summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid P <megver83@parabola.nu>2021-08-25 10:34:59 -0400
committerDavid P <megver83@parabola.nu>2021-08-25 10:46:32 -0400
commit8f2aee0a12287966842df28dcca183944d528f9b (patch)
tree0c004dde54758908fa4f8872e5293f3d201f6aa6
parent388f67f632d8493cb4d58a4e7a1c65c75e60a40c (diff)
sync with archiso v48HEADv58master
archiso: 8559657 (HEAD -> master, tag: v58, origin/master, origin/HEAD) Merge branch 'changelog/58' fbe48dd (origin/changelog/58) Add changelog for v58 087ee83 Merge remote-tracking branch 'nl6720/fix-unbound-variables-in-_validate_options' d2315bc mkarchiso: error out of iso and netboot build modes if no boot modes are specified f3959d6 mkarchiso: split out build mode specific checks from _validate_options to _validate_requirements_buildmode_* 8d18d8f mkarchiso: fix unbound variable errors in _validate_options parabolaiso: * improve armv7h bootstrap validation * specify on which architecture we are in _make_custom_airootfs Signed-off-by: David P <megver83@parabola.nu>
-rw-r--r--CHANGELOG.rst28
-rwxr-xr-xparabolaiso/mkparabolaiso290
2 files changed, 172 insertions, 146 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 5f7c39d..e90dc3f 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -2,6 +2,34 @@
Changelog
#########
+[58] - 2021-08-25
+=================
+
+Added
+-----
+
+- Add support for ``gpg``'s ``--sender`` option
+- Add armv7h support for bootstrap buildmode
+
+Changed
+-------
+
+- Change the way ``mkarchiso`` uses ext4 images to copying files to it directly instead of mounting (this action now
+ does not require elevated privileges anymore)
+- Add version files when using ``netboot`` buildmode as well
+- Update the sshd configuration to be compatible with openssh 8.7p1
+- Overhaul the used ``gpg`` options
+- Fix use of potentially unbound variables
+- Refactor the validation functions to have fewer large functions and less code duplication
+- Borrow some code from librechroot to correctly validate binfmt
+- Do not check if qemu-user-static is installed, just check for qemu-user-static-binfmt as it will pull it as dependency
+
+Removed
+-------
+
+- Remove all files related to ``mkinitcpio`` integration, as they now live in
+ https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso
+
[57] - 2021-07-30
=================
diff --git a/parabolaiso/mkparabolaiso b/parabolaiso/mkparabolaiso
index 9abbba4..73c215e 100755
--- a/parabolaiso/mkparabolaiso
+++ b/parabolaiso/mkparabolaiso
@@ -329,7 +329,7 @@ _make_custom_airootfs() {
install -d -m 0755 -o 0 -g 0 -- "${pacstrap_dir}"
if [[ -d "${profile}/airootfs" ]]; then
- _msg_info "Copying custom airootfs files..."
+ _msg_info "Copying custom ${arch} airootfs files..."
