITE+${SANDBOX_WRITE}:}${ROOT%/}/"
+
if hasq "prerm" ${RESTRICT} ; then
ebuild_section "Skipping pkg_prerm (RESTRICT)"
elif hasq "prerm" ${SKIP_FUNCTIONS} ; then
@@ -37,5 +40,7 @@ ebuild_f_prerm()
pkg_prerm
ebuild_section "Done pkg_prerm"
fi
+
+ SANDBOX_WRITE="${old_sandbox_write}"
}
diff --git a/ebuild/sandbox_stubs.bash b/ebuild/sandbox.bash
index b4737e9..d54325c 100644
--- a/ebuild/sandbox_stubs.bash
+++ b/ebuild/sandbox.bash
@@ -23,21 +23,21 @@
addread()
{
- :
+ export SANDBOX_READ="${SANDBOX_READ+${SANDBOX_READ}:}${1}"
}
addwrite()
{
- :
+ export SANDBOX_WRITE="${SANDBOX_WRITE+${SANDBOX_WRITE}:}${1}"
}
adddeny()
{
- :
+ export SANDBOX_DENY="${SANDBOX_DENY+${SANDBOX_DENY}:}${1}"
}
addpredict()
{
- :
+ export SANDBOX_PREDICT="${SANDBOX_PREDICT+${SANDBOX_PREDICT}:}${1}"
}
diff --git a/ebuild/src_test.bash b/ebuild/src_test.bash
index 1d28364..da4b2f9 100644
--- a/ebuild/src_test.bash
+++ b/ebuild/src_test.bash
@@ -41,6 +41,9 @@ src_test()
ebuild_f_test()
{
+ local old_sandbox_predict="${SANDBOX_PREDICT}"
+ SANDBOX_PREDICT="${SANDBOX_PREDICT+${SANDBOX_PREDICT}:}/"
+
if hasq "test" ${RESTRICT} ; then
ebuild_section "Skipping src_test (RESTRICT)"
elif hasq "test" ${SKIP_FUNCTIONS} ; then
@@ -50,5 +53,7 @@ ebuild_f_test()
src_test
ebuild_section "Done src_test"
fi
+
+ SANDBOX_PREDICT="${old_sandbox_predict}"
}
diff --git a/ebuild/utils/doconfd b/ebuild/utils/doconfd
index 902ef52..37c453c 100644
--- a/ebuild/utils/doconfd
+++ b/ebuild/utils/doconfd
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [ ${#} -lt 1 ]; then
echo "${0}: at least one argument needed" >&2
exit 1
diff --git a/ebuild/utils/doenvd b/ebuild/utils/doenvd
index 088441b..7299776 100644
--- a/ebuild/utils/doenvd
+++ b/ebuild/utils/doenvd
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ${#} -lt 1 ]]; then
echo "${0}: at least one argument needed" >&2
exit 1
diff --git a/ebuild/utils/doinitd b/ebuild/utils/doinitd
index 8a264f6..8fc7080 100644
--- a/ebuild/utils/doinitd
+++ b/ebuild/utils/doinitd
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ${#} -lt 1 ]]; then
echo "${0}: at least one argument needed" >&2
exit 1
diff --git a/ebuild/utils/doins b/ebuild/utils/doins
index 7f6ad11..2d70f5a 100644
--- a/ebuild/utils/doins
+++ b/ebuild/utils/doins
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${D} ]]; then
echo "${0}: \${D} not valid; aborting" >&2
exit 247
@@ -75,7 +77,7 @@ for x in "$@"; do
env \
INSDESTTREE="${mydir}" \
INSDEPTH=$((INSDEPTH+1)) \
- doins -r {} \;
+ ${0} -r {} \;
continue
else
mysrc="${x}"
diff --git a/ebuild/utils/dolib.a b/ebuild/utils/dolib.a
index 51493db..e36d528 100644
--- a/ebuild/utils/dolib.a
+++ b/ebuild/utils/dolib.a
@@ -21,4 +21,6 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
LIBOPTIONS="-m0644" dolib "$@"
diff --git a/ebuild/utils/dolib.so b/ebuild/utils/dolib.so
index 34ec8ed..d4dcb4a 100644
--- a/ebuild/utils/dolib.so
+++ b/ebuild/utils/dolib.so
@@ -21,4 +21,6 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
