root/archboot
1
0
Fork 0
mirror of https://gitlab.archlinux.org/tpowa/archboot.git synced 2024-09-20 12:00:37 +02:00
Code Issues Projects Releases Packages Wiki Activity
archboot/usr/lib/initcpio/install/archboot_base_common
Tobias Powalowski c1394f28dd remove nscd
2023-09-25 06:57:55 +02:00

256 lines
13 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0-only
# Created by Tobias Powalowski <tpowa@archlinux.org>
build ()
{
### setting up base structure
map add_dir /root /mnt /sysroot /install /var/log /home /var/tmp
add_symlink /var/run ../run
add_symlink /var/lock ../run/lock
### add basic apps
map add_binary init agetty basename mount umount clear env printf gawk tty bash rbash \
partprobe cp dir du ls mv rm sed grep kill killall more ps pwd rmdir true cat \
mkdir echo false sleep kmod pidof touch chmod find wc uname yes awk halt \
shutdown reboot poweroff insmod modprobe sh dd sort zstd date tee mktemp \
install pgrep mkfs.btrfs rmmod mountpoint gzip ldconfig ln top df cut \
stat tr passwd od tar bsdtar dialog
### add nano
add_binary nano
add_full_dir /usr/share/nano
add_file /etc/nanorc
# add syntax highlighting
echo "include \"/usr/share/nano/*.nanorc\"" >> "${BUILDROOT}/etc/nanorc"
### add machine-id
: > "${BUILDROOT}"/etc/machine-id
### add file magic file
add_file /usr/share/file/misc/magic.mgc
add_file /usr/lib/libkmod.so
add_symlink /init /usr/lib/systemd/systemd
### adding needed files from running system
map add_full_dir /etc/profile.d /usr/share/terminfo
add_symlink /usr/lib/terminfo ../share/terminfo
_SYSTEMFILES="bash.bash_logout bash.bashrc crypttab fstab host.conf hosts \
inputrc mke2fs.conf nsswitch.conf protocols \
request-key.conf securetty services"
for i in ${_SYSTEMFILES}; do
add_file "/etc/${i}"
done
### adding config files of installation system
map add_file /etc/profile /etc/shells
_BASIC_CONFIG="dialogrc hostname issue modprobe.d/modprobe.conf os-release tmpfiles.d/var.conf"
for i in ${_BASIC_CONFIG}; do
add_file "/usr/share/archboot/base/etc/${i}" "/etc/${i}"
done
### add coreutils,cryptsetup,terminfo libs and charmaps
map add_full_dir /usr/lib/coreutils /usr/lib/cryptsetup \
/usr/lib/gconv /usr/share/readline
### add locale support on archboot container
if grep -qw 'archboot' /etc/hostname; then
map add_binary locale-gen localedef
add_file /etc/locale.gen
_LANG="be bg cs da de en el es fi fr hu it lt lv mk nl nn pl pt ro ru sk sr sv uk"
for i in ${_LANG}; do
add_full_dir "/usr/share/locale/${i}"
done
add_file /usr/share/locale/locale.alias
add_full_dir /usr/share/i18n/locales
# only support UTF-8
add_file /usr/share/i18n/charmaps/UTF-8.gz
# remove conflicting files from not installed packages: binutils, grub and gdbm
find "${BUILDROOT}/usr/share/locale/" -type f \( -name 'grub*' -o -name 'binutils*' -o -name 'gdbm*' -o -name 'bfd*' \
-o -name 'gettext*' -o -name 'gas*' -o -name 'gold*' -o -name 'gprof*' -o -name 'ld*' \
