Call for Review: more pristine environment for release build

Ruslan Ermilov · *nix forums addict Joined: 01 Jul 2002 Posts: 65

On Thu, Jul 25, 2002 at 03:54:08PM +0900, Makoto Matsushita wrote:

Makoto Matsushita · *nix forums beginner Joined: 21 Mar 2002 Posts: 9

ru> This had only one disadvantage so far. I could no longer pass NO_WERROR
ru> globally through the environment; passing it with WORLD_FLAGS/KERNEL_FLAGS
ru> does not make it propagate to release.5. JFYI.

Ya, that's right, thanks.

Quick workaround is to put NO_WERROR to ${CHROOT}/etc/make.conf
(LOCAL_PATCHES can be used). However, maybe it is better to describe
explicitly in ${CHROOT}/mk if parent environment defines NO_WRROR.
I'll make a patch later (maybe this evening).

-- -
Makoto `MAR' Matsushita

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Ruslan Ermilov · *nix forums addict Joined: 01 Jul 2002 Posts: 65

On Sat, Jun 08, 2002 at 06:00:49PM +0900, Makoto Matsushita wrote:

Makoto Matsushita · *nix forums beginner Joined: 21 Mar 2002 Posts: 9

Current chroot sandbox inherits parent's environment variables.
However, there is only 'PATH' environment variable which should be
inherited from the parent. Since there are several _fixed_
directories to be listed in PATH, we can safely listed directories in
static.

Following patch enables that:
* PATH list is set statically.
* Use 'env -i' to eliminate parent environment variables when
starting chroot( Cool

sandbox.

Note:
1) '/sbin' should be listed in PATH (/sbin/{u,}mount will be
there). I don't know about '/usr/sbin', but it is safe for
us IMHO.
2) 'chroot' should be full-path, since /bin/sh's default PATH
is "/bin:/usr/bin"; without full-path, env can't start chroot.

If there are no problems, I'll commit it later (maybe several days
after or so). Any comments, suggestions, and objections are welcome.

Thanks in advance,
-- -
Makoto `MAR' Matsushita

Index: Makefile
===================================================================
RCS file: /home/ncvs/src/release/Makefile,v
retrieving revision 1.686
diff -u -r1.686 Makefile
--- Makefile 8 Jun 2002 03:15:50 -0000 1.686
+++ Makefile 8 Jun 2002 08:44:07 -0000
@@ -392,7 +392,7 @@
.endif
# Don't remove this, or the build will fall over!
echo "export RELEASEDIR=${_R}" >> ${CHROOTDIR}/mk
- echo "export PATH=$${PATH}:${LOCALDIR}" >> ${CHROOTDIR}/mk
+ echo "export PATH=/bin:/usr/bin:/sbin:/usr/sbin:${LOCALDIR}" >> ${CHROOTDIR}/mk
echo "export TMPDIR=/tmp" >> ${CHROOTDIR}/mk
echo "export MAKEOBJDIRPREFIX=/usr/obj" >> ${CHROOTDIR}/mk
echo "export MANBUILDCAT=YES" >> ${CHROOTDIR}/mk
@@ -406,7 +406,7 @@
echo "make \$${_RELTARGET}" >> ${CHROOTDIR}/mk
echo "echo \">>> make ${.TARGET} for ${TARGET} finished on \`LC_ALL=C TZ=GMT date\`\"" >> ${CHROOTDIR}/mk
chmod 755 ${CHROOTDIR}/mk
- chroot ${CHROOTDIR} /mk
+ env -i /usr/sbin/chroot ${CHROOTDIR} /mk

clean:
rm -rf boot_crunch release.[0-9]

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Google