Clone/future-install-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6c68163d4b
future-install-scripts/pacstrap.in

155 lines
3.7 KiB
Plaintext
Raw Normal View History

initial commit
2012-06-18 03:17:10 +08:00
#!/bin/bash
#
# Assumptions:
# 1) User has partitioned, formatted, and mounted partitions on /mnt
# 2) Network is functional
# 3) Arguments passed to the script are valid pacman targets
# 4) A valid mirror appears in /etc/pacman.d/mirrorlist
#
add proper help/usage for tools
2012-06-18 05:52:39 +08:00
shopt -s extglob
reverse default and set values for hostcache option
2012-07-14 21:33:46 +08:00
hostcache=0
pacstrap: add options to inhibit copying settings Add -G and -M which tells pacstrap to avoid copying pacman's gnupg.d directory and mirrorlist, respectively, to the new root.
2012-09-15 23:46:48 +08:00
copykeyring=1
pacstrap: add option '-K' to initialize an empty keyring in the new root
2022-08-20 02:04:41 +08:00
initkeyring=0
pacstrap: add options to inhibit copying settings Add -G and -M which tells pacstrap to avoid copying pacman's gnupg.d directory and mirrorlist, respectively, to the new root.
2012-09-15 23:46:48 +08:00
copymirrorlist=1
pacstrap: add option '-D' to skip pacman dependency checks Closes #19
2022-10-25 16:58:47 +08:00
pacman_args=()
pacstrap: support local file mode Allow passing files to the underlying pacman command, instead of relying on the syncdb. This allows fine-grained control over the package files to be installed, which can be useful when initializing a build chroot for reproducible builds.
2019-08-06 12:22:35 +08:00
pacmode=-Sy
Add unshare mode to pacstrap This adds an "unshare" mode to pacstrap. This mode lets a regular user create a new arch root filesystem. We use -N because both -U and -u are taken in pacstrap and arch-chroot, respectively. There are two major changes to pacstrap: we need to run many commands in under unshare, and the setup process for mounts is different. Because unshare starts a new shell, it is difficult to run many commands in sequence. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. This is pretty convenient. An alternative method would be to generate the shell script as a HERE document, and pipe it to bash. Because unshare starts a new shell, we can only communicate using stdin/out and any command line arguments. And we need to defer some setup until after we are root. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. I also considered having a separate helper script which would contain the contents of pacstrap(). But I think this would be confusing, because the logic would then live in a separate file (instead of just a separate function). That method is also tricky because every variable has to be passed in through the command-line arguments. One last method would be to generate a script on the fly (e.g. using a HERE doc). I think that method could work as well. The primary difference to the setup process is that we need to mount filesystems in a different manner: - We bind-mount the root directory. This is so commands which want to determine how much free space there is (or otherwise work with mounts) expect a mount on /. We unmount it with --lazy, since otherwise sys will cause an error (see below). - proc can be mounted multiple times and is mounted in the same way - sys cannot be mounted again, but we can recursively bind-mount it. When mounted this way, we can't unmount it until the mount namespace is deleted (likely because sys has a number of sub-mounts), so we have to use --lazy when unmounting it. - dev can be bind-mounted, but this results in errors because some packages try and modify files in /dev if they exist. Since we don't have permission to do that on the host system, this fails. Instead, we just bind-mount a minimal set of files. - run is not bind-mounted, but is instead created as a new tmpfs. According to aea51ba ("Bind mount /run from host into new root"), the reason this was done was to avoid lengthy timeouts when scanning for lvm devices. Because unshare does not (and cannot) use lvm devices, we don't need to bind-mount. - tmp is created as usual. Closes: #8
2021-10-18 05:13:31 +08:00
setup=chroot_setup
Use separate pid namespace for worker processes As described in 2be79c6 ("run the chroot in a new PID namespace"), child processes can hang around and keep various files open. This may prevent filesystems from being unmounted (as they are still in-use). When adding unshare mode, I did not quite understand this distinction (and I wasn't testing with e.g. gnupg) so I didn't catch this. Fix this by always using unshare to create a second pid namespace for "worker" processes. This ensures that all children are dead when we start unmounting things. As the top-level unshare is no longer always necessary, convert the unshare variable to a binary value. Fixes: ee9db7d ("Add unshare mode to pacstrap") Closes: #21
2022-07-28 22:02:31 +08:00
unshare=0
pacstrap: add option '-P' to copy the host's pacman config to the target
2022-10-22 20:40:35 +08:00
copyconf=0
pacman_config=/etc/pacman.conf
initial commit
2012-06-18 03:17:10 +08:00
pacstrap: move include_m4 after the globals After the m4 substitution, the globals end up mixed misc functions. Just keep them at the top for legibility. Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
2023-03-27 00:57:04 +08:00
m4_include(common)
add proper help/usage for tools
2012-06-18 05:52:39 +08:00
usage() {
cat <<EOF
enforce user-specified root directory Remove the -r option, forcing the user to explicitly pass a root directory. This removes some confusion wherein we set defaults, but wouldn't allow all the defaults to be accepted. This also adds some mild documentation to the help output for genfstab and pacstrap.
