diff options
-rwxr-xr-x | functions/defaults.sh | 3 | ||||
-rwxr-xr-x | helpers/lh_binary_grub | 5 | ||||
-rwxr-xr-x | helpers/lh_binary_syslinux | 5 | ||||
-rwxr-xr-x | helpers/lh_binary_yaboot | 5 | ||||
-rwxr-xr-x | helpers/lh_chroot_hacks | 39 | ||||
-rwxr-xr-x | helpers/lh_chroot_hosts | 5 | ||||
-rwxr-xr-x | helpers/lh_config | 12 |
7 files changed, 71 insertions, 3 deletions
diff --git a/functions/defaults.sh b/functions/defaults.sh index 715e568..8a876f0 100755 --- a/functions/defaults.sh +++ b/functions/defaults.sh @@ -298,6 +298,9 @@ Set_defaults () # Setting chroot filesystem LH_CHROOT_FILESYSTEM="${LH_CHROOT_FILESYSTEM:-squashfs}" + # Setting whether to expose root filesystem as read only + LH_EXPOSED_ROOT="${LH_EXPOSED_ROOT:-disabled}" + # Setting union filesystem if [ -z "${LH_UNION_FILESYSTEM}" ] then diff --git a/helpers/lh_binary_grub b/helpers/lh_binary_grub index 9ba3286..1c05962 100755 --- a/helpers/lh_binary_grub +++ b/helpers/lh_binary_grub @@ -178,6 +178,11 @@ then LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}" fi +if [ "${LH_EXPOSED_ROOT}" != "disabled" ] +then + LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot" +fi + LH_BOOTAPPEND_LIVE="$(echo ${LH_BOOTAPPEND_LIVE} | sed -e 's/ //')" # Parameters are listed at: linux/Documentation/kernel-parameters.txt diff --git a/helpers/lh_binary_syslinux b/helpers/lh_binary_syslinux index 68fa0f3..a6eb400 100755 --- a/helpers/lh_binary_syslinux +++ b/helpers/lh_binary_syslinux @@ -403,6 +403,11 @@ then LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}" fi +if [ "${LH_EXPOSED_ROOT}" != "disabled" ] +then + LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot" +fi + if [ "${LH_BINARY_IMAGES}" = "net" ] then case "${LH_NET_FILESYSTEM}" in diff --git a/helpers/lh_binary_yaboot b/helpers/lh_binary_yaboot index 8cffb3f..93fc0bb 100755 --- a/helpers/lh_binary_yaboot +++ b/helpers/lh_binary_yaboot @@ -186,6 +186,11 @@ then LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}" fi +if [ "${LH_EXPOSED_ROOT}" != "disabled" ] +then + LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot" +fi + LH_BOOTAPPEND_LIVE="$(echo ${LH_BOOTAPPEND_LIVE} | sed -e 's/ //')" # Parameters are listed at: linux/Documentation/kernel-parameters.txt diff --git a/helpers/lh_chroot_hacks b/helpers/lh_chroot_hacks index da2be17..6eaef4f 100755 --- a/helpers/lh_chroot_hacks +++ b/helpers/lh_chroot_hacks @@ -111,5 +111,44 @@ then chown -R --quiet 999:999 chroot/home/${LH_USERNAME} fi +if [ "${LH_EXPOSED_ROOT}" = "enabled" ] +then + # Make sure RW dirs exist so that the initramfs script has + # a directory in which to bind the tmpfs filesystems + COW_DIRS='/tmp /var/tmp /var/lock /var/run /var/lib/live /var/log + /var/spool /home /live' + for DIR in ${COW_DIRS}; do + mkdir -p chroot${DIR} + done + + # Config files which need to be RW + CONFIG_FILES='/etc/hostname /etc/hosts /etc/resolv.conf /etc/fstab + /etc/live.conf /etc/network/interfaces /etc/X11/xorg.conf + /etc/udev/rules.d/z25_persistent-net.rules + /etc/udev/rules.d/z25_persistent-cd.rules' + + # Where we will store RW config files + RW_DIR='/var/lib/live' + + for FILE_PATH in ${CONFIG_FILES} + do + # Touch files in case they don't yet exist + FILE_DIR=$(dirname ${FILE_PATH}) + mkdir -p chroot${FILE_DIR} + touch chroot${FILE_PATH} + FILE_NAME=$(basename ${FILE_PATH}) + mkdir -p chroot${RW_DIR}${FILE_DIR} + mv chroot${FILE_PATH} chroot${RW_DIR}${FILE_DIR} + # Create a symbolic link to RW config file + RELATIVE_PATH=$(echo ${FILE_DIR}|sed 's/[^\/]\+/../g; s/^\///g') + ln -s ${RELATIVE_PATH}${RW_DIR}${FILE_PATH} chroot${FILE_PATH} + done + + # Mount doesn't write to a symlink so use /proc/mounts instead, + # see debian bug #154438 for more info + rm chroot/etc/mtab + ln -s /proc/mounts chroot/etc/mtab +fi + # Creating