gitweb/indextext_readonly.html: include sample readonly file
[girocco.git] / chrootsetup_freebsd.sh
blob11eb1b0ad1e3f1a6c1ee757f818cb2308af2a38f
1 # chrootsetup_freebsd.sh
3 # This file SHOULD NOT be executable! It is sourced by jailsetup.sh and
4 # SHOULD NOT be executed directly!
6 # On entry the current directory will be set to the top of the chroot
7 # This script must perform platform-specific chroot setup which includes
8 # creating any dev device entries, setting up proc (if needed), setting
9 # up lib64 (if needed) as well as installing a basic set of whatever libraries
10 # are needed for a chroot to function on this platform.
12 # This script must also define a pull_in_bin function that may be called to
13 # install an executable together with any libraries it depends on into the
14 # chroot.
16 # Finally this script must install a suitable nc.openbsd compatible version of
17 # netcat into the chroot jail that's available as nc.openbsd and which supports
18 # connections to unix sockets.
20 # We are designed to set up the chroot based on binaries from
21 # amd64 FreeBSD 8; some things may need slight modifications if
22 # being run on a different distribution.
24 # We require update_pwd_db to be set to work properly on FreeBSD
25 [ -n "$cfg_update_pwd_db" ] && [ "$cfg_update_pwd_db" != "0" ] || {
26 echo 'error: Config.pm must set $update_pwd_db to 1 to use a FreeBSD jail' >&2
27 exit 1
30 chroot_dir="$(pwd)"
32 mkdir -p dev proc
33 chown 0:0 dev proc
35 # Extra directories
36 mkdir -p libexec var/tmp
38 # Make sure there's an auth.conf file, empty is fine
39 if ! [ -e etc/auth.conf ]; then
40 >etc/auth.conf
41 chown 0:0 etc/auth.conf
42 chmod 0444 etc/auth.conf
45 cp_p() {
46 # use cpio to avoid setting flags
47 # must NOT use passthrough mode as that will set flags on newer systems
48 [ "$2" = "${2%/}/" ] || ! [ -d "$chroot_dir/$2" ] || set -- "$1" "$2/"
49 (cd "$(dirname "$1")" && echo "$(basename "$1")" |
50 cpio -o -L 2>/dev/null | { cd "$chroot_dir/${2%/*}" && cpio -i -m -u; } 2>/dev/null)
51 test $? -eq 0
52 if [ "${2%/*}" != "${2%/}" ]; then
53 mv -f "$chroot_dir/${2%/*}/$(basename "$1")" \
54 "$chroot_dir/${2%/*}/$(basename "$2")"
58 fixup_lib()
60 for _l in "$@"; do
61 test -f "$_l" || return 0
62 if test -x "$_l"; then
63 chmod 0755 "$_l"
64 else
65 chmod 0644 "$_l"
67 done
68 return 0
71 # Bring in basic libraries:
72 rm -f lib/* libexec/*
73 # ld-elf.so.1:
74 cp_p /libexec/ld-elf.so.1 libexec/
75 fixup_lib "libexec/ld-elf.so.1"
77 pull_in_lib() {
78 [ -f "$1" ] || return
79 dst="${2%/}/$(basename "$1")"
80 if [ ! -e "$dst" ] || [ "$1" -nt "$dst" ]; then
81 cp_p "$1" "$dst"
82 fixup_lib "$dst"
83 for llib in $(ldd "$1" | grep '=>' | LC_ALL=C awk '{print $3}'); do
84 (pull_in_lib "$llib" lib)
85 test $? -eq 0
86 done
91 # pull_in_bin takes two arguments:
92 # 1: the full path to a binary to pull in (together with any library dependencies)
93 # 2: the destination directory relative to the current directory to copy it to which
94 # MUST already exist with optional alternate name if the name in the chroot should be different
95 # 3: optional name of binary that if already in $2 and the same as $1 hard link to instead
96 # for example, "pull_in_bin /bin/sh bin" will install the shell into the chroot bin directory
97 # for example, "pull_in_bin /bin/bash bin/sh" will install bash as the chroot bin/sh
98 # IMPORTANT: argument 1 must be a machine binary, NOT a shell script or other interpreted text
99 # IMPORTANT: text scripts can simply be copied in or installed as they don't have libraries to copy
100 # NOTE: it's expected that calling this function on a running chroot may cause temporary disruption
101 # In order to avoid a busy error while replacing binaries we first copy the binary to the
102 # var/tmp directory and then force move it into place after the libs have been brought in.
103 pull_in_bin() {
104 bin="$1"; bdst="$2"
105 if [ -d "${bdst%/}" ]; then
106 bnam="$(basename "$bin")"
107 bdst="${bdst%/}"
108 else
109 bnam="$(basename "$bdst")"
110 bdst="${bdst%/*}"
112 if [ -n "$3" ] && [ "$3" != "$bnam" ] &&
113 [ -r "$bdst/$3" ] && [ -x "$bdst/$3" ] && cmp -s "$bin" "$bdst/$3"; then
114 ln -f "$bdst/$3" "$bdst/$bnam"
115 return 0
117 cp_p "$bin" var/tmp/
118 # ...and all the dependencies.
119 for lib in $(ldd "$bin" | grep '=>' | LC_ALL=C awk '{print $3}'); do
120 pull_in_lib "$lib" lib
121 done
122 chmod 0755 "var/tmp/$(basename "$bin")"
123 mv -f "var/tmp/$(basename "$bin")" "$bdst/$bnam"
126 # A catch all that needs to be called after everything's been pulled in
127 chroot_update_permissions() {
128 # Be paranoid
129 [ -n "$chroot_dir" ] && [ "$chroot_dir" != "/" ] || { echo bad '$chroot_dir' >&2; exit 2; }
130 cd "$chroot_dir" || { echo bad '$chroot_dir' >&2; exit 2; }
131 rm -rf var/tmp
132 chown -R 0:0 bin lib sbin var libexec
133 # bootstrap the master.passwd database
134 rm -f etc/master.passwd etc/pwd.db etc/spwd.db
135 LC_ALL=C awk -F ':' '{ print $1 ":" $2 ":" $3 ":" $4 "::0:0:" $5 ":" $6 ":" $7 }' <etc/passwd >etc/master.passwd
136 PW_SCAN_BIG_IDS=1 pwd_mkdb -d etc etc/master.passwd 2>/dev/null
137 chown $cfg_mirror_user:$cfg_owning_group etc/master.passwd etc/pwd.db etc/spwd.db
138 chmod 0664 etc/master.passwd etc/pwd.db etc/spwd.db
141 # the nc.openbsd compatible utility is available as $var_nc_openbsd_bin
142 pull_in_bin "$var_nc_openbsd_bin" bin/nc.openbsd