diff options
Diffstat (limited to 'helpers/chroot_sources')
-rwxr-xr-x | helpers/chroot_sources | 466 |
1 files changed, 466 insertions, 0 deletions
diff --git a/helpers/chroot_sources b/helpers/chroot_sources new file mode 100755 index 0000000..81c0268 --- /dev/null +++ b/helpers/chroot_sources @@ -0,0 +1,466 @@ +#!/bin/sh + +# lh_chroot_sources(1) - manage /etc/apt/sources.list +# Copyright (C) 2006-2009 Daniel Baumann <daniel@debian.org> +# +# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING. +# This is free software, and you are welcome to redistribute it +# under certain conditions; see COPYING for details. + +set -e + +# Including common functions +. "${LH_BASE:-/usr/share/live-helper}"/live-helper.sh + +# Setting static variables +DESCRIPTION="$(Echo 'manage /etc/apt/sources.list')" +HELP="" +USAGE="${PROGRAM} {install|remove} [--force]" + +Arguments "${@}" + +# Reading configuration files +Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source +Set_defaults + +# Requiring stage file +Require_stagefile .stage/config .stage/bootstrap + +_LH_LOCAL_KEY_EMAIL="live-helper-local-key@invalid" + +case "${1}" in + install) + Echo_message "Configuring file /etc/apt/sources.list" + + # Checking stage file + Check_stagefile .stage/chroot_sources + + # Checking lock file + Check_lockfile .lock + + # Creating lock file + Create_lockfile .lock + + # Configure custom sources.list + echo "deb ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" > chroot/etc/apt/sources.list + + if [ "${LH_SOURCE}" = "true" ] + then + echo "deb-src ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list + fi + + if [ "${LH_SECURITY}" = "true" ] + then + case "${LH_MODE}" in + ubuntu) + echo "deb ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list + + if [ "${LH_SOURCE}" = "true" ] + then + echo "deb-src ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list + fi + ;; + + *) + if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ] + then + echo "deb ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list + + if [ "${LH_SOURCE}" = "true" ] + then + echo "deb-src ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list + fi + fi + ;; + esac + fi + + # Check local sources.list + if Find_files config/chroot_sources/*.chroot + then + # Deconfigure (possibly) old sources.list snipplets + if Find_files config/chroot_sources/*.binary + then + for FILE in config/chroot_sources/*.binary + do + rm -f "chroot/etc/apt/sources.list.d/$(basename ${FILE} .binary).list" + done + fi + + # Configure new sources.list snipplets + for FILE in config/chroot_sources/*.chroot + do + cp "${FILE}" "chroot/etc/apt/sources.list.d/$(basename ${FILE} .chroot).list" + done + fi + + # Configure local package repository + if Find_files config/chroot_local-packages/*.deb + then + rm -rf chroot/root/local-packages + mkdir -p chroot/root/local-packages + + if [ "$(stat --printf %d config/chroot_local-packages)" = "$(stat --printf %d chroot/root/local-packages)" ] + then + CP_OPTIONS="-l" + fi + + # Copy packages + if Find_files config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb + then + cp ${CP_OPTIONS} config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb chroot/root/local-packages + fi + + if Find_files config/chroot_local-packages/*_all.deb + then + cp ${CP_OPTIONS} config/chroot_local-packages/*_all.deb chroot/root/local-packages + fi + + if Find_files chroot/root/local-packages/*.deb + then + # If we bootstrapped a minimal chroot, we need + # to install apt-utils before we have have + # completed all the indices. + case "${LH_BOOTSTRAP_FLAVOUR}" in + stripped|minimal) + Chroot chroot "apt-get update" + ;; + esac + + # Restoring cache + Restore_cache cache/packages_chroot + + # Check depends + Check_package chroot/usr/bin/apt-ftparchive apt-utils + + # Installing depends + Install_package + + # Generate Packages and Packages.gz + echo "cd /root/local-packages && apt-ftparchive packages . > Packages" | Chroot chroot sh + gzip -9 -c chroot/root/local-packages/Packages > chroot/root/local-packages/Packages.gz + + # Generate Release + echo "cd /root/local-packages && apt-ftparchive \ + -o APT::FTPArchive::Release::Origin=chroot_local-packages \ + release . > Release" | Chroot chroot sh + + if [ "${LH_APT_SECURE}" = "true" ] + then + _LH_DOTGNUPG_EXISTED=0 + if [ -d chroot/root/.gnupg ] + then + _LH_DOTGNUPG_EXISTED=1 + fi + + # Ensure ~/.gnupg exists (required for gnupg >= ~1.4.9) + mkdir -p chroot/root/.gnupg + + # Temporarily replace /dev/random with /dev/urandom so as not + # to block automated image builds; we don't care about the + # security of this key anyway. + mv chroot/dev/random chroot/dev/random.orig + cp -a chroot/dev/urandom chroot/dev/random + + if Find_files cache/local-package-keyring.