diff --git a/makechrootpkg.in b/makechrootpkg.in
index e06f46c66159d641d14d8062100cd187bf851b0f..48675d704ea21a79b3f64cd7be240b1e1d7fc2db 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -258,15 +258,11 @@ nobody ALL = NOPASSWD: /usr/bin/pacman
EOF
chmod 440 "$copydir/etc/sudoers.d/nobody-pacman"
-# Set this system wide as makepkg will source /etc/profile before calling build()
-echo 'LANG=C' > "$copydir/etc/locale.conf"
-
# This is a little gross, but this way the script is recreated every time in the
# working copy
cat >"$copydir/chrootbuild" <<EOF
#!/bin/bash
. /etc/profile
-export LANG=C
export HOME=/build
cd /build
diff --git a/mkarchroot.in b/mkarchroot.in
index 3eb74643b9e890b049921e0d3d230e59b1b0ae9a..1b02e0e63c2a3d628e7a417b4109d4f74dab82cc 100644
--- a/mkarchroot.in
+++ b/mkarchroot.in
@@ -30,7 +30,6 @@ usage() {
echo ' -M <file> Location of a makepkg config file'
echo ' -n Do not copy config files into the chroot'
echo ' -c <dir> Set pacman cache. Default: /var/cache/pacman/pkg'
- echo ' -d Use devtmpfs instead of minimal /dev (tmpfs)'
echo ' -h This message'
exit 1
}
@@ -87,38 +86,40 @@ fi
# {{{ functions
chroot_mount() {
[[ -e "${working_dir}/sys" ]] || mkdir "${working_dir}/sys"
- mount -t sysfs sysfs "${working_dir}/sys"
+ mount -o bind /sys "${working_dir}/sys"
+ mount -o remount,ro,bind "${working_dir}/sys"
[[ -e "${working_dir}/proc" ]] || mkdir "${working_dir}/proc"
- mount -t proc proc "${working_dir}/proc"
+ mount -t proc proc -o nosuid,noexec,nodev "${working_dir}/proc"
+ mount -o bind /proc/sys "${working_dir}/proc/sys"
+ mount -o remount,ro,bind "${working_dir}/proc/sys"
[[ -e "${working_dir}/dev" ]] || mkdir "${working_dir}/dev"
- if [[ ${USE_DEVTMPFS} = "y" ]]; then
- mount -t devtmpfs dev "${working_dir}/dev" -o mode=0755,nosuid
- else
- mount -t tmpfs dev "${working_dir}/dev" -o mode=0755,size=10M,nosuid
- mknod -m 666 "${working_dir}/dev/null" c 1 3
- mknod -m 666 "${working_dir}/dev/zero" c 1 5
- mknod -m 600 "${working_dir}/dev/console" c 5 1
- mknod -m 644 "${working_dir}/dev/random" c 1 8
- mknod -m 644 "${working_dir}/dev/urandom" c 1 9
- mknod -m 666 "${working_dir}/dev/tty" c 5 0
- mknod -m 666 "${working_dir}/dev/ptmx" c 5 2
- mknod -m 666 "${working_dir}/dev/tty0" c 4 0
- mknod -m 666 "${working_dir}/dev/full" c 1 7
- ln -s /proc/kcore "${working_dir}/dev/core"
- ln -s /proc/self/fd "${working_dir}/dev/fd"
- ln -s /proc/self/fd/0 "${working_dir}/dev/stdin"
- ln -s /proc/self/fd/1 "${working_dir}/dev/stdout"
- ln -s /proc/self/fd/2 "${working_dir}/dev/stderr"
- fi
+ mount -t tmpfs dev "${working_dir}/dev" -o mode=0755,size=10M,nosuid,strictatime
+ mknod -m 666 "${working_dir}/dev/null" c 1 3
+ mknod -m 666 "${working_dir}/dev/zero" c 1 5
+ mknod -m 600 "${working_dir}/dev/console" c 5 1
+ mknod -m 644 "${working_dir}/dev/random" c 1 8
+ mknod -m 644 "${working_dir}/dev/urandom" c 1 9
+ mknod -m 666 "${working_dir}/dev/tty" c 5 0
+ mknod -m 666 "${working_dir}/dev/ptmx" c 5 2
+ mknod -m 666 "${working_dir}/dev/tty0" c 4 0
+ mknod -m 666 "${working_dir}/dev/full" c 1 7
+ mknod -m 666 "${working_dir}/dev/rtc0" c 254 0
+ ln -s /proc/kcore "${working_dir}/dev/core"