cp -af --no-preserve=ownership,mode -- "${profile}/airootfs/." "${pacstrap_dir}"
# Set ownership and mode for files and directories
for filename in "${!file_permissions[@]}"; do
@@ -887,7 +887,7 @@ _validate_requirements_airootfs_image_type_erofs() {
fi
}
-_validate_requirements_buildmode_all() {
+_validate_common_requirements_buildmode_all() {
if ! command -v pacman &> /dev/null; then
(( validation_error=validation_error+1 ))
_msg_error "Validating build mode '${_buildmode}': pacman is not available on this host. Install 'pacman'!" 0
@@ -903,36 +903,142 @@ _validate_requirements_buildmode_all() {
}
_validate_requirements_buildmode_bootstrap() {
- _validate_requirements_buildmode_all
+ local bootstrap_pkg_list_from_file=()
+
+ if [[ "${arch}" == "dual" ]]; then
+ # Check if packages for the bootstrap image are specified for each architecture
+ for bootstrap_packages in ${bootstrap_packages_dual}; do
+ if [[ "${bootstrap_packages##*/}" == "bootstrap_packages.both" ]]; then
+ if [[ -e "${bootstrap_packages}" ]]; then
+ mapfile -t bootstrap_pkg_list_from_file < \
+ <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${bootstrap_packages}")
+ bootstrap_pkg_list+=("${bootstrap_pkg_list_from_file[@]}")
+ if (( ${#bootstrap_pkg_list_from_file[@]} < 1 )); then
+ (( validation_error=validation_error+1 ))
+ _msg_error "No package specified in '${bootstrap_packages}'." 0
+ fi
+ else
+ (( validation_error=validation_error+1 ))
+ _msg_error "Bootstrap packages file '${bootstrap_packages}' does not exist." 0
+ fi
+ elif [[ -e "${bootstrap_packages}" ]]; then
+ mapfile -t "bootstrap_pkg_list_from_file_${bootstrap_packages##*.}" < \
+ <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${bootstrap_packages}")
+ eval "bootstrap_pkg_list_${bootstrap_packages##*.}+=(\${bootstrap_pkg_list_from_file_${bootstrap_packages##*.}[@]})"
+ fi
+ done
+ else
+ # Check if packages for the bootstrap image are specified
+ if [[ -e "${bootstrap_packages}" ]]; then
+ mapfile -t bootstrap_pkg_list_from_file < \
+ <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${bootstrap_packages}")
+ bootstrap_pkg_list+=("${bootstrap_pkg_list_from_file[@]}")
+ if (( ${#bootstrap_pkg_list_from_file[@]} < 1 )); then
+ (( validation_error=validation_error+1 ))
+ _msg_error "No package specified in '${bootstrap_packages}'." 0
+ fi
+ else
+ (( validation_error=validation_error+1 ))
+ _msg_error "Bootstrap packages file '${bootstrap_packages}' does not exist." 0
+ fi
+ fi
+
+ _validate_common_requirements_buildmode_all
if ! command -v bsdtar &> /dev/null; then
(( validation_error=validation_error+1 ))
_msg_error "Validating build mode '${_buildmode}': bsdtar is not available on this host. Install 'libarchive'!" 0
fi
if [[ "${arch}" == "armv7h" ]] && [[ ! "$(uname -m)" == armv7? ]]; then
- if ! command -v qemu-arm-static &> /dev/null; then
- (( validation_error=validation_error+1 ))
- _msg_error "Validating build mode '${_buildmode}': qemu-arm-static is not available on this host. Install 'qemu-user-static'!" 0
- fi
if [[ ! -e "/usr/lib/binfmt.d/qemu-arm.conf" ]]; then
(( validation_error=validation_error+1 ))
_msg_error "Validating build mode '${_buildmode}': qemu-user-static-binfmt is not available on this host. Install 'qemu-user-static-binfmt'!" 0
fi
- if command -v rc-service &> /dev/null; then
- if ! rc-service binfmt status &> /dev/null; then
- (( validation_error=validation_error+1 ))
- _msg_error "Validating build mode '${_buildmode}': binfmt is not available on this host. Start the binfmt service!" 0
