build: actually mount source dir read-only

stapelberg · stapelberg · commit a0041ffcb523 · 2020-02-13T21:14:57.000+01:00
From https://unix.stackexchange.com/a/128388/181634: To achieve the desired result one needs to run two commands […]: mount SRC DST -o bind mount DST -o remount,ro,bind
diff --git a/cmd/distri/build.go b/cmd/distri/build.go
@@ -1249,6 +1249,9 @@ func (b *buildctx) build() (*pb.Meta, error) {
 			if err := syscall.Mount(b.SourceDir, src, "none", syscall.MS_BIND|syscall.MS_RDONLY, ""); err != nil {
 				return nil, xerrors.Errorf("bind mount %s %s: %v", b.SourceDir, src, err)
 			}
+			if err := syscall.Mount("", src, "", syscall.MS_REMOUNT|syscall.MS_BIND|syscall.MS_RDONLY, ""); err != nil {
+				return nil, xerrors.Errorf("bind remount read-only %s %s: %v", b.SourceDir, src, err)
+			}
 			b.SourceDir = strings.TrimPrefix(src, b.ChrootDir)
 
 			wrappersSrc := filepath.Join(b.PkgDir, "wrappers")
diff --git a/cmd/distri/buildcmake.go b/cmd/distri/buildcmake.go
@@ -8,10 +8,18 @@ import (
 )
 
 func (b *buildctx) buildcmake(opts *pb.CMakeBuilder, env []string) (newSteps []*pb.BuildStep, newEnv []string, _ error) {
-	steps := [][]string{
+	dir := "${DISTRI_SOURCEDIR}"
+	var steps [][]string
+	if opts.GetCopyToBuilddir() {
+		dir = "."
+		steps = [][]string{
+			[]string{"cp", "-T", "-ar", "${DISTRI_SOURCEDIR}/", "."},
+		}
+	}
+	steps = append(steps, [][]string{
 		append([]string{
 			"/bin/cmake",
-			"${DISTRI_SOURCEDIR}",
+			dir,
 			"-DCMAKE_INSTALL_PREFIX:PATH=${DISTRI_PREFIX}",
 			"-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON",
 			"-G", "Ninja",
@@ -25,6 +33,6 @@ func (b *buildctx) buildcmake(opts *pb.CMakeBuilder, env []string) (newSteps []*
 			"-c",
 			"DESTDIR=${DISTRI_DESTDIR} ninja -v -j " + strconv.Itoa(runtime.NumCPU()) + " install",
 		},
-	}
+	}...)
 	return stepsToProto(steps), env, nil
 }
diff --git a/pb/build.pb.go b/pb/build.pb.go
diff --git a/pb/build.proto b/pb/build.proto
@@ -32,6 +32,11 @@ message CMakeBuilder {
   // Additional flag to pass to cmake(1), e.g.:
   // extra_cmake_flag: "-DKICAD_SCRIPTING_WXPYTHON_PHOENIX:BOOL=true"
   repeated string extra_cmake_flag = 1;
+
+  // Enable if this package does not support building from a separate directory
+  // (sometimes called “out-of-tree build”). A bug should be reported with the
+  // package upstream.
+  optional bool copy_to_builddir = 2;
 }
 
 message MesonBuilder {
diff --git a/pkgs/bc/build.textproto b/pkgs/bc/build.textproto
@@ -2,7 +2,9 @@ source: "https://ftp.gnu.org/gnu/bc/bc-1.07.1.tar.gz"
 hash: "62adfca89b0a1c0164c2cdca59ca210c1d44c3ffc46daf9931cf4942664cb02a"
 version: "1.07.1-3"
 
-cbuilder: {}
+cbuilder: {
+  copy_to_builddir: true  # modifies source
+}
 
 # build dependencies:
 dep: "ed"
diff --git a/pkgs/emacs/build.textproto b/pkgs/emacs/build.textproto
@@ -3,6 +3,7 @@ hash: "1cf4fc240cd77c25309d15e18593789c8dbfba5c2b44d8f77c886542300fd32c"
 version: "26.1-11"
 
