From f60525103d152923e1321490936cf17fd033bf4d Mon Sep 17 00:00:00 2001 From: Zig Globulin Date: Wed, 9 Feb 2022 14:28:16 +0100 Subject: wait for networkd online before curl invocation 1) wait for network-online.target before invoking curl as there's no synchronization with network setup for this script 2) don't hide curl errors - it may be easier to debug the issues 3) add log and comments --- configs/releng/airootfs/root/.automated_script.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'configs/releng/airootfs/root') diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh index 52c47e6..f257537 100755 --- a/configs/releng/airootfs/root/.automated_script.sh +++ b/configs/releng/airootfs/root/.automated_script.sh @@ -16,7 +16,13 @@ automated_script () script="$(script_cmdline)" if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then - curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script >/dev/null + # there's no synchronization for network availability before executing this script + printf '%s: waiting for network-online.target\n' "$0" + until systemctl --quiet is-active network-online.target; do + sleep 1 + done + printf '%s: downloading %s\n' "$0" "${script}" + curl "${script}" --location --retry-connrefused --retry 10 -s -o /tmp/startup_script rt=$? else cp "${script}" /tmp/startup_script @@ -24,6 +30,9 @@ automated_script () fi if [[ ${rt} -eq 0 ]]; then chmod +x /tmp/startup_script + printf '%s: executing automated script\n' "$0" + # note that script is executed when other services (like pacman-init) may be still in progress, please + # synchronize to "systemctl is-system-running --wait" when your script depends on other services /tmp/startup_script fi fi -- cgit v1.2.3-70-g09d2 From 28a3a54c5f28e40a935609de9b092fe0c1cfee24 Mon Sep 17 00:00:00 2001 From: nl6720 Date: Tue, 6 Dec 2022 14:20:30 +0200 Subject: Fix optional shellcheck warnings Additionally fix a few code style issues found with shfmt. --- .editorconfig | 7 + .gitlab/ci/build_archiso.sh | 441 +++++++++++---------- archiso/mkarchiso | 169 ++++---- configs/releng/airootfs/root/.automated_script.sh | 13 +- .../releng/airootfs/usr/local/bin/choose-mirror | 17 +- configs/releng/airootfs/usr/local/bin/livecd-sound | 97 ++--- scripts/run_archiso.sh | 1 - 7 files changed, 373 insertions(+), 372 deletions(-) (limited to 'configs/releng/airootfs/root') diff --git a/.editorconfig b/.editorconfig index 74ed4eb..cbb5538 100644 --- a/.editorconfig +++ b/.editorconfig @@ -16,6 +16,10 @@ charset = utf-8 indent_style = space indent_size = 4 max_line_length = 120 +# for shfmt +switch_case_indent = true +binary_next_line = true + [*.{yml,yaml}] end_of_line = lf @@ -32,3 +36,6 @@ trim_trailing_whitespace = true charset = utf-8 indent_style = space indent_size = 2 + +[Makefile] +indent_style = tab diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh index 104792a..3e1211b 100755 --- a/.gitlab/ci/build_archiso.sh +++ b/.gitlab/ci/build_archiso.sh @@ -35,141 +35,142 @@ ca_key="" pgp_key_id="" print_section_start() { - # gitlab collapsible sections start: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections - local _section _title - _section="${1}" - _title="${2}" + # gitlab collapsible sections start: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections + local _section _title + _section="${1}" + _title="${2}" - printf "\e[0Ksection_start:%(%s)T:%s\r\e[0K%s\n" '-1' "${_section}" "${_title}" + printf "\e[0Ksection_start:%(%s)T:%s\r\e[0K%s\n" '-1' "${_section}" "${_title}" } print_section_end() { - # gitlab collapsible sections end: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections - local _section - _section="${1}" + # gitlab collapsible sections end: https://docs.gitlab.com/ee/ci/jobs/#custom-collapsible-sections + local _section + _section="${1}" - printf "\e[0Ksection_end:%(%s)T:%s\r\e[0K\n" '-1' "${_section}" + printf "\e[0Ksection_end:%(%s)T:%s\r\e[0K\n" '-1' "${_section}" } cleanup() { - # clean up temporary directories - print_section_start "cleanup" "Cleaning up temporary directory" + # clean up temporary directories + print_section_start "cleanup" "Cleaning up temporary directory" - if [ -n "${tmpdir_base:-}" ]; then - rm -fr "${tmpdir_base}" - fi + if [[ -n "${tmpdir_base:-}" ]]; then + rm -fr "${tmpdir_base}" + fi - print_section_end "cleanup" + print_section_end "cleanup" } create_checksums() { - # create checksums for files - # $@: files - local _file_path _file_name _current_pwd - _current_pwd="${PWD}" - - print_section_start "checksums" "Creating checksums" - - for _file_path in "$@"; do - cd "$(dirname "${_file_path}")" - _file_name="$(basename "${_file_path}")" - b2sum "${_file_name}" > "${_file_name}.b2" - md5sum "${_file_name}" > "${_file_name}.md5" - sha1sum "${_file_name}" > "${_file_name}.sha1" - sha256sum "${_file_name}" > "${_file_name}.sha256" - sha512sum "${_file_name}" > "${_file_name}.sha512" - ls -lah "${_file_name}."{b2,md5,sha{1,256,512}} - cat "${_file_name}."{b2,md5,sha{1,256,512}} - done - cd "${_current_pwd}" - - print_section_end "checksums" + # create checksums for files + # $@: files + local _file_path _file_name _current_pwd + _current_pwd="${PWD}" + + print_section_start "checksums" "Creating checksums" + + for _file_path in "$@"; do + cd "$(dirname "${_file_path}")" + _file_name="$(basename "${_file_path}")" + b2sum "${_file_name}" >"${_file_name}.b2" + md5sum "${_file_name}" >"${_file_name}.md5" + sha1sum "${_file_name}" >"${_file_name}.sha1" + sha256sum "${_file_name}" >"${_file_name}.sha256" + sha512sum "${_file_name}" >"${_file_name}.sha512" + ls -lah "${_file_name}."{b2,md5,sha{1,256,512}} + cat "${_file_name}."