Formatting
This commit is contained in:
parent
27845d8188
commit
33dd4911ff
9 changed files with 564 additions and 546 deletions
14
dist/src/bash.bashrc
vendored
14
dist/src/bash.bashrc
vendored
|
@ -10,15 +10,17 @@
|
|||
PS1='$USER \W>\$ '
|
||||
|
||||
case ${TERM} in
|
||||
xterm*|rxvt*|Eterm|aterm|kterm|gnome*|alacritty*)
|
||||
PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
|
||||
xterm*|rxvt*|Eterm|aterm|kterm|gnome*|alacritty*)
|
||||
PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
|
||||
|
||||
;;
|
||||
screen*)
|
||||
PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
|
||||
;;
|
||||
;;
|
||||
screen*)
|
||||
PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
|
||||
;;
|
||||
esac
|
||||
|
||||
[ -r /usr/share/bash-completion/bash_completion ] && . /usr/share/bash-completion/bash_completion
|
||||
|
||||
[[ $FAKECHROOT ]] && cd $HOME
|
||||
|
||||
# vim:set ts=4 sw=4 et:1
|
||||
|
|
76
dist/src/pacwrap-dist
vendored
76
dist/src/pacwrap-dist
vendored
|
@ -18,50 +18,50 @@
|
|||
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
user() {
|
||||
local uid=$PACWRAP_REAL_UID
|
||||
local gid=$PACWRAP_REAL_GID
|
||||
local uid=$PACWRAP_REAL_UID
|
||||
local gid=$PACWRAP_REAL_GID
|
||||
|
||||
if [[ "$(cat /etc/passwd | grep $uid:$gid)" ]]; then
|
||||
return
|
||||
fi
|
||||
if [[ "$(cat /etc/passwd | grep $uid:$gid)" ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
|
||||
echo "Creating dummy user.."
|
||||
echo "user:x:$uid:$gid::/:/usr/bin/nologin" >> /etc/passwd
|
||||
echo "user:x:$gid:" >> /etc/group
|
||||
echo "Creating dummy user.."
|
||||
echo "user:x:$uid:$gid::/:/usr/bin/nologin" >> /etc/passwd
|
||||
echo "user:x:$gid:" >> /etc/group
|
||||
}
|
||||
|
||||
locale() {
|
||||
if [[ -f "/etc/locale.conf" ]]; then
|
||||
return
|
||||
fi
|
||||
if [[ -f "/etc/locale.conf" ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
echo "Initializing locales.."
|
||||
|
||||
if [[ $LANG == "en_US.UTF-8" ]] || [[ -z "$LANG" ]]; then
|
||||
echo -e "\nen_US.UTF-8 UTF-8" >> /etc/locale.gen
|
||||
else
|
||||
echo -e "\nen_US.UTF-8 UTF-8\n$LANG ${LANG#*.}" >> /etc/locale.gen
|
||||
fi
|
||||
echo "Initializing locales.."
|
||||
|
||||
echo "LANG=$LANG" > /etc/locale.conf
|
||||
locale-gen
|
||||
if [[ $LANG == "en_US.UTF-8" ]] || [[ -z "$LANG" ]]; then
|
||||
echo -e "\nen_US.UTF-8 UTF-8" >> /etc/locale.gen
|
||||
else
|
||||
echo -e "\nen_US.UTF-8 UTF-8\n$LANG ${LANG#*.}" >> /etc/locale.gen
|
||||
fi
|
||||
|
||||
echo "LANG=$LANG" > /etc/locale.conf
|
||||
locale-gen
|
||||
}
|
||||
|
||||
timezone() {
|
||||
if [[ -f "/etc/localtime" ]]; then
|
||||
return
|
||||
fi
|
||||
if [[ -f "/etc/localtime" ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
echo "Setting localtime to UTC..."
|
||||
ln -s ../usr/share/zoneinfo/UCT /etc/localtime
|
||||
}
|
||||
|
||||
dist() {
|
||||
locale
|
||||
timezone
|
||||
user
|
||||
echo "Distribution configuration completed."
|
||||
locale
|
||||
timezone
|
||||
user
|
||||
echo "Distribution configuration completed."
|
||||
}
|
||||
|
||||
pacman() {
|
||||
|
@ -74,18 +74,20 @@ pacman() {
|
|||
}
|
||||
|
||||
cert_store() {
|
||||
chmod -R 755 /usr/share/ca-certificates /etc/ca-certificates
|
||||
|
||||
if [[ $? == 0 ]]; then
|
||||
echo "Applied permissions to certificate stores successfully."
|
||||
else
|
||||
echo "Error occurred whilst applying permissions to certificate stores."
|
||||
fi
|
||||
chmod -R 755 /usr/share/ca-certificates /etc/ca-certificates
|
||||
|
||||
if [[ $? == 0 ]]; then
|
||||
echo "Applied permissions to certificate stores successfully."
|
||||
else
|
||||
echo "Error occurred whilst applying permissions to certificate stores."
|
||||
fi
|
||||
}
|
||||
|
||||
case $1 in
|
||||
cert-store) cert_store;;
|
||||
config) dist;;
|
||||
cert-store) cert_store;;
|
||||
config) dist;;
|
||||
pacman) pacman;;
|
||||
*) echo "error: Hook parameter '$1' not found.";;
|
||||
*) echo "error: Hook parameter '$1' not found.";;
|
||||
esac
|
||||
|
||||
# vim:set ts=4 sw=4 et:1
|
||||
|
|
798
dist/src/pacwrap-key
vendored
798
dist/src/pacwrap-key
vendored
|
@ -88,46 +88,46 @@ parse_params() {
|
|||
local count=0
|
||||
|
||||
while (( $# )); do case $1 in
|
||||
--nocolor) count=0; USE_COLOR='n'; shift; continue;;
|
||||
--verbose) count=0; VERBOSE=1; shift; continue;;
|
||||
--keyserver) shift; count=0 KEYSERVER=$1; shift; continue;;
|
||||
--import) SWITCH="iDB";;
|
||||
--import-trustdb) SWITCH="itDB" ;;
|
||||
--init) SWITCH="init";;
|
||||
--list-sigs) SWITCH="ls";;
|
||||
--lsign-key) SWITCH="lskDB";;
|
||||
--populate) SWITCH+="pkDB";;
|
||||
--edit-key) SWITCH="e";;
|
||||
--refresh-keys) SWITCH="uk";;
|
||||
-u|--updatedb) SWITCH+="DB";;
|
||||
-a|--add) SWITCH="aDB";;
|
||||
-d|--delete) SWITCH="dDB";;
|
||||
-e|--export) SWITCH="EDB";;
|
||||
-f|--finger) SWITCH="f";;
|
||||
-l|--list-keys) SWITCH="lk";;
|
||||
-r|--recv-keys) SWITCH="rkDB";;
|
||||
-v|--verify) SWITCH="v";;
|
||||
-h|--help*) SWITCH="h";;
|
||||
-V|--version) SWITCH="V";;
|
||||
-*) invalid_option $1;;
|
||||
*) TARGETS+=($1); shift; continue;
|
||||
esac
|
||||
--nocolor) count=0; USE_COLOR='n'; shift; continue;;
|
||||
--verbose) count=0; VERBOSE=1; shift; continue;;
|
||||
--keyserver) shift; count=0 KEYSERVER=$1; shift; continue;;
|
||||
--import) SWITCH="iDB";;
|
||||
--import-trustdb) SWITCH="itDB" ;;
|
||||
--init) SWITCH="init";;
|
||||
--list-sigs) SWITCH="ls";;
|
||||
--lsign-key) SWITCH="lskDB";;
|
||||
--populate) SWITCH+="pkDB";;
|
||||
--edit-key) SWITCH="e";;
|
||||
--refresh-keys) SWITCH="uk";;
|
||||
-u|--updatedb) SWITCH+="DB";;
|
||||
-a|--add) SWITCH="aDB";;
|
||||
-d|--delete) SWITCH="dDB";;
|
||||
-e|--export) SWITCH="EDB";;
|
||||
-f|--finger) SWITCH="f";;
|
||||
-l|--list-keys) SWITCH="lk";;
|
||||
-r|--recv-keys) SWITCH="rkDB";;
|
||||
-v|--verify) SWITCH="v";;
|
||||
-h|--help*) SWITCH="h";;
|
||||
-V|--version) SWITCH="V";;
|
||||
-*) invalid_option $1;;
|
||||
*) TARGETS+=($1); shift; continue;
|
||||
esac
|
||||
|
||||
if [[ $count > 0 ]]; then
|
||||
invalid_option $1
|
||||
fi
|
||||
if [[ $count > 0 ]]; then
|
||||
invalid_option $1
|
||||
fi
|
||||
|
||||
pos+=1; count+=1
|
||||
shift; done
|
||||
pos+=1; count+=1
|
||||
shift; done
|
||||
}
|
||||
|
||||
invalid_option() {
|
||||
colorize
|
||||
|
||||
if [[ -z $@ ]]; then
|
||||
error "$(gettext "Operation not specified")"
|
||||
error "$(gettext "Operation not specified")"
|
||||
else
|
||||
error "$(gettext "Invalid option '%s'")" "$@"
|
||||
error "$(gettext "Invalid option '%s'")" "$@"
|
||||
fi
|
||||
|
||||
echo "$(gettext "Try 'pacwrap-key -h' for more information on valid operational parameters.")"
