fix: libremakepkg: Have startdir be RO unless the -W flag is passed to make it RW

A key aspect of libremakepkg is that it tries to be strict about many things, in order to catch issues. One issue is that sources are downloaded during build(), meaning that they're missing from the .src.pkg.tar sourceball. So, by default libremakepkg runs build() with networking disabled, to catch this issue. If there is a problematic package, we have an -N flag to enable networking, as an escape hatch; as we only have finite packager time/effort. One issue is when a package can't be rebuilt from the .src.pkg.tar sourceball. If the PKGBUILD modifies itself, then it won't match what's in the sourceball. This is what the libremakepkg.bats:"libremakepkg does not run pkgver" test demonstrates and tests-for; this failing demonstration testcase was added in 044b4e1 (test: libremakepkg: Add some failing tests [ci-skip], 2018-07-31, Luke Shumaker <lukeshu@lukeshu.com>). We solved by mounting the $startdir read-only in 646ac02 (libremakepkg,chcleanup: Be stricter about network access, 2018-08-03, Luke Shumaker <lukeshu@lukeshu.com>). However, it turns out that this caused issues for a few packages. So, this protection was reverted in a6f6ac4 (libremakepkg: fix building packages requring a rw startdir, 2019-05-17, Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>). This is bad, it potentially lets many issues slip through undetected. Instead, handle it like we do networking: Have the protection on by default, say "PLEASE don't turn this off", but recognize the increased cost in time and efforts and so provide the `-W` flag as an escape hatch.
author: Luke T. Shumaker <lukeshu@parabola.nu> 2024-02-20 23:46:59 -0700
committer: Luke T. Shumaker <lukeshu@parabola.nu> 2024-02-21 10:17:52 -0700
commit: 63d3993a320ee03c20da05d0e04ddbd3cc800335 (patch)
tree: 7be4a7f3ff29d34f43f9fe0116282d61b5fb9009
parent: 9a0328490c2ea30d0eda470cb4da8da0030c96e9 (diff)
4 files changed, 49 insertions, 4 deletions
diff --git a/po/es/libretools.po b/po/es/libretools.po
index 57a8e19..fbd4122 100644
--- a/po/es/libretools.po
+++ b/po/es/libretools.po
@@ -1072,6 +1072,11 @@ msgstr          "No deshabilita la conexión a internet durante build() y "
         "package(). POR FAVOR no use esta opción al menos que tenga una razón "
         "en especial, su uso es una violación a la política de Parabola."
 
+#: src/chroot-tools/libremakepkg:194
+msgid   "Don't make the startdir read-only.  PLEASE don't use this unless you "
+        "have a special reason, its use is a violation of Parabola policy."
+msgstr  ""
+
 #: src/chroot-tools/libremakepkg:184
 msgid   "Repackage contents of the package without rebuilding"
 msgstr  "Reempaqueta los contenidos del paquete sin recompilar"
diff --git a/src/chroot-tools/libremakepkg b/src/chroot-tools/libremakepkg
index 957e20b..d3dd160 100755
--- a/src/chroot-tools/libremakepkg
+++ b/src/chroot-tools/libremakepkg
@@ -5,7 +5,7 @@ set -euE
 # Copyright (C) 2010-2012 Nicolás Reynolds <fauno@parabola.nu>
 # Copyright (C) 2010-2012 Joshua Ismael Haase Hernández (xihh) <hahj87@gmail.com>
 # Copyright (C) 2012 Michał Masłowski <mtjm@mtjm.eu>
-# Copyright (C) 2012-2015, 2017-2018 Luke Shumaker <lukeshu@parabola.nu>
+# Copyright (C) 2012-2015, 2017-2018, 2024 Luke Shumaker <lukeshu@parabola.nu>
 # Copyright (C) 2019, 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
 #
 # License: GNU GPLv2+
@@ -37,6 +37,7 @@ umask 0022
 readonly _indent="$(librelib chroot/indent)"
 readonly INCHROOT=$([[ -f /.arch-chroot ]] && echo true || echo false)
 NONET=true # can be changed with the -N flag
+ROSTARTDIR=true # can be changed with the -W flag
 # {PKG,SRC,SRCPKG,LOG}DEST set at runtime by makepkg.conf
 # MAKEFLAGS, PACKAGER set at runtime by makepkg.conf
 # LIBREUSER, LIBREHOME are set by conf.sh
@@ -125,11 +126,19 @@ build() (
 	local run_ynet=()
 	local run_nnet=()
 	if $INCHROOT; then
-		local _run=(sh -c "cd ${startdir@Q} && \$@" --)
+		if $ROSTARTDIR; then
+			local _run=(sh -c "mount --bind -o ro -- ${startdir@Q} ${startdir@Q} && cd ${startdir@Q} && \$@" --)
+		else
+			local _run=(sh -c "cd ${startdir@Q} && \$@" --)
+		fi
 		run_ynet=(unshare --mount       -- "${_run[@]}")
 		run_nnet=(unshare --mount --net -- "${_run[@]}")
 	else
-		librechroot_flags+=(-w "$startdir:/startdir")
+		if $ROSTARTDIR; then
+			librechroot_flags+=(-r "$startdir:/startdir")
+		else
+			librechroot_flags+=(-w "$startdir:/startdir")
+		fi
 		run_ynet=(librechroot "${librechroot_flags[@]}"    run)
 		run_nnet=(librechroot "${librechroot_flags[@]}" -N run)
 	fi
@@ -182,6 +191,10 @@ usage() {
 	                             build(), and package().  PLEASE don't use
 	                             this unless you have a special reason, its
 	                             use is a violation of Parabola policy." \
+	     '-W'                   "Don't make the startdir read-only.  PLEASE
+	                             don't use this unless you have a special
+	                             reason, its use is a violation of Parabola
+	                             policy." \
 	     '-R'                   'Repackage contents of the package without
 	                             rebuilding' \
 	     "-S <$(_ SRCPKGFILE)>" 'Use an existing --allsource source-package' \
@@ -204,7 +217,7 @@ main() {
 	local srcpkg=''
 
