Compare commits
No commits in common. "c9" and "c9" have entirely different histories.
32
SOURCES/0003-Do-not-use-bwrap-clearenv.patch
Normal file
32
SOURCES/0003-Do-not-use-bwrap-clearenv.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
From cbba7b83994cba4a4c5839a02e17e6e17b26629a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrew Lukoshko <alukoshko@almalinux.org>
|
||||||
|
Date: Mon, 7 Jul 2025 18:13:35 +0000
|
||||||
|
Subject: [PATCH] Do not use bwrap clearenv
|
||||||
|
|
||||||
|
---
|
||||||
|
abuild.in | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/abuild.in b/abuild.in
|
||||||
|
index 3a455e3..789cb55 100644
|
||||||
|
--- a/abuild.in
|
||||||
|
+++ b/abuild.in
|
||||||
|
@@ -2650,7 +2650,6 @@ rootbld() {
|
||||||
|
--bind "$REPODEST" "$REPODEST" \
|
||||||
|
--hostname "build-$buildhost-$CARCH" \
|
||||||
|
--chdir "$startdir" \
|
||||||
|
- --clearenv \
|
||||||
|
--setenv abuild_srcdir /tmp/src \
|
||||||
|
--setenv pkgbasedir /tmp/pkg \
|
||||||
|
--setenv tmpdir /tmp/tmp \
|
||||||
|
@@ -2666,6 +2665,7 @@ rootbld() {
|
||||||
|
--setenv PATH ${USE_CCACHE:+/usr/lib/ccache/bin:}/bin:/usr/bin:/sbin:/usr/sbin \
|
||||||
|
--setenv FAKEROOTDONTTRYCHOWN 1 \
|
||||||
|
--unsetenv CBUILD \
|
||||||
|
+ /usr/bin/env -i \
|
||||||
|
/usr/bin/abuild $force rootbld_actions
|
||||||
|
update_abuildrepo_index
|
||||||
|
cleanup $CLEANUP
|
||||||
|
--
|
||||||
|
2.43.5
|
||||||
|
|
||||||
@ -1,23 +0,0 @@
|
|||||||
From 7b11a7796d1fcfd14a58ea0a46c953f18d0c3066 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniil Anfimov <anfimovdan@gmail.com>
|
|
||||||
Date: Thu, 4 Sep 2025 14:23:00 +0300
|
|
||||||
Subject: [PATCH] Pass $startdir as a bind mount
|
|
||||||
|
|
||||||
---
|
|
||||||
abuild-3.15.0/abuild.in | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/abuild.in b/abuild.in
|
|
||||||
index c33a230..f6761e5 100644
|
|
||||||
--- a/abuild.in
|
|
||||||
+++ b/abuild.in
|
|
||||||
@@ -2650,6 +2650,7 @@ rootbld() {
|
|
||||||
--bind "$BUILD_ROOT/tmp" /tmp \
|
|
||||||
--bind "$BUILD_ROOT/var/tmp" /var/tmp \
|
|
||||||
--bind "$REPODEST" "$REPODEST" \
|
|
||||||
+ --bind "$startdir" "$startdir" \
|
|
||||||
--hostname "build-$buildhost-$CARCH" \
|
|
||||||
--chdir "$startdir" \
|
|
||||||
--clearenv \
|
|
||||||
--
|
|
||||||
2.50.1
|
|
||||||
@ -1,50 +0,0 @@
|
|||||||
From 24df755f0dc1555fdeaaa416c96a73719eb8a63c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniil Anfimov <anfimovdan@gmail.com>
|
|
||||||
Date: Wed, 20 May 2026 21:13:50 +0200
|
|
||||||
Subject: [PATCH] Backport b0d3dbe3: "abuild: do not export tmpdir/pkgbasedir"
|
|
||||||
|
|
||||||
---
|
|
||||||
abuild-3.15.0/abuild.in | 13 ++++++++-----
|
|
||||||
1 file changed, 8 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/abuild.in b/abuild.in
|
|
||||||
index c33a230..4447b4d 100644
|
|
||||||
--- a/abuild.in
|
|
||||||
+++ b//abuild.in
|
|
||||||
@@ -2563,7 +2563,13 @@ rootbld() {
|
|
||||||
"$BUILD_ROOT/tmp/tmp" "$BUILD_ROOT/usr/bin" \
|
|
||||||
"$REPODEST" "$BUILD_ROOT/$HOME/.ccache"
|
|
||||||
|
|
||||||
- cp /etc/abuild.conf "$BUILD_ROOT/etc"
|
|
||||||
+ # Avoid exporting {src,pkgbase,tmp}dir
|
|
||||||
+ cat - /etc/abuild.conf <<-EOF > "$BUILD_ROOT"/etc/abuild.conf
|
|
||||||
+ srcdir=/tmp/src
|
|
||||||
+ pkgbasedir=/tmp/pkg
|
|
||||||
+ tmpdir=/tmp/tmp
|
|
||||||
+
|
|
||||||
+ EOF
|
|
||||||
|
|
||||||
local dir
|
|
||||||
for dir in /usr/share/apk/keys/$CBUILD_ARCH /etc/apk/keys; do
|
|
||||||
@@ -2653,9 +2659,6 @@ rootbld() {
|
|
||||||
--hostname "build-$buildhost-$CARCH" \
|
|
||||||
--chdir "$startdir" \
|
|
||||||
--clearenv \
|
|
||||||
- --setenv abuild_srcdir /tmp/src \
|
|
||||||
- --setenv pkgbasedir /tmp/pkg \
|
|
||||||
- --setenv tmpdir /tmp/tmp \
|
|
||||||
--setenv CARCH "$CARCH" \
|
|
||||||
--setenv HOME "$HOME" \
|
|
||||||
--setenv REPODEST "$REPODEST" \