 cbuilder: {
+  copy_to_builddir: true  # modifies source
   extra_configure_flag: "--with-gnutls=no"  # TODO: why doesn’t configure locate gnutls?
   extra_configure_flag: "--with-x-toolkit=gtk3"
 }
diff --git a/pkgs/gdk-pixbuf/build.textproto b/pkgs/gdk-pixbuf/build.textproto
@@ -29,20 +29,32 @@ build_step: {
 build_step: {
   argv: "/bin/sh"
   argv: "-c"
-  argv: "meson --prefix=${DISTRI_PREFIX} . ${DISTRI_SOURCEDIR} -Dinstalled_tests=false -Dman=false"
+  argv: "cp -T -ar ${DISTRI_SOURCEDIR}/ ."
+}
+
+build_step: {
+  argv: "/bin/sh"
+  argv: "-c"
+  argv: "mkdir build"
+}
+
+build_step: {
+  argv: "/bin/sh"
+  argv: "-c"
+  argv: "meson --prefix=${DISTRI_PREFIX} build . -Dinstalled_tests=false -Dman=false"
 }
 
 # kludge: the LD_LIBRARY_PATH change is required because we patched rpath handling out of meson.
 build_step: {
   argv: "/bin/sh"
   argv: "-c"
-  argv: "LD_LIBRARY_PATH=$PWD/gdk-pixbuf:$PWD/gobject:$PWD/glib:$LD_LIBRARY_PATH ninja -j ${DISTRI_JOBS} -v"
+  argv: "(cd build && LD_LIBRARY_PATH=$PWD/gdk-pixbuf:$PWD/gobject:$PWD/glib:$LD_LIBRARY_PATH ninja -j ${DISTRI_JOBS} -v)"
 }
 
 build_step: {
   argv: "/bin/sh"
   argv: "-c"
-  argv: "DESTDIR=${DISTRI_DESTDIR} ninja -j ${DISTRI_JOBS} -v install"
+  argv: "(cd build && DESTDIR=${DISTRI_DESTDIR} ninja -j ${DISTRI_JOBS} -v install)"
 }
 
 build_step: {
diff --git a/pkgs/glew/build.textproto b/pkgs/glew/build.textproto
@@ -12,9 +12,15 @@ dep: "libglvnd"
 
 # Debian/Ubuntu/Mint:    `$ sudo apt-get install build-essential libxmu-dev libxi-dev libgl-dev libosmesa-dev`
 
+build_step: {
+  argv: "/bin/sh"
+  argv: "-c"
+  argv: "cp -T -ar ${DISTRI_SOURCEDIR}/ ."
+}
+
 build_step: {
   argv: "/bin/cmake"
-  argv: "${DISTRI_SOURCEDIR}/build/cmake"
+  argv: "build/cmake"
   argv: "-DCMAKE_INSTALL_PREFIX:PATH=${DISTRI_PREFIX}"
   argv: "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON"
   argv: "-DOPENGL_opengl_LIBRARY=/ro/${DISTRI_RESOLVE:libglvnd}/out/lib/libOpenGL.so"
diff --git a/pkgs/groff/build.textproto b/pkgs/groff/build.textproto
@@ -8,7 +8,13 @@ cbuilder: {}
 dep: "perl"
 
 build_step: {
-  argv: "${DISTRI_SOURCEDIR}/configure"
+  argv: "/bin/sh"
+  argv: "-c"
+  argv: "cp -T -ar ${DISTRI_SOURCEDIR}/ ."
+}
+
+build_step: {
+  argv: "./configure"
   argv: "--prefix=${DISTRI_PREFIX}"
 }
 
diff --git a/pkgs/json-c/build.textproto b/pkgs/json-c/build.textproto
@@ -2,7 +2,9 @@ source: "https://s3.amazonaws.com/json-c_releases/releases/json-c-0.13.1.tar.gz"
 hash: "b87e608d4d3f7bfdd36ef78d56d53c74e66ab278d318b71e6002a369d36f4873"
 version: "0.13.1-4"
 
-cbuilder: {}
+cbuilder: {
+  copy_to_builddir: true  # modifies source
+}
 
 # build dependencies:
 dep: "autoconf"
diff --git a/pkgs/kicad/build.textproto b/pkgs/kicad/build.textproto
@@ -6,6 +6,7 @@ cherry_pick: "cmake.patch"
 cherry_pick: "cmakewxwidgets.patch"
 
 cmakebuilder: {
+  copy_to_builddir: true  # modifies source
   extra_cmake_flag: "-DOPENGL_gl_LIBRARY=/ro/${DISTRI_RESOLVE:mesa}/out/lib"
   extra_cmake_flag: "-DOPENGL_glu_LIBRARY=/ro/${DISTRI_RESOLVE:glu}/out/lib"
   extra_cmake_flag: "-DGLEW_LIBRARY=/ro/${DISTRI_RESOLVE:glew}/out/lib64"
diff --git a/pkgs/libcap/build.textproto b/pkgs/libcap/build.textproto
@@ -2,22 +2,28 @@ source: "https://mirrors.edge.kernel.org/pub/linux/libs/security/linux-privs/lib
 hash: "693c8ac51e983ee678205571ef272439d83afe62dd8e424ea14ad9790bc35162"
 version: "2.25-3"
 
