Build scripts do not require SquashFS tools or cdrtools anymore

The following operations are now performed from inside a chroot:
  + Removal of unnecessary SUID bits
  + Live tree checking
  + Preparing boot media tree
  + Preparing packages list and files ordering
  + Building SquashFS image
  + Building ISO image

Only "enter" script creates a chroot now.

build

@@ -51,7 +51,7 @@ ${SRC}/mkroot ${LIVECD} clean
 
 # Builds "liberte" dir in ${LIVECD}/dist to deploy
 sinfo "Mastering deployment directory"
-${SRC}/mkimage ${LIVECD}
+${SRC}/enter ${LIVECD} image -c ./mkimage
 
 # OK to copy "liberte" dir and run setup.sh
 sinfo "Done: ZIP archive in ${LIVECD}/dist"

check

@@ -1,119 +0,0 @@
-#!/bin/sh
-
-export LC_ALL=C
-
-
-sinfo() {
-    echo ${BASH:+-e} "\033[1;33;41m$@\033[0m"
-}
-
-
-# Must have root directory as an argument
-if [ -z "$1" ]; then
-    echo "$0 <livecd root>"
-    exit 1
-fi
-
-
-# Variables
-SRC=`dirname $0`
-LIVECD=$1/copy
-FIND="chroot ${LIVECD} find / -xdev"
-
-
-if [ -n "${BASH}" ]; then
-    check_shlib() {
-        local acc=
-        for f in $*; do
-            if [ -z "${f/#${acc}*/}" ]; then
-                acc=${f}
-            else
-                echo "${f/#${LIVECD}/}"
-            fi
-        done
-    }
-else
-    check_shlib() { :; }
-fi
-
-
-sinfo "Checking ${LIVECD}"
-
-sinfo "Invalid files and symlinks:"
-${FIND} ! \( -type d -o -type f -o -type l \)
-${FIND} -type l ! -xtype f ! -xtype d ! -path /dev/fd
-
-sinfo "Archives:"
-${FIND} -type f  \( -name '*.gz' -o -name '*.bz2' -o -name '*.Z' \
-           -o -name '*.lzma' -o -name '*.xz' -o -name '*.zip' -o -name '*.[jw]ar' \) \
-        ! -path '/opt/i2p/lib/*' ! -path '/opt/i2p/webapps/*'
-
-sinfo "Sources:"
-${FIND} -name '*.h' -o \( -name '*.inc' ! -path '/usr/share/keymaps/*' \) \
-        -o -name '*.c' -o -name '*.cpp' \
-        -o -name '*.m4' -o -name '*.el' -o -name '*.py' \
-        -o -name '*.defs' -o -name '*.pl' -o -name '*.pm' \
-        -o \( -name '*.lua' ! -path '/usr/share/libquvi-scripts/lua/*' \)
-
-sinfo "Objects:"
-${FIND} -name '*.o' -o -name '*.a' -o -name '*.pc' \
-        -o \( -name '*.la' ! -path '/usr/lib/GraphicsMagick-*' \)
-
-sinfo "Duplicate libraries:"
-for lib in `${FIND} -name 'lib*.so'`; do
-    check_shlib ${LIVECD}${lib}*
-done
-
-sinfo "Docs:"
-${FIND} \( -name '*.info*' ! -path '/usr/lib/aspell*.info' \) \
-        -o -name '*.htm*' -o -name '*.1.bz2'
-
-sinfo "Hidden:"
-${FIND} -name '.*' ! \( -path '/home/anon/*' -o -path '/root/*' \) \
-        ! -path '/usr/share/gnumeric/*.category'
-
-sinfo "Cache, backup, and temp:"
-${FIND} -name '*.cache' -o -name '*.loaders' -o -name '*.immodules'
-${FIND} \( -name '*~*' -o -name '*-' -o -name '*#*' -o -name '*.bak' \
-           -o -name '*;*' -o -name '*.orig' \
-           -o \( -path '*/tmp/*' ! -path '*/tmp/transient/*' \) \) \
-        ! -name 'routerInfo-*.dat'
-
-sinfo "Logs:"
-${FIND} -name '*.log*' -o -type f \( -path '/var/run/*' -o -path '/var/log/*' \)
-
-sinfo "SUID/SGID:"
-${FIND} -type f -perm /u+s      -printf '%M %u %g\t%p\n'
-${FIND} -type f -perm /g+s,o+w  -printf '%M %u %g\t%p\n'
-${FIND} -type d -perm /a+st,o+w -printf '%M %u %g\t%p\n'
-
-sinfo "STACK/TEXTRELs/PaX markings:"
-${FIND} -type f \( -name '*.so*' -o -perm /111 \) ! -path '/usr/lib/paxtest/*' -print0 \
-    | xargs -0 chroot ${LIVECD} scanelf -qtex
-
-sinfo "Build environment:"
-if [ -e ${SRC}/conf/checkregexps ]; then
-    regexps=`cat ${SRC}/conf/checkregexps | tr '\n' '|' | sed 's/^/(/; s/|$/)/'`
-
-    chroot ${LIVECD}/../src grep   -iE "${regexps}"               \
-        /usr/src/linux/arch/x86/boot/compressed/vmlinux.bin       \
-        /usr/src/linux-kexec/arch/x86/boot/compressed/vmlinux.bin \
-        /usr/src/linux-kexec-64/arch/x86/boot/compressed/vmlinux.bin
-
-    chroot ${LIVECD}        xzgrep -iE "${regexps}" \
-        /boot/initrd-x86.xz                         \
-        /usr/local/boot/initrd-kexec.xz
-
-    find ${LIVECD} -xdev -type f ! -name '*.mo' ! -name 'words.*' ! -name '*.rws' \
-        ! -name 'libgucharmap.so.*' ! -name oui.txt -print0 \
-        | xargs -0 grep -liE "${regexps}" | sed "s:^${LIVECD}::"
-else
-    echo "checkregexp file not found, skipping"
-fi
-
-sinfo "Unsupported scripts:"
-find ${LIVECD} -xdev -type f -print0 | xargs -0 grep -lE \
-    '^#![[:blank:]]*/usr/bin/(perl|python|env[[:blank:]]+(perl|python))' \
-     | sed "s:^${LIVECD}::"
-
-true