-o -name 'man-db*' -o -name 'opcodes*' -o -name 'texinfo*' \) -delete
fi
### add bash configuration
# add bash-completion
add_full_dir /usr/share/bash-completion
# use color bash prompt
# unlock and delete root password, if not set by user!
# use color grep and ls output
for i in custom-bash-options.sh archboot-reset-root-password.sh; do
add_file "/usr/share/archboot/base/etc/profile.d/${i}" "/etc/profile.d/${i}"
done
# add default bash setup
for i in .bashrc .bash_profile .bash_logout; do
add_file "/etc/skel/${i}" "/root/${i}"
done
# add custom bash options
echo ". /etc/profile.d/custom-bash-options.sh" >> "${BUILDROOT}/root/.bashrc"
# add /etc/skel
add_full_dir /etc/skel
### add kmod related config file(s)
add_file /usr/lib/depmod.d/search.conf
### fixing network support from glibc
map add_file /lib/libnss_files.so.2 /lib/libnss_dns.so.2
### add hwdata
add_full_dir /usr/share/hwdata
### add pam
map add_binary mkhomedir_helper pam_timestamp_check unix_chkpwd unix_update
map add_full_dir /etc/security /etc/default /etc/pam.d /usr/lib/security /usr/lib/pam.d
add_file /etc/environment
### add shadow
map add_binary login nologin
add_file /etc/login.defs
### add systemd
# add systemd kernel modules
add_all_modules 'nfs|autofs4|loop'
map add_binary mount.nfs4 umount.nfs umount.nfs4 mount.nfs setfont loadkeys
#dbus files
map add_binary dbus-cleanup-sockets dbus-daemon dbus-launch dbus-monitor dbus-run-session dbus-send dbus-test-tool \
dbus-update-activation-environment dbus-uuidgen /usr/lib/dbus-1.0/dbus-daemon-launch-helper
add_dir /var/lib/dbus
map add_full_dir /etc/dbus-1 /usr/share/dbus-1
# tpm2-tss files
map add_binary secret-tool pinentry pinentry-curses gpgme-tool gpgme-json
map add_full_dir /etc/tpm2-tss /etc/pinentry
#systemd files
map add_binary systemd-umount busctl bootctl coredumpctl hostnamectl journalctl kernel-install localectl \
loginctl machinectl mount.ddi networkctl systemctl systemd-ac-power systemd-analyze systemd-ask-password \
systemd-cat systemd-cgls systemd-cgtop systemd-confext \
systemd-delta systemd-detect-virt systemd-escape systemd-firstboot systemd-hwdb systemd-inhibit systemd-machine-id-setup \
systemd-mount systemd-notify systemd-nspawn systemd-path systemd-resolve \
systemd-run systemd-socket-activate systemd-stdio-bridge systemd-sysusers \
systemd-tty-ask-password-agent timedatectl systemd-repart userdbctl homectl oomctl portablectl systemd-creds \
systemd-cryptenroll systemd-dissect systemd-id128 systemd-sysext
map add_dir /etc/tmpfiles.d /etc/modules-load.d /etc/binfmt.d/ /var/lib/systemd
map add_full_dir /etc/sysctl.d/ /etc/systemd /etc/xdg /usr/lib/systemd /usr/share/systemd /usr/share/factory \
/usr/share/polkit-1 /usr/lib/tmpfiles.d /usr/lib/modules-load.d /usr/lib/sysusers.d /usr/lib/sysctl.d
add_file /usr/share/archboot/base/etc/locale.conf /etc/locale.conf
add_file /usr/share/archboot/base/etc/vconsole.conf /etc/vconsole.conf
add_file /usr/share/archboot/base/etc/systemd/system/getty@.service /etc/systemd/system/getty@.service
add_file /usr/share/archboot/base/etc/systemd/system/serial-getty@.service /etc/systemd/system/serial-getty@.service
add_file /usr/share/archboot/base/etc/systemd/system/windowkeys.service /etc/systemd/system/windowkeys.service
add_file /usr/share/archboot/base/etc/systemd/journald.conf.d/fw-tty12.conf /etc/systemd/journald.conf.d/fw-tty12.conf
add_symlink /etc/systemd/system/multi-user.target.wants/windowkeys.service /etc/systemd/system/windowkeys.service
### disable systemd mounts:
# disable configfs, debugfs, fuse, hugepages, mqueue and tracefs
for i in dev-mqueue dev-hugepages sys-kernel-debug sys-kernel-tracing sys-kernel-config sys-fs-fuse-connections tmp; do
add_symlink "/etc/systemd/system/${i}.mount" /dev/null
done
### disable systemd targets:
# swap cryptsetup integritysetup veritysetup
for i in cryptsetup first-boot-complete integritysetup swap veritysetup; do
add_symlink "/etc/systemd/system/${i}.target" /dev/null
done
### disable systemd services:
# hwdb-update firstboot machine-id-commit pcrmachine binfmt
# boot-random-seed repart pcrphase pcrphase-sysinit
for i in hwdb-update firstboot machine-id-commit pcrmachine binfmt boot-random-seed repart pcrphase pcrphase-sysinit; do
add_symlink "/etc/systemd/system/systemd-${i}.service" /dev/null
done
### disable autonount:
# proc-sys-fs-binfmt_misc.automount
add_symlink /etc/systemd/system/proc-sys-fs-binfmt_misc.automount /dev/null
# remove remote-fs.target from multi-user.target.wants
rm -f "${BUILDROOT}"/etc/systemd/system/multi-user.target.wants/remote-fs.target