|
||||
|
@ -136,7 +136,7 @@ invalid_option() {
|
|||
|
||||
man_key() {
|
||||
|
||||
cat << _USAGE
|
||||
cat << _USAGE
|
||||
${HEADER}NAME$HEADER_RESET
|
||||
${TAB}pacwrap-key
|
||||
|
||||
|
@ -254,11 +254,11 @@ colorize() {
|
|||
|
||||
if [[ ! -z $COLORTERM ]] && [[ $TERM != "dummy" ]] && [[ $USE_COLOR != 'n' ]] && [[ -t 1 ]]; then
|
||||
RESET="[0m"
|
||||
BOLD="[1m"
|
||||
BLUE="${BOLD}[1;36m"
|
||||
GREEN="${BOLD}[1;32m"
|
||||
RED="${BOLD}[1;31m"
|
||||
YELLOW="${BOLD}[33m"
|
||||
BOLD="[1m"
|
||||
BLUE="${BOLD}[1;36m"
|
||||
GREEN="${BOLD}[1;32m"
|
||||
RED="${BOLD}[1;31m"
|
||||
YELLOW="${BOLD}[33m"
|
||||
fi
|
||||
|
||||
HEADER=$BOLD
|
||||
|
@ -275,35 +275,35 @@ colorize() {
|
|||
}
|
||||
|
||||
msg() {
|
||||
(( QUIET )) && return
|
||||
local mesg=$1; shift
|
||||
printf "${GREEN}->${RESET}${BOLD} ${mesg}${RESET}\n" "$@"
|
||||
(( QUIET )) && return
|
||||
local mesg=$1; shift
|
||||
printf "${GREEN}->${RESET}${BOLD} ${mesg}${RESET}\n" "$@"
|
||||
}
|
||||
|
||||
msg2() {
|
||||
(( QUIET )) && return
|
||||
local mesg=$1; shift
|
||||
printf "${GREEN} ✓ ${RESET}${mesg}\n" "$@"
|
||||
(( QUIET )) && return
|
||||
local mesg=$1; shift
|
||||
printf "${GREEN} ✓ ${RESET}${mesg}\n" "$@"
|
||||
}
|
||||
|
||||
ask() {
|
||||
local mesg=$1; shift
|
||||
printf "${BLUE}::${RESET}${BOLD} ${mesg}${RESET}" "$@"
|
||||
local mesg=$1; shift
|
||||
printf "${BLUE}::${RESET}${BOLD} ${mesg}${RESET}" "$@"
|
||||
}
|
||||
|
||||
warning() {
|
||||
local mesg=$1; shift
|
||||
printf "${YELLOW}$(gettext "warning:")${RESET} ${mesg}\n" "$@" >&2
|
||||
local mesg=$1; shift
|
||||
printf "${YELLOW}$(gettext "warning:")${RESET} ${mesg}\n" "$@" >&2
|
||||
}
|
||||
|
||||
error() {
|
||||
local mesg=$1; shift
|
||||
printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
|
||||
local mesg=$1; shift
|
||||
printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
|
||||
}
|
||||
|
||||
error_fatal() {
|
||||
local mesg=$1; shift
|
||||
printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
|
||||
local mesg=$1; shift
|
||||
printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
@ -325,38 +325,38 @@ This program may be freely redstributed under the
|
|||
terms of the GNU General Public License V3 only.
|
||||
|
||||
ENDOF
|
||||
exit 0
|
||||
exit 0
|
||||
}
|
||||
|
||||
key_lookup_from_name() {
|
||||
local ids
|
||||
local ids
|
||||
|
||||
mapfile -t ids < \
|
||||
<("${GPG_PACWRAP[@]}" --search-keys --batch --with-colons "$1" 2>/dev/null |
|
||||
awk -F: '$1 == "pub" { print $2 }')
|
||||
mapfile -t ids < \
|
||||
<("${GPG_PACWRAP[@]}" --search-keys --batch --with-colons "$1" 2>/dev/null |
|
||||
awk -F: '$1 == "pub" { print $2 }')
|
||||
|
||||
# only return success on non-ambiguous lookup
|
||||
case ${#ids[*]} in
|
||||
0)
|
||||
error "$(gettext "Failed to lookup key by name:") %s" "$name"
|
||||
return 1
|
||||
;;
|
||||
1)
|
||||
printf '%s' "${ids[0]}"
|
||||
return 0
|
||||
;;
|
||||
*)
|
||||
error "$(gettext "Key name is ambiguous:") %s" "$name"
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
# only return success on non-ambiguous lookup
|
||||
case ${#ids[*]} in
|
||||
0)
|
||||
error "$(gettext "Failed to lookup key by name:") %s" "$name"
|
||||
return 1
|
||||
;;
|
||||
1)
|
||||
printf '%s' "${ids[0]}"
|
||||
return 0
|
||||
;;
|
||||
*)
|
||||
error "$(gettext "Key name is ambiguous:") %s" "$name"
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
generate_master_key() {
|
||||
# Generate the master key, which will be in both pubring and secring
|
||||
msg "$(gettext "Generating pacwrap master key...")"
|
||||
# Generate the master key, which will be in both pubring and secring
|
||||
msg "$(gettext "Generating pacwrap master key...")"
|
||||
|
||||
"${GPG_PACWRAP[@]}" --gen-key --batch <<EOF
|
||||
"${GPG_PACWRAP[@]}" --gen-key --batch <<EOF
|
||||
%echo Generating pacwrap keyring master key...
|
||||
Key-Type: RSA
|
||||
Key-Length: 4096
|
||||
|
@ -371,353 +371,353 @@ EOF
|
|||
}
|
||||
|
||||
secret_keys_available() {
|
||||
"${GPG_PACWRAP[@]}" -K --with-colons | wc -l
|
||||
"${GPG_PACWRAP[@]}" -K --with-colons | wc -l
|
||||
}
|
||||
|
||||
# Adds the given gpg.conf option if it is not present in the file.
|
||||
# Note that if we find it commented out, we won't add the option.
|
||||
# args: $1 conffile, $2 option-name, $3 (optional) option-value
|
||||
add_gpg_conf_option() {
|
||||
local conffile=$1; shift
|
||||
# looking for the option 'bare', only leading spaces or # chars allowed,
|
||||
# followed by at least one space and any other text or the end of line.
|
||||
if ! grep -q "^[[:space:]#]*$*\([[:space:]].*\)*$" "$conffile" &>/dev/null; then
|
||||
printf '%s\n' "$*" >> "$conffile"