doc/changelog.txt

@@ -39,6 +39,7 @@
   * Unsafe Browser now refuses to run once Tor has established a circuit
   * Added keyboard layout configuration via locale customization applet
   * Added test-liberte, an automatic network policy testing script
+  * Build scripts do not require SquashFS tools or cdrtools anymore
 
 
 2011-11-07

enter

@@ -7,7 +7,7 @@ sinfo() {
 
 # Must have root directory as an argument
 if [ -z "$1" ]; then
-    echo "$0 <livecd root> [copy] [-c shell command...]"
+    echo "$0 <livecd root> [copy|image] [-c shell command...]"
     exit 1
 fi
 
@@ -31,6 +31,10 @@ if [ "$2" = copy ]; then
     PHASE=$2
     LIVECD=$1/${PHASE}
     shift 2
+elif [ "$2" = image ]; then
+    PHASE=$2
+    LIVECD=$1/src
+    shift 2
 else
     PHASE=src
     LIVECD=$1/${PHASE}
@@ -54,7 +58,8 @@ else
           --exclude=/etc/polkit-1          \
           --exclude=/etc/portage/gnupg/ -C ${SRC}/ ${LIVECD}
 
-    ${RSYNC} --chmod=u=rwX,go=rX -i --delete-excluded -C ${SRC}/root              ${LIVECD}
+    ${RSYNC} --chmod=u=rwX,go=rX -i --delete-excluded \
+        -C --exclude=.gitignore                          ${SRC}/root              ${LIVECD}
     ${RSYNC} --chmod=u=rwX,go=   -i                   -C ${SRC}/etc/portage/gnupg ${LIVECD}/etc/portage
     ${RSYNC} --chmod=u=rwX,go=rX,Dg+s -i              -C ${SRC}/var/lib/portage   ${LIVECD}/var/lib
     ${RSYNC} --chmod=u=rwX,go=   -i                   -C ${SRC}/etc/nginx         ${LIVECD}/etc
@@ -130,15 +135,21 @@ for dir in /proc /dev/null /dev/random /dev/urandom /dev/ptmx /dev/pts ${tty}; d
 done
 mount -rB -o remount ${LIVECD}/proc
 
-if [ ${PHASE} = copy -a -d ${LIVECD}/usr/portage ]; then
+if [ ${PHASE} = copy  -a  -d ${LIVECD}/usr/portage ]; then
     mount -B ${LIVECD}/../src/usr/portage ${LIVECD}/usr/portage
     mount -rB -o remount ${LIVECD}/usr/portage
 fi
 
