From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3621A138334 for ; Fri, 6 Dec 2019 13:52:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 339B3E08A8; Fri, 6 Dec 2019 13:52:24 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CF801E0882 for ; Fri, 6 Dec 2019 13:52:23 +0000 (UTC) Received: from a1i15 (a1i15.kph.uni-mainz.de [134.93.134.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ulm) by smtp.gentoo.org (Postfix) with ESMTPSA id 2E5E134D839 for ; Fri, 6 Dec 2019 13:52:22 +0000 (UTC) From: Ulrich =?utf-8?Q?M=C3=BCller?= To: Subject: [gentoo-dev] [PATCH] mount-boot.eclass: Check if /boot is sane, but don't try to mount it. Date: Fri, 6 Dec 2019 14:11:31 +0100 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Archives-Salt: 8ee778da-685b-4640-9ad2-589a9d783e25 X-Archives-Hash: 52da05f029149f5277c2796ba543cc29 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable The eclass failed to remount a read-only mounted /boot, because package collision sanity checks in recent Portage versions prevented it from reaching pkg_pretend() at all. Furthermore, with the "mount-sandbox" feature enabled, the mount won't be propagated past pkg_preinst() and installed files would end up under the (shadowed) mount point. Therefore don't even attempt to mount /boot ourselves, but error out if it isn't mounted read/write and ask the user to mount /boot. Also clean up and simplify. (For example, awk is a grown-up program which doesn't need any help from egrep or sed. :-) Closes: https://bugs.gentoo.org/532264 Signed-off-by: Ulrich M=C3=BCller =2D-- eclass/mount-boot.eclass | 137 ++++++++++++--------------------------- 1 file changed, 43 insertions(+), 94 deletions(-) diff --git a/eclass/mount-boot.eclass b/eclass/mount-boot.eclass index 938df6732f4..1d7eb8bfc29 100644 =2D-- a/eclass/mount-boot.eclass +++ b/eclass/mount-boot.eclass @@ -1,156 +1,105 @@ =2D# Copyright 1999-2015 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 =20 # @ECLASS: mount-boot.eclass # @MAINTAINER: # base-system@gentoo.org # @BLURB: functions for packages that install files into /boot # @DESCRIPTION: # This eclass is really only useful for bootloaders. # # If the live system has a separate /boot partition configured, then this # function tries to ensure that it's mounted in rw mode, exiting with an =2D# error if it can't. It does nothing if /boot isn't a separate partition. +# error if it can't. It does nothing if /boot isn't a separate partition. + +case ${EAPI:-0} in + 4|5|6|7) ;; + *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;; +esac =20 EXPORT_FUNCTIONS pkg_pretend pkg_preinst pkg_postinst pkg_prerm pkg_postrm =20 # @FUNCTION: mount-boot_disabled # @INTERNAL # @DESCRIPTION: # Detect whether the current environment/build settings are such that we d= o not # want to mess with any mounts. mount-boot_is_disabled() { # Since this eclass only deals with /boot, skip things when ROOT is activ= e. =2D if [[ "${ROOT:-/}" !=3D "/" ]] ; then + if [[ ${ROOT:-/} !=3D "/" ]] ; then return 0 fi =20 # If we're only building a package, then there's no need to check things. =2D if [[ "${MERGE_TYPE}" =3D=3D "buildonly" ]] ; then + if [[ ${MERGE_TYPE} =3D=3D "buildonly" ]] ; then return 0 fi =20 # The user wants us to leave things be. =2D if [[ -n ${DONT_MOUNT_BOOT} ]] ; then + if [[ -n ${I_KNOW_WHAT_I_AM_DOING} ]] ; then return 0 fi =20 # OK, we want to handle things ourselves. return 1 } =20 # @FUNCTION: mount-boot_check_status # @INTERNAL # @DESCRIPTION: =2D# Figure out what kind of work we need to do in order to have /boot be s= ane. =2D# Return values are: =2D# 0 - Do nothing at all! =2D# 1 - It's mounted, but is currently ro, so need to remount rw. =2D# 2 - It's not mounted, so need to mount it rw. +# Check if /boot is sane, i.e., mounted read/write if on a separate +# partition. Return 0 if conditions are fulfilled, otherwise die. mount-boot_check_status() { # Get out fast if possible. mount-boot_is_disabled && return 0 =20 # note that /dev/BOOT is in the Gentoo default /etc/fstab file =2D local fstabstate=3D$(awk '!/^#|^[[:blank:]]+#|^\/dev\/BOOT/ {print $2}'= /etc/fstab | egrep "^/boot$" ) =2D local procstate=3D$(awk '$2 ~ /^\/boot$/ {print $2}' /proc/mounts) =2D local proc_ro=3D$(awk '{ print $2 " ," $4 "," }' /proc/mounts | sed -n = '/^\/boot .