Allow specifying ownership and mode of custom airootfs files and directories
profiledef.sh can now contain an associative array called file_permissions which can be used to set custom ownership and mode of custom airootfs files. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and access mode. For example: file_permissions=( ["/etc/shadow"]="0:0:400" ) This means that mkarchiso now copies airootfs files (and directores) without permissions and anything that should be owned by a user other than root and/or if the mode should be something other than 644 for files and 755 for directories must to be listed in ${file_permission[@]} in profiledef.sh. Fixes https://gitlab.archlinux.org/archlinux/archiso/-/issues/61 .
This commit is contained in:
parent
2c99df5c9b
commit
42d9e4f983
@ -52,6 +52,9 @@ The image file is constructed from some of the variables in **profiledef.sh**: `
|
||||
- `ext4+squashfs`: Create an ext4 partition, copy the airootfs work directory to it and create a squashfs image from it
|
||||
* `airootfs_image_tool_options`: An array of options to pass to the tool to create the airootfs image. Currently only
|
||||
`mksquashfs` is supported - see `mksquashfs --help` for all possible options (defaults to `('-comp' 'xz')`).
|
||||
- `file_permissions`: An associative array that lists files and/or directories who need specific ownership or
|
||||
permissions. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and
|
||||
access mode. E.g. `file_permissions=(["/etc/shadow"]="0:0:400")`.
|
||||
|
||||
packages.arch
|
||||
=============
|
||||
@ -91,8 +94,9 @@ airootfs
|
||||
This - optional - directory may contain files and directories that will be copied to the work directory of the resulting
|
||||
image's root filesystem.
|
||||
The files are copied before packages are being installed to work directory location.
|
||||
Ownership of files and directories from the profile's `airootfs` directory are not preserved (permissions are currently
|
||||
the same as in the profile's `airootfs` - see `#61 <https://gitlab.archlinux.org/archlinux/archiso/-/issues/73>`_).
|
||||
Ownership and permissions of files and directories from the profile's `airootfs` directory are not preserved. The mode
|
||||
will be `644` for files and `755` for directories, all of them will be owned by root. To set custom ownership and/or
|
||||
permissions, use `file_permissions` in **profiledef.sh**.
|
||||
|
||||
With this overlay structure it is possible to e.g. create users and set passwords for them, by providing
|
||||
`airootfs/etc/passwd`, `airootfs/etc/shadow`, `airootfs/etc/gshadow` (see `man 5 passwd`, `man 5 shadow` and `man 5
|
||||
|
@ -37,6 +37,7 @@ override_pacman_conf=""
|
||||
bootmodes=()
|
||||
airootfs_image_type="squashfs"
|
||||
airootfs_image_tool_options=('-comp' 'xz')
|
||||
declare -A file_permissions=()
|
||||
|
||||
|
||||
# Show an INFO message
|
||||
@ -257,30 +258,23 @@ _make_pacman_conf() {
|
||||
# Prepare working directory and copy custom airootfs files (airootfs)
|
||||
_make_custom_airootfs() {
|
||||
local passwd=()
|
||||
local filename permissions
|
||||
|
||||
install -d -m 0755 -o 0 -g 0 -- "${airootfs_dir}"
|
||||
|
||||
if [[ -d "${profile}/airootfs" ]]; then
|
||||
_msg_info "Copying custom airootfs files and setting up user home directories..."
|
||||
cp -af --no-preserve=ownership -- "${profile}/airootfs/." "${airootfs_dir}"
|
||||
|
||||
[[ -e "${airootfs_dir}/etc/shadow" ]] && chmod -f 0400 -- "${airootfs_dir}/etc/shadow"
|
||||
[[ -e "${airootfs_dir}/etc/gshadow" ]] && chmod -f 0400 -- "${airootfs_dir}/etc/gshadow"
|
||||
|
||||
# Set up user home directories and permissions
|
||||
if [[ -e "${airootfs_dir}/etc/passwd" ]]; then
|
||||
while IFS=':' read -a passwd -r; do
|
||||
[[ "${passwd[5]}" == '/' ]] && continue
|
||||
[[ -z "${passwd[5]}" ]] && continue
|
||||
|
||||
if [[ -d "${airootfs_dir}${passwd[5]}" ]]; then
|
||||
chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}"
|
||||
chmod -f 0750 -- "${airootfs_dir}${passwd[5]}"
|
||||
else
|
||||
install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${airootfs_dir}${passwd[5]}"
|
||||
fi
|
||||
done < "${airootfs_dir}/etc/passwd"
|
||||
fi
|
||||
_msg_info "Copying custom airootfs files..."
