Shellcheck warns that only the deepest directory created will have the
requested permissions. That's fine - this is exactly what we want.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
After the m4 substitution, the globals end up mixed misc functions.
Just keep them at the top for legibility.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
As described in 2be79c6 ("run the chroot in a new PID namespace"), child
processes can hang around and keep various files open. This may prevent
filesystems from being unmounted (as they are still in-use).
When adding unshare mode, I did not quite understand this distinction
(and I wasn't testing with e.g. gnupg) so I didn't catch this. Fix this
by always using unshare to create a second pid namespace for "worker"
processes. This ensures that all children are dead when we start
unmounting things. As the top-level unshare is no longer always
necessary, convert the unshare variable to a binary value.
Fixes: ee9db7d ("Add unshare mode to pacstrap")
Closes: #21
This adds an "unshare" mode to pacstrap. This mode lets a regular user
create a new arch root filesystem. We use -N because both -U and -u are
taken in pacstrap and arch-chroot, respectively. There are two major
changes to pacstrap: we need to run many commands in under unshare, and
the setup process for mounts is different.
Because unshare starts a new shell, it is difficult to run many commands
in sequence. To get around this, we create a function for the rest of
the commands we wish to run, and then declare all functions and
variables in the unshare'd shell. This is pretty convenient. An
alternative method would be to generate the shell script as a HERE
document, and pipe it to bash.
Because unshare starts a new shell, we can only communicate using
stdin/out and any command line arguments. And we need to defer some
setup until after we are root. To get around this, we create a function
for the rest of the commands we wish to run, and then declare all
functions and variables in the unshare'd shell. I also considered having
a separate helper script which would contain the contents of pacstrap().
But I think this would be confusing, because the logic would then live
in a separate file (instead of just a separate function). That method is
also tricky because every variable has to be passed in through the
command-line arguments. One last method would be to generate a script on
the fly (e.g. using a HERE doc). I think that method could work as well.
The primary difference to the setup process is that we need to mount
filesystems in a different manner:
- We bind-mount the root directory. This is so commands which want to
determine how much free space there is (or otherwise work with mounts)
expect a mount on /. We unmount it with --lazy, since otherwise sys
will cause an error (see below).
- proc can be mounted multiple times and is mounted in the same way
- sys cannot be mounted again, but we can recursively bind-mount it.
When mounted this way, we can't unmount it until the mount namespace
is deleted (likely because sys has a number of sub-mounts), so we have
to use --lazy when unmounting it.
- dev can be bind-mounted, but this results in errors because some
packages try and modify files in /dev if they exist. Since we don't
have permission to do that on the host system, this fails. Instead, we
just bind-mount a minimal set of files.
- run is not bind-mounted, but is instead created as a new tmpfs.
According to aea51ba ("Bind mount /run from host into new root"), the
reason this was done was to avoid lengthy timeouts when scanning for
lvm devices. Because unshare does not (and cannot) use lvm devices, we
don't need to bind-mount.
- tmp is created as usual.
Closes: #8
In an unshare environment, /etc/pacman.d/gnupg is owned by the original
root, who is now "nobody". cp will warn about this, since we can't
create files owned by the original root, and it instead creates them as
the unshare'd root (the original user). This is benign, so ignore it.
Allow passing files to the underlying pacman command, instead of relying
on the syncdb. This allows fine-grained control over the package files
to be installed, which can be useful when initializing a build chroot
for reproducible builds.
When there is no keyring in the new root, attempting to install e.g.
archlinux-keyring will result in the post-install script silently
failing to do anything (because there are no keys, and, critically, no
secret keys). The potentially very outdated keyring is then copied over
from the host, secret key and all, so subsequent pacman operations have
a trusted keyring that is at least as recent as the ISO or other host
system... but if there has been a keyring update between the date of the
ISO creation and the date of the install, those keys will continue to be
missing until the next keyring update, resulting in a bad out-of-the-box
experience.
This also means that if a thirdparty keyring package was scheduled to be
installed, it will not be populated at all; this affects downstream
archlinux32 build chroots.
There's no reason to delay this until after packages are installed -- we
aren't afraid of e.g. the mirrorlist resulting in file conflicts due to
a packaged pacman-mirrorlist, because the gnupg configuration should not
be getting packaged directly.
Fixes FS#61296 FS#61304 FS#61309 FS#61312 FS#62355
Similar to 232784ec, this logic has been around forever with no
discernible value. Retire the flag from the code and documentation, but
leave it behind as a vestige in order to not break scripts found in the
wild.
Unless I'm mistaken, newroot is assigned later, and never referenced in between:
```
(( $# )) || die "No root directory specified"
newroot=$1; shift
```
I grappled with the inability of pacstrap to do this while trying to
setup an i686 chroot for myself based on a pacman config from devtools,
rather than my own config which bombs on a "missing" multilib repo.
Remove the -r option, forcing the user to explicitly pass a root
directory. This removes some confusion wherein we set defaults, but
wouldn't allow all the defaults to be accepted.
This also adds some mild documentation to the help output for genfstab
and pacstrap.
However, add a '-c' switch to use the host cache instead. The default is
useful for when installing a system from an install media (which has
possibly constrained storage), but the '-c' switch is useful when
e.g. creating build-chroots.
I considered doing this the other way around ('-c' being the default).
However, I think it makes sense to default to the expected behavior for
install both because a new user is less likely to know that they need to
add a switch, and because the errormessage they'd get when they run out
of space/memory is nonsensical and would cause lots of annoying
questions.
[dave: use proper array addition, nuke readlink, use arithmetic flag]
Signed-off-by: Tom Gundersen <teg@jklm.no>
This would overwrite an existing mirrorlist, but the one at the host
is known to be good at this point, so the loss is minimal.
Signed-off-by: Tom Gundersen <teg@jklm.no>
We want to be able to call pacstrap with the target being an existing
install (in case it has been severely broken), and hence we might want
to preserve the existing keyring.
Signed-off-by: Tom Gundersen <teg@jklm.no>
the api_mount function could, for some bizzare reason, fail midway
through, leaving the user with a half mounted chroot. set the trap
before the function instead, but mask errors since we might see "foo
not mounted" errors.
* the Makefile uses m4 to build the common lib into the scripts
* it includes install, uninstall and clean targets
* the dist target creates a source tar from a tag
Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
