diff --git a/dist/src/bash.bashrc b/dist/src/bash.bashrc
index a787cea..b07e026 100644
--- a/dist/src/bash.bashrc
+++ b/dist/src/bash.bashrc
@@ -10,15 +10,17 @@
PS1='$USER \W>\$ '
case ${TERM} in
- xterm*|rxvt*|Eterm|aterm|kterm|gnome*|alacritty*)
- PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
+ xterm*|rxvt*|Eterm|aterm|kterm|gnome*|alacritty*)
+ PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
- ;;
- screen*)
- PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
- ;;
+ ;;
+ screen*)
+ PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
+ ;;
esac
[ -r /usr/share/bash-completion/bash_completion ] && . /usr/share/bash-completion/bash_completion
[[ $FAKECHROOT ]] && cd $HOME
+
+# vim:set ts=4 sw=4 et:1
diff --git a/dist/src/pacwrap-dist b/dist/src/pacwrap-dist
index cd7ac66..e9be477 100755
--- a/dist/src/pacwrap-dist
+++ b/dist/src/pacwrap-dist
@@ -18,50 +18,50 @@
# along with this program. If not, see .
user() {
- local uid=$PACWRAP_REAL_UID
- local gid=$PACWRAP_REAL_GID
+ local uid=$PACWRAP_REAL_UID
+ local gid=$PACWRAP_REAL_GID
- if [[ "$(cat /etc/passwd | grep $uid:$gid)" ]]; then
- return
- fi
+ if [[ "$(cat /etc/passwd | grep $uid:$gid)" ]]; then
+ return
+ fi
- echo "Creating dummy user.."
- echo "user:x:$uid:$gid::/:/usr/bin/nologin" >> /etc/passwd
- echo "user:x:$gid:" >> /etc/group
+ echo "Creating dummy user.."
+ echo "user:x:$uid:$gid::/:/usr/bin/nologin" >> /etc/passwd
+ echo "user:x:$gid:" >> /etc/group
}
locale() {
- if [[ -f "/etc/locale.conf" ]]; then
- return
- fi
+ if [[ -f "/etc/locale.conf" ]]; then
+ return
+ fi
- echo "Initializing locales.."
-
- if [[ $LANG == "en_US.UTF-8" ]] || [[ -z "$LANG" ]]; then
- echo -e "\nen_US.UTF-8 UTF-8" >> /etc/locale.gen
- else
- echo -e "\nen_US.UTF-8 UTF-8\n$LANG ${LANG#*.}" >> /etc/locale.gen
- fi
+ echo "Initializing locales.."
- echo "LANG=$LANG" > /etc/locale.conf
- locale-gen
+ if [[ $LANG == "en_US.UTF-8" ]] || [[ -z "$LANG" ]]; then
+ echo -e "\nen_US.UTF-8 UTF-8" >> /etc/locale.gen
+ else
+ echo -e "\nen_US.UTF-8 UTF-8\n$LANG ${LANG#*.}" >> /etc/locale.gen
+ fi
+
+ echo "LANG=$LANG" > /etc/locale.conf
+ locale-gen
}
timezone() {
- if [[ -f "/etc/localtime" ]]; then
- return
- fi
+ if [[ -f "/etc/localtime" ]]; then
+ return
+ fi
echo "Setting localtime to UTC..."
ln -s ../usr/share/zoneinfo/UCT /etc/localtime
}
dist() {
- locale
- timezone
- user
- echo "Distribution configuration completed."
+ locale
+ timezone
+ user
+ echo "Distribution configuration completed."
}
pacman() {
@@ -74,18 +74,20 @@ pacman() {
}
cert_store() {
- chmod -R 755 /usr/share/ca-certificates /etc/ca-certificates
-
- if [[ $? == 0 ]]; then
- echo "Applied permissions to certificate stores successfully."
- else
- echo "Error occurred whilst applying permissions to certificate stores."
- fi
+ chmod -R 755 /usr/share/ca-certificates /etc/ca-certificates
+
+ if [[ $? == 0 ]]; then
+ echo "Applied permissions to certificate stores successfully."
+ else
+ echo "Error occurred whilst applying permissions to certificate stores."
+ fi
}
case $1 in
- cert-store) cert_store;;
- config) dist;;
+ cert-store) cert_store;;
+ config) dist;;
pacman) pacman;;
- *) echo "error: Hook parameter '$1' not found.";;
+ *) echo "error: Hook parameter '$1' not found.";;
esac
+
+# vim:set ts=4 sw=4 et:1
diff --git a/dist/src/pacwrap-key b/dist/src/pacwrap-key
index 803685d..97163fa 100755
--- a/dist/src/pacwrap-key
+++ b/dist/src/pacwrap-key
@@ -88,46 +88,46 @@ parse_params() {
local count=0
while (( $# )); do case $1 in
- --nocolor) count=0; USE_COLOR='n'; shift; continue;;
- --verbose) count=0; VERBOSE=1; shift; continue;;
- --keyserver) shift; count=0 KEYSERVER=$1; shift; continue;;
- --import) SWITCH="iDB";;
- --import-trustdb) SWITCH="itDB" ;;
- --init) SWITCH="init";;
- --list-sigs) SWITCH="ls";;
- --lsign-key) SWITCH="lskDB";;
- --populate) SWITCH+="pkDB";;
- --edit-key) SWITCH="e";;
- --refresh-keys) SWITCH="uk";;
- -u|--updatedb) SWITCH+="DB";;
- -a|--add) SWITCH="aDB";;
- -d|--delete) SWITCH="dDB";;
- -e|--export) SWITCH="EDB";;
- -f|--finger) SWITCH="f";;
- -l|--list-keys) SWITCH="lk";;
- -r|--recv-keys) SWITCH="rkDB";;
- -v|--verify) SWITCH="v";;
- -h|--help*) SWITCH="h";;
- -V|--version) SWITCH="V";;
- -*) invalid_option $1;;
- *) TARGETS+=($1); shift; continue;
- esac
+ --nocolor) count=0; USE_COLOR='n'; shift; continue;;
+ --verbose) count=0; VERBOSE=1; shift; continue;;
+ --keyserver) shift; count=0 KEYSERVER=$1; shift; continue;;
+ --import) SWITCH="iDB";;
+ --import-trustdb) SWITCH="itDB" ;;
+ --init) SWITCH="init";;
+ --list-sigs) SWITCH="ls";;
+ --lsign-key) SWITCH="lskDB";;
+ --populate) SWITCH+="pkDB";;
+ --edit-key) SWITCH="e";;
+ --refresh-keys) SWITCH="uk";;
+ -u|--updatedb) SWITCH+="DB";;
+ -a|--add) SWITCH="aDB";;
+ -d|--delete) SWITCH="dDB";;
+ -e|--export) SWITCH="EDB";;
+ -f|--finger) SWITCH="f";;
+ -l|--list-keys) SWITCH="lk";;
+ -r|--recv-keys) SWITCH="rkDB";;
+ -v|--verify) SWITCH="v";;
+ -h|--help*) SWITCH="h";;
+ -V|--version) SWITCH="V";;
+ -*) invalid_option $1;;
+ *) TARGETS+=($1); shift; continue;
+ esac
- if [[ $count > 0 ]]; then
- invalid_option $1
- fi
+ if [[ $count > 0 ]]; then
+ invalid_option $1
+ fi
- pos+=1; count+=1
- shift; done
+ pos+=1; count+=1
+ shift; done
}
invalid_option() {
colorize
if [[ -z $@ ]]; then
- error "$(gettext "Operation not specified")"
+ error "$(gettext "Operation not specified")"
else
- error "$(gettext "Invalid option '%s'")" "$@"
+ error "$(gettext "Invalid option '%s'")" "$@"
fi
echo "$(gettext "Try 'pacwrap-key -h' for more information on valid operational parameters.")"