# disable lastlog
add_symlink /var/log/lastlog /dev/null
add_file /usr/share/archboot/base/etc/tmpfiles.d/var.conf /etc/tmpfiles.d/var.conf
### add missing libsystemd files
map add_file /usr/lib/libnss_myhostname.so.2 /usr/lib/libnss_mymachines.so.2 \
/usr/lib/libnss_resolve.so.2 /usr/lib/libnss_systemd.so.2
### fix tmpfiles startup
map add_file /usr/lib/libnss_compat.so.2 /usr/lib/libnsl.so.1
## fix for systemd >=245 set default.target
# remove initrd-release to allow normal systemd boot without initrd.target
rm -f "${BUILDROOT}"/etc/initrd-release
# mask systemd-gpt-auto-generator, errors out on initramfs usage
add_symlink /etc/systemd/system-generators/systemd-gpt-auto-generator /dev/null
### add udev
map add_binary /usr/lib/systemd/systemd-udevd udevadm systemd-tmpfiles logger
# add rule files
add_full_dir /usr/lib/udev
# add schedule rules file
add_file /usr/share/archboot/base/etc/udev/rules.d/60-ioschedulers.rules /etc/udev/rules.d/60-ioschedulers.rules
# add swapiness sysctl config file
add_file /usr/share/archboot/base/etc/sysctl.d/99-sysctl.conf /etc/sysctl.d/99-sysctl.conf
### add pacman
map add_binary pacman pacman-conf pacman-key pacman-db-upgrade makepkg \
repo-add repo-elephant testpkg vercmp curl gpg-agent gpg \
gpgconf gpg-connect-agent repo-remove archlinux-keyring-wkd-sync
map add_dir /var/cache/pacman/pkg /var/lib/pacman
map add_file /etc/pacman.conf /etc/makepkg.conf /etc/pacman.d/mirrorlist
# add pacman initialisation of gpg keys
add_dir /etc/pacman.d/gnupg
add_file /usr/share/archboot/base/etc/systemd/system/pacman-init.service /etc/systemd/system/pacman-init.service
map add_full_dir /usr/share/pacman/keyrings /usr/share/makepkg
# add local installed pacman database in container mode
if grep -qw 'archboot' /etc/hostname; then
add_full_dir /var/lib/pacman/local
_RM_PACMAN_DB="base grub libxml2 icu gettext refind amd-ucode intel-ucode edk2-shell \
libisoburn libburn libisofs mkinitcpio memtest linux-api-headers jansson libwbclient \
libbsd libmd libpcap libnftnl libnfnetlink libnetfilter_conntrack libsasl libldap memtest86+ \
memtest86+-efi mkinitcpio-busybox mtools libsysprof-capture libnsl libksba gdbm binutils \
cdrtools systemd-ukify python python-pefile limine man-pages libev libpipeline groff \
man-db texinfo db db5.3 gc rpcbind"
for i in ${_RM_PACMAN_DB}; do
rm -rf "${BUILDROOT}"/var/lib/pacman/local/"${i}"-*-[0-9]* &>"${_NO_LOG}"
done
fi
### add nss p11-kit and ca certificates
map add_binary p11-kit trust certutil cmsutil crlutil modutil nss-config pk12util \
shlibsign signtool signver ssltap symkeyutil update-ca-trust
cafile="tls-ca-bundle.pem"
cert="cert.pem"
cert2="ca-certificates.crt"
ca_dir="/etc/ca-certificates/extracted"
cert_dir="/etc/ssl"
cert2_dir="/etc/ssl/certs"
map add_full_dir "$ca_dir" "$cert2_dir" /usr/lib/p11-kit /usr/lib/pkcs11
add_symlink "${cert_dir}/${cert}" "../ca-certificates/extracted/${cafile}"
add_symlink "${cert2_dir}/${cert2}" "../../ca-certificates/extracted/${cafile}"
add_file /usr/share/ca-certificates/trust-source/mozilla.trust.p11-kit
add_file /usr/share/p11-kit/modules/p11-kit-trust.module
### remove conflicting grub, man-db, mkinitcpio and rpcbind files
rm "${BUILDROOT}"/usr/lib/systemd/system/mkinitcpio-generate-shutdown-ramfs.service \
"${BUILDROOT}"/usr/lib/systemd/system/shutdown.target.wants/mkinitcpio-generate-shutdown-ramfs.service \
"${BUILDROOT}"/usr/lib/systemd/ukify \
"${BUILDROOT}"/usr/lib/systemd/system/man-db* \
"${BUILDROOT}"/usr/lib/systemd/system/timers.target.wants/man-db* \
"${BUILDROOT}"/usr/lib/tmpfiles.d/man-db* \
"${BUILDROOT}"/usr/lib/tmpfiles.d/mkinitcpio.conf \
"${BUILDROOT}"/usr/share/bash-completion/completions/lsinitcpio \
"${BUILDROOT}"/usr/share/bash-completion/completions/mkinitcpio \
"${BUILDROOT}"/usr/share/bash-completion/completions/grub \
"${BUILDROOT}"/usr/lib/systemd/system/rpcbind* \
"${BUILDROOT}"/usr/lib/tmpfiles.d/rpcbind* \
"${BUILDROOT}"/usr/lib/sysusers.d/rpcbind* \
"${BUILDROOT}"/usr/lib/modules-load.d/cdrecord.conf
### fix licenses
map add_file /usr/share/licenses/shadow/COPYING /usr/share/licenses/iana-etc/LICENSE \
/usr/share/licenses/dbus/COPYING /usr/share/licenses/p11-kit/COPYING
}
help ()
{
cat <<HELPEOF
This hook sets up all common initial directories and installs base, kmod,
pam, pacman, shadow, systemd, udev utilities and libraries
for a archboot image.
DO NOT remove this one unless you know what you're doing.
HELPEOF
}
# vim: set ft=sh ts=4 sw=4 et:
Reference in a new issue View git blame Copy permalink