sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity
strongswan/testing/scripts/build-strongswan
Tobias Brunner cc094c30d1 testing: Fix 'unsafe repository' error when accessing Git repository 
A recent security fix for Git added a fatal error if the directory that
contains the .git directory is not owned by the user that runs git in
that directory tree:

  Determine strongSwan version fatal: unsafe repository ('...' is owned by someone else)

To avoid this, we call the git commands as owner of the source
directory (the script has to run as root, so this is no problem).

The user/group ID and name is now also determined via `stat(1)` so it
directly depends on the actual source dir and should work even when not
using sudo.
2022-05-02 11:09:14 +02:00

203 lines
5.2 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
DIR=$(dirname `readlink -f $0`)
. $DIR/../testing.conf
. $DIR/function.sh
[ `id -u` -eq 0 ] || die "You must be root to run $0"
[ -f "$BASEIMG" ] || die "Base image $BASEIMG not found"
running_any $STRONGSWANHOSTS && die "Please stop test environment before running $0"
check_commands partprobe qemu-img qemu-nbd
load_qemu_nbd
mkdir -p $LOOPDIR
mkdir -p $IMGDIR
usage() {
cat << EOF
Usage:
${0##*/} [--all] [--guest NAME|--no-guests] [--replace] [--clean] [SRCDIR]
${0##*/} [--all] [--guest NAME|--no-guests] [--replace] [--tarball VERSION]
--help (-h) show usage information
--all (-a) build/install all software, not only strongSwan
--clean (-c) use a new strongSwan build directory
--guest NAME (-g) only install in a specific guest image
--no-guests (-n) don't build any guest images after the root image
--replace (-r) replace the root image (implies --all)
--tarball (-t) build strongSwan from a release tarball
EOF
}
ALL_RECIPES=
CLEAN=
GUEST=
NO_GUESTS=
REPLACE=
TARBALL=
while :; do
case $1 in
-h|--help)
usage
exit
;;
-a|--all)
ALL_RECIPES=1
;;
-c|--clean)
CLEAN=1
;;
-g|--guest)
if [ "$2" ]; then
GUEST=$2
shift
else
die "Guest name missing"
fi
;;
-n|--no-guests)
NO_GUESTS=1
;;
-r|--replace)
REPLACE=1
;;
-t|--tarball)
if [ "$2" ]; then
TARBALL=$2
shift
else
die "Release version missing"
fi
;;
*)
break
esac
shift
done
SWANDIR=
if [ -z "$TARBALL" ]; then
check_commands bindfs
SWANDIR=${1:+$(readlink -f $1)}
: ${SWANDIR:=$(readlink -f $DIR/../..)}
[ -f $SWANDIR/src/libstrongswan/asn1/oid.txt ] || die "strongSwan not found in $SWANDIR"
fi
case "$GUEST" in
"")
if [ ! -f "$ROOTIMG" -o "$REPLACE" ]; then
log_action "Creating root image $ROOTIMG"
execute "qemu-img create -b $BASEIMG -f $IMGEXT -F $IMGEXT $ROOTIMG"
ALL_RECIPES=1
fi
log_action "Connecting root image to NBD device $NBDEV"
[ -f "$ROOTIMG" ] || die "Root image $ROOTIMG not found"
execute "qemu-nbd -c $NBDEV $ROOTIMG"
;;
*)
echo $STRONGSWANHOSTS | grep -q "\b$GUEST\b" || die "Guest $GUEST not found"
GUESTIMG="$IMGDIR/$GUEST.$IMGEXT"
[ -f "$GUESTIMG" ] || die "Guest image $GUESTIMG not found"
log_action "Connecting guest image to NBD device $NBDEV"
