forked from rpms/abuild
Compare commits
2 Commits
danfimov-p
...
c9
| Author | SHA1 | Date | |
|---|---|---|---|
| 1c56b304cd | |||
| 7a45ec11f1 |
50
SOURCES/0004-Backport-b0d3dbe3.patch
Normal file
50
SOURCES/0004-Backport-b0d3dbe3.patch
Normal file
@ -0,0 +1,50 @@
|
||||
From 24df755f0dc1555fdeaaa416c96a73719eb8a63c Mon Sep 17 00:00:00 2001
|
||||
From: Daniil Anfimov <anfimovdan@gmail.com>
|
||||
Date: Wed, 20 May 2026 21:13:50 +0200
|
||||
Subject: [PATCH] Backport b0d3dbe3: "abuild: do not export tmpdir/pkgbasedir"
|
||||
|
||||
---
|
||||
abuild-3.15.0/abuild.in | 13 ++++++++-----
|
||||
1 file changed, 8 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/abuild.in b/abuild.in
|
||||
index c33a230..4447b4d 100644
|
||||
--- a/abuild.in
|
||||
+++ b//abuild.in
|
||||
@@ -2563,7 +2563,13 @@ rootbld() {
|
||||
"$BUILD_ROOT/tmp/tmp" "$BUILD_ROOT/usr/bin" \
|
||||
"$REPODEST" "$BUILD_ROOT/$HOME/.ccache"
|
||||
|
||||
- cp /etc/abuild.conf "$BUILD_ROOT/etc"
|
||||
+ # Avoid exporting {src,pkgbase,tmp}dir
|
||||
+ cat - /etc/abuild.conf <<-EOF > "$BUILD_ROOT"/etc/abuild.conf
|
||||
+ srcdir=/tmp/src
|
||||
+ pkgbasedir=/tmp/pkg
|
||||
+ tmpdir=/tmp/tmp
|
||||
+
|
||||
+ EOF
|
||||
|
||||
local dir
|
||||
for dir in /usr/share/apk/keys/$CBUILD_ARCH /etc/apk/keys; do
|
||||
@@ -2653,9 +2659,6 @@ rootbld() {
|
||||
--hostname "build-$buildhost-$CARCH" \
|
||||
--chdir "$startdir" \
|
||||
--clearenv \
|
||||
- --setenv abuild_srcdir /tmp/src \
|
||||
- --setenv pkgbasedir /tmp/pkg \
|
||||
- --setenv tmpdir /tmp/tmp \
|
||||
--setenv CARCH "$CARCH" \
|
||||
--setenv HOME "$HOME" \
|
||||
--setenv REPODEST "$REPODEST" \
|
||||
@@ -2976,7 +2979,7 @@ fi
|
||||
APKBUILD=$(readlink -f "$APKBUILD")
|
||||
|
||||
startdir="${APKBUILD%/*}"
|
||||
-srcdir=${srcdir:-${abuild_srcdir:-"$startdir/src"}}
|
||||
+srcdir=${srcdir:-"$startdir/src"}
|
||||
pkgbasedir=${pkgbasedir:-"$startdir/pkg"}
|
||||
tmpdir=${tmpdir:-"$startdir/tmp"}
|
||||
|
||||
--
|
||||
2.54.0
|
||||
|
||||
33
SOURCES/0005-Reapply-sysctl-before-rootbld.patch
Normal file
33
SOURCES/0005-Reapply-sysctl-before-rootbld.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 0000000000000000000000000000000000000005 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksandra Kachanova <akachanova@cloudlinux.com>
|
||||
Date: Mon, 15 Jun 2026 12:00:00 +0000
|
||||
Subject: [PATCH] PF-632: re-assert max_user_namespaces before rootbld bwrap
|
||||
|
||||
A concurrent, non-isolated RPM build on the same node can run
|
||||
`sysctl --system` inside its mock chroot (e.g. cloudlinux-linksafe's
|
||||
%posttrans re-applies the el7 base config), which resets the host's
|
||||
user.max_user_namespaces to 0. bwrap then fails to create a user
|
||||
namespace with the misleading "No space left on device". Re-assert the
|
||||
value immediately before invoking bwrap. Best-effort: never fail the
|
||||
build if the re-assert is denied.
|
||||
---
|
||||
abuild.in | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/abuild.in b/abuild.in
|
||||
index 4447b4d..5555555 100644
|
||||
--- a/abuild.in
|
||||
+++ b/abuild.in
|
||||
@@ -2636,6 +2636,9 @@ rootbld() {
|
||||
printf("%s\n", users[i]) > (root "/passwd")
|
||||
}'
|
||||
|
||||
+ # PF-632: re-assert user.max_user_namespaces before bwrap (a concurrent RPM build's sysctl --system can reset it to 0).
|
||||
+ sudo -n sysctl -w user.max_user_namespaces=20000 >/dev/null 2>&1 || true
|
||||
+
|
||||
local bwrap_opts=""
|
||||
options_has "net" || bwrap_opts="$bwrap_opts --unshare-net"
|
||||
bwrap --new-session --unshare-ipc --unshare-uts $bwrap_opts \
|
||||
--
|
||||
2.43.5
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: abuild
|
||||
Version: 3.15.0
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Alpine build tools
|
||||
|
||||
License: GPL-2.0-or-later
|
||||
@ -12,6 +12,8 @@ Source2: %{name}.tmpfiles
|
||||
Patch0: 0001-Do-not-build-docs.patch
|
||||
Patch1: 0002-Allow-running-abuild-rootbld.patch
|
||||
Patch2: 0003-Pass-startdir-as-a-bind-mount.patch
|
||||
Patch3: 0004-Backport-b0d3dbe3.patch
|
||||
Patch4: 0005-Reapply-sysctl-before-rootbld.patch
|
||||
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: make
|
||||
@ -56,6 +58,8 @@ abuild is a set of scripts used to build Alpine Linux packages.
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
make VERSION=%{version}
|
||||
@ -98,5 +102,8 @@ done
|
||||
%{_tmpfilesdir}/%{name}.conf
|
||||
|
||||
%changelog
|
||||
* Mon Jun 15 2026 Aleksandra Kachanova <akachanova@cloudlinux.com> - 3.15.0-2
|
||||
- Reapply user.max_user_namespaces sysctl before rootbld bwrap (PF-632)
|
||||
|
||||
* Mon Jul 07 2025 Andrew Lukoshko <alukoshko@cloudlinux.com> - 3.15.0-1
|
||||
- Initial RPM release
|
||||
|
||||
Loading…
Reference in New Issue
Block a user