+ ln -s /proc/self/fd "${working_dir}/dev/fd"
+ ln -s /proc/self/fd/0 "${working_dir}/dev/stdin"
+ ln -s /proc/self/fd/1 "${working_dir}/dev/stdout"
+ ln -s /proc/self/fd/2 "${working_dir}/dev/stderr"
[[ -e "${working_dir}/dev/shm" ]] || mkdir "${working_dir}/dev/shm"
mount -t tmpfs shm "${working_dir}/dev/shm" -o nodev,nosuid,size=128M
[[ -e "${working_dir}/dev/pts" ]] || mkdir "${working_dir}/dev/pts"
- mount -t devpts devpts "${working_dir}/dev/pts" -o newinstance,ptmxmode=666
- mount -o bind "${working_dir}/dev/pts/ptmx" "${working_dir}/dev/ptmx"
+ mount -o bind /dev/pts "${working_dir}/dev/pts"
+
+ [[ -e "${working_dir}/run" ]] || mkdir "${working_dir}/run"
+ mount -t tmpfs tmpfs "${working_dir}/run" -o nodev,nosuid,strictatime,size=64M
[[ -e $cache_dir ]] || mkdir -p "${cache_dir}"
[[ -e "${working_dir}/${cache_dir}" ]] || mkdir -p "${working_dir}/${cache_dir}"
@@ -135,6 +136,7 @@ chroot_mount() {
copy_hostconf () {
cp /etc/resolv.conf "${working_dir}/etc/resolv.conf"
+ cp -a /etc/pacman.d/gnupg "${working_dir}/etc/pacman.d"
echo "Server = ${host_mirror}" > ${working_dir}/etc/pacman.d/mirrorlist
if [[ -n $pac_conf && $NOCOPY = 'n' ]]; then
@@ -147,12 +149,13 @@ copy_hostconf () {
}
chroot_umount () {
+ umount "${working_dir}/proc/sys"
umount "${working_dir}/proc"
umount "${working_dir}/sys"
- umount "${working_dir}/dev/ptmx"
umount "${working_dir}/dev/pts"
umount "${working_dir}/dev/shm"
umount "${working_dir}/dev"
+ umount "${working_dir}/run"
umount "${working_dir}/${cache_dir}"
[[ -n $host_mirror_path ]] && umount "${working_dir}/${host_mirror_path}"
}
@@ -184,7 +187,7 @@ if [[ -n $RUN ]]; then
chroot_mount
copy_hostconf
- eval chroot "${working_dir}" ${RUN}
+ eval unshare -mui -- chroot "${working_dir}" ${RUN}
# }}}
else
@@ -226,6 +229,9 @@ else
sed -i 's@^#\(en_US\|de_DE\)\(\.UTF-8\)@\1\2@' "${working_dir}/etc/locale.gen"
chroot "${working_dir}" /usr/sbin/locale-gen
fi
+ echo 'UTC' > "${working_dir}/etc/timezone"
+ ln -s /usr/share/zoneinfo/UTC "${working_dir}/etc/localtime"
+ echo 'LANG=C' > "${working_dir}/etc/locale.conf"
copy_hostconf
diff --git a/pacman-extra.conf b/pacman-extra.conf
index 0b1fea6e896a41d2c20b41d2c92104b520143e92..821f9a53e3121e77933b62f1acd444915425b8af 100644
--- a/pacman-extra.conf
+++ b/pacman-extra.conf
@@ -45,9 +45,6 @@ Architecture = auto
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
-# Signature checking does not work within our chroot
-SigLevel = Never
-
#
# REPOSITORIES
# - can be defined here or included from another file
@@ -72,18 +69,23 @@ SigLevel = Never
# after the header, and they will be used before the default mirrors.
#[testing]
+#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist
[core]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[extra]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
#[community-testing]
+#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist
[community]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
diff --git a/pacman-gnome-unstable.conf b/pacman-gnome-unstable.conf
index 07495d06f13159eb0c2ad7a0837eade95fb29d88..9bdca63bfd2963261cdb6d45fbab800460fb8bca 100644
