Formatting
All checks were successful
Build / Check format (push) Successful in 47s
Build / Build pacwrap (push) Successful in 1m32s

This commit is contained in:
Xavier Moffett 2024-10-11 19:54:49 -04:00
parent 27845d8188
commit 33dd4911ff
Signed by: Sapphirus
GPG key ID: A6C061B2CEA1A7AC
9 changed files with 564 additions and 546 deletions

14
dist/src/bash.bashrc vendored
View file

@ -10,15 +10,17 @@
PS1='$USER \W>\$ '
case ${TERM} in
xterm*|rxvt*|Eterm|aterm|kterm|gnome*|alacritty*)
PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
xterm*|rxvt*|Eterm|aterm|kterm|gnome*|alacritty*)
PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
;;
screen*)
PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
;;
;;
screen*)
PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
;;
esac
[ -r /usr/share/bash-completion/bash_completion ] && . /usr/share/bash-completion/bash_completion
[[ $FAKECHROOT ]] && cd $HOME
# vim:set ts=4 sw=4 et:1

76
dist/src/pacwrap-dist vendored
View file

@ -18,50 +18,50 @@
# along with this program. If not, see <https://www.gnu.org/licenses/>.
user() {
local uid=$PACWRAP_REAL_UID
local gid=$PACWRAP_REAL_GID
local uid=$PACWRAP_REAL_UID
local gid=$PACWRAP_REAL_GID
if [[ "$(cat /etc/passwd | grep $uid:$gid)" ]]; then
return
fi
if [[ "$(cat /etc/passwd | grep $uid:$gid)" ]]; then
return
fi
echo "Creating dummy user.."
echo "user:x:$uid:$gid::/:/usr/bin/nologin" >> /etc/passwd
echo "user:x:$gid:" >> /etc/group
echo "Creating dummy user.."
echo "user:x:$uid:$gid::/:/usr/bin/nologin" >> /etc/passwd
echo "user:x:$gid:" >> /etc/group
}
locale() {
if [[ -f "/etc/locale.conf" ]]; then
return
fi
if [[ -f "/etc/locale.conf" ]]; then
return
fi
echo "Initializing locales.."
if [[ $LANG == "en_US.UTF-8" ]] || [[ -z "$LANG" ]]; then
echo -e "\nen_US.UTF-8 UTF-8" >> /etc/locale.gen
else
echo -e "\nen_US.UTF-8 UTF-8\n$LANG ${LANG#*.}" >> /etc/locale.gen
fi
echo "Initializing locales.."
echo "LANG=$LANG" > /etc/locale.conf
locale-gen
if [[ $LANG == "en_US.UTF-8" ]] || [[ -z "$LANG" ]]; then
echo -e "\nen_US.UTF-8 UTF-8" >> /etc/locale.gen
else
echo -e "\nen_US.UTF-8 UTF-8\n$LANG ${LANG#*.}" >> /etc/locale.gen
fi
echo "LANG=$LANG" > /etc/locale.conf
locale-gen
}
timezone() {
if [[ -f "/etc/localtime" ]]; then
return
fi
if [[ -f "/etc/localtime" ]]; then
return
fi
echo "Setting localtime to UTC..."
ln -s ../usr/share/zoneinfo/UCT /etc/localtime
}
dist() {
locale
timezone
user
echo "Distribution configuration completed."
locale
timezone
user
echo "Distribution configuration completed."
}
pacman() {
@ -74,18 +74,20 @@ pacman() {
}
cert_store() {
chmod -R 755 /usr/share/ca-certificates /etc/ca-certificates
if [[ $? == 0 ]]; then
echo "Applied permissions to certificate stores successfully."
else
echo "Error occurred whilst applying permissions to certificate stores."
fi
chmod -R 755 /usr/share/ca-certificates /etc/ca-certificates
if [[ $? == 0 ]]; then
echo "Applied permissions to certificate stores successfully."
else
echo "Error occurred whilst applying permissions to certificate stores."
fi
}
case $1 in
cert-store) cert_store;;
config) dist;;
cert-store) cert_store;;
config) dist;;
pacman) pacman;;
*) echo "error: Hook parameter '$1' not found.";;
*) echo "error: Hook parameter '$1' not found.";;
esac
# vim:set ts=4 sw=4 et:1