|
||||
fi
|
||||
local conffile=$1; shift
|
||||
# looking for the option 'bare', only leading spaces or # chars allowed,
|
||||
# followed by at least one space and any other text or the end of line.
|
||||
if ! grep -q "^[[:space:]#]*$*\([[:space:]].*\)*$" "$conffile" &>/dev/null; then
|
||||
printf '%s\n' "$*" >> "$conffile"
|
||||
fi
|
||||
}
|
||||
|
||||
check_keyids_exist() {
|
||||
local ret=0
|
||||
for key in "$@"; do
|
||||
# Verify if the key exists in pacman's keyring
|
||||
if ! "${GPG_PACWRAP[@]}" --list-keys "$key" &>/dev/null ; then
|
||||
error "$(gettext "The key identified by %s could not be found locally.")" "$key"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
local ret=0
|
||||
for key in "$@"; do
|
||||
# Verify if the key exists in pacman's keyring
|
||||
if ! "${GPG_PACWRAP[@]}" --list-keys "$key" &>/dev/null ; then
|
||||
error "$(gettext "The key identified by %s could not be found locally.")" "$key"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
key_is_lsigned() {
|
||||
secret_key=$("${GPG_PACWRAP[@]}" --with-colons --list-secret-key --quiet | awk -F : 'NR==1 {print $5}')
|
||||
while IFS=: read -r type valid _ _ sign_key _; do
|
||||
if [[ $type != "sig" || $valid != "!" ]]; then
|
||||
continue
|
||||
fi
|
||||
if [[ "$sign_key" == "$secret_key" ]]; then
|
||||
return 0
|
||||
fi
|
||||
done < <("${GPG_PACWRAP[@]}" --with-colons --check-signatures --quiet "$1")
|
||||
return 1
|
||||
secret_key=$("${GPG_PACWRAP[@]}" --with-colons --list-secret-key --quiet | awk -F : 'NR==1 {print $5}')
|
||||
while IFS=: read -r type valid _ _ sign_key _; do
|
||||
if [[ $type != "sig" || $valid != "!" ]]; then
|
||||
continue
|
||||
fi
|
||||
if [[ "$sign_key" == "$secret_key" ]]; then
|
||||
return 0
|
||||
fi
|
||||
done < <("${GPG_PACWRAP[@]}" --with-colons --check-signatures --quiet "$1")
|
||||
return 1
|
||||
}
|
||||
|
||||
key_is_revoked() {
|
||||
while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
|
||||
if [[ $type != "pub" ]]; then
|
||||
continue
|
||||
fi
|
||||
if [[ $flags == *"D"* ]]; then
|
||||
return 0
|
||||
fi
|
||||
done < <("${GPG_PACWRAP[@]}" --with-colons --list-key --quiet "$1")
|
||||
return 1
|
||||
while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
|
||||
if [[ $type != "pub" ]]; then
|
||||
continue
|
||||
fi
|
||||
if [[ $flags == *"D"* ]]; then
|
||||
return 0
|
||||
fi
|
||||
done < <("${GPG_PACWRAP[@]}" --with-colons --list-key --quiet "$1")
|
||||
return 1
|
||||
}
|
||||
|
||||
initialize() {
|
||||
local conffile keyserv
|
||||
# Check for simple existence rather than for a directory as someone
|
||||
# may want to use a symlink here
|
||||
[[ -e ${PACWRAP_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
|
||||
local conffile keyserv
|
||||
# Check for simple existence rather than for a directory as someone
|
||||
# may want to use a symlink here
|
||||
[[ -e ${PACWRAP_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
|
||||
|
||||
# keyring files
|
||||
[[ -f ${PACWRAP_KEYRING_DIR}/pubring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/pubring.gpg
|
||||
[[ -f ${PACWRAP_KEYRING_DIR}/secring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/secring.gpg
|
||||
[[ -f ${PACWRAP_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACWRAP[@]}" --update-trustdb
|
||||
chmod 644 ${PACWRAP_KEYRING_DIR}/{pubring,trustdb}.gpg
|
||||
chmod 600 ${PACWRAP_KEYRING_DIR}/secring.gpg
|
||||
# keyring files
|
||||
[[ -f ${PACWRAP_KEYRING_DIR}/pubring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/pubring.gpg
|
||||
[[ -f ${PACWRAP_KEYRING_DIR}/secring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/secring.gpg
|
||||
[[ -f ${PACWRAP_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACWRAP[@]}" --update-trustdb
|
||||
chmod 644 ${PACWRAP_KEYRING_DIR}/{pubring,trustdb}.gpg
|
||||
chmod 600 ${PACWRAP_KEYRING_DIR}/secring.gpg
|
||||
|
||||
# gpg.conf
|
||||
conffile="${PACWRAP_KEYRING_DIR}/gpg.conf"
|
||||
[[ -f $conffile ]] || touch "$conffile"
|
||||
chmod 644 "$conffile"
|
||||
add_gpg_conf_option "$conffile" 'no-greeting'
|
||||
add_gpg_conf_option "$conffile" 'no-permission-warning'
|
||||
add_gpg_conf_option "$conffile" 'lock-never'
|
||||
add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
|
||||
add_gpg_conf_option "$conffile" 'keyserver-options' 'import-clean'
|
||||
# gpg.conf
|
||||
conffile="${PACWRAP_KEYRING_DIR}/gpg.conf"
|
||||
[[ -f $conffile ]] || touch "$conffile"
|
||||
chmod 644 "$conffile"
|
||||
add_gpg_conf_option "$conffile" 'no-greeting'
|
||||
add_gpg_conf_option "$conffile" 'no-permission-warning'
|
||||
add_gpg_conf_option "$conffile" 'lock-never'
|
||||
add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
|
||||
add_gpg_conf_option "$conffile" 'keyserver-options' 'import-clean'
|
||||
|
||||
local gpg_ver=$(gpg --version | awk '{print $3; exit}')
|
||||
if (( $(vercmp "$gpg_ver" 2.2.17) >= 0 )); then
|
||||
add_gpg_conf_option "$conffile" 'keyserver-options' 'no-self-sigs-only'
|
||||
fi
|
||||
local gpg_ver=$(gpg --version | awk '{print $3; exit}')
|
||||
if (( $(vercmp "$gpg_ver" 2.2.17) >= 0 )); then
|
||||
add_gpg_conf_option "$conffile" 'keyserver-options' 'no-self-sigs-only'
|
||||
fi
|
||||
|
||||
# gpg-agent.conf
|
||||
agent_conffile="${PACWRAP_KEYRING_DIR}/gpg-agent.conf"
|
||||
[[ -f $agent_conffile ]] || touch "$agent_conffile"
|
||||
chmod 644 "$agent_conffile"
|
||||
add_gpg_conf_option "$agent_conffile" 'disable-scdaemon'
|
||||
# gpg-agent.conf
|
||||
agent_conffile="${PACWRAP_KEYRING_DIR}/gpg-agent.conf"
|
||||
[[ -f $agent_conffile ]] || touch "$agent_conffile"
|
||||
chmod 644 "$agent_conffile"
|
||||
add_gpg_conf_option "$agent_conffile" 'disable-scdaemon'
|
||||
|
||||
# set up a private signing key (if none available)
|
||||
if [[ $(secret_keys_available) -lt 1 ]]; then
|
||||
generate_master_key
|
||||
UPDATEDB=1
|
||||
fi
|
||||
# set up a private signing key (if none available)
|
||||
if [[ $(secret_keys_available) -lt 1 ]]; then
|
||||
generate_master_key
|
||||
UPDATEDB=1
|
||||
fi
|
||||
}
|
||||
|
||||
populate_keyring() {
|
||||
local KEYRING_IMPORT_DIR='/usr/share/pacman/keyrings'
|
||||
local KEYRING_IMPORT_DIR='/usr/share/pacman/keyrings'
|
||||
|
||||
local keyring KEYRINGIDS=("$@")
|
||||
local ret=0
|
||||
if (( ${#KEYRINGIDS[*]} == 0 )); then
|
||||
# get list of all available keyrings
|
||||
shopt -s nullglob
|
||||
KEYRINGIDS=("$KEYRING_IMPORT_DIR"/*.gpg)
|
||||
shopt -u nullglob
|
||||
KEYRINGIDS=("${KEYRINGIDS[@]##*/}")
|
||||
KEYRINGIDS=("${KEYRINGIDS[@]%.gpg}")
|
||||
if (( ${#KEYRINGIDS[*]} == 0 )); then
|
||||
error "$(gettext "No keyring files exist in %s.")" "$KEYRING_IMPORT_DIR"
|
||||
ret=1
|
||||
fi
|
||||
else
|
||||
# verify listed keyrings exist
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
if [[ ! -f "$KEYRING_IMPORT_DIR/$keyring.gpg" ]]; then
|
||||
error "$(gettext "The keyring file %s does not exist.")" "$KEYRING_IMPORT_DIR/$keyring.gpg"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
fi
|
||||
local keyring KEYRINGIDS=("$@")
|
||||
local ret=0
|
||||
if (( ${#KEYRINGIDS[*]} == 0 )); then
|
||||
# get list of all available keyrings
|
||||
shopt -s nullglob
|
||||
KEYRINGIDS=("$KEYRING_IMPORT_DIR"/*.gpg)
|
||||
shopt -u nullglob
|
||||
KEYRINGIDS=("${KEYRINGIDS[@]##*/}")
|
||||
KEYRINGIDS=("${KEYRINGIDS[@]%.gpg}")
|
||||
if (( ${#KEYRINGIDS[*]} == 0 )); then
|
||||
error "$(gettext "No keyring files exist in %s.")" "$KEYRING_IMPORT_DIR"
|
||||
ret=1
|
||||
fi
|
||||
else
|
||||
# verify listed keyrings exist
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
if [[ ! -f "$KEYRING_IMPORT_DIR/$keyring.gpg" ]]; then
|
||||
error "$(gettext "The keyring file %s does not exist.")" "$KEYRING_IMPORT_DIR/$keyring.gpg"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Variable used for iterating on keyrings
|
||||
local keys key_id
|
||||
# Variable used for iterating on keyrings
|
||||
local keys key_id
|
||||
|
||||
# Add keys from requested keyrings
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
msg "$(gettext "Appending keys from %s.gpg...")" "$keyring"
|
||||
"${GPG_PACWRAP[@]}" --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
|
||||
done
|
||||
# Add keys from requested keyrings
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
msg "$(gettext "Appending keys from %s.gpg...")" "$keyring"
