1 # chrootsetup_freebsd.sh
3 # This file SHOULD NOT be executable! It is sourced by jailsetup.sh and
4 # SHOULD NOT be executed directly!
6 # On entry the current directory will be set to the top of the chroot
7 # This script must perform platform-specific chroot setup which includes
8 # creating any dev device entries, setting up proc (if needed), setting
9 # up lib64 (if needed) as well as installing a basic set of whatever libraries
10 # are needed for a chroot to function on this platform.
12 # This script must also define a pull_in_bin function that may be called to
13 # install an executable together with any libraries it depends on into the
16 # Finally this script must install a suitable nc.openbsd compatible version of
17 # netcat into the chroot jail that's available as nc.openbsd and which supports
18 # connects to unix sockets.
20 # We are designed to set up the chroot based on binaries from
21 # amd64 FreeBSD 8; some things may need slight modifications if
22 # being run on a different distribution.
24 # We require update_pwd_db to be set to work properly on FreeBSD
25 [ -n "$cfg_update_pwd_db" -a "$cfg_update_pwd_db" != "0" ] ||
{
26 echo 'error: Config.pm must set $update_pwd_db to 1 to use a FreeBSD jail' >&2
36 mkdir
-p libexec var
/tmp
39 # use cpio to avoid setting flags
40 # must NOT use passthrough mode as that will set flags on newer systems
41 (cd "$(dirname "$1")" && echo "$(basename "$1")" | \
42 cpio -o -L 2>/dev
/null|
{ cd "$chroot_dir/${2%/*}" && cpio -i -m -u; } 2>/dev
/null
)
43 if [ "${2%/*}" != "${2%/}" ]; then
44 mv -f "$chroot_dir/${2%/*}/$(basename "$1")" \
45 "$chroot_dir/${2%/*}/$(basename "$2")"
49 # Bring in basic libraries:
52 cp_p
/libexec
/ld-elf.so
.1 libexec
56 dst
="${2%/}/$(basename "$1")"
57 if [ ! -e "$dst" ] ||
[ "$1" -nt "$dst" ]; then
59 for llib
in $
(ldd
"$1" |
grep '=>' |
awk '{print $3}'); do
60 (pull_in_lib
"$llib" lib
)
66 # pull_in_bin takes two arguments:
67 # 1: the full path to a binary to pull in (together with any library dependencies)
68 # 2: the destination directory relative to the current directory to copy it to which
69 # MUST already exist with optional alternate name if the name in the chroot should be different
70 # 3: optional name of binary that if already in $2 and the same as $1 hard link to instead
71 # for example, "pull_in_bin /bin/sh bin" will install the shell into the chroot bin directory
72 # for example, "pull_in_bin /bin/bash bin/sh" will install bash as the chroot bin/sh
73 # IMPORTANT: argument 1 must be a machine binary, NOT a shell script or other interpreted text
74 # IMPORTANT: text scripts can simply be copied in or installed as they don't have libraries to copy
75 # NOTE: it's expected that calling this function on a running chroot may cause temporary disruption
76 # In order to avoid a busy error while replacing binaries we first copy the binary to the
77 # var/tmp directory and then force move it into place after the libs have been brought in.
80 if [ -d "${bdst%/}" ]; then
81 bnam
="$(basename "$bin")"
84 bnam
="$(basename "$bdst")"
87 if [ -n "$3" ] && [ "$3" != "$bnam" ] && \
88 [ -r "$bdst/$3" -a -x "$bdst/$3" ] && cmp -s "$bin" "$bdst/$3"; then
89 ln -f "$bdst/$3" "$bdst/$bnam"
93 # ...and all the dependencies.
94 for lib
in $
(ldd
"$bin" |
grep '=>' |
awk '{print $3}'); do
95 pull_in_lib
"$lib" lib
97 mv -f "var/tmp/$(basename "$bin")" "$bdst/$bnam"
100 # A catch all that needs to be called after everything's been pulled in
101 chroot_update_permissions
() {
103 [ -n "$chroot_dir" -a "$chroot_dir" != "/" ] ||
{ echo bad
'$chroot_dir' >&2; exit 2; }
104 cd "$chroot_dir" ||
{ echo bad
'$chroot_dir' >&2; exit 2; }
106 chown
-R 0:0 bin lib sbin var libexec
107 # bootstrap the master.passwd database
108 rm -f etc
/master.passwd etc
/pwd.db etc
/spwd.db
109 awk -F ':' '{ print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 }' < etc
/passwd
> etc
/master.passwd
110 PW_SCAN_BIG_IDS
=1 pwd_mkdb
-d etc etc
/master.passwd
2>/dev
/null
111 chown
$cfg_mirror_user:$cfg_owning_group etc
/master.passwd etc
/pwd.db etc
/spwd.db
112 chmod 0664 etc
/master.passwd etc
/pwd.db etc
/spwd.db
115 # the nc.openbsd compatible utility is available as /usr/bin/nc
116 pull_in_bin
/usr
/bin
/nc bin
/nc.openbsd