2012-07-15 22:04:49 +08:00
usage: ${0##*/} [options] root [packages...]
add proper help/usage for tools
2012-06-18 05:52:39 +08:00
Options:
consistently use -v <val> for help text descriptions
2019-06-06 03:26:49 +08:00
-C <config> Use an alternate config file for pacman
pacstrap: store cache on target system by default However, add a '-c' switch to use the host cache instead. The default is useful for when installing a system from an install media (which has possibly constrained storage), but the '-c' switch is useful when e.g. creating build-chroots. I considered doing this the other way around ('-c' being the default). However, I think it makes sense to default to the expected behavior for install both because a new user is less likely to know that they need to add a switch, and because the errormessage they'd get when they run out of space/memory is nonsensical and would cause lots of annoying questions. [dave: use proper array addition, nuke readlink, use arithmetic flag] Signed-off-by: Tom Gundersen <teg@jklm.no>
2012-06-23 01:14:09 +08:00
-c Use the package cache on the host, rather than the target
pacstrap: add option '-D' to skip pacman dependency checks Closes #19
2022-10-25 16:58:47 +08:00
-D Skip pacman dependency checks
pacstrap: add options to inhibit copying settings Add -G and -M which tells pacstrap to avoid copying pacman's gnupg.d directory and mirrorlist, respectively, to the new root.
2012-09-15 23:46:48 +08:00
-G Avoid copying the host's pacman keyring to the target
Clarify that -i means run interactively ref: https://bugs.archlinux.org/task/60096
2019-01-06 00:19:30 +08:00
-i Prompt for package confirmation when needed (run interactively)
pacstrap: add option '-K' to initialize an empty keyring in the new root
2022-08-20 02:04:41 +08:00
-K Initialize an empty pacman keyring in the target (implies '-G')
pacstrap: add options to inhibit copying settings Add -G and -M which tells pacstrap to avoid copying pacman's gnupg.d directory and mirrorlist, respectively, to the new root.
2012-09-15 23:46:48 +08:00
-M Avoid copying the host's mirrorlist to the target
Add unshare mode to pacstrap This adds an "unshare" mode to pacstrap. This mode lets a regular user create a new arch root filesystem. We use -N because both -U and -u are taken in pacstrap and arch-chroot, respectively. There are two major changes to pacstrap: we need to run many commands in under unshare, and the setup process for mounts is different. Because unshare starts a new shell, it is difficult to run many commands in sequence. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. This is pretty convenient. An alternative method would be to generate the shell script as a HERE document, and pipe it to bash. Because unshare starts a new shell, we can only communicate using stdin/out and any command line arguments. And we need to defer some setup until after we are root. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. I also considered having a separate helper script which would contain the contents of pacstrap(). But I think this would be confusing, because the logic would then live in a separate file (instead of just a separate function). That method is also tricky because every variable has to be passed in through the command-line arguments. One last method would be to generate a script on the fly (e.g. using a HERE doc). I think that method could work as well. The primary difference to the setup process is that we need to mount filesystems in a different manner: - We bind-mount the root directory. This is so commands which want to determine how much free space there is (or otherwise work with mounts) expect a mount on /. We unmount it with --lazy, since otherwise sys will cause an error (see below). - proc can be mounted multiple times and is mounted in the same way - sys cannot be mounted again, but we can recursively bind-mount it. When mounted this way, we can't unmount it until the mount namespace is deleted (likely because sys has a number of sub-mounts), so we have to use --lazy when unmounting it. - dev can be bind-mounted, but this results in errors because some packages try and modify files in /dev if they exist. Since we don't have permission to do that on the host system, this fails. Instead, we just bind-mount a minimal set of files. - run is not bind-mounted, but is instead created as a new tmpfs. According to aea51ba ("Bind mount /run from host into new root"), the reason this was done was to avoid lengthy timeouts when scanning for lvm devices. Because unshare does not (and cannot) use lvm devices, we don't need to bind-mount. - tmp is created as usual. Closes: #8
2021-10-18 05:13:31 +08:00
-N Run in unshare mode as a regular user
pacstrap: add option '-P' to copy the host's pacman config to the target
2022-10-22 20:40:35 +08:00
-P Copy the host's pacman config to the target
pacstrap: support local file mode Allow passing files to the underlying pacman command, instead of relying on the syncdb. This allows fine-grained control over the package files to be installed, which can be useful when initializing a build chroot for reproducible builds.
2019-08-06 12:22:35 +08:00
-U Use pacman -U to install packages
enforce user-specified root directory Remove the -r option, forcing the user to explicitly pass a root directory. This removes some confusion wherein we set defaults, but wouldn't allow all the defaults to be accepted. This also adds some mild documentation to the help output for genfstab and pacstrap.