-if [ -d /usr/portage/distfiles -a -d ${LIVECD}/usr/portage/distfiles ]; then
+if [ -d /usr/portage/distfiles  -a  -d ${LIVECD}/usr/portage/distfiles ]; then
     mount -B /usr/portage/distfiles ${LIVECD}/usr/portage/distfiles
 fi
 
+if [ ${PHASE} = image ]; then
+    mkdir -p ${LIVECD}/../dist
+    mount -B ${LIVECD}/../copy ${LIVECD}/mnt/live
+    mount -B ${LIVECD}/../dist ${LIVECD}/mnt/boot
+fi
+
 
 sinfo "Environment:"
 echo "${environment}" | tr ' ' '\n' | sed 's/^/    /'
@@ -154,11 +165,16 @@ fi
 
 sinfo "Unmounting system directories"
 
-if [ -d /usr/portage/distfiles -a -d ${LIVECD}/usr/portage/distfiles ]; then
+if [ ${PHASE} = image ]; then
+    umount ${LIVECD}/mnt/live
+    umount ${LIVECD}/mnt/boot
+fi
+
+if [ -d /usr/portage/distfiles  -a  -d ${LIVECD}/usr/portage/distfiles ]; then
     umount ${LIVECD}/usr/portage/distfiles
 fi
 
-if [ -d ${LIVECD}/usr/portage -a ${PHASE} = copy ]; then
+if [ -d ${LIVECD}/usr/portage  -a  ${PHASE} = copy ]; then
     umount ${LIVECD}/usr/portage
 fi
 

mkroot

@@ -47,48 +47,6 @@ elif [ "$2" = clean ]; then
         --exclude-from=${FROM}/conf/rootfs-cp.excludes \
         ${LIVECD}/copy/ ${LIVECD}/copy | head
 
-
-    sinfo "Removing unnecessary SUID bits"
-    chmod a-s `sed -n "s:^/:${LIVECD}/copy&:p" ${FROM}/conf/rootfs.nosuid`
-
-
-    ${FROM}/check ${LIVECD}
-
-
-    sinfo "Creating pruned packages list"
-    pakdir=${LIVECD}/copy/tmp/transient/pkg
-    for p in ${pakdir}/*=*; do
-        sort ${p} | while read f; do
-            if [ -h ${LIVECD}/copy"${f}"  -o  -e ${LIVECD}/copy"${f}" ]; then
-                echo "${f}" >> ${p}.pruned
-            fi
-        done
-
-        if [ -e ${p}.pruned ]; then
-            mv ${p}.pruned ${p}
-            chmod 644 ${p}
-        else
-            rm ${p}
-        fi
-    done
-
-    find ${pakdir} -type f -name '*=*' -printf '%f\n' \
-        | tr = / | sort > ${LIVECD}/copy/boot/packages.lst
-    chmod 644 ${LIVECD}/copy/boot/packages.lst
-
-    # Skip files with spaces to prevents problems with SquashFS sorting
-    sinfo "Creating unregistered files list"
-    find ${LIVECD}/copy -xdev \( -type l -o -type f \) ! -name '* *' \
-        ! -path "${pakdir}/*" ! -path "${LIVECD}/copy/boot/*"        \
-        ! -path "${LIVECD}/copy/dev/*" -printf '/%P\n' | sort        \
-        > ${pakdir}/all-files
-    cat ${pakdir}/*=* | sort -u > ${pakdir}/listed-files
-
-    comm -13  ${pakdir}/listed-files ${pakdir}/all-files > ${pakdir}/unlisted-files
-    rm        ${pakdir}/listed-files ${pakdir}/all-files
-    chmod 644                                              ${pakdir}/unlisted-files
-
-
     sinfo "Done."
     exit
 fi

mkvmdist

@@ -89,7 +89,7 @@ vmware-mount -f ${diskpath} ${vmstage}/vdisk
 
 
 sinfo "Partitioning and installing MBR"
-efiblocks=`du -s -B 4K --apparent-size ${cdroot}/EFI | sed 's/[[:blank:]].*//'`
+efiblocks=`du -s -B 4K --apparent-size ${cdroot}/EFI | cut -f1`
 efisize=$(((efiblocks + 6 + efiextrablocks) * 4))
 
 parted -s ${vmstage}/vdisk/flat                                     \

src/etc/portage/package.keywords

@@ -1,13 +1,14 @@
 # TEXTRELs (#389471)
 =media-plugins/gst-plugins-ffmpeg-0.10.13-r1
 