stage file Create_stagefile .stage/chroot_hacks diff --git a/helpers/lh_chroot_hosts b/helpers/lh_chroot_hosts index c4d633e..8480383 100755 --- a/helpers/lh_chroot_hosts +++ b/helpers/lh_chroot_hosts @@ -87,8 +87,9 @@ EOF # Restore hosts file mv chroot/etc/hosts.orig chroot/etc/hosts else - # Remove hosts file - rm -f chroot/etc/hosts + # Blank out hosts file, don't remove in case + # its a symlink, as in the case of exposedroot mode + cat /dev/null > chroot/etc/hosts fi # Removing stage file diff --git a/helpers/lh_config b/helpers/lh_config index 5fc2f7c..c702b7d 100755 --- a/helpers/lh_config +++ b/helpers/lh_config @@ -96,12 +96,13 @@ USAGE="${PROGRAM} [--apt apt|aptitude]\n\ \t [--tasks TASK]\n\ \t [--templates PATH]\n\ \t [--union-filesystem aufs|unionfs]\n\ +\t [--exposed-root enabled|disabled]\n\ \t [--username NAME]\n\ \t [--verbose]" Local_arguments () { - ARGUMENTS="$(getopt --longoptions apt:,apt-ftp-proxy:,apt-http-proxy:,apt-pdiffs:,apt-pipeline:,apt-recommends:,apt-secure:,bootstrap:,cache:,cache-indices:,cache-packages:,cache-stages:,debconf-frontend:,debconf-nowarnings:,debconf-priority:,genisoimage:,initramfs:,losetup:,mode:,root-command:,tasksel:,includes:,templates:,architecture:,bootstrap-config:,bootstrap-flavour:,bootstrap-keyring:,distribution:,mirror-bootstrap:,mirror-bootstrap-security:,mirror-binary:,mirror-binary-security:,sections:,chroot-filesystem:,union-filesystem:,hooks:,interactive:,keyring-packages:,language:,linux-flavours:,linux-packages:,packages:,packages-lists:,tasks:,security:,symlinks:,sysvinit:,binary-images:,binary-indices:,bootappend-install:,bootappend-live:,bootloader:,chroot-build:,debian-installer:,debian-installer-daily:,encryption:,grub-splash:,hostname:,iso-application:,iso-preparer:,iso-publisher:,iso-volume:,memtest:,net-filesystem:,net-mountoptions:,net-path:,net-server:,syslinux-splash:,syslinux-timeout:,username:,source:,source-images:,breakpoints,conffile:,debug,force,help,quiet,usage,verbose,version --name=${PROGRAM} --options a:f:d:m:l:k:p:b:e:s:c:huv --shell sh -- "${@}")" + ARGUMENTS="$(getopt --longoptions apt:,apt-ftp-proxy:,apt-http-proxy:,apt-pdiffs:,apt-pipeline:,apt-recommends:,apt-secure:,bootstrap:,cache:,cache-indices:,cache-packages:,cache-stages:,debconf-frontend:,debconf-nowarnings:,debconf-priority:,genisoimage:,initramfs:,losetup:,mode:,root-command:,tasksel:,includes:,templates:,architecture:,bootstrap-config:,bootstrap-flavour:,bootstrap-keyring:,distribution:,mirror-bootstrap:,mirror-bootstrap-security:,mirror-binary:,mirror-binary-security:,sections:,chroot-filesystem:,union-filesystem:,exposed-root:,hooks:,interactive:,keyring-packages:,language:,linux-flavours:,linux-packages:,packages:,packages-lists:,tasks:,security:,symlinks:,sysvinit:,binary-images:,binary-indices:,bootappend-install:,bootappend-live:,bootloader:,chroot-build:,debian-installer:,debian-installer-daily:,encryption:,grub-splash:,hostname:,iso-application:,iso-preparer:,iso-publisher:,iso-volume:,memtest:,net-filesystem:,net-mountoptions:,net-path:,net-server:,syslinux-splash:,syslinux-timeout:,username:,source:,source-images:,breakpoints,conffile:,debug,force,help,quiet,usage,verbose,version --name=${PROGRAM} --options a:f:d:m:l:k:p:b:e:s:c:huv --shell sh -- "${@}")" if [ "${?}" != "0" ] then @@ -317,6 +318,11 @@ Local_arguments () shift 2 ;; + --exposed-root) + LH_EXPOSED_ROOT="${2}" + shift 2 + ;; + --hooks) LH_HOOKS="${2}" shift 2 @@ -773,6 +779,10 @@ LH_CHROOT_FILESYSTEM="${LH_CHROOT_FILESYSTEM}" # (Default: ${LH_UNION_FILESYSTEM} LH_UNION_FILESYSTEM="${LH_UNION_FILESYSTEM}" +# \$LH_EXPOSED_ROOT: expose root as read only +# (Default: ${LH_EXPOSED_ROOT}) +LH_EXPOSED_ROOT="${LH_EXPOSED_ROOT}" + # \$LH_HOOKS: set hook commands # (Default: empty) LH_HOOKS="${LH_HOOKS}" |