798
dist/src/pacwrap-key vendored
View file

@ -88,46 +88,46 @@ parse_params() {
local count=0
while (( $# )); do case $1 in
--nocolor) count=0; USE_COLOR='n'; shift; continue;;
--verbose) count=0; VERBOSE=1; shift; continue;;
--keyserver) shift; count=0 KEYSERVER=$1; shift; continue;;
--import) SWITCH="iDB";;
--import-trustdb) SWITCH="itDB" ;;
--init) SWITCH="init";;
--list-sigs) SWITCH="ls";;
--lsign-key) SWITCH="lskDB";;
--populate) SWITCH+="pkDB";;
--edit-key) SWITCH="e";;
--refresh-keys) SWITCH="uk";;
-u|--updatedb) SWITCH+="DB";;
-a|--add) SWITCH="aDB";;
-d|--delete) SWITCH="dDB";;
-e|--export) SWITCH="EDB";;
-f|--finger) SWITCH="f";;
-l|--list-keys) SWITCH="lk";;
-r|--recv-keys) SWITCH="rkDB";;
-v|--verify) SWITCH="v";;
-h|--help*) SWITCH="h";;
-V|--version) SWITCH="V";;
-*) invalid_option $1;;
*) TARGETS+=($1); shift; continue;
esac
--nocolor) count=0; USE_COLOR='n'; shift; continue;;
--verbose) count=0; VERBOSE=1; shift; continue;;
--keyserver) shift; count=0 KEYSERVER=$1; shift; continue;;
--import) SWITCH="iDB";;
--import-trustdb) SWITCH="itDB" ;;
--init) SWITCH="init";;
--list-sigs) SWITCH="ls";;
--lsign-key) SWITCH="lskDB";;
--populate) SWITCH+="pkDB";;
--edit-key) SWITCH="e";;
--refresh-keys) SWITCH="uk";;
-u|--updatedb) SWITCH+="DB";;
-a|--add) SWITCH="aDB";;
-d|--delete) SWITCH="dDB";;
-e|--export) SWITCH="EDB";;
-f|--finger) SWITCH="f";;
-l|--list-keys) SWITCH="lk";;
-r|--recv-keys) SWITCH="rkDB";;
-v|--verify) SWITCH="v";;
-h|--help*) SWITCH="h";;
-V|--version) SWITCH="V";;
-*) invalid_option $1;;
*) TARGETS+=($1); shift; continue;
esac
if [[ $count > 0 ]]; then
invalid_option $1
fi
if [[ $count > 0 ]]; then
invalid_option $1
fi
pos+=1; count+=1
shift; done
pos+=1; count+=1
shift; done
}
invalid_option() {
colorize
if [[ -z $@ ]]; then
error "$(gettext "Operation not specified")"
error "$(gettext "Operation not specified")"
else
error "$(gettext "Invalid option '%s'")" "$@"
error "$(gettext "Invalid option '%s'")" "$@"
fi
echo "$(gettext "Try 'pacwrap-key -h' for more information on valid operational parameters.")"
@ -136,7 +136,7 @@ invalid_option() {
man_key() {
cat << _USAGE
cat << _USAGE
${HEADER}NAME$HEADER_RESET
${TAB}pacwrap-key
@ -254,11 +254,11 @@ colorize() {
if [[ ! -z $COLORTERM ]] && [[ $TERM != "dummy" ]] && [[ $USE_COLOR != 'n' ]] && [[ -t 1 ]]; then
RESET=""
BOLD=""
BLUE="${BOLD}"
GREEN="${BOLD}"
RED="${BOLD}"
YELLOW="${BOLD}"
BOLD=""
BLUE="${BOLD}"
GREEN="${BOLD}"
RED="${BOLD}"
YELLOW="${BOLD}"
fi
HEADER=$BOLD
@ -275,35 +275,35 @@ colorize() {
}
msg() {
(( QUIET )) && return
local mesg=$1; shift
printf "${GREEN}->${RESET}${BOLD} ${mesg}${RESET}\n" "$@"
(( QUIET )) && return
local mesg=$1; shift
printf "${GREEN}->${RESET}${BOLD} ${mesg}${RESET}\n" "$@"
}
msg2() {
(( QUIET )) && return
local mesg=$1; shift
printf "${GREEN} ✓ ${RESET}${mesg}\n" "$@"
(( QUIET )) && return
local mesg=$1; shift
printf "${GREEN} ✓ ${RESET}${mesg}\n" "$@"
}
ask() {
local mesg=$1; shift
printf "${BLUE}::${RESET}${BOLD} ${mesg}${RESET}" "$@"
local mesg=$1; shift
printf "${BLUE}::${RESET}${BOLD} ${mesg}${RESET}" "$@"
}
warning() {
local mesg=$1; shift
printf "${YELLOW}$(gettext "warning:")${RESET} ${mesg}\n" "$@" >&2
local mesg=$1; shift
printf "${YELLOW}$(gettext "warning:")${RESET} ${mesg}\n" "$@" >&2
}
error() {
local mesg=$1; shift
printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
local mesg=$1; shift
printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
}
error_fatal() {
local mesg=$1; shift
printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
local mesg=$1; shift
printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
exit 1
}
@ -325,38 +325,38 @@ This program may be freely redstributed under the
terms of the GNU General Public License V3 only.
ENDOF
exit 0
exit 0
}
key_lookup_from_name() {
local ids
local ids
mapfile -t ids < \
<("${GPG_PACWRAP[@]}" --search-keys --batch --with-colons "$1" 2>/dev/null |
awk -F: '$1 == "pub" { print $2 }')
mapfile -t ids < \
<("${GPG_PACWRAP[@]}" --search-keys --batch --with-colons "$1" 2>/dev/null |
awk -F: '$1 == "pub" { print $2 }')
# only return success on non-ambiguous lookup
case ${#ids[*]} in
0)
error "$(gettext "Failed to lookup key by name:") %s" "$name"
return 1
;;
1)
printf '%s' "${ids[0]}"
return 0
;;
*)
error "$(gettext "Key name is ambiguous:") %s" "$name"
return 1
;;
esac
# only return success on non-ambiguous lookup
case ${#ids[*]} in
0)
error "$(gettext "Failed to lookup key by name:") %s" "$name"
return 1
;;
1)
printf '%s' "${ids[0]}"
return 0
;;
*)
error "$(gettext "Key name is ambiguous:") %s" "$name"
return 1
;;
esac
}
generate_master_key() {
# Generate the master key, which will be in both pubring and secring
msg "$(gettext "Generating pacwrap master key...")"
# Generate the master key, which will be in both pubring and secring
msg "$(gettext "Generating pacwrap master key...")"
"${GPG_PACWRAP[@]}" --gen-key --batch <<EOF
"${GPG_PACWRAP[@]}" --gen-key --batch <<EOF
%echo Generating pacwrap keyring master key...
Key-Type: RSA
Key-Length: 4096
@ -371,353 +371,353 @@ EOF
}
secret_keys_available() {
"${GPG_PACWRAP[@]}" -K --with-colons | wc -l
"${GPG_PACWRAP[@]}" -K --with-colons | wc -l
}
# Adds the given gpg.conf option if it is not present in the file.
# Note that if we find it commented out, we won't add the option.
# args: $1 conffile, $2 option-name, $3 (optional) option-value
add_gpg_conf_option() {
local conffile=$1; shift
# looking for the option 'bare', only leading spaces or # chars allowed,
# followed by at least one space and any other text or the end of line.
if ! grep -q "^[[:space:]#]*$*\([[:space:]].*\)*$" "$conffile" &>/dev/null; then
printf '%s\n' "$*" >> "$conffile"
fi
local conffile=$1; shift
# looking for the option 'bare', only leading spaces or # chars allowed,
# followed by at least one space and any other text or the end of line.
if ! grep -q "^[[:space:]#]*$*\([[:space:]].*\)*$" "$conffile" &>/dev/null; then
printf '%s\n' "$*" >> "$conffile"
fi
}
check_keyids_exist() {
local ret=0
for key in "$@"; do
# Verify if the key exists in pacman's keyring
if ! "${GPG_PACWRAP[@]}" --list-keys "$key" &>/dev/null ; then
error "$(gettext "The key identified by %s could not be found locally.")" "$key"
ret=1
fi
done
if (( ret )); then
exit 1
fi
local ret=0
for key in "$@"; do
# Verify if the key exists in pacman's keyring
if ! "${GPG_PACWRAP[@]}" --list-keys "$key" &>/dev/null ; then
error "$(gettext "The key identified by %s could not be found locally.")" "$key"
ret=1
fi
done
if (( ret )); then
exit 1
fi
}
key_is_lsigned() {
secret_key=$("${GPG_PACWRAP[@]}" --with-colons --list-secret-key --quiet | awk -F : 'NR==1 {print $5}')
while IFS=: read -r type valid _ _ sign_key _; do
if [[ $type != "sig" || $valid != "!" ]]; then