LIBOPTIONS="-m0755" dolib "$@"
diff --git a/ebuild/utils/donewins b/ebuild/utils/donewins
index d10ac1f..e1dfc2b 100644
--- a/ebuild/utils/donewins
+++ b/ebuild/utils/donewins
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/ebuild/utils/newbin b/ebuild/utils/newbin
index 7a5b02c..21792c6 100644
--- a/ebuild/utils/newbin
+++ b/ebuild/utils/newbin
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/ebuild/utils/newconfd b/ebuild/utils/newconfd
index 1fc7317..7783865 100644
--- a/ebuild/utils/newconfd
+++ b/ebuild/utils/newconfd
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/ebuild/utils/newdoc b/ebuild/utils/newdoc
index 569e811..b4cb507 100644
--- a/ebuild/utils/newdoc
+++ b/ebuild/utils/newdoc
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/ebuild/utils/newenvd b/ebuild/utils/newenvd
index 792f8e9..76f0a7f 100644
--- a/ebuild/utils/newenvd
+++ b/ebuild/utils/newenvd
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/ebuild/utils/newexe b/ebuild/utils/newexe
index 50814ea..9a5cb35 100644
--- a/ebuild/utils/newexe
+++ b/ebuild/utils/newexe
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/ebuild/utils/newinitd b/ebuild/utils/newinitd
index 5e7e015..01ca12b 100644
--- a/ebuild/utils/newinitd
+++ b/ebuild/utils/newinitd
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/ebuild/utils/newins b/ebuild/utils/newins
index fa58890..2b692ad 100644
--- a/ebuild/utils/newins
+++ b/ebuild/utils/newins
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/ebuild/utils/newlib.a b/ebuild/utils/newlib.a
index 3f8639b..415a057 100644
--- a/ebuild/utils/newlib.a
+++ b/ebuild/utils/newlib.a
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/ebuild/utils/newlib.so b/ebuild/utils/newlib.so
index 45ad691..0701351 100644
--- a/ebuild/utils/newlib.so
+++ b/ebuild/utils/newlib.so
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/ebuild/utils/newman b/ebuild/utils/newman
index 85bb8a1..0dab5fc 100644
--- a/ebuild/utils/newman
+++ b/ebuild/utils/newman
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/ebuild/utils/newsbin b/ebuild/utils/newsbin
index ccecac2..da94577 100644
--- a/ebuild/utils/newsbin
+++ b/ebuild/utils/newsbin
@@ -21,6 +21,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PALUDIS_EBUILD_DIR:+${PALUDIS_EBUILD_DIR}/utils:}${PATH}"
+
if [[ ! -d ${T} ]]; then
echo "${0}: \${T} not valid; aborting" >&2
exit 247
diff --git a/paludis/ebuild.cc b/paludis/ebuild.cc
index fa306fc..3b93aa0 100644
--- a/paludis/ebuild.cc
+++ b/paludis/ebuild.cc
@@ -48,6 +48,12 @@ EbuildCommand::success()
}
bool
+EbuildCommand::use_sandbox() const
+{
+ return true;
+}
+
+bool
EbuildCommand::failure()
{
return false;
@@ -56,13 +62,17 @@ EbuildCommand::failure()
bool
EbuildCommand::operator() ()
{
- MakeEnvCommand cmd(extend_command(make_env_command(
- getenv_with_default("PALUDIS_EBUILD_DIR", LIBEXECDIR "/paludis") +
- "/ebuild.bash '" +
- stringify(params.get<ecpk_ebuild_dir>()) + "/" +
