Package: sbuild
Version: 0.85.6
Severity: wishlist
Dear maintainer:
While trying to use the unshare backend I found this error:
tar: dev/full: Cannot mknod: Operation not permitted
tar: dev/urandom: Cannot mknod: Operation not permitted
tar: dev/console: Cannot mknod: Operation not permitted
tar: dev/ptmx: Cannot mknod: Operation not permitted
tar: dev/random: Cannot mknod: Operation not permitted
[...]
The reason (as Jochen identified quickly) is that my tarball did not
include ./ entries, so the exclude patterns in lib/Sbuild/ChrootUnshare.pm
had no effect.
Since I don't think a tarball without ./ is really "wrong" to the point
that it needs to be recreated (this is in fact the very first in my life
that a tarball without ./ causes any kind of trouble), I think it would be
desirable to support those tarballs as well.
So, we (Jochen and myself) wonder if any of the following patches
would be acceptable to you.
The first patch adds --anchored option to tar invocation so that
the exclude patterns are matched from the beginning only
(not anywhere in the filename), then adds the remaining eight
exclude patterns for tarballs without "./".
I could agree that the end result is not very nice, but it's
simple, effective, and imo it's not really so much ugly.
However, while we are at it, I wonder why it's necessary to
uncompress anything in /dev at all these days. Would it work
if everything in /dev is excluded?
The second patch (untested) supports tarballs with or
without ./ and at the same time simplifies the exclude
patterns to just two.
Thanks.
commit d54e3303e4a212a790f736b2b9db072c6fe7b25e
Author: Santiago Vila <[email protected]>
Date: Thu Apr 4 11:30:00 2024 +0200
lib/Sbuild/ChrootUnshare.pm:
Use tar's --anchored option to support tarballs including ./ and also those
not including ./
diff --git a/lib/Sbuild/ChrootUnshare.pm b/lib/Sbuild/ChrootUnshare.pm
index 91a7fa43..02d80936 100644
--- a/lib/Sbuild/ChrootUnshare.pm
+++ b/lib/Sbuild/ChrootUnshare.pm
@@ -166,6 +166,15 @@ sub begin_session {
print STDOUT "Unpacking $tarball to $rootdir...\n";
@cmd = (@unshare_cmd, 'tar',
+ '--anchored',
+ '--exclude=dev/urandom',
+ '--exclude=dev/random',
+ '--exclude=dev/full',
+ '--exclude=dev/null',
+ '--exclude=dev/console',
+ '--exclude=dev/zero',
+ '--exclude=dev/tty',
+ '--exclude=dev/ptmx',
'--exclude=./dev/urandom',
'--exclude=./dev/random',
'--exclude=./dev/full',
commit 47a0ed399f17d0cfc2a5af17bccd55880e5c7892
Author: Santiago Vila <[email protected]>
Date: Thu Apr 4 11:30:00 2024 +0200
lib/Sbuild/ChrootUnshare.pm:
Do not extract anything in /dev
Use tar's --anchored option to support tarballs including ./ and also those
not including ./
diff --git a/lib/Sbuild/ChrootUnshare.pm b/lib/Sbuild/ChrootUnshare.pm
index 91a7fa43..3e554e9c 100644
--- a/lib/Sbuild/ChrootUnshare.pm
+++ b/lib/Sbuild/ChrootUnshare.pm
@@ -166,14 +166,9 @@ sub begin_session {
print STDOUT "Unpacking $tarball to $rootdir...\n";
@cmd = (@unshare_cmd, 'tar',
- '--exclude=./dev/urandom',
- '--exclude=./dev/random',
- '--exclude=./dev/full',
- '--exclude=./dev/null',
- '--exclude=./dev/console',
- '--exclude=./dev/zero',
- '--exclude=./dev/tty',
- '--exclude=./dev/ptmx',
+ '--anchored',
+ '--exclude=dev/',
+ '--exclude=./dev/',
'--directory', $rootdir,
'--extract'
);
