#!/bin/sh # lh_chroot_sources(1) - manage /etc/apt/sources.list # Copyright (C) 2006-2008 Daniel Baumann # # live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING. # This is free software, and you are welcome to redistribute it # under certain conditions; see COPYING for details. set -e # Including common functions LH_BASE="${LH_BASE:-/usr/share/live-helper}" for FUNCTION in "${LH_BASE}"/functions/*.sh do . "${FUNCTION}" done # Setting static variables DESCRIPTION="manage /etc/apt/sources.list" HELP="" USAGE="${PROGRAM} {install|remove} [--force]" Arguments "${@}" # Reading configuration files Read_conffile config/all config/common config/bootstrap config/chroot config/binary config/source Set_defaults # Requiring stage file Require_stagefile .stage/bootstrap _LH_LOCAL_KEY_EMAIL="live-helper-local-key@invalid" case "${1}" in install) Echo_message "Configuring file /etc/apt/sources.list" # Checking stage file Check_stagefile .stage/chroot_sources # Checking lock file Check_lockfile .lock # Creating lock file Create_lockfile .lock # Configure custom sources.list echo "deb ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_SECTIONS}" > chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "enabled" ] then echo "deb-src ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_SECTIONS}" >> chroot/etc/apt/sources.list fi if [ "${LH_SECURITY}" = "enabled" ] then if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ] then echo "deb ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_SECTIONS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "enabled" ] then echo "deb-src ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_SECTIONS}" >> chroot/etc/apt/sources.list fi fi fi # Check local sources.list if ls config/chroot_sources/*.chroot > /dev/null 2>&1 then echo "" >> chroot/etc/apt/sources.list echo "# Custom repositories" >> chroot/etc/apt/sources.list for FILE in config/chroot_sources/*.chroot do cat ${FILE} | grep -v "^##" >> chroot/etc/apt/sources.list done fi # Configure local package repository if ls config/chroot_local-packages/*.deb > /dev/null 2>&1 then rm -rf chroot/root/local-packages mkdir -p chroot/root/local-packages if [ "$(stat --printf %d config/chroot_local-packages)" = "$(stat --printf %d chroot/root/local-packages)" ] then CP_OPTIONS="-l" fi # Copy packages if ls config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb > /dev/null 2>&1 then cp ${CP_OPTIONS} config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb chroot/root/local-packages fi if ls config/chroot_local-packages/*_all.deb > /dev/null 2>&1 then cp ${CP_OPTIONS} config/chroot_local-packages/*_all.deb chroot/root/local-packages fi if ls chroot/root/local-packages/*.deb > /dev/null 2>&1 then # Restoring cache Restore_cache cache/packages_chroot # Check depends Check_package chroot/usr/bin/apt-ftparchive apt-utils # Installing depends Install_package # Generate Packages and Packages.gz echo "cd /root/local-packages && apt-ftparchive packages . > Packages" | Chroot sh gzip -9 -c chroot/root/local-packages/Packages > chroot/root/local-packages/Packages.gz if [ "${LH_APT_SECURE}" = "enabled" ] then # Generate Release echo "cd /root/local-packages && apt-ftparchive \ -o APT::FTPArchive::Release::Origin=chroot_local-packages \ release . > Release" | Chroot sh _LH_DOTGNUPG_EXISTED=0 if [ -d chroot/root/.gnupg ] then _LH_DOTGNUPG_EXISTED=1 fi # Ensure ~/.gnupg exists (required for gnupg >= ~1.4.9) mkdir -p chroot/root/.gnupg # Temporarily replace /dev/urandom with /dev/random so as not # to block automated image builds; we don't care about the # security of this key anyway. mv chroot/dev/random chroot/dev/random.orig cp -a chroot/dev/urandom chroot/dev/random if ls cache/local-package-keyring.