live-build/scripts/build/lb_chroot_sources

703 lines
20 KiB
Bash
Executable File

#!/bin/sh
## live-build(7) - System Build Scripts
## Copyright (C) 2006-2010 Daniel Baumann <daniel@debian.org>
##
## live-build comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
## This is free software, and you are welcome to redistribute it
## under certain conditions; see COPYING for details.
set -e
# Including common functions
. "${LB_BASE:-/usr/share/live/build}"/scripts/build.sh
# Setting static variables
DESCRIPTION="$(Echo 'manage /etc/apt/sources.list')"
HELP=""
USAGE="${PROGRAM} {install|remove} [--force]"
Arguments "${@}"
# Reading configuration files
Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
Set_defaults
# Requiring stage file
Require_stagefile .stage/config .stage/bootstrap
_LB_LOCAL_KEY_EMAIL="live-build-local-key@invalid"
case "${1}" in
install)
Echo_message "Configuring file /etc/apt/sources.list"
# Checking stage file
Check_stagefile .stage/chroot_sources
# Checking lock file
Check_lockfile .lock
# Creating lock file
Create_lockfile .lock
# Restoring cache
Restore_cache cache/packages_chroot
# Configure custom sources.list
cat > chroot/etc/apt/sources.list << EOF
# /etc/apt/sources.list
deb ${LB_MIRROR_CHROOT} ${LB_DISTRIBUTION} ${LB_ARCHIVE_AREAS}
EOF
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_CHROOT} ${LB_DISTRIBUTION} ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
if [ "${LB_SECURITY}" = "true" ]
then
case "${LB_MODE}" in
ubuntu)
echo "deb ${LB_MIRROR_CHROOT_SECURITY} ${LB_DISTRIBUTION}-security ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_CHROOT_SECURITY} ${LB_DISTRIBUTION}-security ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
;;
*)
if [ "${LB_DISTRIBUTION}" != "sid" ] && [ "${LB_DISTRIBUTION}" != "unstable" ]
then
echo "deb ${LB_MIRROR_CHROOT_SECURITY} ${LB_DISTRIBUTION}/updates ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_CHROOT_SECURITY} ${LB_DISTRIBUTION}/updates ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
fi
;;
esac
fi
if [ "${LB_VOLATILE}" = "true" ]
then
case "${LB_MODE}" in
debian|debian-release)
case "${LB_DISTRIBUTION}" in
lenny)
echo "deb ${LB_MIRROR_CHROOT_VOLATILE} ${LB_DISTRIBUTION}/volatile ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_CHROOT_VOLATILE} ${LB_DISTRIBUTION}/volatile ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
;;
squeeze)
echo "deb ${LB_MIRROR_CHROOT_VOLATILE} ${LB_DISTRIBUTION}-volatile ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_CHROOT_VOLATILE} ${LB_DISTRIBUTION}-volatile ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
;;
esac
;;
ubuntu)
echo "deb ${LB_MIRROR_CHROOT_VOLATILE} ${LB_DISTRIBUTION}-updates ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_CHROOT_VOLATILE} ${LB_DISTRIBUTION}-updates ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
;;
esac
fi
if [ "${LB_BACKPORTS}" = "true" ]
then
case "${LB_MODE}" in
debian|debian-release)
if [ "${LB_DISTRIBUTION}" != "sid" ] && [ "${LB_DISTRIBUTION}" != "unstable" ]
then
echo "deb ${LB_MIRROR_CHROOT_BACKPORTS} ${LB_DISTRIBUTION}-backports ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_CHROOT_BACKPORTS} ${LB_DISTRIBUTION}-backports ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
fi
;;
esac
fi
# Check local sources.list
if Find_files config/chroot_sources/*.chroot
then
# Deconfigure (possibly) old sources.list snipplets
if Find_files config/chroot_sources/*.binary
then
for FILE in config/chroot_sources/*.binary
do
rm -f "chroot/etc/apt/sources.list.d/$(basename ${FILE} .binary).list"
done
fi
# Configure new sources.list snipplets
for FILE in config/chroot_sources/*.chroot
do
cp "${FILE}" "chroot/etc/apt/sources.list.d/$(basename ${FILE} .chroot).list"
done
fi
# Configure third-party repositories
if [ -n "${LB_REPOSITORIES}" ]
then
for REPOSITORY in ${LB_REPOSITORIES}
do
# ubuntu workaround to allow using live.debian.net
if [ "${LB_MODE}" = "ubuntu" ] && [ "${REPOSITORY}" = "live.debian.net" ]
then
_DISTRIBUTION="sid"
else
_DISTRIBUTION="${LB_DISTRIBUTION}"
fi
for PLACE in config/repositories "${LB_BASE}/repositories"