-cbuilder: {}
+cbuilder: {
+  copy_to_builddir: true  # modifies source
+}
 
 # build dependencies:
 dep: "perl"
 dep: "gperf"  # NOTE that libcap fails silently without gperf :(
 
+build_step: {
+  argv: "/bin/sh"
+  argv: "-c"
+  argv: "cp -T -ar ${DISTRI_SOURCEDIR}/ ."
+}
+
 build_step: {
   argv: "make"
-  argv: "-C"
-  argv: "${DISTRI_SOURCEDIR}"
   argv: "-j${DISTRI_JOBS}"
   argv: "prefix=${DISTRI_PREFIX}"
 }
 
 build_step: {
   argv: "/bin/sh"
   argv: "-c"
-  argv: "DESTDIR=${DISTRI_DESTDIR} make -C ${DISTRI_SOURCEDIR} install prefix=${DISTRI_PREFIX} lib=lib RAISE_SETFCAP=no"
+  argv: "DESTDIR=${DISTRI_DESTDIR} make install prefix=${DISTRI_PREFIX} lib=lib RAISE_SETFCAP=no"
 }
diff --git a/pkgs/linux-i686/build.textproto b/pkgs/linux-i686/build.textproto
@@ -18,18 +18,20 @@ dep: "perl"
 dep: "gzip"
 dep: "kmod"
 
+build_step: {
+  argv: "/bin/sh"
+  argv: "-c"
+  argv: "cp -T -ar ${DISTRI_SOURCEDIR}/ ."
+}
+
 build_step: {
   argv: "make"
-  argv: "-C"
-  argv: "${DISTRI_SOURCEDIR}"
   argv: "olddefconfig"
   argv: "ARCH=i386"
 }
 
 build_step: {
   argv: "make"
-  argv: "-C"
-  argv: "${DISTRI_SOURCEDIR}"
   argv: "headers_install"
   argv: "INSTALL_HDR_PATH=${DISTRI_DESTDIR}/${DISTRI_PREFIX}"
   argv: "ARCH=i386"
diff --git a/pkgs/linux/build.textproto b/pkgs/linux/build.textproto
diff --git a/pkgs/wxwidgets/build.textproto b/pkgs/wxwidgets/build.textproto

Original file line number	Diff line number	Diff line change
`@@ -1249,6 +1249,9 @@ func (b buildctx) build() (pb.Meta, error) {`
`1249`	`1249`	`if err := syscall.Mount(b.SourceDir, src, "none", syscall.MS_BIND\|syscall.MS_RDONLY, ""); err != nil {`
`1250`	`1250`	`return nil, xerrors.Errorf("bind mount %s %s: %v", b.SourceDir, src, err)`
`1251`	`1251`	`}`
	`1252`	`+ if err := syscall.Mount("", src, "", syscall.MS_REMOUNT\|syscall.MS_BIND\|syscall.MS_RDONLY, ""); err != nil {`
	`1253`	`+ return nil, xerrors.Errorf("bind remount read-only %s %s: %v", b.SourceDir, src, err)`
	`1254`	`+ }`
`1252`	`1255`	`b.SourceDir = strings.TrimPrefix(src, b.ChrootDir)`
`1253`	`1256`
`1254`	`1257`	`wrappersSrc := filepath.Join(b.PkgDir, "wrappers")`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ hash: "1cf4fc240cd77c25309d15e18593789c8dbfba5c2b44d8f77c886542300fd32c"`
`3`	`3`	`version: "26.1-11"`
`4`	`4`
`5`	`5`	`cbuilder: {`
	`6`	`+ copy_to_builddir: true # modifies source`
`6`	`7`	`extra_configure_flag: "--with-gnutls=no" # TODO: why doesn’t configure locate gnutls?`
`7`	`8`	`extra_configure_flag: "--with-x-toolkit=gtk3"`
`8`	`9`	`}`