518 lines
15 KiB
Bash
Executable File
518 lines
15 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
# lh_chroot_sources(1) - manage /etc/apt/sources.list
|
|
# Copyright (C) 2006-2010 Daniel Baumann <daniel@debian.org>
|
|
#
|
|
# live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
|
|
# This is free software, and you are welcome to redistribute it
|
|
# under certain conditions; see COPYING for details.
|
|
|
|
set -e
|
|
|
|
# Including common functions
|
|
. "${LH_BASE:-/usr/share/live-helper}"/live-helper.sh
|
|
|
|
# Setting static variables
|
|
DESCRIPTION="$(Echo 'manage /etc/apt/sources.list')"
|
|
HELP=""
|
|
USAGE="${PROGRAM} {install|remove} [--force]"
|
|
|
|
Arguments "${@}"
|
|
|
|
# Reading configuration files
|
|
Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
|
|
Set_defaults
|
|
|
|
# Requiring stage file
|
|
Require_stagefile .stage/config .stage/bootstrap
|
|
|
|
_LH_LOCAL_KEY_EMAIL="live-helper-local-key@invalid"
|
|
|
|
case "${1}" in
|
|
install)
|
|
Echo_message "Configuring file /etc/apt/sources.list"
|
|
|
|
# Checking stage file
|
|
Check_stagefile .stage/chroot_sources
|
|
|
|
# Checking lock file
|
|
Check_lockfile .lock
|
|
|
|
# Creating lock file
|
|
Create_lockfile .lock
|
|
|
|
# Configure custom sources.list
|
|
echo "deb ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" > chroot/etc/apt/sources.list
|
|
|
|
if [ "${LH_SOURCE}" = "true" ]
|
|
then
|
|
echo "deb-src ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
fi
|
|
|
|
if [ "${LH_SECURITY}" = "true" ]
|
|
then
|
|
case "${LH_MODE}" in
|
|
ubuntu)
|
|
echo "deb ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
|
|
if [ "${LH_SOURCE}" = "true" ]
|
|
then
|
|
echo "deb-src ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
fi
|
|
;;
|
|
|
|
*)
|
|
if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ]
|
|
then
|
|
echo "deb ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
|
|
if [ "${LH_SOURCE}" = "true" ]
|
|
then
|
|
echo "deb-src ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
if [ "${LH_VOLATILE}" = "true" ]
|
|
then
|
|
case "${LH_MODE}" in
|
|
debian|debian-release)
|
|
if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ]
|
|
then
|
|
echo "deb ${LH_MIRROR_CHROOT_VOLATILE} ${LH_DISTRIBUTION}/volatile ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
|
|
if [ "${LH_SOURCE}" = "true" ]
|
|
then
|
|
echo "deb-src ${LH_MIRROR_CHROOT_VOLATILE} ${LH_DISTRIBUTION}/volatile ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
fi
|
|
fi
|
|
;;
|
|
|
|
ubuntu)
|
|
echo "deb ${LH_MIRROR_CHROOT_VOLATILE} ${LH_DISTRIBUTION}-updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
|
|
if [ "${LH_SOURCE}" = "true" ]
|
|
then
|
|
echo "deb-src ${LH_MIRROR_CHROOT_VOLATILE} ${LH_DISTRIBUTION}-updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
fi
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
# Check local sources.list
|
|
if Find_files config/chroot_sources/*.chroot
|
|
then
|
|
# Deconfigure (possibly) old sources.list snipplets
|
|
if Find_files config/chroot_sources/*.binary