2012-07-15 22:04:49 +08:00
add the -h option to the usage
2012-11-13 10:00:09 +08:00
-h Print this help message
enforce user-specified root directory Remove the -r option, forcing the user to explicitly pass a root directory. This removes some confusion wherein we set defaults, but wouldn't allow all the defaults to be accepted. This also adds some mild documentation to the help output for genfstab and pacstrap.
2012-07-15 22:04:49 +08:00
pacstrap installs packages to the specified new root directory. If no packages
are given, pacstrap defaults to the "base" group.
add proper help/usage for tools
2012-06-18 05:52:39 +08:00
EOF
}
if [[ -z $1 || $1 = @(-h|--help) ]]; then
usage
exit $(( $# ? 0 : 1 ))
fi
pacstrap: add option '-D' to skip pacman dependency checks Closes #19
2022-10-25 16:58:47 +08:00
while getopts ':C:cDGiKMNPU' flag; do
initial commit
2012-06-18 03:17:10 +08:00
case $flag in
pacstrap: add -C option for using an alternate config I grappled with the inability of pacstrap to do this while trying to setup an i686 chroot for myself based on a pacman config from devtools, rather than my own config which bombs on a "missing" multilib repo.
2012-10-04 10:55:49 +08:00
C)
pacman_config=$OPTARG
;;
pacstrap: add option '-D' to skip pacman dependency checks Closes #19
2022-10-25 16:58:47 +08:00
D)
pacman_args+=(-dd)
;;
pacstrap: store cache on target system by default However, add a '-c' switch to use the host cache instead. The default is useful for when installing a system from an install media (which has possibly constrained storage), but the '-c' switch is useful when e.g. creating build-chroots. I considered doing this the other way around ('-c' being the default). However, I think it makes sense to default to the expected behavior for install both because a new user is less likely to know that they need to add a switch, and because the errormessage they'd get when they run out of space/memory is nonsensical and would cause lots of annoying questions. [dave: use proper array addition, nuke readlink, use arithmetic flag] Signed-off-by: Tom Gundersen <teg@jklm.no>
2012-06-23 01:14:09 +08:00
c)
reverse default and set values for hostcache option
2012-07-14 21:33:46 +08:00
hostcache=1
pacstrap: store cache on target system by default However, add a '-c' switch to use the host cache instead. The default is useful for when installing a system from an install media (which has possibly constrained storage), but the '-c' switch is useful when e.g. creating build-chroots. I considered doing this the other way around ('-c' being the default). However, I think it makes sense to default to the expected behavior for install both because a new user is less likely to know that they need to add a switch, and because the errormessage they'd get when they run out of space/memory is nonsensical and would cause lots of annoying questions. [dave: use proper array addition, nuke readlink, use arithmetic flag] Signed-off-by: Tom Gundersen <teg@jklm.no>
2012-06-23 01:14:09 +08:00
;;
allow turning off --noconfirm use -i (interactive) to allow for choosing packages from groups [dave: alter option description]
2012-07-27 07:57:11 +08:00
i)
interactive=1
;;
pacstrap: add options to inhibit copying settings Add -G and -M which tells pacstrap to avoid copying pacman's gnupg.d directory and mirrorlist, respectively, to the new root.
2012-09-15 23:46:48 +08:00
G)
copykeyring=0
;;
pacstrap: add option '-K' to initialize an empty keyring in the new root
2022-08-20 02:04:41 +08:00
K)
initkeyring=1
;;
pacstrap: add options to inhibit copying settings Add -G and -M which tells pacstrap to avoid copying pacman's gnupg.d directory and mirrorlist, respectively, to the new root.