|
||||
"${GPG_PACWRAP[@]}" --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
|
||||
done
|
||||
|
||||
# Read the trusted key IDs to an array. Because this is an ownertrust
|
||||
# file, we know we have the full 40 hex digit fingerprint values.
|
||||
# Format of ownertrust dump file:
|
||||
# 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:6:
|
||||
# 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5:
|
||||
local -A trusted_ids
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
|
||||
while IFS=: read key_id _; do
|
||||
# skip blank lines, comments; these are valid in this file
|
||||
[[ -z $key_id || ${key_id:0:1} = \# ]] && continue
|
||||
# Read the trusted key IDs to an array. Because this is an ownertrust
|
||||
# file, we know we have the full 40 hex digit fingerprint values.
|
||||
# Format of ownertrust dump file:
|
||||
# 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:6:
|
||||
# 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5:
|
||||
local -A trusted_ids
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
|
||||
while IFS=: read key_id _; do
|
||||
# skip blank lines, comments; these are valid in this file
|
||||
[[ -z $key_id || ${key_id:0:1} = \# ]] && continue
|
||||
|
||||
if key_is_lsigned "$key_id" ; then
|
||||
continue
|
||||
fi
|
||||
if key_is_lsigned "$key_id" ; then
|
||||
continue
|
||||
fi
|
||||
|
||||
# Mark this key to be lsigned
|
||||
trusted_ids[$key_id]=$keyring
|
||||
done < "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
|
||||
fi
|
||||
done
|
||||
# Mark this key to be lsigned
|
||||
trusted_ids[$key_id]=$keyring
|
||||
done < "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
|
||||
fi
|
||||
done
|
||||
|
||||
local -A revoked_ids
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
if [[ -s $KEYRING_IMPORT_DIR/$keyring-revoked ]]; then
|
||||
while read -r key_id; do
|
||||
if key_is_revoked "$key_id" ; then
|
||||
continue
|
||||
fi
|
||||
local -A revoked_ids
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
if [[ -s $KEYRING_IMPORT_DIR/$keyring-revoked ]]; then
|
||||
while read -r key_id; do
|
||||
if key_is_revoked "$key_id" ; then
|
||||
continue
|
||||
fi
|
||||
|
||||
revoked_ids["$key_id"]=1
|
||||
done <"$KEYRING_IMPORT_DIR/$keyring-revoked"
|
||||
fi
|
||||
done
|
||||
revoked_ids["$key_id"]=1
|
||||
done <"$KEYRING_IMPORT_DIR/$keyring-revoked"
|
||||
fi
|
||||
done
|
||||
|
||||
if (( ${#trusted_ids[@]} > 0 )); then
|
||||
msg "$(gettext "Locally signing trusted keys in keyring...")"
|
||||
lsign_keys "${!trusted_ids[@]}"
|
||||
msg "$(gettext "Importing owner trust values...")"
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
|
||||
"${GPG_PACWRAP[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
if (( ${#trusted_ids[@]} > 0 )); then
|
||||
msg "$(gettext "Locally signing trusted keys in keyring...")"
|
||||
lsign_keys "${!trusted_ids[@]}"
|
||||
msg "$(gettext "Importing owner trust values...")"
|
||||
for keyring in "${KEYRINGIDS[@]}"; do
|
||||
if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
|
||||
"${GPG_PACWRAP[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if (( ${#revoked_ids[@]} > 0 )); then
|
||||
local key_count=0
|
||||
msg "$(gettext "Disabling revoked keys in keyring...")"
|
||||
for key_id in "${!revoked_ids[@]}"; do
|
||||
if (( VERBOSE )); then
|
||||
msg2 "$(gettext "Disabling key %s...")" "${key_id}"
|
||||
fi
|
||||
printf 'disable\nquit\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --no-auto-check-trustdb --quiet --batch --edit-key "${key_id}" 2>/dev/null
|
||||
key_count=$((key_count+1))
|
||||
done
|
||||
if (( key_count )); then
|
||||
msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
|
||||
fi
|
||||
fi
|
||||
if (( ${#revoked_ids[@]} > 0 )); then
|
||||
local key_count=0
|
||||
msg "$(gettext "Disabling revoked keys in keyring...")"
|
||||
for key_id in "${!revoked_ids[@]}"; do
|
||||
if (( VERBOSE )); then
|
||||
msg2 "$(gettext "Disabling key %s...")" "${key_id}"
|
||||
fi
|
||||
printf 'disable\nquit\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --no-auto-check-trustdb --quiet --batch --edit-key "${key_id}" 2>/dev/null
|
||||
key_count=$((key_count+1))
|
||||
done
|
||||
if (( key_count )); then
|
||||
msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
add_keys() {
|
||||
if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "$@" ; then
|
||||
error_fatal "$(gettext "A specified keyfile could not be added to the keyring.")"
|
||||
fi
|
||||
if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "$@" ; then
|
||||
error_fatal "$(gettext "A specified keyfile could not be added to the keyring.")"
|
||||
fi
|
||||
}
|
||||
|
||||
delete_keys() {
|
||||
check_keyids_exist "$@"
|
||||
if ! "${GPG_PACWRAP[@]}" --quiet --batch --delete-key --yes "$@" ; then
|
||||
error_fatal "$(gettext "A specified key could not be removed from the keyring.")"
|
||||
fi
|
||||
check_keyids_exist "$@"
|
||||
if ! "${GPG_PACWRAP[@]}" --quiet --batch --delete-key --yes "$@" ; then
|
||||
error_fatal "$(gettext "A specified key could not be removed from the keyring.")"
|
||||
fi
|
||||
}
|
||||
|
||||
edit_keys() {
|
||||
check_keyids_exist "$@"
|
||||
local ret=0
|
||||
for key in "$@"; do
|
||||
if ! "${GPG_PACWRAP[@]}" --edit-key "$key" ; then
|
||||
error "$(gettext "The key identified by %s could not be edited.")" "$key"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
check_keyids_exist "$@"
|
||||
local ret=0
|
||||
for key in "$@"; do
|
||||
if ! "${GPG_PACWRAP[@]}" --edit-key "$key" ; then
|
||||
error "$(gettext "The key identified by %s could not be edited.")" "$key"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
export_keys() {
|
||||
check_keyids_exist "$@"
|
||||
if ! "${GPG_PACWRAP[@]}" --armor --export "$@" ; then
|
||||
error_fatal "$(gettext "A specified key could not be exported from the keyring.")"
|
||||
fi
|
||||
check_keyids_exist "$@"
|
||||
if ! "${GPG_PACWRAP[@]}" --armor --export "$@" ; then
|
||||
error_fatal "$(gettext "A specified key could not be exported from the keyring.")"
|
||||
fi
|
||||
}
|
||||
|
||||
finger_keys() {
|
||||
check_keyids_exist
|
||||
if ! "${GPG_PACWRAP[@]}" --batch --fingerprint "$@" ; then
|
||||
error_fatal "$(gettext "The fingerprint of a specified key could not be determined.")"
|
||||
fi
|
||||
check_keyids_exist
|
||||
if ! "${GPG_PACWRAP[@]}" --batch --fingerprint "$@" ; then
|
||||
error_fatal "$(gettext "The fingerprint of a specified key could not be determined.")"
