head 1.21; access; symbols pkgsrc-2026Q1:1.21.0.2 pkgsrc-2026Q1-base:1.21 pkgsrc-2025Q4:1.20.0.6 pkgsrc-2025Q4-base:1.20 pkgsrc-2025Q3:1.20.0.4 pkgsrc-2025Q3-base:1.20 pkgsrc-2025Q2:1.20.0.2 pkgsrc-2025Q2-base:1.20 pkgsrc-2025Q1:1.19.0.12 pkgsrc-2025Q1-base:1.19 pkgsrc-2024Q4:1.19.0.10 pkgsrc-2024Q4-base:1.19 pkgsrc-2024Q3:1.19.0.8 pkgsrc-2024Q3-base:1.19 pkgsrc-2024Q2:1.19.0.6 pkgsrc-2024Q2-base:1.19 pkgsrc-2024Q1:1.19.0.4 pkgsrc-2024Q1-base:1.19 pkgsrc-2023Q4:1.19.0.2 pkgsrc-2023Q4-base:1.19 pkgsrc-2023Q3:1.18.0.22 pkgsrc-2023Q3-base:1.18 pkgsrc-2023Q2:1.18.0.20 pkgsrc-2023Q2-base:1.18 pkgsrc-2023Q1:1.18.0.18 pkgsrc-2023Q1-base:1.18 pkgsrc-2022Q4:1.18.0.16 pkgsrc-2022Q4-base:1.18 pkgsrc-2022Q3:1.18.0.14 pkgsrc-2022Q3-base:1.18 pkgsrc-2022Q2:1.18.0.12 pkgsrc-2022Q2-base:1.18 pkgsrc-2022Q1:1.18.0.10 pkgsrc-2022Q1-base:1.18 pkgsrc-2021Q4:1.18.0.8 pkgsrc-2021Q4-base:1.18 pkgsrc-2021Q3:1.18.0.6 pkgsrc-2021Q3-base:1.18 pkgsrc-2021Q2:1.18.0.4 pkgsrc-2021Q2-base:1.18 pkgsrc-2021Q1:1.18.0.2 pkgsrc-2021Q1-base:1.18 pkgsrc-2020Q4:1.17.0.2 pkgsrc-2020Q4-base:1.17 pkgsrc-2020Q3:1.15.0.14 pkgsrc-2020Q3-base:1.15 pkgsrc-2020Q2:1.15.0.12 pkgsrc-2020Q2-base:1.15 pkgsrc-2020Q1:1.15.0.8 pkgsrc-2020Q1-base:1.15 pkgsrc-2019Q4:1.15.0.10 pkgsrc-2019Q4-base:1.15 pkgsrc-2019Q3:1.15.0.6 pkgsrc-2019Q3-base:1.15 pkgsrc-2019Q2:1.15.0.4 pkgsrc-2019Q2-base:1.15 pkgsrc-2019Q1:1.15.0.2 pkgsrc-2019Q1-base:1.15 pkgsrc-2018Q4:1.14.0.2 pkgsrc-2018Q4-base:1.14 pkgsrc-2018Q3:1.13.0.2 pkgsrc-2018Q3-base:1.13 pkgsrc-2018Q2:1.12.0.2 pkgsrc-2018Q2-base:1.12 pkgsrc-2018Q1:1.10.0.14 pkgsrc-2018Q1-base:1.10 pkgsrc-2017Q4:1.10.0.12 pkgsrc-2017Q4-base:1.10 pkgsrc-2017Q3:1.10.0.10 pkgsrc-2017Q3-base:1.10 pkgsrc-2017Q2:1.10.0.6 pkgsrc-2017Q2-base:1.10 pkgsrc-2017Q1:1.10.0.4 pkgsrc-2017Q1-base:1.10 pkgsrc-2016Q4:1.10.0.2 pkgsrc-2016Q4-base:1.10 pkgsrc-2016Q3:1.9.0.6 pkgsrc-2016Q3-base:1.9 pkgsrc-2016Q2:1.9.0.4 pkgsrc-2016Q2-base:1.9 pkgsrc-2016Q1:1.9.0.2 pkgsrc-2016Q1-base:1.9 pkgsrc-2015Q4:1.8.0.4 pkgsrc-2015Q4-base:1.8 pkgsrc-2015Q3:1.8.0.2 pkgsrc-2015Q3-base:1.8 pkgsrc-2015Q2:1.7.0.2 pkgsrc-2015Q2-base:1.7 pkgsrc-2015Q1:1.6.0.14 pkgsrc-2015Q1-base:1.6 pkgsrc-2014Q4:1.6.0.12 pkgsrc-2014Q4-base:1.6 pkgsrc-2014Q3:1.6.0.10 pkgsrc-2014Q3-base:1.6 pkgsrc-2014Q2:1.6.0.8 pkgsrc-2014Q2-base:1.6 pkgsrc-2014Q1:1.6.0.6 pkgsrc-2014Q1-base:1.6 pkgsrc-2013Q4:1.6.0.4 pkgsrc-2013Q4-base:1.6 pkgsrc-2013Q3:1.6.0.2 pkgsrc-2013Q3-base:1.6 pkgsrc-2013Q2:1.3.0.2 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.2.0.6 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.4 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.2 pkgsrc-2012Q3-base:1.2; locks; strict; comment @# @; 1.21 date 2026.01.28.20.37.38; author lloyd; state Exp; branches; next 1.20; commitid aNXtPgiLK8hItcsG; 1.20 date 2025.04.21.21.11.41; author wiz; state Exp; branches; next 1.19; commitid ADUeFAtSdDlELXRF; 1.19 date 2023.12.05.20.45.27; author agc; state Exp; branches; next 1.18; commitid YL59PuWnBIIALjPE; 1.18 date 2021.01.22.11.59.52; author jperkin; state Exp; branches; next 1.17; commitid TUKdTtLwVR1dwIEC; 1.17 date 2020.12.07.13.05.12; author jperkin; state Exp; branches; next 1.16; commitid bSO8N2qAbqy1nOyC; 1.16 date 2020.12.07.12.35.52; author jperkin; state Exp; branches; next 1.15; commitid Bh6C2WygZeu4cOyC; 1.15 date 2019.01.25.20.08.21; author agc; state Exp; branches; next 1.14; commitid hKZxlfaI9iUUAc9B; 1.14 date 2018.12.07.12.40.39; author sevan; state Exp; branches; next 1.13; commitid mLM4Ua2GWtwJJR2B; 1.13 date 2018.09.29.18.59.29; author sevan; state Exp; branches; next 1.12; commitid QjtKARuPDElY22UA; 1.12 date 2018.04.21.19.40.50; author sevan; state Exp; branches; next 1.11; commitid 3ChufHilrPUIqlzA; 1.11 date 2018.04.12.02.08.47; author simonb; state Exp; branches; next 1.10; commitid UeWXpnw0M30LT5yA; 1.10 date 2016.10.14.12.50.07; author jperkin; state Exp; branches; next 1.9; commitid w6c5mf1NBfbvY6qz; 1.9 date 2016.03.03.04.41.15; author agc; state Exp; branches; next 1.8; commitid NtNHZ5B3POVuv9Xy; 1.8 date 2015.07.05.11.47.14; author jperkin; state Exp; branches; next 1.7; commitid T8rSJ0Y0JMgyE5sy; 1.7 date 2015.04.14.08.55.07; author jperkin; state Exp; branches; next 1.6; commitid WDruLeYP3Vjckxhy; 1.6 date 2013.07.24.22.16.26; author jperkin; state Exp; branches; next 1.5; commitid WV5Qu9NT0MkhXLYw; 1.5 date 2013.07.20.10.20.42; author jperkin; state Exp; branches; next 1.4; commitid ytgNCkjDVT3c8cYw; 1.4 date 2013.07.18.16.07.22; author jperkin; state Exp; branches; next 1.3; commitid aUivyUQUmvVu8YXw; 1.3 date 2013.05.29.15.09.49; author wiz; state Exp; branches; next 1.2; commitid lGaWPmtGprlEqxRw; 1.2 date 2012.08.26.21.38.34; author agc; state Exp; branches; next 1.1; 1.1 date 2012.08.26.10.31.23; author wiz; state Exp; branches; next ; desc @@ 1.21 log @Add /var/db (or its moral equivalent) to the list of empty directories created in a sandbox on NetBSD, Linux and macOS. Other OSes are unchanged because I haven't been able to determine what the correct directory is. @ text @#! /bin/sh # $NetBSD: mksandbox,v 1.19 2023/12/05 20:45:27 agc Exp $ # Copyright (c) 2002,2012 Alistair Crooks # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # Usage: mksandbox [--mounthost=host] [--pkgsrc=dir] # [--rodirs=dir1,...] [--rwdirs=dir1,...] # [--src=srcdir] [--xsrc=xsrcdir] # [--without-src] [--without-pkgsrc] [--without-xsrc] # [--without-x] [--verbose] sandbox-dir # # A small shell script to set up a sandbox (usually for a pkgsrc bulk # build), using null mounts. pkgsrc=/usr/pkgsrc src=/usr/src xsrc=/usr/xsrc rodirs= rwdirs= with_pkgsrc=yes with_x=yes kernel="" sandboxWriteDirs="" sandboxMountDirs="/bin /sbin /lib /libexec /usr/X11R7 /usr/bin /usr/games /usr/include /usr/lib /usr/libdata /usr/libexec /usr/lkm /usr/share /usr/sbin /var/mail" sandboxEmptyDirs="/var/run /var/log /var/spool/lock /var/spool/mqueue" sandboxEmptyFiles="/var/run/utmp /var/run/utmpx /var/log/wtmp /var/log/wtmpx /var/log/lastlog /var/log/lastlogx" usage() { echo "usage: mksandbox [--mounthost=host] [--rodirs=dir1,...] [--rwdirs=dir1,...]" echo " [--pkgsrc=dir] [--src=srcdir] [--xsrc=xsrcdir]" echo " [--without-src] [--without-pkgsrc] [--without-xsrc]" echo " [--without-x] [--verbose] sandbox-dir" exit 1 } err() { echo "error: $1" exit 1 } # by default, don't require src and xsrc to be available need_src=no need_xsrc=no opsys=`uname -s` case "$opsys" in Darwin) bmakeprog=bmake chmodprog=/bin/chmod chownprog=/usr/sbin/chown cpprog=/bin/cp gtarprog=/usr/bin/gnutar idprog=/usr/bin/id kernel=/mach_kernel mkdirprog="/bin/mkdir -p" mountflags="-t