{b2,md5,sha{1,256,512}} + done + cd "${_current_pwd}" + + print_section_end "checksums" } create_zsync_delta() { - # create zsync control files for files - # $@: files - local _file - - print_section_start "zsync_delta" "Creating zsync delta" - - for _file in "$@"; do - if [[ "${buildmode}" == "bootstrap" ]]; then - # zsyncmake fails on 'too long between blocks' with default block size on bootstrap image - zsyncmake -v -b 512 -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" - else - zsyncmake -v -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" - fi - done + # create zsync control files for files + # $@: files + local _file + + print_section_start "zsync_delta" "Creating zsync delta" + + for _file in "$@"; do + if [[ "${buildmode}" == "bootstrap" ]]; then + # zsyncmake fails on 'too long between blocks' with default block size on bootstrap image + zsyncmake -v -b 512 -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" + else + zsyncmake -v -C -u "${_file##*/}" -o "${_file}".zsync "${_file}" + fi + done - print_section_end "zsync_delta" + print_section_end "zsync_delta" } create_metrics() { - local _metrics="${output}/metrics.txt" - # create metrics - print_section_start "metrics" "Creating metrics" - - { - # create metrics based on buildmode - case "${buildmode}" in - iso) - printf 'image_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/"*.iso | cut -f1)" - printf 'package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" - if [[ -e "${tmpdir}/efiboot.img" ]]; then - printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${tmpdir}/efiboot.img" | cut -f1)" - fi - # shellcheck disable=SC2046 - # shellcheck disable=SC2183 - printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \ - $(du -m -- "${tmpdir}/iso/"*/boot/**/initramfs*.img | \ - awk -v profile="${profile}" \ - 'function basename(file) { - sub(".*/", "", file) - return file - } - { print profile, basename($2), $1 }' - ) - ;; - netboot) - printf 'netboot_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/${install_dir}/" | tail -n1 | cut -f1)" - printf 'netboot_package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" - ;; - bootstrap) - printf 'bootstrap_size_mebibytes{image="%s"} %s\n' \ - "${profile}" \ - "$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)" - printf 'bootstrap_package_count{image="%s"} %s\n' \ - "${profile}" \ - "$(sort -u -- "${tmpdir}/"*/bootstrap/root.*/pkglist.*.txt | wc -l)" - ;; - esac - } > "${_metrics}" - ls -lah "${_metrics}" - cat "${_metrics}" - - print_section_end "metrics" + local _metrics="${output}/metrics.txt" + # create metrics + print_section_start "metrics" "Creating metrics" + + { + # create metrics based on buildmode + case "${buildmode}" in + iso) + printf 'image_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/"*.iso | cut -f1)" + printf 'package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" + if [[ -e "${tmpdir}/efiboot.img" ]]; then + printf 'eltorito_efi_image_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${tmpdir}/efiboot.img" | cut -f1)" + fi + # shellcheck disable=SC2046 + # shellcheck disable=SC2183 + printf 'initramfs_size_mebibytes{image="%s",initramfs="%s"} %s\n' \ + $( + du -m -- "${tmpdir}/iso/"*/boot/**/initramfs*.img \ + | awk -v profile="${profile}" \ + 'function basename(file) { + sub(".*/", "", file) + return file + } + { print profile, basename($2), $1 }' + ) + ;; + netboot) + printf 'netboot_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/${install_dir}/" | tail -n1 | cut -f1)" + printf 'netboot_package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/iso/"*/pkglist.*.txt | wc -l)" + ;; + bootstrap) + printf 'bootstrap_size_mebibytes{image="%s"} %s\n' \ + "${profile}" \ + "$(du -m -- "${output}/"*.tar*(.gz|.xz|.zst) | cut -f1)" + printf 'bootstrap_package_count{image="%s"} %s\n' \ + "${profile}" \ + "$(sort -u -- "${tmpdir}/"*/bootstrap/root.*/pkglist.*.txt | wc -l)" + ;; + esac + } >"${_metrics}" + ls -lah "${_metrics}" + cat "${_metrics}" + + print_section_end "metrics" } create_ephemeral_pgp_key() { - # create an ephemeral PGP key for signing the rootfs image - print_section_start "ephemeral_pgp_key" "Creating ephemeral PGP key" + # create an ephemeral PGP key for signing the rootfs image + print_section_start "ephemeral_pgp_key" "Creating ephemeral PGP key" - gnupg_homedir="$tmpdir/.gnupg" - mkdir -p "${gnupg_homedir}" - chmod 700 "${gnupg_homedir}" + gnupg_homedir="$tmpdir/.gnupg" + mkdir -p "${gnupg_homedir}" + chmod 700 "${gnupg_homedir}" - cat << __EOF__ > "${gnupg_homedir}"/gpg.conf + cat <<__EOF__ >"${gnupg_homedir}"/gpg.conf quiet batch no-tty @@ -180,7 +181,7 @@ armor no-emit-version __EOF__ - gpg --homedir "${gnupg_homedir}" --gen-key < "${ca_dir}/serial" - - # Prepare the ca configuration for the change in directory - sed -i "s#/etc/ssl#${ca_dir}#g" "${ca_conf}" - - # Create the Certificate Authority - openssl req \ - -newkey rsa:4096 \ - -sha256 \ - -nodes \ - -x509 \ - -new \ - -sha256 \ - -keyout "${ca_key}" \ - -config "${ca_conf}" \ - -subj "${ca_subj}" \ - -out "${ca_cert}" - - cat << EOF >> "${ca_conf}" + # create ephemeral certificates used for codesigning + print_section_start "ephemeral_codesigning_key" "Creating ephemeral codesigning keys" + + # The exact steps in creating a CA with Codesigning being signed was taken from + # https://jamielinux.com/docs/openssl-certificate-authority/introduction.html + # (slight modifications to the process to not disturb default values of /etc/ssl/openssl.cnf) + + codesigning_dir="${tmpdir}/.codesigning/" + local ca_dir="${codesigning_dir}/ca/" + + local ca_conf="${ca_dir}/certificate_authority.cnf" + local