* >/dev/null 2>&1 then cp cache/local-package-keyring.* chroot/root else # Generate temporary key echo "Key-Type: RSA Key-Length: 1024 Subkey-Type: ELG-E Subkey-Length: 1024 Name-Real: live-helper local packages key Name-Email: ${_LH_LOCAL_KEY_EMAIL} Expire-Date: 0 %secring /root/local-package-keyring.sec %pubring /root/local-package-keyring.pub %commit" | Chroot "gpg --batch --gen-key" || _LH_RET=${?} case "${_LH_RET}" in ""|2) # Gnupg sometimes seems to return with a status of 2 when there was not # enough entropy (and key creation blocks temporarily) even if the # operation was ultimately successful. ;; *) Echo_error "GPG exited with error status ${_LH_RET}" exit ${_LH_RET} ;; esac # Save keyrings to avoid regeneration cp chroot/root/local-package-keyring.* cache/ fi # Sign release Chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \ --keyring /root/local-package-keyring.pub -abs -o \ /root/local-packages/Release.gpg /root/local-packages/Release" # Import key Chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \ --keyring /root/local-package-keyring.pub --armor \ --export ${_LH_LOCAL_KEY_EMAIL}" | Chroot "apt-key add -" # Remove temporary keyrings rm chroot/root/local-package-keyring.pub rm chroot/root/local-package-keyring.sec # Revert /dev/random mv chroot/dev/random.orig chroot/dev/random # Remove /root/.gnupg if we created it during the signing process if [ "${_LH_DOTGNUPG_EXISTED}" -eq 0 ] then rm -rf chroot/root/.gnupg fi fi # Add to sources.list echo "" >> chroot/etc/apt/sources.list echo "# Local packages" >> chroot/etc/apt/sources.list echo "deb file:/root/local-packages ./" >> chroot/etc/apt/sources.list # Removing depends Remove_package # Saving cache Save_cache cache/packages_chroot else Echo_warning "Local packages must be named with suffix '_all.deb' or '_\$architecture.deb'." fi fi # Update indices from cache if [ "${LH_CACHE_INDICES}" = "enabled" ] && [ -d cache/indices_bootstrap ] then if ls cache/indices_bootstrap/secring.gpg* > /dev/null 2>&1 then cp -f cache/indices_bootstrap/secring.gpg* chroot/etc/apt fi if ls cache/indices_bootstrap/trusted.gpg* > /dev/null 2>&1 then cp -f cache/indices_bootstrap/trusted.gpg* chroot/etc/apt fi if [ -f cache/indices_bootstrap/pkgcache.bin ] then cp -f cache/indices_bootstrap/pkgcache.bin chroot/var/cache/apt fi if [ -f cache/indices_bootstrap/srcpkgcache.bin ] then cp -f cache/indices_bootstrap/srcpkgcache.bin chroot/var/cache/apt fi if ls cache/indices_bootstrap/*_Packages > /dev/null 2>&1 then cp -f cache/indices_bootstrap/*_Packages chroot/var/lib/apt/lists fi if ls cache/indices_bootstrap/*_Sources > /dev/null 2>&1 then cp -f cache/indices_bootstrap/*_Sources chroot/var/lib/apt/lists fi if ls cache/indices_bootstrap/*_Release* > /dev/null 2>&1 then cp -f cache/indices_bootstrap/*_Release* chroot/var/lib/apt/lists fi if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ] then Chroot "apt-get ${APT_OPTIONS} install aptitude" fi else # Get fresh indices # Check local gpg keys if ls config/chroot_sources/*.chroot.gpg > /dev/null 2>&1 then for FILE in config/chroot_sources/*.chroot.gpg do cp ${FILE} chroot/root Chroot "apt-key add /root/$(basename ${FILE})" rm -f chroot/root/$(basename ${FILE}) done fi # Check local