nfs" mounthost="localhost" mountprog=/sbin/mount paxprog=/bin/pax sedprog=/usr/bin/sed sandboxEmptyDirs="$sandboxEmptyDirs /var/root /var/db" sandboxMountDirs="$sandboxMountDirs /usr/llvm-gcc-4.2 /usr/X11 /System/Library /Library" sandboxWriteDirs="$sandboxWriteDirs /Library/Server/Mail/Data" ;; DragonFly) bmakeprog=bmake chmodprog=/bin/chmod chownprog=/usr/sbin/chown cpprog=/bin/cp gtarprog=/usr/bin/tar idprog=/usr/bin/id mkdirprog="/bin/mkdir -p" mountflags="-t null" mountprog=/sbin/mount paxprog=/bin/pax sedprog=/usr/bin/sed sandboxEmptyDirs="$sandboxEmptyDirs /var/spool/dma" # Does /var/db exist on a basic install of DragonFly? # If so, delete the line above and uncomment the line below. # sandboxEmptyDirs="$sandboxEmptyDirs /var/spool/dma /var/db" ;; FreeBSD) bmakeprog=bmake chmodprog=/bin/chmod chownprog=/usr/sbin/chown cpprog=/bin/cp gtarprog=/usr/bin/tar idprog=/usr/bin/id mkdirprog="/bin/mkdir -p" mountflags="-t nullfs" mountprog=/sbin/mount paxprog=/bin/pax sedprog=/usr/bin/sed # Does /var/db exist on a basic install of FreeBSD? # If so, uncomment the line below. # sandboxEmptyDirs="$sandboxEmptyDirs /var/db" ;; Linux) bmakeprog=bmake chmodprog=/bin/chmod chownprog=/bin/chown cpprog=/bin/cp gtarprog=/bin/tar idprog=/usr/bin/id mkdirprog="/bin/mkdir -p" mountflags="--bind" if [ -f /bin/mount ]; then mountprog=/bin/mount else mountprog=/sbin/mount fi paxprog="" sedprog=/bin/sed sandboxEmptyDirs="$sandboxEmptyDirs /var/lib" sandboxMountDirs="$sandboxMountDirs /lib64 /usr/lib64 /usr/kerberos" sandboxWriteDirs="$sandboxWriteDirs /proc" ;; NetBSD) bmakeprog=make chmodprog=/bin/chmod chownprog=/usr/sbin/chown cpprog=/bin/cp gtarprog=/usr/bin/tar idprog=/usr/bin/id kernel=/netbsd mkdirprog="/bin/mkdir -p" mountflags="-t null" mountprog=/sbin/mount paxprog=/bin/pax sedprog=/usr/bin/sed need_src=yes need_xsrc=yes sandboxEmptyDirs="$sandboxEmptyDirs /var/db" ;; SunOS) bmakeprog=bmake chmodprog=/usr/bin/chmod chownprog=/usr/bin/chown cpprog=/usr/bin/cp gtarprog="" idprog=/usr/xpg4/bin/id mkdirprog="/usr/bin/mkdir -p" mountflags="-F lofs" mountprog=/sbin/mount paxprog=/bin/pax sedprog=/usr/xpg4/bin/sed sandboxMountDirs="/bin /sbin /kernel /lib /proc /opt/SUNWspro /usr/X11R6 /usr/5bin /usr/bin /usr/ccs /usr/dt /usr/games /usr/include /usr/lib /usr/openwin /usr/share /usr/sbin /usr/sadm /usr/sfw /usr/ucb /usr/ucblib /usr/xpg4 /var/mail /var/sadm" sandboxEmptyDirs="$sandboxEmptyDirs /usr/tmp /var/tmp" # Does /var/adm exist on a basic install of Solaris? # If so, delete the line above and uncomment the line below. # sandboxEmptyDirs="$sandboxEmptyDirs /usr/tmp /var/tmp /var/adm" ;; *) echo "Unknown Operating System ($opsys) - good luck" bmakeprog=bmake chmodprog=chmod chownprog=chown cpprog=cp gtarprog="tar" idprog="id" mkdirprog="mkdir -p" mountflags="-t null" mountprog=mount paxprog=pax sedprog=sed ;; esac while [ $# -gt 0 ]; do case "$1" in --mounthost=*) mounthost=`echo $1 | $sedprog -e 's|^--mounthost=||'` ;; --pkgsrc=*) pkgsrc=`echo $1 | $sedprog -e 's|^--pkgsrc=||'` ;; --src=*) src=`echo $1 | $sedprog -e 's|^--src=||'` ;; --xsrc=*) xsrc=`echo $1 | $sedprog -e 's|^--xsrc=||'` ;; --rodirs=*) rodirs=`echo $1 | $sedprog -e 's|^--rodirs=||'` ;; --rwdirs=*) rwdirs=`echo $1 | $sedprog -e 's|^--rwdirs=||'` ;; --without-pkgsrc) with_pkgsrc=no ;; --without-src) need_src=no ;; --without-xsrc) need_xsrc=no ;; --without-x) with_x=no ;; --verbose) set -x ;; -*) usage ;; *) break ;; esac shift done if [ $# -ne 1 ]; then usage fi if [ "$with_x" = "no" ]; then need_xsrc=no fi if [ `$idprog -u` -ne 0 ]; then err "You must be root to run this script." fi if [ -n "$mounthost" ]; then mounthost="$mounthost:" fi if [ ! -d $pkgsrc -a "$with_pkgsrc" = "yes" ]; then err "pkgsrc directory $pkgsrc does not exist." fi if [ ! -d $src -a "$need_src" = "yes" ]; then err "source directory $src does not exist." fi if [ ! -d $xsrc -a "$need_xsrc" = "yes" ]; then err "xsrc directory $xsrc does not exist." fi sandbox=$1 sandbox_script="$sandbox/sandbox" if [ "$with_pkgsrc" = "yes" ]; then packages=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=PACKAGES)` distfiles=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=DISTDIR)` localbase=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=LOCALBASE)` pkg_dbdir=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=PKG_DBDIR)` localpatches=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=LOCALPATCHES)` test -d "$localpatches" || echo "WARNING: LOCALPATCHES directory does not exist - ignoring" fi $mkdirprog $sandbox sandbox="`(cd $sandbox && pwd)`" cat > $sandbox_script <> $sandbox_script done for d in $sandboxWriteDirs; do test -d $d || continue; $mkdirprog $sandbox$d; $mountprog $mountflags $mounthost$d $sandbox$d; echo "$mounthost$d $d rw \\" >> $sandbox_script done echo "Making /tmp in $sandbox" $mkdirprog $sandbox/tmp $sandbox/var/tmp $chmodprog 1777 $sandbox/tmp $sandbox/var/tmp $idprog games >/dev/null 2>&1 if [ $? -eq 0 ]; then echo "Making /var/games in $sandbox" $mkdirprog $sandbox/var/games $chownprog games:games $sandbox/var/games $chmodprog 2775 $sandbox/var/games fi for d in $sandboxEmptyDirs; do test -d $d || continue echo "Making $d in $sandbox" $mkdirprog $sandbox$d done for f in $sandboxEmptyFiles; do test -f $f || continue echo "Making $f in $sandbox" $cpprog /dev/null $sandbox$f done if [ "$need_src" = "yes" ]; then echo "Mount $src from $sandbox" $mkdirprog $sandbox/usr/src $mountprog $mountflags -r $mounthost$src $sandbox/usr/src echo "$mounthost$src /usr/src ro \\" >> $sandbox_script fi if [ "$with_pkgsrc" = "yes" ]; then echo "Mount $pkgsrc from $sandbox" $mkdirprog $sandbox/usr/pkgsrc $mountprog $mountflags $mounthost$pkgsrc $sandbox/usr/pkgsrc echo "$mounthost$pkgsrc /usr/pkgsrc rw \\" >> $sandbox_script echo "Mounting $packages and $distfiles from $sandbox" $mkdirprog $sandbox/$packages $sandbox/$distfiles $mkdirprog $packages $distfiles $mountprog $mountflags $mounthost$packages $sandbox/$packages $mountprog $mountflags $mounthost$distfiles $sandbox/$distfiles echo "$mounthost$packages $packages rw \\" >> $sandbox_script echo "$mounthost$distfiles $distfiles rw \\" >> $sandbox_script if [ -n "$localpatches" ] && [ -d "$localpatches" ]; then echo "Mounting $localpatches from $sandbox" $mkdirprog $sandbox/$localpatches $mountprog $mountflags $mounthost$localpatches $sandbox/$localpatches echo "$mounthost$localpatches $localpatches rw \\" >> $sandbox_script fi fi if [ "$need_xsrc" = "yes" ]; then echo "Mount $xsrc from $sandbox" $mkdirprog $sandbox/usr/xsrc $mountprog $mountflags -r $mounthost$xsrc $sandbox/usr/xsrc