fix: libremakepkg: Have startdir be RO unless the -W flag is passed to make it RW

A key aspect of libremakepkg is that it tries to be strict about many
things, in order to catch issues.

One issue is that sources are downloaded during build(), meaning that
they're missing from the .src.pkg.tar sourceball.  So, by default
libremakepkg runs build() with networking disabled, to catch this
issue.  If there is a problematic package, we have an -N flag to
enable networking, as an escape hatch; as we only have finite packager
time/effort.

One issue is when a package can't be rebuilt from the .src.pkg.tar
sourceball.  If the PKGBUILD modifies itself, then it won't match
what's in the sourceball.  This is what the
libremakepkg.bats:"libremakepkg does not run pkgver" test demonstrates
and tests-for; this failing demonstration testcase was added in
044b4e1 (test: libremakepkg: Add some failing tests [ci-skip],
2018-07-31, Luke Shumaker <lukeshu@lukeshu.com>).  We solved by
mounting the $startdir read-only in 646ac02 (libremakepkg,chcleanup:
Be stricter about network access, 2018-08-03, Luke Shumaker
<lukeshu@lukeshu.com>).  However, it turns out that this caused issues
for a few packages.  So, this protection was reverted in a6f6ac4
(libremakepkg: fix building packages requring a rw startdir,
2019-05-17, Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>).  This
is bad, it potentially lets many issues slip through undetected.
Instead, handle it like we do networking: Have the protection on by
default, say "PLEASE don't turn this off", but recognize the increased
cost in time and efforts and so provide the `-W` flag as an escape
hatch.

1 files changed, 18 insertions, 4 deletions

diff --git a/src/chroot-tools/libremakepkg b/src/chroot-tools/libremakepkg
index 957e20b..d3dd160 100755
--- a/src/chroot-tools/libremakepkg
+++ b/src/chroot-tools/libremakepkg
@@ -5,7 +5,7 @@ set -euE
 # Copyright (C) 2010-2012 Nicolás Reynolds <fauno@parabola.nu>
 # Copyright (C) 2010-2012 Joshua Ismael Haase Hernández (xihh) <hahj87@gmail.com>
 # Copyright (C) 2012 Michał Masłowski <mtjm@mtjm.eu>
-# Copyright (C) 2012-2015, 2017-2018 Luke Shumaker <lukeshu@parabola.nu>
+# Copyright (C) 2012-2015, 2017-2018, 2024 Luke Shumaker <lukeshu@parabola.nu>
 # Copyright (C) 2019, 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
 #
 # License: GNU GPLv2+
@@ -37,6 +37,7 @@ umask 0022
 readonly _indent="$(librelib chroot/indent)"
 readonly INCHROOT=$([[ -f /.arch-chroot ]] && echo true || echo false)
 NONET=true # can be changed with the -N flag
+ROSTARTDIR=true # can be changed with the -W flag
 # {PKG,SRC,SRCPKG,LOG}DEST set at runtime by makepkg.conf
 # MAKEFLAGS, PACKAGER set at runtime by makepkg.conf
 # LIBREUSER, LIBREHOME are set by conf.sh
@@ -125,11 +126,19 @@ build() (
 	local run_ynet=()
 	local run_nnet=()
 	if $INCHROOT; then
-		local _run=(sh -c "cd ${startdir@Q} && \$@" --)
+		if $ROSTARTDIR; then
+			local _run=(sh -c "mount --bind -o ro -- ${startdir@Q} ${startdir@Q} && cd ${startdir@Q} && \$@" --)
+		else
+			local _run=(sh -c "cd ${startdir@Q} && \$@" --)
+		fi
 		run_ynet=(unshare --mount       -- "${_run[@]}")
 		run_nnet=(unshare --mount --net -- "${_run[@]}")
 	else
-		librechroot_flags+=(-w "$startdir:/startdir")
+		if $ROSTARTDIR; then
+			librechroot_flags+=(-r "$startdir:/startdir")
+		else
+			librechroot_flags+=(-w "$startdir:/startdir")
+		fi
 		run_ynet=(librechroot "${librechroot_flags[@]}"    run)
 		run_nnet=(librechroot "${librechroot_flags[@]}" -N run)
 	fi
@@ -182,6 +191,10 @@ usage() {
 	                             build(), and package().  PLEASE don't use
 	                             this unless you have a special reason, its
 	                             use is a violation of Parabola policy." \
+	     '-W'                   "Don't make the startdir read-only.  PLEASE
+	                             don't use this unless you have a special
+	                             reason, its use is a violation of Parabola
+	                             policy." \
 	     '-R'                   'Repackage contents of the package without
 	                             rebuilding' \
 	     "-S <$(_ SRCPKGFILE)>" 'Use an existing --allsource source-package' \
@@ -204,7 +217,7 @@ main() {
 	local srcpkg=''
 
 	# Parse command line options ###########################################
-	while getopts 'n:l:w:r:NRS:h' flag ; do
+	while getopts 'n:l:w:r:NWRS:h' flag ; do
 		case "${flag}" in
 			n) if $INCHROOT; then err_chflag "$flag"; else
 				chroot=$OPTARG; fi;;
@@ -213,6 +226,7 @@ main() {
 			w|r) if $INCHROOT; then err_chflag "$flag"; else
 				librechroot_flags+=(-$flag "$OPTARG"); fi;;
 			N) NONET=false;;
+			W) ROSTARTDIR=false;;
 			R) repack=true; makepkg_args+=(-R);;
 			S) srcpkg=$OPTARG;;
 			h) usage; exit $EXIT_SUCCESS;;