[Fusionforge-commits] r13531 - branches/Branch_5_1/src/deb-specific

Thorsten Glaser mirabilos at fusionforge.org
Tue Jun 21 15:37:46 CEST 2011


Author: mirabilos
Date: 2011-06-21 15:37:46 +0200 (Tue, 21 Jun 2011)
New Revision: 13531

Modified:
   branches/Branch_5_1/src/deb-specific/install-chroot.sh
Log:
how about this?
?\226?\128?\162 uniquify all copy-if-exist and glob checks with same pathnames
  (this works because all directories are already made)
?\226?\128?\162 sort directories
?\226?\128?\162 clean up whitespace
?\226?\128?\162 quote/escape from the shell


Modified: branches/Branch_5_1/src/deb-specific/install-chroot.sh
===================================================================
--- branches/Branch_5_1/src/deb-specific/install-chroot.sh	2011-06-21 13:20:04 UTC (rev 13530)
+++ branches/Branch_5_1/src/deb-specific/install-chroot.sh	2011-06-21 13:37:46 UTC (rev 13531)
@@ -1,117 +1,138 @@
 #! /bin/sh
-# 
-# [Blah blah blah, here should be a description of what this script does]
-# Christian Bayle, Roland Mas, debian-sf (Sourceforge for Debian)
+#
+# Set up a size-reduced chroot of the system for use in FusionForge
+# Christian Bayle, Roland Mas, debian-sf (Sourceforge for Debian),
+# Thorsten Glaser
 
 set -e
 
 if [ $(id -u) != 0 ] ; then
-    echo "You must be root to run this, please enter passwd"
-    exec su -c "$0 $*"
+	echo "You must be root to run this, please enter passwd"
+	echo "+ sudo $0 $*"
+	exec sudo "$0" "$@"
 fi
 
 CHROOTDIR=$(/usr/share/gforge/bin/forge_get_config chroot)
 
-case "$1" in
-    configure)
+case $1 in
+configure)
 	echo "Installing chroot environnement at $CHROOTDIR"
-	[ -d $CHROOTDIR ] || install -d -m 755 $CHROOTDIR
+	test -d "$CHROOTDIR" || install -d -m 755 "$CHROOTDIR"
+	test -d "$CHROOTDIR" || exit 1
 	for dir in \
 	    bin \
-	    usr \
-	    usr/bin \
-	    usr/lib \
+	    cvsroot \
+	    dev \
 	    etc \
 	    etc/pam.d \
 	    etc/security \
+	    home \
+	    home/groups \
+	    home/users \
 	    lib \
 	    lib/security \
 	    lib64 \
 	    lib64/security \
-	    dev \
+	    usr \
+	    usr/bin \
+	    usr/lib \
 	    var \
+	    var/lib \
+	    var/lib/gforge \
 	    var/run \
+	    var/run/postgresql \
 	    var/run/sshd \
-	    var/run/postgresql \
-	    var/lib \
-	    var/lib/gforge \
-	    cvsroot \
-	    home \
-	    home/users \
-	    home/groups
-	  do
-	  [ -d $CHROOTDIR/$dir ] || mkdir $CHROOTDIR/$dir
+	    ; do
+		test -d "$CHROOTDIR/$dir" || mkdir "$CHROOTDIR/$dir"
 	done
-	install -d -m 1777 $CHROOTDIR/tmp
-	[ -L $CHROOTDIR/var/lib/gforge/chroot ] && rm $CHROOTDIR/var/lib/gforge/chroot
-	[ -d $CHROOTDIR/var/lib/gforge/chroot ] && rmdir $CHROOTDIR/var/lib/gforge/chroot
-	ln -s ../../../ $CHROOTDIR/var/lib/gforge/chroot
-	
+	rm -rf "$CHROOTDIR/tmp"
+	install -d -m 1777 "$CHROOTDIR/tmp"
+	[ -L "$CHROOTDIR/var/lib/gforge/chroot" ] && rm "$CHROOTDIR/var/lib/gforge/chroot"
+	[ -d "$CHROOTDIR/var/lib/gforge/chroot" ] && rmdir "$CHROOTDIR/var/lib/gforge/chroot"
+	ln -s ../../.. "$CHROOTDIR/var/lib/gforge/chroot"
+
 	# Copy needed binaries
 	# For testing /bin/ls /bin/su
 	# Maybe needed /bin/chgrp
 	# Could be restricted /bin/bash
 	# TODO: remove unneeded stuff from that list
 	for binary in \
-	    /usr/sbin/sshd \
-	    /usr/bin/cvs \
-	    /usr/bin/svnserve \
+	    /bin/bash \
+	    /bin/chgrp \
 	    /bin/ls \
 	    /bin/sh \
-	    /bin/bash \
-	    /bin/chgrp \
 	    /lib/security/pam_pgsql.so \
-	    /lib64/security/pam_pgsql.so ; do
-	  if [ -e "$binary" ] ; then
-	      echo "$binary"
-	      ldd $binary | awk '/=>/ { print $3 }' | grep ^/
-	      ldd $binary | awk '{ print $1 }' | grep ^/
-	  fi
+	    /lib64/security/pam_pgsql.so \
+	    /usr/bin/cvs \
+	    /usr/bin/svnserve \
+	    /usr/sbin/sshd \
+	    ; do
+		if [ -e "$binary" ]; then
+			echo "$binary"
+			ldd "$binary" | awk '/=>/ { print $3 }' | grep '^/'
+			ldd "$binary" | awk '{ print $1 }' | grep '^/'
+		fi
 	done \
 	    | sort -u \
-	    | cpio --quiet -pdumVLB $CHROOTDIR
+	    | cpio --quiet -pdumVLB "$CHROOTDIR/"
 