-# System
+# System (cdrtools: EFI platform support)
 =app-emulation/virt-what-1.11*
 =net-misc/connect-100*
 =app-admin/paxtest-0.9.9*
 =dev-java/java-service-wrapper-3.3.3*
 =sys-boot/efibootmgr-0.5.4*
 =sys-boot/grub-1.99*:2 **
+=app-cdr/cdrtools-3.01_alpha07*
 
 # Network
 <net-misc/networkmanager-openvpn-0.8.5

src/root/helpers/chk-live-tree

@@ -0,0 +1,113 @@
+#!/bin/bash
+
+export LC_ALL=C
+
+
+sinfo() {
+    echo -e "\033[1;33;41m$@\033[0m"
+}
+
+
+# Variables
+live=/mnt/live
+regexps=${HOME}/config/checkregexps
+
+
+check_shlib() {
+    local acc=
+    for f in $*; do
+        if [ -z "${f/#${acc}*/}" ]; then
+            acc=${f}
+        else
+            echo "${f}"
+        fi
+    done
+}
+
+
+sinfo "Checking ${live}"
+cd ${live}
+
+
+sinfo "Invalid files and symlinks:"
+find . ! \( -type d -o -type f -o -type l \)
+find . -type l ! -xtype f ! -xtype d
+
+sinfo "Archives:"
+find . -type f  \( -name '*.gz' -o -name '*.bz2' -o -name '*.Z' \
+           -o -name '*.lzma' -o -name '*.xz' -o -name '*.zip' -o -name '*.[jw]ar' \) \
+        ! -path './opt/i2p/lib/*' ! -path './opt/i2p/webapps/*'
+
+sinfo "Sources:"
+find . -name '*.h' -o \( -name '*.inc' ! -path './usr/share/keymaps/*' \) \
+        -o -name '*.c' -o -name '*.cpp' \
+        -o -name '*.m4' -o -name '*.el' -o -name '*.py' \
+        -o -name '*.defs' -o -name '*.pl' -o -name '*.pm' \
+        -o \( -name '*.lua' ! -path './usr/share/libquvi-scripts/lua/*' \)
+
+sinfo "Objects:"
+find . -name '*.o' -o -name '*.a' -o -name '*.pc' \
+        -o \( -name '*.la' ! -path './usr/lib/GraphicsMagick-*' \)
+
+sinfo "Duplicate libraries:"
+for lib in `find . -name 'lib*.so'`; do
+    check_shlib ${lib}*
+done
+
+sinfo "Docs:"
+find . \( -name '*.info*' ! -path './usr/lib/aspell*.info' \) \
+        -o -name '*.htm*' -o -name '*.1.bz2'
+
+sinfo "Hidden:"
+find . -mindepth 1 -name '.*' ! \( -path './home/anon/*' -o -path './root/*' \
+        -o -path './dev/*' \) ! -path './usr/share/gnumeric/*.category'
+
+sinfo "Cache, backup, and temp:"
+find . -name '*.cache' -o -name '*.loaders' -o -name '*.immodules'
+find . \( -name '*~*' -o -name '*-' -o -name '*#*' -o -name '*.bak' \
+           -o -name '*;*' -o -name '*.orig' \
+           -o \( -path '*/tmp/*' ! -path './tmp/transient/*' \) \) \
+        ! -name 'routerInfo-*.dat'
+
+sinfo "Logs:"
+find . -name '*.log*' -o -type f \( -path './var/run/*' -o -path './var/log/*' \)
+
+
+sinfo "SUID/SGID:"
+find . -type f -perm /u+s      -printf '%M %u %g\t%P\n'
+find . -type f -perm /g+s,o+w  -printf '%M %u %g\t%P\n'
+find . -type d -perm /a+st,o+w -printf '%M %u %g\t%P\n'
+
+
+sinfo "STACK/TEXTRELs/PaX markings:"
+find . -type f \( -name '*.so*' -o -perm /111 \) ! -path './usr/lib/paxtest/*' -print0 \
+    | xargs -0 scanelf -qtex
+
+
+sinfo "Build environment:"
+if [ -e ${regexps} ]; then
+    regexps=`cat ${regexps} | tr '\n' '|' | sed 's/^/(/; s/|$/)/'`
+
+    grep   -iE "${regexps}"                                     \
+        /usr/src/linux/arch/*/boot/compressed/vmlinux.bin       \
+        /usr/src/linux-kexec/arch/*/boot/compressed/vmlinux.bin \
+        /usr/src/linux-kexec-64/arch/*/boot/compressed/vmlinux.bin
+
+    xzgrep -iE "${regexps}" \
+        ./boot/initrd-*.xz  \
+        ./usr/local/boot/initrd-kexec.xz
+
+    find . -type f ! -name '*.mo' ! -name 'words.*' ! -name '*.rws' \
+        ! -name 'libgucharmap.so.*' ! -name oui.txt -print0 \
+        | xargs -0 grep -liE "${regexps}"
+else
+    echo "checkregexp file not found, skipping"
+fi
+
+
+sinfo "Unsupported scripts:"
+find . -type f -print0 | xargs -0 grep -lE \
+    '^#![[:blank:]]*/usr/bin/(perl|python|env[[:blank:]]+(perl|python))'
+
+
+true