|
||||
fi
|
||||
}
|
||||
|
||||
import_trustdb() {
|
||||
local importdir
|
||||
local ret=0
|
||||
for importdir in "$@"; do
|
||||
local importdir
|
||||
local ret=0
|
||||
for importdir in "$@"; do
|
||||
|
||||
if [[ -f "${importdir}/trustdb.gpg" ]]; then
|
||||
gpg --homedir "${importdir}" --export-ownertrust | \
|
||||
"${GPG_PACWRAP[@]}" --import-ownertrust -
|
||||
if (( PIPESTATUS )); then
|
||||
error "$(gettext "%s could not be imported.")" "${importdir}/trustdb.gpg"
|
||||
ret=1
|
||||
fi
|
||||
else
|
||||
error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/trustdb.gpg"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
gpg --homedir "${importdir}" --export-ownertrust | \
|
||||
"${GPG_PACWRAP[@]}" --import-ownertrust -
|
||||
if (( PIPESTATUS )); then
|
||||
error "$(gettext "%s could not be imported.")" "${importdir}/trustdb.gpg"
|
||||
ret=1
|
||||
fi
|
||||
else
|
||||
error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/trustdb.gpg"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
import() {
|
||||
local importdir
|
||||
local ret=0
|
||||
for importdir in "$@"; do
|
||||
if [[ -f "${importdir}/pubring.gpg" ]]; then
|
||||
if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "${importdir}/pubring.gpg" ; then
|
||||
error "$(gettext "%s could not be imported.")" "${importdir}/pubring.gpg"
|
||||
ret=1
|
||||
fi
|
||||
else
|
||||
error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/pubring.gpg"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
local importdir
|
||||
local ret=0
|
||||
for importdir in "$@"; do
|
||||
if [[ -f "${importdir}/pubring.gpg" ]]; then
|
||||
if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "${importdir}/pubring.gpg" ; then
|
||||
error "$(gettext "%s could not be imported.")" "${importdir}/pubring.gpg"
|
||||
ret=1
|
||||
fi
|
||||
else
|
||||
error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/pubring.gpg"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
list_keys() {
|
||||
check_keyids_exist
|
||||
if ! "${GPG_PACWRAP[@]}" --batch --list-keys "$@" ; then
|
||||
error_fatal "$(gettext "A specified key could not be listed.")"
|
||||
fi
|
||||
check_keyids_exist
|
||||
if ! "${GPG_PACWRAP[@]}" --batch --list-keys "$@" ; then
|
||||
error_fatal "$(gettext "A specified key could not be listed.")"
|
||||
fi
|
||||
}
|
||||
|
||||
list_sigs() {
|
||||
check_keyids_exist
|
||||
if ! "${GPG_PACWRAP[@]}" --batch --list-sigs "$@" ; then
|
||||
error_fatal "$(gettext "A specified signature could not be listed.")"
|
||||
fi
|
||||
check_keyids_exist
|
||||
if ! "${GPG_PACWRAP[@]}" --batch --list-sigs "$@" ; then
|
||||
error_fatal "$(gettext "A specified signature could not be listed.")"
|
||||
fi
|
||||
}
|
||||
|
||||
lsign_keys() {
|
||||
check_keyids_exist
|
||||
check_keyids_exist
|
||||
|
||||
local ret=0
|
||||
local key_count=0
|
||||
for key_id in "$@"; do
|
||||
if (( VERBOSE )); then
|
||||
msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
|
||||
fi
|
||||
# we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid
|
||||
printf 'y\ny\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null
|
||||
if (( PIPESTATUS[1] )); then
|
||||
error "$(gettext "%s could not be locally signed.")" "${key_id}"
|
||||
ret=1
|
||||
fi
|
||||
key_count=$((key_count+1))
|
||||
done
|
||||
local ret=0
|
||||
local key_count=0
|
||||
for key_id in "$@"; do
|
||||
if (( VERBOSE )); then
|
||||
msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
|
||||
fi
|
||||
# we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid
|
||||
printf 'y\ny\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null
|
||||
if (( PIPESTATUS[1] )); then
|
||||
error "$(gettext "%s could not be locally signed.")" "${key_id}"
|
||||
ret=1
|
||||
fi
|
||||
key_count=$((key_count+1))
|
||||
done
|
||||
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
if (( key_count )); then
|
||||
msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
|
||||
fi
|
||||
if (( ret )); then
|
||||
exit 1
|
||||
fi
|
||||
if (( key_count )); then
|
||||
msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
|
||||
fi
|
||||
}
|
||||
|
||||
receive_keys() {
|
||||
local ret=0 name id keyids emails
|
||||
local ret=0 name id keyids emails
|
||||
|
||||
# if the key is not a hex ID, do a lookup
|
||||
for name; do
|
||||
if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then
|
||||
keyids+=("$name")
|
||||
elif [[ $name = *@*.* ]]; then
|
||||
emails+=("$name")
|
||||
elif id=$(key_lookup_from_name "$name"); then
|
||||
keyids+=("$id")
|
||||
fi
|
||||
done
|
||||
# if the key is not a hex ID, do a lookup
|
||||
for name; do
|
||||
if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then
|
||||
keyids+=("$name")
|
||||
elif [[ $name = *@*.* ]]; then
|
||||
emails+=("$name")
|
||||
elif id=$(key_lookup_from_name "$name"); then
|
||||
keyids+=("$id")
|
||||
fi
|
||||
done
|
||||
|
||||
(( ${#keyids[*]}+${#emails[*]} > 0 )) || exit 1
|
||||
(( ${#keyids[*]}+${#emails[*]} > 0 )) || exit 1
|
||||
|
||||
if (( ${#emails[*]} > 0 )) && \
|
||||
! "${GPG_PACWRAP[@]}" --auto-key-locate clear,nodefault,wkd,keyserver \
|
||||
--locate-key "${emails[@]}" ; then
|
||||
error "$(gettext "Remote key not fetched correctly from WKD or keyserver.")"
|
||||
ret=1
|
||||
fi
|
||||
if (( ${#emails[*]} > 0 )) && \
|
||||
! "${GPG_PACWRAP[@]}" --auto-key-locate clear,nodefault,wkd,keyserver \
|
||||
--locate-key "${emails[@]}" ; then
|
||||
error "$(gettext "Remote key not fetched correctly from WKD or keyserver.")"
|
||||
ret=1
|
||||
fi
|
||||
|
||||
if (( ${#keyids[*]} > 0 )) && ! "${GPG_PACWRAP[@]}" --recv-keys "${keyids[@]}" ; then
|
||||
error "$(gettext "Remote key not fetched correctly from keyserver.")"
|
||||
ret=1
|
||||
fi
|
||||
if (( ${#keyids[*]} > 0 )) && ! "${GPG_PACWRAP[@]}" --recv-keys "${keyids[@]}" ; then
|
||||
error "$(gettext "Remote key not fetched correctly from keyserver.")"