execute "qemu-nbd -c $NBDEV $GUESTIMG"
;;
esac
do_on_exit qemu-nbd -d $NBDEV
partprobe $NBDEV
log_action "Mounting $NBDPARTITION to $LOOPDIR"
execute "mount $NBDPARTITION $LOOPDIR"
do_on_exit umount $LOOPDIR
log_action "Mounting proc filesystem to $LOOPDIR/proc"
execute "mount -t proc none $LOOPDIR/proc"
do_on_exit umount $LOOPDIR/proc
mkdir -p $SHAREDDIR
mkdir -p $LOOPDIR/root/shared
log_action "Mounting $SHAREDDIR as /root/shared"
execute "mount -o bind $SHAREDDIR $LOOPDIR/root/shared"
do_on_exit umount $LOOPDIR/root/shared
log_action "Copy /etc/resolv.conf"
execute "cp /etc/resolv.conf $LOOPDIR/etc/resolv.conf"
do_on_exit rm $LOOPDIR/etc/resolv.conf
log_action "Remove SWID tags of previous strongSwan versions"
execute_chroot "find /usr/local/share -path '*strongswan*' -name *.swidtag -delete"
if [ -z "$TARBALL" ]; then
SRCUID=$(stat -c '%u' $SWANDIR)
SRCGID=$(stat -c '%g' $SWANDIR)
SRCUSER=$(stat -c '%U' $SWANDIR)
mkdir -p $LOOPDIR/root/strongswan
log_action "Mounting $SWANDIR as /root/strongswan"
execute "bindfs -u $SRCUID -g $SRCGID --create-for-user=$SRCUID --create-for-group=$SRCGID $SWANDIR $LOOPDIR/root/strongswan"
do_on_exit umount $LOOPDIR/root/strongswan
log_action "Determine strongSwan version"
desc=`runuser -u $SRCUSER -- git -C $SWANDIR describe --exclude 'android-*' --dirty`
if [ $? -eq 0 ]; then
version="$desc (`runuser -u $SRCUSER -- git -C $SWANDIR rev-parse --abbrev-ref HEAD`)"
else
version="`cat $SWANDIR/configure.ac | sed -n '/^AC_INIT/{ s/.*,\[\(.*\)\])$/\1/p }'`"
fi
echo "$version" > $SHAREDDIR/.strongswan-version
log_status 0
log_action "Preparing source tree"
execute_chroot 'autoreconf -i /root/strongswan'
fi
RECPDIR=$DIR/recipes
if [ "$ALL_RECIPES" ]; then
echo "Building and installing strongSwan and all other software"
if [ -d "$RECPDIR/patches" ]
then
execute "cp -r $RECPDIR/patches $LOOPDIR/root/shared/compile" 0
fi
RECIPES=`ls $RECPDIR/*.mk | xargs -n1 basename`
else
echo "Building and installing strongSwan"
RECIPES=`ls $RECPDIR/*strongswan.mk | xargs -n1 basename`
fi
if [ "$CLEAN" ]; then
rm -rf $SHAREDDIR/build-strongswan
fi
mkdir -p $SHAREDDIR/build-strongswan
mkdir -p $SHAREDDIR/compile
for r in $RECIPES
do
log_action "Installing from recipe $r"
if [[ $r == *strongswan.mk && -z "$TARBALL" ]]; then
cp $RECPDIR/$r $SHAREDDIR/build-strongswan
execute_chroot "make SRCDIR=/root/strongswan BUILDDIR=/root/shared/build-strongswan -f /root/shared/build-strongswan/$r"
else
cp $RECPDIR/$r ${LOOPDIR}/root/shared/compile
execute_chroot "make SWANVERSION=$TARBALL -C /root/shared/compile -f $r"
fi
done
# rebuild the guest images after we modified the root image
if [ -z "$GUEST" -a -z "$NO_GUESTS" ]; then
# cleanup before mounting guest images
on_exit
# building the guest images without certificates fails on winnetou
if [ ! -f "$DIR/../hosts/winnetou/etc/ca/strongswanCert.pem" ]; then
# this also re-builds the guest images
$DIR/build-certs
else
$DIR/build-guestimages
fi
fi
Reference in New Issue View Git Blame Copy Permalink