|
|
then
|
|
for FILE in config/chroot_sources/*.binary
|
|
do
|
|
rm -f "chroot/etc/apt/sources.list.d/$(basename ${FILE} .binary).list"
|
|
done
|
|
fi
|
|
|
|
# Configure new sources.list snipplets
|
|
for FILE in config/chroot_sources/*.chroot
|
|
do
|
|
cp "${FILE}" "chroot/etc/apt/sources.list.d/$(basename ${FILE} .chroot).list"
|
|
done
|
|
fi
|
|
|
|
# Configure local package repository
|
|
if Find_files config/chroot_local-packages/*.deb
|
|
then
|
|
rm -rf chroot/root/local-packages
|
|
mkdir -p chroot/root/local-packages
|
|
|
|
if [ "$(stat --printf %d config/chroot_local-packages)" = "$(stat --printf %d chroot/root/local-packages)" ]
|
|
then
|
|
CP_OPTIONS="-l"
|
|
fi
|
|
|
|
# Copy packages
|
|
if Find_files config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb
|
|
then
|
|
cp ${CP_OPTIONS} config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb chroot/root/local-packages
|
|
fi
|
|
|
|
if Find_files config/chroot_local-packages/*_all.deb
|
|
then
|
|
cp ${CP_OPTIONS} config/chroot_local-packages/*_all.deb chroot/root/local-packages
|
|
fi
|
|
|
|
if Find_files chroot/root/local-packages/*.deb
|
|
then
|
|
# If we bootstrapped a minimal chroot, we need
|
|
# to install apt-utils before we have have
|
|
# completed all the indices.
|
|
case "${LH_BOOTSTRAP_FLAVOUR}" in
|
|
stripped|minimal)
|
|
Chroot chroot "apt-get update"
|
|
;;
|
|
esac
|
|
|
|
# Restoring cache
|
|
Restore_cache cache/packages_chroot
|
|
|
|
# Check depends
|
|
Check_package chroot/usr/bin/apt-ftparchive apt-utils
|
|
|
|
# Installing depends
|
|
Install_package
|
|
|
|
# Generate Packages and Packages.gz
|
|
echo "cd /root/local-packages && apt-ftparchive packages . > Packages" | Chroot chroot sh
|
|
gzip -9 -c chroot/root/local-packages/Packages > chroot/root/local-packages/Packages.gz
|
|
|
|
# Generate Release
|
|
echo "cd /root/local-packages && apt-ftparchive \
|
|
-o APT::FTPArchive::Release::Origin=chroot_local-packages \
|
|
release . > Release" | Chroot chroot sh
|
|
|
|
if [ "${LH_APT_SECURE}" = "true" ]
|
|
then
|
|
_LH_DOTGNUPG_EXISTED=0
|
|
if [ -d chroot/root/.gnupg ]
|
|
then
|
|
_LH_DOTGNUPG_EXISTED=1
|
|
fi
|
|
|
|
# Ensure ~/.gnupg exists (required for gnupg >= ~1.4.9)
|
|
mkdir -p chroot/root/.gnupg
|
|
|
|
# Temporarily replace /dev/random with /dev/urandom so as not
|
|
# to block automated image builds; we don't care about the
|
|
# security of this key anyway.
|
|
mv chroot/dev/random chroot/dev/random.orig
|
|
cp -a chroot/dev/urandom chroot/dev/random
|
|
|
|
if Find_files cache/local-package-keyring.*
|
|
then
|
|
cp cache/local-package-keyring.* chroot/root
|
|
else
|
|
# Generate temporary key
|
|
echo "Key-Type: RSA
|
|
Key-Length: 1024
|
|
Subkey-Type: ELG-E
|
|
Subkey-Length: 1024
|
|
Name-Real: live-helper local packages key
|
|
Name-Email: ${_LH_LOCAL_KEY_EMAIL}
|
|
Expire-Date: 0
|
|
%secring /root/local-package-keyring.sec
|
|
%pubring /root/local-package-keyring.pub
|
|
%commit" | Chroot chroot "gpg --batch --gen-key" || _LH_RET=${?}
|
|
|
|
case "${_LH_RET}" in
|
|
""|2)
