Skip to content

Commit

Permalink
acbs: treat /tree as a "safe directory"
Browse files Browse the repository at this point in the history
- This allows maintainers to build packages with correct version
  numbers, even if their /TREE is not owned by root (e.g. using regular
  user for development and SSH access).
- Without this fix, ACBS will be unable to get commit, branch and
  working tree status (e.g. whether if it is in stable, to add extra
  version strings if TREE is in a topic branch) when the ABBS tree is
  not owned by root.

* acbs/main: install safe.directory configuration if systemd-nspawn is
  detected (assuming it is a Ciel container instance).
* acbs/utils: Add parameters to treat /tree as "safe directory".
  • Loading branch information
Cyanoxygen committed Dec 1, 2024
1 parent b9fbaf6 commit 21a8784
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 4 deletions.
15 changes: 15 additions & 0 deletions acbs/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
ACBSLogFormatter,
ACBSLogPlainFormatter,
check_artifact,
detect_nspawn,
full_line_banner,
generate_checksums,
guess_subdir,
Expand All @@ -40,6 +41,12 @@

CIEL_LOCK_PATH = '/debs/fresh.lock'

# Git config to treat the ABBS tree as "safe directory".
GIT_CONFIG_SAFEDIR = """
[safe]
\tdirectory = /tree
"""

def ciel_invalidate_cache():
logging.info('Asking ciel to refresh repository...')
if os.path.exists(CIEL_LOCK_PATH):
Expand Down Expand Up @@ -149,6 +156,14 @@ def init(self) -> None:
else:
raise Exception('forest.conf not found')

# Install a git config file to allow dubious ownership in /tree.
if detect_nspawn():
try:
with open("/root/.gitconfig", 'w+') as f:
f.writelines(GIT_CONFIG_SAFEDIR)
except Exception as e:
logging.warning("Unable to install git config file: {}, skipping.".format(e))

def __install_logger(self, str_verbosity=logging.INFO,
file_verbosity=logging.DEBUG):
logger = logging.getLogger()
Expand Down
21 changes: 17 additions & 4 deletions acbs/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ def generate_metadata(task: ACBSPackageInfo) -> str:
tree_commit = 'unknown'
try:
tree_commit = subprocess.check_output(
['git', 'describe', '--always', '--dirty'], cwd=task.script_location).decode('utf-8').strip()
['git', '-c', 'safe.directory=/tree', 'describe', '--always', '--dirty'], cwd=task.script_location).decode('utf-8').strip()
except subprocess.CalledProcessError as ex:
logging.warning(f'Could not determine tree commit: {ex}')
return f'X-AOSC-ACBS-Version: {__version__}\nX-AOSC-Commit: {tree_commit}\n'
Expand All @@ -195,19 +195,19 @@ def generate_version_stamp(task: ACBSPackageInfo) -> str:
try:
stamp = ''
head_ref = subprocess.check_output(
['git', 'symbolic-ref', 'HEAD'], cwd=task.script_location).decode('utf-8').strip()
['git', '-c', 'safe.directory=/tree', 'symbolic-ref', 'HEAD'], cwd=task.script_location).decode('utf-8').strip()
if head_ref == 'refs/heads/stable':
logging.info(f'Using no version stamp')
return ''

dirty = len(subprocess.check_output(
['git', 'status', '--porcelain'], cwd=task.script_location).decode('utf-8').strip()) != 0
['git', '-c', 'safe.directory=/tree', 'status', '--porcelain'], cwd=task.script_location).decode('utf-8').strip()) != 0
timestamp = None
if dirty:
timestamp = int(time.time())
else:
timestamp = int(subprocess.check_output(
['git', 'show', '-s', '--format=%ct', 'HEAD'], cwd=task.script_location).decode('utf-8').strip())
['git', '-c', 'safe.directory=/tree', 'show', '-s', '--format=%ct', 'HEAD'], cwd=task.script_location).decode('utf-8').strip())
stamp += '~pre'
stamp += (
datetime.datetime.utcfromtimestamp(timestamp)
Expand Down Expand Up @@ -438,3 +438,16 @@ def format(self, record):
logging.INFO, logging.DEBUG):
record.msg = f'[{lvl_map[record.levelname]}]: {record.msg}'
return super(ACBSLogFormatter, self).format(record)

def detect_nspawn() -> bool:
try:
with open("/run/systemd/container", "r") as f:
content = f.readline()
if content.strip() == "systemd-nspawn":
return True
except FileNotFoundError:
return False
except Exception as e:
logging.warning("Unable to detect containerization: {}, assuming false.".format(e))
return False
return False

0 comments on commit 21a8784

Please sign in to comment.