continue
fi
if [[ "$sign_key" == "$secret_key" ]]; then
return 0
fi
done < <("${GPG_PACWRAP[@]}" --with-colons --check-signatures --quiet "$1")
return 1
secret_key=$("${GPG_PACWRAP[@]}" --with-colons --list-secret-key --quiet | awk -F : 'NR==1 {print $5}')
while IFS=: read -r type valid _ _ sign_key _; do
if [[ $type != "sig" || $valid != "!" ]]; then
continue
fi
if [[ "$sign_key" == "$secret_key" ]]; then
return 0
fi
done < <("${GPG_PACWRAP[@]}" --with-colons --check-signatures --quiet "$1")
return 1
}
key_is_revoked() {
while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
if [[ $type != "pub" ]]; then
continue
fi
if [[ $flags == *"D"* ]]; then
return 0
fi
done < <("${GPG_PACWRAP[@]}" --with-colons --list-key --quiet "$1")
return 1
while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
if [[ $type != "pub" ]]; then
continue
fi
if [[ $flags == *"D"* ]]; then
return 0
fi
done < <("${GPG_PACWRAP[@]}" --with-colons --list-key --quiet "$1")
return 1
}
initialize() {
local conffile keyserv
# Check for simple existence rather than for a directory as someone
# may want to use a symlink here
[[ -e ${PACWRAP_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
local conffile keyserv
# Check for simple existence rather than for a directory as someone
# may want to use a symlink here
[[ -e ${PACWRAP_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
# keyring files
[[ -f ${PACWRAP_KEYRING_DIR}/pubring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/pubring.gpg
[[ -f ${PACWRAP_KEYRING_DIR}/secring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/secring.gpg
[[ -f ${PACWRAP_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACWRAP[@]}" --update-trustdb
chmod 644 ${PACWRAP_KEYRING_DIR}/{pubring,trustdb}.gpg
chmod 600 ${PACWRAP_KEYRING_DIR}/secring.gpg
# keyring files
[[ -f ${PACWRAP_KEYRING_DIR}/pubring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/pubring.gpg
[[ -f ${PACWRAP_KEYRING_DIR}/secring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/secring.gpg
[[ -f ${PACWRAP_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACWRAP[@]}" --update-trustdb
chmod 644 ${PACWRAP_KEYRING_DIR}/{pubring,trustdb}.gpg
chmod 600 ${PACWRAP_KEYRING_DIR}/secring.gpg
# gpg.conf
conffile="${PACWRAP_KEYRING_DIR}/gpg.conf"
[[ -f $conffile ]] || touch "$conffile"
chmod 644 "$conffile"
add_gpg_conf_option "$conffile" 'no-greeting'
add_gpg_conf_option "$conffile" 'no-permission-warning'
add_gpg_conf_option "$conffile" 'lock-never'
add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
add_gpg_conf_option "$conffile" 'keyserver-options' 'import-clean'
# gpg.conf
conffile="${PACWRAP_KEYRING_DIR}/gpg.conf"
[[ -f $conffile ]] || touch "$conffile"
chmod 644 "$conffile"
add_gpg_conf_option "$conffile" 'no-greeting'
add_gpg_conf_option "$conffile" 'no-permission-warning'
add_gpg_conf_option "$conffile" 'lock-never'
add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
add_gpg_conf_option "$conffile" 'keyserver-options' 'import-clean'
local gpg_ver=$(gpg --version | awk '{print $3; exit}')
if (( $(vercmp "$gpg_ver" 2.2.17) >= 0 )); then
add_gpg_conf_option "$conffile" 'keyserver-options' 'no-self-sigs-only'
fi
local gpg_ver=$(gpg --version | awk '{print $3; exit}')
if (( $(vercmp "$gpg_ver" 2.2.17) >= 0 )); then
add_gpg_conf_option "$conffile" 'keyserver-options' 'no-self-sigs-only'
fi
# gpg-agent.conf
agent_conffile="${PACWRAP_KEYRING_DIR}/gpg-agent.conf"
[[ -f $agent_conffile ]] || touch "$agent_conffile"
chmod 644 "$agent_conffile"
add_gpg_conf_option "$agent_conffile" 'disable-scdaemon'
# gpg-agent.conf
agent_conffile="${PACWRAP_KEYRING_DIR}/gpg-agent.conf"
[[ -f $agent_conffile ]] || touch "$agent_conffile"
chmod 644 "$agent_conffile"
add_gpg_conf_option "$agent_conffile" 'disable-scdaemon'
# set up a private signing key (if none available)
if [[ $(secret_keys_available) -lt 1 ]]; then
generate_master_key
UPDATEDB=1
fi
# set up a private signing key (if none available)
if [[ $(secret_keys_available) -lt 1 ]]; then
generate_master_key
UPDATEDB=1
fi
}
populate_keyring() {
local KEYRING_IMPORT_DIR='/usr/share/pacman/keyrings'
local KEYRING_IMPORT_DIR='/usr/share/pacman/keyrings'
local keyring KEYRINGIDS=("$@")
local ret=0
if (( ${#KEYRINGIDS[*]} == 0 )); then
# get list of all available keyrings
shopt -s nullglob
KEYRINGIDS=("$KEYRING_IMPORT_DIR"/*.gpg)
shopt -u nullglob
KEYRINGIDS=("${KEYRINGIDS[@]##*/}")
KEYRINGIDS=("${KEYRINGIDS[@]%.gpg}")
if (( ${#KEYRINGIDS[*]} == 0 )); then
error "$(gettext "No keyring files exist in %s.")" "$KEYRING_IMPORT_DIR"
ret=1
fi
else
# verify listed keyrings exist
for keyring in "${KEYRINGIDS[@]}"; do
if [[ ! -f "$KEYRING_IMPORT_DIR/$keyring.gpg" ]]; then
error "$(gettext "The keyring file %s does not exist.")" "$KEYRING_IMPORT_DIR/$keyring.gpg"
ret=1
fi
done
fi
local keyring KEYRINGIDS=("$@")
local ret=0
if (( ${#KEYRINGIDS[*]} == 0 )); then
# get list of all available keyrings
shopt -s nullglob
KEYRINGIDS=("$KEYRING_IMPORT_DIR"/*.gpg)
shopt -u nullglob
KEYRINGIDS=("${KEYRINGIDS[@]##*/}")
KEYRINGIDS=("${KEYRINGIDS[@]%.gpg}")
if (( ${#KEYRINGIDS[*]} == 0 )); then
error "$(gettext "No keyring files exist in %s.")" "$KEYRING_IMPORT_DIR"
ret=1
fi
else
# verify listed keyrings exist
for keyring in "${KEYRINGIDS[@]}"; do
if [[ ! -f "$KEYRING_IMPORT_DIR/$keyring.gpg" ]]; then
error "$(gettext "The keyring file %s does not exist.")" "$KEYRING_IMPORT_DIR/$keyring.gpg"
ret=1
fi
done
fi
if (( ret )); then
exit 1
fi
if (( ret )); then
exit 1
fi
# Variable used for iterating on keyrings
local keys key_id
# Variable used for iterating on keyrings
local keys key_id
# Add keys from requested keyrings
for keyring in "${KEYRINGIDS[@]}"; do
msg "$(gettext "Appending keys from %s.gpg...")" "$keyring"
"${GPG_PACWRAP[@]}" --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
done
# Add keys from requested keyrings
for keyring in "${KEYRINGIDS[@]}"; do
msg "$(gettext "Appending keys from %s.gpg...")" "$keyring"
"${GPG_PACWRAP[@]}" --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
done
# Read the trusted key IDs to an array. Because this is an ownertrust
# file, we know we have the full 40 hex digit fingerprint values.
# Format of ownertrust dump file:
# 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:6:
# 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5:
local -A trusted_ids
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
while IFS=: read key_id _; do
# skip blank lines, comments; these are valid in this file
[[ -z $key_id || ${key_id:0:1} = \# ]] && continue
# Read the trusted key IDs to an array. Because this is an ownertrust
# file, we know we have the full 40 hex digit fingerprint values.
# Format of ownertrust dump file:
# 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:6:
# 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5:
local -A trusted_ids