|
|
# Gnupg sometimes seems to return with a status of 2 when there was not
|
|
# enough entropy (and key creation blocks temporarily) even if the
|
|
# operation was ultimately successful.
|
|
;;
|
|
*)
|
|
Echo_error "GPG exited with error status %s" "${_LH_RET}"
|
|
exit ${_LH_RET}
|
|
;;
|
|
esac
|
|
|
|
# Save keyrings to avoid regeneration
|
|
cp chroot/root/local-package-keyring.* cache/
|
|
fi
|
|
|
|
# Sign release
|
|
Chroot chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \
|
|
--keyring /root/local-package-keyring.pub -abs -o \
|
|
/root/local-packages/Release.gpg /root/local-packages/Release"
|
|
|
|
# Import key
|
|
Chroot chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \
|
|
--keyring /root/local-package-keyring.pub --armor \
|
|
--export ${_LH_LOCAL_KEY_EMAIL}" | Chroot chroot "apt-key add -"
|
|
|
|
# Remove temporary keyrings
|
|
rm chroot/root/local-package-keyring.pub
|
|
rm chroot/root/local-package-keyring.sec
|
|
|
|
# Revert /dev/random
|
|
mv chroot/dev/random.orig chroot/dev/random
|
|
|
|
# Remove /root/.gnupg if we created it during the signing process
|
|
if [ "${_LH_DOTGNUPG_EXISTED}" -eq 0 ]
|
|
then
|
|
rm -rf chroot/root/.gnupg
|
|
fi
|
|
fi
|
|
|
|
# Add to sources.list.d
|
|
echo "deb file:/root/local-packages ./" > chroot/etc/apt/sources.list.d/local-packages.list
|
|
|
|
# Removing depends
|
|
Remove_package
|
|
|
|
# Saving cache
|
|
Save_cache cache/packages_chroot
|
|
else
|
|
Echo_warning "Local packages must be named with suffix '_all.deb' or '_\$architecture.deb'."
|
|
fi
|
|
fi
|
|
|
|
# Update indices from cache
|
|
if [ "${LH_CACHE_INDICES}" = "true" ] && [ -d cache/indices_bootstrap ]
|
|
then
|
|
if Find_files cache/indices_bootstrap/secring.gpg*
|
|
then
|
|
cp -f cache/indices_bootstrap/secring.gpg* chroot/etc/apt
|
|
fi
|
|
|
|
if Find_files cache/indices_bootstrap/trusted.gpg*
|
|
then
|
|
cp -rf cache/indices_bootstrap/trusted.gpg* chroot/etc/apt
|
|
fi
|
|
|
|
if [ -f cache/indices_bootstrap/pkgcache.bin ]
|
|
then
|
|
cp -f cache/indices_bootstrap/pkgcache.bin chroot/var/cache/apt
|
|
fi
|
|
|
|
if [ -f cache/indices_bootstrap/srcpkgcache.bin ]
|
|
then
|
|
cp -f cache/indices_bootstrap/srcpkgcache.bin chroot/var/cache/apt
|
|
fi
|
|
|
|
if Find_files cache/indices_bootstrap/*_Packages
|
|
then
|
|
cp -f cache/indices_bootstrap/*_Packages chroot/var/lib/apt/lists
|
|
fi
|
|
|
|
if Find_files cache/indices_bootstrap/*_Sources
|
|
then
|
|
cp -f cache/indices_bootstrap/*_Sources chroot/var/lib/apt/lists
|
|
fi
|
|
|
|
if Find_files cache/indices_bootstrap/*_Release*
|
|
then
|
|
cp -f cache/indices_bootstrap/*_Release* chroot/var/lib/apt/lists
|
|
fi
|
|
|
|
if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ]
|
|
then
|
|
Chroot chroot "apt-get ${APT_OPTIONS} install aptitude"
|
|
fi
|
|
else # Get fresh indices
|
|