|
||||
ret=1
|
||||
fi
|
||||
|
||||
exit $ret
|
||||
exit $ret
|
||||
}
|
||||
|
||||
check_keyring() {
|
||||
|
@ -727,83 +727,85 @@ check_keyring() {
|
|||
}
|
||||
|
||||
refresh_keys() {
|
||||
local ret=0 ids masterkey emails
|
||||
local ret=0 ids masterkey emails
|
||||
|
||||
check_keyids_exist "$@"
|
||||
check_keyids_exist "$@"
|
||||
|
||||
# don't try to refresh the user's local masterkey
|
||||
masterkey="$("${GPG_PACWRAP[@]}" --list-keys --with-colons pacman@localhost |
|
||||
awk -F: '$1 == "pub" { print $5 }')"
|
||||
# don't try to refresh the user's local masterkey
|
||||
masterkey="$("${GPG_PACWRAP[@]}" --list-keys --with-colons pacman@localhost |
|
||||
awk -F: '$1 == "pub" { print $5 }')"
|
||||
|
||||
mapfile -t ids < \
|
||||
<("${GPG_PACWRAP[@]}" --list-keys --with-colons "$@" |
|
||||
awk -F: '$1 == "pub" { print $5 }' | grep -vx "$masterkey")
|
||||
mapfile -t ids < \
|
||||
<("${GPG_PACWRAP[@]}" --list-keys --with-colons "$@" |
|
||||
awk -F: '$1 == "pub" { print $5 }' | grep -vx "$masterkey")
|
||||
|
||||
for id in "${ids[@]}"; do
|
||||
mapfile -t emails < \
|
||||
<("${GPG_PACWRAP[@]}" --list-keys --list-options show-only-fpr-mbox "$id" |
|
||||
awk '{print $2 }')
|
||||
for id in "${ids[@]}"; do
|
||||
mapfile -t emails < \
|
||||
<("${GPG_PACWRAP[@]}" --list-keys --list-options show-only-fpr-mbox "$id" |
|
||||
awk '{print $2 }')
|
||||
|
||||
# first try looking up the key in a WKD (only works by email address)
|
||||
for email in "${emails[@]}"; do
|
||||
"${GPG_PACWRAP[@]}" --locate-external-keys "$email" && break
|
||||
done
|
||||
# first try looking up the key in a WKD (only works by email address)
|
||||
for email in "${emails[@]}"; do
|
||||
"${GPG_PACWRAP[@]}" --locate-external-keys "$email" && break
|
||||
done
|
||||
|
||||
# if no key was found, fall back to using the keyservers (with the key fingerprint instead)
|
||||
if (( $? )) && ! "${GPG_PACWRAP[@]}" --refresh-keys "$id"; then
|
||||
error "$(gettext "Could not update key: %s")" "$id"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
# if no key was found, fall back to using the keyservers (with the key fingerprint instead)
|
||||
if (( $? )) && ! "${GPG_PACWRAP[@]}" --refresh-keys "$id"; then
|
||||
error "$(gettext "Could not update key: %s")" "$id"
|
||||
ret=1
|
||||
fi
|
||||
done
|
||||
|
||||
exit $ret
|
||||
exit $ret
|
||||
}
|
||||
|
||||
verify_sig() {
|
||||
local ret=0 sig=$1 file=$2
|
||||
if [[ -z $file && -f ${sig%.*} ]]; then
|
||||
file=${sig%.*}
|
||||
fi
|
||||
if [[ -n $file ]]; then
|
||||
local files=("$sig" "$file")
|
||||
msg "Checking %s... (detached)" "$sig"
|
||||
else
|
||||
local files=("$sig")
|
||||
msg "Checking %s... (embedded)" "$sig"
|
||||
fi
|
||||
if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
|
||||
error_fatal "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
|
||||
fi
|
||||
local ret=0 sig=$1 file=$2
|
||||
if [[ -z $file && -f ${sig%.*} ]]; then
|
||||
file=${sig%.*}
|
||||
fi
|
||||
if [[ -n $file ]]; then
|
||||
local files=("$sig" "$file")
|
||||
msg "Checking %s... (detached)" "$sig"
|
||||
else
|
||||
local files=("$sig")
|
||||
msg "Checking %s... (embedded)" "$sig"
|
||||
fi
|
||||
if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
|
||||
error_fatal "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
|
||||
fi
|
||||
|
||||
"${GPG_PACWRAP[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'
|
||||
"${GPG_PACWRAP[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'
|
||||
|
||||
# return error if GnuPG fails to verify the signature
|
||||
if [[ "${PIPESTATUS[0]}" -ne 0 ]]; then
|
||||
error "$(gettext "The signature verification for %s failed.")" "$sig"
|
||||
ret=1
|
||||
fi
|
||||
# return error if GnuPG fails to verify the signature
|
||||
if [[ "${PIPESTATUS[0]}" -ne 0 ]]; then
|
||||
error "$(gettext "The signature verification for %s failed.")" "$sig"
|
||||
ret=1
|
||||
fi
|
||||
|
||||
# return error if the signature is not trusted fully or ultimately
|
||||
if [[ "${PIPESTATUS[1]}" -ne 0 ]]; then
|
||||
error "$(gettext "The signature %s is not trusted.")" "$sig"
|
||||
ret=1
|
||||
fi
|
||||
# return error if the signature is not trusted fully or ultimately
|
||||
if [[ "${PIPESTATUS[1]}" -ne 0 ]]; then
|
||||
error "$(gettext "The signature %s is not trusted.")" "$sig"
|
||||
ret=1
|
||||
fi
|
||||
|
||||
exit $ret
|
||||
exit $ret
|
||||
}
|
||||
|
||||
updatedb() {
|
||||
msg "$(gettext "Updating trust database...")"
|
||||
if ! "${GPG_PACWRAP[@]}" --batch --check-trustdb ; then
|
||||
error_fatal "$(gettext "Trust database could not be updated.")"
|
||||
fi
|
||||
msg "$(gettext "Updating trust database...")"
|
||||
if ! "${GPG_PACWRAP[@]}" --batch --check-trustdb ; then
|
||||
error_fatal "$(gettext "Trust database could not be updated.")"
|
||||
fi
|
||||
}
|
||||
|
||||
# PROGRAM START
|
||||
if ! type gettext &>/dev/null; then
|
||||
gettext() {
|
||||
echo "$@"
|
||||
}
|
||||
gettext() {
|
||||
echo "$@"
|
||||
}
|
||||
fi
|
||||
|
||||
main $@
|
||||
|
||||
# vim:set ts=4 sw=4 et:1
|
||||
|
|
36
dist/tools/clean.sh
vendored
36
dist/tools/clean.sh
vendored
|
@ -28,39 +28,41 @@ DIST_RUNTIME="$PWD/dist/runtime"
|
|||
DIST_SCHEMA="$PWD/dist/schema"
|
||||
|
||||
runtime() {
|
||||
if [[ -d "$DIST_RUNTIME" ]]; then
|
||||
rm -r "$DIST_RUNTIME"
|
||||
mkdir -p "$DIST_RUNTIME"
|
||||
cleaned "container runtime"
|
||||
if [[ -d "$DIST_RUNTIME" ]]; then
|
||||
rm -r "$DIST_RUNTIME"
|
||||
mkdir -p "$DIST_RUNTIME"
|
||||
cleaned "container runtime"
|
||||
fi
|
||||
}
|
||||
|
||||
filesystem() {
|
||||
if [[ -d "$DIST_SCHEMA" ]]; then
|
||||
rm -r "$DIST_SCHEMA"
|
||||
mkdir -p "$DIST_SCHEMA"
|
||||
if [[ -d "$DIST_SCHEMA" ]]; then
|
||||
rm -r "$DIST_SCHEMA"
|
||||
mkdir -p "$DIST_SCHEMA"
|
||||
cleaned "container schema"
|
||||
fi
|
||||
}
|
||||
|
||||
bin() {
|
||||
if [[ -d "$DIST_BIN" ]]; then
|
||||
rm -r "$DIST_BIN"
|
||||
mkdir -p "$DIST_BIN"
|
||||
if [[ -d "$DIST_BIN" ]]; then
|
||||
rm -r "$DIST_BIN"
|
||||
mkdir -p "$DIST_BIN"
|
||||
cleaned "bin artifacts"
|
||||
fi
|
||||
}
|
||||
|
||||
main() {
|
||||
for var in "$@"; do case $var in
|
||||
schema) filesystem;;
|
||||
runtime) runtime;;
|
||||
for var in "$@"; do case $var in
|
||||
schema) filesystem;;
|
||||
runtime) runtime;;
|
||||
bin) bin;;
|
||||
all) bin
|
||||
filesystem
|
||||
runtime;;
|
||||
*) error_fatal "Invalid parameter '$1'";;
|
||||
esac; done
|
||||
filesystem
|
||||
runtime;;
|
||||
*) error_fatal "Invalid parameter '$1'";;
|
||||
esac; done
|
||||
}
|
||||
|
||||
main $@
|
||||
|
||||
# vim:set ts=4 sw=4 et:1
|
||||
|
|
32
dist/tools/common.sh
vendored
32
dist/tools/common.sh
vendored
|
@ -39,36 +39,36 @@ handle_failure() {
|
|||
}
|
||||
|
||||
error_fatal() {
|
||||
echo $BOLD$RED"error:$RESET $@";
|
||||
exit 1
|
||||
echo $BOLD$RED"error:$RESET $@";
|
||||
exit 1
|
||||
}
|
||||
|
||||
error() {
|
||||
echo $BOLD$RED"error:$RESET $@";
|
||||
echo $BOLD$RED"error:$RESET $@";
|
||||
}
|
||||
|
||||
packaged() {
|
||||
echo "$GREEN$BOLD Packaged$RESET $@"
|
||||
echo "$GREEN$BOLD Packaged$RESET $@"
|
||||
}
|
||||
|
||||
cleaned() {
|
||||
echo "$BOLD$GREEN Cleaned$RESET $@"
|
||||
echo "$BOLD$GREEN Cleaned$RESET $@"
|
||||
}
|
||||
|
||||
validate_args() {
|
||||
[[ -z "$1" ]] && error_fatal "release target not specified."
|
||||
[[ -z "$1" ]] && error_fatal "release target not specified."
|
||||
|
||||
case $1 in
|
||||
release);;
|
||||
debug) ;;
|
||||
*) error_fatal "release target $1 is invalid.";;
|
||||
esac
|
||||
release);;
|
||||
debug) ;;
|
||||
*) error_fatal "release target $1 is invalid.";;
|
||||
esac
|
||||
}
|
||||
|
||||
layout_dir() {
|
||||
[[ ! -d "$DIST_SRC" ]] && error_fatal "'$DIST_SRC': src directory not found."