-	for i in /lib/ld-linux*.so.* /lib/libgcc_s* /lib/libcom_err* /lib/libpam* /lib/libnss_files*; do
+	for i in \
+	    /etc/nss-pgsql-root.conf \
+	    /etc/nss-pgsql.conf \
+	    /etc/pam.d/common* \
+	    /etc/pam.d/cvs \
+	    /etc/pam.d/login \
+	    /etc/pam.d/other \
+	    /etc/pam.d/ssh \
+	    /etc/pam.d/ssh-nonfree \
+	    /etc/pam.d/su \
+	    /etc/security/*.conf \
+	    /lib/ld-linux*.so.* \
+	    /lib/libcom_err* \
+	    /lib/libgcc_s* \
+	    /lib/libnss_files* \
+	    /lib/libnss_pgsql* \
+	    /lib/libpam* \
+	    /lib/security/* \
+	    /usr/lib/libcom_err* \
+	    /usr/lib/libcrypto* \
+	    /usr/lib/libdb* \
+	    /usr/lib/libk5crypto* \
+	    /usr/lib/libkrb5* \
+	    /usr/lib/libnss_pgsql* \
+	    /usr/lib/libpq* \
+	    /usr/lib/libssl* \
+	    ; do
 		test -e "$i" || continue
-		cp "$i" $CHROOTDIR/lib/
+		cp "$i" $CHROOTDIR/"$i"
 	done
 