do
# Prefer repositories from the config tree
# over the global ones.
if ! ls "${PLACE}/${REPOSITORY}"* > /dev/null 2>&1
then
continue
fi
# Adding sources.list entries (chroot)
if [ -e "${PLACE}/${REPOSITORY}.chroot" ]
then
sed -e "s|@DISTRIBUTION@|${_DISTRIBUTION}|g" \
-e "s|@ARCHIVE_AREAS@|${LB_ARCHIVE_AREAS}|g" \
"${PLACE}/${REPOSITORY}.chroot" > \
"chroot/etc/apt/sources.list.d/${REPOSITORY}.list"
elif [ -e "${PLACE}/${REPOSITORY}" ]
then
sed -e "s|@DISTRIBUTION@|${_DISTRIBUTION}|g" \
-e "s|@ARCHIVE_AREAS@|${LB_ARCHIVE_AREAS}|g" \
"${PLACE}/${REPOSITORY}" > \
"chroot/etc/apt/sources.list.d/${REPOSITORY}.list"
fi
if [ "${LB_APT_SECURE}" != false ]
then
# Adding archive signing keys (chroot)
if [ -e "${PLACE}/${REPOSITORY}.chroot.gpg" ]
then
cat "${PLACE}/${REPOSITORY}.chroot.gpg" | Chroot chroot "apt-key add -"
elif [ -e "${PLACE}/${REPOSITORY}.gpg" ]
then
cat "${PLACE}/${REPOSITORY}.gpg" | Chroot chroot "apt-key add -"
fi
fi
done
done
fi
# Configure local package repository
if Find_files config/chroot_local-packages/*.deb
then
rm -rf chroot/root/local-packages
mkdir -p chroot/root/local-packages
if [ "$(stat --printf %d config/chroot_local-packages)" = "$(stat --printf %d chroot/root/local-packages)" ]
then
CP_OPTIONS="-l"
fi
# Copy packages
if Find_files config/chroot_local-packages/*_"${LB_ARCHITECTURE}".deb
then
for FILE in config/chroot_local-packages/*_"${LB_ARCHITECTURE}".deb
do
if [ -L "${FILE}" ]
then
cp -L config/chroot_local-packages/*_"${LB_ARCHITECTURE}".deb chroot/root/local-packages
else
cp ${CP_OPTIONS} config/chroot_local-packages/*_"${LB_ARCHITECTURE}".deb chroot/root/local-packages
fi
done
fi
if Find_files config/chroot_local-packages/*_all.deb
then
for FILE in config/chroot_local-packages/*_all.deb
do
if [ -L "${FILE}" ]
then
cp -L config/chroot_local-packages/*_all.deb chroot/root/local-packages
else
cp ${CP_OPTIONS} config/chroot_local-packages/*_all.deb chroot/root/local-packages
fi
done
fi
if Find_files chroot/root/local-packages/*.deb
then
# If we bootstrapped a minimal chroot, we need
# to install apt-utils before we have have
# completed all the indices.
case "${LB_PACKAGES_LISTS}" in
stripped|minimal)
Chroot chroot "apt-get update"
;;
esac
# Check depends
Check_package chroot/usr/bin/apt-ftparchive apt-utils
# Installing depends
Install_package
# Generate Packages and Packages.gz
echo "cd /root/local-packages && apt-ftparchive packages . > Packages" | Chroot chroot sh
gzip -9 -c chroot/root/local-packages/Packages > chroot/root/local-packages/Packages.gz
# Generate Release
echo "cd /root/local-packages && apt-ftparchive \
-o APT::FTPArchive::Release::Origin=chroot_local-packages \
release . > Release" | Chroot chroot sh
if [ "${LB_APT_SECURE}" = "true" ]
then
_LB_DOTGNUPG_EXISTED=0
if [ -d chroot/root/.gnupg ]
