enter_chroot: Only mount SSH auth socket when we need to.

enter_chroot.sh

 #!/bin/bash
 
 # Copyright (c) 2009 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 # Script to enter the chroot environment
 
 # --- BEGIN COMMON.SH BOILERPLATE ---
 # Load common CrOS utilities.  Inside the chroot this file is installed in
@@ skipping 55 matching lines @@
 the command nor args should include single quotes.  For example:
 
     $0 -- ./build_platform_packages.sh
 
 Otherwise, provides an interactive shell.
 "
 
 # Version of info from common.sh that only echos if --verbose is set.
 function debug {
   if [ $FLAGS_verbose -eq $FLAGS_TRUE ]; then
-    info "$1"
+    info "$*"
   fi
 }
 
 # Double up on the first '--' argument.  Why?  For enter_chroot, we want to
 # emulate the behavior of sudo for setting environment vars.  That is, we want:
 #   ./enter_chroot [flags] [VAR=val] [-- command]
 # ...but shflags ends up eating the '--' out of the command line and gives
 # us back "VAR=val" and "command" together in one chunk.  By doubling up, we
 # end up getting what we want back from shflags.
 #
@@ skipping 38 matching lines @@
 CHROME_ROOT_CONFIG="/var/cache/chrome_root"  # inside chroot
 INNER_DEPOT_TOOLS_ROOT="/home/$USER/depot_tools"  # inside chroot
 FUSE_DEVICE="/dev/fuse"
 AUTOMOUNT_PREF="/apps/nautilus/preferences/media_automount"
 SAVED_AUTOMOUNT_PREF_FILE="/tmp/.automount_pref"
 
 sudo chmod 0777 "$FLAGS_chroot/var/lock"
 
 LOCKFILE="$FLAGS_chroot/var/lock/enter_chroot"
 
+
+function ensure_mounted {
+  # If necessary, mount $source in the host FS at $target inside the
+  # chroot directory with $mount_args.
+  local source="$1"
+  local mount_args="$2"
+  local target="$3"
+
+  local mounted_path="$(readlink -f "${FLAGS_chroot}/$target")"
+
+  if [ -z "$(mount | grep -F "on ${mounted_path} ")" ]; then
+    # NB:  mount_args deliberately left unquoted
+    debug mount ${mount_args} "${source}" "${mounted_path}"
+    sudo -- mount ${mount_args} "${source}" "${mounted_path}" || \
+      die "Could not mount ${source} on ${mounted_path}"
+  fi
+}
+
 function setup_env {
   # Validate sudo timestamp before entering the critical section so that we
   # don't stall for a password while we have the lockfile.
   # Don't use sudo -v since that has issues on machines w/ no password.
   sudo echo "" > /dev/null
 
   (
     flock 200
     echo $$ >> "$LOCKFILE"
 
     debug "Mounting chroot environment."
-
-    # Mount only if not already mounted
-    MOUNTED_PATH="$(readlink -f "$FLAGS_chroot/proc")"
-    if [ -z "$(mount | grep -F "on $MOUNTED_PATH ")" ]; then
-      sudo mount none -t proc "$MOUNTED_PATH" || \
-          die "Could not mount $MOUNTED_PATH"
-    fi
-
-    MOUNTED_PATH="$(readlink -f "$FLAGS_chroot/sys")"
-    if [ -z "$(mount | grep -F "on $MOUNTED_PATH ")" ]; then
-      sudo mount none -t sysfs "$MOUNTED_PATH" || \
-          die "Could not mount $MOUNTED_PATH"
-    fi
-
-    MOUNTED_PATH="$(readlink -f "${FLAGS_chroot}/dev")"
-    if [ -z "$(mount | grep -F "on $MOUNTED_PATH ")" ]; then
-      sudo mount --bind /dev "$MOUNTED_PATH" || \
-          die "Could not mount $MOUNTED_PATH"
-    fi
+    ensure_mounted none "-t proc" /proc
+    ensure_mounted none "-t sysfs" /sys
+    ensure_mounted /dev "--bind" /dev
+    ensure_mounted none "-t devpts" /dev/pts
+    ensure_mounted "${FLAGS_trunk}" "--bind" "${CHROOT_TRUNK_DIR}"
 
     if [ $FLAGS_ssh_agent -eq $FLAGS_TRUE ]; then
       TARGET_DIR="$(readlink -f "${FLAGS_chroot}/home/${USER}/.ssh")"
       if [ -n "${SSH_AUTH_SOCK}" -a -d "${HOME}/.ssh" ]; then
         mkdir -p "${TARGET_DIR}"
         cp -r "${HOME}/.ssh/known_hosts" "${TARGET_DIR}"
         cp -r "${HOME}/.ssh/config" "${TARGET_DIR}"
         ASOCK="$(dirname "${SSH_AUTH_SOCK}")"
-        mkdir -p "${FLAGS_chroot}/${ASOCK}"
-        sudo mount --bind "${ASOCK}" "${FLAGS_chroot}/${ASOCK}" || \
-          die "Count not mount ${ASOCK}"
+        ensure_mounted "${ASOCK}" "--bind" "${ASOCK}"
       fi
     fi
 
