unshare: mount proc differently depending on root privileges

2026-03-19 10:37:36 +01:00
5 changed files with 11 additions and 123 deletions
--- a/quirks.yml
+++ b/quirks.yml
@@ -12,8 +12,3 @@ quirks:
  #       - another-dependency
  #     parameters:
  #       key: value
-
-  linux-riscv:
-     deb:
-       package_directory:
-         - linux-main
--- a/src/deb/ephemeral.rs
+++ b/src/deb/ephemeral.rs
@@ -352,18 +352,6 @@ impl Drop for EphemeralContextGuard {
            // Check if we're running as root to avoid unnecessary sudo
            let is_root = crate::utils::root::is_root().unwrap_or(false);

-            // Unmount /proc from chroot before removing (ignore errors)
-            let proc_path = self.chroot_path.join("proc");
-            let _ = if is_root {
-                self.base_ctx.command("umount").arg(&proc_path).status()
-            } else {
-                self.base_ctx
-                    .command("sudo")
-                    .arg("umount")
-                    .arg(&proc_path)
-                    .status()
-            };
-
            let result = if is_root {
                self.base_ctx
                    .command("rm")
--- a/src/deb/local.rs
+++ b/src/deb/local.rs
@@ -178,7 +178,17 @@ pub async fn build(

    // Install injected packages if specified
    if let Some(packages) = inject_packages {
-        install_injected_packages(packages, &env, ctx.clone())?;
+        log::info!("Installing injected packages: {:?}", packages);
+        let mut cmd = ctx.command("apt-get");
+        cmd.envs(env.clone())
+            .arg("-y")
+            .arg("--allow-downgrades")
+            .arg("install")
+            .args(packages);
+        let status = cmd.status()?;
+        if !status.success() {
+            return Err(format!("Could not install injected packages: {:?}", packages).into());
+        }
    }

    // Install arch-specific build dependencies
@@ -246,59 +256,6 @@ pub async fn build(
    Ok(())
 }

-fn install_injected_packages(
-    packages: &[&str],
-    env: &HashMap<String, String>,
-    ctx: Arc<Context>,
-) -> Result<(), Box<dyn Error>> {
-    log::info!("Installing injected packages: {:?}", packages);
-
-    // Separate .deb files from package names
-    let mut deb_files: Vec<String> = Vec::new();
-    let mut package_names: Vec<&str> = Vec::new();
-
-    for pkg in packages {
-        // Check if it's a .deb file path (ends with .deb and exists as a file)
-        let pkg_path = Path::new(pkg);
-        if pkg.ends_with(".deb") && pkg_path.exists() {
-            // Copy the .deb file into the build context
-            let dest_root = ctx.create_temp_dir()?;
-            let chroot_path = ctx.ensure_available(pkg_path, &dest_root)?;
-            log::debug!(
-                "Copied .deb file '{}' to chroot path '{}'",
-                pkg,
-                chroot_path.display()
-            );
-            deb_files.push(chroot_path.to_string_lossy().to_string());
-        } else {
-            package_names.push(pkg);
-        }
-    }
-
-    // Install .deb files
-    if !deb_files.is_empty() || !package_names.is_empty() {
-        log::info!("Installing .deb files: {:?}", deb_files);
-        let mut cmd = ctx.command("apt-get");
-        cmd.envs(env.clone())
-            .arg("-y")
-            .arg("--allow-downgrades")
-            .arg("install");
-        // Add the .deb file paths with ./ prefix for apt to recognize them as local files
-        for deb_path in &deb_files {
-            cmd.arg(format!("./{}", deb_path.trim_start_matches('/')));
-        }
-        if !package_names.is_empty() {
-            cmd.args(&package_names);
-        }
-        let status = cmd.status()?;
-        if !status.success() {
-            return Err(format!("Could not install injected packages: {:?}", deb_files).into());
-        }
-    }
-
-    Ok(())
-}
-
 fn dose3_explain_dependencies(
    package: &str,
    version: &str,
--- a/src/deb/mod.rs
+++ b/src/deb/mod.rs
@@ -142,26 +142,12 @@ pub async fn build_binary_package(
 /// Find the current package directory by trying both patterns:
 /// - package/package
 /// - package/package-origversion
-/// - custom directories from quirks configuration
 pub(crate) fn find_package_directory(
    parent_dir: &Path,
    package: &str,
    version: &str,
    ctx: &context::Context,
 ) -> Result<PathBuf, Box<dyn Error>> {
-    // Check quirks first for custom package directories
-    let custom_dirs = crate::quirks::get_package_directories(package);
-    for custom_dir in custom_dirs {
-        let package_dir = parent_dir.join(&custom_dir);
-        if ctx.exists(&package_dir)? && ctx.exists(&package_dir.join("debian"))? {
-            log::debug!(
-                "Found package directory via quirks: {}",
-                package_dir.display()
-            );
-            return Ok(package_dir);
-        }
-    }
-
    // Try package/package pattern first
    let package_dir = parent_dir.join(package).join(package);
    if ctx.exists(&package_dir)? && ctx.exists(&package_dir.join("debian"))? {
@@ -358,10 +344,6 @@ mod tests {
    /// It is important to ensure that pkh can cross-compile linux-riscv, as
    /// for risc-v hardware is still rare and cross-compilation is necessary
    /// to debug and test
-    /// NOTE: Ideally, we want to run this in CI, but it takes more than 1h
-    /// to fully build the linux-riscv package on an amd64 builder, which is too
-    /// much time
-    #[ignore]
    #[tokio::test]
    #[test_log::test]
    #[cfg(target_arch = "x86_64")]
--- a/src/quirks.rs
+++ b/src/quirks.rs
@@ -17,12 +17,6 @@ pub struct OperationQuirks {
    /// Additional parameters for the operation
    #[serde(default)]
    pub parameters: HashMap<String, serde_yaml::Value>,
-
-    /// Custom package directories to try when looking for the package source
-    /// This is useful for packages that don't follow the standard naming conventions
-    /// like linux packages that use directories like "linux-main" or other custom names
-    #[serde(default)]
-    pub package_directory: Vec<String>,
 }

 /// Quirks for a specific package
@@ -81,31 +75,3 @@ pub fn get_deb_extra_dependencies(package: &str) -> Vec<String> {

    Vec::new()
 }
-
-/// Get package directories from quirks configuration
-///
-/// This function returns the list of custom package directories to try
-/// when looking for the package source directory.
-///
-/// # Arguments
-/// * `package` - The package name
-///
-/// # Returns
-/// * `Vec<String>` - List of package directories to try, or empty vector if none
-pub fn get_package_directories(package: &str) -> Vec<String> {
-    if let Some(quirks) = get_package_quirks(&QUIRKS_DATA, package) {
-        // Check deb quirks first, then pull quirks
-        if let Some(deb_quirks) = &quirks.deb
-            && !deb_quirks.package_directory.is_empty()
-        {
-            return deb_quirks.package_directory.clone();
-        }
-        if let Some(pull_quirks) = &quirks.pull
-            && !pull_quirks.package_directory.is_empty()
-        {
-            return pull_quirks.package_directory.clone();
-        }
-    }
-
-    Vec::new()
-}