@@ -136,7 +136,7 @@ invalid_option() {
man_key() {
-cat << _USAGE
+ cat << _USAGE
${HEADER}NAME$HEADER_RESET
${TAB}pacwrap-key
@@ -254,11 +254,11 @@ colorize() {
if [[ ! -z $COLORTERM ]] && [[ $TERM != "dummy" ]] && [[ $USE_COLOR != 'n' ]] && [[ -t 1 ]]; then
RESET="�[0m"
- BOLD="�[1m"
- BLUE="${BOLD}�[1;36m"
- GREEN="${BOLD}�[1;32m"
- RED="${BOLD}�[1;31m"
- YELLOW="${BOLD}�[33m"
+ BOLD="�[1m"
+ BLUE="${BOLD}�[1;36m"
+ GREEN="${BOLD}�[1;32m"
+ RED="${BOLD}�[1;31m"
+ YELLOW="${BOLD}�[33m"
fi
HEADER=$BOLD
@@ -275,35 +275,35 @@ colorize() {
}
msg() {
- (( QUIET )) && return
- local mesg=$1; shift
- printf "${GREEN}->${RESET}${BOLD} ${mesg}${RESET}\n" "$@"
+ (( QUIET )) && return
+ local mesg=$1; shift
+ printf "${GREEN}->${RESET}${BOLD} ${mesg}${RESET}\n" "$@"
}
msg2() {
- (( QUIET )) && return
- local mesg=$1; shift
- printf "${GREEN} ✓ ${RESET}${mesg}\n" "$@"
+ (( QUIET )) && return
+ local mesg=$1; shift
+ printf "${GREEN} ✓ ${RESET}${mesg}\n" "$@"
}
ask() {
- local mesg=$1; shift
- printf "${BLUE}::${RESET}${BOLD} ${mesg}${RESET}" "$@"
+ local mesg=$1; shift
+ printf "${BLUE}::${RESET}${BOLD} ${mesg}${RESET}" "$@"
}
warning() {
- local mesg=$1; shift
- printf "${YELLOW}$(gettext "warning:")${RESET} ${mesg}\n" "$@" >&2
+ local mesg=$1; shift
+ printf "${YELLOW}$(gettext "warning:")${RESET} ${mesg}\n" "$@" >&2
}
error() {
- local mesg=$1; shift
- printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
+ local mesg=$1; shift
+ printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
}
error_fatal() {
- local mesg=$1; shift
- printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
+ local mesg=$1; shift
+ printf "${RED}$(gettext "error:")${RESET} ${mesg}\n" "$@" >&2
exit 1
}
@@ -325,38 +325,38 @@ This program may be freely redstributed under the
terms of the GNU General Public License V3 only.
ENDOF
- exit 0
+exit 0
}
key_lookup_from_name() {
- local ids
+ local ids
- mapfile -t ids < \
- <("${GPG_PACWRAP[@]}" --search-keys --batch --with-colons "$1" 2>/dev/null |
- awk -F: '$1 == "pub" { print $2 }')
+ mapfile -t ids < \
+ <("${GPG_PACWRAP[@]}" --search-keys --batch --with-colons "$1" 2>/dev/null |
+ awk -F: '$1 == "pub" { print $2 }')
- # only return success on non-ambiguous lookup
- case ${#ids[*]} in
- 0)
- error "$(gettext "Failed to lookup key by name:") %s" "$name"
- return 1
- ;;
- 1)
- printf '%s' "${ids[0]}"
- return 0
- ;;
- *)
- error "$(gettext "Key name is ambiguous:") %s" "$name"
- return 1
- ;;
- esac
+ # only return success on non-ambiguous lookup
+ case ${#ids[*]} in
+ 0)
+ error "$(gettext "Failed to lookup key by name:") %s" "$name"
+ return 1
+ ;;
+ 1)
+ printf '%s' "${ids[0]}"
+ return 0
+ ;;
+ *)
+ error "$(gettext "Key name is ambiguous:") %s" "$name"
+ return 1
+ ;;
+ esac
}
generate_master_key() {
- # Generate the master key, which will be in both pubring and secring
- msg "$(gettext "Generating pacwrap master key...")"
+ # Generate the master key, which will be in both pubring and secring
+ msg "$(gettext "Generating pacwrap master key...")"
- "${GPG_PACWRAP[@]}" --gen-key --batch </dev/null; then
- printf '%s\n' "$*" >> "$conffile"
- fi
+ local conffile=$1; shift
+ # looking for the option 'bare', only leading spaces or # chars allowed,
+ # followed by at least one space and any other text or the end of line.
+ if ! grep -q "^[[:space:]#]*$*\([[:space:]].*\)*$" "$conffile" &>/dev/null; then
+ printf '%s\n' "$*" >> "$conffile"
+ fi
}
check_keyids_exist() {
- local ret=0
- for key in "$@"; do
- # Verify if the key exists in pacman's keyring
- if ! "${GPG_PACWRAP[@]}" --list-keys "$key" &>/dev/null ; then
- error "$(gettext "The key identified by %s could not be found locally.")" "$key"
- ret=1
- fi
- done
- if (( ret )); then
- exit 1
- fi
+ local ret=0
+ for key in "$@"; do
+ # Verify if the key exists in pacman's keyring
+ if ! "${GPG_PACWRAP[@]}" --list-keys "$key" &>/dev/null ; then
+ error "$(gettext "The key identified by %s could not be found locally.")" "$key"
+ ret=1
+ fi
+ done
+ if (( ret )); then
+ exit 1
+ fi
}
key_is_lsigned() {
- secret_key=$("${GPG_PACWRAP[@]}" --with-colons --list-secret-key --quiet | awk -F : 'NR==1 {print $5}')
- while IFS=: read -r type valid _ _ sign_key _; do
- if [[ $type != "sig" || $valid != "!" ]]; then
- continue
- fi
- if [[ "$sign_key" == "$secret_key" ]]; then
- return 0
- fi
- done < <("${GPG_PACWRAP[@]}" --with-colons --check-signatures --quiet "$1")
- return 1
+ secret_key=$("${GPG_PACWRAP[@]}" --with-colons --list-secret-key --quiet | awk -F : 'NR==1 {print $5}')
+ while IFS=: read -r type valid _ _ sign_key _; do
+ if [[ $type != "sig" || $valid != "!" ]]; then
+ continue
+ fi
+ if [[ "$sign_key" == "$secret_key" ]]; then
+ return 0
+ fi
+ done < <("${GPG_PACWRAP[@]}" --with-colons --check-signatures --quiet "$1")
+ return 1
}
key_is_revoked() {
- while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
- if [[ $type != "pub" ]]; then
- continue
- fi
- if [[ $flags == *"D"* ]]; then
- return 0
- fi
- done < <("${GPG_PACWRAP[@]}" --with-colons --list-key --quiet "$1")
- return 1
+ while IFS=: read -r type _ _ _ _ _ _ _ _ _ _ flags _; do
+ if [[ $type != "pub" ]]; then
+ continue
+ fi
+ if [[ $flags == *"D"* ]]; then
+ return 0
+ fi
+ done < <("${GPG_PACWRAP[@]}" --with-colons --list-key --quiet "$1")
+ return 1
}
initialize() {
- local conffile keyserv