echo "$mounthost$xsrc /usr/xsrc ro \\" >> $sandbox_script fi if [ -n "$rodirs" ]; then for dir in `echo $rodirs | $sedprog -e 's/,/ /g'`; do echo "Mount $dir from $sandbox" $mkdirprog $sandbox$dir $mountprog $mountflags -r $mounthost$dir $sandbox$dir case "$opsys" in Linux) $mountprog $mountflags -o remount,bind,ro $mounthost$dir $sandbox$dir ;; esac echo "$mounthost$dir $dir ro \\" >> $sandbox_script done fi if [ -n "$rwdirs" ]; then for dir in `echo $rwdirs | $sedprog -e 's/,/ /g'`; do echo "Mount $dir from $sandbox" $mkdirprog $sandbox$dir $mountprog $mountflags $mounthost$dir $sandbox$dir echo "$mounthost$dir $dir rw \\" >> $sandbox_script done fi date > $sandbox/.sandbox_mounted cat >> $sandbox_script < \$sandbox/.sandbox_mounted ;; xumount) if [ ! -s \$sandbox/.sandbox_mounted ]; then echo \$sandbox not mounted && exit 1 fi set dummy \`r3 \$fses\` shift while [ \$# -ge 3 ]; do fs=\$1; shift mntpoint=\$1; shift dummy=\$1; shift umount \$sandbox/\$mntpoint done case \$opsys in Linux) umount \$sandbox/dev/shm umount \$sandbox/dev ;; Darwin|DragonFly|FreeBSD) umount \$sandbox/dev ;; SunOS) umount \$sandbox/dev/fd umount \$sandbox/dev ;; esac rm -f \$sandbox/.sandbox_mounted ;; xchroot) if [ ! -s \$sandbox/.sandbox_mounted ]; then echo \$sandbox not mounted && exit 1 fi case x\$2 in x) rootshell=/bin/ksh ;; *) rootshell="\$2" ;; esac script="\$sandbox/tmp/script.\$\$" echo "#!/bin/sh" > \$script echo "ENV=/etc/shrc \$rootshell" >> \$script chmod +x \$script ENV=/etc/shrc chroot \$sandbox /tmp/\`basename \$script\` rm -f \$script ;; xismounted) if [ -s \$sandbox/.sandbox_mounted ]; then echo \$sandbox is mounted && exit 0 else echo \$sandbox is not mounted && exit 1 fi ;; *) if [ \$# -eq 0 ]; then set dummy /bin/sh shift fi chroot \$sandbox "\$@@" ;; esac EOS chmod +x $sandbox_script case $opsys in Darwin) $cpprog /var/run/resolv.conf $sandbox/var/run/resolv.conf ;; Linux) if [ -f /run/resolvconf/resolv.conf ]; then $mkdirprog $sandbox/run/resolvconf $cpprog /run/resolvconf/resolv.conf $sandbox/run/resolvconf/resolv.conf fi ;; SunOS) $cpprog /etc/mnttab $sandbox/etc/mnttab ;; *) esac echo "Sandbox creation is now complete" exit 0 @ 1.20 log @mksandbox: remove Interix mention @ text @d87 1 a87 1 sandboxEmptyDirs="$sandboxEmptyDirs /var/root" d104 3 d120 3 d140 1 d159 1 d175 3 @ 1.19 log @pkgtools/mksandbox - update to version 1.11 + Don't allow mounting of already mounted sandboxes, or unmounting of unmounted sandboxes. + Also, add an extra "ismounted" case label to be able to tell if a sandbox is mounted. A df(1) invocation should continue to work just as well :) No objections on tech-pkg@@ Addresses the first part of PR pkg/51992 from Paul Goyette @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.18 2021/01/22 11:59:52 jperkin Exp $ a117 5 Interix) echo >&2 "This script cannot be used on Interix; a different procedure is required." echo >&2 "(To be documented.)" exit 1 ;; @ 1.18 log @mksandbox: Update to version 1.10. Change the /dev/shm handling on Linux to account for systemd being a complete nightmare and changing mount types behind your back automatically. The previous fixed works fine, until it magically changes from a tmpfs with 1777 permissions to a devtmpfs with 0755 permissions, with obvious failures resulting when building as non-root. Tested on el6 and el7, with the latter now reliably able to build Python. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.17 2020/12/07 13:05:12 jperkin Exp $ d29 3 a31 2 # Usage: mksandbox [--mounthost=host] [--rodirs=dir1,...] [--rwdirs=dir1,...] # [--pkgsrc=dir] [--src=srcdir] [--xsrc=xsrcdir] d422 2 d428 3 d455 1 d458 3 d482 1 d485 3 d499 7 @ 1.17 log @mksandbox: Copy mounts that are symlinks. Resolves issues seen on newer Linux. I've had this in my tree for a while, ride previous version bump. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.16 2020/12/07 12:35:52 jperkin Exp $ d139 1 a139 1 sandboxWriteDirs="$sandboxWriteDirs /dev/shm /proc" d292 1 d442 1 d460 5 a464 1 Darwin|DragonFly|FreeBSD|Linux) @ 1.16 log @mksandbox: Update to version 1.9. On Linux create an additional read/write bind mount for /dev/shm. It should be a tmpfs mount writeable by all users, whereas the default devtmpfs permissions for the directory are 0755. Fixes builds of newer python releases as a non-root user. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.15 2019/01/25 20:08:21 agc Exp $ d317 4 @ 1.15 log @Update mksandbox to version 1.8 Fix in PR pkg/53896 from silas@@nocafe.net for mksandbox to fully support relative pathnames. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.14 2018/12/07 12:40:39 sevan Exp $ d139 1 a139 1 sandboxWriteDirs="$sandboxWriteDirs /proc" @ 1.14 log @Update Usage coment to include --without-xsrc @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.13 2018/09/29 18:59:29 sevan Exp $ d249 1 @ 1.13 log @Include /var/spool/dma on DragonFly BSD so report emails work from pbulk. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.12 2018/04/21 19:40:50 sevan Exp $ d31 2 a32 2 # [--without-src] [--without-pkgsrc] [--without-x] # [--verbose] sandbox-dir @ 1.12 log @Add support for DragonFly BSD. OS is essentially the same as FreeBSD from our configuration point of view, with the exception of the name of utiliy for nullfs mounts. Tested on DragonFly 5.3-DEVELOPMENT. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.11 2018/04/12 02:08:47 simonb Exp $ d102 1 @ 1.11 log @Add a --without-xsrc option similar to the existing --without-src option. Allows for building X packages without needing xsrc in the sandbox. Approved by agc@@. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.10 2016/10/14 12:50:07 jperkin Exp $ d90 13 d281 1 a281 1 Darwin|FreeBSD) d430 1 a430 1 Darwin|FreeBSD) d452 1 a452 1 Darwin|FreeBSD|Linux) @ 1.10 log @Update to mksandbox-1.7. Changes: - Handle /run/resolvconf/resolv.conf explicitly rather than mounting all of /run. If /run exists then systemd will dynamically create /run/user/uid tmpfs mounts inside the chroot which mksandbox is unable to unmount. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.9 2016/03/03 04:41:15 agc Exp $ d55 2 a56 2 echo " [--without-src] [--without-pkgsrc] [--without-x]" echo " [--verbose] sandbox-dir" d184 1 @ 1.9 log @Patch from Silas Silva to: + add a --without-src command line argument which allows a sandbox to be made without mounting any src tree component + bump mksandbox package to 1.6. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.8 2015/07/05 11:47:14 jperkin Exp $ d124 1 a124 1 sandboxMountDirs="$sandboxMountDirs /lib64 /usr/lib64 /usr/kerberos /run" d475 6 @ 1.8 log @mksandbox-1.5: Mount /run on newer Linux for dynamic resolv.conf @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.7 2015/04/14 08:55:07 jperkin Exp $ d31 2 a32 1 # [--without-pkgsrc] [--without-x] [--verbose] sandbox-dir d55 2 a56 1 echo " [--without-pkgsrc] [--without-x] [--verbose] sandbox-dir" d183 1 @ 1.7 log @Update to mksandbox-1.4. Changes: - Only copy $kernel if it exists, fixes warning on OSX 10.10 which moves the kernel location to a directory we already mount, noted by J. Lewis Muir on pkgsrc-users. - Add NO_CHECKSUM=yes to appease pkglint. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.6 2013/07/24 22:16:26 jperkin Exp $ d122 1 a122 1 sandboxMountDirs="$sandboxMountDirs /lib64 /usr/lib64 /usr/kerberos" @ 1.6 log @mksandbox-1.3: - Add /usr/sfw to SunOS mount dirs, required for certain binaries on newer releases. - Mount proper instances of /dev and /dev/fd on SunOS rather than relying on devfsadm and ucblinks, the latter of which does not exist on newer releases. - Do not create /var/games if the games user does not exist. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.5 2013/07/20 10:20:42 jperkin Exp $ d250 1 a250 1 if [ ! -z "$kernel" ]; then @ 1.5 log @mksandbox-1.2: * Mount /proc read-write on Linux, it appears to be required for e.g. groupadd to function correctly. * Add new --rodirs and --rwdirs options, which allow arbitrary lists of directories to be mounted appropriately inside the chroot. * Add --without-pkgsrc which prevents the default pkgsrc directories from being mounted. This allows mksandbox to be easily used for chrooted pbulk setups, using a simple invocation such as: mksandbox --without-pkgsrc --rodirs=/usr/pbulk --rwdirs=/shared /chroot @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.4 2013/07/18 16:07:22 jperkin Exp $ d153 1 a153 1 sandboxMountDirs="/bin /sbin /kernel /lib /proc /opt/SUNWspro /usr/X11R6 /usr/5bin /usr/bin /usr/ccs /usr/dt /usr/games /usr/include /usr/lib /usr/openwin /usr/share /usr/sbin /usr/sadm /usr/ucb /usr/ucblib /usr/xpg4 /var/mail /var/sadm" d268 2 a269 4 /usr/sbin/devfsadm -r $sandbox if [ -f /usr/ucblib/ucblinks.awk -a -x /usr/ucb/ucblinks ]; then /usr/ucb/ucblinks -r $sandbox fi d320 7 a326 4 echo "Making /var/games in $sandbox" $mkdirprog $sandbox/var/games $chownprog games:games $sandbox/var/games $chmodprog 2775 $sandbox/var/games d419 4 d438 4 @ 1.4 log @mksandbox-1.1: * Add /lib64 and /usr/lib64 on Linux. * Ensure that read-only --bind mounts on Linux are actually read-only. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.3 2013/05/29 15:09:49 wiz Exp $ d29 3 a31 1 # Usage: mksandbox [--mounthost=host] [--pkgsrc=dir] [--src=srcdir] [--verbose] [--without-x] [--xsrc=xsrcdir] sandbox-dir d39 3 d52 4 a55 2 echo "usage: mksandbox [--mounthost=host] [--pkgsrc=dir] [--src=srcdir] [--verbose] [--without-x] [--xsrc=xsrcdir] sandbox-dir" exit 1 d122 2 a123 1 sandboxMountDirs="$sandboxMountDirs /proc /lib64 /usr/lib64 /usr/kerberos" d174 11 a184 8 --mounthost=*) mounthost=`echo $1 | $sedprog -e 's|^--mounthost=||'` ;; --pkgsrc=*) pkgsrc=`echo $1 | $sedprog -e 's|^--pkgsrc=||'` ;; --src=*) src=`echo $1 | $sedprog -e 's|^--src=||'` ;; --xsrc=*) xsrc=`echo $1 | $sedprog -e 