+ # Make sure that qemu-static is set up with binfmt_misc
+ if [[ -z $(grep -l -xF \
+ -e "interpreter /usr/bin/qemu-arm-static" \
+ -r -- /proc/sys/fs/binfmt_misc 2>/dev/null \
+ | xargs -r grep -xF 'enabled') ]]
+ then
+ (( validation_error=validation_error+1 ))
+ _msg_error "Validating build mode '${_buildmode}': binfmt is not available on this host. Start the binfmt service!" 0
+ fi
+ fi
+}
+
+_validate_common_requirements_buildmode_iso_netboot() {
+ local bootmode
+ local pkg_list_from_file=()
+
+ # Check if the package list file exists and read packages from it
+ if [[ "${arch}" == "dual" ]]; then
+ # Check if the package list files exist and read packages from them for each architecture
+ for packages in ${packages_dual}; do
+ if [[ "${packages##*/}" == "packages.both" ]]; then
+ if [[ -e "${packages}" ]]; then
+ mapfile -t pkg_list_from_file < <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${packages}")
+ pkg_list+=("${pkg_list_from_file[@]}")
+ if (( ${#pkg_list_from_file[@]} < 1 )); then
+ (( validation_error=validation_error+1 ))
+ _msg_error "Packages file '${packages}' does not exist." 0
+ fi
+ else
+ (( validation_error=validation_error+1 ))
+ _msg_error "Packages file '${packages}' does not exist." 0
+ fi
+ elif [[ -e "${packages}" ]]; then
+ mapfile -t "pkg_list_from_file_${packages##*.}" < <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${packages}")
+ eval "pkg_list_${packages##*.}+=(\${pkg_list_from_file_${packages##*.}[@]})"
fi
- elif command -v systemctl &> /dev/null; then
- if ! systemctl status systemd-binfmt &> /dev/null; then
+ done
+ else
+ # Check if the package list file exists and read packages from it
+ if [[ -e "${packages}" ]]; then
+ mapfile -t pkg_list_from_file < <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${packages}")
+ pkg_list+=("${pkg_list_from_file[@]}")
+ if (( ${#pkg_list_from_file[@]} < 1 )); then
(( validation_error=validation_error+1 ))
- _msg_error "Validating build mode '${_buildmode}': binfmt is not available on this host. Start the systemd-binfmt service!" 0
+ _msg_error "Packages file '${packages}' does not exist." 0
fi
+ else
+ (( validation_error=validation_error+1 ))
+ _msg_error "Packages file '${packages}' does not exist." 0
fi
fi
+
+ # Check if the specified bootmodes are supported
+ if (( ${#bootmodes[@]} < 1 )); then
+ (( validation_error=validation_error+1 ))
+ _msg_error "No boot modes specified in '${profile}/profiledef.sh'." 0
+ fi
+ for bootmode in "${bootmodes[@]}"; do
+ if typeset -f "_make_bootmode_${bootmode}" &> /dev/null; then
+ if typeset -f "_validate_requirements_bootmode_${bootmode}" &> /dev/null; then
+ "_validate_requirements_bootmode_${bootmode}"
+ else
+ _msg_warning "Function '_validate_requirements_bootmode_${bootmode}' does not exist. Validating the requirements of '${bootmode}' boot mode will not be possible."
+ fi
+ else
+ (( validation_error=validation_error+1 ))
+ _msg_error "${bootmode} is not a valid boot mode!" 0
+ fi
+ done
+
+ # Check if the specified airootfs_image_type is supported
+ if typeset -f "_mkairootfs_${airootfs_image_type}" &> /dev/null; then
+ if typeset -f "_validate_requirements_airootfs_image_type_${airootfs_image_type}" &> /dev/null; then
+ "_validate_requirements_airootfs_image_type_${airootfs_image_type}"
+ else
+ _msg_warning "Function '_validate_requirements_airootfs_image_type_${airootfs_image_type}' does not exist. Validating the requirements of '${airootfs_image_type}' airootfs image type will not be possible."
