From f8ba662779476396f7bf58e213c5995a8f104266 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 19 Oct 2007 13:45:48 +0000
Subject: * Emit an error if we cannot create working devices or executables on
 the   target (based on work by Bastian Kleineidam; closes: #233798).

r49822
---
 debian/changelog |  2 ++
 debootstrap      |  7 +++++++
 functions        | 31 +++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 158f7d8..2ce7fa8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,6 +12,8 @@ debootstrap (1.0.4) UNRELEASED; urgency=low
   * Add support for ssh:/// URLs (thanks, Steffen Joeris; closes: #434893).
   * Fix Ubuntu hoary and breezy scripts to unmount /dev etc. on exit
     (closes: #327708).
+  * Emit an error if we cannot create working devices or executables on the
+    target (based on work by Bastian Kleineidam; closes: #233798).
 
  -- Otavio Salvador <otavio@debian.org>  Tue, 16 Oct 2007 16:47:55 -0200
 
diff --git a/debootstrap b/debootstrap
index 7d1bb5a..aa02dca 100755
--- a/debootstrap
+++ b/debootstrap
@@ -351,6 +351,13 @@ fi
 
 ###########################################################################
 
+# Ensure that we can create working devices and executables on the target.
+if ! check_sane_mount "$TARGET"; then
+  error 1 NOEXEC "Cannot install into target '$TARGET' mounted with noexec or nodev"
+fi
+
+###########################################################################
+
 if [ "$UNPACK_TARBALL" ]; then
   if [ "${UNPACK_TARBALL#/}" = "$UNPACK_TARBALL" ]; then
     error 1 TARPATH "Tarball must be given a complete path"
diff --git a/functions b/functions
index 980e0d5..4fbe29f 100644
--- a/functions
+++ b/functions
@@ -989,6 +989,37 @@ resolve_deps () {
 
 ################################################################### helpers
 
+# Return zero if it is possible to create devices and execute programs in
+# this directory. (Both may be forbidden by mount options, e.g. nodev and
+# noexec respectively.)
+check_sane_mount () {
+  case "$ARCH" in
+    kfreebsd-*|hurd-*)
+    ;;
+    *)
+      mknod "$1/test-dev-null" c 1 3 || return 1
+      if ! echo test > "$1/test-dev-null"; then
+        rm -f "$1/test-dev-null"
+        return 1
+      fi
+      rm -f "$1/test-dev-null"
+      ;;
+  esac
+
+  cat > "$1/test-exec" <<EOF
+#! /bin/sh
+:
+EOF
+  chmod +x "$1/test-exec"
+  if ! "$1/test-exec"; then
+    rm -f "$1/test-exec"
+    return 1
+  fi
+  rm -f "$1/test-exec"
+
+  return 0
+}
+
 read_gpg_status () {
   badsig=
   unkkey=
-- 
cgit v0.12