Home Explore Help
Register Sign In
oleg
/
liberte
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
liberte
/
mkroot

mkroot 4.1 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. #!/bin/sh -e
    2. 

  2. 

  3. sinfo() {
    4. 

  4.     echo ${BASH:+-e} "\033[1;33;41m$@\033[0m"
    5. 

  5. }
    6. 

  6. 

  7. 

  8. # Must have root directory as an argument
    9. 

  9. if [ -z "$1"  -o  \( -n "$2" -a "$2" != fresh \) ]; then
    10. 

  10.     echo "$0 <livecd root> [fresh]"
    11. 

  11.     exit 1
    12. 

  12. fi
    13. 

  13. 

  14. 

  15. # Variables
    16. 

  16. FROM=`dirname $0`
    17. 

  17. LIVECD=$1
    18. 

  18. 

  19. # MIRROR=http://mirrors.kernel.org/gentoo
    20. 

  20. MIRROR=http://distfiles.gentoo.org
    21. 

  21. stage3base=${MIRROR}/releases/x86/autobuilds
    22. 

  22. portage=${MIRROR}/snapshots/portage-latest.tar.bz2
    23. 

  23. 

  24. # GPG keys used at bulid-time
    25. 

  25. gpg_keys=`sed '/^#/d; /^$/d; s/ //g' ${FROM}/conf/pubkeys`
    26. 

  26. 

  27. 

  28. if [ "$2" != fresh  -a  -d ${LIVECD}/src ]; then
    29. 

  29.     sinfo "Skipping overwrite of ${LIVECD}/src (use \"fresh\")"
    30. 

  30.     exit
    31. 

  31. fi
    32. 

  32. 

  33. 

  34. # Extract stage3 + portage snapshot to fresh directory
    35. 

  35. # Download stage3 + portage snapshot
    36. 

  36. mkdir -p ${LIVECD}/mirror/stage3 ${LIVECD}/mirror/portage
    37. 

  37. mkdir -p -m 700 ${LIVECD}/mirror/gnupg
    38. 

  38. 

  39. sinfo "Testing for required utilities"
    40. 

  40. if ! type gpg 1>/dev/null 2>&1; then
    41. 

  41.     echo "Please install GnuPG"
    42. 

  42.     exit 1
    43. 

  43. fi
    44. 

  44. 

  45. sinfo "Testing security labels and user xattrs support"
    46. 

  46. touch ${LIVECD}/mirror/fs-test
    47. 

  47. if ! setcap cap_net_raw+i  ${LIVECD}/mirror/fs-test || \
    48. 

  48.    ! setfattr -n user.test ${LIVECD}/mirror/fs-test; then
    49. 

  49.     echo "Filesystem does not support extended attributes."
    50. 

  50.     echo "Try ext4 with EXT4_FS_SECURITY and -o user_xattr"
    51. 

  51.     echo "(make sure attr / libpcap are installed)"
    52. 

  52.     exit 1
    53. 

  53. fi
    54. 

  54. rm ${LIVECD}/mirror/fs-test
    55. 

  55. 

  56. 

  57. # latest-stage3-i686.txt contains YYYYMMDD/stage3-i686-YYYYMMDD.tar.bz2
    58. 

  58. sinfo "Fetching latest-stage3.txt"
    59. 

  59. wget -N -nv -P ${LIVECD}/mirror/stage3 ${stage3base}/latest-stage3-i686.txt
    60. 

  60. stage3=`grep stage3-i686 ${LIVECD}/mirror/stage3/latest-stage3-i686.txt`
    61. 

  61. stage3file=`basename ${stage3}`
    62. 

  62. 

  63. # If a new stage3 is available, remove old mirrors
    64. 

  64. if [ ! -e ${LIVECD}/mirror/stage3/${stage3file} ]; then
    65. 

  65.     rm -f ${LIVECD}/mirror/stage3/stage3-i686-*.tar.bz2*
    66. 

  66. fi
    67. 

  67. 

  68. 

  69. sinfo "Downloading ${stage3file}"
    70. 

  70. wget -c -nv -P ${LIVECD}/mirror/stage3  \
    71. 

  71.     ${stage3base}/${stage3}.DIGESTS.asc \
    72. 

  72.     ${stage3base}/${stage3}.CONTENTS    \
    73. 