- # Check for simple existence rather than for a directory as someone
- # may want to use a symlink here
- [[ -e ${PACWRAP_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
+ local conffile keyserv
+ # Check for simple existence rather than for a directory as someone
+ # may want to use a symlink here
+ [[ -e ${PACWRAP_KEYRING_DIR} ]] || mkdir -p -m 755 "${PACMAN_KEYRING_DIR}"
- # keyring files
- [[ -f ${PACWRAP_KEYRING_DIR}/pubring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/pubring.gpg
- [[ -f ${PACWRAP_KEYRING_DIR}/secring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/secring.gpg
- [[ -f ${PACWRAP_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACWRAP[@]}" --update-trustdb
- chmod 644 ${PACWRAP_KEYRING_DIR}/{pubring,trustdb}.gpg
- chmod 600 ${PACWRAP_KEYRING_DIR}/secring.gpg
+ # keyring files
+ [[ -f ${PACWRAP_KEYRING_DIR}/pubring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/pubring.gpg
+ [[ -f ${PACWRAP_KEYRING_DIR}/secring.gpg ]] || touch ${PACWRAP_KEYRING_DIR}/secring.gpg
+ [[ -f ${PACWRAP_KEYRING_DIR}/trustdb.gpg ]] || "${GPG_PACWRAP[@]}" --update-trustdb
+ chmod 644 ${PACWRAP_KEYRING_DIR}/{pubring,trustdb}.gpg
+ chmod 600 ${PACWRAP_KEYRING_DIR}/secring.gpg
- # gpg.conf
- conffile="${PACWRAP_KEYRING_DIR}/gpg.conf"
- [[ -f $conffile ]] || touch "$conffile"
- chmod 644 "$conffile"
- add_gpg_conf_option "$conffile" 'no-greeting'
- add_gpg_conf_option "$conffile" 'no-permission-warning'
- add_gpg_conf_option "$conffile" 'lock-never'
- add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
- add_gpg_conf_option "$conffile" 'keyserver-options' 'import-clean'
+ # gpg.conf
+ conffile="${PACWRAP_KEYRING_DIR}/gpg.conf"
+ [[ -f $conffile ]] || touch "$conffile"
+ chmod 644 "$conffile"
+ add_gpg_conf_option "$conffile" 'no-greeting'
+ add_gpg_conf_option "$conffile" 'no-permission-warning'
+ add_gpg_conf_option "$conffile" 'lock-never'
+ add_gpg_conf_option "$conffile" 'keyserver-options' 'timeout=10'
+ add_gpg_conf_option "$conffile" 'keyserver-options' 'import-clean'
- local gpg_ver=$(gpg --version | awk '{print $3; exit}')
- if (( $(vercmp "$gpg_ver" 2.2.17) >= 0 )); then
- add_gpg_conf_option "$conffile" 'keyserver-options' 'no-self-sigs-only'
- fi
+ local gpg_ver=$(gpg --version | awk '{print $3; exit}')
+ if (( $(vercmp "$gpg_ver" 2.2.17) >= 0 )); then
+ add_gpg_conf_option "$conffile" 'keyserver-options' 'no-self-sigs-only'
+ fi
- # gpg-agent.conf
- agent_conffile="${PACWRAP_KEYRING_DIR}/gpg-agent.conf"
- [[ -f $agent_conffile ]] || touch "$agent_conffile"
- chmod 644 "$agent_conffile"
- add_gpg_conf_option "$agent_conffile" 'disable-scdaemon'
+ # gpg-agent.conf
+ agent_conffile="${PACWRAP_KEYRING_DIR}/gpg-agent.conf"
+ [[ -f $agent_conffile ]] || touch "$agent_conffile"
+ chmod 644 "$agent_conffile"
+ add_gpg_conf_option "$agent_conffile" 'disable-scdaemon'
- # set up a private signing key (if none available)
- if [[ $(secret_keys_available) -lt 1 ]]; then
- generate_master_key
- UPDATEDB=1
- fi
+ # set up a private signing key (if none available)
+ if [[ $(secret_keys_available) -lt 1 ]]; then
+ generate_master_key
+ UPDATEDB=1
+ fi
}
populate_keyring() {
- local KEYRING_IMPORT_DIR='/usr/share/pacman/keyrings'
+ local KEYRING_IMPORT_DIR='/usr/share/pacman/keyrings'
- local keyring KEYRINGIDS=("$@")
- local ret=0
- if (( ${#KEYRINGIDS[*]} == 0 )); then
- # get list of all available keyrings
- shopt -s nullglob
- KEYRINGIDS=("$KEYRING_IMPORT_DIR"/*.gpg)
- shopt -u nullglob
- KEYRINGIDS=("${KEYRINGIDS[@]##*/}")
- KEYRINGIDS=("${KEYRINGIDS[@]%.gpg}")
- if (( ${#KEYRINGIDS[*]} == 0 )); then
- error "$(gettext "No keyring files exist in %s.")" "$KEYRING_IMPORT_DIR"
- ret=1
- fi
- else
- # verify listed keyrings exist
- for keyring in "${KEYRINGIDS[@]}"; do
- if [[ ! -f "$KEYRING_IMPORT_DIR/$keyring.gpg" ]]; then
- error "$(gettext "The keyring file %s does not exist.")" "$KEYRING_IMPORT_DIR/$keyring.gpg"
- ret=1
- fi
- done
- fi
+ local keyring KEYRINGIDS=("$@")
+ local ret=0
+ if (( ${#KEYRINGIDS[*]} == 0 )); then
+ # get list of all available keyrings
+ shopt -s nullglob
+ KEYRINGIDS=("$KEYRING_IMPORT_DIR"/*.gpg)
+ shopt -u nullglob
+ KEYRINGIDS=("${KEYRINGIDS[@]##*/}")
+ KEYRINGIDS=("${KEYRINGIDS[@]%.gpg}")
+ if (( ${#KEYRINGIDS[*]} == 0 )); then
+ error "$(gettext "No keyring files exist in %s.")" "$KEYRING_IMPORT_DIR"
+ ret=1
+ fi
+ else
+ # verify listed keyrings exist
+ for keyring in "${KEYRINGIDS[@]}"; do
+ if [[ ! -f "$KEYRING_IMPORT_DIR/$keyring.gpg" ]]; then
+ error "$(gettext "The keyring file %s does not exist.")" "$KEYRING_IMPORT_DIR/$keyring.gpg"
+ ret=1
+ fi
+ done
+ fi
- if (( ret )); then
- exit 1
- fi
+ if (( ret )); then
+ exit 1
+ fi
- # Variable used for iterating on keyrings
- local keys key_id
+ # Variable used for iterating on keyrings
+ local keys key_id
- # Add keys from requested keyrings
- for keyring in "${KEYRINGIDS[@]}"; do
- msg "$(gettext "Appending keys from %s.gpg...")" "$keyring"
- "${GPG_PACWRAP[@]}" --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
- done
+ # Add keys from requested keyrings
+ for keyring in "${KEYRINGIDS[@]}"; do
+ msg "$(gettext "Appending keys from %s.gpg...")" "$keyring"
+ "${GPG_PACWRAP[@]}" --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
+ done
- # Read the trusted key IDs to an array. Because this is an ownertrust
- # file, we know we have the full 40 hex digit fingerprint values.