src/root/helpers/gen-file-ordering

@@ -1,41 +0,0 @@
-#!/bin/sh -e
-
-# This script is supposed to run directly from mkimage via chroot
-# C sort ordering matters for "-" extension entries
-umask 022
-export LC_ALL=C
-
-
-# Paths
-pakdir=/tmp/transient/pkg
-unlisted=${pakdir}/unlisted-files
-sqsort=${pakdir}/squashfs.sort
-
-
-# Order on <mimetype,extension,package,directory>
-# Unreferenced files have default priority 0 (which is the top priority)
-priority=0
-last=
-
-# Some files have : in name, but none have space (filtered previously)
-for p in ${unlisted} ${pakdir}/*=*; do
-    file -zhN --mime-type -F '' -f ${p} \
-        | while read file mimetype; do
-              ext="${file##*.}"
-              [ "${file}" != "${ext}" ] || ext=-
-
-              #    <mimetype>    <extension> <package>  <directory>  <file>
-              echo "${mimetype}" "${ext}"    "${p##*/}" "${file%/*}" "${file}"
-          done
-done \
-    | sort -s -k1,4 \
-    | while read key1 key2 key3 key4 file; do
-          # priority per each file would be too wasteful (-32768..32767)
-          if [ "${key1} ${key2} ${key3} ${key4}" != "${last}" ]; then
-              priority=$((priority-1))
-              last="${key1} ${key2} ${key3} ${key4}"
-          fi
-
-          echo "${file#/}" ${priority}
-      done \
-    > ${sqsort}

src/root/helpers/gen-package-list

@@ -0,0 +1,76 @@
+#!/bin/sh -e
+
+# C sort ordering matters for "-" extension entries
+export LC_ALL=C
+
+
+# Paths
+live=/mnt/live
+paklist=${live}/boot/packages.lst
+
+pakdir=${live}/tmp/transient/pkg
+unlisted=${pakdir}/unlisted-files
+
+sqsort=${pakdir}/squashfs.sort
+
+
+echo "Creating pruned packages list"
+pakdir=${live}/tmp/transient/pkg
+for p in ${pakdir}/*=*; do
+    sort ${p} | while read f; do
+        if [ -h ${live}"${f}"  -o  -e ${live}"${f}" ]; then
+            echo "${f}" >> ${p}.pruned
+        fi
+    done
+
+    if [ -e ${p}.pruned ]; then
+        mv ${p}.pruned ${p}
+    else
+        rm ${p}
+    fi
+done
+
+find ${pakdir} -type f -name '*=*' -printf '%f\n' \
+    | tr = / | sort > ${paklist}
+
+    # Skip files with spaces to prevents problems with SquashFS sorting
+echo "Creating unregistered files list"
+find ${live} -xdev \( -type l -o -type f \) ! -name '* *' \
+    ! -path "${pakdir}/*" ! -path "${live}/boot/*"        \
+    ! -path "${live}/dev/*" -printf '/%P\n' | sort        \
+    > ${pakdir}/all-files
+sort -u -o ${pakdir}/listed-files ${pakdir}/*=*
+
+comm -13  ${pakdir}/listed-files ${pakdir}/all-files > ${unlisted}
+rm        ${pakdir}/listed-files ${pakdir}/all-files
+
+
+# Order on <mimetype,extension,package,directory>
+# Unreferenced files have default priority 0 (which is the top priority)
+priority=0
+last=
+
+# Some files have : in name, but none have space (filtered previously)
+echo "Creating SquashFS ordering"
+for p in ${unlisted} ${pakdir}/*=*; do
+    sed "s:^:${live}:" ${p}                \
+        | file -zhN --mime-type -F '' -f - \
+        | while read file mimetype; do
+              ext="${file##*.}"
+              [ "${file}" != "${ext}" ] || ext=-
+
+              #    <mimetype>    <extension> <package>  <directory>  <live-prefix + file>
+              echo "${mimetype}" "${ext}"    "${p##*/}" "${file%/*}" "${file}"
+          done
+done \
+    | sort -s -k1,4 \
+    | while read key1 key2 key3 key4 file; do
+          # priority per each file would be too wasteful (-32768..32767)
+          if [ "${key1} ${key2} ${key3} ${key4}" != "${last}" ]; then
+              priority=$((priority-1))
+              last="${key1} ${key2} ${key3} ${key4}"
+          fi
+
+          echo "${file#${live}/}" ${priority}
+      done \
+    > ${sqsort}

