#!/bin/sh # lh_chroot_sources(1) - manage /etc/apt/sources.list # Copyright (C) 2006-2009 Daniel Baumann # # live-helper comes with ABSOLUTELY NO WARRANTY; for details see COPYING. # This is free software, and you are welcome to redistribute it # under certain conditions; see COPYING for details. set -e # Including common functions . "${LH_BASE:-/usr/share/live-helper}"/functions.sh # Setting static variables DESCRIPTION="$(Echo 'manage /etc/apt/sources.list')" HELP="" USAGE="${PROGRAM} {install|remove} [--force]" Arguments "${@}" # Reading configuration files Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source Set_defaults # Requiring stage file Require_stagefile .stage/config .stage/bootstrap _LH_LOCAL_KEY_EMAIL="live-helper-local-key@invalid" case "${1}" in install) Echo_message "Configuring file /etc/apt/sources.list" # Checking stage file Check_stagefile .stage/chroot_sources # Checking lock file Check_lockfile .lock # Creating lock file Create_lockfile .lock # Configure custom sources.list echo "deb ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" > chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "enabled" ] then echo "deb-src ${LH_MIRROR_CHROOT} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi if [ "${LH_SECURITY}" = "enabled" ] then case "${LH_MODE}" in ubuntu) echo "deb ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "enabled" ] then echo "deb-src ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi ;; *) if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ] then echo "deb ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "enabled" ] then echo "deb-src ${LH_MIRROR_CHROOT_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi fi ;; esac fi # Check local sources.list if Find_files config/chroot_sources/*.chroot then echo "" >> chroot/etc/apt/sources.list echo "# Custom repositories" >> chroot/etc/apt/sources.list for FILE in config/chroot_sources/*.chroot do cat ${FILE} | grep -v "^##" >> chroot/etc/apt/sources.list done fi # Configure local package repository if Find_files config/chroot_local-packages/*.deb then rm -rf chroot/root/local-packages mkdir -p chroot/root/local-packages if [ "$(stat --printf %d config/chroot_local-packages)" = "$(stat --printf %d chroot/root/local-packages)" ] then CP_OPTIONS="-l" fi # Copy packages if Find_files config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb then cp ${CP_OPTIONS} config/chroot_local-packages/*_"${LH_ARCHITECTURE}".deb chroot/root/local-packages fi if Find_files config/chroot_local-packages/*_all.deb then cp ${CP_OPTIONS} config/chroot_local-packages/*_all.deb chroot/root/local-packages fi if Find_files chroot/root/local-packages/*.deb then # If we bootstrapped a minimal chroot, we need # to install apt-utils before we have have # completed all the indices. case "${LH_BOOTSTRAP_FLAVOUR}" in stripped|minimal) Chroot chroot "apt-get update" ;; esac # Restoring cache Restore_cache cache/packages_chroot # Check depends Check_package chroot/usr/bin/apt-ftparchive apt-utils # Installing depends Install_package # Generate Packages and Packages.gz echo "cd /root/local-packages && apt-ftparchive packages . > Packages" | Chroot chroot sh gzip -9 -c chroot/root/local-packages/Packages > chroot/root/local-packages/Packages.gz # Generate Release echo "cd /root/local-packages && apt-ftparchive \ -o APT::FTPArchive::Release::Origin=chroot_local-packages \ release . > Release" | Chroot chroot sh if [ "${LH_APT_SECURE}" = "enabled" ] then _LH_DOTGNUPG_EXISTED=0 if [ -d chroot/root/.gnupg ] then _LH_DOTGNUPG_EXISTED=1 fi # Ensure ~/.gnupg exists (required for gnupg >= ~1.4.9) mkdir -p chroot/root/.gnupg # Temporarily replace /dev/random with /dev/urandom so as not # to block automated image builds; we don't care about the # security of this key anyway. mv chroot/dev/random chroot/dev/random.orig cp -a chroot/dev/urandom chroot/dev/random if Find_files cache/local-package-keyring.