|
||||
cp -af --no-preserve=ownership,mode -- "${profile}/airootfs/." "${airootfs_dir}"
|
||||
# Set ownership and mode for files and directories
|
||||
for filename in "${!file_permissions[@]}"; do
|
||||
IFS=':' read -ra permissions <<< "${file_permissions["${filename}"]}"
|
||||
if [[ -e "${airootfs_dir}${filename}" ]]; then
|
||||
chown -fh -- "${permissions[0]}:${permissions[1]}" "${airootfs_dir}${filename}"
|
||||
chmod -f -- "${permissions[2]}" "${airootfs_dir}${filename}"
|
||||
else
|
||||
_msg_warning "Cannot change permissions of '${airootfs_dir}${filename}'. The file or directory does not exist."
|
||||
fi
|
||||
done
|
||||
_msg_info "Done!"
|
||||
fi
|
||||
}
|
||||
@ -318,10 +312,12 @@ _make_customize_airootfs() {
|
||||
(( passwd[2] >= 1000 && passwd[2] < 60000 )) || continue
|
||||
[[ "${passwd[5]}" == '/' ]] && continue
|
||||
[[ -z "${passwd[5]}" ]] && continue
|
||||
cp -dnRT --preserve=mode,timestamps,links -- "${airootfs_dir}/etc/skel" "${airootfs_dir}${passwd[5]}"
|
||||
if [[ ! -d "${airootfs_dir}${passwd[5]}" ]]; then
|
||||
install -d -m 0750 -o "${passwd[2]}" -g "${passwd[3]}" -- "${airootfs_dir}${passwd[5]}"
|
||||
fi
|
||||
cp -dnRT --preserve=mode,timestamps,links -- "${airootfs_dir}/etc/skel/." "${airootfs_dir}${passwd[5]}"
|
||||
chmod -f 0750 -- "${airootfs_dir}${passwd[5]}"
|
||||
chown -hR -- "${passwd[2]}:${passwd[3]}" "${airootfs_dir}${passwd[5]}"
|
||||
|
||||
done < "${profile}/airootfs/etc/passwd"
|
||||
_msg_info "Done!"
|
||||
fi
|
||||
@ -329,6 +325,7 @@ _make_customize_airootfs() {
|
||||
if [[ -e "${airootfs_dir}/root/customize_airootfs.sh" ]]; then
|
||||
_msg_info "Running customize_airootfs.sh in '${airootfs_dir}' chroot..."
|
||||
_msg_warning "customize_airootfs.sh is deprecated! Support for it will be removed in a future archiso version."
|
||||
chmod -f -- +x "${airootfs_dir}/root/customize_airootfs.sh"
|
||||
eval -- arch-chroot "${airootfs_dir}" "/root/customize_airootfs.sh"
|
||||
rm -- "${airootfs_dir}/root/customize_airootfs.sh"
|
||||
_msg_info "Done! customize_airootfs.sh run successfully."
|
||||
|
@ -10,3 +10,6 @@ install_dir="arch"
|
||||
bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito')
|
||||
arch="x86_64"
|
||||
pacman_conf="pacman.conf"
|
||||
file_permissions=(
|
||||
["/etc/shadow"]="0:0:400"
|
||||
)
|
||||
|
@ -11,3 +11,11 @@ bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.e
|
||||
arch="x86_64"
|
||||
pacman_conf="pacman.conf"
|
||||
airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M')
|
||||
file_permissions=(
|
||||
["/etc/shadow"]="0:0:400"
|
||||
["/root"]="0:0:750"
|
||||
["/root/.automated_script.sh"]="0:0:750"
|
||||
["/usr/local/bin/choose-mirror"]="0:0:755"
|
||||
["/usr/local/bin/Installation_guide"]="0:0:755"
|
||||
["/usr/local/bin/livecd-sound"]="0:0:755"
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user