Allow specifying ownership and mode of custom airootfs files and directories
profiledef.sh can now contain an associative array called file_permissions which can be used to set custom ownership and mode of custom airootfs files. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and access mode. For example: file_permissions=( ["/etc/shadow"]="0:0:400" ) This means that mkarchiso now copies airootfs files (and directores) without permissions and anything that should be owned by a user other than root and/or if the mode should be something other than 644 for files and 755 for directories must to be listed in ${file_permission[@]} in profiledef.sh. Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/61 .
This commit is contained in:
parent
2c99df5c9b
commit
42d9e4f983
@ -52,6 +52,9 @@ The image file is constructed from some of the variables in **profiledef.sh**: `
|
|||||||
- `ext4+squashfs`: Create an ext4 partition, copy the airootfs work directory to it and create a squashfs image from it
|
- `ext4+squashfs`: Create an ext4 partition, copy the airootfs work directory to it and create a squashfs image from it
|
||||||
* `airootfs_image_tool_options`: An array of options to pass to the tool to create the airootfs image. Currently only
|
* `airootfs_image_tool_options`: An array of options to pass to the tool to create the airootfs image. Currently only
|
||||||
`mksquashfs` is supported - see `mksquashfs --help` for all possible options (defaults to `('-comp' 'xz')`).
|
`mksquashfs` is supported - see `mksquashfs --help` for all possible options (defaults to `('-comp' 'xz')`).
|
||||||
|
- `file_permissions`: An associative array that lists files and/or directories who need specific ownership or
|
||||||
|
permissions. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and
|
||||||
|
access mode. E.g. `file_permissions=(["/etc/shadow"]="0:0:400")`.
|
||||||
|
|
||||||
packages.arch
|
packages.arch
|
||||||
=============
|
=============
|
||||||
@ -91,8 +94,9 @@ airootfs
|
|||||||
This - optional - directory may contain files and directories that will be copied to the work directory of the resulting
|
This - optional - directory may contain files and directories that will be copied to the work directory of the resulting
|
||||||
image's root filesystem.
|
image's root filesystem.
|
||||||
The files are copied before packages are being installed to work directory location.
|
The files are copied before packages are being installed to work directory location.
|
||||||
Ownership of files and directories from the profile's `airootfs` directory are not preserved (permissions are currently
|
Ownership and permissions of files and directories from the profile's `airootfs` directory are not preserved. The mode
|
||||||
the same as in the profile's `airootfs` - see `#61 <https://gitlab.archlinux.org/archlinux/archiso/-/issues/73>`_).
|
will be `644` for files and `755` for directories, all of them will be owned by root. To set custom ownership and/or
|
||||||
|
permissions, use `file_permissions` in **profiledef.sh**.
|
||||||
|
|
||||||
With this overlay structure it is possible to e.g. create users and set passwords for them, by providing
|
With this overlay structure it is possible to e.g. create users and set passwords for them, by providing
|
||||||
`airootfs/etc/passwd`, `airootfs/etc/shadow`, `airootfs/etc/gshadow` (see `man 5 passwd`, `man 5 shadow` and `man 5
|
`airootfs/etc/passwd`, `airootfs/etc/shadow`, `airootfs/etc/gshadow` (see `man 5 passwd`, `man 5 shadow` and `man 5
|
||||||
|
@ -37,6 +37,7 @@ override_pacman_conf=""
|
|||||||
bootmodes=()
|
bootmodes=()
|
||||||
airootfs_image_type="squashfs"
|
airootfs_image_type="squashfs"
|
||||||
airootfs_image_tool_options=('-comp' 'xz')
|
airootfs_image_tool_options=('-comp' 'xz')
|
||||||
|
declare -A file_permissions=()
|
||||||
|
|
||||||
|
|
||||||
# Show an INFO message
|
# Show an INFO message
|
||||||
@ -257,30 +258,23 @@ _make_pacman_conf() {
|
|||||||
# Prepare working directory and copy custom airootfs files (airootfs)
|
# Prepare working directory and copy custom airootfs files (airootfs)
|
||||||
_make_custom_airootfs() {
|
_make_custom_airootfs() {
|
||||||
local passwd=()
|
local passwd=()
|
||||||
|
local filename permissions
|
||||||
|
|
||||||
install -d -m 0755 -o 0 -g 0 -- "${airootfs_dir}"
|
install -d -m 0755 -o 0 -g 0 -- "${airootfs_dir}"
|
||||||
|
|
||||||
if [[ -d "${profile}/airootfs" ]]; then
|
if [[ -d "${profile}/airootfs" ]]; then
|
||||||
_msg_info "Copying custom airootfs files and setting up user home directories..."
|
_msg_info "Copying custom airootfs files..."