then
_LB_DOTGNUPG_EXISTED=1
fi
# Ensure ~/.gnupg exists (required for gnupg >= ~1.4.9)
mkdir -p chroot/root/.gnupg
# Temporarily replace /dev/random with /dev/urandom so as not
# to block automated image builds; we don't care about the
# security of this key anyway.
if [ -e chroot/dev/random ]
then
mv chroot/dev/random chroot/dev/random.orig
cp -a chroot/dev/urandom chroot/dev/random
fi
if Find_files cache/local-package-keyring.*
then
cp cache/local-package-keyring.* chroot/root
else
# Generate temporary key
echo "Key-Type: RSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: live-build local packages key
Name-Email: ${_LB_LOCAL_KEY_EMAIL}
Expire-Date: 0
%secring /root/local-package-keyring.sec
%pubring /root/local-package-keyring.pub
%commit" | Chroot chroot "gpg --batch --gen-key" || _LB_RET=${?}
case "${_LB_RET}" in
""|2)
# Gnupg sometimes seems to return with a status of 2 when there was not
# enough entropy (and key creation blocks temporarily) even if the
# operation was ultimately successful.
;;
*)
Echo_error "GPG exited with error status %s" "${_LB_RET}"
exit ${_LB_RET}
;;
esac
# Save keyrings to avoid regeneration
cp chroot/root/local-package-keyring.* cache/
fi
# Sign release
Chroot chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \
--keyring /root/local-package-keyring.pub -abs -o \
/root/local-packages/Release.gpg /root/local-packages/Release"
# Import key
Chroot chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \
--keyring /root/local-package-keyring.pub --armor \
--export ${_LB_LOCAL_KEY_EMAIL}" | Chroot chroot "apt-key add -"
# Remove temporary keyrings
rm chroot/root/local-package-keyring.pub
rm chroot/root/local-package-keyring.sec
# Revert /dev/random
if [ -e chroot/dev/random.orig ]
then
mv chroot/dev/random.orig chroot/dev/random
fi
# Remove /root/.gnupg if we created it during the signing process
if [ "${_LB_DOTGNUPG_EXISTED}" -eq 0 ]
then
rm -rf chroot/root/.gnupg
fi
fi
# Add to sources.list.d
echo "deb file:/root/local-packages ./" > chroot/etc/apt/sources.list.d/local-packages.list
# Removing depends
Remove_package
else
Echo_warning "Local packages must be named with suffix '_all.deb' or '_\$architecture.deb'."
fi
fi
# Update indices from cache
if [ "${LB_CACHE_INDICES}" = "true" ] && [ -d cache/indices_bootstrap ]
then
if Find_files cache/indices_bootstrap/secring.gpg*
then
cp -f cache/indices_bootstrap/secring.gpg* chroot/etc/apt
fi
if Find_files cache/indices_bootstrap/trusted.gpg*
then
cp -rf cache/indices_bootstrap/trusted.gpg* chroot/etc/apt
fi
if [ -f cache/indices_bootstrap/pkgcache.bin ]
then
cp -f cache/indices_bootstrap/pkgcache.bin chroot/var/cache/apt
fi
if [ -f cache/indices_bootstrap/srcpkgcache.bin ]
then
cp -f cache/indices_bootstrap/srcpkgcache.bin chroot/var/cache/apt
fi
if Find_files cache/indices_bootstrap/*_Packages
then
cp -f cache/indices_bootstrap/*_Packages chroot/var/lib/apt/lists
fi
if Find_files cache/indices_bootstrap/*_Sources
then
cp -f cache/indices_bootstrap/*_Sources chroot/var/lib/apt/lists
fi
if Find_files cache/indices_bootstrap/*_Release*
then
cp -f cache/indices_bootstrap/*_Release* chroot/var/lib/apt/lists
fi
if [ "${LB_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ]
then
Chroot chroot "apt-get ${APT_OPTIONS} install aptitude"
fi
else # Get fresh indices
# Check local gpg keys
if Find_files config/chroot_sources/*.chroot.gpg
then
for FILE in config/chroot_sources/*.chroot.gpg
do
cp ${FILE} chroot/root
Chroot chroot "apt-key add /root/$(basename ${FILE})"
rm -f chroot/root/$(basename ${FILE})
done
fi
# Check local keyring packages
if Find_files config/chroot_sources/*.deb
then
for PACKAGE in config/chroot_sources/*.deb
do
cp ${PACKAGE} chroot/root
Chroot chroot "dpkg -i /root/$(basename ${PACKAGE})"
rm -f chroot/root/$(basename ${PACKAGE})
done
fi
# Installing aptitude
if [ "${LB_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ]
then
Chroot chroot "apt-get ${APT_OPTIONS} update"
Chroot chroot "apt-get ${APT_OPTIONS} install aptitude"