ca_subj="/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/CN=archlinux.org" + ca_cert="${ca_dir}/cacert.pem" + ca_key="${ca_dir}/private/cakey.pem" + + local codesigning_conf="${codesigning_dir}/code_signing.cnf" + local codesigning_subj="/C=DE/ST=Berlin/L=Berlin/O=Arch Linux/OU=Release Engineering/CN=archlinux.org" + codesigning_cert="${codesigning_dir}/codesign.crt" + codesigning_key="${codesigning_dir}/codesign.key" + + mkdir -p "${ca_dir}/"{private,newcerts,crl} + mkdir -p "${codesigning_dir}" + cp -- /etc/ssl/openssl.cnf "${codesigning_conf}" + cp -- /etc/ssl/openssl.cnf "${ca_conf}" + touch "${ca_dir}/index.txt" + echo "1000" >"${ca_dir}/serial" + + # Prepare the ca configuration for the change in directory + sed -i "s#/etc/ssl#${ca_dir}#g" "${ca_conf}" + + # Create the Certificate Authority + openssl req \ + -newkey rsa:4096 \ + -sha256 \ + -nodes \ + -x509 \ + -new \ + -sha256 \ + -keyout "${ca_key}" \ + -config "${ca_conf}" \ + -subj "${ca_subj}" \ + -out "${ca_cert}" + + cat <>"${ca_conf}" [ v3_intermediate_ca ] # Extensions for a typical intermediate CA ('man x509v3_config'). @@ -261,7 +262,7 @@ keyUsage = critical, digitalSignature, cRLSign, keyCertSign EOF - cat << EOF >> "${codesigning_conf}" + cat <>"${codesigning_conf}" [codesigning] keyUsage=digitalSignature @@ -269,65 +270,65 @@ extendedKeyUsage=codeSigning, clientAuth, emailProtection EOF - openssl req \ - -newkey rsa:4096 \ - -keyout "${codesigning_key}" \ - -nodes \ - -sha256 \ - -out "${codesigning_cert}.csr" \ - -config "${codesigning_conf}" \ - -subj "${codesigning_subj}" \ - -extensions codesigning - - # Sign the code signing certificate with the CA - openssl ca \ - -batch \ - -config "${ca_conf}" \ - -extensions v3_intermediate_ca \ - -days 3650 \ - -notext \ - -md sha256 \ - -in "${codesigning_cert}.csr" \ - -out "${codesigning_cert}" - - print_section_end "ephemeral_codesigning_key" + openssl req \ + -newkey rsa:4096 \ + -keyout "${codesigning_key}" \ + -nodes \ + -sha256 \ + -out "${codesigning_cert}.csr" \ + -config "${codesigning_conf}" \ + -subj "${codesigning_subj}" \ + -extensions codesigning + + # Sign the code signing certificate with the CA + openssl ca \ + -batch \ + -config "${ca_conf}" \ + -extensions v3_intermediate_ca \ + -days 3650 \ + -notext \ + -md sha256 \ + -in "${codesigning_cert}.csr" \ + -out "${codesigning_cert}" + + print_section_end "ephemeral_codesigning_key" } run_mkarchiso() { - # run mkarchiso - create_ephemeral_pgp_key - create_ephemeral_codesigning_keys - - print_section_start "mkarchiso" "Running mkarchiso" - mkdir -p "${output}/" "${tmpdir}/" - GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \ - -D "${install_dir}" \ - -c "${codesigning_cert} ${codesigning_key} ${ca_cert}" \ - -g "${pgp_key_id}" \ - -G "${pgp_sender}" \ - -o "${output}/" \ - -w "${tmpdir}/" \ - -m "${buildmode}" \ - -v "configs/${profile}" - - print_section_end "mkarchiso" - - if [[ "${buildmode}" =~ "iso" ]]; then - create_zsync_delta "${output}/"*.iso - create_checksums "${output}/"*.iso - fi - if [[ "${buildmode}" == "bootstrap" ]]; then - create_zsync_delta "${output}/"*.tar*(.gz|.xz|.zst) - create_checksums "${output}/"*.tar*(.gz|.xz|.zst) - fi - create_metrics - - print_section_start "ownership" "Setting ownership on output" - - if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then - chown -Rv "${SUDO_UID}:${SUDO_GID}" -- "${output}" - fi - print_section_end "ownership" + # run mkarchiso + create_ephemeral_pgp_key + create_ephemeral_codesigning_keys + + print_section_start "mkarchiso" "Running mkarchiso" + mkdir -p "${output}/" "${tmpdir}/" + GNUPGHOME="${gnupg_homedir}" ./archiso/mkarchiso \ + -D "${install_dir}" \ + -c "${codesigning_cert} ${codesigning_key} ${ca_cert}" \ + -g "${pgp_key_id}" \ + -G "${pgp_sender}" \ + -o "${output}/" \ + -w "${tmpdir}/" \ + -m "${buildmode}" \ + -v "configs/${profile}" + + print_section_end "mkarchiso" + + if [[ "${buildmode}" =~ "iso" ]]; then + create_zsync_delta "${output}/"*.iso + create_checksums "${output}/"*.iso + fi + if [[ "${buildmode}" == "bootstrap" ]]; then + create_zsync_delta "${output}/"*.tar*(.gz|.xz|.zst) + create_checksums "${output}/"*.tar*(.gz|.xz|.zst) + fi + create_metrics + + print_section_start "ownership" "Setting ownership on output" + + if [[ -n "${SUDO_UID:-}" ]] && [[ -n "${SUDO_GID:-}" ]]; then + chown -Rv "${SUDO_UID}:${SUDO_GID}" -- "${output}" + fi + print_section_end "ownership" } trap cleanup EXIT diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 470a960..15534bf 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -169,7 +169,7 @@ _cleanup_pacstrap_dir() { # Create /etc/machine-id with special value 'uninitialized': the final id is # generated on first boot, systemd's first-boot mechanism applies (see machine-id(5)) rm -f -- "${pacstrap_dir}/etc/machine-id" - printf 'uninitialized\n' > "${pacstrap_dir}/etc/machine-id" + printf 'uninitialized\n' >"${pacstrap_dir}/etc/machine-id" _msg_info "Done!" } @@ -204,7 +204,7 @@ _mkairootfs_ext4+squashfs() { [[ ! "${quiet}" == "y" ]] || mkfs_ext4_options+=('-q') rm -f -- "${pacstrap_dir}.img" E2FSPROGS_FAKE_TIME="${SOURCE_DATE_EPOCH}" mkfs.ext4 "${mkfs_ext4_options[@]}" -- "${pacstrap_dir}.img" 32G - tune2fs -c 0 -i 0 -- "${pacstrap_dir}.img" > /dev/null + tune2fs -c 0 -i 0 -- "${pacstrap_dir}.img" >/dev/null _msg_info "Done!" install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" @@ -245,9 +245,9 @@ _mkchecksum() { _msg_info "Creating checksum file for self-test..." cd -- "${isofs_dir}/${install_dir}/${arch}" if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then - sha512sum airootfs.sfs > airootfs.sha512 + sha512sum airootfs.sfs >airootfs.sha512 elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then - sha512sum airootfs.erofs > airootfs.sha512 + sha512sum airootfs.erofs >airootfs.sha512 fi cd -- "${OLDPWD}" _msg_info "Done!" @@ -280,12 +280,12 @@ _run_once() { # Set up custom pacman.conf with custom cache and pacman hook directories. _make_pacman_conf() { local _cache_dirs _system_cache_dirs _profile_cache_dirs - _system_cache_dirs="$(pacman-conf CacheDir| tr '\n' ' ')" - _profile_cache_dirs="$(pacman-conf --config "${pacman_conf}" CacheDir| tr '\n' ' ')" + _system_cache_dirs="$(pacman-conf CacheDir | tr '\n' ' ')" + _profile_cache_dirs="$(pacman-conf --config "${pacman_conf}" CacheDir | tr '\n' ' ')" # Only use the profile's CacheDir, if it is not the default and not the same as the system cache dir. - if [[ "${_profile_cache_dirs}" != "/var/cache/pacman/pkg" ]] && \ - [[ "${_system_cache_dirs}" != "${_profile_cache_dirs}" ]]; then + if [[ "${_profile_cache_dirs}" != "/var/cache/pacman/pkg" ]] \ + && [[ "${_system_cache_dirs}" != "${_profile_cache_dirs}" ]]; then _cache_dirs="${_profile_cache_dirs}" else _cache_dirs="${_system_cache_dirs}" @@ -297,9 +297,9 @@ _make_pacman_conf() { # append CacheDir and HookDir to [options] section # HookDir is *always* set to the airootfs' override directory # see `man 8 pacman` for further info - pacman-conf --config "${pacman_conf}" | \ - sed "/CacheDir/d;/DBPath/d;/HookDir/d;/LogFile/d;/RootDir/d;/\[options\]/a CacheDir = ${_cache_dirs} - /\[options\]/a HookDir = ${pacstrap_dir}/etc/pacman.d/hooks/" > "${work_dir}/${buildmode}.pacman.conf" + pacman-conf --config "${pacman_conf}" \ + | sed "/CacheDir/d;/DBPath/d;/HookDir/d;/LogFile/d;/RootDir/d;/\[options\]/a CacheDir = ${_cache_dirs} + /\[options\]/a HookDir = ${pacstrap_dir}/etc/pacman.d/hooks/" >"${work_dir}/${buildmode}.pacman.conf" } # Prepare working directory and copy custom root file system files. @@ -314,7 +314,7 @@ _make_custom_airootfs() { cp -af --no-preserve=ownership,mode -- "${profile}/airootfs/." "${pacstrap_dir}" # Set ownership and mode for files and directories for filename in "${!file_permissions[@]}"; do - IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}" + IFS=':' read -ra permissions <<<"${file_permissions["${filename}"]}" # Prevent file path traversal outside of $pacstrap_dir if [[ "$(realpath -q -- "${pacstrap_dir}${filename}")" != "${pacstrap_dir}"* ]]; then _msg_error "Failed to set permissions on '${pacstrap_dir}${filename}'. Outside of valid path." 1 @@ -355,7 +355,7 @@ _make_packages() { # Unset TMPDIR to work around https://bugs.archlinux.org/task/70580 if [[ "${quiet}" = "y" ]]; then - env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" &> /dev/null + env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" &>/dev/null else env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" fi @@ -399,7 +399,7 @@ _make_customize_airootfs() { else _msg_error "Failed to set permissions on '${pacstrap_dir}${passwd[5]}'. Outside of valid path." 1 fi - done < "${profile}/airootfs/etc/passwd" + done <"${profile}/airootfs/etc/passwd" _msg_info "Done!" fi @@ -452,7 +452,7 @@ _make_bootmode_bios.syslinux.mbr() { s|%ARCHISO_UUID%|${iso_uuid}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ - "${_cfg}" > "${isofs_dir}/boot/syslinux/${_cfg##*/}" + "${_cfg}" >"${isofs_dir}/boot/syslinux/${_cfg##*/}" done if [[ -e "${profile}/syslinux/splash.png" ]]; then install -m 0644 -- "${profile}/syslinux/splash.png" "${isofs_dir}/boot/syslinux/" @@ -527,10 +527,11 @@ _make_efibootimg() { fi # Convert from bytes to KiB and round up to the next full MiB with an additional MiB for reserved sectors. - imgsize_kib="$(awk 'function ceil(x){return int(x)+(x>int(x))} + imgsize_kib="$( + awk 'function ceil(x){return int(x)+(x>int(x))} function byte_to_kib(x){return x/1024} function mib_to_kib(x){return x*1024} - END {print mib_to_kib(ceil((byte_to_kib($1)+1024)/1024))}' <<< "${imgsize_bytes}" + END {print mib_to_kib(ceil((byte_to_kib($1)+1024)/1024))}' <<<"${imgsize_bytes}" )" # The FAT image must be created with mkfs.fat not mformat, as some systems have issues with mformat made images: # https://lists.gnu.org/archive/html/grub-devel/2019-04/msg00099.html @@ -539,7 +540,7 @@ _make_efibootimg() { if [[ "${quiet}" == "y" ]]; then # mkfs.fat does not have a -q/--quiet option, so redirect stdout to /dev/null instead # https://github.com/dosfstools/dosfstools/issues/103 - mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize_kib}" > /dev/null + mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize_kib}" >/dev/null else mkfs.fat -C -n ARCHISO_EFI "${efibootimg}" "${imgsize_kib}" fi @@ -553,7 +554,7 @@ _make_common_bootmode_grub_copy_to_isofs() { local files_to_copy=() files_to_copy+=("${work_dir}/grub/"*) - if compgen -G "${profile}/grub/!(*.cfg)" &> /dev/null; then + if compgen -G "${profile}/grub/!(*.cfg)" &>/dev/null; then files_to_copy+=("${profile}/grub/"!