  73.     ${stage3base}/${stage3}
    74. 

  74. 

  75. sinfo "Downloading portage-latest.tar.bz2"
    76. 

  76. wget -N -nv -P ${LIVECD}/mirror/portage ${portage}.gpgsig ${portage}
    77. 

  77. 

  78. 

  79. sinfo "Verifying PGP keys fingerprints"
    80. 

  80. for key in ${gpg_keys}; do
    81. 

  81.     org=`echo ${key} | cut -d: -f1`
    82. 

  82.     fpr=`echo ${key} | cut -d: -f2`
    83. 

  83.     keyid=`echo -n ${fpr} | tail -c -8`
    84. 

  84. 

  85.     gpg -q --homedir ${LIVECD}/mirror/gnupg --no-default-keyring \
    86. 

  86.         --keyring ${org}.gpg --import ${FROM}/conf/certs/${org}-${keyid}.asc
    87. 

  87. 

  88.     fpr2=`gpg -q --homedir ${LIVECD}/mirror/gnupg --keyring ${org}.gpg \
    89. 

  89.               --fingerprint --with-colons 0x${fpr} | sed -n '/^fpr:/p' | cut -d: -f10`
    90. 

  90.     if [ ${fpr} != "${fpr2}" ]; then
    91. 

  91.         echo "Fingerprint mismatch: [${fpr}] != [${fpr2}]"
    92. 

  92.         exit 1
    93. 

  93.     fi
    94. 

  94. done
    95. 

  95. 

  96. for keyring in `echo "${gpg_keys}" | cut -d: -f1 | sort -u`; do
    97. 

  97.     keyids=`gpg -q -k --homedir ${LIVECD}/mirror/gnupg --keyring ${keyring}.gpg \
    98. 

  98.                 --fingerprint --with-colons | sed -n '/^fpr:/p' | cut -d: -f10 | sort`
    99. 

  99.     expids=`echo "${gpg_keys}" | sed -n "/^${keyring}:/p" | cut -d: -f2 | sort`
    100. 

  100. 

  101.     if [ "${keyids}" != "${expids}" ]; then
    102. 

  102.         echo "Unexpected public keys in keyring ${keyring}.gpg"
    103. 

  103.         exit 1
    104. 

  104.     fi
    105. 

  105. done
    106. 

  106. 

  107. 

  108. sinfo "Verifying stage3 and portage snapshot PGP signatures"
    109. 

  109. gpg -q --homedir ${LIVECD}/mirror/gnupg --trust-model always --keyring gentoo.gpg \
    110. 

  110.     --verify ${LIVECD}/mirror/stage3/${stage3file}.DIGESTS.asc
    111. 

  111. gpg -q --homedir ${LIVECD}/mirror/gnupg --trust-model always --keyring gentoo.gpg \
    112. 

  112.     --verify ${LIVECD}/mirror/portage/portage-latest.tar.bz2.gpgsig \
    113. 

  113.              ${LIVECD}/mirror/portage/portage-latest.tar.bz2
    114. 

  114. 

  115. 

  116. sinfo "Verifying stage3 SHA512 digests"
    117. 

  117. sed '/^# WHIRLPOOL HASH$/{N; s/.*/\n/}' ${LIVECD}/mirror/stage3/${stage3file}.DIGESTS.asc \
    118. 

  118.     | (cd ${LIVECD}/mirror/stage3; sha512sum -c)
    119. 

  119. 

  120. 

  121. sinfo "Removing ${LIVECD}/src"
    122. 

  122. chattr -f -a ${LIVECD}/src/tmp/.private || :
    123. 

  123. rm -rf --one-file-system ${LIVECD}/src
    124. 

  124. mkdir -m 755 ${LIVECD}/src
    125. 

  125. 

  126. 

  127. sinfo "Extracting stage3 to ${LIVECD}/src"
    128. 

  128. tar -xpSjf ${LIVECD}/mirror/stage3/${stage3file} -C ${LIVECD}/src --exclude './dev/*'
    129. 

  129. 

  130. 

  131. sinfo "Extracting portage to ${LIVECD}/src/usr"
    132. 

  132. tar -xpSjf ${LIVECD}/mirror/portage/portage-latest.tar.bz2 -C ${LIVECD}/src/usr
    133. 

  133. 

  134. 

  135. sinfo "Done."
    136.