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
while IFS=: read key_id _; do
# skip blank lines, comments; these are valid in this file
[[ -z $key_id || ${key_id:0:1} = \# ]] && continue
if key_is_lsigned "$key_id" ; then
continue
fi
if key_is_lsigned "$key_id" ; then
continue
fi
# Mark this key to be lsigned
trusted_ids[$key_id]=$keyring
done < "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
fi
done
# Mark this key to be lsigned
trusted_ids[$key_id]=$keyring
done < "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
fi
done
local -A revoked_ids
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -s $KEYRING_IMPORT_DIR/$keyring-revoked ]]; then
while read -r key_id; do
if key_is_revoked "$key_id" ; then
continue
fi
local -A revoked_ids
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -s $KEYRING_IMPORT_DIR/$keyring-revoked ]]; then
while read -r key_id; do
if key_is_revoked "$key_id" ; then
continue
fi
revoked_ids["$key_id"]=1
done <"$KEYRING_IMPORT_DIR/$keyring-revoked"
fi
done
revoked_ids["$key_id"]=1
done <"$KEYRING_IMPORT_DIR/$keyring-revoked"
fi
done
if (( ${#trusted_ids[@]} > 0 )); then
msg "$(gettext "Locally signing trusted keys in keyring...")"
lsign_keys "${!trusted_ids[@]}"
msg "$(gettext "Importing owner trust values...")"
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
"${GPG_PACWRAP[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
fi
done
fi
if (( ${#trusted_ids[@]} > 0 )); then
msg "$(gettext "Locally signing trusted keys in keyring...")"
lsign_keys "${!trusted_ids[@]}"
msg "$(gettext "Importing owner trust values...")"
for keyring in "${KEYRINGIDS[@]}"; do
if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
"${GPG_PACWRAP[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
fi
done
fi
if (( ${#revoked_ids[@]} > 0 )); then
local key_count=0
msg "$(gettext "Disabling revoked keys in keyring...")"
for key_id in "${!revoked_ids[@]}"; do
if (( VERBOSE )); then
msg2 "$(gettext "Disabling key %s...")" "${key_id}"
fi
printf 'disable\nquit\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --no-auto-check-trustdb --quiet --batch --edit-key "${key_id}" 2>/dev/null
key_count=$((key_count+1))
done
if (( key_count )); then
msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
fi
fi
if (( ${#revoked_ids[@]} > 0 )); then
local key_count=0
msg "$(gettext "Disabling revoked keys in keyring...")"
for key_id in "${!revoked_ids[@]}"; do
if (( VERBOSE )); then
msg2 "$(gettext "Disabling key %s...")" "${key_id}"
fi
printf 'disable\nquit\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --no-auto-check-trustdb --quiet --batch --edit-key "${key_id}" 2>/dev/null
key_count=$((key_count+1))
done
if (( key_count )); then
msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
fi
fi
}
add_keys() {
if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "$@" ; then
error_fatal "$(gettext "A specified keyfile could not be added to the keyring.")"
fi
if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "$@" ; then
error_fatal "$(gettext "A specified keyfile could not be added to the keyring.")"
fi
}
delete_keys() {
check_keyids_exist "$@"
if ! "${GPG_PACWRAP[@]}" --quiet --batch --delete-key --yes "$@" ; then
error_fatal "$(gettext "A specified key could not be removed from the keyring.")"
fi
check_keyids_exist "$@"
if ! "${GPG_PACWRAP[@]}" --quiet --batch --delete-key --yes "$@" ; then
error_fatal "$(gettext "A specified key could not be removed from the keyring.")"
fi
}
edit_keys() {
check_keyids_exist "$@"
local ret=0
for key in "$@"; do
if ! "${GPG_PACWRAP[@]}" --edit-key "$key" ; then
error "$(gettext "The key identified by %s could not be edited.")" "$key"
ret=1
fi
done
if (( ret )); then
exit 1
fi
check_keyids_exist "$@"
local ret=0
for key in "$@"; do
if ! "${GPG_PACWRAP[@]}" --edit-key "$key" ; then
error "$(gettext "The key identified by %s could not be edited.")" "$key"
ret=1
fi
done
if (( ret )); then
exit 1
fi
}
export_keys() {
check_keyids_exist "$@"
if ! "${GPG_PACWRAP[@]}" --armor --export "$@" ; then
error_fatal "$(gettext "A specified key could not be exported from the keyring.")"
fi
check_keyids_exist "$@"
if ! "${GPG_PACWRAP[@]}" --armor --export "$@" ; then
error_fatal "$(gettext "A specified key could not be exported from the keyring.")"
fi
}
finger_keys() {
check_keyids_exist
if ! "${GPG_PACWRAP[@]}" --batch --fingerprint "$@" ; then
error_fatal "$(gettext "The fingerprint of a specified key could not be determined.")"
fi
check_keyids_exist
if ! "${GPG_PACWRAP[@]}" --batch --fingerprint "$@" ; then
error_fatal "$(gettext "The fingerprint of a specified key could not be determined.")"
fi
}
import_trustdb() {
local importdir
local ret=0
for importdir in "$@"; do
local importdir
local ret=0
for importdir in "$@"; do
if [[ -f "${importdir}/trustdb.gpg" ]]; then
gpg --homedir "${importdir}" --export-ownertrust | \
"${GPG_PACWRAP[@]}" --import-ownertrust -
if (( PIPESTATUS )); then
error "$(gettext "%s could not be imported.")" "${importdir}/trustdb.gpg"
ret=1
fi
else
error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/trustdb.gpg"
ret=1
fi
done
if (( ret )); then
exit 1
fi
gpg --homedir "${importdir}" --export-ownertrust | \
"${GPG_PACWRAP[@]}" --import-ownertrust -
if (( PIPESTATUS )); then
error "$(gettext "%s could not be imported.")" "${importdir}/trustdb.gpg"
ret=1
fi
else
error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/trustdb.gpg"
ret=1
fi
done
if (( ret )); then
exit 1
fi
}
import() {
local importdir
local ret=0
for importdir in "$@"; do
if [[ -f "${importdir}/pubring.gpg" ]]; then
if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "${importdir}/pubring.gpg" ; then
error "$(gettext "%s could not be imported.")" "${importdir}/pubring.gpg"
ret=1
fi
else
error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/pubring.gpg"
ret=1
fi
done
if (( ret )); then
exit 1
fi
local importdir
local ret=0
for importdir in "$@"; do
if [[ -f "${importdir}/pubring.gpg" ]]; then
if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "${importdir}/pubring.gpg" ; then
error "$(gettext "%s could not be imported.")" "${importdir}/pubring.gpg"
ret=1
fi
else
error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/pubring.gpg"
ret=1
fi
done
if (( ret )); then
exit 1
fi
}
list_keys() {
check_keyids_exist
if ! "${GPG_PACWRAP[@]}" --batch --list-keys "$@" ; then
error_fatal "$(gettext "A specified key could not be listed.")"
fi
check_keyids_exist
if ! "${GPG_PACWRAP[@]}" --batch --list-keys "$@" ; then
error_fatal "$(gettext "A specified key could not be listed.")"
fi
}
list_sigs() {
check_keyids_exist
if ! "${GPG_PACWRAP[@]}" --batch --list-sigs "$@" ; then