# Check local gpg keys
|
|
if Find_files config/chroot_sources/*.chroot.gpg
|
|
then
|
|
for FILE in config/chroot_sources/*.chroot.gpg
|
|
do
|
|
cp ${FILE} chroot/root
|
|
Chroot chroot "apt-key add /root/$(basename ${FILE})"
|
|
rm -f chroot/root/$(basename ${FILE})
|
|
done
|
|
fi
|
|
|
|
# Check local keyring packages
|
|
if Find_files config/chroot_sources/*.deb
|
|
then
|
|
for PACKAGE in config/chroot_sources/*.deb
|
|
do
|
|
cp ${PACKAGE} chroot/root
|
|
Chroot chroot "dpkg -i /root/$(basename ${PACKAGE})"
|
|
rm -f chroot/root/$(basename ${PACKAGE})
|
|
done
|
|
fi
|
|
|
|
# Installing aptitude
|
|
if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ]
|
|
then
|
|
Chroot chroot "apt-get ${APT_OPTIONS} update"
|
|
Chroot chroot "apt-get ${APT_OPTIONS} install aptitude"
|
|
fi
|
|
|
|
Apt update
|
|
Apt upgrade
|
|
Apt dist-upgrade
|
|
|
|
# Installing keyring packages
|
|
if [ -n "${LH_KEYRING_PACKAGES}" ]
|
|
then
|
|
Chroot chroot "apt-get --yes --force-yes install ${LH_KEYRING_PACKAGES}"
|
|
Apt update
|
|
fi
|
|
|
|
if [ "${LH_CACHE_INDICES}" = "true" ]
|
|
then
|
|
mkdir -p cache/indices_bootstrap
|
|
|
|
cp -f chroot/etc/apt/secring.gpg* cache/indices_bootstrap
|
|
cp -rf chroot/etc/apt/trusted.gpg* cache/indices_bootstrap
|
|
|
|
cp -f chroot/var/cache/apt/pkgcache.bin cache/indices_bootstrap
|
|
|
|
if Find_files chroot/var/cache/apt/srcpkgcache.bin
|
|
then
|
|
cp -f chroot/var/cache/apt/srcpkgcache.bin cache/indices_bootstrap
|
|
fi
|
|
|
|
cp -f chroot/var/lib/apt/lists/*_Packages cache/indices_bootstrap
|
|
|
|
if Find_files chroot/var/lib/apt/lists/*_Sources
|
|
then
|
|
cp -f chroot/var/lib/apt/lists/*_Sources cache/indices_bootstrap
|
|
fi
|
|
|
|
cp -f chroot/var/lib/apt/lists/*_Release* cache/indices_bootstrap
|
|
fi
|
|
fi
|
|
|
|
# Creating stage file
|
|
Create_stagefile .stage/chroot_sources
|
|
;;
|
|
|
|
remove)
|
|
Echo_message "Deconfiguring file /etc/apt/sources.list"
|
|
|
|
# Checking lock file
|
|
Check_lockfile .lock
|
|
|
|
# Creating lock file
|
|
Create_lockfile .lock
|
|
|
|
# Configure generic indices
|
|
# Don't do anything if it's not required
|
|
if [ "${LH_MIRROR_CHROOT}" = "${LH_MIRROR_BINARY}" ] && \
|
|
[ "${LH_MIRROR_CHROOT_SECURITY}" = "${LH_MIRROR_BINARY_SECURITY}" ] && \
|
|
[ ! -d chroot/root/local-packages ]
|
|
then
|
|
# Removing stage file
|
|
rm -f .stage/chroot_sources
|
|
|
|
exit 0
|
|
fi
|
|
|
|
# Cleaning apt list cache
|
|
rm -rf chroot/var/lib/apt/lists
|
|
mkdir -p chroot/var/lib/apt/lists/partial
|
|
|
|
echo "deb ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" > chroot/etc/apt/sources.list
|
|
|
|
if [ "${LH_SOURCE}" = "true" ]
|
|
then
|
|
echo "deb-src ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
fi
|
|
|
|
if [ "${LH_SECURITY}" = "true" ]
|
|
then
|
|
case "${LH_MODE}" in
|
|
ubuntu)
|
|
