archlinuxarm/PKGBUILDs
1
0
Fork 0
mirror of https://github.com/archlinuxarm/PKGBUILDs.git synced 2024-11-28 22:57:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
PKGBUILDs/community/scponly/setup_chroot.sh
root 11e8dac30c Added vanilla community PKGBUILDs
2009-10-09 21:15:33 -05:00

270 lines
7.1 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
#
# handy functions:
#
# a function to display a failure message and then exit
fail ( ) {
echo -e $@
exit 1
}
# "get with default" function
# this function prompts the user with a query and default reply
# it returns the user reply
getwd ( ) {
query="$1"
default="$2"
echo -en "$query [$default]" | cat >&2
read response
if [ x$response = "x" ]; then
response=$default
fi
echo $response
}
# "get yes no" function
# this function prompts the user with a query and will continue to do so
# until they reply with either "y" or "n"
getyn ( ) {
query="$@"
echo -en $query | cat >&2
read response
while [ x$response != "xy" -a x$response != "xn" ]; do
echo -e "\n'y' or 'n' only please...\n" | cat >&2
echo -en $query | cat >&2
read response
done
echo $response
}
# configuration
#
# set defaults
defaultusername="scponly"
defaulthomedirprefix="/home"
defaultwriteabledir="incoming"
osname=`uname -s | tr ' ' '_'`
# pathname to platform/OS specific setup scripts
prescript="build_extras/arch/$osname.pre.sh"
postscript="build_extras/arch/$osname.post.sh"
# the following is a list of binaries that will be staged in the target dir
BINARIES=`grep '#define PROG_' config.h | cut -f2 -d\" | grep -v ^cd$`
# we set the install path in a variable so the presetup script can overwrite it on systems
# which require it
INSTALL_PATHNAME="install -c"
# attempt a best guess at required libs, we can append things in the presetup script if we need to
LDSOFOUND=0
# default to useradd, not pw
USE_PW=0
if [ x/usr/bin/ldd = x ]; then
echo "this script requires the program ldd to determine which"
fail "shared libraries to copy into your chrooted dir..."
fi
if [ x`uname -s` = "xOpenBSD" ]; then
for bin in $BINARIES; do
GREP_LIST="$GREP_LIST -e $bin"
done
LIB_LIST=`ldd $BINARIES 2> /dev/null | /usr/bin/tr -s " " | cut -f5 -d" " | /usrgrep -v "^Name" | /usrgrep -v $GREP_LIST | /usr/bin/sort -u`
else
LIB_LIST=`ldd $BINARIES 2> /dev/null | cut -f2 -d\> | cut -f1 -d\( | grep "^ " | sort -u`
fi
#
# we also need to add some form of ld.so, here are some good guesses.
#
LDSO_LIST="/lib/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 /usr/libexec/ld.so /lib64/ld-linux-x86-64.so.2 /lib/ld-linux.so.2 /usr/libexec/ld-elf.so.1"
for lib in $LDSO_LIST; do
if [ -f $lib ]; then
LDSOFOUND=1;
LIB_LIST="$LIB_LIST $lib"
fi
done
#
# TODO - i've since forgotten which OS this is for, it should be relocated to a presetup script
#
ls /lib/libnss_compat* > /dev/null 2>&1
if [ $? -eq 0 ]; then
LIB_LIST="$LIB_LIST /lib/libnss_compat*"
fi
# check that the configure options are correct for chrooted operation:
if [ x/usr/sbin/useradd = x ]; then
if [ x = x ]; then
echo "this script requires the program useradd or pw to add your"
fail "chrooted scponly user."
else
USE_PW=1;
fi
fi
# we need to be root
if [ `id -u` != "0" ]; then
fail "you must be root to run this script\n"
fi
echo
echo Next we need to set the home directory for this scponly user.
echo please note that the user\'s home directory MUST NOT be writeable
echo by the scponly user. this is important so that the scponly user
echo cannot subvert the .ssh configuration parameters.
echo
echo for this reason, a writeable subdirectory will be created that
echo the scponly user can write into.
echo
if [ "$2" != "" ] ; then
targetuser=$2
else
targetuser=`getwd "Username to install" "$defaultusername"`
fi
username_collision=`id $targetuser > /dev/null 2> /dev/null; echo $?`
if [ $username_collision -eq 0 ] ; then
fail "the user $targetuser already exists. please remove this user and their home directory and try again."