error_fatal "$(gettext "A specified signature could not be listed.")"
fi
check_keyids_exist
if ! "${GPG_PACWRAP[@]}" --batch --list-sigs "$@" ; then
error_fatal "$(gettext "A specified signature could not be listed.")"
fi
}
lsign_keys() {
check_keyids_exist
check_keyids_exist
local ret=0
local key_count=0
for key_id in "$@"; do
if (( VERBOSE )); then
msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
fi
# we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid
printf 'y\ny\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null
if (( PIPESTATUS[1] )); then
error "$(gettext "%s could not be locally signed.")" "${key_id}"
ret=1
fi
key_count=$((key_count+1))
done
local ret=0
local key_count=0
for key_id in "$@"; do
if (( VERBOSE )); then
msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
fi
# we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid
printf 'y\ny\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null
if (( PIPESTATUS[1] )); then
error "$(gettext "%s could not be locally signed.")" "${key_id}"
ret=1
fi
key_count=$((key_count+1))
done
if (( ret )); then
exit 1
fi
if (( key_count )); then
msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
fi
if (( ret )); then
exit 1
fi
if (( key_count )); then
msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
fi
}
receive_keys() {
local ret=0 name id keyids emails
local ret=0 name id keyids emails
# if the key is not a hex ID, do a lookup
for name; do
if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then
keyids+=("$name")
elif [[ $name = *@*.* ]]; then
emails+=("$name")
elif id=$(key_lookup_from_name "$name"); then
keyids+=("$id")
fi
done
# if the key is not a hex ID, do a lookup
for name; do
if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then
keyids+=("$name")
elif [[ $name = *@*.* ]]; then
emails+=("$name")
elif id=$(key_lookup_from_name "$name"); then
keyids+=("$id")
fi
done
(( ${#keyids[*]}+${#emails[*]} > 0 )) || exit 1
(( ${#keyids[*]}+${#emails[*]} > 0 )) || exit 1
if (( ${#emails[*]} > 0 )) && \
! "${GPG_PACWRAP[@]}" --auto-key-locate clear,nodefault,wkd,keyserver \
--locate-key "${emails[@]}" ; then
error "$(gettext "Remote key not fetched correctly from WKD or keyserver.")"
ret=1
fi
if (( ${#emails[*]} > 0 )) && \
! "${GPG_PACWRAP[@]}" --auto-key-locate clear,nodefault,wkd,keyserver \
--locate-key "${emails[@]}" ; then
error "$(gettext "Remote key not fetched correctly from WKD or keyserver.")"
ret=1
fi
if (( ${#keyids[*]} > 0 )) && ! "${GPG_PACWRAP[@]}" --recv-keys "${keyids[@]}" ; then
error "$(gettext "Remote key not fetched correctly from keyserver.")"
ret=1
fi
if (( ${#keyids[*]} > 0 )) && ! "${GPG_PACWRAP[@]}" --recv-keys "${keyids[@]}" ; then
error "$(gettext "Remote key not fetched correctly from keyserver.")"
ret=1
fi
exit $ret
exit $ret
}
check_keyring() {
@ -727,83 +727,85 @@ check_keyring() {
}
refresh_keys() {
local ret=0 ids masterkey emails
local ret=0 ids masterkey emails
check_keyids_exist "$@"
check_keyids_exist "$@"
# don't try to refresh the user's local masterkey
masterkey="$("${GPG_PACWRAP[@]}" --list-keys --with-colons pacman@localhost |
awk -F: '$1 == "pub" { print $5 }')"
# don't try to refresh the user's local masterkey
masterkey="$("${GPG_PACWRAP[@]}" --list-keys --with-colons pacman@localhost |
awk -F: '$1 == "pub" { print $5 }')"
mapfile -t ids < \
<("${GPG_PACWRAP[@]}" --list-keys --with-colons "$@" |
awk -F: '$1 == "pub" { print $5 }' | grep -vx "$masterkey")
mapfile -t ids < \
<("${GPG_PACWRAP[@]}" --list-keys --with-colons "$@" |
awk -F: '$1 == "pub" { print $5 }' | grep -vx "$masterkey")
for id in "${ids[@]}"; do
mapfile -t emails < \
<("${GPG_PACWRAP[@]}" --list-keys --list-options show-only-fpr-mbox "$id" |
awk '{print $2 }')
for id in "${ids[@]}"; do
mapfile -t emails < \
<("${GPG_PACWRAP[@]}" --list-keys --list-options show-only-fpr-mbox "$id" |
awk '{print $2 }')
# first try looking up the key in a WKD (only works by email address)
for email in "${emails[@]}"; do
"${GPG_PACWRAP[@]}" --locate-external-keys "$email" && break
done
# first try looking up the key in a WKD (only works by email address)
for email in "${emails[@]}"; do
"${GPG_PACWRAP[@]}" --locate-external-keys "$email" && break
done
# if no key was found, fall back to using the keyservers (with the key fingerprint instead)
if (( $? )) && ! "${GPG_PACWRAP[@]}" --refresh-keys "$id"; then
error "$(gettext "Could not update key: %s")" "$id"
ret=1
fi
done
# if no key was found, fall back to using the keyservers (with the key fingerprint instead)
if (( $? )) && ! "${GPG_PACWRAP[@]}" --refresh-keys "$id"; then
error "$(gettext "Could not update key: %s")" "$id"
ret=1
fi
done
exit $ret
exit $ret
}
verify_sig() {
local ret=0 sig=$1 file=$2
if [[ -z $file && -f ${sig%.*} ]]; then
file=${sig%.*}
fi
if [[ -n $file ]]; then
local files=("$sig" "$file")
msg "Checking %s... (detached)" "$sig"
else
local files=("$sig")
msg "Checking %s... (embedded)" "$sig"
fi
if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
error_fatal "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
fi
local ret=0 sig=$1 file=$2
if [[ -z $file && -f ${sig%.*} ]]; then
file=${sig%.*}
fi
if [[ -n $file ]]; then
local files=("$sig" "$file")
msg "Checking %s... (detached)" "$sig"
else
local files=("$sig")
msg "Checking %s... (embedded)" "$sig"
fi
if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
error_fatal "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
fi
"${GPG_PACWRAP[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'
"${GPG_PACWRAP[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'
# return error if GnuPG fails to verify the signature
if [[ "${PIPESTATUS[0]}" -ne 0 ]]; then
error "$(gettext "The signature verification for %s failed.")" "$sig"
ret=1
fi
# return error if GnuPG fails to verify the signature
if [[ "${PIPESTATUS[0]}" -ne 0 ]]; then
error "$(gettext "The signature verification for %s failed.")" "$sig"
ret=1
fi
# return error if the signature is not trusted fully or ultimately
if [[ "${PIPESTATUS[1]}" -ne 0 ]]; then
error "$(gettext "The signature %s is not trusted.")" "$sig"
ret=1
fi
# return error if the signature is not trusted fully or ultimately
if [[ "${PIPESTATUS[1]}" -ne 0 ]]; then
error "$(gettext "The signature %s is not trusted.")" "$sig"
ret=1
fi
exit $ret
exit $ret
}
updatedb() {
msg "$(gettext "Updating trust database...")"
if ! "${GPG_PACWRAP[@]}" --batch --check-trustdb ; then
error_fatal "$(gettext "Trust database could not be updated.")"
fi
msg "$(gettext "Updating trust database...")"
if ! "${GPG_PACWRAP[@]}" --batch --check-trustdb ; then
error_fatal "$(gettext "Trust database could not be updated.")"
fi
}
# PROGRAM START
if ! type gettext &>/dev/null; then
gettext() {
echo "$@"
}
gettext() {
echo "$@"
}
fi
main $@
# vim:set ts=4 sw=4 et:1