src/root/helpers/gen-syslinux

@@ -24,10 +24,6 @@ rm    -f /boot/boot
 mkdir -p ${sysroot}
 
 
-# Save Syslinux version required for setup.sh
-syslinux -v 2>&1 | cut -d' ' -f2 > ${sysroot}/version
-
-
 # Copy Syslinux modules and binaries
 for mod in ${modules}; do
     cp -p /usr/share/syslinux/${mod} ${sysroot}

mkimage → src/root/mkimage

@@ -8,27 +8,31 @@ sinfo() {
 }
 
 
-# Must have root directory as an argument
-if [ -z "$1" ]; then
-    echo "$0 <livecd root>"
-    exit 1
-fi
-
-
 # Variables
-src=`dirname $0`
-livecd=$1/copy
-cdroot=$1/dist/cdroot
+helpdir=${HOME}/helpers
+nosuid=${HOME}/config/rootfs.nosuid
 
-version=`cat ${src}/conf/version`
-distname=liberte-${version}
-sysver=`cat ${livecd}/boot/syslinux/version`
-mksqver=4.2
+live=/mnt/live
+cdroot=/mnt/boot/cdroot
+distroot=/mnt/boot
 
-luser=2101
-lgroup=9000
+distname=liberte-${LVERSION}
+zipfile=${distroot}/${distname}.zip
+isofile=${distroot}/${distname}.iso
 
 efilabel=LIBERTE_EFI
+efiboot=${cdroot}/isolinux/efiboot.img
+
+sqimage=${cdroot}/liberte/boot/root-x86.sfs
+sqsort=${live}/tmp/transient/pkg/squashfs.sort
+sqpseudo=${HOME}/config/rootfs.pseudo
+sqignore=${HOME}/config/rootfs.ignore
+
+luser=`id -u anon`
+lgroup=`id -g anon`
+
+sysver=`syslinux -v 2>&1 | cut -d' ' -f2`
+
 
 # See also /usr/local/sbin/ps-mount
 vfatflags=noatime,noexec,flush,iocharset=iso8859-1,utf8,uid=${luser},gid=${lgroup},umask=0177,dmask=077
@@ -37,67 +41,54 @@ extflags=noatime,nosuid,nodev,acl,user_xattr
 hfspflags=noatime,nosuid,nodev,uid=${luser},gid=${lgroup},umask=077
 
 
-# POSIX shells should (probably) support $(())
 mibsize() {
-    bytes=`stat -c %s "$1"`
+    local bytes=`stat -c %s "$1"`
     echo $(((bytes + 512 * 1024) / (1024 * 1024)))
 }
 
 
-if type mksquashfs 1>/dev/null 2>&1; then
-    mksquashfs=mksquashfs
-else
-    echo "SquashFS Tools not found"
-    exit 1
-fi
+sinfo "Removing unnecessary SUID bits"
+chmod a-s `sed -n "s:^/:${live}&:p" ${nosuid}`
+
+
+# Check the live tree
+${helpdir}/chk-live-tree
 
-mksqversion=`${mksquashfs} -version | head -1 | cut -d' ' -f3`
-if [ "${mksqversion}" != ${mksqver} ]; then
-    echo "Need SquashFS Tools v${mksqver}, but detected v${mksqversion}"
-    exit 1
-fi
+
+sinfo "Preparing packages list and SquashFS ordering"
+${helpdir}/gen-package-list
 
 
 if [ -e ${cdroot}/liberte/boot/packages.lst ]; then
     sinfo "Listing package changes"
-    diff -U 0 ${cdroot}/liberte/boot/packages.lst ${livecd}/boot/packages.lst \
+    diff -U 0 ${cdroot}/liberte/boot/packages.lst ${live}/boot/packages.lst \
         | tail -n +3 | sed '/^@@/d'
 fi
 
