Clone/future-install-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
53debcefab
future-install-scripts/pacstrap.in
Eli Schwartz 53debcefab
pacstrap: try to copy the host keyring before installing packages 
When there is no keyring in the new root, attempting to install e.g.
archlinux-keyring will result in the post-install script silently
failing to do anything (because there are no keys, and, critically, no
secret keys). The potentially very outdated keyring is then copied over
from the host, secret key and all, so subsequent pacman operations have
a trusted keyring that is at least as recent as the ISO or other host
system... but if there has been a keyring update between the date of the
ISO creation and the date of the install, those keys will continue to be
missing until the next keyring update, resulting in a bad out-of-the-box
experience.

This also means that if a thirdparty keyring package was scheduled to be
installed, it will not be populated at all; this affects downstream
archlinux32 build chroots.

There's no reason to delay this until after packages are installed -- we
aren't afraid of e.g. the mirrorlist resulting in file conflicts due to
a packaged pacman-mirrorlist, because the gnupg configuration should not
be getting packaged directly.

Fixes FS#61296 FS#61304 FS#61309 FS#61312 FS#62355
2019-05-21 01:32:52 -04:00

120 lines
2.8 KiB
Bash
Raw Blame History

#!/bin/bash
#
# Assumptions:
# 1) User has partitioned, formatted, and mounted partitions on /mnt
# 2) Network is functional
# 3) Arguments passed to the script are valid pacman targets
# 4) A valid mirror appears in /etc/pacman.d/mirrorlist
#
shopt -s extglob
m4_include(common)
hostcache=0
copykeyring=1
copymirrorlist=1
usage() {
cat <<EOF
usage: ${0##*/} [options] root [packages...]
Options:
-C config Use an alternate config file for pacman
-c Use the package cache on the host, rather than the target
-G Avoid copying the host's pacman keyring to the target
-i Prompt for package confirmation when needed (run interactively)
-M Avoid copying the host's mirrorlist to the target
-h Print this help message
pacstrap installs packages to the specified new root directory. If no packages
are given, pacstrap defaults to the "base" group.
EOF
}
if [[ -z $1 || $1 = @(-h|--help) ]]; then
usage
exit $(( $# ? 0 : 1 ))
fi
(( EUID == 0 )) || die 'This script must be run with root privileges'
while getopts ':C:cdGiM' flag; do
case $flag in
C)
pacman_config=$OPTARG
;;
d)
# retired flag. does nothing.
;;
c)
hostcache=1
;;
i)
interactive=1
;;
G)
copykeyring=0
;;
M)
copymirrorlist=0
;;
:)
die '%s: option requires an argument -- '\''%s'\' "${0##*/}" "$OPTARG"
;;
?)
die '%s: invalid option -- '\''%s'\' "${0##*/}" "$OPTARG"
;;
esac
done
shift $(( OPTIND - 1 ))
(( $# )) || die "No root directory specified"
newroot=$1; shift
pacman_args=("${@:-base}")
if (( ! hostcache )); then
pacman_args+=(--cachedir="$newroot/var/cache/pacman/pkg")
fi
if (( ! interactive )); then
pacman_args+=(--noconfirm)
fi
if [[ $pacman_config ]]; then
pacman_args+=(--config="$pacman_config")
fi
[[ -d $newroot ]] || die "%s is not a directory" "$newroot"
# create obligatory directories
msg 'Creating install root at %s' "$newroot"
mkdir -m 0755 -p "$newroot"/var/{cache/pacman/pkg,lib/pacman,log} "$newroot"/{dev,run,etc/pacman.d}
mkdir -m 1777 -p "$newroot"/tmp
mkdir -m 0555 -p "$newroot"/{sys,proc}
# mount API filesystems
chroot_setup "$newroot" || die "failed to setup chroot %s" "$newroot"
if (( copykeyring )); then
# if there's a keyring on the host, copy it into the new root, unless it exists already
if [[ -d /etc/pacman.d/gnupg && ! -d $newroot/etc/pacman.d/gnupg ]]; then
cp -a /etc/pacman.d/gnupg "$newroot/etc/pacman.d/"
fi
fi
msg 'Installing packages to %s' "$newroot"
if ! pacman -r "$newroot" -Sy "${pacman_args[@]}"; then
die 'Failed to install packages to new root'
fi
if (( copymirrorlist )); then
# install the host's mirrorlist onto the new root
cp -a /etc/pacman.d/mirrorlist "$newroot/etc/pacman.d/"
fi
# vim: et ts=2 sw=2 ft=sh:
Reference in New Issue View Git Blame Copy Permalink