36
dist/tools/clean.sh vendored
View file

@ -28,39 +28,41 @@ DIST_RUNTIME="$PWD/dist/runtime"
DIST_SCHEMA="$PWD/dist/schema"
runtime() {
if [[ -d "$DIST_RUNTIME" ]]; then
rm -r "$DIST_RUNTIME"
mkdir -p "$DIST_RUNTIME"
cleaned "container runtime"
if [[ -d "$DIST_RUNTIME" ]]; then
rm -r "$DIST_RUNTIME"
mkdir -p "$DIST_RUNTIME"
cleaned "container runtime"
fi
}
filesystem() {
if [[ -d "$DIST_SCHEMA" ]]; then
rm -r "$DIST_SCHEMA"
mkdir -p "$DIST_SCHEMA"
if [[ -d "$DIST_SCHEMA" ]]; then
rm -r "$DIST_SCHEMA"
mkdir -p "$DIST_SCHEMA"
cleaned "container schema"
fi
}
bin() {
if [[ -d "$DIST_BIN" ]]; then
rm -r "$DIST_BIN"
mkdir -p "$DIST_BIN"
if [[ -d "$DIST_BIN" ]]; then
rm -r "$DIST_BIN"
mkdir -p "$DIST_BIN"
cleaned "bin artifacts"
fi
}
main() {
for var in "$@"; do case $var in
schema) filesystem;;
runtime) runtime;;
for var in "$@"; do case $var in
schema) filesystem;;
runtime) runtime;;
bin) bin;;
all) bin
filesystem
runtime;;
*) error_fatal "Invalid parameter '$1'";;
esac; done
filesystem
runtime;;
*) error_fatal "Invalid parameter '$1'";;
esac; done
}
main $@
# vim:set ts=4 sw=4 et:1

32
dist/tools/common.sh vendored
View file

@ -39,36 +39,36 @@ handle_failure() {
}
error_fatal() {
echo $BOLD$RED"error:$RESET $@";
exit 1
echo $BOLD$RED"error:$RESET $@";
exit 1
}
error() {
echo $BOLD$RED"error:$RESET $@";
echo $BOLD$RED"error:$RESET $@";
}
packaged() {
echo "$GREEN$BOLD Packaged$RESET $@"
echo "$GREEN$BOLD Packaged$RESET $@"
}
cleaned() {
echo "$BOLD$GREEN Cleaned$RESET $@"
echo "$BOLD$GREEN Cleaned$RESET $@"
}
validate_args() {
[[ -z "$1" ]] && error_fatal "release target not specified."
[[ -z "$1" ]] && error_fatal "release target not specified."
case $1 in
release);;
debug) ;;
*) error_fatal "release target $1 is invalid.";;
esac
release);;
debug) ;;
*) error_fatal "release target $1 is invalid.";;
esac
}
layout_dir() {
[[ ! -d "$DIST_SRC" ]] && error_fatal "'$DIST_SRC': src directory not found."
[[ ! -d "$DIST_SRC" ]] && error_fatal "'$DIST_SRC': src directory not found."
mkdir -p $DIST_BIN
mkdir -p $DIST_BIN
}
#
@ -80,7 +80,7 @@ layout_dir() {
# $4: Inlcude date (optional)
#
package() {
[[ ! -f "$1" ]] && error_fatal "'$1': file not found"
[[ ! -f "$1" ]] && error_fatal "'$1': file not found"
([[ -z $1 ]] || [[ -z $2 ]] || [[ -z $3 ]]) && error_fatal "Invalid arguments."
local version=$(version $3 $4)
@ -102,9 +102,9 @@ version() {
case $1 in
release) release="RELEASE"
date=$(git log -1 --date=format:%d/%m/%Y --format=%cd);;
date=$(git log -1 --date=format:%d/%m/%Y --format=%cd);;
debug) release="DEV"
date=$(date +'%d/%m/%Y %T%:z');;
date=$(date +'%d/%m/%Y %T%:z');;
esac
if [[ -z "$tag" ]]; then
@ -121,3 +121,5 @@ version() {
}
COMMON_SCRIPT=1; readonly COMMON_SCRIPT BOLD RED GREEN RESET
# vim:set ts=4 sw=4 et:1