|
|
||||||
@@ -2976,7 +2979,7 @@ fi
|
|
||||||
APKBUILD=$(readlink -f "$APKBUILD")
|
|
||||||
|
|
||||||
startdir="${APKBUILD%/*}"
|
|
||||||
-srcdir=${srcdir:-${abuild_srcdir:-"$startdir/src"}}
|
|
||||||
+srcdir=${srcdir:-"$startdir/src"}
|
|
||||||
pkgbasedir=${pkgbasedir:-"$startdir/pkg"}
|
|
||||||
tmpdir=${tmpdir:-"$startdir/tmp"}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.54.0
|
|
||||||
|
|
||||||
@ -1,33 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000005 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Aleksandra Kachanova <akachanova@cloudlinux.com>
|
|
||||||
Date: Mon, 15 Jun 2026 12:00:00 +0000
|
|
||||||
Subject: [PATCH] PF-632: re-assert max_user_namespaces before rootbld bwrap
|
|
||||||
|
|
||||||
A concurrent, non-isolated RPM build on the same node can run
|
|
||||||
`sysctl --system` inside its mock chroot (e.g. cloudlinux-linksafe's
|
|
||||||
%posttrans re-applies the el7 base config), which resets the host's
|
|
||||||
user.max_user_namespaces to 0. bwrap then fails to create a user
|
|
||||||
namespace with the misleading "No space left on device". Re-assert the
|
|
||||||
value immediately before invoking bwrap. Best-effort: never fail the
|
|
||||||
build if the re-assert is denied.
|
|
||||||
---
|
|
||||||
abuild.in | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/abuild.in b/abuild.in
|
|
||||||
index 4447b4d..5555555 100644
|
|
||||||
--- a/abuild.in
|
|
||||||
+++ b/abuild.in
|
|
||||||
@@ -2636,6 +2636,9 @@ rootbld() {
|
|
||||||
printf("%s\n", users[i]) > (root "/passwd")
|
|
||||||
}'
|
|
||||||
|
|
||||||
+ # PF-632: re-assert user.max_user_namespaces before bwrap (a concurrent RPM build's sysctl --system can reset it to 0).
|
|
||||||
+ sudo -n sysctl -w user.max_user_namespaces=20000 >/dev/null 2>&1 || true
|
|
||||||
+
|
|
||||||
local bwrap_opts=""
|
|
||||||
options_has "net" || bwrap_opts="$bwrap_opts --unshare-net"
|
|
||||||
bwrap --new-session --unshare-ipc --unshare-uts $bwrap_opts \
|
|
||||||
--
|
|
||||||
2.43.5
|
|
||||||
|
|
||||||
@ -1,6 +1,6 @@
|
|||||||
Name: abuild
|
Name: abuild
|
||||||
Version: 3.15.0
|
Version: 3.15.0
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Alpine build tools
|
Summary: Alpine build tools
|
||||||
|
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
@ -11,9 +11,7 @@ Source2: %{name}.tmpfiles
|
|||||||
|
|
||||||
Patch0: 0001-Do-not-build-docs.patch
|
Patch0: 0001-Do-not-build-docs.patch
|
||||||
Patch1: 0002-Allow-running-abuild-rootbld.patch
|
Patch1: 0002-Allow-running-abuild-rootbld.patch
|
||||||
Patch2: 0003-Pass-startdir-as-a-bind-mount.patch
|
Patch2: 0003-Do-not-use-bwrap-clearenv.patch
|
||||||
Patch3: 0004-Backport-b0d3dbe3.patch
|
|
||||||
Patch4: 0005-Reapply-sysctl-before-rootbld.patch
|
|
||||||
|
|
||||||
BuildRequires: zlib-devel
|
BuildRequires: zlib-devel
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
@ -57,9 +55,7 @@ abuild is a set of scripts used to build Alpine Linux packages.
|
|||||||
%setup -q -n %{name}-%{version}
|
%setup -q -n %{name}-%{version}
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
#patch2 -p1
|
||||||
%patch3 -p1
|
|
||||||
%patch4 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
make VERSION=%{version}
|
make VERSION=%{version}
|
||||||
@ -102,8 +98,5 @@ done
|
|||||||
%{_tmpfilesdir}/%{name}.conf
|
%{_tmpfilesdir}/%{name}.conf
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Jun 15 2026 Aleksandra Kachanova <akachanova@cloudlinux.com> - 3.15.0-2
|
|
||||||
- Reapply user.max_user_namespaces sysctl before rootbld bwrap (PF-632)
|
|
||||||
|
|
||||||
* Mon Jul 07 2025 Andrew Lukoshko <alukoshko@cloudlinux.com> - 3.15.0-1
|
* Mon Jul 07 2025 Andrew Lukoshko <alukoshko@cloudlinux.com> - 3.15.0-1
|
||||||
- Initial RPM release
|
- Initial RPM release
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user