echo "deb ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
|
|
if [ "${LH_SOURCE}" = "true" ]
|
|
then
|
|
echo "deb-src ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
fi
|
|
;;
|
|
|
|
*)
|
|
if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ]
|
|
then
|
|
echo "deb ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
|
|
if [ "${LH_SOURCE}" = "true" ]
|
|
then
|
|
echo "deb-src ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
if [ "${LH_VOLATILE}" = "true" ]
|
|
then
|
|
case "${LH_MODE}" in
|
|
debian|debian-release)
|
|
if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ]
|
|
then
|
|
echo "deb ${LH_MIRROR_BINARY_VOLATILE} ${LH_DISTRIBUTION}/volatile ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
|
|
if [ "${LH_SOURCE}" = "true" ]
|
|
then
|
|
echo "deb-src ${LH_MIRROR_BINARY_VOLATILE} ${LH_DISTRIBUTION}/volatile ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
fi
|
|
fi
|
|
;;
|
|
|
|
ubuntu)
|
|
echo "deb ${LH_MIRROR_BINARY_VOLATILE} ${LH_DISTRIBUTION}-updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
|
|
if [ "${LH_SOURCE}" = "true" ]
|
|
then
|
|
echo "deb-src ${LH_MIRROR_BINARY_VOLATILE} ${LH_DISTRIBUTION}-updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
|
|
fi
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
# Check local sources.list
|
|
if Find_files config/chroot_sources/*.binary
|
|
then
|
|
# Deconfigure (possibly) old sources.list snipplets
|
|
if Find_files config/chroot_sources/*.chroot
|
|
then
|
|
for FILE in config/chroot_sources/*.chroot
|
|
do
|
|
rm -f "chroot/etc/apt/sources.list.d/$(basename ${FILE} .chroot).list"
|
|
done
|
|
fi
|
|
|
|
# Configure new sources.list snipplets
|
|
for FILE in config/chroot_sources/*.binary
|
|
do
|
|
cp "${FILE}" "chroot/etc/apt/sources.list.d/$(basename ${FILE} .binary).list"
|
|
done
|
|
fi
|
|
|
|
# Check local gpg keys
|
|
if Find_files config/chroot_sources/*.binary.gpg
|
|
then
|
|
for FILE in config/chroot_sources/*.binary.gpg
|
|
do
|
|
cp ${FILE} chroot/root
|
|
Chroot chroot "apt-key add /root/$(basename ${FILE})"
|
|
rm -f chroot/root/$(basename ${FILE})
|
|
done
|
|
fi
|
|
|
|
# Updating indices
|
|
Apt update
|
|
|
|
# Cleaning apt package cache
|
|
rm -rf chroot/var/cache/apt
|
|
mkdir -p chroot/var/cache/apt/archives/partial
|
|
|
|
# Cleaning apt package lists
|
|
if [ "${LH_BINARY_INDICES}" = "false" ]
|
|
then
|
|
rm -rf chroot/var/lib/apt/lists
|
|
mkdir -p chroot/var/lib/apt/lists/partial
|
|
fi
|
|
|
|
# Remove local package repository
|
|
rm -f chroot/etc/apt/sources.list.d/local-packages.list
|
|
rm -rf chroot/root/local-packages
|
|
|
|
# Remove local packages key if it exists
|
|
if apt-key list | grep -q ${_LH_LOCAL_KEY_EMAIL}
|
|
then
|
|
apt-key del ${_LH_LOCAL_KEY_EMAIL}
|
|
fi
|
|
|
|
# Removing stage file
|
|
rm -f .stage/chroot_sources
|
|
;;
|
|
|
|
*)
|
|
Usage
|
|
;;
|
|
esac
|