diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-02 07:51:33 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-10-02 07:51:33 +0000 |
commit | c9533d0ea64f29de872e48be67b6eaa10b7e2ca3 (patch) | |
tree | 7e176c9ec587cad23dc6b7607ae5379cb918a4e0 /setup-disk.in | |
parent | 762c6558e48409159fba7b12ce8fb0baf4e6e2f5 (diff) | |
download | alpine-conf-c9533d0ea64f29de872e48be67b6eaa10b7e2ca3.zip |
setup-disk: fix running update-extlinux in chroot
When installling the packages in new root, the update-extlinux trigger
script will be executed. We make sure this does not fail by:
- run extlinux --install before we install packages
- mount /dev and /proc for the chroot
- temprorary disable grsecurity's chroot_caps
Diffstat (limited to 'setup-disk.in')
-rw-r--r-- | setup-disk.in | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/setup-disk.in b/setup-disk.in index d3a4500..8d3e14d 100644 --- a/setup-disk.in +++ b/setup-disk.in @@ -160,6 +160,31 @@ find_pvs_in_vg() { pvs --noheadings | awk "\$2 == \"$vg\" {print \$1}" } +# echo current grsecurity option and set new +set_grsec() { + local key="$1" value="$2" + if ! [ -e /proc/sys/kernel/grsecurity/$key ]; then + return 0 + fi + cat /proc/sys/kernel/grsecurity/$key + echo $value > /proc/sys/kernel/grsecurity/$key +} + +init_chroot_mounts() { + local mnt="$1" i= + for i in proc dev; do + mkdir -p "$mnt"/$i + mount --bind /$i "$mnt"/$i + done +} + +cleanup_chroot_mounts() { + local mnt="$1" i= + for i in proc dev; do + umount "$mnt"/$i + done +} + install_mounted_root() { local mnt="$1" mnt_boot= boot_fs= root_fs= local initfs_features="ata base ide scsi usb virtio" @@ -266,15 +291,15 @@ install_mounted_root() { /dev/fd0 /media/floppy vfat noauto 0 0 /dev/usbdisk /media/usb vfat noauto 0 0 EOF - # remove the installed db in case its there so we force re-install rm -f "$mnt"/var/lib/apk/installed "$mnt"/lib/apk/db/installed echo "Installing system on $rootdev:" + extlinux $extlinux_raidopt --install "$mnt"/boot + # apk reads config from target root so we need to copy the config mkdir -p "$mnt"/etc/apk/keys/ cp /etc/apk/keys/* "$mnt"/etc/apk/keys/ - local apkflags="--initdb --quiet --progress --update-cache --clean-protected" local pkgs=$(cat "$mnt"/etc/apk/world "$mnt"/var/lib/apk/world 2>/dev/null) pkgs="$pkgs acct linux-$KERNEL_FLAVOR alpine-base" @@ -287,10 +312,14 @@ EOF repoflags="$repoflags --repository $i" done + chroot_caps=$(set_grsec chroot_caps 0) + init_chroot_mounts "$mnt" apk add --root "$mnt" $apkflags --overlay-from-stdin \ - $repoflags $pkgs <$ovlfiles>/dev/null || return 1 - echo "" - extlinux $extlinux_raidopt --install "$mnt"/boot + $repoflags $pkgs <$ovlfiles>/dev/null + local ret=$? + cleanup_chroot_mounts "$mnt" + set_grsec chroot_caps $chroot_caps > /dev/null + return $ret } unmount_partitions() { |