From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 52A67138334 for ; Fri, 6 Dec 2019 15:36:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6F974E087C; Fri, 6 Dec 2019 15:36:04 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id EF233E085A for ; Fri, 6 Dec 2019 15:36:03 +0000 (UTC) Received: from a1i15 (a1i15.kph.uni-mainz.de [134.93.134.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ulm) by smtp.gentoo.org (Postfix) with ESMTPSA id A752C34D826 for ; Fri, 6 Dec 2019 15:36:02 +0000 (UTC) From: Ulrich =?utf-8?Q?M=C3=BCller?= To: Subject: [gentoo-dev] [PATCH v3] mount-boot.eclass: Check if /boot is sane, but don't try to mount it. Date: Fri, 06 Dec 2019 16:35:53 +0100 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Archives-Salt: e3f616fb-7bee-43c2-8381-e3dfd2d23799 X-Archives-Hash: ccb1fb6218189ce6049dae273767e93d --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset=3DUTF-8 Content-Transfer-Encoding: 8bit The eclass failed to remount a read-only mounted /boot, because package collision sanity checks in recent Portage versions prevented it from reaching pkg_preinst() at all. Furthermore, with the "mount-sandbox" feature enabled, the mount won't be propagated past pkg_preinst() and installed files would end up under the (shadowed) mount point. Therefore don't even attempt to mount /boot ourselves, but error out if it isn't mounted read/write and ask the user to mount /boot. Also clean up and simplify. (For example, awk is a grown-up program which doesn't need any help from egrep or sed. :-) Closes: https://bugs.gentoo.org/532264 See-also: https://bugs.gentoo.org/274130#c5 Signed-off-by: Ulrich M=C3=BCller =2D-- v3: Exit awk commands on first match. eclass/mount-boot.eclass | 144 +++++++++++++-------------------------- 1 file changed, 48 insertions(+), 96 deletions(-) diff --git a/eclass/mount-boot.eclass b/eclass/mount-boot.eclass index 938df6732f4..a7d8851aa6e 100644 =2D-- a/eclass/mount-boot.eclass +++ b/eclass/mount-boot.eclass @@ -1,156 +1,108 @@ =2D# Copyright 1999-2015 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 =20 # @ECLASS: mount-boot.eclass # @MAINTAINER: # base-system@gentoo.org # @BLURB: functions for packages that install files into /boot # @DESCRIPTION: # This eclass is really only useful for bootloaders. # # If the live system has a separate /boot partition configured, then this # function tries to ensure that it's mounted in rw mode, exiting with an =2D# error if it can't. It does nothing if /boot isn't a separate partition. +# error if it can't. It does nothing if /boot isn't a separate partition. + +case ${EAPI:-0} in + 4|5|6|7) ;; + *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;; +esac =20 EXPORT_FUNCTIONS pkg_pretend pkg_preinst pkg_postinst pkg_prerm pkg_postrm =20 # @FUNCTION: mount-boot_disabled # @INTERNAL # @DESCRIPTION: # Detect whether the current environment/build settings are such that we d= o not # want to mess with any mounts. mount-boot_is_disabled() { =2D # Since this eclass only deals with /boot, skip things when ROOT is act= ive. =2D if [[ "${ROOT:-/}" !=3D "/" ]] ; then + # Since this eclass only deals with /boot, skip things when EROOT is acti= ve. + if [[ ${EROOT:-/} !=3D / ]] ; then return 0 fi =20 # If we're only building a package, then there's no need to check things. =2D if [[ "${MERGE_TYPE}" =3D=3D "buildonly" ]] ; then + if [[ ${MERGE_TYPE} =3D=3D buildonly ]] ; then return 0 fi =20 # The user wants us to leave things be. =2D if [[ -n ${DONT_MOUNT_BOOT} ]] ; then + if [[ -n ${I_KNOW_WHAT_I_AM_DOING} ]] ; then return 0 fi =20 # OK, we want to handle things ourselves. return 1 } =20 # @FUNCTION: mount-boot_check_status # @INTERNAL # @DESCRIPTION: =2D# Figure out what kind of work we need to do in order to have /boot be s= ane. =2D# Return values are: =2D# 0 - Do nothing at all! =2D# 1 - It's mounted, but is currently ro, so need to remount rw. =2D# 2 - It's not mounted, so need to mount it rw. +# Check if /boot is sane, i.e., mounted read/write if on a separate +# partition. Die if conditions are not fulfilled. mount-boot_check_status() { # Get out fast if possible. =2D mount-boot_is_disabled && return 0 + mount-boot_is_disabled && return =20 # note that /dev/BOOT is in the Gentoo default /etc/fstab file =2D local fstabstate=3D$(awk '!/^#|^[[:blank:]]+#|^\/dev\/BOOT/ {print $2}'= /etc/fstab | egrep "^/boot$" ) =2D local procstate=3D$(awk '$2 ~ /^\/boot$/ {print $2}' /proc/mounts) =2D local proc_ro=3D$(awk '{ print $2 " ," $4 "," }' /proc/mounts | sed -n = '/^\/boot .