 	# Create devices files
-	[ -c $CHROOTDIR/dev/null ] || mknod $CHROOTDIR/dev/null c 1 3 || true
-	[ -c $CHROOTDIR/dev/urandom ] || mknod $CHROOTDIR/dev/urandom c 1 9 || true
-	[ -c $CHROOTDIR/dev/console ] || mknod $CHROOTDIR/dev/console c 5 1 || true
+	[ -c "$CHROOTDIR/dev/null" ] || mknod "$CHROOTDIR/dev/null" c 1 3 || true
+	[ -c "$CHROOTDIR/dev/urandom" ] || mknod "$CHROOTDIR/dev/urandom" c 1 9 || true
+	[ -c "$CHROOTDIR/dev/console" ] || mknod "$CHROOTDIR/dev/console" c 5 1 || true
 	# For /dev/log
 	if [ -e /etc/default/syslogd ] \
 	    && [ ! -e /etc/rsyslog.conf ] \
-	    && ! grep -q "^SYSLOGD.*/var/lib/gforge/chroot/dev/log.*" /etc/default/syslogd ; then 
+	    && ! grep -q "^SYSLOGD.*/var/lib/gforge/chroot/dev/log.*" /etc/default/syslogd ; then
 		echo '######################################################################################################'
 		echo 'WARNING: you must have SYSLOGD="-p /dev/log -a /var/lib/gforge/chroot/dev/log" in /etc/default/syslogd'
 		echo 'To have cvs pserver running correctly'
 		echo '######################################################################################################'
 	fi
 
-	
+
 	# To get uid/gid
 	# Maybe ldap later
-	cat > $CHROOTDIR/etc/nsswitch.conf <<-FIN
-passwd:         files pgsql 
-group:          files pgsql
-shadow:         files pgsql
+	cat >"$CHROOTDIR/etc/nsswitch.conf" <<-FIN
+		passwd:		files pgsql
+		group:		files pgsql
+		shadow:		files pgsql
 FIN
 	# Copy miscellaneous files
-	[ -d /etc/ssh ] && find /etc/ssh | cpio --quiet -pdumLB $CHROOTDIR
-	[ -d /etc/ssh-nonfree ] && find /etc/ssh-nonfree | cpio --quiet -pdumLB $CHROOTDIR
-	[ -f /etc/pam.d/ssh ] && cp /etc/pam.d/ssh $CHROOTDIR/etc/pam.d
-	[ -f /etc/pam.d/ssh-nonfree ] && cp /etc/pam.d/ssh-nonfree $CHROOTDIR/etc/pam.d
-	[ -f /etc/pam.d/login ] && cp /etc/pam.d/login $CHROOTDIR/etc/pam.d
-	[ -f /etc/pam.d/su ] && cp /etc/pam.d/su $CHROOTDIR/etc/pam.d
-	[ -f /etc/pam.d/cvs ] && cp /etc/pam.d/cvs $CHROOTDIR/etc/pam.d
-	[ -f /etc/pam.d/other ] && cp /etc/pam.d/other $CHROOTDIR/etc/pam.d
-	[ "`ls /etc/pam.d/common* 2>/dev/null`" ] && cp /etc/pam.d/common* $CHROOTDIR/etc/pam.d
+	[ -d /etc/ssh ] && find /etc/ssh | cpio --quiet -pdumLB "$CHROOTDIR/"
+	[ -d /etc/ssh-nonfree ] && find /etc/ssh-nonfree | cpio --quiet -pdumLB "$CHROOTDIR/"
 
-	cp -r /lib/security/* $CHROOTDIR/lib/
-	cp /etc/security/*.conf $CHROOTDIR/etc/security
-
 #	# Libnss-ldap related stuffs
 #	for binary in \
 #	    /usr/bin/ldapsearch ; do
@@ -122,7 +143,7 @@
 #	done \
 #	    | sort -u \
 #	    | cpio --quiet -pdumVLB $CHROOTDIR
-#	
+#
 #	#cp -r /etc/ldap $CHROOTDIR/etc
 #	[ -e /etc/libnss-ldap.conf ] && cp /etc/libnss-ldap.conf $CHROOTDIR/etc
 #	[ -e /etc/libnss-pgsql.conf ] && cp /etc/libnss-pgsql.conf $CHROOTDIR/etc
@@ -133,43 +154,31 @@
 #	[ -f /etc/ldap.secret ] && cp /etc/ldap.secret $CHROOTDIR/etc && chmod 600 /etc/ldap.secret
 