+ fi
+ else
+ (( validation_error=validation_error+1 ))
+ _msg_error "Unsupported image type: '${airootfs_image_type}'" 0
+ fi
}
_validate_requirements_buildmode_iso() {
- _validate_requirements_buildmode_all
+ _validate_common_requirements_buildmode_iso_netboot
+ _validate_common_requirements_buildmode_all
if ! command -v awk &> /dev/null; then
(( validation_error=validation_error+1 ))
_msg_error "Validating build mode '${_buildmode}': awk is not available on this host. Install 'awk'!" 0
@@ -940,7 +1046,27 @@ _validate_requirements_buildmode_iso() {
}
_validate_requirements_buildmode_netboot() {
- _validate_requirements_buildmode_all
+ local _override_cert_list=()
+
+ if [[ "${sign_netboot_artifacts}" == "y" ]]; then
+ # Check if the certificate files exist
+ for _cert in "${cert_list[@]}"; do
+ if [[ -e "${_cert}" ]]; then
+ _override_cert_list+=("$(realpath -- "${_cert}")")
+ else
+ (( validation_error=validation_error+1 ))
+ _msg_error "File '${_cert}' does not exist." 0
+ fi
+ done
+ cert_list=("${_override_cert_list[@]}")
+ # Check if there are at least two certificate files
+ if (( ${#cert_list[@]} < 2 )); then
+ (( validation_error=validation_error+1 ))
+ _msg_error "Two certificates are required for codesigning, but '${cert_list[*]}' is provided." 0
+ fi
+ fi
+ _validate_common_requirements_buildmode_iso_netboot
+ _validate_common_requirements_buildmode_all
if ! command -v openssl &> /dev/null; then
(( validation_error=validation_error+1 ))
_msg_error "Validating build mode '${_buildmode}': openssl is not available on this host. Install 'openssl'!" 0
@@ -1195,112 +1321,9 @@ _read_profile() {
# Validate set options
_validate_options() {
- local validation_error=0 bootmode _cert _buildmode
- local pkg_list_from_file=()
- # shellcheck disable=SC2034
- local pkg_list_from_file_i686=()
- # shellcheck disable=SC2034
- local pkg_list_from_file_x86_64=()
- local bootstrap_pkg_list_from_file=()
- # shellcheck disable=SC2034
- local bootstrap_pkg_list_from_file_i686=()
- # shellcheck disable=SC2034
- local bootstrap_pkg_list_from_file_x86_64=()
- local _override_cert_list=()
+ local validation_error=0 _buildmode
_msg_info "Validating options..."
- if [[ "${arch}" == "dual" ]]; then
- # Check if the package list files exist and read packages from them for each architecture
- # shellcheck disable=SC2128
- for packages in ${packages_dual}; do
- if [[ "${packages##*/}" == "packages.both" ]]; then
- if [[ -e "${packages}" ]]; then
- mapfile -t pkg_list_from_file < <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${packages}")
- pkg_list+=("${pkg_list_from_file[@]}")
- if (( ${#pkg_list_from_file} < 1 )); then
- (( validation_error=validation_error+1 ))
- _msg_error "Packages file '${packages}' does not exist." 0
- fi
- else
- (( validation_error=validation_error+1 ))
- _msg_error "Packages file '${packages}' does not exist." 0
- fi
- elif [[ -e "${packages}" ]]; then
- mapfile -t "pkg_list_from_file_${packages##*.}" < <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${packages}")
- eval "pkg_list_${packages##*.}+=(\${pkg_list_from_file_${packages##*.}[@]})"
- fi
- done
-
- # Check if packages for the bootstrap image are specified for each architecture
- if [[ "${buildmodes[*]}" == *bootstrap* ]]; then
- for bootstrap_packages in ${bootstrap_packages_dual}; do
- if [[ "${bootstrap_packages##*/}" == "bootstrap_packages.both" ]]; then
- if [[ -e "${bootstrap_packages}" ]]; then
- mapfile -t bootstrap_pkg_list_from_file < \
- <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${bootstrap_packages}")
- bootstrap_pkg_list+=("${bootstrap_pkg_list_from_file[@]}")
- if (( ${#bootstrap_pkg_list_from_file} < 1 )); then
- (( validation_error=validation_error+1 ))
- _msg_error "No package specified in '${bootstrap_packages}'." 0
- fi
- else
- (( validation_error=validation_error+1 ))
- _msg_error "Bootstrap packages file '${bootstrap_packages}' does not exist." 0
- fi
- elif [[ -e "${bootstrap_packages}" ]]; then
