Commit c9533d0e authored by Natanael Copa's avatar Natanael Copa

setup-disk: fix running update-extlinux in chroot

When installling the packages in new root, the update-extlinux trigger
script will be executed. We make sure this does not fail by:
 - run extlinux --install before we install packages
 - mount /dev and /proc for the chroot
 - temprorary disable grsecurity's chroot_caps
parent 762c6558
...@@ -160,6 +160,31 @@ find_pvs_in_vg() { ...@@ -160,6 +160,31 @@ find_pvs_in_vg() {
pvs --noheadings | awk "\$2 == \"$vg\" {print \$1}" pvs --noheadings | awk "\$2 == \"$vg\" {print \$1}"
} }
# echo current grsecurity option and set new
set_grsec() {
local key="$1" value="$2"
if ! [ -e /proc/sys/kernel/grsecurity/$key ]; then
return 0
fi
cat /proc/sys/kernel/grsecurity/$key
echo $value > /proc/sys/kernel/grsecurity/$key
}
init_chroot_mounts() {
local mnt="$1" i=
for i in proc dev; do
mkdir -p "$mnt"/$i
mount --bind /$i "$mnt"/$i
done
}
cleanup_chroot_mounts() {
local mnt="$1" i=
for i in proc dev; do
umount "$mnt"/$i
done
}
install_mounted_root() { install_mounted_root() {
local mnt="$1" mnt_boot= boot_fs= root_fs= local mnt="$1" mnt_boot= boot_fs= root_fs=
local initfs_features="ata base ide scsi usb virtio" local initfs_features="ata base ide scsi usb virtio"
...@@ -266,15 +291,15 @@ install_mounted_root() { ...@@ -266,15 +291,15 @@ install_mounted_root() {
/dev/fd0 /media/floppy vfat noauto 0 0 /dev/fd0 /media/floppy vfat noauto 0 0
/dev/usbdisk /media/usb vfat noauto 0 0 /dev/usbdisk /media/usb vfat noauto 0 0
EOF EOF
# remove the installed db in case its there so we force re-install # remove the installed db in case its there so we force re-install
rm -f "$mnt"/var/lib/apk/installed "$mnt"/lib/apk/db/installed rm -f "$mnt"/var/lib/apk/installed "$mnt"/lib/apk/db/installed
echo "Installing system on $rootdev:" echo "Installing system on $rootdev:"
extlinux $extlinux_raidopt --install "$mnt"/boot
# apk reads config from target root so we need to copy the config # apk reads config from target root so we need to copy the config
mkdir -p "$mnt"/etc/apk/keys/ mkdir -p "$mnt"/etc/apk/keys/
cp /etc/apk/keys/* "$mnt"/etc/apk/keys/ cp /etc/apk/keys/* "$mnt"/etc/apk/keys/
local apkflags="--initdb --quiet --progress --update-cache --clean-protected" local apkflags="--initdb --quiet --progress --update-cache --clean-protected"
local pkgs=$(cat "$mnt"/etc/apk/world "$mnt"/var/lib/apk/world 2>/dev/null) local pkgs=$(cat "$mnt"/etc/apk/world "$mnt"/var/lib/apk/world 2>/dev/null)
pkgs="$pkgs acct linux-$KERNEL_FLAVOR alpine-base" pkgs="$pkgs acct linux-$KERNEL_FLAVOR alpine-base"
...@@ -287,10 +312,14 @@ EOF ...@@ -287,10 +312,14 @@ EOF
repoflags="$repoflags --repository $i" repoflags="$repoflags --repository $i"
done done
chroot_caps=$(set_grsec chroot_caps 0)
init_chroot_mounts "$mnt"
apk add --root "$mnt" $apkflags --overlay-from-stdin \ apk add --root "$mnt" $apkflags --overlay-from-stdin \
$repoflags $pkgs <$ovlfiles>/dev/null || return 1 $repoflags $pkgs <$ovlfiles>/dev/null
echo "" local ret=$?
extlinux $extlinux_raidopt --install "$mnt"/boot cleanup_chroot_mounts "$mnt"
set_grsec chroot_caps $chroot_caps > /dev/null
return $ret
} }
unmount_partitions() { unmount_partitions() {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment