From 42d9e4f983e9dbafb94a6fc52df1b25973afb63a Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 14 Nov 2020 11:43:13 +0200 Subject: Allow specifying ownership and mode of custom airootfs files and directories profiledef.sh can now contain an associative array called file_permissions which can be used to set custom ownership and mode of custom airootfs files. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and access mode. For example: file_permissions=( ["/etc/shadow"]="0:0:400" ) This means that mkarchiso now copies airootfs files (and directores) without permissions and anything that should be owned by a user other than root and/or if the mode should be something other than 644 for files and 755 for directories must to be listed in ${file_permission[@]} in profiledef.sh. Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/61 . --- archiso/mkarchiso | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) (limited to 'archiso') diff --git a/archiso/mkarchiso b/archiso/mkarchiso index a3b1e53..99c8114 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -37,6 +37,7 @@ override_pacman_conf="" bootmodes=() airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz') +declare -A file_permissions=() # Show an INFO message @@ -257,30 +258,23 @@ _make_pacman_conf() { # Prepare working directory and copy custom airootfs files (airootfs) _make_custom_airootfs() { local passwd=() + local filename permissions install -d -m 0755 -o 0 -g 0 -- "${airootfs_dir}" if [[ -d "${profile}/airootfs" ]]; then - _msg_info "Copying custom airootfs files and setting up user home directories..." - cp -af --no-preserve=ownership -- "${profile}/airootfs/." "${airootfs_dir}" - - [[ -e "${airootfs_dir}/etc/shadow" ]] && chmod -f 0400 -- "${airootfs_dir}/etc/shadow" - [[ -e "${airootfs_dir}/etc/gshadow" ]] && chmod -f 0400 -- "${airootfs_dir}/etc/gshadow" - - # Set up user home directories and permissions - if [[ -e "${airootfs_dir}/etc/passwd" ]]; then - while IFS=':' read -a passwd -r; do - [[ "${passwd[5]}" == '/' ]] && continue - [[ -z "${passwd[5]}" ]] && continue - - if [[ -d "${airootfs_dir}${passwd[5]}" ]]; then - chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}" - chmod -f 0750 -- "${airootfs_dir}${passwd[5]}" - else - install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${airootfs_dir}${passwd[5]}" - fi - done < "${airootfs_dir}/etc/passwd" - fi + _msg_info "Copying custom airootfs files..." + cp -af --no-preserve=ownership,mode -- "${profile}/airootfs/." "${airootfs_dir}" + # Set ownership and mode for files and directories + for filename in "${!file_permissions[@]}"; do + IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}" + if [[ -e "${airootfs_dir}${filename}" ]]; then + chown -fh -- "${permissions[0]}:${permissions[1]}" "${airootfs_dir}${filename}" + chmod -f -- "${permissions[2]}" "${airootfs_dir}${filename}" + else + _msg_warning "Cannot change permissions of '${airootfs_dir}${filename}'. The file or directory does not exist." + fi + done _msg_info "Done!" fi } @@ -318,10 +312,12 @@ _make_customize_airootfs() { (( passwd[2] >= 1000 && passwd[2] < 60000 )) || continue [[ "${passwd[5]}" == '/' ]] && continue [[ -z "${passwd[5]}" ]] && continue - cp -dnRT --preserve=mode,timestamps,links -- "${airootfs_dir}/etc/skel" "${airootfs_dir}${passwd[5]}" + if [[ ! -d "${airootfs_dir}${passwd[5]}" ]]; then + install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${airootfs_dir}${passwd[5]}" + fi + cp -dnRT --preserve=mode,timestamps,links -- "${airootfs_dir}/etc/skel/." "${airootfs_dir}${passwd[5]}" chmod -f 0750 -- "${airootfs_dir}${passwd[5]}" chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}" - done < "${profile}/airootfs/etc/passwd" _msg_info "Done!" fi @@ -329,6 +325,7 @@ _make_customize_airootfs() { if [[ -e "${airootfs_dir}/root/customize_airootfs.sh" ]]; then _msg_info "Running customize_airootfs.sh in '${airootfs_dir}' chroot..." _msg_warning "customize_airootfs.sh is deprecated! Support for it will be removed in a future archiso version." + chmod -f -- +x "${airootfs_dir}/root/customize_airootfs.sh" eval -- arch-chroot "${airootfs_dir}" "/root/customize_airootfs.sh" rm -- "${airootfs_dir}/root/customize_airootfs.sh" _msg_info "Done! customize_airootfs.sh run successfully." -- cgit v1.2.3-70-g09d2