2012-09-15 23:46:48 +08:00
M)
copymirrorlist=0
;;
Add unshare mode to pacstrap This adds an "unshare" mode to pacstrap. This mode lets a regular user create a new arch root filesystem. We use -N because both -U and -u are taken in pacstrap and arch-chroot, respectively. There are two major changes to pacstrap: we need to run many commands in under unshare, and the setup process for mounts is different. Because unshare starts a new shell, it is difficult to run many commands in sequence. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. This is pretty convenient. An alternative method would be to generate the shell script as a HERE document, and pipe it to bash. Because unshare starts a new shell, we can only communicate using stdin/out and any command line arguments. And we need to defer some setup until after we are root. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. I also considered having a separate helper script which would contain the contents of pacstrap(). But I think this would be confusing, because the logic would then live in a separate file (instead of just a separate function). That method is also tricky because every variable has to be passed in through the command-line arguments. One last method would be to generate a script on the fly (e.g. using a HERE doc). I think that method could work as well. The primary difference to the setup process is that we need to mount filesystems in a different manner: - We bind-mount the root directory. This is so commands which want to determine how much free space there is (or otherwise work with mounts) expect a mount on /. We unmount it with --lazy, since otherwise sys will cause an error (see below). - proc can be mounted multiple times and is mounted in the same way - sys cannot be mounted again, but we can recursively bind-mount it. When mounted this way, we can't unmount it until the mount namespace is deleted (likely because sys has a number of sub-mounts), so we have to use --lazy when unmounting it. - dev can be bind-mounted, but this results in errors because some packages try and modify files in /dev if they exist. Since we don't have permission to do that on the host system, this fails. Instead, we just bind-mount a minimal set of files. - run is not bind-mounted, but is instead created as a new tmpfs. According to aea51ba ("Bind mount /run from host into new root"), the reason this was done was to avoid lengthy timeouts when scanning for lvm devices. Because unshare does not (and cannot) use lvm devices, we don't need to bind-mount. - tmp is created as usual. Closes: #8
2021-10-18 05:13:31 +08:00
N)
setup=unshare_setup
Use separate pid namespace for worker processes As described in 2be79c6 ("run the chroot in a new PID namespace"), child processes can hang around and keep various files open. This may prevent filesystems from being unmounted (as they are still in-use). When adding unshare mode, I did not quite understand this distinction (and I wasn't testing with e.g. gnupg) so I didn't catch this. Fix this by always using unshare to create a second pid namespace for "worker" processes. This ensures that all children are dead when we start unmounting things. As the top-level unshare is no longer always necessary, convert the unshare variable to a binary value. Fixes: ee9db7d ("Add unshare mode to pacstrap") Closes: #21
2022-07-28 22:02:31 +08:00
unshare=1
Add unshare mode to pacstrap This adds an "unshare" mode to pacstrap. This mode lets a regular user create a new arch root filesystem. We use -N because both -U and -u are taken in pacstrap and arch-chroot, respectively. There are two major changes to pacstrap: we need to run many commands in under unshare, and the setup process for mounts is different. Because unshare starts a new shell, it is difficult to run many commands in sequence. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. This is pretty convenient. An alternative method would be to generate the shell script as a HERE document, and pipe it to bash. Because unshare starts a new shell, we can only communicate using stdin/out and any command line arguments. And we need to defer some setup until after we are root. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. I also considered having a separate helper script which would contain the contents of pacstrap(). But I think this would be confusing, because the logic would then live in a separate file (instead of just a separate function). That method is also tricky because every variable has to be passed in through the command-line arguments. One last method would be to generate a script on the fly (e.g. using a HERE doc). I think that method could work as well. The primary difference to the setup process is that we need to mount filesystems in a different manner: - We bind-mount the root directory. This is so commands which want to determine how much free space there is (or otherwise work with mounts) expect a mount on /. We unmount it with --lazy, since otherwise sys will cause an error (see below). - proc can be mounted multiple times and is mounted in the same way - sys cannot be mounted again, but we can recursively bind-mount it. When mounted this way, we can't unmount it until the mount namespace is deleted (likely because sys has a number of sub-mounts), so we have to use --lazy when unmounting it. - dev can be bind-mounted, but this results in errors because some packages try and modify files in /dev if they exist. Since we don't have permission to do that on the host system, this fails. Instead, we just bind-mount a minimal set of files. - run is not bind-mounted, but is instead created as a new tmpfs. According to aea51ba ("Bind mount /run from host into new root"), the reason this was done was to avoid lengthy timeouts when scanning for lvm devices. Because unshare does not (and cannot) use lvm devices, we don't need to bind-mount. - tmp is created as usual. Closes: #8
2021-10-18 05:13:31 +08:00
;;
pacstrap: add option '-P' to copy the host's pacman config to the target
2022-10-22 20:40:35 +08:00
P)
copyconf=1
;;
pacstrap: support local file mode Allow passing files to the underlying pacman command, instead of relying on the syncdb. This allows fine-grained control over the package files to be installed, which can be useful when initializing a build chroot for reproducible builds.
2019-08-06 12:22:35 +08:00
U)
pacmode=-U
;;
properly error on options missing an optarg
2012-06-18 22:05:40 +08:00
:)
die '%s: option requires an argument -- '\''%s'\' "${0##*/}" "$OPTARG"
;;
initial commit
2012-06-18 03:17:10 +08:00
?)
die '%s: invalid option -- '\''%s'\' "${0##*/}" "$OPTARG"
;;
esac
done
shift $(( OPTIND - 1 ))
enforce user-specified root directory Remove the -r option, forcing the user to explicitly pass a root directory. This removes some confusion wherein we set defaults, but wouldn't allow all the defaults to be accepted. This also adds some mild documentation to the help output for genfstab and pacstrap.
