[reprotest] 01/02: doc, build: unshare+nsenter doesn't work inside a container

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository reprotest.

commit dff626d66de461ca4648812a56cf28de2a86623b
Author: Ximin Luo <infinity0 at debian.org>
Date:   Fri Oct 27 17:08:19 2017 +0200

    doc, build: unshare+nsenter doesn't work inside a container
---
 README.rst         | 3 +++
 reprotest/build.py | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index 687f476..35132f0 100644
--- a/README.rst
+++ b/README.rst
@@ -299,6 +299,9 @@ this in reprotest without heavy effort.
 Therefore, it is recommended to run this variation with use_sudo=1. To avoid
 password prompts, see the section "Avoid sudo(1) password prompts" below.
 
+Currently, neither the sudo nor non-sudo options work inside a container; give
+--vary=-domain_host if you need to run it inside one. FIXME.
+
 User or group
 -------------
 
diff --git a/reprotest/build.py b/reprotest/build.py
index cd3a09c..ce8963b 100644
--- a/reprotest/build.py
+++ b/reprotest/build.py
@@ -230,6 +230,10 @@ def domain_host(ctx, build, vary):
         _ = _.prepend_cleanup_exec('sudo', 'umount', ns_mnt)
         _ = _.prepend_cleanup_exec('sudo', 'umount', ns_uts)
         # configure our unshare
+        # --root=/ is needed when running nsenter inside schroot, otherwise it defaults to the
+        # host root. But then there is a further error because /proc/self/mounts is empty.
+        # possibly it's a bug, maybe follow it up
+        # It works if we replace the below with a single "unshare (huge script)" but that's not possible to add to sudoers
         nsenter = ['sudo', 'nsenter'] + ns_args
         _ = _.append_setup_exec(*nsenter, 'hostname', hostname)
         _ = _.append_setup_exec(*nsenter, 'domainname', domainname)
@@ -238,7 +242,7 @@ def domain_host(ctx, build, vary):
             'echo "127.0.0.1 {1}" > {0}/hosts && cat /etc/hosts >> {0}/hosts'.format(build.aux_tree, hostname))
         _ = _.append_setup_exec(*nsenter, 'mount', '-B', '%s/hosts' % build.aux_tree, '/etc/hosts')
         # wrap our build command
-        _ = _.prepend_to_build_command('sudo', '-E', 'nsenter', *ns_args, *make_sudo_command(*current_user_group()))
+        _ = _.prepend_to_build_command('sudo', '-E', *(nsenter[1:]), *make_sudo_command(*current_user_group()))
     else:
         logger.warn("Not using sudo for domain_host; it is recommended. Your build may fail.")
         logger.warn("Be sure to `echo 1 > /proc/sys/kernel/unprivileged_userns_clone` if on a Debian system.")

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/reprotest.git