#!/bin/sh ## live-build(7) - System Build Scripts ## Copyright (C) 2006-2010 Daniel Baumann ## ## live-build comes with ABSOLUTELY NO WARRANTY; for details see COPYING. ## This is free software, and you are welcome to redistribute it ## under certain conditions; see COPYING for details. set -e # Including common functions . "${LH_BASE:-/usr/share/live/build}"/scripts/build.sh # Setting static variables DESCRIPTION="$(Echo 'manage /etc/apt/sources.list')" HELP="" USAGE="${PROGRAM} {install|remove} [--force]" Arguments "${@}" # Reading configuration files Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source Set_defaults # Requiring stage file Require_stagefile .stage/config .stage/bootstrap _LH_LOCAL_KEY_EMAIL="live-helper-local-key@invalid" case "${1}" in install) Echo_message "Configuring file /etc/apt/sources.list" # Checking stage file Check_stagefile .stage/chroot_sources # Checking lock file Check_lockfile .lock # Creating lock file Create_lockfile .lock # Restoring cache Restore_cache cache/packages_chroot # Configure custom sources.list echo "deb ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" > chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "true" ] then echo "deb-src ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi if [ "${LH_SECURITY}" = "true" ] then case "${LH_MODE}" in ubuntu) echo "deb ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "true" ] then echo "deb-src ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi ;; *) if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ] then echo "deb ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "true" ] then echo "deb-src ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi fi ;; esac fi if [ "${LH_VOLATILE}" = "true" ] then case "${LH_MODE}" in debian|debian-release) if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ] then echo "deb ${LH_MIRROR_CHROOT_VOLATILE} ${LH_DISTRIBUTION}/volatile ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "true" ] then echo "deb-src ${LH_MIRROR_CHROOT_VOLATILE} ${LH_DISTRIBUTION}/volatile ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi fi ;; ubuntu) echo "deb ${LH_MIRROR_CHROOT_VOLATILE} ${LH_DISTRIBUTION}-updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "true" ] then echo "deb-src ${LH_MIRROR_CHROOT_VOLATILE} ${LH_DISTRIBUTION}-updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi ;; esac fi # Check local sources.list if Find_files config/chroot_sources/*.chroot then # Deconfigure (possibly) old sources.list snipplets if Find_files config/chroot_sources/*.binary then for FILE in config/chroot_sources/*.binary do rm -f "chroot/etc/apt/sources.list.d/$(basename ${FILE} .binary).list" done fi # Configure new sources.list snipplets for FILE in config/chroot_sources/*.chroot do cp "${FILE}" "chroot/etc/apt/sources.list.d/$(basename ${FILE} .chroot).list" done fi # Configure third-party repositories if [ -n "${LH_REPOSITORIES}" ] then for REPOSITORY in ${LH_REPOSITORIES} do for PLACE in config/repositories "${LH_BASE}/repositories" do # Prefer repositories from the config tree # over the global ones. if ! ls "${PLACE}/${REPOSITORY}"* > /dev/null 2>&1 then continue fi # Adding sources.list entries (chroot) if [ -e "${PLACE}/${REPOSITORY}.chroot" ] then sed -e "s|@DISTRIBUTION@|${LH_DISTRIBUTION}|g" \ -e "s|@ARCHIVE_AREAS@|${LH_ARCHIVE_AREAS}|g" \ "${PLACE}/${REPOSITORY}.chroot" > \ "chroot/etc/apt/sources.list.d/${REPOSITORY}.list" elif [ -e "${PLACE}/${REPOSITORY}" ] then sed -e "s|@DISTRIBUTION@|${LH_DISTRIBUTION}|g" \ -e "s|@ARCHIVE_AREAS@|${LH_ARCHIVE_AREAS}|g" \ "${PLACE}/${REPOSITORY}" > \ "chroot/etc/apt/sources.list.d/${REPOSITORY}.list" fi if [ "${LH_APT_SECURE}" != false ] then # Adding archive signing keys (chroot) if [ -e "${PLACE}/${REPOSITORY}.chroot.gpg" ] then cat "${PLACE}/${REPOSITORY}.chroot.gpg" | Chroot chroot "apt-key add -" elif [ -e "${PLACE}/${REPOSITORY}.gpg" ] then cat "${PLACE}/${REPOSITORY}.gpg" | Chroot chroot "apt-key add -" fi fi done done fi # Configure local package repository if Find_files config/chroot_local-packages/*.deb then rm -rf chroot/root/local-packages mkdir -p chroot/root/local-packages if [ "$(stat --printf %d config/chroot_local-packages)" = "$(stat --printf %d chroot/root/local-packages)" ] then CP_OPTIONS="-l" fi # Copy packages if Find_files config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb then cp ${CP_OPTIONS} config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb chroot/root/local-packages fi if Find_files config/chroot_local-packages/*_all.deb then cp ${CP_OPTIONS} config/chroot_local-packages/*_all.deb chroot/root/local-packages fi if Find_files chroot/root/local-packages/*.deb then # If we bootstrapped a minimal chroot, we need # to install apt-utils before we have have # completed all the indices. case "${LH_PACKAGES_LISTS}" in stripped|minimal) Chroot chroot "apt-get update" ;; esac # Check depends Check_package chroot/usr/bin/apt-ftparchive apt-utils # Installing depends Install_package # Generate Packages and Packages.gz echo "cd /root/local-packages && apt-ftparchive packages . > Packages" | Chroot chroot sh gzip -9 -c chroot/root/local-packages/Packages > chroot/root/local-packages/Packages.gz # Generate Release echo "cd /root/local-packages && apt-ftparchive \ -o APT::FTPArchive::Release::Origin=chroot_local-packages \ release . > Release" | Chroot chroot sh if [ "${LH_APT_SECURE}" = "true" ] then _LH_DOTGNUPG_EXISTED=0 if [ -d chroot/root/.gnupg ] then _LH_DOTGNUPG_EXISTED=1 fi # Ensure ~/.gnupg exists (required for gnupg >= ~1.4.9) mkdir -p chroot/root/.gnupg # Temporarily replace /dev/random with /dev/urandom so as not # to block automated image builds; we don't care about the # security of this key anyway. mv chroot/dev/random chroot/dev/random.orig cp -a chroot/dev/urandom chroot/dev/random if Find_files cache/local-package-keyring.* then cp cache/local-package-keyring.* chroot/root else # Generate temporary key echo "Key-Type: RSA Key-Length: 1024 Subkey-Type: ELG-E Subkey-Length: 1024 Name-Real: live-helper local packages key Name-Email: ${_LH_LOCAL_KEY_EMAIL} Expire-Date: 0 %secring /root/local-package-keyring.sec %pubring /root/local-package-keyring.pub %commit" | Chroot chroot "gpg --batch --gen-key" || _LH_RET=${?} case "${_LH_RET}" in ""|2) # Gnupg sometimes seems to return with a status of 2 when there was not # enough entropy (and key creation blocks temporarily) even if the # operation was ultimately successful. ;; *) Echo_error "GPG exited with error status %s" "${_LH_RET}" exit ${_LH_RET} ;; esac # Save keyrings to avoid regeneration cp chroot/root/local-package-keyring.* cache/ fi # Sign release Chroot chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \ --keyring /root/local-package-keyring.pub -abs -o \ /root/local-packages/Release.gpg /root/local-packages/Release" # Import key Chroot chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \ --keyring /root/local-package-keyring.pub --armor \ --export ${_LH_LOCAL_KEY_EMAIL}" | Chroot chroot "apt-key add -" # Remove temporary keyrings rm chroot/root/local-package-keyring.pub rm chroot/root/local-package-keyring.sec # Revert /dev/random mv chroot/dev/random.orig chroot/dev/random # Remove /root/.gnupg if we created it during the signing process if [ "${_LH_DOTGNUPG_EXISTED}" -eq 0 ] then rm -rf chroot/root/.gnupg fi fi # Add to sources.list.d echo "deb file:/root/local-packages ./" > chroot/etc/apt/sources.list.d/local-packages.list # Removing depends Remove_package else Echo_warning "Local packages must be named with suffix '_all.deb' or '_\$architecture.deb'." fi fi # Update indices from cache if [ "${LH_CACHE_INDICES}" = "true" ] && [ -d cache/indices_bootstrap ] then if Find_files cache/indices_bootstrap/secring.gpg* then cp -f cache/indices_bootstrap/secring.gpg* chroot/etc/apt fi if Find_files cache/indices_bootstrap/trusted.gpg* then cp -rf cache/indices_bootstrap/trusted.gpg* chroot/etc/apt fi if [ -f cache/indices_bootstrap/pkgcache.bin ] then cp -f cache/indices_bootstrap/pkgcache.bin chroot/var/cache/apt fi if [ -f cache/indices_bootstrap/srcpkgcache.bin ] then cp -f cache/indices_bootstrap/srcpkgcache.bin chroot/var/cache/apt fi if Find_files cache/indices_bootstrap/*_Packages then cp -f cache/indices_bootstrap/*_Packages chroot/var/lib/apt/lists fi if Find_files cache/indices_bootstrap/*_Sources then cp -f cache/indices_bootstrap/*_Sources chroot/var/lib/apt/lists fi if Find_files cache/indices_bootstrap/*_Release* then cp -f cache/indices_bootstrap/*_Release* chroot/var/lib/apt/lists fi if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ] then Chroot chroot "apt-get ${APT_OPTIONS} install aptitude" fi else # Get fresh indices # Check local gpg keys if Find_files config/chroot_sources/*.chroot.gpg then for FILE in config/chroot_sources/*.chroot.gpg do cp ${FILE} chroot/root Chroot chroot "apt-key add /root/$(basename ${FILE})" rm -f chroot/root/$(basename ${FILE}) done fi # Check local keyring packages if Find_files config/chroot_sources/*.deb then for PACKAGE in config/chroot_sources/*.deb do cp ${PACKAGE} chroot/root Chroot chroot "dpkg -i /root/$(basename ${PACKAGE})" rm -f chroot/root/$(basename ${PACKAGE}) done fi # Installing aptitude if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ] then Chroot chroot "apt-get ${APT_OPTIONS} update" Chroot chroot "apt-get ${APT_OPTIONS} install aptitude" fi Apt update Apt upgrade Apt dist-upgrade # Installing keyring packages if [ -n "${LH_KEYRING_PACKAGES}" ] then Chroot chroot "apt-get --yes --force-yes install ${LH_KEYRING_PACKAGES}" Apt update fi if [ "${LH_CACHE_INDICES}" = "true" ] then mkdir -p cache/indices_bootstrap cp -f chroot/etc/apt/secring.gpg* cache/indices_bootstrap cp -rf chroot/etc/apt/trusted.gpg* cache/indices_bootstrap cp -f chroot/var/cache/apt/pkgcache.bin cache/indices_bootstrap if Find_files chroot/var/cache/apt/srcpkgcache.bin then cp -f chroot/var/cache/apt/srcpkgcache.bin cache/indices_bootstrap fi cp -f chroot/var/lib/apt/lists/*_Packages cache/indices_bootstrap if Find_files chroot/var/lib/apt/lists/*_Sources then cp -f chroot/var/lib/apt/lists/*_Sources cache/indices_bootstrap fi cp -f chroot/var/lib/apt/lists/*_Release* cache/indices_bootstrap fi fi # Saving cache Save_cache cache/packages_chroot # Creating stage file Create_stagefile .stage/chroot_sources ;; remove) Echo_message "Deconfiguring file /etc/apt/sources.list" # Checking lock file Check_lockfile .lock # Creating lock file Create_lockfile .lock # Configure generic indices # Don't do anything if it's not required if [ "${LH_MIRROR_CHROOT}" = "${LH_MIRROR_BINARY}" ] && \ [ "${LH_MIRROR_CHROOT_SECURITY}" = "${LH_MIRROR_BINARY_SECURITY}" ] && \ [ ! -d chroot/root/local-packages ] then # Removing stage file rm -f .stage/chroot_sources exit 0 fi # Cleaning apt list cache rm -rf chroot/var/lib/apt/lists mkdir -p chroot/var/lib/apt/lists/partial echo "deb ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" > chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "true" ] then echo "deb-src ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi if [ "${LH_SECURITY}" = "true" ] then case "${LH_MODE}" in ubuntu) echo "deb ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "true" ] then echo "deb-src ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi ;; *) if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ] then echo "deb ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "true" ] then echo "deb-src ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi fi ;; esac fi if [ "${LH_VOLATILE}" = "true" ] then case "${LH_MODE}" in debian|debian-release) if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ] then echo "deb ${LH_MIRROR_BINARY_VOLATILE} ${LH_DISTRIBUTION}/volatile ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "true" ] then echo "deb-src ${LH_MIRROR_BINARY_VOLATILE} ${LH_DISTRIBUTION}/volatile ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi fi ;; ubuntu) echo "deb ${LH_MIRROR_BINARY_VOLATILE} ${LH_DISTRIBUTION}-updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "true" ] then echo "deb-src ${LH_MIRROR_BINARY_VOLATILE} ${LH_DISTRIBUTION}-updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi ;; esac fi # Configure third-party repositories if [ -n "${LH_REPOSITORIES}" ] then for REPOSITORY in ${LH_REPOSITORIES} do # Removing sources.list entries (chroot) rm -f "chroot/etc/apt/sources.list.d/${REPOSITORY}.list" for PLACE in config/repositories "${LH_BASE}/repositories" do # Prefer repositories from the config tree # over the global ones. if ! ls "${PLACE}/${REPOSITORY}"* > /dev/null 2>&1 then continue fi # Adding sources.list entries (binary) if [ -e "${PLACE}/${REPOSITORY}.binary" ] then sed -e "s|@DISTRIBUTION@|${LH_DISTRIBUTION}|g" \ -e "s|@ARCHIVE_AREAS@|${LH_ARCHIVE_AREAS}|g" \ "${PLACE}/${REPOSITORY}.binary" > \ "chroot/etc/apt/sources.list.d/${REPOSITORY}.list" elif [ -e "${PLACE}/${REPOSITORY}" ] then sed -e "s|@DISTRIBUTION@|${LH_DISTRIBUTION}|g" \ -e "s|@ARCHIVE_AREAS@|${LH_ARCHIVE_AREAS}|g" \ "${PLACE}/${REPOSITORY}" > \ "chroot/etc/apt/sources.list.d/${REPOSITORY}.list" fi if [ "${LH_APT_SECURE}" != false ] then # Adding archive signing keys (binary) if [ -e "${PLACE}/${REPOSITORY}.binary.gpg" ] then cat "${PLACE}/${REPOSITORY}.binary.gpg" | Chroot chroot "apt-key add -" elif [ -e "${PLACE}/${REPOSITORY}.gpg" ] then cat "${PLACE}/${REPOSITORY}.gpg" | Chroot chroot "apt-key add -" fi fi done done fi # Check local sources.list if Find_files config/chroot_sources/*.binary then # Deconfigure (possibly) old sources.list snipplets if Find_files config/chroot_sources/*.chroot then for FILE in config/chroot_sources/*.chroot do rm -f "chroot/etc/apt/sources.list.d/$(basename ${FILE} .chroot).list" done fi # Configure new sources.list snipplets for FILE in config/chroot_sources/*.binary do cp "${FILE}" "chroot/etc/apt/sources.list.d/$(basename ${FILE} .binary).list" done fi # Check local gpg keys if Find_files config/chroot_sources/*.binary.gpg then for FILE in config/chroot_sources/*.binary.gpg do cp ${FILE} chroot/root Chroot chroot "apt-key add /root/$(basename ${FILE})" rm -f chroot/root/$(basename ${FILE}) done fi # Updating indices Apt update # Cleaning apt package cache rm -rf chroot/var/cache/apt mkdir -p chroot/var/cache/apt/archives/partial # Cleaning apt package lists if [ "${LH_BINARY_INDICES}" = "false" ] then rm -rf chroot/var/lib/apt/lists mkdir -p chroot/var/lib/apt/lists/partial fi # Remove local package repository rm -f chroot/etc/apt/sources.list.d/local-packages.list rm -rf chroot/root/local-packages # Remove local packages key if it exists if apt-key list | grep -q ${_LH_LOCAL_KEY_EMAIL} then apt-key del ${_LH_LOCAL_KEY_EMAIL} fi # Removing stage file rm -f .stage/chroot_sources ;; *) Usage ;; esac