*,ro,/p') =2D =2D if [ -n "${fstabstate}" ] && [ -n "${procstate}" ] ; then =2D if [ -n "${proc_ro}" ] ; then =2D echo =2D einfo "Your boot partition, detected as being mounted at /boot, is re= ad-only." =2D einfo "It will be remounted in read-write mode temporarily." =2D return 1 =2D else =2D echo =2D einfo "Your boot partition was detected as being mounted at /boot." =2D einfo "Files will be installed there for ${PN} to function correctly." =2D return 0 =2D fi =2D elif [ -n "${fstabstate}" ] && [ -z "${procstate}" ] ; then =2D echo =2D einfo "Your boot partition was not mounted at /boot, so it will be aut= omounted for you." =2D einfo "Files will be installed there for ${PN} to function correctly." =2D return 2 =2D else =2D echo + local fstabstate=3D$(awk '!/^[[:blank:]]*#|^\/dev\/BOOT/ && $2 =3D=3D "/b= oot" \ + {print $2}' /etc/fstab) + + if [[ -z ${fstabstate} ]] ; then einfo "Assuming you do not have a separate /boot partition." return 0 fi =2D} =20 =2Dmount-boot_pkg_pretend() { =2D # Get out fast if possible. =2D mount-boot_is_disabled && return 0 + local procstate=3D$(awk '$2 =3D=3D "/boot" \ + {print gensub(/^(.*,)?(ro|rw)(,.*)?$/, "\\2", 1, $4)}' /proc/mounts) =20 =2D elog "To avoid automounting and auto(un)installing with /boot," =2D elog "just export the DONT_MOUNT_BOOT variable." =2D mount-boot_check_status + if [[ -z ${procstate} ]] ; then + eerror "Your boot partition is not mounted at /boot." + eerror "Please mount it and retry." + die "/boot not mounted" + fi + + if [[ ${procstate} =3D=3D "ro" ]] ; then + eerror "Your boot partition, detected as being mounted at /boot," \ + "is read-only." + eerror "Please remount it read/write and retry." + die "/boot mounted read-only" + fi + + einfo "Your boot partition was detected as being mounted at /boot." + einfo "Files will be installed there for ${PN} to function correctly." + return 0 } =20 =2Dmount-boot_mount_boot_partition() { +mount-boot_pkg_pretend() { mount-boot_check_status =2D case $? in =2D 0) # Nothing to do. =2D ;; =2D 1) # Remount it rw. =2D mount -o remount,rw /boot =2D if [ $? -ne 0 ] ; then =2D echo =2D eerror "Unable to remount in rw mode. Please do it manually!" =2D die "Can't remount in rw mode. Please do it manually!" =2D fi =2D touch /boot/.e.remount =2D ;; =2D 2) # Mount it rw. =2D mount /boot -o rw =2D if [ $? -ne 0 ] ; then =2D echo =2D eerror "Cannot automatically mount your /boot partition." =2D eerror "Your boot partition has to be mounted rw before the installat= ion" =2D eerror "can continue. ${PN} needs to install important files there." =2D die "Please mount your /boot partition manually!" =2D fi =2D touch /boot/.e.mount =2D ;; =2D esac } =20 mount-boot_pkg_preinst() { =2D # Handle older EAPIs. =2D case ${EAPI:-0} in =2D [0-3]) mount-boot_pkg_pretend ;; =2D esac =2D =2D mount-boot_mount_boot_partition + mount-boot_check_status } =20 mount-boot_pkg_prerm() { =2D touch "${ROOT}"/boot/.keep 2>/dev/null =2D mount-boot_mount_boot_partition =2D touch "${ROOT}"/boot/.keep 2>/dev/null =2D} =2D =2Dmount-boot_umount_boot_partition() { =2D # Get out fast if possible. =2D mount-boot_is_disabled && return 0 =2D =2D if [ -e /boot/.e.remount ] ; then =2D einfo "Automatically remounting /boot as ro as it was previously." =2D rm -f /boot/.e.remount =2D mount -o remount,ro /boot =2D elif [ -e /boot/.e.mount ] ; then =2D einfo "Automatically unmounting /boot as it was previously." =2D rm -f /boot/.e.mount =2D umount /boot + mount-boot_check_status + if ! ( shopt -s failglob; : "${ROOT}"/boot/.keep* ) 2>/dev/null ; then + # Create a .keep file, in case it is shadowed at the mount point + touch "${ROOT}"/boot/.keep 2>/dev/null fi } =20 =2Dmount-boot_pkg_postinst() { =2D mount-boot_umount_boot_partition =2D} +# No-op phases for backwards compatibility +mount-boot_pkg_postinst() { :; } =20 =2Dmount-boot_pkg_postrm() { =2D mount-boot_umount_boot_partition =2D} +mount-boot_pkg_postrm() { :; } =2D-=20 2.24.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEZlHkP3TnuTbxrN0HwwkGhRxhwnMFAl3qXQwACgkQwwkGhRxh wnOyJQf9GjU5KV6XEU6PvtXKE8rK1JCSk1b15homsUh7iJRtr7EodXpQaEorAqFD XxKhScELWO/PXzt0Wt96RQ+jN2+FnU9GdkmCqqT8Q/qiIu5MbeNtisFZqnZ96hfd enHWjpHMQkLGzMx/SX8O7NdXk132KMPAkPvSp0i6JRVS50lnTKAEhlGXsNOitcP2 RfdvWN6q7whMNi83IuCc6vdxbHdHTtVBrdjPhkwiF/1iEKi2ZnBjLhk2d7jUWsrl lhtuGuFY5fXPysqQZEWZ8PZdms7fFQ3BLJ+OSqkniN555wbI5eKUPC1dsFoQvuni CCObve5c51QbtIFwc9LTKqDUDyQcRw== =Haz7 -----END PGP SIGNATURE----- --=-=-=--