2012-07-15 22:04:49 +08:00
(( $# )) || die "No root directory specified"
newroot=$1; shift
pacstrap: add option '-D' to skip pacman dependency checks Closes #19
2022-10-25 16:58:47 +08:00
pacman_args+=("$pacmode" "${@:-base}" --config="$pacman_config")
pacstrap: store cache on target system by default However, add a '-c' switch to use the host cache instead. The default is useful for when installing a system from an install media (which has possibly constrained storage), but the '-c' switch is useful when e.g. creating build-chroots. I considered doing this the other way around ('-c' being the default). However, I think it makes sense to default to the expected behavior for install both because a new user is less likely to know that they need to add a switch, and because the errormessage they'd get when they run out of space/memory is nonsensical and would cause lots of annoying questions. [dave: use proper array addition, nuke readlink, use arithmetic flag] Signed-off-by: Tom Gundersen <teg@jklm.no>
2012-06-23 01:14:09 +08:00
if (( ! hostcache )); then
pacman_args+=(--cachedir="$newroot/var/cache/pacman/pkg")
initial commit
2012-06-18 03:17:10 +08:00
fi
allow turning off --noconfirm use -i (interactive) to allow for choosing packages from groups [dave: alter option description]
2012-07-27 07:57:11 +08:00
if (( ! interactive )); then
pacman_args+=(--noconfirm)
fi
pacstrap: add -d option to allow install to non-mount
2012-06-18 11:45:46 +08:00
[[ -d $newroot ]] || die "%s is not a directory" "$newroot"
initial commit
2012-06-18 03:17:10 +08:00
Add unshare mode to pacstrap This adds an "unshare" mode to pacstrap. This mode lets a regular user create a new arch root filesystem. We use -N because both -U and -u are taken in pacstrap and arch-chroot, respectively. There are two major changes to pacstrap: we need to run many commands in under unshare, and the setup process for mounts is different. Because unshare starts a new shell, it is difficult to run many commands in sequence. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. This is pretty convenient. An alternative method would be to generate the shell script as a HERE document, and pipe it to bash. Because unshare starts a new shell, we can only communicate using stdin/out and any command line arguments. And we need to defer some setup until after we are root. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. I also considered having a separate helper script which would contain the contents of pacstrap(). But I think this would be confusing, because the logic would then live in a separate file (instead of just a separate function). That method is also tricky because every variable has to be passed in through the command-line arguments. One last method would be to generate a script on the fly (e.g. using a HERE doc). I think that method could work as well. The primary difference to the setup process is that we need to mount filesystems in a different manner: - We bind-mount the root directory. This is so commands which want to determine how much free space there is (or otherwise work with mounts) expect a mount on /. We unmount it with --lazy, since otherwise sys will cause an error (see below). - proc can be mounted multiple times and is mounted in the same way - sys cannot be mounted again, but we can recursively bind-mount it. When mounted this way, we can't unmount it until the mount namespace is deleted (likely because sys has a number of sub-mounts), so we have to use --lazy when unmounting it. - dev can be bind-mounted, but this results in errors because some packages try and modify files in /dev if they exist. Since we don't have permission to do that on the host system, this fails. Instead, we just bind-mount a minimal set of files. - run is not bind-mounted, but is instead created as a new tmpfs. According to aea51ba ("Bind mount /run from host into new root"), the reason this was done was to avoid lengthy timeouts when scanning for lvm devices. Because unshare does not (and cannot) use lvm devices, we don't need to bind-mount. - tmp is created as usual. Closes: #8
2021-10-18 05:13:31 +08:00
pacstrap() {
(( EUID == 0 )) || die 'This script must be run with root privileges'
# create obligatory directories
msg 'Creating install root at %s' "$newroot"
mkdir -m 0755 -p "$newroot"/var/{cache/pacman/pkg,lib/pacman,log} "$newroot"/{dev,run,etc/pacman.d}
mkdir -m 1777 -p "$newroot"/tmp
mkdir -m 0555 -p "$newroot"/{sys,proc}
initial commit
2012-06-18 03:17:10 +08:00