*,ro,/p') =2D =2D if [ -n "${fstabstate}" ] && [ -n "${procstate}" ] ; then =2D if [ -n "${proc_ro}" ] ; then =2D echo =2D einfo "Your boot partition, detected as being mounted at /boot, is re= ad-only." =2D einfo "It will be remounted in read-write mode temporarily." =2D return 1 =2D else =2D echo =2D einfo "Your boot partition was detected as being mounted at /boot." =2D einfo "Files will be installed there for ${PN} to function correctly." =2D return 0 =2D fi =2D elif [ -n "${fstabstate}" ] && [ -z "${procstate}" ] ; then =2D echo =2D einfo "Your boot partition was not mounted at /boot, so it will be aut= omounted for you." =2D einfo "Files will be installed there for ${PN} to function correctly." =2D return 2 =2D else =2D echo + local fstabstate=3D$(awk '!/^[[:blank:]]*#|^\/dev\/BOOT/ && $2 =3D=3D "/b= oot" \ + { print 1; exit }' /etc/fstab) + + if [[ -z ${fstabstate} ]] ; then einfo "Assuming you do not have a separate /boot partition." =2D return 0 + return fi =2D} =20 =2Dmount-boot_pkg_pretend() { =2D # Get out fast if possible. =2D mount-boot_is_disabled && return 0 + local procstate=3D$(awk '$2 =3D=3D "/boot" \ + { print gensub(/^(.*,)?(ro|rw)(,.*)?$/, "\\2", 1, $4); exit }' \ + /proc/mounts) =20 =2D elog "To avoid automounting and auto(un)installing with /boot," =2D elog "just export the DONT_MOUNT_BOOT variable." =2D mount-boot_check_status + if [[ -z ${procstate} ]] ; then + eerror "Your boot partition is not mounted at /boot." + eerror "Please mount it and retry." + die "/boot not mounted" + fi + + if [[ ${procstate} =3D=3D ro ]] ; then + eerror "Your boot partition, detected as being mounted at /boot," \ + "is read-only." + eerror "Please remount it read/write and retry." + die "/boot mounted read-only" + fi + + einfo "Your boot partition was detected as being mounted at /boot." + einfo "Files will be installed there for ${PN} to function correctly." } =20 =2Dmount-boot_mount_boot_partition() { +mount-boot_pkg_pretend() { mount-boot_check_status =2D case $? in =2D 0) # Nothing to do. =2D ;; =2D 1) # Remount it rw. =2D mount -o remount,rw /boot =2D if [ $? -ne 0 ] ; then =2D echo =2D eerror "Unable to remount in rw mode. Please do it manually!" =2D die "Can't remount in rw mode. Please do it manually!" =2D fi =2D touch /boot/.e.remount =2D ;; =2D 2) # Mount it rw. =2D mount /boot -o rw =2D if [ $? -ne 0 ] ; then =2D echo =2D eerror "Cannot automatically mount your /boot partition." =2D eerror "Your boot partition has to be mounted rw before the installat= ion" =2D eerror "can continue. ${PN} needs to install important files there." =2D die "Please mount your /boot partition manually!" =2D fi =2D touch /boot/.e.mount =2D ;; =2D esac } =20 mount-boot_pkg_preinst() { =2D # Handle older EAPIs. =2D case ${EAPI:-0} in =2D [0-3]) mount-boot_pkg_pretend ;; =2D esac =2D =2D mount-boot_mount_boot_partition + mount-boot_check_status } =20 mount-boot_pkg_prerm() { =2D touch "${ROOT}"/boot/.keep 2>/dev/null =2D mount-boot_mount_boot_partition =2D touch "${ROOT}"/boot/.keep 2>/dev/null =2D} + mount-boot_check_status =20 =2Dmount-boot_umount_boot_partition() { =2D # Get out fast if possible. =2D mount-boot_is_disabled && return 0 =2D =2D if [ -e /boot/.e.remount ] ; then =2D einfo "Automatically remounting /boot as ro as it was previously." =2D rm -f /boot/.e.remount =2D mount -o remount,ro /boot =2D elif [ -e /boot/.e.mount ] ; then =2D einfo "Automatically unmounting /boot as it was previously." =2D rm -f /boot/.e.mount =2D umount /boot + if [[ -z ${EPREFIX} ]] \ + && ! ( shopt -s failglob; : "${EROOT}"/boot/.keep* ) 2>/dev/null + then + # Create a .keep file, in case it is shadowed at the mount point + touch "${EROOT}"/boot/.keep 2>/dev/null fi } =20 =2Dmount-boot_pkg_postinst() { =2D mount-boot_umount_boot_partition =2D} +# No-op phases for backwards compatibility +mount-boot_pkg_postinst() { :; } =20 =2Dmount-boot_pkg_postrm() { =2D mount-boot_umount_boot_partition =2D} +mount-boot_pkg_postrm() { :; } =2D-=20 2.24.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEZlHkP3TnuTbxrN0HwwkGhRxhwnMFAl3qdVoACgkQwwkGhRxh wnO+xQf/aZhXRqy+TP0dCuD7HXtVBscXtMFKa84l1OQucmvBJ2lIJxfsEe4wtILJ GYHklwwWf7QMs5xjIFPscxX8e/EeBkWj2joEGX3OoKgKwtnpITzho7B2yE14KCAN tNz2Ea7dXECs7nB1R90f1wjQjxDvWEg1wGOm/Hhy2yKr70/jPOw1K9Pam6bHWR/0 fpOE9lXG5kMjdpizoxhZ9gwF79ULQTEFUCM8snjStk3xl3XillAn/NR0R6m1fJc8 SqTPmKlDJWCUE81YmaujiA9ZEGSFyms72dwfwmylInb2Ew1Pvs916Mn18QZb704C N9G+iLRKUhf0eakb370OFwfZVNtPLA== =xzYk -----END PGP SIGNATURE----- --=-=-=--