fi
if [ "$1" != "" ] ; then
targetdir=$1
else
targetdir=`getwd "home directory you wish to set for this user" "$defaulthomedirprefix/$targetuser"`
fi
if [ "$3" != "" ] ; then
writeabledir=$3
else
writeabledir=`getwd "name of the writeable subdirectory" "$defaultwriteabledir"`
fi
#
# if you would like to overwrite/extend any of the variables above, do so in the system specific
# presetup script.
#
if [ -f "$prescript" ]; then
#
# this system has a pre-chroot setup script, lets run it
#
. "$prescript"
fi
# if neither the presetup script or the best guess could find ld.so, we have to bail here
if [ $LDSOFOUND -eq 0 ]; then
fail i cant find your equivalent of ld.so
fi
#
# ACTUAL MODIFICATIONS BEGIN HERE
#
# this part shouldnt strictly be requried, but i'll leave it in until i'm sure of it
if [ ! -d $targetdir ]; then
$INSTALL_PATHNAME -d $targetdir
chmod 755 $targetdir
fi
if [ ! -d $targetdir/etc ]; then
$INSTALL_PATHNAME -d $targetdir/etc
chown 0:0 $targetdir/etc
chmod 755 $targetdir/etc
fi
# add all our binaries
for bin in $BINARIES; do
$INSTALL_PATHNAME -d $targetdir/`/usr/bin/dirname $bin`
$INSTALL_PATHNAME $bin $targetdir$bin
done
# and the libs they require
if [ "x$LIB_LIST" != "x" ]; then
for lib in $LIB_LIST; do
$INSTALL_PATHNAME -d $targetdir/`/usr/bin/dirname $lib`
$INSTALL_PATHNAME $lib $targetdir/$lib
done
fi
# /dev/null is needed inside the chroot
mkdir -p $targetdir/dev
mknod -m 666 $targetdir/dev/null c 1 3
if [ "x$USE_PW" = x0 ] ; then
/usr/sbin/useradd -d "$targetdir" -s "/usr/sbin/scponlyc" $targetuser
if [ $? -ne 0 ]; then
fail "if this user exists, remove it and try again"
fi
else
useradd -n $targetuser -s "/usr/sbin/scponlyc" -d "$targetdir"
if [ $? -ne 0 ]; then
fail "if this user exists, remove it and try again"
fi
fi
#
# we must ensure certain directories are root owned.
#
chown 0:0 $targetdir
if [ -d $targetdir/.ssh ]; then
chown 0:0 $targetdir/.ssh
fi
if [ ! -d $targetdir/$writeabledir ]; then
echo -e "\ncreating $targetdir/$writeabledir directory for uploading files"
$INSTALL_PATHNAME -o $targetuser -d $targetdir/$writeabledir
fi
#
# set the perms on the writeable dir so that the new user owns it
#
newuid=`id -u $targetuser`
newgid=`id -g $targetuser`
chown $newuid:$newgid $targetdir/$writeabledir
if [ -f "$postscript" ]; then
#
# this system has a post-chroot setup script, lets run it
#
. "$postscript"
else
#
# otherwise, revert to the old "best guess" system, which sucks
#
echo
echo "Your platform ($osname) does not have a platform specific setup script."
echo "This install script will attempt a best guess."
echo "If you perform customizations, please consider sending me your changes."
echo "Look to the templates in build_extras/arch."
echo " - joe at sublimation dot org"
echo
if [ x = x ]; then
#
# ok we dont have pwd_mkdb, lets improvise:
#
grep $targetuser /etc/passwd > $targetdir/etc/passwd
# Debian: copy /etc/group into the jail, for /usr/bin/groups to work
cp /etc/group $targetdir/etc/group
else
#
# this is for systems which do have pwd_mkdb
#
grep $targetuser /etc/master.passwd > $targetdir/etc/master.passwd
-d "$targetdir/etc" $targetdir/etc/master.passwd
rm -rf $targetdir/etc/master.passwd $targetdir/etc/spwd.db
fi
fi
#
# the final step is setting the password
#
echo "please set the password for $targetuser:"
passwd $targetuser
echo "if you experience a warning with winscp regarding groups, please install"
echo "the provided hacked out fake groups program into your chroot, like so:"
echo "cp groups $targetdir/bin/groups"
Reference in a new issue View git blame Copy permalink