* + then + cp cache/local-package-keyring.* chroot/root + else + # Generate temporary key + echo "Key-Type: RSA + Key-Length: 1024 + Subkey-Type: ELG-E + Subkey-Length: 1024 + Name-Real: live-helper local packages key + Name-Email: ${_LH_LOCAL_KEY_EMAIL} + Expire-Date: 0 + %secring /root/local-package-keyring.sec + %pubring /root/local-package-keyring.pub + %commit" | Chroot chroot "gpg --batch --gen-key" || _LH_RET=${?} + + case "${_LH_RET}" in + ""|2) + # Gnupg sometimes seems to return with a status of 2 when there was not + # enough entropy (and key creation blocks temporarily) even if the + # operation was ultimately successful. + ;; + *) + Echo_error "GPG exited with error status %s" "${_LH_RET}" + exit ${_LH_RET} + ;; + esac + + # Save keyrings to avoid regeneration + cp chroot/root/local-package-keyring.* cache/ + fi + + # Sign release + Chroot chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \ + --keyring /root/local-package-keyring.pub -abs -o \ + /root/local-packages/Release.gpg /root/local-packages/Release" + + # Import key + Chroot chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \ + --keyring /root/local-package-keyring.pub --armor \ + --export ${_LH_LOCAL_KEY_EMAIL}" | Chroot chroot "apt-key add -" + + # Remove temporary keyrings + rm chroot/root/local-package-keyring.pub + rm chroot/root/local-package-keyring.sec + + # Revert /dev/random + mv chroot/dev/random.orig chroot/dev/random + + # Remove /root/.gnupg if we created it during the signing process + if [ "${_LH_DOTGNUPG_EXISTED}" -eq 0 ] + then + rm -rf chroot/root/.gnupg + fi + fi + + # Add to sources.list + echo "" >> chroot/etc/apt/sources.list + echo "# Local packages" >> chroot/etc/apt/sources.list + echo "deb file:/root/local-packages ./" >> chroot/etc/apt/sources.list + + # Removing depends + Remove_package + + # Saving cache + Save_cache cache/packages_chroot + else + Echo_warning "Local packages must be named with suffix '_all.deb' or '_\$architecture.deb'." + fi + fi + + # Update indices from cache + if [ "${LH_CACHE_INDICES}" = "true" ] && [ -d cache/indices_bootstrap ] + then + if Find_files cache/indices_bootstrap/secring.gpg* + then + cp -f cache/indices_bootstrap/secring.gpg* chroot/etc/apt + fi + + if Find_files cache/indices_bootstrap/trusted.gpg* + then + cp -f cache/indices_bootstrap/trusted.gpg* chroot/etc/apt + fi + + if [ -f cache/indices_bootstrap/pkgcache.bin ] + then + cp -f cache/indices_bootstrap/pkgcache.bin chroot/var/cache/apt + fi + + if [ -f cache/indices_bootstrap/srcpkgcache.bin ] + then + cp -f cache/indices_bootstrap/srcpkgcache.bin chroot/var/cache/apt + fi + + if Find_files cache/indices_bootstrap/*_Packages + then + cp -f cache/indices_bootstrap/*_Packages chroot/var/lib/apt/lists + fi + + if Find_files cache/indices_bootstrap/*_Sources + then + cp -f cache/indices_bootstrap/*_Sources chroot/var/lib/apt/lists + fi + + if Find_files cache/indices_bootstrap/*_Release* + then + cp -f cache/indices_bootstrap/*_Release* chroot/var/lib/apt/lists + fi + + if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ] + then + Chroot chroot "apt-get ${APT_OPTIONS} install aptitude" + fi + else # Get fresh indices + # Check local gpg keys + if Find_files config/chroot_sources/*.chroot.gpg + then + for FILE in config/chroot_sources/*.chroot.gpg + do + cp ${FILE} chroot/root + Chroot chroot "apt-key add /root/$(basename ${FILE})" + rm -f chroot/root/$(basename ${FILE}) + done + fi + + # Check local keyring packages + if Find_files config/chroot_sources/*.deb + then + for