|
||||||
cp -af --no-preserve=ownership -- "${profile}/airootfs/." "${airootfs_dir}"
|
cp -af --no-preserve=ownership,mode -- "${profile}/airootfs/." "${airootfs_dir}"
|
||||||
|
# Set ownership and mode for files and directories
|
||||||
[[ -e "${airootfs_dir}/etc/shadow" ]] && chmod -f 0400 -- "${airootfs_dir}/etc/shadow"
|
for filename in "${!file_permissions[@]}"; do
|
||||||
[[ -e "${airootfs_dir}/etc/gshadow" ]] && chmod -f 0400 -- "${airootfs_dir}/etc/gshadow"
|
IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}"
|
||||||
|
if [[ -e "${airootfs_dir}${filename}" ]]; then
|
||||||
# Set up user home directories and permissions
|
chown -fh -- "${permissions[0]}:${permissions[1]}" "${airootfs_dir}${filename}"
|
||||||
if [[ -e "${airootfs_dir}/etc/passwd" ]]; then
|
chmod -f -- "${permissions[2]}" "${airootfs_dir}${filename}"
|
||||||
while IFS=':' read -a passwd -r; do
|
|
||||||
[[ "${passwd[5]}" == '/' ]] && continue
|
|
||||||
[[ -z "${passwd[5]}" ]] && continue
|
|
||||||
|
|
||||||
if [[ -d "${airootfs_dir}${passwd[5]}" ]]; then
|
|
||||||
chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}"
|
|
||||||
chmod -f 0750 -- "${airootfs_dir}${passwd[5]}"
|
|
||||||
else
|
else
|
||||||
install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${airootfs_dir}${passwd[5]}"
|
_msg_warning "Cannot change permissions of '${airootfs_dir}${filename}'. The file or directory does not exist."
|
||||||
fi
|
|
||||||
done < "${airootfs_dir}/etc/passwd"
|
|
||||||
fi
|
fi
|
||||||
|
done
|
||||||
_msg_info "Done!"
|
_msg_info "Done!"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -318,10 +312,12 @@ _make_customize_airootfs() {
|
|||||||
(( passwd[2] >= 1000 && passwd[2] < 60000 )) || continue
|
(( passwd[2] >= 1000 && passwd[2] < 60000 )) || continue
|
||||||
[[ "${passwd[5]}" == '/' ]] && continue
|
[[ "${passwd[5]}" == '/' ]] && continue
|
||||||
[[ -z "${passwd[5]}" ]] && continue
|
[[ -z "${passwd[5]}" ]] && continue
|
||||||
cp -dnRT --preserve=mode,timestamps,links -- "${airootfs_dir}/etc/skel" "${airootfs_dir}${passwd[5]}"
|
if [[ ! -d "${airootfs_dir}${passwd[5]}" ]]; then
|
||||||
|
install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${airootfs_dir}${passwd[5]}"
|
||||||
|
fi
|
||||||
|
cp -dnRT --preserve=mode,timestamps,links -- "${airootfs_dir}/etc/skel/." "${airootfs_dir}${passwd[5]}"
|
||||||
chmod -f 0750 -- "${airootfs_dir}${passwd[5]}"
|
chmod -f 0750 -- "${airootfs_dir}${passwd[5]}"
|
||||||
chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}"
|
chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}"
|
||||||
|
|
||||||
done < "${profile}/airootfs/etc/passwd"
|
done < "${profile}/airootfs/etc/passwd"
|
||||||
_msg_info "Done!"
|
_msg_info "Done!"
|
||||||
fi
|
fi
|
||||||
@ -329,6 +325,7 @@ _make_customize_airootfs() {
|
|||||||
if [[ -e "${airootfs_dir}/root/customize_airootfs.sh" ]]; then
|
if [[ -e "${airootfs_dir}/root/customize_airootfs.sh" ]]; then
|
||||||
_msg_info "Running customize_airootfs.sh in '${airootfs_dir}' chroot..."
|
_msg_info "Running customize_airootfs.sh in '${airootfs_dir}' chroot..."
|
||||||
_msg_warning "customize_airootfs.sh is deprecated! Support for it will be removed in a future archiso version."
|
_msg_warning "customize_airootfs.sh is deprecated! Support for it will be removed in a future archiso version."
|
||||||
|
chmod -f -- +x "${airootfs_dir}/root/customize_airootfs.sh"
|
||||||
eval -- arch-chroot "${airootfs_dir}" "/root/customize_airootfs.sh"
|
eval -- arch-chroot "${airootfs_dir}" "/root/customize_airootfs.sh"
|
||||||
rm -- "${airootfs_dir}/root/customize_airootfs.sh"
|
rm -- "${airootfs_dir}/root/customize_airootfs.sh"
|
||||||
_msg_info "Done! customize_airootfs.sh run successfully."
|
_msg_info "Done! customize_airootfs.sh run successfully."
|
||||||
|
@ -10,3 +10,6 @@ install_dir="arch"
|
|||||||
bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito')
|
bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito')
|
||||||
arch="x86_64"
|
arch="x86_64"
|
||||||
pacman_conf="pacman.conf"
|
pacman_conf="pacman.conf"
|
||||||
|
file_permissions=(
|
||||||
|
["/etc/shadow"]="0:0:400"
|
||||||
|
)
|
||||||
|
@ -11,3 +11,11 @@ bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.e
|
|||||||
arch="x86_64"
|
arch="x86_64"
|
||||||
pacman_conf="pacman.conf"
|
pacman_conf="pacman.conf"
|
||||||
airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M')
|
airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M')
|
||||||
|
file_permissions=(
|
||||||
|
["/etc/shadow"]="0:0:400"
|
||||||
|
["/root"]="0:0:750"
|
||||||
|
["/root/.automated_script.sh"]="0:0:750"
|
||||||
|
["/usr/local/bin/choose-mirror"]="0:0:755"
|
||||||
|
["/usr/local/bin/Installation_guide"]="0:0:755"
|
||||||
|
["/usr/local/bin/livecd-sound"]="0:0:755"
|
||||||
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user