--- a/pacman-gnome-unstable.conf
+++ b/pacman-gnome-unstable.conf
@@ -45,9 +45,6 @@ Architecture = auto
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
-# Signature checking does not work within our chroot
-SigLevel = Never
-
#
# REPOSITORIES
# - can be defined here or included from another file
@@ -72,21 +69,27 @@ SigLevel = Never
# after the header, and they will be used before the default mirrors.
[gnome-unstable]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[core]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[extra]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community-testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
diff --git a/pacman-kde-unstable.conf b/pacman-kde-unstable.conf
index c0e2e8e8aff07dc0a7c33a9c6d3f4da90bb33505..1bec946d7c4c830e704d9b08c83ee3c0655ace51 100644
--- a/pacman-kde-unstable.conf
+++ b/pacman-kde-unstable.conf
@@ -45,9 +45,6 @@ Architecture = auto
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
-# Signature checking does not work within our chroot
-SigLevel = Never
-
#
# REPOSITORIES
# - can be defined here or included from another file
@@ -72,21 +69,27 @@ SigLevel = Never
# after the header, and they will be used before the default mirrors.
[kde-unstable]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[core]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[extra]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community-testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
diff --git a/pacman-multilib-staging.conf b/pacman-multilib-staging.conf
index dee241cd02366f14622755978e18262b7b479be3..3d1ab7563381d07647bf6de797cc637aad7b7c59 100644
--- a/pacman-multilib-staging.conf
+++ b/pacman-multilib-staging.conf
@@ -45,9 +45,6 @@ Architecture = auto
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
-# Signature checking does not work within our chroot
-SigLevel = Never
-
#
# REPOSITORIES
# - can be defined here or included from another file
@@ -72,40 +69,50 @@ SigLevel = Never
# after the header, and they will be used before the default mirrors.
[staging]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[core]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[extra]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community-staging]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community-testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
[multilib-staging]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[multilib-testing]
-#SigLevel = Optional TrustAll
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[multilib]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
+#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
diff --git a/pacman-multilib-testing.conf b/pacman-multilib-testing.conf
index e60a998d202551751d66c3292b07c6e7736a864b..d24eb6ca93a501d91b4dd381c23f4549120fc3df 100644
--- a/pacman-multilib-testing.conf
+++ b/pacman-multilib-testing.conf
@@ -45,9 +45,6 @@ Architecture = auto
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
-# Signature checking does not work within our chroot
-SigLevel = Never
-
#
# REPOSITORIES
# - can be defined here or included from another file
@@ -72,31 +69,38 @@ SigLevel = Never
# after the header, and they will be used before the default mirrors.
[testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[core]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[extra]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community-testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
[multilib-testing]
-#SigLevel = Optional TrustAll
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[multilib]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
+#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
diff --git a/pacman-multilib.conf b/pacman-multilib.conf
index d83def4bd7465afd114f4f92020f924292cd320a..8d1075704f971cee51b7cb48c70e34ce8a1cad08 100644
--- a/pacman-multilib.conf
+++ b/pacman-multilib.conf
@@ -45,9 +45,6 @@ Architecture = auto
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
-# Signature checking does not work within our chroot
-SigLevel = Never
-
#
# REPOSITORIES
# - can be defined here or included from another file
@@ -72,28 +69,39 @@ SigLevel = Never
# after the header, and they will be used before the default mirrors.
#[testing]
+#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist
[core]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[extra]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
#[community-testing]
+#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist
[community]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repository here.
+# enable the multilib repositories as required here.
+
+#[multilib-testing]
+#SigLevel = PackageRequired
+#Include = /etc/pacman.d/mirrorlist
+
[multilib]
-#SigLevel = Optional TrustAll
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
+#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
diff --git a/pacman-staging.conf b/pacman-staging.conf
index 4a803a121b384113b43325b5227c79c0d695c594..d4116e2b3e5976e8b64da13c1601d64961a96f7e 100644
--- a/pacman-staging.conf
+++ b/pacman-staging.conf
@@ -45,9 +45,6 @@ Architecture = auto
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
-# Signature checking does not work within our chroot
-SigLevel = Never
-
#
# REPOSITORIES
# - can be defined here or included from another file
@@ -72,29 +69,36 @@ SigLevel = Never
# after the header, and they will be used before the default mirrors.
[staging]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[core]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[extra]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community-staging]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community-testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
-#SigLevel = Optional TrustAll
[community]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
+#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
diff --git a/pacman-testing.conf b/pacman-testing.conf
index a99b99d7011383a4cb3991b91eae121668388717..353bdbba1db26766b605b427d9701ec3a5f6e737 100644
--- a/pacman-testing.conf
+++ b/pacman-testing.conf
@@ -45,9 +45,6 @@ Architecture = auto
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
-# Signature checking does not work within our chroot
-SigLevel = Never
-
#
# REPOSITORIES
# - can be defined here or included from another file
@@ -72,18 +69,23 @@ SigLevel = Never
# after the header, and they will be used before the default mirrors.
[testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[core]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[extra]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community-testing]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
[community]
+SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for