PACKAGE in config/chroot_sources/*.deb + do + cp ${PACKAGE} chroot/root + Chroot chroot "dpkg -i /root/$(basename ${PACKAGE})" + rm -f chroot/root/$(basename ${PACKAGE}) + done + fi + + # Installing aptitude + if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ] + then + Chroot chroot "apt-get ${APT_OPTIONS} update" + Chroot chroot "apt-get ${APT_OPTIONS} install aptitude" + fi + + Apt update + Apt upgrade + Apt dist-upgrade + + # Installing keyring packages + if [ -n "${LH_KEYRING_PACKAGES}" ] + then + Chroot chroot "apt-get --yes --force-yes install ${LH_KEYRING_PACKAGES}" + Apt update + fi + + if [ "${LH_CACHE_INDICES}" = "true" ] + then + mkdir -p cache/indices_bootstrap + + cp -f chroot/etc/apt/secring.gpg* cache/indices_bootstrap + cp -f chroot/etc/apt/trusted.gpg* cache/indices_bootstrap + + cp -f chroot/var/cache/apt/pkgcache.bin cache/indices_bootstrap + + if Find_files chroot/var/cache/apt/srcpkgcache.bin + then + cp -f chroot/var/cache/apt/srcpkgcache.bin cache/indices_bootstrap + fi + + cp -f chroot/var/lib/apt/lists/*_Packages cache/indices_bootstrap + + if Find_files chroot/var/lib/apt/lists/*_Sources + then + cp -f chroot/var/lib/apt/lists/*_Sources cache/indices_bootstrap + fi + + cp -f chroot/var/lib/apt/lists/*_Release* cache/indices_bootstrap + fi + fi + + # Creating stage file + Create_stagefile .stage/chroot_sources + ;; + + remove) + Echo_message "Deconfiguring file /etc/apt/sources.list" + + # Checking lock file + Check_lockfile .lock + + # Creating lock file + Create_lockfile .lock + + # Configure generic indices + # Don't do anything if it's not required + if [ "${LH_MIRROR_CHROOT}" = "${LH_MIRROR_BINARY}" ] && \ + [ "${LH_MIRROR_CHROOT_SECURITY}" = "${LH_MIRROR_BINARY_SECURITY}" ] && \ + [ ! -d chroot/root/local-packages ] + then + # Removing stage file + rm -f .stage/chroot_sources + + exit 0 + fi + + # Cleaning apt list cache + rm -rf chroot/var/lib/apt/lists + mkdir -p chroot/var/lib/apt/lists/partial + + echo "deb ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" > chroot/etc/apt/sources.list + + if [ "${LH_SOURCE}" = "true" ] + then + echo "deb-src ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list + fi + + if [ "${LH_SECURITY}" = "true" ] + then + case "${LH_MODE}" in + ubuntu) + echo "deb ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list + + if [ "${LH_SOURCE}" = "true" ] + then + echo "deb-src ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list + fi + ;; + + *) + if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ] + then + echo "deb ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list + + if [ "${LH_SOURCE}" = "true" ] + then + echo "deb-src ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list + fi + fi + ;; + esac + fi + + # Check local sources.list + if Find_files config/chroot_sources/*.binary + then + # Deconfigure (possibly) old sources.list snipplets + if Find_files config/chroot_sources/*.chroot + then + for FILE in config/chroot_sources/*.chroot + do + rm -f "chroot/etc/apt/sources.list.d/$(basename ${FILE} .chroot).list" + done + fi + + # Configure new sources.list snipplets + for FILE in config/chroot_sources/*.binary + do + cp "${FILE}" "chroot/etc/apt/sources.list.d/$(basename ${FILE} .binary).list" + done + fi + + # Check local gpg keys + if Find_files config/chroot_sources/*.binary.gpg + then + for FILE in config/chroot_sources/*.binary.gpg + do + cp ${FILE} chroot/root + Chroot chroot "apt-key add /root/$(basename ${FILE})" + rm -f chroot/root/$(basename ${FILE}) + done + fi + + # Updating indices + Apt update + + # Cleaning apt package cache + rm -rf chroot/var/cache/apt + mkdir -p chroot/var/cache/apt/archives/partial + + # Cleaning apt package lists + if [ "${LH_BINARY_INDICES}" = "false" ] + then + rm -rf chroot/var/lib/apt/lists + mkdir -p chroot/var/lib/apt/lists/partial + fi + + # Remove local package repository + rm -rf chroot/root/local-packages + + # Remove local packages key if it exists + if apt-key list | grep -q ${_LH_LOCAL_KEY_EMAIL} + then + apt-key del ${_LH_LOCAL_KEY_EMAIL} + fi + + # Removing stage file + rm -f .stage/chroot_sources + ;; + + *) + Usage + ;; +esac |