summaryrefslogtreecommitdiff
path: root/setup-disk.in
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-10-02 07:51:33 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-10-02 07:51:33 +0000
commitc9533d0ea64f29de872e48be67b6eaa10b7e2ca3 (patch)
tree7e176c9ec587cad23dc6b7607ae5379cb918a4e0 /setup-disk.in
parent762c6558e48409159fba7b12ce8fb0baf4e6e2f5 (diff)
downloadalpine-conf-c9533d0ea64f29de872e48be67b6eaa10b7e2ca3.zip
setup-disk: fix running update-extlinux in chroot
When installling the packages in new root, the update-extlinux trigger script will be executed. We make sure this does not fail by: - run extlinux --install before we install packages - mount /dev and /proc for the chroot - temprorary disable grsecurity's chroot_caps
Diffstat (limited to 'setup-disk.in')
-rw-r--r--setup-disk.in39
1 files changed, 34 insertions, 5 deletions
diff --git a/setup-disk.in b/setup-disk.in
index d3a4500..8d3e14d 100644
--- a/setup-disk.in
+++ b/setup-disk.in
@@ -160,6 +160,31 @@ find_pvs_in_vg() {
pvs --noheadings | awk "\$2 == \"$vg\" {print \$1}"
}
+# echo current grsecurity option and set new
+set_grsec() {
+ local key="$1" value="$2"
+ if ! [ -e /proc/sys/kernel/grsecurity/$key ]; then
+ return 0
+ fi
+ cat /proc/sys/kernel/grsecurity/$key
+ echo $value > /proc/sys/kernel/grsecurity/$key
+}
+
+init_chroot_mounts() {
+ local mnt="$1" i=
+ for i in proc dev; do
+ mkdir -p "$mnt"/$i
+ mount --bind /$i "$mnt"/$i
+ done
+}
+
+cleanup_chroot_mounts() {
+ local mnt="$1" i=
+ for i in proc dev; do
+ umount "$mnt"/$i
+ done
+}
+
install_mounted_root() {
local mnt="$1" mnt_boot= boot_fs= root_fs=
local initfs_features="ata base ide scsi usb virtio"
@@ -266,15 +291,15 @@ install_mounted_root() {
/dev/fd0 /media/floppy vfat noauto 0 0
/dev/usbdisk /media/usb vfat noauto 0 0
EOF
-
# remove the installed db in case its there so we force re-install
rm -f "$mnt"/var/lib/apk/installed "$mnt"/lib/apk/db/installed
echo "Installing system on $rootdev:"
+ extlinux $extlinux_raidopt --install "$mnt"/boot
+
# apk reads config from target root so we need to copy the config
mkdir -p "$mnt"/etc/apk/keys/
cp /etc/apk/keys/* "$mnt"/etc/apk/keys/
-
local apkflags="--initdb --quiet --progress --update-cache --clean-protected"
local pkgs=$(cat "$mnt"/etc/apk/world "$mnt"/var/lib/apk/world 2>/dev/null)
pkgs="$pkgs acct linux-$KERNEL_FLAVOR alpine-base"
@@ -287,10 +312,14 @@ EOF
repoflags="$repoflags --repository $i"
done
+ chroot_caps=$(set_grsec chroot_caps 0)
+ init_chroot_mounts "$mnt"
apk add --root "$mnt" $apkflags --overlay-from-stdin \
- $repoflags $pkgs <$ovlfiles>/dev/null || return 1
- echo ""
- extlinux $extlinux_raidopt --install "$mnt"/boot
+ $repoflags $pkgs <$ovlfiles>/dev/null
+ local ret=$?
+ cleanup_chroot_mounts "$mnt"
+ set_grsec chroot_caps $chroot_caps > /dev/null
+ return $ret
}
unmount_partitions() {