Add unshare mode to pacstrap This adds an "unshare" mode to pacstrap. This mode lets a regular user create a new arch root filesystem. We use -N because both -U and -u are taken in pacstrap and arch-chroot, respectively. There are two major changes to pacstrap: we need to run many commands in under unshare, and the setup process for mounts is different. Because unshare starts a new shell, it is difficult to run many commands in sequence. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. This is pretty convenient. An alternative method would be to generate the shell script as a HERE document, and pipe it to bash. Because unshare starts a new shell, we can only communicate using stdin/out and any command line arguments. And we need to defer some setup until after we are root. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. I also considered having a separate helper script which would contain the contents of pacstrap(). But I think this would be confusing, because the logic would then live in a separate file (instead of just a separate function). That method is also tricky because every variable has to be passed in through the command-line arguments. One last method would be to generate a script on the fly (e.g. using a HERE doc). I think that method could work as well. The primary difference to the setup process is that we need to mount filesystems in a different manner: - We bind-mount the root directory. This is so commands which want to determine how much free space there is (or otherwise work with mounts) expect a mount on /. We unmount it with --lazy, since otherwise sys will cause an error (see below). - proc can be mounted multiple times and is mounted in the same way - sys cannot be mounted again, but we can recursively bind-mount it. When mounted this way, we can't unmount it until the mount namespace is deleted (likely because sys has a number of sub-mounts), so we have to use --lazy when unmounting it. - dev can be bind-mounted, but this results in errors because some packages try and modify files in /dev if they exist. Since we don't have permission to do that on the host system, this fails. Instead, we just bind-mount a minimal set of files. - run is not bind-mounted, but is instead created as a new tmpfs. According to aea51ba ("Bind mount /run from host into new root"), the reason this was done was to avoid lengthy timeouts when scanning for lvm devices. Because unshare does not (and cannot) use lvm devices, we don't need to bind-mount. - tmp is created as usual. Closes: #8
2021-10-18 05:13:31 +08:00
# mount API filesystems
$setup "$newroot" || die "failed to setup chroot %s" "$newroot"
call umount as a trap handler
2012-06-18 03:27:38 +08:00
pacstrap: add option '-K' to initialize an empty keyring in the new root
2022-08-20 02:04:41 +08:00
if [[ ! -d $newroot/etc/pacman.d/gnupg ]]; then
if (( initkeyring )); then
pacman-key --gpgdir "$newroot"/etc/pacman.d/gnupg --init
elif (( copykeyring )) && [[ -d /etc/pacman.d/gnupg ]]; then
# if there's a keyring on the host, copy it into the new root
Add unshare mode to pacstrap This adds an "unshare" mode to pacstrap. This mode lets a regular user create a new arch root filesystem. We use -N because both -U and -u are taken in pacstrap and arch-chroot, respectively. There are two major changes to pacstrap: we need to run many commands in under unshare, and the setup process for mounts is different. Because unshare starts a new shell, it is difficult to run many commands in sequence. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. This is pretty convenient. An alternative method would be to generate the shell script as a HERE document, and pipe it to bash. Because unshare starts a new shell, we can only communicate using stdin/out and any command line arguments. And we need to defer some setup until after we are root. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. I also considered having a separate helper script which would contain the contents of pacstrap(). But I think this would be confusing, because the logic would then live in a separate file (instead of just a separate function). That method is also tricky because every variable has to be passed in through the command-line arguments. One last method would be to generate a script on the fly (e.g. using a HERE doc). I think that method could work as well. The primary difference to the setup process is that we need to mount filesystems in a different manner: - We bind-mount the root directory. This is so commands which want to determine how much free space there is (or otherwise work with mounts) expect a mount on /. We unmount it with --lazy, since otherwise sys will cause an error (see below). - proc can be mounted multiple times and is mounted in the same way - sys cannot be mounted again, but we can recursively bind-mount it. When mounted this way, we can't unmount it until the mount namespace is deleted (likely because sys has a number of sub-mounts), so we have to use --lazy when unmounting it. - dev can be bind-mounted, but this results in errors because some packages try and modify files in /dev if they exist. Since we don't have permission to do that on the host system, this fails. Instead, we just bind-mount a minimal set of files. - run is not bind-mounted, but is instead created as a new tmpfs. According to aea51ba ("Bind mount /run from host into new root"), the reason this was done was to avoid lengthy timeouts when scanning for lvm devices. Because unshare does not (and cannot) use lvm devices, we don't need to bind-mount. - tmp is created as usual. Closes: #8
2021-10-18 05:13:31 +08:00
cp -a --no-preserve=ownership /etc/pacman.d/gnupg "$newroot/etc/pacman.d/"
fi
pacstrap: add options to inhibit copying settings Add -G and -M which tells pacstrap to avoid copying pacman's gnupg.d directory and mirrorlist, respectively, to the new root.