- # Format of ownertrust dump file:
- # 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:6:
- # 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5:
- local -A trusted_ids
- for keyring in "${KEYRINGIDS[@]}"; do
- if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
- while IFS=: read key_id _; do
- # skip blank lines, comments; these are valid in this file
- [[ -z $key_id || ${key_id:0:1} = \# ]] && continue
+ # Read the trusted key IDs to an array. Because this is an ownertrust
+ # file, we know we have the full 40 hex digit fingerprint values.
+ # Format of ownertrust dump file:
+ # 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:6:
+ # 40CHARFINGERPRINTXXXXXXXXXXXXXXXXXXXXXXX:5:
+ local -A trusted_ids
+ for keyring in "${KEYRINGIDS[@]}"; do
+ if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
+ while IFS=: read key_id _; do
+ # skip blank lines, comments; these are valid in this file
+ [[ -z $key_id || ${key_id:0:1} = \# ]] && continue
- if key_is_lsigned "$key_id" ; then
- continue
- fi
+ if key_is_lsigned "$key_id" ; then
+ continue
+ fi
- # Mark this key to be lsigned
- trusted_ids[$key_id]=$keyring
- done < "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
- fi
- done
+ # Mark this key to be lsigned
+ trusted_ids[$key_id]=$keyring
+ done < "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
+ fi
+ done
- local -A revoked_ids
- for keyring in "${KEYRINGIDS[@]}"; do
- if [[ -s $KEYRING_IMPORT_DIR/$keyring-revoked ]]; then
- while read -r key_id; do
- if key_is_revoked "$key_id" ; then
- continue
- fi
+ local -A revoked_ids
+ for keyring in "${KEYRINGIDS[@]}"; do
+ if [[ -s $KEYRING_IMPORT_DIR/$keyring-revoked ]]; then
+ while read -r key_id; do
+ if key_is_revoked "$key_id" ; then
+ continue
+ fi
- revoked_ids["$key_id"]=1
- done <"$KEYRING_IMPORT_DIR/$keyring-revoked"
- fi
- done
+ revoked_ids["$key_id"]=1
+ done <"$KEYRING_IMPORT_DIR/$keyring-revoked"
+ fi
+ done
- if (( ${#trusted_ids[@]} > 0 )); then
- msg "$(gettext "Locally signing trusted keys in keyring...")"
- lsign_keys "${!trusted_ids[@]}"
- msg "$(gettext "Importing owner trust values...")"
- for keyring in "${KEYRINGIDS[@]}"; do
- if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
- "${GPG_PACWRAP[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
- fi
- done
- fi
+ if (( ${#trusted_ids[@]} > 0 )); then
+ msg "$(gettext "Locally signing trusted keys in keyring...")"
+ lsign_keys "${!trusted_ids[@]}"
+ msg "$(gettext "Importing owner trust values...")"
+ for keyring in "${KEYRINGIDS[@]}"; do
+ if [[ -s "${KEYRING_IMPORT_DIR}/${keyring}-trusted" ]]; then
+ "${GPG_PACWRAP[@]}" --import-ownertrust "${KEYRING_IMPORT_DIR}/${keyring}-trusted"
+ fi
+ done
+ fi
- if (( ${#revoked_ids[@]} > 0 )); then
- local key_count=0
- msg "$(gettext "Disabling revoked keys in keyring...")"
- for key_id in "${!revoked_ids[@]}"; do
- if (( VERBOSE )); then
- msg2 "$(gettext "Disabling key %s...")" "${key_id}"
- fi
- printf 'disable\nquit\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --no-auto-check-trustdb --quiet --batch --edit-key "${key_id}" 2>/dev/null
- key_count=$((key_count+1))
- done
- if (( key_count )); then
- msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
- fi
- fi
+ if (( ${#revoked_ids[@]} > 0 )); then
+ local key_count=0
+ msg "$(gettext "Disabling revoked keys in keyring...")"
+ for key_id in "${!revoked_ids[@]}"; do
+ if (( VERBOSE )); then
+ msg2 "$(gettext "Disabling key %s...")" "${key_id}"
+ fi
+ printf 'disable\nquit\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --no-auto-check-trustdb --quiet --batch --edit-key "${key_id}" 2>/dev/null
+ key_count=$((key_count+1))
+ done
+ if (( key_count )); then
+ msg2 "$(gettext "Disabled %s keys.")" "${key_count}"
+ fi
+ fi
}
add_keys() {
- if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "$@" ; then
- error_fatal "$(gettext "A specified keyfile could not be added to the keyring.")"
- fi
+ if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "$@" ; then
+ error_fatal "$(gettext "A specified keyfile could not be added to the keyring.")"
+ fi
}
delete_keys() {
- check_keyids_exist "$@"
- if ! "${GPG_PACWRAP[@]}" --quiet --batch --delete-key --yes "$@" ; then
- error_fatal "$(gettext "A specified key could not be removed from the keyring.")"
- fi
+ check_keyids_exist "$@"
+ if ! "${GPG_PACWRAP[@]}" --quiet --batch --delete-key --yes "$@" ; then
+ error_fatal "$(gettext "A specified key could not be removed from the keyring.")"
+ fi
}
edit_keys() {
- check_keyids_exist "$@"
- local ret=0
- for key in "$@"; do
- if ! "${GPG_PACWRAP[@]}" --edit-key "$key" ; then
- error "$(gettext "The key identified by %s could not be edited.")" "$key"
- ret=1
- fi
- done
- if (( ret )); then
- exit 1
- fi
+ check_keyids_exist "$@"
+ local ret=0
+ for key in "$@"; do
+ if ! "${GPG_PACWRAP[@]}" --edit-key "$key" ; then
+ error "$(gettext "The key identified by %s could not be edited.")" "$key"
+ ret=1
+ fi
+ done
+ if (( ret )); then
+ exit 1
+ fi
}
export_keys() {
- check_keyids_exist "$@"
- if ! "${GPG_PACWRAP[@]}" --armor --export "$@" ; then
- error_fatal "$(gettext "A specified key could not be exported from the keyring.")"
- fi
+ check_keyids_exist "$@"
+ if ! "${GPG_PACWRAP[@]}" --armor --export "$@" ; then
+ error_fatal "$(gettext "A specified key could not be exported from the keyring.")"
+ fi
}
finger_keys() {
- check_keyids_exist
- if ! "${GPG_PACWRAP[@]}" --batch --fingerprint "$@" ; then
- error_fatal "$(gettext "The fingerprint of a specified key could not be determined.")"
- fi
+ check_keyids_exist
+ if ! "${GPG_PACWRAP[@]}" --batch --fingerprint "$@" ; then
+ error_fatal "$(gettext "The fingerprint of a specified key could not be determined.")"