View file

@ -31,3 +31,5 @@ validate_args $1
package $DIST_MAN/pacwrap.1 $DIST_BIN/pacwrap.1 $1
package $DIST_MAN/pacwrap.yml.2 $DIST_BIN/pacwrap.yml.2 $1
./dist/tools/runtime.sh $1
# vim:set ts=4 sw=4 et:1

View file

@ -29,3 +29,5 @@ validate_args $1
layout_dir
package $DIST_SRC/pacwrap-key $DIST_BIN/pacwrap-key $1 0
./dist/tools/schema.sh $1
# vim:set ts=4 sw=4 et:1

68
dist/tools/runtime.sh vendored
View file

@ -62,11 +62,11 @@ LIB_BINS="bash ls gpg grep"
main() {
validate_args $1
prepare_and_validate $1
populate_lib
populate_bin
populate_etc
busybox_links
packaged "container runtime [$1]"
populate_lib
populate_bin
populate_etc
busybox_links
packaged "container runtime [$1]"
}
#
@ -85,8 +85,8 @@ prepare_and_validate() {
mkdir -p $DEST_DIR$LIB_DIR$FAKEROOT$FAKECHROOT $DEST_DIR$BIN_DIR $DEST_DIR$ETC_DIR
if [[ ! -d "$DEST_DIR$LIB_DIR" ]] || [[ ! -d $DEST_DIR$BIN_DIR ]]; then
error_fatal "'$DEST_DIR': directory not found."
fi
error_fatal "'$DEST_DIR': directory not found."
fi
for bin in $LIB_BINS; do
local path=$(type -P $bin)
@ -101,22 +101,22 @@ prepare_and_validate() {
# Clean build artifacts
#
clean() {
if [[ -d "$DEST_DIR" ]]; then
rm -r "$DEST_DIR"
mkdir -p "$DEST_DIR"
cleaned "container runtime"
fi
if [[ -d "$DEST_DIR" ]]; then
rm -r "$DEST_DIR"
mkdir -p "$DEST_DIR"
cleaned "container runtime"
fi
}
#
# Populate libraries for container runtime
#
populate_lib() {
copy_libs ${BIN_PATHS[@]}
cp -L $FAKEROOT_SRC $FAKEROOT_DEST
cp -L $FAKECHROOT_SRC $FAKECHROOT_DEST
ln -s .$FAKEROOT/libfakeroot.so $DEST_DIR$LIB_DIR/libfakeroot.so
ln -s .$FAKEROOT$FAKECHROOT/libfakechroot.so $DEST_DIR$LIB_DIR/libfakechroot.so
copy_libs ${BIN_PATHS[@]}
cp -L $FAKEROOT_SRC $FAKEROOT_DEST
cp -L $FAKECHROOT_SRC $FAKECHROOT_DEST
ln -s .$FAKEROOT/libfakeroot.so $DEST_DIR$LIB_DIR/libfakeroot.so
ln -s .$FAKEROOT$FAKECHROOT/libfakechroot.so $DEST_DIR$LIB_DIR/libfakechroot.so
# Remove debuglink section, to ensure the Arch Build System doesn't complain
for lib in $(find $DEST_DIR$LIB_DIR -maxdepth 3 -type f -printf "%p "); do
@ -128,21 +128,21 @@ populate_lib() {
# Populate binaries for container runtime
#
populate_bin() {
cp ${BIN_PATHS[0]} $DEST_DIR$BIN_DIR/agent
copy_bins $BIN_UTILS $COREUTILS
ln -s bash $DEST_DIR$BIN_DIR/sh
ln -s ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld-linux.so.2
ln -s ../lib64/ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld.so
cp ${BIN_PATHS[0]} $DEST_DIR$BIN_DIR/agent
copy_bins $BIN_UTILS $COREUTILS
ln -s bash $DEST_DIR$BIN_DIR/sh
ln -s ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld-linux.so.2
ln -s ../lib64/ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld.so
}
#
# Populate /etc directory for container runtime
#
populate_etc() {
echo -e "#\n# /etc/bash.bashrc\n#\n# pacwrap runtime\n#\n\n${PROFILE_PS1}\nbind -x $'\"\\C-l\":clear;'\ncd \$HOME\n" > $DEST_DIR$ETC_DIR/bash.bashrc
sed -n 12,20p $DIST_SRC/bash.bashrc >> $DEST_DIR$ETC_DIR/bash.bashrc
echo -e "#\n# /etc/profile - busybox env\n#\n# pacwrap runtime\n#\n\n$PROFILE_PS1\n" > $DEST_DIR$ETC_DIR/profile
echo -e 'printf "\033]0;%s@%s\007" "${USER}" "${HOSTNAME%%.*}"\ncd $HOME' >> $DEST_DIR$ETC_DIR/profile
echo -e "#\n# /etc/bash.bashrc\n#\n# pacwrap runtime\n#\n\n${PROFILE_PS1}\nbind -x $'\"\\C-l\":clear;'\ncd \$HOME\n" > $DEST_DIR$ETC_DIR/bash.bashrc
sed -n 12,20p $DIST_SRC/bash.bashrc >> $DEST_DIR$ETC_DIR/bash.bashrc
echo -e "#\n# /etc/profile - busybox env\n#\n# pacwrap runtime\n#\n\n$PROFILE_PS1\n" > $DEST_DIR$ETC_DIR/profile
echo -e 'printf "\033]0;%s@%s\007" "${USER}" "${HOSTNAME%%.*}"\ncd $HOME' >> $DEST_DIR$ETC_DIR/profile
}
#
@ -151,13 +151,13 @@ populate_etc() {
busybox_links() {
for applet in $(busybox --list); do
if [[ "${COREUTILS[@]}" == *$applet* ]] ||
[[ "${BIN_UTILS[@]}" == *$applet* ]] ||
[[ $applet == "busybox" ]]; then
continue
[[ "${BIN_UTILS[@]}" == *$applet* ]] ||
[[ $applet == "busybox" ]]; then
continue
fi
ln -s busybox ./dist/runtime/bin/$applet
done
ln -s busybox ./dist/runtime/bin/$applet
done
}
#
@ -166,7 +166,7 @@ busybox_links() {
# $@: takes an array of system library paths
#
copy_libs() {
for path in ${@}; do
for path in ${@}; do
ldd $path | sed -e "s/.*=> //g;s/ (.*)//g;s/\t.*//g" | xargs cp -Lt $DEST_DIR$LIB_DIR
done
}
@ -177,7 +177,7 @@ copy_libs() {
# $@: takes an array of system binaries located in /usr/bin
#
copy_bins() {
for bin in ${@}; do
for bin in ${@}; do
cp $(type -P $bin) $DEST_DIR$BIN_DIR/$bin
if [[ $bin == "fakeroot" ]]; then
@ -190,3 +190,5 @@ copy_bins() {
}
main $@
# vim:set ts=4 sw=4 et:1