|
||||
[[ ! -d "$DIST_SRC" ]] && error_fatal "'$DIST_SRC': src directory not found."
|
||||
|
||||
mkdir -p $DIST_BIN
|
||||
mkdir -p $DIST_BIN
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -80,7 +80,7 @@ layout_dir() {
|
|||
# $4: Inlcude date (optional)
|
||||
#
|
||||
package() {
|
||||
[[ ! -f "$1" ]] && error_fatal "'$1': file not found"
|
||||
[[ ! -f "$1" ]] && error_fatal "'$1': file not found"
|
||||
([[ -z $1 ]] || [[ -z $2 ]] || [[ -z $3 ]]) && error_fatal "Invalid arguments."
|
||||
|
||||
local version=$(version $3 $4)
|
||||
|
@ -102,9 +102,9 @@ version() {
|
|||
|
||||
case $1 in
|
||||
release) release="RELEASE"
|
||||
date=$(git log -1 --date=format:%d/%m/%Y --format=%cd);;
|
||||
date=$(git log -1 --date=format:%d/%m/%Y --format=%cd);;
|
||||
debug) release="DEV"
|
||||
date=$(date +'%d/%m/%Y %T%:z');;
|
||||
date=$(date +'%d/%m/%Y %T%:z');;
|
||||
esac
|
||||
|
||||
if [[ -z "$tag" ]]; then
|
||||
|
@ -121,3 +121,5 @@ version() {
|
|||
}
|
||||
|
||||
COMMON_SCRIPT=1; readonly COMMON_SCRIPT BOLD RED GREEN RESET
|
||||
|
||||
# vim:set ts=4 sw=4 et:1
|
||||
|
|
2
dist/tools/package.sh
vendored
2
dist/tools/package.sh
vendored
|
@ -31,3 +31,5 @@ validate_args $1
|
|||
package $DIST_MAN/pacwrap.1 $DIST_BIN/pacwrap.1 $1
|
||||
package $DIST_MAN/pacwrap.yml.2 $DIST_BIN/pacwrap.yml.2 $1
|
||||
./dist/tools/runtime.sh $1
|
||||
|
||||
# vim:set ts=4 sw=4 et:1
|
||||
|
|
2
dist/tools/prepare.sh
vendored
2
dist/tools/prepare.sh
vendored
|
@ -29,3 +29,5 @@ validate_args $1
|
|||
layout_dir
|
||||
package $DIST_SRC/pacwrap-key $DIST_BIN/pacwrap-key $1 0
|
||||
./dist/tools/schema.sh $1
|
||||
|
||||
# vim:set ts=4 sw=4 et:1
|
||||
|
|
68
dist/tools/runtime.sh
vendored
68
dist/tools/runtime.sh
vendored
|
@ -62,11 +62,11 @@ LIB_BINS="bash ls gpg grep"
|
|||
main() {
|
||||
validate_args $1
|
||||
prepare_and_validate $1
|
||||
populate_lib
|
||||
populate_bin
|
||||
populate_etc
|
||||
busybox_links
|
||||
packaged "container runtime [$1]"
|
||||
populate_lib
|
||||
populate_bin
|
||||
populate_etc
|
||||
busybox_links
|
||||
packaged "container runtime [$1]"
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -85,8 +85,8 @@ prepare_and_validate() {
|
|||
mkdir -p $DEST_DIR$LIB_DIR$FAKEROOT$FAKECHROOT $DEST_DIR$BIN_DIR $DEST_DIR$ETC_DIR
|
||||
|
||||
if [[ ! -d "$DEST_DIR$LIB_DIR" ]] || [[ ! -d $DEST_DIR$BIN_DIR ]]; then
|
||||
error_fatal "'$DEST_DIR': directory not found."
|
||||
fi
|
||||
error_fatal "'$DEST_DIR': directory not found."
|
||||
fi
|
||||
|
||||
for bin in $LIB_BINS; do
|
||||
local path=$(type -P $bin)
|
||||
|
@ -101,22 +101,22 @@ prepare_and_validate() {
|
|||
# Clean build artifacts
|
||||
#
|
||||
clean() {
|
||||
if [[ -d "$DEST_DIR" ]]; then
|
||||
rm -r "$DEST_DIR"
|
||||
mkdir -p "$DEST_DIR"
|
||||
cleaned "container runtime"
|
||||
fi
|
||||
if [[ -d "$DEST_DIR" ]]; then
|
||||
rm -r "$DEST_DIR"
|
||||
mkdir -p "$DEST_DIR"
|
||||
cleaned "container runtime"
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Populate libraries for container runtime
|
||||
#
|
||||
populate_lib() {
|
||||
copy_libs ${BIN_PATHS[@]}
|
||||
cp -L $FAKEROOT_SRC $FAKEROOT_DEST
|
||||
cp -L $FAKECHROOT_SRC $FAKECHROOT_DEST
|
||||
ln -s .$FAKEROOT/libfakeroot.so $DEST_DIR$LIB_DIR/libfakeroot.so
|
||||
ln -s .$FAKEROOT$FAKECHROOT/libfakechroot.so $DEST_DIR$LIB_DIR/libfakechroot.so
|
||||
copy_libs ${BIN_PATHS[@]}
|
||||
cp -L $FAKEROOT_SRC $FAKEROOT_DEST
|
||||
cp -L $FAKECHROOT_SRC $FAKECHROOT_DEST
|
||||
ln -s .$FAKEROOT/libfakeroot.so $DEST_DIR$LIB_DIR/libfakeroot.so
|
||||
ln -s .$FAKEROOT$FAKECHROOT/libfakechroot.so $DEST_DIR$LIB_DIR/libfakechroot.so
|
||||
|
||||
# Remove debuglink section, to ensure the Arch Build System doesn't complain
|
||||
for lib in $(find $DEST_DIR$LIB_DIR -maxdepth 3 -type f -printf "%p "); do
|
||||
|
@ -128,21 +128,21 @@ populate_lib() {
|
|||
# Populate binaries for container runtime
|
||||
#
|
||||
populate_bin() {
|
||||
cp ${BIN_PATHS[0]} $DEST_DIR$BIN_DIR/agent
|
||||
copy_bins $BIN_UTILS $COREUTILS
|
||||
ln -s bash $DEST_DIR$BIN_DIR/sh
|
||||
ln -s ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld-linux.so.2
|
||||
ln -s ../lib64/ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld.so
|
||||
cp ${BIN_PATHS[0]} $DEST_DIR$BIN_DIR/agent
|
||||
copy_bins $BIN_UTILS $COREUTILS
|
||||
ln -s bash $DEST_DIR$BIN_DIR/sh
|
||||
ln -s ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld-linux.so.2
|
||||
ln -s ../lib64/ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld.so
|
||||
}
|
||||
|
||||
#
|
||||
# Populate /etc directory for container runtime
|
||||
#
|
||||
populate_etc() {
|
||||
echo -e "#\n# /etc/bash.bashrc\n#\n# pacwrap runtime\n#\n\n${PROFILE_PS1}\nbind -x $'\"\\C-l\":clear;'\ncd \$HOME\n" > $DEST_DIR$ETC_DIR/bash.bashrc
|
||||
sed -n 12,20p $DIST_SRC/bash.bashrc >> $DEST_DIR$ETC_DIR/bash.bashrc
|
||||
echo -e "#\n# /etc/profile - busybox env\n#\n# pacwrap runtime\n#\n\n$PROFILE_PS1\n" > $DEST_DIR$ETC_DIR/profile
|
||||
echo -e 'printf "\033]0;%s@%s\007" "${USER}" "${HOSTNAME%%.*}"\ncd $HOME' >> $DEST_DIR$ETC_DIR/profile
|
||||
echo -e "#\n# /etc/bash.bashrc\n#\n# pacwrap runtime\n#\n\n${PROFILE_PS1}\nbind -x $'\"\\C-l\":clear;'\ncd \$HOME\n" > $DEST_DIR$ETC_DIR/bash.bashrc
|
||||
sed -n 12,20p $DIST_SRC/bash.bashrc >> $DEST_DIR$ETC_DIR/bash.bashrc
|
||||
echo -e "#\n# /etc/profile - busybox env\n#\n# pacwrap runtime\n#\n\n$PROFILE_PS1\n" > $DEST_DIR$ETC_DIR/profile
|
||||
echo -e 'printf "\033]0;%s@%s\007" "${USER}" "${HOSTNAME%%.*}"\ncd $HOME' >> $DEST_DIR$ETC_DIR/profile
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -151,13 +151,13 @@ populate_etc() {
|
|||
busybox_links() {
|
||||
for applet in $(busybox --list); do