fi
Apt update
Apt upgrade
Apt dist-upgrade
# Installing keyring packages
if [ -n "${LB_KEYRING_PACKAGES}" ]
then
Chroot chroot "apt-get --yes --force-yes install ${LB_KEYRING_PACKAGES}"
Apt update
fi
if [ "${LB_CACHE_INDICES}" = "true" ]
then
mkdir -p cache/indices_bootstrap
cp -f chroot/etc/apt/secring.gpg* cache/indices_bootstrap
cp -rf chroot/etc/apt/trusted.gpg* cache/indices_bootstrap
cp -f chroot/var/cache/apt/pkgcache.bin cache/indices_bootstrap
if Find_files chroot/var/cache/apt/srcpkgcache.bin
then
cp -f chroot/var/cache/apt/srcpkgcache.bin cache/indices_bootstrap
fi
cp -f chroot/var/lib/apt/lists/*_Packages cache/indices_bootstrap
if Find_files chroot/var/lib/apt/lists/*_Sources
then
cp -f chroot/var/lib/apt/lists/*_Sources cache/indices_bootstrap
fi
cp -f chroot/var/lib/apt/lists/*_Release* cache/indices_bootstrap
fi
fi
# Saving cache
Save_cache cache/packages_chroot
# Creating stage file
Create_stagefile .stage/chroot_sources
;;
remove)
Echo_message "Deconfiguring file /etc/apt/sources.list"
# Checking lock file
Check_lockfile .lock
# Creating lock file
Create_lockfile .lock
# Configure generic indices
# Don't do anything if it's not required
if [ "${LB_MIRROR_CHROOT}" = "${LB_MIRROR_BINARY}" ] && \
[ "${LB_MIRROR_CHROOT_SECURITY}" = "${LB_MIRROR_BINARY_SECURITY}" ] && \
[ ! -d chroot/root/local-packages ]
then
# Removing stage file
rm -f .stage/chroot_sources
exit 0
fi
# Cleaning apt list cache
rm -rf chroot/var/lib/apt/lists
mkdir -p chroot/var/lib/apt/lists/partial
cat > chroot/etc/apt/sources.list << EOF
# /etc/apt/sources.list
deb ${LB_MIRROR_BINARY} ${LB_DISTRIBUTION} ${LB_ARCHIVE_AREAS}
EOF
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_BINARY} ${LB_DISTRIBUTION} ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
if [ "${LB_SECURITY}" = "true" ]
then
case "${LB_MODE}" in
ubuntu)
echo "deb ${LB_MIRROR_BINARY_SECURITY} ${LB_DISTRIBUTION}-security ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_BINARY_SECURITY} ${LB_DISTRIBUTION}-security ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
;;
*)
if [ "${LB_DISTRIBUTION}" != "sid" ] && [ "${LB_DISTRIBUTION}" != "unstable" ]
then
echo "deb ${LB_MIRROR_BINARY_SECURITY} ${LB_DISTRIBUTION}/updates ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_BINARY_SECURITY} ${LB_DISTRIBUTION}/updates ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
fi
;;
esac
fi
if [ "${LB_VOLATILE}" = "true" ]
then
case "${LB_MODE}" in
debian|debian-release)
case "${LB_DISTRIBUTION}" in
lenny)
echo "deb ${LB_MIRROR_BINARY_VOLATILE} ${LB_DISTRIBUTION}/volatile ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_BINARY_VOLATILE} ${LB_DISTRIBUTION}/volatile ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
;;
squeeze)
echo "deb ${LB_MIRROR_BINARY_VOLATILE} ${LB_DISTRIBUTION}-volatile ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_BINARY_VOLATILE} ${LB_DISTRIBUTION}-volatile ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
;;
esac
;;
ubuntu)
echo "deb ${LB_MIRROR_BINARY_VOLATILE} ${LB_DISTRIBUTION}-updates ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_BINARY_VOLATILE} ${LB_DISTRIBUTION}-updates ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
;;
esac
fi
if [ "${LB_BACKPORTS}" = "true" ]
then
case "${LB_MODE}" in
debian|debian-release)
if [ "${LB_DISTRIBUTION}" != "sid" ] && [ "${LB_DISTRIBUTION}" != "unstable" ]
then
echo "deb ${LB_MIRROR_BINARY_BACKPORTS} ${LB_DISTRIBUTION}-backports ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
if [ "${LB_SOURCE}" = "true" ]
then
echo "deb-src ${LB_MIRROR_BINARY_BACKPORTS} ${LB_DISTRIBUTION}-backports ${LB_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list
fi
fi
;;
esac
fi
# Configure third-party repositories
if [ -n "${LB_REPOSITORIES}" ]
then
for REPOSITORY in ${LB_REPOSITORIES}
do
# Removing sources.list entries (chroot)
rm -f "chroot/etc/apt/sources.list.d/${REPOSITORY}.list"
for PLACE in config/repositories "${LB_BASE}/repositories"
