harald/VerityBook
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

add --noscripts and --statedir

Browse source
This commit is contained in:
Harald Hoyer 2018-10-18 15:33:32 +02:00
parent 70efa623a6
commit de617c550c
1 changed files with 67 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

79
prepare-root.sh
View file

@ -17,6 +17,8 @@ Creates a directory with a readonly root on squashfs, a dm_verity file and an EF
--gpgkey FILE Use FILE as the signing gpg key --gpgkey FILE Use FILE as the signing gpg key
--reposd DIR Use DIR as the dnf repository directory --reposd DIR Use DIR as the dnf repository directory
--noupdate Do not install from Fedora Updates --noupdate Do not install from Fedora Updates
--noscripts Do not rpm scripts
--statedir DIR Use DIR to preserve state across builds like uid/gid
EOF EOF
} }
@ -37,7 +39,9 @@ TEMP=$(
--long quirks: \ --long quirks: \
--long gpgkey: \ --long gpgkey: \
--long reposd: \ --long reposd: \
--long statedir: \
--long noupdates \ --long noupdates \
--long noscripts \
-- "$@" -- "$@"
) )
@ -98,10 +102,18 @@ while true; do
REPOSD="$2" REPOSD="$2"
shift 2; continue shift 2; continue
;; ;;
'--statedir')
STATEDIR="$2"
shift 2; continue
;;
'--noupdates') '--noupdates')
unset WITH_UPDATES unset WITH_UPDATES
shift 1; continue shift 1; continue
;; ;;
'--noscripts')
NO_SCRIPTS=1
shift 1; continue
;;
'--') '--')
shift shift
break break
@ -120,6 +132,8 @@ VERSION_ID="${RELEASEVER}.$(date -u +'%Y%m%d%H%M%S')"
OUTDIR=${OUTDIR:-"${CURDIR}/${NAME}-${VERSION_ID}"} OUTDIR=${OUTDIR:-"${CURDIR}/${NAME}-${VERSION_ID}"}
GPGKEY=${GPGKEY:-${NAME}.gpg} GPGKEY=${GPGKEY:-${NAME}.gpg}
REPOSD=${REPOSD:-/etc/yum.repos.d} REPOSD=${REPOSD:-/etc/yum.repos.d}
STATEDIR=${STATEDIR:-"${BASEDIR}/${NAME}"}
readonly OLD_SELINUX=$(getenforce) readonly OLD_SELINUX=$(getenforce)
[[ $TMPDIR ]] || TMPDIR=/var/tmp [[ $TMPDIR ]] || TMPDIR=/var/tmp
@ -161,12 +175,15 @@ readonly sysroot="${MY_TMPDIR}/sysroot"
# We need to preserve old uid/gid # We need to preserve old uid/gid
mkdir -p "$sysroot"/etc mkdir -p "$sysroot"/etc
for i in passwd shadow group gshadow subuid subgid; do for i in passwd shadow group gshadow subuid subgid; do
[[ -e "${BASEDIR}/${NAME}/$i" ]] || continue [[ -e "${STATEDIR}/$i" ]] || continue
cp -a "${BASEDIR}/${NAME}/$i" "$sysroot"/etc/"$i" cp -a "${STATEDIR}/$i" "$sysroot"/etc/"$i"
done done
chown -R +0.+0 "$sysroot" chown -R +0.+0 "$sysroot"
chmod 0000 "$sysroot"/etc/{shadow,gshadow} for i in "$sysroot"/etc/{shadow,gshadow}; do
[[ -e "$i" ]] || continue
chmod 0000 "$i"
done
mkdir -p "$sysroot"/{dev,proc,sys,run} mkdir -p "$sysroot"/{dev,proc,sys,run}
mount -o bind /proc "$sysroot/proc" mount -o bind /proc "$sysroot/proc"
@ -177,12 +194,40 @@ mount -t devtmpfs devtmpfs "$sysroot/dev"
mkdir -p "$sysroot"/var/cache/dnf mkdir -p "$sysroot"/var/cache/dnf
mount -o bind /var/cache/dnf "$sysroot"/var/cache/dnf mount -o bind /var/cache/dnf "$sysroot"/var/cache/dnf
if [[ $NO_SCRIPTS ]]; then
mkdir "$sysroot"/usr
mkdir "$sysroot"/usr/bin
mkdir "$sysroot"/usr/sbin
mkdir "$sysroot"/usr/lib
mkdir "$sysroot"/usr/lib/debug
mkdir "$sysroot"/usr/lib/debug/usr/
mkdir "$sysroot"/usr/lib/debug/usr/bin
mkdir "$sysroot"/usr/lib/debug/usr/sbin
mkdir "$sysroot"/usr/lib/debug/usr/lib
mkdir "$sysroot"/usr/lib/debug/usr/lib64
mkdir "$sysroot"/usr/lib64
ln -s usr/bin "$sysroot"/bin
ln -s usr/sbin "$sysroot"/sbin
ln -s usr/lib "$sysroot"/lib
ln -s usr/bin "$sysroot"/usr/lib/debug/bin
ln -s usr/lib "$sysroot"/usr/lib/debug/lib