|
||||
if [[ "${COREUTILS[@]}" == *$applet* ]] ||
|
||||
[[ "${BIN_UTILS[@]}" == *$applet* ]] ||
|
||||
[[ $applet == "busybox" ]]; then
|
||||
continue
|
||||
[[ "${BIN_UTILS[@]}" == *$applet* ]] ||
|
||||
[[ $applet == "busybox" ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
ln -s busybox ./dist/runtime/bin/$applet
|
||||
done
|
||||
ln -s busybox ./dist/runtime/bin/$applet
|
||||
done
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -166,7 +166,7 @@ busybox_links() {
|
|||
# $@: takes an array of system library paths
|
||||
#
|
||||
copy_libs() {
|
||||
for path in ${@}; do
|
||||
for path in ${@}; do
|
||||
ldd $path | sed -e "s/.*=> //g;s/ (.*)//g;s/\t.*//g" | xargs cp -Lt $DEST_DIR$LIB_DIR
|
||||
done
|
||||
}
|
||||
|
@ -177,7 +177,7 @@ copy_libs() {
|
|||
# $@: takes an array of system binaries located in /usr/bin
|
||||
#
|
||||
copy_bins() {
|
||||
for bin in ${@}; do
|
||||
for bin in ${@}; do
|
||||
cp $(type -P $bin) $DEST_DIR$BIN_DIR/$bin
|
||||
|
||||
if [[ $bin == "fakeroot" ]]; then
|
||||
|
@ -190,3 +190,5 @@ copy_bins() {
|
|||
}
|
||||
|
||||
main $@
|
||||
|
||||
# vim:set ts=4 sw=4 et:1
|
||||
|
|
82
dist/tools/schema.sh
vendored
82
dist/tools/schema.sh
vendored
|
@ -39,9 +39,9 @@ DEST_DIR="$PWD/dist/schema"
|
|||
#
|
||||
main() {
|
||||
prepare_and_validate
|
||||
populate_usr
|
||||
populate_etc
|
||||
create_archive $1
|
||||
populate_usr
|
||||
populate_etc
|
||||
create_archive $1
|
||||
packaged "container schema [$1]"
|
||||
}
|
||||
|
||||
|
@ -49,27 +49,27 @@ main() {
|
|||
# Validate and prepare staging environment
|
||||
#
|
||||
prepare_and_validate() {
|
||||
clean
|
||||
mkdir -p $DEST_DIR$USR_DIR $DEST_DIR$ETC_DIR $DIST_BIN
|
||||
clean
|
||||
mkdir -p $DEST_DIR$USR_DIR $DEST_DIR$ETC_DIR $DIST_BIN
|
||||
|
||||
if [[ ! -d "$DEST_DIR$LIB_DIR" ]] || [[ ! -d $DEST_DIR$BIN_DIR ]]; then
|
||||
error_fatal "'$DEST_DIR': directory not found."
|
||||
fi
|
||||
if [[ ! -d "$DEST_DIR$LIB_DIR" ]] || [[ ! -d $DEST_DIR$BIN_DIR ]]; then
|
||||
error_fatal "'$DEST_DIR': directory not found."
|
||||
fi
|
||||
|
||||
if [[ ! -d "$DIST_SRC" ]]; then
|
||||
error_fatal "'$DIST_SRC': directory not found."
|
||||
fi
|
||||
error_fatal "'$DIST_SRC': directory not found."
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Clean build artifacts
|
||||
#
|
||||
clean() {
|
||||
if [[ -d "$DEST_DIR" ]]; then
|
||||
rm -r "$DEST_DIR"
|
||||
mkdir -p "$DEST_DIR"
|
||||
cleaned "container schema"
|
||||
fi
|
||||
if [[ -d "$DEST_DIR" ]]; then
|
||||
rm -r "$DEST_DIR"
|
||||
mkdir -p "$DEST_DIR"
|
||||
cleaned "container schema"
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -77,21 +77,21 @@ clean() {
|
|||
#
|
||||
create_archive() {
|
||||
cd $DEST_DIR
|
||||
tar acf ../bin/filesystem.tar.zst *
|
||||
tar acf ../bin/filesystem.tar.zst *
|
||||
}
|
||||
|
||||
#
|
||||
# Populate usr for container filesystem
|
||||
#
|
||||
populate_usr() {
|
||||
mkdir -p "${DEST_DIR}/usr/share/libalpm/hooks/" \
|
||||
"${DEST_DIR}/usr/share/libalpm/scripts/" \
|
||||
"${DEST_DIR}/usr/local/bin" \
|
||||
"${DEST_DIR}/usr/lib/"
|
||||
mkdir -p "${DEST_DIR}/usr/share/libalpm/hooks/" \
|
||||
"${DEST_DIR}/usr/share/libalpm/scripts/" \
|
||||
"${DEST_DIR}/usr/local/bin" \
|
||||
"${DEST_DIR}/usr/lib/"
|
||||
|
||||
|
||||
ln -s /usr/lib/flatpak-xdg-utils/xdg-open "${DEST_DIR}/usr/local/bin/"
|
||||
ln -s /usr/lib/flatpak-xdg-utils/xdg-email "${DEST_DIR}/usr/local/bin/"
|
||||
ln -s /usr/lib/flatpak-xdg-utils/xdg-open "${DEST_DIR}/usr/local/bin/"
|
||||
ln -s /usr/lib/flatpak-xdg-utils/xdg-email "${DEST_DIR}/usr/local/bin/"
|
||||
|
||||
install -Dm 644 "$DIST_SRC/0-pacwrap-dist.hook" "${DEST_DIR}/usr/share/libalpm/hooks/0-pacwrap-dist.hook"
|
||||
install -Dm 644 "$DIST_SRC/1-pacwrap-dist.hook" "${DEST_DIR}/usr/share/libalpm/hooks/1-pacwrap-dist.hook"
|
||||
|
@ -106,25 +106,27 @@ populate_usr() {
|
|||
# Populate etc for container filesystem
|
||||
#
|
||||
populate_etc() {
|
||||
local pacman_hooks=('20-systemd-sysusers'
|
||||
'30-systemd-tmpfiles'
|
||||
'30-systemd-daemon-reload-system'
|
||||
'30-systemd-daemon-reload-user'
|
||||
'30-systemd-sysctl'
|
||||
'30-systemd-catalog'
|
||||
'30-systemd-update'
|
||||
'30-systemd-udev-reload'
|
||||
'30-systemd-hwdb'
|
||||
'dbus-reload')
|
||||
|
||||
# Systemd cannot be started securely in an unprivileged namespace, therefore
|
||||
# disable unnecessary systemd hooks in order to speed up transaction times.
|
||||
mkdir -p "${DEST_DIR}/etc/pacman.d/hooks/" "${DEST_DIR}/usr/local/bin/"
|
||||
for pacman_hook in ${pacman_hooks[@]}; do
|
||||
ln -s /dev/null "${DEST_DIR}/etc/pacman.d/hooks/${pacman_hook}.hook"; done
|
||||
local pacman_hooks=('20-systemd-sysusers'
|
||||
'30-systemd-tmpfiles'
|
||||
'30-systemd-daemon-reload-system'
|
||||
'30-systemd-daemon-reload-user'
|
||||
'30-systemd-sysctl'
|
||||
'30-systemd-catalog'
|
||||
'30-systemd-update'
|
||||
'30-systemd-udev-reload'
|
||||
'30-systemd-hwdb'
|
||||
'dbus-reload')
|
||||
|
||||
# Provide our own /etc/bash.bashrc
|
||||
cp "$DIST_SRC/bash.bashrc" "$DEST_DIR$ETC_DIR"
|
||||
# Systemd cannot be started securely in an unprivileged namespace, therefore
|
||||
# disable unnecessary systemd hooks in order to speed up transaction times.
|
||||
mkdir -p "${DEST_DIR}/etc/pacman.d/hooks/" "${DEST_DIR}/usr/local/bin/"
|
||||
for pacman_hook in ${pacman_hooks[@]}; do
|
||||
ln -s /dev/null "${DEST_DIR}/etc/pacman.d/hooks/${pacman_hook}.hook"; done
|
||||
|
||||
# Provide our own /etc/bash.bashrc
|
||||
cp "$DIST_SRC/bash.bashrc" "$DEST_DIR$ETC_DIR"
|
||||
}
|
||||
|
||||
main $@
|
||||
|
||||
# vim:set ts=4 sw=4 et:1
|
||||
|
|
Loading…
Reference in a new issue