2012-09-15 23:46:48 +08:00
fi
initial commit
2012-06-18 03:17:10 +08:00
Add unshare mode to pacstrap This adds an "unshare" mode to pacstrap. This mode lets a regular user create a new arch root filesystem. We use -N because both -U and -u are taken in pacstrap and arch-chroot, respectively. There are two major changes to pacstrap: we need to run many commands in under unshare, and the setup process for mounts is different. Because unshare starts a new shell, it is difficult to run many commands in sequence. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. This is pretty convenient. An alternative method would be to generate the shell script as a HERE document, and pipe it to bash. Because unshare starts a new shell, we can only communicate using stdin/out and any command line arguments. And we need to defer some setup until after we are root. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. I also considered having a separate helper script which would contain the contents of pacstrap(). But I think this would be confusing, because the logic would then live in a separate file (instead of just a separate function). That method is also tricky because every variable has to be passed in through the command-line arguments. One last method would be to generate a script on the fly (e.g. using a HERE doc). I think that method could work as well. The primary difference to the setup process is that we need to mount filesystems in a different manner: - We bind-mount the root directory. This is so commands which want to determine how much free space there is (or otherwise work with mounts) expect a mount on /. We unmount it with --lazy, since otherwise sys will cause an error (see below). - proc can be mounted multiple times and is mounted in the same way - sys cannot be mounted again, but we can recursively bind-mount it. When mounted this way, we can't unmount it until the mount namespace is deleted (likely because sys has a number of sub-mounts), so we have to use --lazy when unmounting it. - dev can be bind-mounted, but this results in errors because some packages try and modify files in /dev if they exist. Since we don't have permission to do that on the host system, this fails. Instead, we just bind-mount a minimal set of files. - run is not bind-mounted, but is instead created as a new tmpfs. According to aea51ba ("Bind mount /run from host into new root"), the reason this was done was to avoid lengthy timeouts when scanning for lvm devices. Because unshare does not (and cannot) use lvm devices, we don't need to bind-mount. - tmp is created as usual. Closes: #8
2021-10-18 05:13:31 +08:00
msg 'Installing packages to %s' "$newroot"
pacstrap: add option '-D' to skip pacman dependency checks Closes #19
2022-10-25 16:58:47 +08:00
if ! $pid_unshare pacman -r "$newroot" "${pacman_args[@]}"; then
Add unshare mode to pacstrap This adds an "unshare" mode to pacstrap. This mode lets a regular user create a new arch root filesystem. We use -N because both -U and -u are taken in pacstrap and arch-chroot, respectively. There are two major changes to pacstrap: we need to run many commands in under unshare, and the setup process for mounts is different. Because unshare starts a new shell, it is difficult to run many commands in sequence. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. This is pretty convenient. An alternative method would be to generate the shell script as a HERE document, and pipe it to bash. Because unshare starts a new shell, we can only communicate using stdin/out and any command line arguments. And we need to defer some setup until after we are root. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. I also considered having a separate helper script which would contain the contents of pacstrap(). But I think this would be confusing, because the logic would then live in a separate file (instead of just a separate function). That method is also tricky because every variable has to be passed in through the command-line arguments. One last method would be to generate a script on the fly (e.g. using a HERE doc). I think that method could work as well. The primary difference to the setup process is that we need to mount filesystems in a different manner: - We bind-mount the root directory. This is so commands which want to determine how much free space there is (or otherwise work with mounts) expect a mount on /. We unmount it with --lazy, since otherwise sys will cause an error (see below). - proc can be mounted multiple times and is mounted in the same way - sys cannot be mounted again, but we can recursively bind-mount it. When mounted this way, we can't unmount it until the mount namespace is deleted (likely because sys has a number of sub-mounts), so we have to use --lazy when unmounting it. - dev can be bind-mounted, but this results in errors because some packages try and modify files in /dev if they exist. Since we don't have permission to do that on the host system, this fails. Instead, we just bind-mount a minimal set of files. - run is not bind-mounted, but is instead created as a new tmpfs. According to aea51ba ("Bind mount /run from host into new root"), the reason this was done was to avoid lengthy timeouts when scanning for lvm devices. Because unshare does not (and cannot) use lvm devices, we don't need to bind-mount. - tmp is created as usual. Closes: #8
2021-10-18 05:13:31 +08:00
die 'Failed to install packages to new root'
fi
pacstrap: try to copy the host keyring before installing packages When there is no keyring in the new root, attempting to install e.g. archlinux-keyring will result in the post-install script silently failing to do anything (because there are no keys, and, critically, no secret keys). The potentially very outdated keyring is then copied over from the host, secret key and all, so subsequent pacman operations have a trusted keyring that is at least as recent as the ISO or other host system... but if there has been a keyring update between the date of the ISO creation and the date of the install, those keys will continue to be missing until the next keyring update, resulting in a bad out-of-the-box experience. This also means that if a thirdparty keyring package was scheduled to be installed, it will not be populated at all; this affects downstream archlinux32 build chroots. There's no reason to delay this until after packages are installed -- we aren't afraid of e.g. the mirrorlist resulting in file conflicts due to a packaged pacman-mirrorlist, because the gnupg configuration should not be getting packaged directly. Fixes FS#61296 FS#61304 FS#61309 FS#61312 FS#62355
2018-12-05 06:32:50 +08:00