's|^--xsrc=||'` ;; --without-x) with_x=no ;; --verbose) set -x ;; -*) usage ;; *) break ;; d205 1 a205 1 if [ ! -d $pkgsrc ]; then d220 6 a225 5 packages=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=PACKAGES)` distfiles=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=DISTDIR)` localbase=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=LOCALBASE)` pkg_dbdir=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=PKG_DBDIR)` localpatches=`(cd $pkgsrc/pkgtools/lintpkgsrc; $bmakeprog show-var VARNAME=LOCALPATCHES)` d227 2 a228 1 test -d "$localpatches" || echo "WARNING: LOCALPATCHES directory does not exist - ignoring" d255 4 a258 2 echo "Checking package hierarchy in $localbase and package database in $pkg_dbdir exist" $mkdirprog $sandbox/$localbase $sandbox/$pkg_dbdir d346 21 a366 4 echo "Mount $pkgsrc from $sandbox" $mkdirprog $sandbox/usr/pkgsrc $mountprog $mountflags $mounthost$pkgsrc $sandbox/usr/pkgsrc echo "$mounthost$pkgsrc /usr/pkgsrc rw \\" >> $sandbox_script d375 19 a393 13 echo "Mounting $packages and $distfiles from $sandbox" $mkdirprog $sandbox/$packages $sandbox/$distfiles $mkdirprog $packages $distfiles $mountprog $mountflags $mounthost$packages $sandbox/$packages $mountprog $mountflags $mounthost$distfiles $sandbox/$distfiles echo "$mounthost$packages $packages rw \\" >> $sandbox_script echo "$mounthost$distfiles $distfiles rw \\" >> $sandbox_script if [ -n "$localpatches" ] && [ -d "$localpatches" ]; then echo "Mounting $localpatches from $sandbox" $mkdirprog $sandbox/$localpatches $mountprog $mountflags $mounthost$localpatches $sandbox/$localpatches echo "$mounthost$localpatches $localpatches rw \\" >> $sandbox_script @ 1.3 log @- add missing `--mounthost=host' option to usage comment; - sort options order in usage comment and `usage' message; - de-capitalize ``usage'' word in usage message. From Bug Hunting. @ text @d3 1 a3 1 # $NetBSD: mksandbox,v 1.2 2012/08/26 21:38:34 agc Exp $ d115 1 a115 1 sandboxMountDirs="$sandboxMountDirs /proc /usr/kerberos" d291 3 @ 1.2 log @Change to a 2-clause licen[cs]e. @ text @d3 1 a3 1 # $NetBSD: genraidconf.sh,v 1.5 2011/05/19 00:24:22 agc Exp $ d29 1 a29 1 # Usage: mksandbox [--pkgsrc=dir] [--src=srcdir] [--xsrc=xsrcdir] [--without-x] [--verbose] sandbox-dir d47 1 a47 1 echo "Usage: mksandbox [--mounthost=host] [--pkgsrc=dir] [--src=srcdir] [--xsrc=xsrcdir] [--without-x] [--verbose] sandbox-dir" @ 1.1 log @Import mksandbox-1.0 as pkgtools/mksandbox. A small shell script to set up a sandbox (usually for a pkgsrc bulk build), using null mounts. The file lived in pkgsrc/mk/bulk/mksandbox, but is worthy of its own package IMHO. New: with manpage. @ text @d3 4 a6 4 # $NetBSD: mksandbox,v 1.56 2012/07/08 21:25:44 jperkin Exp $ # # # Copyright (c) 2002 Alistair G. Crooks. All rights reserved. a15 7 # 3. All advertising materials mentioning features or use of this software # must display the following acknowledgement: # This product includes software developed by Alistair G. Crooks # for the NetBSD project. # 4. The name of the author may not be used to endorse or promote # products derived from this software without specific prior written # permission. d17 10 a26 11 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE # GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. @