From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 12 Jul 2023 21:15:30 +0000 (+0200)
Subject: Add back support for bwrap 0.4
X-Git-Tag: v15~80^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44799a3fb0ae8876bcaada88e4f4ebed9b04dd3c;p=thirdparty%2Fmkosi.git

Add back support for bwrap 0.4

CentOS Stream 9 is still on bwrap 0.4 which is unfortunately still
important so let's add back support for bwrap 0.4. Luckily, instead
of doing awkward template formatting, shells pass extra arguments
received when "-c" is used as arguments to the invoked command, so
we can make use of that to keep the same API for bwrap_cmd().
---

diff --git a/mkosi/run.py b/mkosi/run.py
index 5b16503be..0643a80d6 100644
--- a/mkosi/run.py
+++ b/mkosi/run.py
@@ -321,11 +321,9 @@ def bwrap_cmd(
 
         cmdline += [
             "--tmpfs", apivfs / "run",
-            "--perms", "1777",
             "--tmpfs", apivfs / "tmp",
             "--proc", apivfs / "proc",
             "--dev", apivfs / "dev",
-            "--chmod", "1777", apivfs / "dev/shm",
             "--ro-bind", "/sys", apivfs / "sys",
         ]
 
@@ -340,15 +338,21 @@ def bwrap_cmd(
             else:
                 cmdline += ["--bind", "/dev/null", f"/etc/{f}"]
 
+    if apivfs:
+        chmod = f"chmod 1777 {apivfs / 'tmp'} {apivfs / 'var/tmp'} {apivfs / 'dev/shm'}"
+    else:
+        chmod = ":"
+
     with tempfile.TemporaryDirectory(dir="/var/tmp", prefix="mkosi-var-tmp") as var_tmp:
         if apivfs:
             cmdline += [
                 "--bind", var_tmp, apivfs / "var/tmp",
-                "--chmod", "1777", apivfs / "var/tmp",
                 # Make sure /etc/machine-id is not overwritten by any package manager post install scripts.
                 "--ro-bind", apivfs / "etc/machine-id", apivfs / "etc/machine-id",
             ]
 
+        cmdline += ["sh", "-c", f"{chmod} && exec $0 \"$@\" || exit $?"]
+
         try:
             yield cmdline
         finally:
@@ -402,10 +406,8 @@ def run_workspace_command(
         "--unshare-cgroup",
         "--bind", root, "/",
         "--tmpfs", "/run",
-        "--perms", "1777",
         "--tmpfs", "/tmp",
         "--dev", "/dev",
-        "--chmod", "1777", "/dev/shm",
         "--proc", "/proc",
         "--ro-bind", "/sys", "/sys",
         "--die-with-parent",
@@ -436,7 +438,10 @@ def run_workspace_command(
     ) | env
 
     with tempfile.TemporaryDirectory(dir="/var/tmp", prefix="mkosi-var-tmp") as var_tmp:
-        cmdline += ["--bind", var_tmp, "/var/tmp", "--chmod", "1777", "/var/tmp"]
+        cmdline += [
+            "--bind", var_tmp, "/var/tmp",
+            "sh", "-c", "chmod 1777 /tmp /var/tmp /dev/shm && exec $0 \"$@\" || exit $?"
+        ]
 
         try:
             return run([*cmdline, *cmd], text=True, stdout=stdout, env=env, log=False)