Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare
  • Issues 661
    • Issues 661
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 325
    • Merge requests 325
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpinealpine
  • aportsaports
  • Merge requests
  • !26263

scripts/mkimage.sh: non-root cleanup fixes

  • Review changes

  • Download
  • Email patches
  • Plain diff
Merged Stanislav Kholmanskikh requested to merge skholman/aports:mkimage-non-root-cleanup into master Oct 08, 2021
  • Overview 3
  • Commits 2
  • Pipelines 4
  • Changes 1

Hi!

This PR addresses two issues:

  • even if executed under a non-root user mkimage.sh leaves several root-owned files in its workdir, and so cleaning up the workdir requires root privileges
  • when it finishes, it doesn't remove mktemp created WORKDIR thus "polluting" the temporary directory (/tmp, $TMPDIR)

I'm not 100% sure that using apk instead of abuild-apk is legit there. It seems to be working fine, as the generated iso and minirootfs files work fine. abuild-apk is there since the creation of the script. So I'd highly appreciate if someone with more experience can confirm that using apk here is perfectly fine.

Thanks.

alpine01:~/aports/scripts$ id
uid=1000(stas) gid=1000(stas) groups=10(wheel),300(abuild),1000(stas)
alpine01:~/aports/scripts$ mkdir /tmp/workdir
alpine01:~/aports/scripts$ ./mkimage.sh --profile minirootfs --repository http://mirror.yandex.ru/mirrors/alpine/v3.14/main --workdir /tmp/workdir
OK: 0 MiB in 0 packages
fetch http://mirror.yandex.ru/mirrors/alpine/v3.14/main/x86_64/APKINDEX.tar.gz
v3.14.2-83-g04ade1dae3 [http://mirror.yandex.ru/mirrors/alpine/v3.14/main]
OK: 4791 distinct packages available
>>> mkimage-x86_64: Building minirootfs
>>> mkimage-x86_64: Creating alpine-minirootfs-211008-x86_64.tar.gz
http://mirror.yandex.ru/mirrors/alpine/v3.14/main
fetch http://mirror.yandex.ru/mirrors/alpine/v3.14/main/x86_64/APKINDEX.tar.gz
(1/14) Installing musl (1.2.2-r3)
(2/14) Installing busybox (1.33.1-r3)
(3/14) Installing alpine-baselayout (3.2.0-r16)
(4/14) Installing alpine-keys (2.3-r1)
(5/14) Installing libcrypto1.1 (1.1.1l-r0)
(6/14) Installing libssl1.1 (1.1.1l-r0)
(7/14) Installing ca-certificates-bundle (20191127-r5)
(8/14) Installing libretls (3.3.3p1-r2)
(9/14) Installing ssl_client (1.33.1-r3)
(10/14) Installing zlib (1.2.11-r3)
(11/14) Installing apk-tools (2.12.7-r0)
(12/14) Installing scanelf (1.3.2-r0)
(13/14) Installing musl-utils (1.2.2-r3)
(14/14) Installing libc-utils (0.7.2-r3)
OK: 6 MiB in 14 packages
Images generated in /home/stas/aports/scripts
alpine01:~/aports/scripts$ ls -l /tmp/workdir/
total 8
drwxr-xr-x    8 stas     stas          4096 Oct  8 17:15 apkroot-x86_64
drwxr-xr-x    2 stas     stas          4096 Oct  8 17:15 image-da39a3ee5e6b4b0d3255bfef95601890afd80709-x86_64-minirootfs
alpine01:~/aports/scripts$ rm -rf /tmp/workdir/apkroot-x86_64/
rm: can't remove '/tmp/workdir/apkroot-x86_64/var/cache/apk': Permission denied
rm: can't remove '/tmp/workdir/apkroot-x86_64/var/cache/misc': Permission denied
rm: can't remove '/tmp/workdir/apkroot-x86_64/dev/null': Permission denied
rm: can't remove '/tmp/workdir/apkroot-x86_64/dev/console': Permission denied
rm: can't remove '/tmp/workdir/apkroot-x86_64/dev/zero': Permission denied
rm: can't remove '/tmp/workdir/apkroot-x86_64/dev/urandom': Permission denied
rm: can't remove '/tmp/workdir/apkroot-x86_64/dev/random': Permission denied
rm: can't remove '/tmp/workdir/apkroot-x86_64/lib/apk/db/scripts.tar': Permission denied
rm: can't remove '/tmp/workdir/apkroot-x86_64/lib/apk/db/triggers': Permission denied
rm: can't remove '/tmp/workdir/apkroot-x86_64/lib/apk/db/lock': Permission denied
rm: can't remove '/tmp/workdir/apkroot-x86_64/lib/apk/db/installed': Permission denied
alpine01:~/aports/scripts$ ls -l /tmp/workdir/apkroot-x86_64/dev/null 
crw-rw-rw-    1 root     root        1,   3 Oct  8 17:15 /tmp/workdir/apkroot-x86_64/dev/null
alpine01:~/aports/scripts$ 
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: mkimage-non-root-cleanup