82
dist/tools/schema.sh vendored
View file

@ -39,9 +39,9 @@ DEST_DIR="$PWD/dist/schema"
#
main() {
prepare_and_validate
populate_usr
populate_etc
create_archive $1
populate_usr
populate_etc
create_archive $1
packaged "container schema [$1]"
}
@ -49,27 +49,27 @@ main() {
# Validate and prepare staging environment
#
prepare_and_validate() {
clean
mkdir -p $DEST_DIR$USR_DIR $DEST_DIR$ETC_DIR $DIST_BIN
clean
mkdir -p $DEST_DIR$USR_DIR $DEST_DIR$ETC_DIR $DIST_BIN
if [[ ! -d "$DEST_DIR$LIB_DIR" ]] || [[ ! -d $DEST_DIR$BIN_DIR ]]; then
error_fatal "'$DEST_DIR': directory not found."
fi
if [[ ! -d "$DEST_DIR$LIB_DIR" ]] || [[ ! -d $DEST_DIR$BIN_DIR ]]; then
error_fatal "'$DEST_DIR': directory not found."
fi
if [[ ! -d "$DIST_SRC" ]]; then
error_fatal "'$DIST_SRC': directory not found."
fi
error_fatal "'$DIST_SRC': directory not found."
fi
}
#
# Clean build artifacts
#
clean() {
if [[ -d "$DEST_DIR" ]]; then
rm -r "$DEST_DIR"
mkdir -p "$DEST_DIR"
cleaned "container schema"
fi
if [[ -d "$DEST_DIR" ]]; then
rm -r "$DEST_DIR"
mkdir -p "$DEST_DIR"
cleaned "container schema"
fi
}
#
@ -77,21 +77,21 @@ clean() {
#
create_archive() {
cd $DEST_DIR
tar acf ../bin/filesystem.tar.zst *
tar acf ../bin/filesystem.tar.zst *
}
#
# Populate usr for container filesystem
#
populate_usr() {
mkdir -p "${DEST_DIR}/usr/share/libalpm/hooks/" \
"${DEST_DIR}/usr/share/libalpm/scripts/" \
"${DEST_DIR}/usr/local/bin" \
"${DEST_DIR}/usr/lib/"
mkdir -p "${DEST_DIR}/usr/share/libalpm/hooks/" \
"${DEST_DIR}/usr/share/libalpm/scripts/" \
"${DEST_DIR}/usr/local/bin" \
"${DEST_DIR}/usr/lib/"
ln -s /usr/lib/flatpak-xdg-utils/xdg-open "${DEST_DIR}/usr/local/bin/"
ln -s /usr/lib/flatpak-xdg-utils/xdg-email "${DEST_DIR}/usr/local/bin/"
ln -s /usr/lib/flatpak-xdg-utils/xdg-open "${DEST_DIR}/usr/local/bin/"
ln -s /usr/lib/flatpak-xdg-utils/xdg-email "${DEST_DIR}/usr/local/bin/"
install -Dm 644 "$DIST_SRC/0-pacwrap-dist.hook" "${DEST_DIR}/usr/share/libalpm/hooks/0-pacwrap-dist.hook"
install -Dm 644 "$DIST_SRC/1-pacwrap-dist.hook" "${DEST_DIR}/usr/share/libalpm/hooks/1-pacwrap-dist.hook"
@ -106,25 +106,27 @@ populate_usr() {
# Populate etc for container filesystem
#
populate_etc() {
local pacman_hooks=('20-systemd-sysusers'
'30-systemd-tmpfiles'
'30-systemd-daemon-reload-system'
'30-systemd-daemon-reload-user'
'30-systemd-sysctl'
'30-systemd-catalog'
'30-systemd-update'
'30-systemd-udev-reload'
'30-systemd-hwdb'
'dbus-reload')
# Systemd cannot be started securely in an unprivileged namespace, therefore
# disable unnecessary systemd hooks in order to speed up transaction times.
mkdir -p "${DEST_DIR}/etc/pacman.d/hooks/" "${DEST_DIR}/usr/local/bin/"
for pacman_hook in ${pacman_hooks[@]}; do
ln -s /dev/null "${DEST_DIR}/etc/pacman.d/hooks/${pacman_hook}.hook"; done
local pacman_hooks=('20-systemd-sysusers'
'30-systemd-tmpfiles'
'30-systemd-daemon-reload-system'
'30-systemd-daemon-reload-user'
'30-systemd-sysctl'
'30-systemd-catalog'
'30-systemd-update'
'30-systemd-udev-reload'
'30-systemd-hwdb'
'dbus-reload')
# Provide our own /etc/bash.bashrc
cp "$DIST_SRC/bash.bashrc" "$DEST_DIR$ETC_DIR"
# Systemd cannot be started securely in an unprivileged namespace, therefore
# disable unnecessary systemd hooks in order to speed up transaction times.
mkdir -p "${DEST_DIR}/etc/pacman.d/hooks/" "${DEST_DIR}/usr/local/bin/"
for pacman_hook in ${pacman_hooks[@]}; do
ln -s /dev/null "${DEST_DIR}/etc/pacman.d/hooks/${pacman_hook}.hook"; done
# Provide our own /etc/bash.bashrc
cp "$DIST_SRC/bash.bashrc" "$DEST_DIR$ETC_DIR"
}
main $@
# vim:set ts=4 sw=4 et:1