+ fi
}
import_trustdb() {
- local importdir
- local ret=0
- for importdir in "$@"; do
+ local importdir
+ local ret=0
+ for importdir in "$@"; do
if [[ -f "${importdir}/trustdb.gpg" ]]; then
- gpg --homedir "${importdir}" --export-ownertrust | \
- "${GPG_PACWRAP[@]}" --import-ownertrust -
- if (( PIPESTATUS )); then
- error "$(gettext "%s could not be imported.")" "${importdir}/trustdb.gpg"
- ret=1
- fi
- else
- error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/trustdb.gpg"
- ret=1
- fi
- done
- if (( ret )); then
- exit 1
- fi
+ gpg --homedir "${importdir}" --export-ownertrust | \
+ "${GPG_PACWRAP[@]}" --import-ownertrust -
+ if (( PIPESTATUS )); then
+ error "$(gettext "%s could not be imported.")" "${importdir}/trustdb.gpg"
+ ret=1
+ fi
+ else
+ error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/trustdb.gpg"
+ ret=1
+ fi
+ done
+ if (( ret )); then
+ exit 1
+ fi
}
import() {
- local importdir
- local ret=0
- for importdir in "$@"; do
- if [[ -f "${importdir}/pubring.gpg" ]]; then
- if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "${importdir}/pubring.gpg" ; then
- error "$(gettext "%s could not be imported.")" "${importdir}/pubring.gpg"
- ret=1
- fi
- else
- error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/pubring.gpg"
- ret=1
- fi
- done
- if (( ret )); then
- exit 1
- fi
+ local importdir
+ local ret=0
+ for importdir in "$@"; do
+ if [[ -f "${importdir}/pubring.gpg" ]]; then
+ if ! "${GPG_PACWRAP[@]}" --quiet --batch --import "${importdir}/pubring.gpg" ; then
+ error "$(gettext "%s could not be imported.")" "${importdir}/pubring.gpg"
+ ret=1
+ fi
+ else
+ error "$(gettext "File %s does not exist and could not be imported.")" "${importdir}/pubring.gpg"
+ ret=1
+ fi
+ done
+ if (( ret )); then
+ exit 1
+ fi
}
list_keys() {
- check_keyids_exist
- if ! "${GPG_PACWRAP[@]}" --batch --list-keys "$@" ; then
- error_fatal "$(gettext "A specified key could not be listed.")"
- fi
+ check_keyids_exist
+ if ! "${GPG_PACWRAP[@]}" --batch --list-keys "$@" ; then
+ error_fatal "$(gettext "A specified key could not be listed.")"
+ fi
}
list_sigs() {
- check_keyids_exist
- if ! "${GPG_PACWRAP[@]}" --batch --list-sigs "$@" ; then
- error_fatal "$(gettext "A specified signature could not be listed.")"
- fi
+ check_keyids_exist
+ if ! "${GPG_PACWRAP[@]}" --batch --list-sigs "$@" ; then
+ error_fatal "$(gettext "A specified signature could not be listed.")"
+ fi
}
lsign_keys() {
- check_keyids_exist
+ check_keyids_exist
- local ret=0
- local key_count=0
- for key_id in "$@"; do
- if (( VERBOSE )); then
- msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
- fi
- # we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid
- printf 'y\ny\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null
- if (( PIPESTATUS[1] )); then
- error "$(gettext "%s could not be locally signed.")" "${key_id}"
- ret=1
- fi
- key_count=$((key_count+1))
- done
+ local ret=0
+ local key_count=0
+ for key_id in "$@"; do
+ if (( VERBOSE )); then
+ msg2 "$(gettext "Locally signing key %s...")" "${key_id}"
+ fi
+ # we cannot use --yes here as gpg would still ask for confirmation if a key has more than one uid
+ printf 'y\ny\n' | LANG=C "${GPG_PACWRAP[@]}" --command-fd 0 --quiet --batch --lsign-key "${key_id}" 2>/dev/null
+ if (( PIPESTATUS[1] )); then
+ error "$(gettext "%s could not be locally signed.")" "${key_id}"
+ ret=1
+ fi
+ key_count=$((key_count+1))
+ done
- if (( ret )); then
- exit 1
- fi
- if (( key_count )); then
- msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
- fi
+ if (( ret )); then
+ exit 1
+ fi
+ if (( key_count )); then
+ msg2 "$(gettext "Locally signed %s keys.")" "${key_count}"
+ fi
}
receive_keys() {
- local ret=0 name id keyids emails
+ local ret=0 name id keyids emails
- # if the key is not a hex ID, do a lookup
- for name; do
- if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then
- keyids+=("$name")
- elif [[ $name = *@*.* ]]; then
- emails+=("$name")
- elif id=$(key_lookup_from_name "$name"); then
- keyids+=("$id")
- fi
- done
+ # if the key is not a hex ID, do a lookup
+ for name; do
+ if [[ $name = ?(0x)+([0-9a-fA-F]) ]]; then
+ keyids+=("$name")
+ elif [[ $name = *@*.* ]]; then
+ emails+=("$name")
+ elif id=$(key_lookup_from_name "$name"); then
+ keyids+=("$id")
+ fi
+ done
- (( ${#keyids[*]}+${#emails[*]} > 0 )) || exit 1
+ (( ${#keyids[*]}+${#emails[*]} > 0 )) || exit 1
- if (( ${#emails[*]} > 0 )) && \
- ! "${GPG_PACWRAP[@]}" --auto-key-locate clear,nodefault,wkd,keyserver \
- --locate-key "${emails[@]}" ; then
- error "$(gettext "Remote key not fetched correctly from WKD or keyserver.")"
- ret=1
- fi
+ if (( ${#emails[*]} > 0 )) && \
+ ! "${GPG_PACWRAP[@]}" --auto-key-locate clear,nodefault,wkd,keyserver \
+ --locate-key "${emails[@]}" ; then
+ error "$(gettext "Remote key not fetched correctly from WKD or keyserver.")"
+ ret=1
+ fi
- if (( ${#keyids[*]} > 0 )) && ! "${GPG_PACWRAP[@]}" --recv-keys "${keyids[@]}" ; then
- error "$(gettext "Remote key not fetched correctly from keyserver.")"
- ret=1
- fi
+ if (( ${#keyids[*]} > 0 )) && ! "${GPG_PACWRAP[@]}" --recv-keys "${keyids[@]}" ; then
+ error "$(gettext "Remote key not fetched correctly from keyserver.")"