keyring packages if ls config/chroot_sources/*.deb > /dev/null 2>&1 then for PACKAGE in config/chroot_sources/*.deb do cp ${PACKAGE} chroot/root Chroot "dpkg -i /root/$(basename ${PACKAGE})" rm -f chroot/root/$(basename ${PACKAGE}) done fi # Installing aptitude if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ] then Chroot "apt-get ${APT_OPTIONS} update" Chroot "apt-get ${APT_OPTIONS} install aptitude" fi Apt update Apt upgrade Apt dist-upgrade # Installing keyring packages if [ -n "${LH_KEYRING_PACKAGES}" ] then Apt --force-yes install "${LH_KEYRING_PACKAGES}" Apt update fi if [ "${LH_CACHE_INDICES}" = "enabled" ] then mkdir -p cache/indices_bootstrap cp -f chroot/etc/apt/secring.gpg* cache/indices_bootstrap cp -f chroot/etc/apt/trusted.gpg* cache/indices_bootstrap cp -f chroot/var/cache/apt/pkgcache.bin cache/indices_bootstrap if ls chroot/var/cache/apt/srcpkgcache.bin > /dev/null 2>&1 then cp -f chroot/var/cache/apt/srcpkgcache.bin cache/indices_bootstrap fi cp -f chroot/var/lib/apt/lists/*_Packages cache/indices_bootstrap if ls chroot/var/lib/apt/lists/*_Sources > /dev/null 2>&1 then cp -f chroot/var/lib/apt/lists/*_Sources cache/indices_bootstrap fi cp -f chroot/var/lib/apt/lists/*_Release* cache/indices_bootstrap fi fi # Creating stage file Create_stagefile .stage/chroot_sources ;; remove) Echo_message "Deconfiguring file /etc/apt/sources.list" # Checking lock file Check_lockfile .lock # Creating lock file Create_lockfile .lock # Configure generic indices if [ "${LH_BINARY_INDICES}" = "enabled" ] then # Don't do anything if it's not required if [ "${LH_MIRROR_CHROOT}" = "${LH_MIRROR_BINARY}" ] && \ [ "${LH_MIRROR_CHROOT_SECURITY}" = "${LH_MIRROR_BINARY_SECURITY}" ] && \ [ ! -d chroot/root/local-packages ] then # Removing stage file rm -f .stage/chroot_sources exit 0 fi # Cleaning apt list cache rm -rf chroot/var/lib/apt/lists mkdir -p chroot/var/lib/apt/lists/partial echo "deb ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_SECTIONS}" > chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "enabled" ] then echo "deb-src ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_SECTIONS}" >> chroot/etc/apt/sources.list fi if [ "${LH_SECURITY}" = "enabled" ] then if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ] then echo "deb ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_SECTIONS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "enabled" ] then echo "deb-src ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_SECTIONS}" >> chroot/etc/apt/sources.list fi fi fi # Check local sources.list if ls config/chroot_sources/*.binary > /dev/null 2>&1 then echo "" >> chroot/etc/apt/sources.list echo "# Custom repositories" >> chroot/etc/apt/sources.list for FILE in config/chroot_sources/*.binary do cat ${FILE} | grep -v "^##" >> chroot/etc/apt/sources.list done fi # Check local gpg keys if ls config/chroot_sources/*.binary.gpg > /dev/null 2>&1 then for FILE in config/chroot_sources/*.binary.gpg do cp ${FILE} chroot/root Chroot "apt-key add /root/$(basename ${FILE})" rm -f chroot/root/$(basename ${FILE}) done fi # Updating indices Apt update fi # Cleaning apt packages cache rm -rf chroot/var/cache/apt mkdir -p chroot/var/cache/apt/archives/partial # Remove local package repository rm -rf chroot/root/local-packages # Remove local packages key if it exists if apt-key list | grep -q ${_LH_LOCAL_KEY_EMAIL} then apt-key del ${_LH_LOCAL_KEY_EMAIL} fi # Removing stage file rm -f .stage/chroot_sources ;; *) Usage ;; esac