do
# Prefer repositories from the config tree
# over the global ones.
if ! ls "${PLACE}/${REPOSITORY}"* > /dev/null 2>&1
then
continue
fi
# Adding sources.list entries (binary)
if [ -e "${PLACE}/${REPOSITORY}.binary" ]
then
sed -e "s|@DISTRIBUTION@|${LB_DISTRIBUTION}|g" \
-e "s|@ARCHIVE_AREAS@|${LB_ARCHIVE_AREAS}|g" \
"${PLACE}/${REPOSITORY}.binary" > \
"chroot/etc/apt/sources.list.d/${REPOSITORY}.list"
elif [ -e "${PLACE}/${REPOSITORY}" ]
then
sed -e "s|@DISTRIBUTION@|${LB_DISTRIBUTION}|g" \
-e "s|@ARCHIVE_AREAS@|${LB_ARCHIVE_AREAS}|g" \
"${PLACE}/${REPOSITORY}" > \
"chroot/etc/apt/sources.list.d/${REPOSITORY}.list"
fi
if [ "${LB_APT_SECURE}" != false ]
then
# Adding archive signing keys (binary)
if [ -e "${PLACE}/${REPOSITORY}.binary.gpg" ]
then
cat "${PLACE}/${REPOSITORY}.binary.gpg" | Chroot chroot "apt-key add -"
elif [ -e "${PLACE}/${REPOSITORY}.gpg" ]
then
cat "${PLACE}/${REPOSITORY}.gpg" | Chroot chroot "apt-key add -"
fi
fi
done
done
fi
# Check local sources.list
if Find_files config/chroot_sources/*.binary
then
# Deconfigure (possibly) old sources.list snipplets
if Find_files config/chroot_sources/*.chroot
then
for FILE in config/chroot_sources/*.chroot
do
rm -f "chroot/etc/apt/sources.list.d/$(basename ${FILE} .chroot).list"
done
fi
# Configure new sources.list snipplets
for FILE in config/chroot_sources/*.binary
do
cp "${FILE}" "chroot/etc/apt/sources.list.d/$(basename ${FILE} .binary).list"
done
fi
# Check local gpg keys
if Find_files config/chroot_sources/*.binary.gpg
then
for FILE in config/chroot_sources/*.binary.gpg
do
cp ${FILE} chroot/root
Chroot chroot "apt-key add /root/$(basename ${FILE})"
rm -f chroot/root/$(basename ${FILE})
done
fi
# Updating indices
Apt update
# Cleaning apt package cache
rm -rf chroot/var/cache/apt
mkdir -p chroot/var/cache/apt/archives/partial
# Cleaning apt package lists
if [ "${LB_BINARY_INDICES}" = "false" ]
then
rm -rf chroot/var/lib/apt/lists
mkdir -p chroot/var/lib/apt/lists/partial
fi
# Remove local package repository
rm -f chroot/etc/apt/sources.list.d/local-packages.list
rm -rf chroot/root/local-packages
# Remove local packages key if it exists
if apt-key list | grep -q ${_LB_LOCAL_KEY_EMAIL}
then
apt-key del ${_LB_LOCAL_KEY_EMAIL}
fi
# Removing stage file
rm -f .stage/chroot_sources
;;
*)
Usage
;;
esac