+ ret=1
+ fi
- exit $ret
+ exit $ret
}
check_keyring() {
@@ -727,83 +727,85 @@ check_keyring() {
}
refresh_keys() {
- local ret=0 ids masterkey emails
+ local ret=0 ids masterkey emails
- check_keyids_exist "$@"
+ check_keyids_exist "$@"
- # don't try to refresh the user's local masterkey
- masterkey="$("${GPG_PACWRAP[@]}" --list-keys --with-colons pacman@localhost |
- awk -F: '$1 == "pub" { print $5 }')"
+ # don't try to refresh the user's local masterkey
+ masterkey="$("${GPG_PACWRAP[@]}" --list-keys --with-colons pacman@localhost |
+ awk -F: '$1 == "pub" { print $5 }')"
- mapfile -t ids < \
- <("${GPG_PACWRAP[@]}" --list-keys --with-colons "$@" |
- awk -F: '$1 == "pub" { print $5 }' | grep -vx "$masterkey")
+ mapfile -t ids < \
+ <("${GPG_PACWRAP[@]}" --list-keys --with-colons "$@" |
+ awk -F: '$1 == "pub" { print $5 }' | grep -vx "$masterkey")
- for id in "${ids[@]}"; do
- mapfile -t emails < \
- <("${GPG_PACWRAP[@]}" --list-keys --list-options show-only-fpr-mbox "$id" |
- awk '{print $2 }')
+ for id in "${ids[@]}"; do
+ mapfile -t emails < \
+ <("${GPG_PACWRAP[@]}" --list-keys --list-options show-only-fpr-mbox "$id" |
+ awk '{print $2 }')
- # first try looking up the key in a WKD (only works by email address)
- for email in "${emails[@]}"; do
- "${GPG_PACWRAP[@]}" --locate-external-keys "$email" && break
- done
+ # first try looking up the key in a WKD (only works by email address)
+ for email in "${emails[@]}"; do
+ "${GPG_PACWRAP[@]}" --locate-external-keys "$email" && break
+ done
- # if no key was found, fall back to using the keyservers (with the key fingerprint instead)
- if (( $? )) && ! "${GPG_PACWRAP[@]}" --refresh-keys "$id"; then
- error "$(gettext "Could not update key: %s")" "$id"
- ret=1
- fi
- done
+ # if no key was found, fall back to using the keyservers (with the key fingerprint instead)
+ if (( $? )) && ! "${GPG_PACWRAP[@]}" --refresh-keys "$id"; then
+ error "$(gettext "Could not update key: %s")" "$id"
+ ret=1
+ fi
+ done
- exit $ret
+ exit $ret
}
verify_sig() {
- local ret=0 sig=$1 file=$2
- if [[ -z $file && -f ${sig%.*} ]]; then
- file=${sig%.*}
- fi
- if [[ -n $file ]]; then
- local files=("$sig" "$file")
- msg "Checking %s... (detached)" "$sig"
- else
- local files=("$sig")
- msg "Checking %s... (embedded)" "$sig"
- fi
- if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
- error_fatal "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
- fi
+ local ret=0 sig=$1 file=$2
+ if [[ -z $file && -f ${sig%.*} ]]; then
+ file=${sig%.*}
+ fi
+ if [[ -n $file ]]; then
+ local files=("$sig" "$file")
+ msg "Checking %s... (detached)" "$sig"
+ else
+ local files=("$sig")
+ msg "Checking %s... (embedded)" "$sig"
+ fi
+ if grep -q 'BEGIN PGP SIGNATURE' "$sig"; then
+ error_fatal "$(gettext "Cannot use armored signatures for packages: %s")" "$sig"
+ fi
- "${GPG_PACWRAP[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'
+ "${GPG_PACWRAP[@]}" --status-fd 1 --verify "${files[@]}" | grep -qE '^\[GNUPG:\] TRUST_(FULLY|ULTIMATE).*$'
- # return error if GnuPG fails to verify the signature
- if [[ "${PIPESTATUS[0]}" -ne 0 ]]; then
- error "$(gettext "The signature verification for %s failed.")" "$sig"
- ret=1
- fi
+ # return error if GnuPG fails to verify the signature
+ if [[ "${PIPESTATUS[0]}" -ne 0 ]]; then
+ error "$(gettext "The signature verification for %s failed.")" "$sig"
+ ret=1
+ fi
- # return error if the signature is not trusted fully or ultimately
- if [[ "${PIPESTATUS[1]}" -ne 0 ]]; then
- error "$(gettext "The signature %s is not trusted.")" "$sig"
- ret=1
- fi
+ # return error if the signature is not trusted fully or ultimately
+ if [[ "${PIPESTATUS[1]}" -ne 0 ]]; then
+ error "$(gettext "The signature %s is not trusted.")" "$sig"
+ ret=1
+ fi
- exit $ret
+ exit $ret
}
updatedb() {
- msg "$(gettext "Updating trust database...")"
- if ! "${GPG_PACWRAP[@]}" --batch --check-trustdb ; then
- error_fatal "$(gettext "Trust database could not be updated.")"
- fi
+ msg "$(gettext "Updating trust database...")"
+ if ! "${GPG_PACWRAP[@]}" --batch --check-trustdb ; then
+ error_fatal "$(gettext "Trust database could not be updated.")"
+ fi
}
# PROGRAM START
if ! type gettext &>/dev/null; then
- gettext() {
- echo "$@"
- }
+ gettext() {
+ echo "$@"
+ }
fi
main $@
+
+# vim:set ts=4 sw=4 et:1
diff --git a/dist/tools/clean.sh b/dist/tools/clean.sh
index aadb7d8..d6ff5de 100755
--- a/dist/tools/clean.sh
+++ b/dist/tools/clean.sh
@@ -28,39 +28,41 @@ DIST_RUNTIME="$PWD/dist/runtime"
DIST_SCHEMA="$PWD/dist/schema"
runtime() {
- if [[ -d "$DIST_RUNTIME" ]]; then
- rm -r "$DIST_RUNTIME"
- mkdir -p "$DIST_RUNTIME"
- cleaned "container runtime"
+ if [[ -d "$DIST_RUNTIME" ]]; then
+ rm -r "$DIST_RUNTIME"
+ mkdir -p "$DIST_RUNTIME"
+ cleaned "container runtime"
fi
}
filesystem() {
- if [[ -d "$DIST_SCHEMA" ]]; then
- rm -r "$DIST_SCHEMA"
- mkdir -p "$DIST_SCHEMA"
+ if [[ -d "$DIST_SCHEMA" ]]; then
+ rm -r "$DIST_SCHEMA"
+ mkdir -p "$DIST_SCHEMA"
cleaned "container schema"
fi
}
bin() {
- if [[ -d "$DIST_BIN" ]]; then
- rm -r "$DIST_BIN"
- mkdir -p "$DIST_BIN"
+ if [[ -d "$DIST_BIN" ]]; then
+ rm -r "$DIST_BIN"
+ mkdir -p "$DIST_BIN"
cleaned "bin artifacts"
fi
}
main() {
- for var in "$@"; do case $var in
- schema) filesystem;;
- runtime) runtime;;
+ for var in "$@"; do case $var in
+ schema) filesystem;;
+ runtime) runtime;;
bin) bin;;
all) bin
- filesystem
- runtime;;
- *) error_fatal "Invalid parameter '$1'";;
- esac; done
+ filesystem
+ runtime;;
+ *) error_fatal "Invalid parameter '$1'";;
+ esac; done
}
main $@
+
+# vim:set ts=4 sw=4 et:1
diff --git a/dist/tools/common.sh b/dist/tools/common.sh
index bee2826..d495a61 100755
--- a/dist/tools/common.sh
+++ b/dist/tools/common.sh
@@ -39,36 +39,36 @@ handle_failure() {
}
error_fatal() {
- echo $BOLD$RED"error:$RESET $@";
- exit 1
+ echo $BOLD$RED"error:$RESET $@";
+ exit 1
}
error() {
- echo $BOLD$RED"error:$RESET $@";
+ echo $BOLD$RED"error:$RESET $@";
}
packaged() {
- echo "$GREEN$BOLD Packaged$RESET $@"
+ echo "$GREEN$BOLD Packaged$RESET $@"
}
cleaned() {
- echo "$BOLD$GREEN Cleaned$RESET $@"
+ echo "$BOLD$GREEN Cleaned$RESET $@"
}
validate_args() {
- [[ -z "$1" ]] && error_fatal "release target not specified."
+ [[ -z "$1" ]] && error_fatal "release target not specified."
case $1 in
- release);;
- debug) ;;
- *) error_fatal "release target $1 is invalid.";;
- esac
+ release);;
+ debug) ;;
+ *) error_fatal "release target $1 is invalid.";;
+ esac
}
layout_dir() {
- [[ ! -d "$DIST_SRC" ]] && error_fatal "'$DIST_SRC': src directory not found."
+ [[ ! -d "$DIST_SRC" ]] && error_fatal "'$DIST_SRC': src directory not found."