ln -s usr/lib64 "$sysroot"/usr/lib/debug/lib64
ln -s ../.dwz "$sysroot"/usr/lib/debug/usr/.dwz
ln -s usr/sbin "$sysroot"/usr/lib/debug/sbin
ln -s usr/lib64 "$sysroot"/lib64
mkdir "$sysroot"/run || :
mkdir "$sysroot"/var || :
ln -s ../run "$sysroot"/var/run
ln -s ../run/lock "$sysroot"/var/lock
fi
dnf -v --nogpgcheck \ dnf -v --nogpgcheck \
--installroot "$sysroot"/ \ --installroot "$sysroot"/ \
--releasever "$RELEASEVER" \ --releasever "$RELEASEVER" \
--exclude="$EXCLUDELIST" \ --exclude="$EXCLUDELIST" \
--setopt=keepcache=True \ --setopt=keepcache=True \
--setopt=reposdir="$REPOSD" \ --setopt=reposdir="$REPOSD" \
${NO_SCRIPTS:+ --setopt=tsflags=noscripts} \
install -y \ install -y \
dracut \ dracut \
passwd \ passwd \
@ -242,11 +287,11 @@ done
find "$sysroot" -name '*.rpmnew' -print0 | xargs -0 rm -fv find "$sysroot" -name '*.rpmnew' -print0 | xargs -0 rm -fv
# We need to preserve old uid/gid # We need to preserve old uid/gid
mkdir -p ${BASEDIR}/${NAME} mkdir -p "${STATEDIR}"
for i in passwd shadow group gshadow subuid subgid; do for i in passwd shadow group gshadow subuid subgid; do
cp "$sysroot"/etc/"$i" ${BASEDIR}/${NAME} cp "$sysroot"/etc/"$i" "${STATEDIR}"
chown "$USER" "${BASEDIR}/${NAME}/$i" chown "$USER" "${STATEDIR}/$i"
chmod u+r "${BASEDIR}/${NAME}/$i" chmod u+r "${STATEDIR}/$i"
done done
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -283,6 +328,10 @@ sed -ie 's#\(tpm2_[^ ]*\) #\1 -T device:${TPM2TOOLS_DEVICE_FILE[0]} #g' "$sysroo
# rngd # rngd
ln -fsnr "$sysroot"/usr/lib/systemd/system/rngd.service "$sysroot"/usr/lib/systemd/system/basic.target.wants/rngd.service ln -fsnr "$sysroot"/usr/lib/systemd/system/rngd.service "$sysroot"/usr/lib/systemd/system/basic.target.wants/rngd.service
if [[ $NO_SCRIPTS ]]; then
chroot "$sysroot" depmod -a $KVER
fi
chroot "$sysroot" \ chroot "$sysroot" \
dracut -N --kver $KVER --force \ dracut -N --kver $KVER --force \
--filesystems "squashfs vfat xfs" \ --filesystems "squashfs vfat xfs" \
@ -302,7 +351,11 @@ chroot "$sysroot" \
--install /usr/lib64/libtss2-esys.so.0 \ --install /usr/lib64/libtss2-esys.so.0 \
--install /usr/lib64/libtss2-tcti-device.so.0 \ --install /usr/lib64/libtss2-tcti-device.so.0 \
--install /sbin/rngd \ --install /sbin/rngd \
--install /usr/lib/systemd/system/basic.target.wants/rngd.service --install /usr/lib/systemd/system/basic.target.wants/rngd.service \
--reproducible \
/boot/initrd
#chroot "$sysroot" bash -i
rm "$sysroot"/pre-pivot.sh rm "$sysroot"/pre-pivot.sh
@ -626,10 +679,13 @@ echo 'C /var/mail - - - - -' >> "$sysroot"/usr/lib/tmpfiles.d/var-quirk.conf
mv "$sysroot"/lib/tmpfiles.d-var.conf "$sysroot"/lib/tmpfiles.d/var.conf mv "$sysroot"/lib/tmpfiles.d-var.conf "$sysroot"/lib/tmpfiles.d/var.conf
sed -i -e "s#VERSION_ID=.*#VERSION_ID=$VERSION_ID#" "$sysroot"/etc/os-release if [[ -f "$sysroot"/etc/os-release ]]; then
sed -i -e "s#NAME=.*#NAME=$NAME#" "$sysroot"/etc/os-release sed -i -e "s#VERSION_ID=.*#VERSION_ID=$VERSION_ID#" "$sysroot"/etc/os-release
sed -i -e "s#NAME=.*#NAME=$NAME#" "$sysroot"/etc/os-release
fi
mv -v "$sysroot"/boot/initrd "$MY_TMPDIR"/initrd
mv -v "$sysroot"/boot/*/*/initrd "$MY_TMPDIR"/
cp "$sysroot"/lib/modules/*/vmlinuz "$MY_TMPDIR"/linux cp "$sysroot"/lib/modules/*/vmlinuz "$MY_TMPDIR"/linux
if [[ -d "$sysroot"/boot/efi/EFI/fedora ]]; then if [[ -d "$sysroot"/boot/efi/EFI/fedora ]]; then
@ -721,4 +777,3 @@ EOF
chown "$USER" "${OUTDIR%/*}/${NAME}-latest.json" chown "$USER" "${OUTDIR%/*}/${NAME}-latest.json"
setenforce $OLD_SELINUX setenforce $OLD_SELINUX