-    MOUNTED_PATH="$(readlink -f "${FLAGS_chroot}/dev/pts")"
-    if [ -z "$(mount | grep -F "on $MOUNTED_PATH ")" ]; then
-      sudo mount none -t devpts "$MOUNTED_PATH" || \
-          die "Could not mount $MOUNTED_PATH"
-    fi
-
-    MOUNTED_PATH="$(readlink -f "${FLAGS_chroot}$CHROOT_TRUNK_DIR")"
-    if [ -z "$(mount | grep -F "on $MOUNTED_PATH ")" ]; then
-      sudo mount --bind "$FLAGS_trunk" "$MOUNTED_PATH" || \
-          die "Could not mount $MOUNTED_PATH"
-    fi
-
     MOUNTED_PATH="$(readlink -f "${FLAGS_chroot}${INNER_CHROME_ROOT}")"
     if [ -z "$(mount | grep -F "on $MOUNTED_PATH ")" ]; then
       ! CHROME_ROOT="$(readlink -f "$FLAGS_chrome_root")"
       if [ -z "$CHROME_ROOT" ]; then
         ! CHROME_ROOT="$(cat "${FLAGS_chroot}${CHROME_ROOT_CONFIG}" \
           2>/dev/null)"
         CHROME_ROOT_AUTO=1
       fi
       if [[ ( -n "$CHROME_ROOT" ) ]]; then
         if [[ ( ! -d "${CHROME_ROOT}/src" ) ]]; then
@@ skipping 170 matching lines @@
 # In that case, check against origin/HEAD and mark** revision.
 # Use git:8 chars of sha1
 REVISION=$(cd ${FLAGS_trunk}/src/scripts ; git rev-parse --short=8 HEAD)
 CHROOT_PASSTHRU="CHROMEOS_REVISION=$REVISION BUILDBOT_BUILD=$FLAGS_build_number CHROMEOS_OFFICIAL=$CHROMEOS_OFFICIAL"
 CHROOT_PASSTHRU="${CHROOT_PASSTHRU} \
 CHROMEOS_RELEASE_APPID=${CHROMEOS_RELEASE_APPID:-"{DEV-BUILD}"}"
 CHROOT_PASSTHRU="${CHROOT_PASSTHRU} \
 CHROMEOS_VERSION_TRACK=$CHROMEOS_VERSION_TRACK CHROMEOS_VERSION_AUSERVER=$CHROMEOS_VERSION_AUSERVER CHROMEOS_VERSION_DEVSERVER=$CHROMEOS_VERSION_DEVSERVER"
 
 if [ -d "$HOME/.subversion" ]; then
-  # Bind mounting .subversion into chroot
-  debug "mounting ~/.subversion into chroot"
-  MOUNTED_PATH="$(readlink -f "${FLAGS_chroot}/home/${USER}/.subversion")"
-  if [ -z "$(mount | grep -F "on $MOUNTED_PATH ")" ]; then
-    mkdir -p "$MOUNTED_PATH"
-    sudo mount --bind "$HOME/.subversion" "$MOUNTED_PATH" || \
-      die "Could not mount $MOUNTED_PATH"
-  fi
+  TARGET="/home/${USER}/.subversion"
+  mkdir -p "${FLAGS_chroot}${TARGET}"
+  ensure_mounted "${HOME}/.subversion" "--bind" "${TARGET}"
 fi
 
 # Configure committer username and email in chroot .gitconfig
 if [ $FLAGS_git_config -eq $FLAGS_TRUE ]; then
   git config -f ${FLAGS_chroot}/home/${USER}/.gitconfig --replace-all \
     user.name "$(cd /tmp; git var GIT_COMMITTER_IDENT | sed -e 's/ *<.*//')"
   git config -f ${FLAGS_chroot}/home/${USER}/.gitconfig --replace-all \
     user.email "$(cd /tmp; git var GIT_COMMITTER_IDENT | \
       sed -e 's/.*<\([^>]*\)>.*/\1/')"
 fi
 
 # Run command or interactive shell.  Also include the non-chrooted path to
 # the source trunk for scripts that may need to print it (e.g.
 # build_image.sh).
 sudo -- chroot "$FLAGS_chroot" sudo -i -u $USER $CHROOT_PASSTHRU \
   EXTERNAL_TRUNK_PATH="${FLAGS_trunk}" LANG=C SSH_AGENT_PID="${SSH_AGENT_PID}" \
   SSH_AUTH_SOCK="${SSH_AUTH_SOCK}" "$@"
 
 # Remove trap and explicitly unmount
 trap - EXIT
 teardown_env