- mkdir -p $DIST_BIN
+ mkdir -p $DIST_BIN
}
#
@@ -80,7 +80,7 @@ layout_dir() {
# $4: Inlcude date (optional)
#
package() {
- [[ ! -f "$1" ]] && error_fatal "'$1': file not found"
+ [[ ! -f "$1" ]] && error_fatal "'$1': file not found"
([[ -z $1 ]] || [[ -z $2 ]] || [[ -z $3 ]]) && error_fatal "Invalid arguments."
local version=$(version $3 $4)
@@ -102,9 +102,9 @@ version() {
case $1 in
release) release="RELEASE"
- date=$(git log -1 --date=format:%d/%m/%Y --format=%cd);;
+ date=$(git log -1 --date=format:%d/%m/%Y --format=%cd);;
debug) release="DEV"
- date=$(date +'%d/%m/%Y %T%:z');;
+ date=$(date +'%d/%m/%Y %T%:z');;
esac
if [[ -z "$tag" ]]; then
@@ -121,3 +121,5 @@ version() {
}
COMMON_SCRIPT=1; readonly COMMON_SCRIPT BOLD RED GREEN RESET
+
+# vim:set ts=4 sw=4 et:1
diff --git a/dist/tools/package.sh b/dist/tools/package.sh
index 4d52371..8e05b5f 100755
--- a/dist/tools/package.sh
+++ b/dist/tools/package.sh
@@ -31,3 +31,5 @@ validate_args $1
package $DIST_MAN/pacwrap.1 $DIST_BIN/pacwrap.1 $1
package $DIST_MAN/pacwrap.yml.2 $DIST_BIN/pacwrap.yml.2 $1
./dist/tools/runtime.sh $1
+
+# vim:set ts=4 sw=4 et:1
diff --git a/dist/tools/prepare.sh b/dist/tools/prepare.sh
index f7d47ab..5078b43 100755
--- a/dist/tools/prepare.sh
+++ b/dist/tools/prepare.sh
@@ -29,3 +29,5 @@ validate_args $1
layout_dir
package $DIST_SRC/pacwrap-key $DIST_BIN/pacwrap-key $1 0
./dist/tools/schema.sh $1
+
+# vim:set ts=4 sw=4 et:1
diff --git a/dist/tools/runtime.sh b/dist/tools/runtime.sh
index f69d5c3..98b8e18 100755
--- a/dist/tools/runtime.sh
+++ b/dist/tools/runtime.sh
@@ -62,11 +62,11 @@ LIB_BINS="bash ls gpg grep"
main() {
validate_args $1
prepare_and_validate $1
- populate_lib
- populate_bin
- populate_etc
- busybox_links
- packaged "container runtime [$1]"
+ populate_lib
+ populate_bin
+ populate_etc
+ busybox_links
+ packaged "container runtime [$1]"
}
#
@@ -85,8 +85,8 @@ prepare_and_validate() {
mkdir -p $DEST_DIR$LIB_DIR$FAKEROOT$FAKECHROOT $DEST_DIR$BIN_DIR $DEST_DIR$ETC_DIR
if [[ ! -d "$DEST_DIR$LIB_DIR" ]] || [[ ! -d $DEST_DIR$BIN_DIR ]]; then
- error_fatal "'$DEST_DIR': directory not found."
- fi
+ error_fatal "'$DEST_DIR': directory not found."
+ fi
for bin in $LIB_BINS; do
local path=$(type -P $bin)
@@ -101,22 +101,22 @@ prepare_and_validate() {
# Clean build artifacts
#
clean() {
- if [[ -d "$DEST_DIR" ]]; then
- rm -r "$DEST_DIR"
- mkdir -p "$DEST_DIR"
- cleaned "container runtime"
- fi
+ if [[ -d "$DEST_DIR" ]]; then
+ rm -r "$DEST_DIR"
+ mkdir -p "$DEST_DIR"
+ cleaned "container runtime"
+ fi
}
#
# Populate libraries for container runtime
#
populate_lib() {
- copy_libs ${BIN_PATHS[@]}
- cp -L $FAKEROOT_SRC $FAKEROOT_DEST
- cp -L $FAKECHROOT_SRC $FAKECHROOT_DEST
- ln -s .$FAKEROOT/libfakeroot.so $DEST_DIR$LIB_DIR/libfakeroot.so
- ln -s .$FAKEROOT$FAKECHROOT/libfakechroot.so $DEST_DIR$LIB_DIR/libfakechroot.so
+ copy_libs ${BIN_PATHS[@]}
+ cp -L $FAKEROOT_SRC $FAKEROOT_DEST
+ cp -L $FAKECHROOT_SRC $FAKECHROOT_DEST
+ ln -s .$FAKEROOT/libfakeroot.so $DEST_DIR$LIB_DIR/libfakeroot.so
+ ln -s .$FAKEROOT$FAKECHROOT/libfakechroot.so $DEST_DIR$LIB_DIR/libfakechroot.so
# Remove debuglink section, to ensure the Arch Build System doesn't complain
for lib in $(find $DEST_DIR$LIB_DIR -maxdepth 3 -type f -printf "%p "); do
@@ -128,21 +128,21 @@ populate_lib() {
# Populate binaries for container runtime
#
populate_bin() {
- cp ${BIN_PATHS[0]} $DEST_DIR$BIN_DIR/agent
- copy_bins $BIN_UTILS $COREUTILS
- ln -s bash $DEST_DIR$BIN_DIR/sh
- ln -s ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld-linux.so.2
- ln -s ../lib64/ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld.so
+ cp ${BIN_PATHS[0]} $DEST_DIR$BIN_DIR/agent
+ copy_bins $BIN_UTILS $COREUTILS
+ ln -s bash $DEST_DIR$BIN_DIR/sh
+ ln -s ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld-linux.so.2
+ ln -s ../lib64/ld-linux-x86-64.so.2 $DEST_DIR$BIN_DIR/ld.so
}
#
# Populate /etc directory for container runtime
#
populate_etc() {
- echo -e "#\n# /etc/bash.bashrc\n#\n# pacwrap runtime\n#\n\n${PROFILE_PS1}\nbind -x $'\"\\C-l\":clear;'\ncd \$HOME\n" > $DEST_DIR$ETC_DIR/bash.bashrc
- sed -n 12,20p $DIST_SRC/bash.bashrc >> $DEST_DIR$ETC_DIR/bash.bashrc
- echo -e "#\n# /etc/profile - busybox env\n#\n# pacwrap runtime\n#\n\n$PROFILE_PS1\n" > $DEST_DIR$ETC_DIR/profile
- echo -e 'printf "\033]0;%s@%s\007" "${USER}" "${HOSTNAME%%.*}"\ncd $HOME' >> $DEST_DIR$ETC_DIR/profile
+ echo -e "#\n# /etc/bash.bashrc\n#\n# pacwrap runtime\n#\n\n${PROFILE_PS1}\nbind -x $'\"\\C-l\":clear;'\ncd \$HOME\n" > $DEST_DIR$ETC_DIR/bash.bashrc
+ sed -n 12,20p $DIST_SRC/bash.bashrc >> $DEST_DIR$ETC_DIR/bash.bashrc
+ echo -e "#\n# /etc/profile - busybox env\n#\n# pacwrap runtime\n#\n\n$PROFILE_PS1\n" > $DEST_DIR$ETC_DIR/profile
+ echo -e 'printf "\033]0;%s@%s\007" "${USER}" "${HOSTNAME%%.*}"\ncd $HOME' >> $DEST_DIR$ETC_DIR/profile