 
-sinfo "Copying USB add-ons"
-rm -rf          ${cdroot}
-mkdir -p -m 755 ${cdroot}
+sinfo "Copying image add-ons"
+rm -rf ${cdroot}
+mkdir  ${cdroot}
 
-rsync -aHS -i -O --no-o --no-g --chmod=u=rwX,go=rX \
-    --delete-excluded -C                           \
-    ${src}/dist/ ${cdroot}/liberte
+rsync -aHS --delete-excluded ${HOME}/dist/  ${cdroot}/liberte
 sed -i "s/SYSVER/${sysver}/" ${cdroot}/liberte/setup.sh
 
 
-sinfo "Copying USB /boot"
-rsync -aHS -i --delete-excluded --exclude /boot/syslinux/version \
-    ${livecd}/boot ${cdroot}/liberte
+sinfo "Copying image /boot"
+rsync -aHS --delete-excluded ${live}/boot ${cdroot}/liberte
 mv ${cdroot}/liberte/boot/EFI ${cdroot}
 
 
-# Unreferenced files have default priority 0 (which is the top priority)
-sinfo "Preparing SquashFS ordering"
-chroot ${livecd} /tmp/transient/bin/gen-file-ordering
-sqsort=${livecd}/tmp/transient/pkg/squashfs.sort
-
-
 # Using default block size of 128KiB
 # (chmod due to GRKERNSEC_HIDESYM)
 sinfo "Creating SquashFS image"
 
-${mksquashfs} ${livecd} ${cdroot}/liberte/boot/root-x86.sfs          \
-    -noappend -no-exports -no-progress -no-xattrs -comp xz -Xbcj x86 \
-    -always-use-fragments -pf ${src}/conf/rootfs.pseudo              \
-    -sort ${sqsort} -ef ${src}/conf/rootfs.ignore
-chmod go= ${cdroot}/liberte/boot/root-x86.sfs
+mksquashfs ${live} ${sqimage} -noappend -no-progress -no-exports \
+    -always-use-fragments -no-xattrs -comp xz -Xbcj x86          \
+    -pf ${sqpseudo} -sort ${sqsort} -ef ${sqignore}
+chmod go= ${sqimage}
 
-sfshash=`sha256sum ${cdroot}/liberte/boot/root-x86.sfs`
+sfshash=`sha256sum ${sqimage}`
 sfshash="${sfshash%% *}"
 
 
@@ -110,19 +101,19 @@ sed -i "s/FSHASH/${sfshash}/; s/VFATFLAGS/${vfatflags}/; s/EXTFLAGS/${extflags}/
     ${cdroot}/liberte/boot/grub/grub.cfg
 
 # EXTLINUX config takes precedence over SYSLINUX one when in same directory
-mkdir -m 755 ${cdroot}/liberte/boot/syslinux/ext
-cp -p ${livecd}/boot/syslinux/syslinux.cfg ${cdroot}/liberte/boot/syslinux/ext/extlinux.conf
+mkdir ${cdroot}/liberte/boot/syslinux/ext
+cp -p ${live}/boot/syslinux/syslinux.cfg ${cdroot}/liberte/boot/syslinux/ext/extlinux.conf
 sed -i "s/TAG //; s/ROOTFS/ext4/; s/FSFLAGS/${extflags}/;  s/FSHASH/${sfshash}/" \
     ${cdroot}/liberte/boot/syslinux/ext/extlinux.conf
 
 # ISOLINUX doesn't support RockRidge/Joliet, so must replace '-' in filenames
 # (translation equivalent to mount's map=normal is still performed)
-cp -p ${livecd}/boot/syslinux/syslinux.cfg ${cdroot}/liberte/boot/syslinux/isolinux.cfg
+cp -p ${live}/boot/syslinux/syslinux.cfg ${cdroot}/liberte/boot/syslinux/isolinux.cfg
 sed -i "s/TAG/[CD]/; s/ROOTFS/iso9660 readonly toram/; s/FSFLAGS/${isofsflags}/;
         s/FSHASH/${sfshash}/; s/\(\(FONT\|LINUX\|INITRD\) [^-]*\)-/\1_/" \
     ${cdroot}/liberte/boot/syslinux/isolinux.cfg
 