* then cp cache/local-package-keyring.* chroot/root else # Generate temporary key echo "Key-Type: RSA Key-Length: 1024 Subkey-Type: ELG-E Subkey-Length: 1024 Name-Real: live-helper local packages key Name-Email: ${_LH_LOCAL_KEY_EMAIL} Expire-Date: 0 %secring /root/local-package-keyring.sec %pubring /root/local-package-keyring.pub %commit" | Chroot chroot "gpg --batch --gen-key" || _LH_RET=${?} case "${_LH_RET}" in ""|2) # Gnupg sometimes seems to return with a status of 2 when there was not # enough entropy (and key creation blocks temporarily) even if the # operation was ultimately successful. ;; *) Echo_error "GPG exited with error status %s" "${_LH_RET}" exit ${_LH_RET} ;; esac # Save keyrings to avoid regeneration cp chroot/root/local-package-keyring.* cache/ fi # Sign release Chroot chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \ --keyring /root/local-package-keyring.pub -abs -o \ /root/local-packages/Release.gpg /root/local-packages/Release" # Import key Chroot chroot "gpg --no-default-keyring --secret-keyring /root/local-package-keyring.sec \ --keyring /root/local-package-keyring.pub --armor \ --export ${_LH_LOCAL_KEY_EMAIL}" | Chroot chroot "apt-key add -" # Remove temporary keyrings rm chroot/root/local-package-keyring.pub rm chroot/root/local-package-keyring.sec # Revert /dev/random mv chroot/dev/random.orig chroot/dev/random # Remove /root/.gnupg if we created it during the signing process if [ "${_LH_DOTGNUPG_EXISTED}" -eq 0 ] then rm -rf chroot/root/.gnupg fi fi # Add to sources.list echo "" >> chroot/etc/apt/sources.list echo "# Local packages" >> chroot/etc/apt/sources.list echo "deb file:/root/local-packages ./" >> chroot/etc/apt/sources.list # Removing depends Remove_package # Saving cache Save_cache cache/packages_chroot else Echo_warning "Local packages must be named with suffix '_all.deb' or '_\$architecture.deb'." fi fi # Update indices from cache if [ "${LH_CACHE_INDICES}" = "enabled" ] && [ -d cache/indices_bootstrap ] then if Find_files cache/indices_bootstrap/secring.gpg* then cp -f cache/indices_bootstrap/secring.gpg* chroot/etc/apt fi if Find_files cache/indices_bootstrap/trusted.gpg* then cp -f cache/indices_bootstrap/trusted.gpg* chroot/etc/apt fi if [ -f cache/indices_bootstrap/pkgcache.bin ] then cp -f cache/indices_bootstrap/pkgcache.bin chroot/var/cache/apt fi if [ -f cache/indices_bootstrap/srcpkgcache.bin ] then cp -f cache/indices_bootstrap/srcpkgcache.bin chroot/var/cache/apt fi if Find_files cache/indices_bootstrap/*_Packages then cp -f cache/indices_bootstrap/*_Packages chroot/var/lib/apt/lists fi if Find_files cache/indices_bootstrap/*_Sources then cp -f cache/indices_bootstrap/*_Sources chroot/var/lib/apt/lists fi if Find_files cache/indices_bootstrap/*_Release* then cp -f cache/indices_bootstrap/*_Release* chroot/var/lib/apt/lists fi if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ] then Chroot chroot "apt-get ${APT_OPTIONS} install aptitude" fi else # Get fresh indices # Check local gpg keys if Find_files config/chroot_sources/*.chroot.gpg then for FILE in config/chroot_sources/*.chroot.gpg do cp ${FILE} chroot/root Chroot chroot "apt-key add /root/$(basename ${FILE})" rm -f chroot/root/$(basename ${FILE}) done fi # Check local keyring packages if Find_files config/chroot_sources/*.deb then for PACKAGE in config/chroot_sources/*.deb do cp ${PACKAGE} chroot/root Chroot chroot "dpkg -i /root/$(basename ${PACKAGE})" rm -f