(*.cfg)) fi install -d -m 0755 -- "${isofs_dir}/boot/grub" @@ -561,7 +562,7 @@ _make_common_bootmode_grub_copy_to_isofs() { } # Prepare GRUB configuration files -_make_common_bootmode_grub_cfg(){ +_make_common_bootmode_grub_cfg() { local _cfg search_filename install -d -- "${work_dir}/grub" @@ -569,7 +570,7 @@ _make_common_bootmode_grub_cfg(){ # Create a /boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid file on ISO 9660. GRUB will search for it to find the ISO # volume. This is similar to what grub-mkrescue does, except it places the file in /.disk/, but we opt to use a # directory that does not start with a dot to avoid it being accidentally missed when copying the ISO's contents. - : > "${work_dir}/grub/${iso_uuid}.uuid" + : >"${work_dir}/grub/${iso_uuid}.uuid" search_filename="/boot/grub/${iso_uuid}.uuid" # Fill GRUB configuration files @@ -579,7 +580,7 @@ _make_common_bootmode_grub_cfg(){ s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g; s|%ARCHISO_SEARCH_FILENAME%|${search_filename}|g" \ - "${_cfg}" > "${work_dir}/grub/${_cfg##*/}" + "${_cfg}" >"${work_dir}/grub/${_cfg##*/}" done # Prepare grub.cfg that will be embedded inside the GRUB binaries @@ -622,7 +623,7 @@ else fi EOF grubembedcfg="${grubembedcfg//'%ARCHISO_SEARCH_FILENAME%'/"${search_filename}"}" - printf '%s\n' "$grubembedcfg" > "${work_dir}/grub-embed.cfg" + printf '%s\n' "$grubembedcfg" >"${work_dir}/grub-embed.cfg" # Write grubenv printf '%.1024s' \ @@ -634,7 +635,7 @@ EOF "${arch}" \ "${search_filename}" \ "$(printf '%0.1s' "#"{1..1024})")" \ - > "${work_dir}/grub/grubenv" + >"${work_dir}/grub/grubenv" } _make_bootmode_uefi-ia32.grub.esp() { @@ -651,12 +652,12 @@ _make_bootmode_uefi-ia32.grub.esp() { search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common usbserial_ftdi \ usbserial_pl2303 usbserial_usbdebug video xfs zstd) grub-mkstandalone -O i386-efi \ - --modules="${grubmodules[*]}" \ - --locales="en@quot" \ - --themes="" \ - --sbat=/usr/share/grub/sbat.csv \ - --disable-shim-lock \ - -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" + --modules="${grubmodules[*]}" \ + --locales="en@quot" \ + --themes="" \ + --sbat=/usr/share/grub/sbat.csv \ + --disable-shim-lock \ + -o "${work_dir}/BOOTIA32.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" # Add GRUB to the list of files used to calculate the required FAT image size. efiboot_files+=("${work_dir}/BOOTIA32.EFI" "${pacstrap_dir}/usr/share/edk2-shell/ia32/Shell_Full.efi") @@ -728,12 +729,12 @@ _make_bootmode_uefi-x64.grub.esp() { search_fs_file search_fs_uuid search_label serial sleep tpm udf usb usbserial_common usbserial_ftdi \ usbserial_pl2303 usbserial_usbdebug video xfs zstd) grub-mkstandalone -O x86_64-efi \ - --modules="${grubmodules[*]}" \ - --locales="en@quot" \ - --themes="" \ - --sbat=/usr/share/grub/sbat.csv \ - --disable-shim-lock \ - -o "${work_dir}/BOOTx64.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" + --modules="${grubmodules[*]}" \ + --locales="en@quot" \ + --themes="" \ + --sbat=/usr/share/grub/sbat.csv \ + --disable-shim-lock \ + -o "${work_dir}/BOOTx64.EFI" "boot/grub/grub.cfg=${work_dir}/grub-embed.cfg" # Add GRUB to the list of files used to calculate the required FAT image size. efiboot_files+=("${work_dir}/BOOTx64.EFI" "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi") @@ -866,7 +867,7 @@ _make_bootmode_uefi-x64.systemd-boot.eltorito() { sed "s|%ARCHISO_LABEL%|${iso_label}|g; s|%INSTALL_DIR%|${install_dir}|g; s|%ARCH%|${arch}|g" \ - "${_conf}" > "${isofs_dir}/loader/entries/${_conf##*/}" + "${_conf}" >"${isofs_dir}/loader/entries/${_conf##*/}" done # edk2-shell based UEFI shell @@ -928,13 +929,13 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.esp() { fi # Check if mkfs.fat is available - if ! command -v mkfs.fat &> /dev/null; then + if ! command -v mkfs.fat &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0 fi # Check if mmd and mcopy are available - if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then + if ! { command -v mmd &>/dev/null && command -v mcopy &>/dev/null; }; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0 fi @@ -978,7 +979,7 @@ _validate_requirements_bootmode_uefi-x64.systemd-boot.eltorito() { _validate_requirements_bootmode_uefi-ia32.grub.esp() { # Check if GRUB is available - if ! command -v grub-mkstandalone &> /dev/null; then + if ! command -v grub-mkstandalone &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 fi @@ -1005,19 +1006,19 @@ _validate_requirements_bootmode_uefi-x64.grub.esp() { fi # Check if GRUB is available - if ! command -v grub-mkstandalone &> /dev/null; then + if ! command -v grub-mkstandalone &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': grub-install is not available on this host. Install 'grub'!" 0 fi # Check if mkfs.fat is available - if ! command -v mkfs.fat &> /dev/null; then + if ! command -v mkfs.fat &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${bootmode}': mkfs.fat is not available on this host. Install 'dosfstools'!" 0 fi # Check if mmd and mcopy are available - if ! { command -v mmd &> /dev/null && command -v mcopy &> /dev/null; }; then + if ! { command -v mmd &>/dev/null && command -v mcopy &>/dev/null; }; then _msg_error "Validating '${bootmode}': mmd and/or mcopy are not available on this host. Install 'mtools'!" 0 fi @@ -1146,14 +1147,14 @@ _sign_netboot_artifacts() { } _validate_requirements_airootfs_image_type_squashfs() { - if ! command -v mksquashfs &> /dev/null; then + if ! command -v mksquashfs &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${airootfs_image_type}': mksquashfs is not available on this host. Install 'squashfs-tools'!" 0 fi } _validate_requirements_airootfs_image_type_ext4+squashfs() { - if ! { command -v mkfs.ext4 &> /dev/null && command -v tune2fs &> /dev/null; }; then + if ! { command -v mkfs.ext4 &>/dev/null && command -v tune2fs &>/dev/null; }; then (( validation_error=validation_error+1 )) _msg_error "Validating '${airootfs_image_type}': mkfs.ext4 and/or tune2fs is not available on this host. Install 'e2fsprogs'!" 0 fi @@ -1161,22 +1162,22 @@ _validate_requirements_airootfs_image_type_ext4+squashfs() { } _validate_requirements_airootfs_image_type_erofs() { - if ! command -v mkfs.erofs &> /dev/null; then + if ! command -v mkfs.erofs &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating '${airootfs_image_type}': mkfs.erofs is not available on this host. Install 'erofs-utils'!" 