Add unshare mode to pacstrap This adds an "unshare" mode to pacstrap. This mode lets a regular user create a new arch root filesystem. We use -N because both -U and -u are taken in pacstrap and arch-chroot, respectively. There are two major changes to pacstrap: we need to run many commands in under unshare, and the setup process for mounts is different. Because unshare starts a new shell, it is difficult to run many commands in sequence. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. This is pretty convenient. An alternative method would be to generate the shell script as a HERE document, and pipe it to bash. Because unshare starts a new shell, we can only communicate using stdin/out and any command line arguments. And we need to defer some setup until after we are root. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. I also considered having a separate helper script which would contain the contents of pacstrap(). But I think this would be confusing, because the logic would then live in a separate file (instead of just a separate function). That method is also tricky because every variable has to be passed in through the command-line arguments. One last method would be to generate a script on the fly (e.g. using a HERE doc). I think that method could work as well. The primary difference to the setup process is that we need to mount filesystems in a different manner: - We bind-mount the root directory. This is so commands which want to determine how much free space there is (or otherwise work with mounts) expect a mount on /. We unmount it with --lazy, since otherwise sys will cause an error (see below). - proc can be mounted multiple times and is mounted in the same way - sys cannot be mounted again, but we can recursively bind-mount it. When mounted this way, we can't unmount it until the mount namespace is deleted (likely because sys has a number of sub-mounts), so we have to use --lazy when unmounting it. - dev can be bind-mounted, but this results in errors because some packages try and modify files in /dev if they exist. Since we don't have permission to do that on the host system, this fails. Instead, we just bind-mount a minimal set of files. - run is not bind-mounted, but is instead created as a new tmpfs. According to aea51ba ("Bind mount /run from host into new root"), the reason this was done was to avoid lengthy timeouts when scanning for lvm devices. Because unshare does not (and cannot) use lvm devices, we don't need to bind-mount. - tmp is created as usual. Closes: #8
2021-10-18 05:13:31 +08:00
if (( copymirrorlist )); then
# install the host's mirrorlist onto the new root
cp -a /etc/pacman.d/mirrorlist "$newroot/etc/pacman.d/"
fi
pacstrap: add option '-P' to copy the host's pacman config to the target
2022-10-22 20:40:35 +08:00
if (( copyconf )); then
cp -a "$pacman_config" "$newroot/etc/pacman.conf"
fi
Add unshare mode to pacstrap This adds an "unshare" mode to pacstrap. This mode lets a regular user create a new arch root filesystem. We use -N because both -U and -u are taken in pacstrap and arch-chroot, respectively. There are two major changes to pacstrap: we need to run many commands in under unshare, and the setup process for mounts is different. Because unshare starts a new shell, it is difficult to run many commands in sequence. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. This is pretty convenient. An alternative method would be to generate the shell script as a HERE document, and pipe it to bash. Because unshare starts a new shell, we can only communicate using stdin/out and any command line arguments. And we need to defer some setup until after we are root. To get around this, we create a function for the rest of the commands we wish to run, and then declare all functions and variables in the unshare'd shell. I also considered having a separate helper script which would contain the contents of pacstrap(). But I think this would be confusing, because the logic would then live in a separate file (instead of just a separate function). That method is also tricky because every variable has to be passed in through the command-line arguments. One last method would be to generate a script on the fly (e.g. using a HERE doc). I think that method could work as well. The primary difference to the setup process is that we need to mount filesystems in a different manner: - We bind-mount the root directory. This is so commands which want to determine how much free space there is (or otherwise work with mounts) expect a mount on /. We unmount it with --lazy, since otherwise sys will cause an error (see below). - proc can be mounted multiple times and is mounted in the same way - sys cannot be mounted again, but we can recursively bind-mount it. When mounted this way, we can't unmount it until the mount namespace is deleted (likely because sys has a number of sub-mounts), so we have to use --lazy when unmounting it. - dev can be bind-mounted, but this results in errors because some packages try and modify files in /dev if they exist. Since we don't have permission to do that on the host system, this fails. Instead, we just bind-mount a minimal set of files. - run is not bind-mounted, but is instead created as a new tmpfs. According to aea51ba ("Bind mount /run from host into new root"), the reason this was done was to avoid lengthy timeouts when scanning for lvm devices. Because unshare does not (and cannot) use lvm devices, we don't need to bind-mount. - tmp is created as usual. Closes: #8
2021-10-18 05:13:31 +08:00
}
Use separate pid namespace for worker processes As described in 2be79c6 ("run the chroot in a new PID namespace"), child processes can hang around and keep various files open. This may prevent filesystems from being unmounted (as they are still in-use). When adding unshare mode, I did not quite understand this distinction (and I wasn't testing with e.g. gnupg) so I didn't catch this. Fix this by always using unshare to create a second pid namespace for "worker" processes. This ensures that all children are dead when we start unmounting things. As the top-level unshare is no longer always necessary, convert the unshare variable to a binary value. Fixes: ee9db7d ("Add unshare mode to pacstrap") Closes: #21
2022-07-28 22:02:31 +08:00
if (( unshare )); then
$mount_unshare bash -c "$(declare_all); pacstrap"
else
pacstrap
fi
pacstrap: copy the mirrorlist from the host to the new root This would overwrite an existing mirrorlist, but the one at the host is known to be good at this point, so the loss is minimal. Signed-off-by: Tom Gundersen <teg@jklm.no>
2012-06-20 02:34:01 +08:00
fix typo in array name
2012-06-18 04:05:18 +08:00
# vim: et ts=2 sw=2 ft=sh:
Reference in New Issue Copy Permalink