index : archiso32 | |
Archlinux32 iso tools | gitolite user |
summaryrefslogtreecommitdiff |
author | nl6720 <nl6720@gmail.com> | 2020-11-14 11:43:13 +0200 |
---|---|---|
committer | nl6720 <nl6720@gmail.com> | 2020-11-30 08:46:24 +0200 |
commit | 42d9e4f983e9dbafb94a6fc52df1b25973afb63a (patch) | |
tree | 7829f50747c432567aaaee0a51f5738524ae3ab6 | |
parent | 2c99df5c9bb89308231a0281d3b8399bb06cc4c0 (diff) |
-rw-r--r-- | README.profile.rst | 8 | ||||
-rwxr-xr-x | archiso/mkarchiso | 41 | ||||
-rw-r--r-- | configs/baseline/profiledef.sh | 3 | ||||
-rw-r--r-- | configs/releng/profiledef.sh | 8 |
diff --git a/README.profile.rst b/README.profile.rst index fef34f9..1729319 100644 --- a/README.profile.rst +++ b/README.profile.rst @@ -52,6 +52,9 @@ The image file is constructed from some of the variables in **profiledef.sh**: ` - `ext4+squashfs`: Create an ext4 partition, copy the airootfs work directory to it and create a squashfs image from it * `airootfs_image_tool_options`: An array of options to pass to the tool to create the airootfs image. Currently only `mksquashfs` is supported - see `mksquashfs --help` for all possible options (defaults to `('-comp' 'xz')`). + - `file_permissions`: An associative array that lists files and/or directories who need specific ownership or + permissions. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and + access mode. E.g. `file_permissions=(["/etc/shadow"]="0:0:400")`. packages.arch ============= @@ -91,8 +94,9 @@ airootfs This - optional - directory may contain files and directories that will be copied to the work directory of the resulting image's root filesystem. The files are copied before packages are being installed to work directory location. -Ownership of files and directories from the profile's `airootfs` directory are not preserved (permissions are currently -the same as in the profile's `airootfs` - see `#61 <https://gitlab.archlinux.org/archlinux/archiso/-/issues/73>`_). +Ownership and permissions of files and directories from the profile's `airootfs` directory are not preserved. The mode +will be `644` for files and `755` for directories, all of them will be owned by root. To set custom ownership and/or +permissions, use `file_permissions` in **profiledef.sh**. With this overlay structure it is possible to e.g. create users and set passwords for them, by providing `airootfs/etc/passwd`, `airootfs/etc/shadow`, `airootfs/etc/gshadow` (see `man 5 passwd`, `man 5 shadow` and `man 5 diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a3b1e53..99c8114 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -37,6 +37,7 @@ override_pacman_conf="" bootmodes=() airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz') +declare -A file_permissions=() # Show an INFO message @@ -257,30 +258,23 @@ _make_pacman_conf() { # Prepare working directory and copy custom airootfs files (airootfs) _make_custom_airootfs() { local passwd=() + local filename permissions install -d -m 0755 -o 0 -g 0 -- "${airootfs_dir}" if [[ -d "${profile}/airootfs" ]]; then - _msg_info "Copying custom airootfs files and setting up user home directories..." - cp -af --no-preserve=ownership -- "${profile}/airootfs/." "${airootfs_dir}" - - [[ -e "${airootfs_dir}/etc/shadow" ]] && chmod -f 0400 -- "${airootfs_dir}/etc/shadow" - [[ -e "${airootfs_dir}/etc/gshadow" ]] && chmod -f 0400 -- "${airootfs_dir}/etc/gshadow" - - # Set up user home directories and permissions - if [[ -e "${airootfs_dir}/etc/passwd" ]]; then - while IFS=':' read -a passwd -r; do - [[ "${passwd[5]}" == '/' ]] && continue - [[ -z "${passwd[5]}" ]] && continue - - if [[ -d "${airootfs_dir}${passwd[5]}" ]]; then - chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}" - chmod -f 0750 -- "${airootfs_dir}${passwd[5]}" - else - install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${airootfs_dir}${passwd[5]}" - fi - done < "${airootfs_dir}/etc/passwd" - fi + _msg_info "Copying custom airootfs files..." + cp -af --no-preserve=ownership,mode -- "${profile}/airootfs/." "${airootfs_dir}" + # Set ownership and mode for files and directories + for filename in "${!file_permissions[@]}"; do + IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}" + if [[ -e "${airootfs_dir}${filename}" ]]; then + chown -fh -- "${permissions[0]}:${permissions[1]}" "${airootfs_dir}${filename}" + chmod -f -- "${permissions[2]}" "${airootfs_dir}${filename}" + else + _msg_warning "Cannot change permissions of '${airootfs_dir}${filename}'. The file or directory does not exist." + fi + done _msg_info "Done!" fi } @@ -318,10 +312,12 @@ _make_customize_airootfs() { (( passwd[2] >= 1000 && passwd[2] < 60000 )) || continue [[ "${passwd[5]}" == '/' ]] && continue [[ -z "${passwd[5]}" ]] && continue - cp -dnRT --preserve=mode,timestamps,links -- "${airootfs_dir}/etc/skel" "${airootfs_dir}${passwd[5]}" + if [[ ! -d "${airootfs_dir}${passwd[5]}" ]]; then + install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${airootfs_dir}${passwd[5]}" + fi + cp -dnRT --preserve=mode,timestamps,links -- "${airootfs_dir}/etc/skel/." "${airootfs_dir}${passwd[5]}" chmod -f 0750 -- "${airootfs_dir}${passwd[5]}" chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}" - done < "${profile}/airootfs/etc/passwd" _msg_info "Done!" fi @@ -329,6 +325,7 @@ _make_customize_airootfs() { if [[ -e "${airootfs_dir}/root/customize_airootfs.sh" ]]; then _msg_info "Running customize_airootfs.sh in '${airootfs_dir}' chroot..." _msg_warning "customize_airootfs.sh is deprecated! Support for it will be removed in a future archiso version." + chmod -f -- +x "${airootfs_dir}/root/customize_airootfs.sh" eval -- arch-chroot "${airootfs_dir}" "/root/customize_airootfs.sh" rm -- "${airootfs_dir}/root/customize_airootfs.sh" _msg_info "Done! customize_airootfs.sh run successfully." diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 2efd38f..8705529 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -10,3 +10,6 @@ install_dir="arch" bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" +file_permissions=( + ["/etc/shadow"]="0:0:400" +) diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 2e74e5f..051a390 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -11,3 +11,11 @@ bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.e arch="x86_64" pacman_conf="pacman.conf" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') +file_permissions=( + ["/etc/shadow"]="0:0:400" + ["/root"]="0:0:750" + ["/root/.automated_script.sh"]="0:0:750" + ["/usr/local/bin/choose-mirror"]="0:0:755" + ["/usr/local/bin/Installation_guide"]="0:0:755" + ["/usr/local/bin/livecd-sound"]="0:0:755" +) |