From 4e02e89ed2a288e70152904c5870acccc768b3a9 Mon Sep 17 00:00:00 2001 From: Louis Abel Date: Fri, 7 Apr 2023 12:14:06 -0700 Subject: [PATCH] 0.6.1: Add checks to ensure mock is not in a container --- iso/empanadas/empanadas/__init__.py | 2 +- .../templates/buildLiveImage.tmpl.sh | 23 ++++++++++++++++++- iso/empanadas/empanadas/util/iso_utils.py | 3 ++- iso/empanadas/pyproject.toml | 2 +- 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/iso/empanadas/empanadas/__init__.py b/iso/empanadas/empanadas/__init__.py index ef7eb44..8411e55 100644 --- a/iso/empanadas/empanadas/__init__.py +++ b/iso/empanadas/empanadas/__init__.py @@ -1 +1 @@ -__version__ = '0.6.0' +__version__ = '0.6.1' diff --git a/iso/empanadas/empanadas/templates/buildLiveImage.tmpl.sh b/iso/empanadas/empanadas/templates/buildLiveImage.tmpl.sh index 268ede8..c4be936 100644 --- a/iso/empanadas/empanadas/templates/buildLiveImage.tmpl.sh +++ b/iso/empanadas/empanadas/templates/buildLiveImage.tmpl.sh @@ -9,9 +9,30 @@ test -f {{ isoname }} && { echo "ERROR: ISO ALREDY EXISTS!"; exit 1; } major=$(grep loop /proc/devices | cut -c3) for index in 0 1 2 3 4 5; do - mknod /dev/loop$index $major $index + mknod /dev/loop$index b $major $index done {% else %} +# This section is typically for mock. It is possible to run mock within a +# container, but we generally don't like this. Even though we can do this, +# it does not mean that livemedia-creator is going to work. There are ways +# around this, such as making sure the container is privileged to have loop +# devices, and the loop devices should exist on the host. After, the loop +# devices have to be cleaned up. +# +# The lorax devs have a way of doing this, but it requires privleges and +# the containers cannot be root, as far as I understand it. Having root +# containers is bad practice IMO. +# +# Even so, we don't support it. These checks are to prevent (you) from +# getting needless headaches. +[[ -f /run/.containerenv ]]; container_ec=$? +grep -q "0::/$" /proc/1/cgroup; pid_ec=$? +grep -q "0::/$" /proc/self/cgroup; self_ec=$? + +if [[ "$pid_ec" == "0" ]] || [[ "$container_ec" == 0 ]] || [[ "$self_ec" == 0 ]]; then + exit 23 +fi + cd /builddir {% endif %} diff --git a/iso/empanadas/empanadas/util/iso_utils.py b/iso/empanadas/empanadas/util/iso_utils.py index db53336..43af9ed 100644 --- a/iso/empanadas/empanadas/util/iso_utils.py +++ b/iso/empanadas/empanadas/util/iso_utils.py @@ -1828,7 +1828,8 @@ class LiveBuild: bad_exit_list = [] checksum_list = [] entry_name_list = [] - self.log.warn(Color.WARN + 'This mode does not work properly. It will fail.') + self.log.warn(Color.WARN + 'There is no support for podman in empanadas.') + self.log.warn(Color.WARN + "If this fails, it's on you to determine the fix.") for i in images: image_name = i entry_name = f'buildLiveImage-{arch}-{i}.sh' diff --git a/iso/empanadas/pyproject.toml b/iso/empanadas/pyproject.toml index c2a93fe..d1e8707 100644 --- a/iso/empanadas/pyproject.toml +++ b/iso/empanadas/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "empanadas" -version = "0.6.0" +version = "0.6.1" description = "hand crafted ISOs with love and spice" authors = ["Louis Abel ", "Neil Hanlon "]