}
#
@@ -151,13 +151,13 @@ populate_etc() {
busybox_links() {
for applet in $(busybox --list); do
if [[ "${COREUTILS[@]}" == *$applet* ]] ||
- [[ "${BIN_UTILS[@]}" == *$applet* ]] ||
- [[ $applet == "busybox" ]]; then
- continue
+ [[ "${BIN_UTILS[@]}" == *$applet* ]] ||
+ [[ $applet == "busybox" ]]; then
+ continue
fi
- ln -s busybox ./dist/runtime/bin/$applet
- done
+ ln -s busybox ./dist/runtime/bin/$applet
+ done
}
#
@@ -166,7 +166,7 @@ busybox_links() {
# $@: takes an array of system library paths
#
copy_libs() {
- for path in ${@}; do
+ for path in ${@}; do
ldd $path | sed -e "s/.*=> //g;s/ (.*)//g;s/\t.*//g" | xargs cp -Lt $DEST_DIR$LIB_DIR
done
}
@@ -177,7 +177,7 @@ copy_libs() {
# $@: takes an array of system binaries located in /usr/bin
#
copy_bins() {
- for bin in ${@}; do
+ for bin in ${@}; do
cp $(type -P $bin) $DEST_DIR$BIN_DIR/$bin
if [[ $bin == "fakeroot" ]]; then
@@ -190,3 +190,5 @@ copy_bins() {
}
main $@
+
+# vim:set ts=4 sw=4 et:1
diff --git a/dist/tools/schema.sh b/dist/tools/schema.sh
index 7b64b17..ccd034c 100755
--- a/dist/tools/schema.sh
+++ b/dist/tools/schema.sh
@@ -39,9 +39,9 @@ DEST_DIR="$PWD/dist/schema"
#
main() {
prepare_and_validate
- populate_usr
- populate_etc
- create_archive $1
+ populate_usr
+ populate_etc
+ create_archive $1
packaged "container schema [$1]"
}
@@ -49,27 +49,27 @@ main() {
# Validate and prepare staging environment
#
prepare_and_validate() {
- clean
- mkdir -p $DEST_DIR$USR_DIR $DEST_DIR$ETC_DIR $DIST_BIN
+ clean
+ mkdir -p $DEST_DIR$USR_DIR $DEST_DIR$ETC_DIR $DIST_BIN
- if [[ ! -d "$DEST_DIR$LIB_DIR" ]] || [[ ! -d $DEST_DIR$BIN_DIR ]]; then
- error_fatal "'$DEST_DIR': directory not found."
- fi
+ if [[ ! -d "$DEST_DIR$LIB_DIR" ]] || [[ ! -d $DEST_DIR$BIN_DIR ]]; then
+ error_fatal "'$DEST_DIR': directory not found."
+ fi
if [[ ! -d "$DIST_SRC" ]]; then
- error_fatal "'$DIST_SRC': directory not found."
- fi
+ error_fatal "'$DIST_SRC': directory not found."
+ fi
}
#
# Clean build artifacts
#
clean() {
- if [[ -d "$DEST_DIR" ]]; then
- rm -r "$DEST_DIR"
- mkdir -p "$DEST_DIR"
- cleaned "container schema"
- fi
+ if [[ -d "$DEST_DIR" ]]; then
+ rm -r "$DEST_DIR"
+ mkdir -p "$DEST_DIR"
+ cleaned "container schema"
+ fi
}
#
@@ -77,21 +77,21 @@ clean() {
#
create_archive() {
cd $DEST_DIR
- tar acf ../bin/filesystem.tar.zst *
+ tar acf ../bin/filesystem.tar.zst *
}
#
# Populate usr for container filesystem
#
populate_usr() {
- mkdir -p "${DEST_DIR}/usr/share/libalpm/hooks/" \
- "${DEST_DIR}/usr/share/libalpm/scripts/" \
- "${DEST_DIR}/usr/local/bin" \
- "${DEST_DIR}/usr/lib/"
+ mkdir -p "${DEST_DIR}/usr/share/libalpm/hooks/" \
+ "${DEST_DIR}/usr/share/libalpm/scripts/" \
+ "${DEST_DIR}/usr/local/bin" \
+ "${DEST_DIR}/usr/lib/"
- ln -s /usr/lib/flatpak-xdg-utils/xdg-open "${DEST_DIR}/usr/local/bin/"
- ln -s /usr/lib/flatpak-xdg-utils/xdg-email "${DEST_DIR}/usr/local/bin/"
+ ln -s /usr/lib/flatpak-xdg-utils/xdg-open "${DEST_DIR}/usr/local/bin/"
+ ln -s /usr/lib/flatpak-xdg-utils/xdg-email "${DEST_DIR}/usr/local/bin/"
install -Dm 644 "$DIST_SRC/0-pacwrap-dist.hook" "${DEST_DIR}/usr/share/libalpm/hooks/0-pacwrap-dist.hook"
install -Dm 644 "$DIST_SRC/1-pacwrap-dist.hook" "${DEST_DIR}/usr/share/libalpm/hooks/1-pacwrap-dist.hook"
@@ -106,25 +106,27 @@ populate_usr() {
# Populate etc for container filesystem
#
populate_etc() {
- local pacman_hooks=('20-systemd-sysusers'
- '30-systemd-tmpfiles'
- '30-systemd-daemon-reload-system'
- '30-systemd-daemon-reload-user'
- '30-systemd-sysctl'
- '30-systemd-catalog'
- '30-systemd-update'
- '30-systemd-udev-reload'
- '30-systemd-hwdb'
- 'dbus-reload')
-
- # Systemd cannot be started securely in an unprivileged namespace, therefore
- # disable unnecessary systemd hooks in order to speed up transaction times.
- mkdir -p "${DEST_DIR}/etc/pacman.d/hooks/" "${DEST_DIR}/usr/local/bin/"
- for pacman_hook in ${pacman_hooks[@]}; do
- ln -s /dev/null "${DEST_DIR}/etc/pacman.d/hooks/${pacman_hook}.hook"; done
+ local pacman_hooks=('20-systemd-sysusers'
+ '30-systemd-tmpfiles'
+ '30-systemd-daemon-reload-system'
+ '30-systemd-daemon-reload-user'
+ '30-systemd-sysctl'
+ '30-systemd-catalog'
+ '30-systemd-update'
+ '30-systemd-udev-reload'
+ '30-systemd-hwdb'
+ 'dbus-reload')
- # Provide our own /etc/bash.bashrc
- cp "$DIST_SRC/bash.bashrc" "$DEST_DIR$ETC_DIR"
+ # Systemd cannot be started securely in an unprivileged namespace, therefore
+ # disable unnecessary systemd hooks in order to speed up transaction times.
+ mkdir -p "${DEST_DIR}/etc/pacman.d/hooks/" "${DEST_DIR}/usr/local/bin/"
+ for pacman_hook in ${pacman_hooks[@]}; do
+ ln -s /dev/null "${DEST_DIR}/etc/pacman.d/hooks/${pacman_hook}.hook"; done
+
+ # Provide our own /etc/bash.bashrc
+ cp "$DIST_SRC/bash.bashrc" "$DEST_DIR$ETC_DIR"
}
main $@
+
+# vim:set ts=4 sw=4 et:1