chroot/root/$(basename ${PACKAGE}) done fi # Installing aptitude if [ "${LH_APT}" = "aptitude" ] && [ ! -x /usr/bin/aptitude ] then Chroot chroot "apt-get ${APT_OPTIONS} update" Chroot chroot "apt-get ${APT_OPTIONS} install aptitude" fi Apt update Apt upgrade Apt dist-upgrade # Installing keyring packages if [ -n "${LH_KEYRING_PACKAGES}" ] then Chroot chroot "apt-get --yes --force-yes install ${LH_KEYRING_PACKAGES}" Apt update fi if [ "${LH_CACHE_INDICES}" = "enabled" ] then mkdir -p cache/indices_bootstrap cp -f chroot/etc/apt/secring.gpg* cache/indices_bootstrap cp -f chroot/etc/apt/trusted.gpg* cache/indices_bootstrap cp -f chroot/var/cache/apt/pkgcache.bin cache/indices_bootstrap if Find_files chroot/var/cache/apt/srcpkgcache.bin then cp -f chroot/var/cache/apt/srcpkgcache.bin cache/indices_bootstrap fi cp -f chroot/var/lib/apt/lists/*_Packages cache/indices_bootstrap if Find_files chroot/var/lib/apt/lists/*_Sources then cp -f chroot/var/lib/apt/lists/*_Sources cache/indices_bootstrap fi cp -f chroot/var/lib/apt/lists/*_Release* cache/indices_bootstrap fi fi # Creating stage file Create_stagefile .stage/chroot_sources ;; remove) Echo_message "Deconfiguring file /etc/apt/sources.list" # Checking lock file Check_lockfile .lock # Creating lock file Create_lockfile .lock # Configure generic indices if [ "${LH_BINARY_INDICES}" = "enabled" ] then # Don't do anything if it's not required if [ "${LH_MIRROR_CHROOT}" = "${LH_MIRROR_BINARY}" ] && \ [ "${LH_MIRROR_CHROOT_SECURITY}" = "${LH_MIRROR_BINARY_SECURITY}" ] && \ [ ! -d chroot/root/local-packages ] then # Removing stage file rm -f .stage/chroot_sources exit 0 fi # Cleaning apt list cache rm -rf chroot/var/lib/apt/lists mkdir -p chroot/var/lib/apt/lists/partial echo "deb ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" > chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "enabled" ] then echo "deb-src ${LH_MIRROR_BINARY} ${LH_DISTRIBUTION} ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi if [ "${LH_SECURITY}" = "enabled" ] then case "${LH_MODE}" in ubuntu) echo "deb ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "enabled" ] then echo "deb-src ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}-security ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi ;; *) if [ "${LH_DISTRIBUTION}" != "sid" ] && [ "${LH_DISTRIBUTION}" != "unstable" ] then echo "deb ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list if [ "${LH_SOURCE}" = "enabled" ] then echo "deb-src ${LH_MIRROR_BINARY_SECURITY} ${LH_DISTRIBUTION}/updates ${LH_ARCHIVE_AREAS}" >> chroot/etc/apt/sources.list fi fi ;; esac fi # Check local sources.list if Find_files config/chroot_sources/*.binary then echo "" >> chroot/etc/apt/sources.list echo "# Custom repositories" >> chroot/etc/apt/sources.list for FILE in config/chroot_sources/*.binary do cat ${FILE} | grep -v "^##" >> chroot/etc/apt/sources.list done fi # Check local gpg keys if Find_files config/chroot_sources/*.binary.gpg then for FILE in config/chroot_sources/*.binary.gpg do cp ${FILE} chroot/root Chroot chroot "apt-key add /root/$(basename ${FILE})" rm -f chroot/root/$(basename ${FILE}) done fi # Updating indices Apt update fi # Cleaning apt package cache rm -rf chroot/var/cache/apt mkdir -p chroot/var/cache/apt/archives/partial # Cleaning apt package lists if [ "${LH_BINARY_INDICES}" = "none" ] then rm -rf chroot/var/lib/apt/lists mkdir -p chroot/var/lib/apt/lists/partial fi # Remove local package repository rm -rf chroot/root/local-packages # Remove local packages key if it exists if apt-key list | grep -q ${_LH_LOCAL_KEY_EMAIL} then apt-key del ${_LH_LOCAL_KEY_EMAIL} fi # Removing stage file rm -f .stage/chroot_sources ;; *) Usage ;; esac