 	# Parse command line options ###########################################
-	while getopts 'n:l:w:r:NRS:h' flag ; do
+	while getopts 'n:l:w:r:NWRS:h' flag ; do
 		case "${flag}" in
 			n) if $INCHROOT; then err_chflag "$flag"; else
 				chroot=$OPTARG; fi;;
@@ -213,6 +226,7 @@ main() {
 			w|r) if $INCHROOT; then err_chflag "$flag"; else
 				librechroot_flags+=(-$flag "$OPTARG"); fi;;
 			N) NONET=false;;
+			W) ROSTARTDIR=false;;
 			R) repack=true; makepkg_args+=(-R);;
 			S) srcpkg=$OPTARG;;
 			h) usage; exit $EXIT_SUCCESS;;
diff --git a/test/cases/libremakepkg.bats b/test/cases/libremakepkg.bats
index fa8aee3..34db6e3 100644
--- a/test/cases/libremakepkg.bats
+++ b/test/cases/libremakepkg.bats
@@ -244,6 +244,17 @@ teardown() {
 	diff -u fixtures/libremakepkg/PKGBUILD-pkgver "$tmpdir/PKGBUILD"
 }
 
+@test "libremakepkg has a flag to make startdir rw" {
+	require network sudo || skip
+	cp fixtures/libremakepkg/PKGBUILD-rwstartdir "$tmpdir/PKGBUILD"
+	cd "$tmpdir"
+
+	not testsudo libremakepkg -l "$BATS_TEST_NAME"
+	not globfile libretools-rwstartdir-1.0-1-any.pkg.tar?(.!(sig|*.*))
+	testsudo libremakepkg -l "$BATS_TEST_NAME" -W
+	globfile libretools-rwstartdir-1.0-1-any.pkg.tar?(.!(sig|*.*))
+}
+
 @test "libremakepkg can re-use source-packages" {
 	require network sudo || skip
 
diff --git a/test/fixtures/libremakepkg/PKGBUILD-rwstartdir b/test/fixtures/libremakepkg/PKGBUILD-rwstartdir
new file mode 100644
index 0000000..feadfa0
--- /dev/null
+++ b/test/fixtures/libremakepkg/PKGBUILD-rwstartdir
@@ -0,0 +1,15 @@
+pkgname='libretools-rwstartdir'
+pkgver=1.0
+license=('GPL')
+url='https://parabola.nu'
+
+pkgrel=1
+arch=(any)
+
+build() {
+	echo foo >"$startdir/file"
+}
+
+package() {
+	install -Dm644 "$startdir/file" "$pkgdir/etc/file"
+}
author	Luke T. Shumaker <lukeshu@parabola.nu>	2024-02-20 23:46:59 -0700
committer	Luke T. Shumaker <lukeshu@parabola.nu>	2024-02-21 10:17:52 -0700
commit	63d3993a320ee03c20da05d0e04ddbd3cc800335 (patch)
tree	7be4a7f3ff29d34f43f9fe0116282d61b5fb9009
parent	9a0328490c2ea30d0eda470cb4da8da0030c96e9 (diff)