From a92319703224e6873357e2c87055726004749cc5 2017-08-20 21:12:16
From: Petter Reinholdtsen <pere@hungry.com>
Date: 2017-08-20 21:12:16
Subject: [PATCH] Introduce as_nobody() function to make it easier to control how it is done.

This is useful when using libpam-tmpdir to replace the environment to
avoid non-working paths in chroot.

---

diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh
index 919cea8..b4d2e70 100644
--- a/bootstrap.d/13-kernel.sh
+++ b/bootstrap.d/13-kernel.sh
@@ -21,10 +21,10 @@ if [ "$BUILD_KERNEL" = true ] ; then
     fi
   else # KERNELSRC_DIR=""
     # Create temporary directory for kernel sources
-    temp_dir=$(sudo -u nobody mktemp -d)
+    temp_dir=$(as_nobody mktemp -d)
 
     # Fetch current RPi2/3 kernel sources
-    sudo -u nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}"
+    as_nobody git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}"
 
     # Copy downloaded kernel sources
     mv "${temp_dir}/linux" "${R}/usr/src/"
diff --git a/bootstrap.d/15-rpi-config.sh b/bootstrap.d/15-rpi-config.sh
index 37834cd..0c2368a 100644
--- a/bootstrap.d/15-rpi-config.sh
+++ b/bootstrap.d/15-rpi-config.sh
@@ -17,16 +17,16 @@ if [ "$BUILD_KERNEL" = true ] ; then
     cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf
   else
     # Create temporary directory for boot binaries
-    temp_dir=$(sudo -u nobody mktemp -d)
+    temp_dir=$(as_nobody mktemp -d)
 
     # Install latest boot binaries from raspberry/firmware github
-    sudo -u nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
-    sudo -u nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
-    sudo -u nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
-    sudo -u nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
-    sudo -u nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
-    sudo -u nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
-    sudo -u nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
+    as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
+    as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
+    as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
+    as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
+    as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
+    as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
+    as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
 
     # Move downloaded boot binaries
     mv "${temp_dir}/"* "${BOOT_DIR}/"
diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh
index bd3ce0a..673b2d5 100644
--- a/bootstrap.d/20-networking.sh
+++ b/bootstrap.d/20-networking.sh
@@ -89,11 +89,11 @@ if [ "$ENABLE_WIRELESS" = true ] ; then
   fi
 
   # Create temporary directory for firmware binary blob
-  temp_dir=$(sudo -u nobody mktemp -d)
+  temp_dir=$(as_nobody mktemp -d)
 
   # Fetch firmware binary blob
-  sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
-  sudo -u nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
+  as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
+  as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
 
   # Move downloaded firmware binary blob
   mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
diff --git a/bootstrap.d/41-uboot.sh b/bootstrap.d/41-uboot.sh
index 68198ec..cd9e67b 100644
--- a/bootstrap.d/41-uboot.sh
+++ b/bootstrap.d/41-uboot.sh
@@ -16,10 +16,10 @@ if [ "$ENABLE_UBOOT" = true ] ; then
     cp -r "${UBOOTSRC_DIR}" "${R}/tmp"
   else
     # Create temporary directory for U-Boot sources
-    temp_dir=$(sudo -u nobody mktemp -d)
+    temp_dir=$(as_nobody mktemp -d)
 
     # Fetch U-Boot sources
-    sudo -u nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
+    as_nobody git -C "${temp_dir}" clone "${UBOOT_URL}"
 
     # Copy downloaded U-Boot sources
     mv "${temp_dir}/u-boot" "${R}/tmp/"
diff --git a/bootstrap.d/42-fbturbo.sh b/bootstrap.d/42-fbturbo.sh
index 0e8b064..ae65126 100644
--- a/bootstrap.d/42-fbturbo.sh
+++ b/bootstrap.d/42-fbturbo.sh
@@ -15,10 +15,10 @@ if [ "$ENABLE_FBTURBO" = true ] ; then
     cp -r "${FBTURBOSRC_DIR}" "${R}/tmp"
   else
     # Create temporary directory for fbturbo sources
-    temp_dir=$(sudo -u nobody mktemp -d)
+    temp_dir=$(as_nobody mktemp -d)
 
     # Fetch fbturbo sources
-    sudo -u nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
+    as_nobody git -C "${temp_dir}" clone "${FBTURBO_URL}"
 
     # Move downloaded fbturbo sources
     mv "${temp_dir}/xf86-video-fbturbo" "${R}/tmp/"
diff --git a/functions.sh b/functions.sh
index 52f9c35..64b5108 100644
--- a/functions.sh
+++ b/functions.sh
@@ -33,6 +33,11 @@ chroot_exec() {
   LANG=C LC_ALL=C DEBIAN_FRONTEND=noninteractive chroot ${R} $*
 }
 
+as_nobody() {
+  # Exec command as user nobody
+  sudo -u nobody LANG=C LC_ALL=C $*
+}
+
 install_readonly() {
   # Install file with user read-only permissions
   install -o root -g root -m 644 $*