chrootsetup_dragonfly.sh

   1 # chrootsetup_dragonfly.sh
   2
   3 # This file SHOULD NOT be executable!  It is sourced by jailsetup.sh and
   4 # SHOULD NOT be executed directly!
   5
   6 # On entry the current directory will be set to the top of the chroot
   7 # This script must perform platform-specific chroot setup which includes
   8 # creating any dev device entries, setting up proc (if needed), setting
   9 # up lib64 (if needed) as well as installing a basic set of whatever libraries
  10 # are needed for a chroot to function on this platform.
  11
  12 # This script must also define a pull_in_bin function that may be called to
  13 # install an executable together with any libraries it depends on into the
  14 # chroot.
  15
  16 # Finally this script must install a suitable nc.openbsd compatible version of
  17 # netcat into the chroot jail that's available as nc.openbsd and which supports
  18 # connects to unix sockets.
  19
  20 # We are designed to set up the chroot based on binaries from
  21 # x86_64 DragonFly BSD 4.4; some things may need slight modifications if
  22 # being run on a different distribution.
  23
  24 # We require update_pwd_db to be set to work properly on DragonFly BSD
  25 [ -n "$cfg_update_pwd_db" -a "$cfg_update_pwd_db" != "0" ] || {
  26         echo 'error: Config.pm must set $update_pwd_db to 1 to use a DragonFly BSD jail' >&2
  27         exit 1
  28 }
  29
  30 chroot_dir="`pwd`"
  31
  32 mkdir -p dev proc
  33 chown 0:0 dev proc
  34
  35 # Extra directories
  36 mkdir -p libexec var/tmp
  37
  38 # Install the devfsctl chroot ruleset
  39 rm -f etc/devfs.conf
  40 cat "$curdir/fstab/devfsctl_chroot_ruleset" > etc/devfs.conf
  41 chown 0:0 etc/devfs.conf
  42 chmod 0444 etc/devfs.conf
  43
  44 # Make sure there's an auth.conf file, empty is fine
  45 if ! [ -e etc/auth.conf ]; then
  46         > etc/auth.conf
  47         chown 0:0 etc/auth.conf
  48         chmod 0444 etc/auth.conf
  49 fi
  50
  51 cp_p() {
  52         # use cpio to avoid setting flags
  53         # must NOT use passthrough mode as that will set flags on newer systems
  54         (cd "$(dirname "$1")" && echo "$(basename "$1")" | \
  55         cpio -o -L 2>/dev/null| { cd "$chroot_dir/${2%/*}" && cpio -i -m -u; } 2>/dev/null)
  56         if [ "${2%/*}" != "${2%/}" ]; then
  57                 mv -f "$chroot_dir/${2%/*}/$(basename "$1")" \
  58                         "$chroot_dir/${2%/*}/$(basename "$2")"
  59         fi
  60 }
  61
  62 # Bring in basic libraries:
  63 rm -f lib/* libexec/*
  64 # ld-elf.so.2:
  65 cp_p /libexec/ld-elf.so.2 libexec
  66
  67 pull_in_lib() {
  68         [ -f "$1" ] || return
  69         dst="${2%/}/$(basename "$1")"
  70         if [ ! -e "$dst" ] || [ "$1" -nt "$dst" ]; then
  71                 cp_p "$1" "$dst"
  72                 for llib in $(ldd "$1" | grep '=>' | awk '{print $3}'); do
  73                         (pull_in_lib "$llib" lib)
  74                 done
  75         fi
  76
  77 }
  78
  79 # pull_in_bin takes two arguments:
  80 # 1: the full path to a binary to pull in (together with any library dependencies)
  81 # 2: the destination directory relative to the current directory to copy it to which
  82 # MUST already exist with optional alternate name if the name in the chroot should be different
  83 # 3: optional name of binary that if already in $2 and the same as $1 hard link to instead
  84 # for example, "pull_in_bin /bin/sh bin" will install the shell into the chroot bin directory
  85 # for example, "pull_in_bin /bin/bash bin/sh" will install bash as the chroot bin/sh
  86 # IMPORTANT: argument 1 must be a machine binary, NOT a shell script or other interpreted text
  87 # IMPORTANT: text scripts can simply be copied in or installed as they don't have libraries to copy
  88 # NOTE: it's expected that calling this function on a running chroot may cause temporary disruption
  89 # In order to avoid a busy error while replacing binaries we first copy the binary to the
  90 # var/tmp directory and then force move it into place after the libs have been brought in.
  91 pull_in_bin() {
  92         bin="$1"; bdst="$2"
  93         if [ -d "${bdst%/}" ]; then
  94                 bnam="$(basename "$bin")"
  95                 bdst="${bdst%/}"
  96         else
  97                 bnam="$(basename "$bdst")"
  98                 bdst="${bdst%/*}"
  99         fi
 100         if [ -n "$3" ] && [ "$3" != "$bnam" ] && \
 101            [ -r "$bdst/$3" -a -x "$bdst/$3" ] && cmp -s "$bin" "$bdst/$3"; then
 102                 ln -f "$bdst/$3" "$bdst/$bnam"
 103                 return 0
 104         fi
 105         cp_p "$bin" var/tmp
 106         # ...and all the dependencies.
 107         for lib in $(ldd "$bin" | grep '=>' | awk '{print $3}'); do
 108                 pull_in_lib "$lib" lib
 109         done
 110         mv -f "var/tmp/$(basename "$bin")" "$bdst/$bnam"
 111 }
 112
 113 # A catch all that needs to be called after everything's been pulled in
 114 chroot_update_permissions() {
 115         # Be paranoid
 116         [ -n "$chroot_dir" -a "$chroot_dir" != "/" ] || { echo bad '$chroot_dir' >&2; exit 2; }
 117         cd "$chroot_dir" || { echo bad '$chroot_dir' >&2; exit 2; }
 118         rm -rf var/tmp
 119         chown -R 0:0 bin lib sbin var libexec
 120         # bootstrap the master.passwd database
 121         rm -f etc/master.passwd etc/pwd.db etc/spwd.db
 122         awk -F ':' '{ print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 }' < etc/passwd > etc/master.passwd
 123         PW_SCAN_BIG_IDS=1 pwd_mkdb -d etc etc/master.passwd 2>/dev/null
 124         chown $cfg_mirror_user:$cfg_owning_group etc/master.passwd etc/pwd.db etc/spwd.db
 125         chmod 0664 etc/master.passwd etc/pwd.db etc/spwd.db
 126 }
 127
 128 # the nc.openbsd compatible utility is available as $var_nc_openbsd_bin
 129 pull_in_bin "$var_nc_openbsd_bin" bin/nc.openbsd