- stringify(params.get<ecpk_db_entry>()->get<pde_name>().get<qpn_package>()) + "-" +
- stringify(params.get<ecpk_db_entry>()->get<pde_version>()) +
- ".ebuild' " + commands())
+ std::string ebuild_cmd(getenv_with_default("PALUDIS_EBUILD_DIR", LIBEXECDIR "/paludis") +
+ "/ebuild.bash '" +
+ stringify(params.get<ecpk_ebuild_dir>()) + "/" +
+ stringify(params.get<ecpk_db_entry>()->get<pde_name>().get<qpn_package>()) + "-" +
+ stringify(params.get<ecpk_db_entry>()->get<pde_version>()) +
+ ".ebuild' " + commands());
+
+ if (use_sandbox())
+ ebuild_cmd = make_sandbox_command(ebuild_cmd);
+
+ MakeEnvCommand cmd(extend_command(make_env_command(ebuild_cmd)
("P", stringify(params.get<ecpk_db_entry>()->get<pde_name>().get<qpn_package>()) + "-" +
stringify(params.get<ecpk_db_entry>()->get<pde_version>().remove_revision()))
("PV", stringify(params.get<ecpk_db_entry>()->get<pde_version>().remove_revision()))
diff --git a/paludis/ebuild.hh b/paludis/ebuild.hh
index 422cd2a..88dae6f 100644
--- a/paludis/ebuild.hh
+++ b/paludis/ebuild.hh
@@ -120,6 +120,11 @@ namespace paludis
virtual bool success();
/**
+ * Should the sandbox, if available, be used?
+ */
+ virtual bool use_sandbox() const;
+
+ /**
* Actions to be taken after a failed command.
*
* The return value of this function is used for the return value
diff --git a/paludis/util/Makefile.am.m4 b/paludis/util/Makefile.am.m4
index f3f32eb..1dd8b29 100644
--- a/paludis/util/Makefile.am.m4
+++ b/paludis/util/Makefile.am.m4
@@ -31,7 +31,9 @@ CLEANFILES = *~ gmon.out *.gcov *.gcno *.gcda
MAINTAINERCLEANFILES = Makefile.in Makefile.am paludis.hh smart_record.hh \
hashed_containers.hh comparison_policy.hh util.hh
AM_CXXFLAGS = -I$(top_srcdir)
-DEFS=-DSYSCONFDIR=\"$(sysconfdir)\" -DLIBEXECDIR=\"$(libexecdir)\"
+DEFS=\
+ -DSYSCONFDIR=\"$(sysconfdir)\" \
+ -DLIBEXECDIR=\"$(libexecdir)\"
EXTRA_DIST = util.hh.m4 Makefile.am.m4 files.m4 smart_record.hh.m4 \
comparison_policy.hh.m4 testscriptlist test_extras.cc
SUBDIRS = .
diff --git a/paludis/util/system.cc b/paludis/util/system.cc
index cf4c42d..65a0188 100644
--- a/paludis/util/system.cc
+++ b/paludis/util/system.cc
@@ -24,6 +24,7 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
+#include "config.h"
/** \file
* Implementation of various system utilities.
@@ -132,3 +133,13 @@ paludis::make_env_command(const std::string & cmd)
return MakeEnvCommand(cmd, "");
}
+const std::string
+paludis::make_sandbox_command(const std::string & cmd)
+{
+#if HAVE_SANDBOX
+ return "sandbox " + cmd;
+#else
+ return cmd;
+#endif
+}
+
diff --git a/paludis/util/system.hh b/paludis/util/system.hh
index 9ef8ad2..cee7dc9 100644
--- a/paludis/util/system.hh
+++ b/paludis/util/system.hh
@@ -110,6 +110,13 @@ namespace paludis
* \ingroup grpsystem
*/
const MakeEnvCommand make_env_command(const std::string & cmd);
+
+ /**
+ * Make a command that is run inside the sandbox, if sandbox is enabled.
+ *
+ * \ingroup grpsystem
+ */
+ const std::string make_sandbox_command(const std::string & cmd);
}
#endif