- mapfile -t "bootstrap_pkg_list_from_file_${bootstrap_packages##*.}" < \
- <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${bootstrap_packages}")
- eval "bootstrap_pkg_list_${bootstrap_packages##*.}+=(\${bootstrap_pkg_list_from_file_${bootstrap_packages##*.}[@]})"
- fi
- done
- fi
- else
- # Check if the package list file exists and read packages from it
- if [[ -e "${packages}" ]]; then
- mapfile -t pkg_list_from_file < <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${packages}")
- pkg_list+=("${pkg_list_from_file[@]}")
- if (( ${#pkg_list_from_file} < 1 )); then
- (( validation_error=validation_error+1 ))
- _msg_error "Packages file '${packages}' does not exist." 0
- fi
- else
- (( validation_error=validation_error+1 ))
- _msg_error "Packages file '${packages}' does not exist." 0
- fi
-
- # Check if packages for the bootstrap image are specified
- if [[ "${buildmodes[*]}" == *bootstrap* ]]; then
- if [[ -e "${bootstrap_packages}" ]]; then
- mapfile -t bootstrap_pkg_list_from_file < \
- <(sed '/^[[:blank:]]*#.*/d;s/#.*//;/^[[:blank:]]*$/d' "${bootstrap_packages}")
- bootstrap_pkg_list+=("${bootstrap_pkg_list_from_file[@]}")
- if (( ${#bootstrap_pkg_list_from_file} < 1 )); then
- (( validation_error=validation_error+1 ))
- _msg_error "No package specified in '${bootstrap_packages}'." 0
- fi
- else
- (( validation_error=validation_error+1 ))
- _msg_error "Bootstrap packages file '${bootstrap_packages}' does not exist." 0
- fi
- fi
- fi
- if [[ "${sign_netboot_artifacts}" == "y" ]]; then
- # Check if the certificate files exist
- for _cert in "${cert_list[@]}"; do
- if [[ -e "${_cert}" ]]; then
- _override_cert_list+=("$(realpath -- "${_cert}")")
- else
- (( validation_error=validation_error+1 ))
- _msg_error "File '${_cert}' does not exist." 0
- fi
- done
- cert_list=("${_override_cert_list[@]}")
- # Check if there are at least two certificate files
- if (( "${#cert_list[@]}" < 2 )); then
- (( validation_error=validation_error+1 ))
- _msg_error "Two certificates are required for codesigning, but '${cert_list[*]}' is provided." 0
- fi
- fi
# Check if pacman configuration file exists
if [[ ! -e "${pacman_conf}" ]]; then
(( validation_error=validation_error+1 ))
@@ -1321,31 +1344,6 @@ _validate_options() {
fi
done
- # Check if the specified bootmodes are supported
- for bootmode in "${bootmodes[@]}"; do
- if typeset -f "_make_bootmode_${bootmode}" &> /dev/null; then
- if typeset -f "_validate_requirements_bootmode_${bootmode}" &> /dev/null; then
- "_validate_requirements_bootmode_${bootmode}"
- else
- _msg_warning "Function '_validate_requirements_bootmode_${bootmode}' does not exist. Validating the requirements of '${bootmode}' boot mode will not be possible."
- fi
- else
- (( validation_error=validation_error+1 ))
- _msg_error "${bootmode} is not a valid boot mode!" 0
- fi
- done
- # Check if the specified airootfs_image_type is supported
- if typeset -f "_mkairootfs_${airootfs_image_type}" &> /dev/null; then
- if typeset -f "_validate_requirements_airootfs_image_type_${airootfs_image_type}" &> /dev/null; then
- "_validate_requirements_airootfs_image_type_${airootfs_image_type}"
- else
- _msg_warning "Function '_validate_requirements_airootfs_image_type_${airootfs_image_type}' does not exist. Validating the requirements of '${airootfs_image_type}' airootfs image type will not be possible."
- fi
- else
- (( validation_error=validation_error+1 ))
- _msg_error "Unsupported image type: '${airootfs_image_type}'" 0
- fi
-
if (( validation_error )); then
_msg_error "${validation_error} errors were encountered while validating the profile. Aborting." 1
fi
@@ -1356,7 +1354,7 @@ _validate_options() {
_set_overrides() {
# Set variables that have command line overrides
[[ ! -v override_buildmodes ]] || buildmodes=("${override_buildmodes[@]}")
- if (( "${#buildmodes[@]}" < 1 )); then
+ if (( ${#buildmodes[@]} < 1 )); then
buildmodes+=('iso')
fi
if [[ -v override_work_dir ]]; then