 	# Libnss-pgsql related stuffs
-	[ -e /etc/nss-pgsql.conf ] && cp /etc/nss-pgsql.conf $CHROOTDIR/etc
-	[ -e /etc/nss-pgsql-root.conf ] && cp /etc/nss-pgsql-root.conf $CHROOTDIR/etc
-	[ "$(echo /lib/libnss_pgsql*)" != "/lib/libnss_pgsql*" ] && cp /lib/libnss_pgsql* $CHROOTDIR/lib
-	[ "$(echo /usr/lib/libnss_pgsql*)" != "/usr/lib/libnss_pgsql*" ] && cp /usr/lib/libnss_pgsql* $CHROOTDIR/usr/lib
-	[ "$(echo /usr/lib/libdb*)" != "/usr/lib/libdb*" ] && cp /usr/lib/libdb* $CHROOTDIR/usr/lib
-	[ "$(echo /usr/lib/libssl*)" != "/usr/lib/libssl*" ] && cp /usr/lib/libssl* $CHROOTDIR/usr/lib
-	[ "$(echo /usr/lib/libcrypto*)" != "/usr/lib/libcrypto*" ] && cp /usr/lib/libcrypto* $CHROOTDIR/usr/lib
+	[ -f /usr/lib/libcom_err.so ] && cp /usr/lib/libcom_err.so "$CHROOTDIR/usr/lib/libcom_err.so.2"
 
-	[ "$(echo /usr/lib/libpq*)" != "/usr/lib/libpq*" ] && cp /usr/lib/libpq* $CHROOTDIR/usr/lib
-	[ "$(echo /usr/lib/libkrb5*)" != "/usr/lib/libkrb5*" ] && cp /usr/lib/libkrb5* $CHROOTDIR/usr/lib
-	[ "$(echo /usr/lib/libk5crypto*)" != "/usr/lib/libk5crypto*" ] && cp /usr/lib/libk5crypto* $CHROOTDIR/usr/lib
-	[ "$(echo /usr/lib/libcom_err*)" != "/usr/lib/libcom_err*" ] && cp /usr/lib/libcom_err* $CHROOTDIR/usr/lib
-	[ -f /usr/lib/libcom_err.so ] && cp /usr/lib/libcom_err.so $CHROOTDIR/usr/lib/libcom_err.so.2
 
 
-
 	# Now this never change
-	cat > $CHROOTDIR/etc/passwd <<-FIN
+	cat >"$CHROOTDIR/etc/passwd" <<-FIN
 root:x:0:0:Root:/:/bin/bash
 nobody:x:65534:65534:nobody:/:/bin/false
 FIN
-	getent passwd sshd | sed "s:$CHROOTDIR::g" >> $CHROOTDIR/etc/passwd
-	getent passwd scm-gforge | sed "s:$CHROOTDIR::g" >> $CHROOTDIR/etc/passwd
-	getent passwd anonscm-gforge | sed "s:$CHROOTDIR::g" >> $CHROOTDIR/etc/passwd
-	cat > $CHROOTDIR/etc/shadow <<-FIN
+	getent passwd sshd | sed "s:$CHROOTDIR::g" >>"$CHROOTDIR/etc/passwd"
+	getent passwd scm-gforge | sed "s:$CHROOTDIR::g" >>"$CHROOTDIR/etc/passwd"
+	getent passwd anonscm-gforge | sed "s:$CHROOTDIR::g" >>"$CHROOTDIR/etc/passwd"
+	cat >"$CHROOTDIR/etc/shadow" <<-FIN
 root:*:11142:0:99999:7:::
 nobody:*:11142:0:99999:7:::
 FIN
-	cat > $CHROOTDIR/etc/group <<-FIN
+	cat >"$CHROOTDIR/etc/group" <<-FIN
 root:x:0
 nogroup:x:65534:
 FIN
-getent group anonscm-gforge >> $CHROOTDIR/etc/group
+getent group anonscm-gforge >>"$CHROOTDIR/etc/group"
 
 	;;
 
-    *)
+*)
 	echo "Usage: $0 {configure}"
 	exit 1
 	;;




More information about the Fusionforge-commits mailing list