-mkdir -m 755 ${cdroot}/isolinux
+mkdir ${cdroot}/isolinux
 cp -p ${cdroot}/liberte/boot/syslinux/isolinux.cfg ${cdroot}/isolinux/isolinux.cfg
 
 sed -i "s/FSHASH/${sfshash}/" ${cdroot}/liberte/qemulate.sh
@@ -136,26 +127,20 @@ find ${cdroot} \( -name '*.txt' -o -name '*.bat' -o -name '*.cfg' \) \
 # UEFI Spec 2.3.1 Err. A, Sec. 12.3.3: "UEFI implementations may allow
 # the use of conforming FAT partitions which do not use the ESP GUID."
 sinfo "Building binary distribution ${distname}.zip"
-zipfile=`readlink -f ${cdroot}/../${distname}.zip`
 rm -f ${zipfile}
 (cd ${cdroot}; zip -r9 -q ${zipfile} EFI liberte)
 
 
 # Add two extra 4K blocks (may need adjustment)
 sinfo "Creating EFI boot image for El-Torito"
-efiboot=${cdroot}/isolinux/efiboot.img
-efiblocks=`du -s -B 4K --apparent-size ${cdroot}/EFI | sed 's/[[:blank:]].*//'`
-truncate -s $(((efiblocks + 2) * 4))K ${efiboot};  chmod 644 ${efiboot}
+efiblocks=`du -s -B 4K --apparent-size ${cdroot}/EFI | cut -f1`
+truncate -s $(((efiblocks + 2) * 4))K ${efiboot}
 mkdosfs -n "${efilabel}" -I -f 1 -r 16 -R 1 ${efiboot}
-mount -t vfat -o loop ${efiboot} ${cdroot}/isolinux
-rsync -aHS ${cdroot}/EFI         ${cdroot}/isolinux
-umount -d                        ${cdroot}/isolinux
+MTOOLS_SKIP_CHECK=1 mcopy -i ${efiboot} -smQ ${cdroot}/EFI ::
 
 
 # Hide root directories on Windows, and reset volume information
-# Requires cdrtools >= 3.01a05 (for -eltorito-platform)
 sinfo "Creating ISO image ${distname}.iso"
-isofile=${cdroot}/../${distname}.iso
 mkisofs -quiet -iso-level 2 -no-pad -sysid '' -V '' -A '' -R \
     -no-emul-boot -boot-load-size 4 -boot-info-table         \
     -c boot.cat -b liberte/boot/syslinux/isolinux.bin        \

src/root/setup-copy

@@ -108,8 +108,8 @@ for ebuild in ${!ebuild_*}; do
 done
 rm -f /var/cache/edb/vdb_*.pickle
 
-# [gettext] coreutils, nano, powertop: not needed (#398983, #398975, #398977)
-echo sys-devel/gettext-0.15 >> /etc/portage/profile/package.provided
+# [gettext] coreutils, nano, powertop, cdrtools: not needed (#398983, #398975, #398977, #410501)
+echo sys-devel/gettext-0.18.1.1 >> /etc/portage/profile/package.provided
 
 # java-config wrappers are superfluous for minimal VMs (and require Python)
 echo dev-java/java-config-2.1.11 >> /etc/portage/profile/package.provided
@@ -366,6 +366,7 @@ ln -s  ../local/libexec/java.wrapper /usr/bin/java
 
 # Spaces in entries are not handled, but it doesn't matter here
 sinfo "Saving current packages list in /tmp/transient/pkg"
+rm -rf /tmp/transient
 pakdir=/tmp/transient/pkg
 mkdir -p ${pakdir}
 for p in `find /var/db/pkg -mindepth 2 -maxdepth 2 -type d -printf '%P\n'`; do
@@ -373,10 +374,4 @@ for p in `find /var/db/pkg -mindepth 2 -maxdepth 2 -type d -printf '%P\n'`; do
 done
 
 
-sinfo "Saving helper scripts for mkimage"
-savedir=/tmp/transient/bin
-mkdir ${savedir}
-cp ${helpdir}/gen-file-ordering ${savedir}
-
-
 sinfo "Done."

src/var/lib/portage/world

@@ -2,6 +2,8 @@
 sys-kernel/hardened-sources       # TEMP
 sys-boot/syslinux                 # TEMP
 sys-boot/grub                     # TEMP
+sys-fs/mtools                     # TEMP
+sys-fs/squashfs-tools             # TEMP
 media-fonts/terminus-font         # TEMP
 app-portage/gentoolkit            # (explicit unmerge in setup-copy)
 app-portage/portage-utils         # TEMP
@@ -82,7 +84,6 @@ app-crypt/gnupg
 app-crypt/mcrypt
 x11-misc/fpm2
 dev-libs/engine_pkcs11
-# app-crypt/steghide (masked, #319679)
 app-crypt/ccid
 app-crypt/tpm-tools
 sys-apps/haveged