0 fi } _validate_common_requirements_buildmode_all() { - if ! command -v pacman &> /dev/null; then + if ! command -v pacman &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': pacman is not available on this host. Install 'pacman'!" 0 fi - if ! command -v find &> /dev/null; then + if ! command -v find &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': find is not available on this host. Install 'findutils'!" 0 fi - if ! command -v gzip &> /dev/null; then + if ! command -v gzip &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': gzip is not available on this host. Install 'gzip'!" 0 fi @@ -1200,7 +1201,7 @@ _validate_requirements_buildmode_bootstrap() { fi _validate_common_requirements_buildmode_all - if ! command -v bsdtar &> /dev/null; then + if ! command -v bsdtar &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': bsdtar is not available on this host. Install 'libarchive'!" 0 fi @@ -1237,15 +1238,15 @@ _validate_common_requirements_buildmode_iso_netboot() { _msg_error "Two certificates are required for codesigning netboot artifacts, but '${cert_list[*]}' is provided." 0 fi - if ! command -v openssl &> /dev/null; then + if ! command -v openssl &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': openssl is not available on this host. Install 'openssl'!" 0 fi fi # Check if the specified airootfs_image_type is supported - if typeset -f "_mkairootfs_${airootfs_image_type}" &> /dev/null; then - if typeset -f "_validate_requirements_airootfs_image_type_${airootfs_image_type}" &> /dev/null; then + if typeset -f "_mkairootfs_${airootfs_image_type}" &>/dev/null; then + if typeset -f "_validate_requirements_airootfs_image_type_${airootfs_image_type}" &>/dev/null; then "_validate_requirements_airootfs_image_type_${airootfs_image_type}" else _msg_warning "Function '_validate_requirements_airootfs_image_type_${airootfs_image_type}' does not exist. Validating the requirements of '${airootfs_image_type}' airootfs image type will not be possible." @@ -1265,8 +1266,8 @@ _validate_requirements_buildmode_iso() { _msg_error "No boot modes specified in '${profile}/profiledef.sh'." 0 fi for bootmode in "${bootmodes[@]}"; do - if typeset -f "_make_bootmode_${bootmode}" &> /dev/null; then - if typeset -f "_validate_requirements_bootmode_${bootmode}" &> /dev/null; then + if typeset -f "_make_bootmode_${bootmode}" &>/dev/null; then + if typeset -f "_validate_requirements_bootmode_${bootmode}" &>/dev/null; then "_validate_requirements_bootmode_${bootmode}" else _msg_warning "Function '_validate_requirements_bootmode_${bootmode}' does not exist. Validating the requirements of '${bootmode}' boot mode will not be possible." @@ -1277,7 +1278,7 @@ _validate_requirements_buildmode_iso() { fi done - if ! command -v awk &> /dev/null; then + if ! command -v awk &>/dev/null; then (( validation_error=validation_error+1 )) _msg_error "Validating build mode '${_buildmode}': awk is not available on this host. Install 'awk'!" 0 fi @@ -1350,7 +1351,7 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() { # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will # have a Microsoft basic partition type code. - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. @@ -1421,7 +1422,7 @@ _add_xorrisofs_options_uefi-x64.grub.esp() { # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR). # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will # have a Microsoft basic partition type code. - if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then + if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.grub.eltorito ' && ! " ${bootmodes[*]} " =~ ' uefi-ia32.grub.eltorito ' ]]; then # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e', # the appended EFI system partition will have the Microsoft basic data type GUID in GPT. @@ -1488,7 +1489,7 @@ _build_bootstrap_image() { cd -- "${_bootstrap_parent}" _msg_info "Creating bootstrap image..." - bsdtar -cf - "root.${arch}" | gzip -cn9 > "${out_dir}/${image_name}" + bsdtar -cf - "root.${arch}" | gzip -cn9 >"${out_dir}/${image_name}" _msg_info "Done!" du -h -- "${out_dir}/${image_name}" cd -- "${OLDPWD}" @@ -1515,24 +1516,24 @@ _build_iso_image() { # Add required xorrisofs options for each boot mode for bootmode in "${bootmodes[@]}"; do - typeset -f "_add_xorrisofs_options_${bootmode}" &> /dev/null && "_add_xorrisofs_options_${bootmode}" + typeset -f "_add_xorrisofs_options_${bootmode}" &>/dev/null && "_add_xorrisofs_options_${bootmode}" done rm -f -- "${out_dir}/${image_name}" _msg_info "Creating ISO image..." xorriso "${xorriso_options[@]}" -as mkisofs \ - -iso-level 3 \ - -full-iso9660-filenames \ - -joliet \ - -joliet-long \ - -rational-rock \ - -volid "${iso_label}" \ - -appid "${iso_application}" \ - -publisher "${iso_publisher}" \ - -preparer "prepared by ${app_name}" \ - "${xorrisofs_options[@]}" \ - -output "${out_dir}/${image_name}" \ - "${isofs_dir}/" + -iso-level 3 \ + -full-iso9660-filenames \ + -joliet \ + -joliet-long \ + -rational-rock \ + -volid "${iso_label}" \ + -appid "${iso_application}" \ + -publisher "${iso_publisher}" \ + -preparer "prepared by ${app_name}" \ + "${xorrisofs_options[@]}" \ + -output "${out_dir}/${image_name}" \ + "${isofs_dir}/" _msg_info "Done!" du -h -- "${out_dir}/${image_name}" } @@ -1592,8 +1593,8 @@ _validate_options() { # Check if the specified buildmodes are supported for _buildmode in "${buildmodes[@]}"; do - if typeset -f "_build_buildmode_${_buildmode}" &> /dev/null; then - if typeset -f "_validate_requirements_buildmode_${_buildmode}" &> /dev/null; then + if typeset -f "_build_buildmode_${_buildmode}" &>/dev/null; then + if typeset -f "_validate_requirements_buildmode_${_buildmode}" &>/dev/null; then "_validate_requirements_buildmode_${_buildmode}" else _msg_warning "Function '_validate_requirements_buildmode_${_buildmode}' does not exist. Validating the requirements of '${_buildmode}' build mode will not be possible." @@ -1689,12 +1690,12 @@ _make_version() { _msg_info "Creating version files..." # Write version file to system installation dir rm -f -- "${pacstrap_dir}/version" - printf '%s\n' "${iso_version}" > "${pacstrap_dir}/version" + printf '%s\n' "${iso_version}" >"${pacstrap_dir}/version" if [[ "${buildmode}" == @("iso"|"netboot") ]]; then install -d -m 0755 -- "${isofs_dir}/${install_dir}" # Write version file to ISO 9660 - printf '%s\n' "${iso_version}" > "${isofs_dir}/${install_dir}/version" + printf '%s\n' "${iso_version}" >"${isofs_dir}/${install_dir}/version" fi if [[ "${buildmode}" == "iso" ]]; then @@ -1704,7 +1705,7 @@ _make_version() { rm -f -- "${isofs_dir}/${install_dir}/grubenv" printf '%.1024s' "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\n%s' \ "${iso_name}" "${iso_version}" "$(printf '%0.1s' "#"{1..1024})")" \ - > "${isofs_dir}/${install_dir}/grubenv" + >"${isofs_dir}/${install_dir}/grubenv" fi # Append IMAGE_ID & IMAGE_VERSION to os-release @@ -1716,7 +1717,7 @@ _make_version() { _msg_warning "os-release file '${_os_release}' is outside of valid path." else [[ ! -e "${_os_release}" ]] || sed -i '/^IMAGE_ID=/d;/^IMAGE_VERSION=/d' "${_os_release}" - printf 'IMAGE_ID=%s\nIMAGE_VERSION=%s\n' "${iso_name}" "${iso_version}" >> "${_os_release}" + printf 'IMAGE_ID=%s\nIMAGE_VERSION=%s\n' "${iso_name}" "${iso_version}" >>"${_os_release}" fi # Touch /usr/lib/clock-epoch to give another hint on date and time @@ -1730,11 +1731,11 @@ _make_pkglist() { _msg_info "Creating a list of installed packages on live-enviroment..." case "${buildmode}" in "bootstrap") - pacman -Q --sysroot "${pacstrap_dir}" > "${pacstrap_dir}/pkglist.${arch}.txt" + pacman -Q --sysroot "${pacstrap_dir}" >"${pacstrap_dir}/pkglist.${arch}.txt" ;; "iso"|"netboot") install -d -m 0755 -- "${isofs_dir}/${install_dir}" - pacman -Q --sysroot "${pacstrap_dir}" > "${isofs_dir}/${install_dir}/pkglist.${arch}.txt" + pacman -Q --sysroot "${pacstrap_dir}" >"${isofs_dir}/${install_dir}/pkglist.${arch}.txt" ;; esac _msg_info "Done!" @@ -1763,7 +1764,7 @@ _build_iso_base() { # Create working directory _run_once _make_work_dir # Write build date to file if it does not exist already - [[ -e "${work_dir}/build_date" ]] || printf '%s\n' "$SOURCE_DATE_EPOCH" > "${work_dir}/build_date" + [[ -e "${work_dir}/build_date" ]] || printf '%s\n' "$SOURCE_DATE_EPOCH" >"${work_dir}/build_date" [[ "${quiet}" == "y" ]] || _show_config _run_once _make_pacman_conf @@ -1848,15 +1849,15 @@ _build() { while getopts 'c:p:C:L:P:A:D:w:m:o:g:G:vrh?' arg; do case "${arg}" in - p) read -r -a override_pkg_list <<< "${OPTARG}" ;; + p) read -r -a override_pkg_list <<<"${OPTARG}" ;; C) override_pacman_conf="${OPTARG}" ;; L) override_iso_label="${OPTARG}" ;; P) override_iso_publisher="${OPTARG}" ;; A) override_iso_application="${OPTARG}" ;; D) override_install_dir="${OPTARG}" ;; - c) read -r -a override_cert_list <<< "${OPTARG}" ;; + c) read -r -a override_cert_list <<<"${OPTARG}" ;; w) override_work_dir="${OPTARG}" ;; - m) read -r -a override_buildmodes <<< "${OPTARG}" ;; + m) read -r -a override_buildmodes <<<"${OPTARG}" ;; o) override_out_dir="${OPTARG}" ;; g) override_gpg_key="${OPTARG}" ;; G) override_gpg_sender="${OPTARG}" ;; diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh index f257537..8e72bf7 100755 --- a/configs/releng/airootfs/root/.automated_script.sh +++ b/configs/releng/airootfs/root/.automated_script.sh @@ -1,17 +1,18 @@ #!/usr/bin/env bash -script_cmdline () -{ +script_cmdline() { local param - for param in $(< /proc/cmdline); do + for param in $(/etc/pacman.d/mirrorlist << EOF +cat >/etc/pacman.d/mirrorlist < # $2 # $3 -unmute_and_set_level(){ - { [ "$3" ] &&[ "$2" ] && [ "$1" ] ; } || bugout +unmute_and_set_level() { + [[ -n "$3" && -n "$2" && -n "$1" ]] || bugout systemd-cat -t "livecdsound" printf "Setting: %s on card: %s to %s\n" "$2" "$1" "$3" systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" unmute return 0 @@ -42,9 +41,8 @@ unmute_and_set_level(){ # $1 # $2 -mute_and_zero_level() -{ - { [ "$1" ] && [ "$2" ] ; } || bugout +mute_and_zero_level() { + [[ -n "$1" && -n "$2" ]] || bugout systemd-cat -t "livecdsound" printf "Muting control: %s on card: %s\n" "$2" "$1" systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "0%" mute return 0 @@ -53,17 +51,15 @@ mute_and_zero_level() # $1 # $2 # $3 "on" | "off" -switch_control() -{ - { [ "$3" ] && [ "$1" ] ; } || bugout +switch_control() { + [[ -n "$3" && -n "$1" ]] || bugout systemd-cat -t "livecdsound" printf "Switching control: %s on card: %s to %s\n" "$2" "$1" "$3" systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" return 0 } # $1 -sanify_levels_on_card() -{ +sanify_levels_on_card() { unmute_and_set_level "$1" "Front" "80%" unmute_and_set_level "$1" "Master" "80%" unmute_and_set_level "$1" "Master Mono" "80%" @@ -134,94 +130,89 @@ sanify_levels_on_card() } # $1 | "all" -sanify_levels() -{ +sanify_levels() { local ttsdml_returnstatus=0 local card case "$1" in - all) - for card in $(echo_card_indices) ; do - sanify_levels_on_card "$card" || ttsdml_returnstatus=1 - done - ;; - *) - sanify_levels_on_card "$1" || ttsdml_returnstatus=1 - ;; + all) + for card in $(echo_card_indices); do + sanify_levels_on_card "$card" || ttsdml_returnstatus=1 + done + ;; + *) + sanify_levels_on_card "$1" || ttsdml_returnstatus=1 + ;; esac - return $ttsdml_returnstatus + return "$ttsdml_returnstatus" } # List all cards that *should* be usable for PCM audio. In my experience, # the console speaker (handled by the pcsp driver) isn't a suitable playback # device, so we'll exclude it. -list_non_pcsp_cards() -{ +list_non_pcsp_cards() { for card in $(echo_card_indices); do local cardfile="/proc/asound/card${card}/id" - if [ -r "$cardfile" ] && [ -f "$cardfile" ] && \ - [ "$(cat "$cardfile")" != pcsp ]; then + if [[ -r "$cardfile" && -f "$cardfile" && "$(cat "$cardfile")" != pcsp ]]; then echo "$card" fi done } # Properly initialize the sound card so that we have audio at boot. -unmute_all_cards() -{ +unmute_all_cards() { sanify_levels all } is_numeric() { - local str=$1 + local str="$1" [[ "$str" =~ ^[0-9]+$ ]] } set_default_card() { - local card=$1 - sed -e "s/%card%/$card/g" < /usr/local/share/livecd-sound/asound.conf.in \ - > /etc/asound.conf + local card="$1" + sed -e "s/%card%/$card/g" /etc/asound.conf } play_on_card() { - local card=$1 file=$2 + local card="$1" file="$2" aplay -q "-Dplughw:$card,0" "$file" } # If there are multiple usable sound cards, prompt the user to choose one, # using auditory feedback. -pick_a_card() -{ +pick_a_card() { set -f usable_cards="$(list_non_pcsp_cards)" - num_usable_cards="$(wc -w <<< "$usable_cards")" + num_usable_cards="$(wc -w <<<"$usable_cards")" - if [ "$num_usable_cards" -eq 1 ]; then + if (( num_usable_cards == 1 )); then systemd-cat -t "livecdsound" printf "Only one sound card is detected\n" exit 0 fi systemd-cat -t "livecdsound" printf "multiple sound cards detected\n" - for card in $usable_cards; do + for card in "${usable_cards[@]}"; do if ! is_numeric "$card"; then continue fi - play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav& + play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav & done wait sleep 1 - for card in $usable_cards; do + for card in "${usable_cards[@]}"; do if ! is_numeric "$card"; then continue - fi - play_on_card "$card" /usr/share/livecd-sounds/beep.wav - if read -r -t 10; then - systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card" - set_default_card "$card" - break - fi -done + fi + play_on_card "$card" /usr/share/livecd-sounds/beep.wav + if read -r -t 10; then + systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card" + set_default_card "$card" + break + fi + done } -if [[ $# -eq 0 ]]; then +if (( $# == 0 )); then echo "error: No argument passed." exit 1 fi diff --git a/scripts/run_archiso.sh b/scripts/run_archiso.sh index 6ddce15..87e5e25 100755 --- a/scripts/run_archiso.sh +++ b/scripts/run_archiso.sh @@ -11,7 +11,6 @@ # - qemu # - edk2-ovmf (when UEFI booting) - set -eu print_help() { -- cgit v1.2.3-70-g09d2 From 6c5ab3d3885024bc7a8feb724b721d4b481f13a9 Mon Sep 17 00:00:00 2001 From: David Runge Date: Tue, 29 Aug 2023 20:09:46 +0200 Subject: Use pcsclite for communicating with OpenPGP smartcards As opgpcard uses pcsclite and gnupg is able to use it as well, switch away from using gnupg's internal ccid driver. --- CHANGELOG.rst | 1 + .../airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket | 1 + configs/releng/airootfs/root/.gnupg/scdaemon.conf | 4 ++++ configs/releng/profiledef.sh | 1 + 4 files changed, 7 insertions(+) create mode 120000 configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket create mode 100644 configs/releng/airootfs/root/.gnupg/scdaemon.conf (limited to 'configs/releng/airootfs/root') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d941d1a..0cf973a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -19,6 +19,7 @@ Changed the file system size. - Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. - Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf`` +- Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it. Deprecated ---------- diff --git a/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket new file mode 120000 index 0000000..3897c63 --- /dev/null +++ b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket @@ -0,0 +1 @@ +/usr/lib/systemd/system/pcscd.socket \ No newline at end of file diff --git a/configs/releng/airootfs/root/.gnupg/scdaemon.conf b/configs/releng/airootfs/root/.gnupg/scdaemon.conf new file mode 100644 index 0000000..e1f3d1f --- /dev/null +++ b/configs/releng/airootfs/root/.gnupg/scdaemon.conf @@ -0,0 +1,4 @@ +disable-ccid +disable-pinpad +pcsc-driver /usr/lib/libpcsclite.so +pcsc-shared diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index 4154816..5cba1b5 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -19,6 +19,7 @@ file_permissions=( ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" ["/root/.automated_script.sh"]="0:0:755" + ["/root/.gnupg"]="0:0:700" ["/usr/local/bin/choose-mirror"]="0:0:755" ["/usr/local/bin/Installation_guide"]="0:0:755" ["/usr/local/bin/livecd-sound"]="0:0:755" -- cgit v1.2.3-70-g09d2 From 72c274924a0a96d5122b1dcd05f9e893c0aa33e4 Mon Sep 17 00:00:00 2001 From: John Lane Date: Thu, 7 Dec 2023 19:45:58 +0000 Subject: Allow download automated script using TFTP --- configs/releng/airootfs/root/.automated_script.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'configs/releng/airootfs/root') diff --git a/configs/releng/airootfs/root/.automated_script.sh b/configs/releng/airootfs/root/.automated_script.sh index 8e72bf7..0d95012 100755 --- a/configs/releng/airootfs/root/.automated_script.sh +++ b/configs/releng/airootfs/root/.automated_script.sh @@ -16,7 +16,7 @@ automated_script() { local script rt script="$(script_cmdline)" if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then - if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then + if [[ "${script}" =~ ^((http|https|ftp|tftp)://) ]]; then # there's no synchronization for network availability before executing this script printf '%s: waiting for network-online.target\n' "$0" until systemctl --quiet is-active network-online.target; do -- cgit v1.2.3-70-g09d2